, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {0x0}, {0x0}, {0x0}], 0x8, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:32 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 279.767030] x86/PAT: syz-executor.4:12922 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:36:33 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140), 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) [ 279.917354] x86/PAT: syz-executor.4:12922 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 279.940513] x86/PAT: syz-executor.4:12922 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:33 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:33 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f0000000880)=""/144, 0x90}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:33 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:33 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(0xffffffffffffffff) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:33 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) [ 280.128024] x86/PAT: syz-executor.4:12947 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:36:33 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:33 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0x2, 0x0, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:33 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) [ 280.211334] x86/PAT: syz-executor.4:12947 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 280.245647] x86/PAT: syz-executor.4:12947 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:33 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:33 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(0xffffffffffffffff) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:33 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0x3, 0x0, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:33 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {0x0}, {0x0}, {0x0}], 0x6, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:33 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) [ 280.494960] x86/PAT: syz-executor.4:12975 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:36:33 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {0x0}, {0x0}, {0x0}], 0x6, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:33 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0x4, 0x0, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:33 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:33 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) [ 280.646977] x86/PAT: syz-executor.4:12975 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 280.663424] x86/PAT: syz-executor.4:12975 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:33 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0x5, 0x0, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:33 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:33 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {0x0}, {0x0}, {0x0}], 0x6, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:34 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:34 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:34 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {0x0}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:34 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0x6, 0x0, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:34 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:34 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0x7, 0x0, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:34 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:34 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {0x0}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:34 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:34 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:34 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0x8, 0x0, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:34 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {0x0}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:34 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:34 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0x9, 0x0, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:34 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:34 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:34 executing program 2: pipe2(0x0, 0x0) pipe2$9p(0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8, 0x0, 0x0, 0x0, @perf_config_ext={0x8}, 0x0, 0x8, 0x0, 0x0, 0x0, 0x83e4}, 0x0, 0x6, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) preadv(0xffffffffffffffff, &(0x7f0000000080), 0x169, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000100)=0x1ff, 0x4) r4 = epoll_create(0x2) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000000180)={0xc0000002}) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000240)={0x0, 0x40000, r6}) ioctl$DRM_IOCTL_RES_CTX(r7, 0xc0106426, &(0x7f0000000300)={0x2, &(0x7f00000002c0)=[{}, {}]}) r8 = openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) r9 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x0, 0x0) preadv(r9, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff}) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r10, 0x0, r11, &(0x7f0000000b00), 0x6, 0x0) r12 = socket$inet6_sctp(0xa, 0x1, 0x84) socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r12, 0x84, 0x1, &(0x7f0000000000), &(0x7f0000000040)=0x14) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r11, 0x84, 0x75, &(0x7f00000000c0)={0x0, 0x9}, &(0x7f00000001c0)=0x8) getsockopt$inet_sctp_SCTP_ASSOCINFO(r8, 0x84, 0x1, &(0x7f0000000080)={0x0, 0x9, 0x1, 0x1, 0x3, 0x28d8}, &(0x7f00000000c0)=0x14) umount2(&(0x7f0000000540)='./file0\x00', 0x0) 22:36:34 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:34 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xb, 0x0, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:34 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x6, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:34 executing program 2: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:34 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:34 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x0, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:34 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xc, 0x0, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:34 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:34 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x6, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:35 executing program 2: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {0x0}, {0x0}], 0x8, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:35 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:35 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x6, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:35 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0x10, 0x0, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:35 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x0, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:35 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:35 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0x14, 0x0, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:35 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:35 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:35 executing program 2: fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) semop(0x0, &(0x7f0000000080), 0x0) semop(0x0, &(0x7f00000000c0)=[{0x2, 0x9, 0x1000}, {0x3, 0x5, 0x1000}], 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000080)='.\x00', 0xfe) r1 = open(&(0x7f0000000040)='./file0\x00', 0x200c2, 0x0) inotify_add_watch(r0, &(0x7f0000000000)='./file0\x00', 0x4000082) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in6}}, {{@in=@initdev}, 0x0, @in=@broadcast}}, 0x0) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r3 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r3, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r4 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r4, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r5 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r5, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r6 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r6, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r7 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r7, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) write$nbd(r1, &(0x7f0000000180)=ANY=[@ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYRESOCT=r7, @ANYPTR=&(0x7f0000000100)=ANY=[@ANYRES16=r3], @ANYRES64=r4, @ANYRESHEX=r5, @ANYRES32=r6]], 0x1) sendfile(r1, r1, &(0x7f0000000200)=0x3, 0xa198) 22:36:35 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:35 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:35 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:35 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x0, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:35 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:35 executing program 2: fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) semop(0x0, &(0x7f0000000080), 0x0) semop(0x0, &(0x7f00000000c0)=[{0x2, 0x9, 0x1000}, {0x3, 0x5, 0x1000}], 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000080)='.\x00', 0xfe) r1 = open(&(0x7f0000000040)='./file0\x00', 0x200c2, 0x0) inotify_add_watch(r0, &(0x7f0000000000)='./file0\x00', 0x4000082) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in6}}, {{@in=@initdev}, 0x0, @in=@broadcast}}, 0x0) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r3 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r3, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r4 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r4, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r5 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r5, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r6 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r6, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r7 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r7, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) write$nbd(r1, &(0x7f0000000180)=ANY=[@ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYRESOCT=r7, @ANYPTR=&(0x7f0000000100)=ANY=[@ANYRES16=r3], @ANYRES64=r4, @ANYRESHEX=r5, @ANYRES32=r6]], 0x1) sendfile(r1, r1, &(0x7f0000000200)=0x3, 0xa198) 22:36:35 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:35 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x2, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:35 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {0x0}], 0x8, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:35 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:35 executing program 3: fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) semop(0x0, &(0x7f0000000080), 0x0) semop(0x0, &(0x7f00000000c0)=[{0x2, 0x9, 0x1000}, {0x3, 0x5, 0x1000}], 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000080)='.\x00', 0xfe) r1 = open(&(0x7f0000000040)='./file0\x00', 0x200c2, 0x0) inotify_add_watch(r0, &(0x7f0000000000)='./file0\x00', 0x4000082) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in6}}, {{@in=@initdev}, 0x0, @in=@broadcast}}, 0x0) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r3 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r3, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r4 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r4, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r5 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r5, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r6 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r6, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r7 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r7, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) write$nbd(r1, &(0x7f0000000180)=ANY=[@ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYRESOCT=r7, @ANYPTR=&(0x7f0000000100)=ANY=[@ANYRES16=r3], @ANYRES64=r4, @ANYRESHEX=r5, @ANYRES32=r6]], 0x1) sendfile(r1, r1, &(0x7f0000000200)=0x3, 0xa198) 22:36:35 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x6, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:35 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x3, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:36 executing program 2 (fault-call:9 fault-nth:0): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:36 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:36 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {0x0}], 0x8, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:36 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x4, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:36 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x6, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 282.973372] x86/PAT: syz-executor.2:13183 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 283.016102] FAULT_INJECTION: forcing a failure. [ 283.016102] name failslab, interval 1, probability 0, space 0, times 0 [ 283.041613] CPU: 1 PID: 13183 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 283.048597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 283.057964] Call Trace: [ 283.060599] dump_stack+0x172/0x1f0 [ 283.064258] should_fail.cold+0xa/0x1b [ 283.068186] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 283.073315] ? lock_downgrade+0x880/0x880 [ 283.077493] __should_failslab+0x121/0x190 [ 283.081748] should_failslab+0x9/0x14 [ 283.085571] kmem_cache_alloc_node+0x26c/0x710 [ 283.090160] ? lockdep_hardirqs_on+0x415/0x5d0 [ 283.094753] ? trace_hardirqs_on+0x67/0x220 [ 283.099088] ? kasan_check_read+0x11/0x20 [ 283.103250] copy_process.part.0+0x1ce0/0x7a30 [ 283.107871] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 283.113561] ? proc_fail_nth_write+0x9d/0x1e0 [ 283.118083] ? proc_cwd_link+0x1d0/0x1d0 [ 283.122245] ? __f_unlock_pos+0x19/0x20 [ 283.126309] ? find_held_lock+0x35/0x130 [ 283.130405] ? __cleanup_sighand+0x70/0x70 [ 283.134660] ? lock_downgrade+0x880/0x880 [ 283.138844] ? kasan_check_write+0x14/0x20 [ 283.143111] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 283.147990] _do_fork+0x257/0xfd0 [ 283.151475] ? fork_idle+0x1d0/0x1d0 [ 283.155213] ? fput+0x128/0x1a0 [ 283.158519] ? ksys_write+0x1f1/0x2d0 22:36:36 executing program 3: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) mmap(&(0x7f00008da000/0x1000)=nil, 0x1000, 0x0, 0xb4972, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r2 = shmget$private(0x0, 0x2000, 0x0, &(0x7f0000ffd000/0x2000)=nil) shmat(r2, &(0x7f0000ffd000/0x2000)=nil, 0x7000) fcntl$setstatus(r1, 0x4, 0x46000) io_setup(0x2344, &(0x7f0000000100)=0x0) r4 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000000000)=0x6, 0x4) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000380)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x21000002}, 0xc, &(0x7f00000003c0)={&(0x7f0000000580)={0x324, r6, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0x7c, 0x5, [@TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x84}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9a}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x33}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xdfd}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}]}]}, @TIPC_NLA_LINK={0x5c, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffff7}]}]}, @TIPC_NLA_LINK={0xb8, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x44, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x64}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x81}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffff001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7e4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}]}]}, @TIPC_NLA_MON={0x24, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8001}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x400}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}]}, @TIPC_NLA_SOCK={0x2c, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x3fc}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x3f}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x73b}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xfffffff8}]}, @TIPC_NLA_MEDIA={0xd0, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}, @TIPC_NLA_MEDIA_PROP={0x4c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x100}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8001}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffff9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x47ef}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1c9a}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xc2}]}]}, @TIPC_NLA_NET={0x14, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x72e7}, @TIPC_NLA_NET_ID={0x8}]}, @TIPC_NLA_BEARER={0x4c, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @remote}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0xd48, @mcast1, 0x7123}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1ff}]}]}, 0x324}, 0x1, 0x0, 0x0, 0x450}, 0x4000000) dup(r5) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_SET(r5, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000002c0)={&(0x7f00000001c0)={0xcc, r7, 0x800, 0x70bd2c, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0x4}, @TIPC_NLA_NET={0x10, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7f}]}, @TIPC_NLA_LINK={0x78, 0x4, [@TIPC_NLA_LINK_PROP={0x34, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9f0c}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_MON={0x2c, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x8001}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xc5f}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xf7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x213}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x2002}, 0x20000000) getsockopt$inet_pktinfo(r5, 0x0, 0x8, &(0x7f0000000480)={0x0, @remote, @loopback}, &(0x7f00000004c0)=0xc) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000500)={@remote, 0x45, r8}) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$EXT4_IOC_SWAP_BOOT(r9, 0x6611) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 22:36:36 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x5, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:36 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x6, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 283.162479] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 283.167256] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 283.172025] ? do_syscall_64+0x26/0x620 [ 283.176014] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 283.181402] ? do_syscall_64+0x26/0x620 [ 283.185391] __x64_sys_clone+0xbf/0x150 [ 283.185411] do_syscall_64+0xfd/0x620 [ 283.185428] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 283.185442] RIP: 0033:0x459a59 [ 283.185453] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 283.185459] RSP: 002b:00007fae07356c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 283.185472] RAX: ffffffffffffffda RBX: 00007fae07356c90 RCX: 0000000000459a59 [ 283.185478] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 283.185484] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 283.185490] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073576d4 [ 283.185496] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 22:36:36 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x0, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 283.327829] x86/PAT: syz-executor.2:13183 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 283.364910] x86/PAT: syz-executor.2:13183 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:36 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {0x0}], 0x8, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:36 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x7, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:36 executing program 2 (fault-call:9 fault-nth:1): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:36 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x6, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:36 executing program 3: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) mmap(&(0x7f00008da000/0x1000)=nil, 0x1000, 0x0, 0xb4972, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r2 = shmget$private(0x0, 0x2000, 0x0, &(0x7f0000ffd000/0x2000)=nil) shmat(r2, &(0x7f0000ffd000/0x2000)=nil, 0x7000) fcntl$setstatus(r1, 0x4, 0x46000) io_setup(0x2344, &(0x7f0000000100)=0x0) r4 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000000000)=0x6, 0x4) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000380)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x21000002}, 0xc, &(0x7f00000003c0)={&(0x7f0000000580)={0x324, r6, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0x7c, 0x5, [@TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x84}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9a}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x33}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xdfd}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}]}]}, @TIPC_NLA_LINK={0x5c, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffff7}]}]}, @TIPC_NLA_LINK={0xb8, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x44, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x64}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x81}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffff001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7e4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}]}]}, @TIPC_NLA_MON={0x24, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8001}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x400}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}]}, @TIPC_NLA_SOCK={0x2c, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x3fc}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x3f}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x73b}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xfffffff8}]}, @TIPC_NLA_MEDIA={0xd0, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}, @TIPC_NLA_MEDIA_PROP={0x4c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x100}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8001}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffff9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x47ef}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1c9a}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xc2}]}]}, @TIPC_NLA_NET={0x14, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x72e7}, @TIPC_NLA_NET_ID={0x8}]}, @TIPC_NLA_BEARER={0x4c, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @remote}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0xd48, @mcast1, 0x7123}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1ff}]}]}, 0x324}, 0x1, 0x0, 0x0, 0x450}, 0x4000000) dup(r5) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_SET(r5, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000002c0)={&(0x7f00000001c0)={0xcc, r7, 0x800, 0x70bd2c, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0x4}, @TIPC_NLA_NET={0x10, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7f}]}, @TIPC_NLA_LINK={0x78, 0x4, [@TIPC_NLA_LINK_PROP={0x34, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9f0c}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_MON={0x2c, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x8001}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xc5f}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xf7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x213}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x2002}, 0x20000000) getsockopt$inet_pktinfo(r5, 0x0, 0x8, &(0x7f0000000480)={0x0, @remote, @loopback}, &(0x7f00000004c0)=0xc) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000500)={@remote, 0x45, r8}) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$EXT4_IOC_SWAP_BOOT(r9, 0x6611) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x80000000000000, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 22:36:36 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x0, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 283.616590] x86/PAT: syz-executor.2:13421 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 283.641266] FAULT_INJECTION: forcing a failure. [ 283.641266] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 283.669185] CPU: 1 PID: 13421 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 283.676193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 283.685823] Call Trace: [ 283.688424] dump_stack+0x172/0x1f0 [ 283.692059] should_fail.cold+0xa/0x1b [ 283.695966] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 283.701152] ? __might_sleep+0x95/0x190 [ 283.705204] __alloc_pages_nodemask+0x1ee/0x750 [ 283.709896] ? __alloc_pages_slowpath+0x2870/0x2870 [ 283.714940] copy_process.part.0+0x3e0/0x7a30 [ 283.719456] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 283.725009] ? proc_fail_nth_write+0x9d/0x1e0 [ 283.729516] ? proc_cwd_link+0x1d0/0x1d0 [ 283.733589] ? __f_unlock_pos+0x19/0x20 [ 283.737579] ? find_held_lock+0x35/0x130 [ 283.741658] ? __cleanup_sighand+0x70/0x70 [ 283.745900] ? lock_downgrade+0x880/0x880 [ 283.750068] ? kasan_check_write+0x14/0x20 [ 283.754309] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 283.759173] _do_fork+0x257/0xfd0 [ 283.762640] ? fork_idle+0x1d0/0x1d0 [ 283.766367] ? fput+0x128/0x1a0 [ 283.769659] ? ksys_write+0x1f1/0x2d0 [ 283.773476] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 283.778247] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 283.783015] ? do_syscall_64+0x26/0x620 [ 283.786999] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 283.792373] ? do_syscall_64+0x26/0x620 [ 283.796367] __x64_sys_clone+0xbf/0x150 [ 283.800359] do_syscall_64+0xfd/0x620 [ 283.804179] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 283.809427] RIP: 0033:0x459a59 [ 283.812658] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 283.831566] RSP: 002b:00007fae07356c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 283.840341] RAX: ffffffffffffffda RBX: 00007fae07356c90 RCX: 0000000000459a59 [ 283.848656] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 283.855940] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 22:36:37 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {0x0}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:37 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x8, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:37 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000940)=""/71, 0x47}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) [ 283.863215] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073576d4 [ 283.870474] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 [ 283.904111] x86/PAT: syz-executor.2:13421 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:36:37 executing program 3: socket$inet_udplite(0x2, 0x2, 0x88) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x10032, 0xffffffffffffffff, 0x0) userfaultfd(0x0) socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x70, 0x0, &(0x7f0000002000)) openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0x4000, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) write$P9_ROPEN(0xffffffffffffffff, 0x0, 0xfffffffffffffecf) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000100)={&(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8}) mkdir(0x0, 0x0) fcntl$getflags(0xffffffffffffffff, 0x401) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nullb0\x00', 0x0, 0x0) io_setup(0x105, &(0x7f00000004c0)=0x0) io_submit(r3, 0x2, &(0x7f00000003c0)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffe7c}]) ioctl$BLKRRPART(r2, 0x125f, 0x0) setgroups(0x0, &(0x7f0000000480)) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x40040, 0x0) ioctl$KVM_ASSIGN_PCI_DEVICE(r4, 0x8040ae69, &(0x7f0000000080)={0x0, 0x2, 0x6, 0x1, 0x4}) ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x80404525, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x7ff) ioctl$EVIOCGABS2F(0xffffffffffffffff, 0x8018456f, 0x0) unshare(0x48000000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x26100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unshare(0x40000000) [ 283.957800] x86/PAT: syz-executor.2:13421 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:37 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x9, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:37 executing program 2 (fault-call:9 fault-nth:2): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:37 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {0x0}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:37 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000940)=""/71, 0x47}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:37 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x0, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:37 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0xa, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 284.205912] x86/PAT: syz-executor.2:13453 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 284.264032] FAULT_INJECTION: forcing a failure. [ 284.264032] name failslab, interval 1, probability 0, space 0, times 0 [ 284.266019] IPVS: ftp: loaded support on port[0] = 21 [ 284.319797] CPU: 1 PID: 13519 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 284.326789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 284.336154] Call Trace: [ 284.338748] dump_stack+0x172/0x1f0 [ 284.338771] should_fail.cold+0xa/0x1b [ 284.338789] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 284.338801] ? lock_downgrade+0x880/0x880 [ 284.338820] __should_failslab+0x121/0x190 [ 284.338834] should_failslab+0x9/0x14 [ 284.338844] kmem_cache_alloc+0x2ae/0x700 [ 284.338929] ? creds_are_invalid+0x59/0x150 [ 284.346539] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 284.346555] ? __validate_process_creds+0x1d9/0x300 [ 284.346571] prepare_creds+0x3e/0x400 [ 284.355799] copy_creds+0x7b/0x610 [ 284.355815] ? lockdep_init_map+0x9/0x10 [ 284.355831] copy_process.part.0+0xb54/0x7a30 [ 284.367980] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 284.367995] ? proc_fail_nth_write+0x9d/0x1e0 [ 284.368008] ? proc_cwd_link+0x1d0/0x1d0 [ 284.368024] ? __f_unlock_pos+0x19/0x20 22:36:37 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000940)=""/71, 0x47}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:37 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {0x0}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 284.368039] ? find_held_lock+0x35/0x130 [ 284.368060] ? __cleanup_sighand+0x70/0x70 [ 284.377887] ? lock_downgrade+0x880/0x880 [ 284.377914] ? kasan_check_write+0x14/0x20 [ 284.377930] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 284.386741] _do_fork+0x257/0xfd0 [ 284.386761] ? fork_idle+0x1d0/0x1d0 [ 284.386775] ? fput+0x128/0x1a0 [ 284.386790] ? ksys_write+0x1f1/0x2d0 [ 284.386814] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 284.394377] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 284.394393] ? do_syscall_64+0x26/0x620 22:36:37 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000940)=""/71, 0x47}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) [ 284.394408] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 284.394422] ? do_syscall_64+0x26/0x620 [ 284.394437] __x64_sys_clone+0xbf/0x150 [ 284.394453] do_syscall_64+0xfd/0x620 [ 284.404468] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 284.404479] RIP: 0033:0x459a59 [ 284.404494] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 284.404501] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 284.413041] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 284.413050] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 284.413058] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 284.413067] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 284.413075] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 [ 284.437579] x86/PAT: syz-executor.2:13519 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 284.462758] x86/PAT: syz-executor.2:13519 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:37 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {0x0}, {&(0x7f0000000940)=""/71, 0x47}], 0x8, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:37 executing program 2 (fault-call:9 fault-nth:3): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 284.807916] x86/PAT: syz-executor.2:13585 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 284.818048] FAULT_INJECTION: forcing a failure. [ 284.818048] name failslab, interval 1, probability 0, space 0, times 0 [ 284.830013] CPU: 1 PID: 13585 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 284.836975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 284.846340] Call Trace: [ 284.848937] dump_stack+0x172/0x1f0 [ 284.852562] should_fail.cold+0xa/0x1b [ 284.856443] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 284.861552] ? lock_downgrade+0x880/0x880 [ 284.865702] __should_failslab+0x121/0x190 [ 284.869931] should_failslab+0x9/0x14 [ 284.873844] __kmalloc_track_caller+0x2de/0x750 [ 284.878514] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 284.884142] ? selinux_cred_prepare+0x49/0xb0 [ 284.888701] kmemdup+0x27/0x60 [ 284.891882] selinux_cred_prepare+0x49/0xb0 [ 284.896194] security_prepare_creds+0x77/0xc0 [ 284.900678] prepare_creds+0x32a/0x400 [ 284.904562] copy_creds+0x7b/0x610 [ 284.908200] ? lockdep_init_map+0x9/0x10 [ 284.912405] copy_process.part.0+0xb54/0x7a30 [ 284.916948] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 284.922513] ? proc_fail_nth_write+0x9d/0x1e0 [ 284.927001] ? proc_cwd_link+0x1d0/0x1d0 [ 284.931050] ? __f_unlock_pos+0x19/0x20 [ 284.935016] ? find_held_lock+0x35/0x130 [ 284.939081] ? __cleanup_sighand+0x70/0x70 [ 284.943299] ? lock_downgrade+0x880/0x880 [ 284.947436] ? kasan_check_write+0x14/0x20 [ 284.951654] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 284.956485] _do_fork+0x257/0xfd0 [ 284.959924] ? fork_idle+0x1d0/0x1d0 [ 284.963619] ? fput+0x128/0x1a0 [ 284.966881] ? ksys_write+0x1f1/0x2d0 [ 284.970685] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 284.975448] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 284.980197] ? do_syscall_64+0x26/0x620 [ 284.984168] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 284.989517] ? do_syscall_64+0x26/0x620 [ 284.993491] __x64_sys_clone+0xbf/0x150 [ 284.997459] do_syscall_64+0xfd/0x620 [ 285.001315] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 285.006518] RIP: 0033:0x459a59 [ 285.009701] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 285.028625] RSP: 002b:00007fae07356c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 285.036579] RAX: ffffffffffffffda RBX: 00007fae07356c90 RCX: 0000000000459a59 [ 285.043895] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 285.051290] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 285.058544] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073576d4 [ 285.065800] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 [ 285.090825] x86/PAT: syz-executor.2:13585 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 285.099813] x86/PAT: syz-executor.2:13585 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:38 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x6, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:38 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0xf, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:38 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {0x0}, {&(0x7f0000000940)=""/71, 0x47}], 0x8, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:38 executing program 4 (fault-call:11 fault-nth:0): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:38 executing program 2 (fault-call:9 fault-nth:4): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:38 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = inotify_init() msgctl$MSG_STAT(0x0, 0xb, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$INOTIFY_IOC_SETNEXTWD(r0, 0x40044900, 0x3) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$EVIOCGBITSW(r2, 0x80404525, &(0x7f0000000000)=""/112) open(&(0x7f0000000300)='./file0\x00', 0x67a8bea5b85e1378, 0x80) write$cgroup_int(r2, &(0x7f00000002c0)=0x20, 0x12) getsockopt$IPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x43, &(0x7f0000000080)={'TPROXY\x00'}, &(0x7f00000000c0)=0x1e) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setreuid(0x0, r4) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$IMSETDEVNAME(r6, 0x80184947, &(0x7f0000000340)={0x3, 'syz0\x00'}) syz_mount_image$erofs(&(0x7f0000000100)='erofs\x00', &(0x7f0000000140)='./file0\x00', 0xfffffffffffffff7, 0x1, &(0x7f0000000200)=[{&(0x7f0000000180)="dd32ca48a825122a25f24187e15e590a7e8849f2fc67b5a00ebefd9fdfcf7f2abe8869174e3c4cd7831809a6e26c4c4bb8dac9ac0d19a0a33eaccc56da25a7f596bdeb1035f7a816f1e5fc32e245d923ac83b6a3b77ff2a355cb01493347d0580613a1dbb95c067431273b18e2", 0x6d, 0x6}], 0x2801840, &(0x7f0000000240)={[{@acl='acl'}, {@fault_injection={'fault_injection', 0x3d, 0x100000000}}, {@nouser_xattr='nouser_xattr'}, {@acl='acl'}, {@acl='acl'}, {@acl='acl'}], [{@context={'context', 0x3d, 'system_u'}}, {@fowner_gt={'fowner>', r4}}, {@obj_type={'obj_type', 0x3d, ')'}}]}) 22:36:38 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x6, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:38 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x10, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 285.239035] x86/PAT: syz-executor.4:13597 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 285.270260] x86/PAT: syz-executor.2:13601 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 285.287217] FAULT_INJECTION: forcing a failure. [ 285.287217] name failslab, interval 1, probability 0, space 0, times 0 22:36:38 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x6, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 285.333455] CPU: 0 PID: 13601 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 285.340446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 285.349812] Call Trace: [ 285.352415] dump_stack+0x172/0x1f0 [ 285.356061] should_fail.cold+0xa/0x1b [ 285.359969] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 285.365088] ? lock_downgrade+0x880/0x880 [ 285.369267] __should_failslab+0x121/0x190 [ 285.373521] should_failslab+0x9/0x14 [ 285.377340] kmem_cache_alloc+0x2ae/0x700 [ 285.381502] ? creds_are_invalid+0x59/0x150 [ 285.385159] FAULT_INJECTION: forcing a failure. [ 285.385159] name failslab, interval 1, probability 0, space 0, times 0 [ 285.385832] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 285.385857] ? selinux_is_enabled+0x43/0x60 [ 285.406872] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 285.412409] ? creds_are_invalid+0x59/0x150 [ 285.416741] __delayacct_tsk_init+0x20/0x80 [ 285.421062] copy_process.part.0+0x350b/0x7a30 [ 285.425650] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 285.431191] ? proc_fail_nth_write+0x9d/0x1e0 [ 285.435684] ? proc_cwd_link+0x1d0/0x1d0 [ 285.439743] ? __f_unlock_pos+0x19/0x20 [ 285.443717] ? find_held_lock+0x35/0x130 [ 285.447789] ? __cleanup_sighand+0x70/0x70 [ 285.452020] ? lock_downgrade+0x880/0x880 [ 285.456172] ? kasan_check_write+0x14/0x20 [ 285.460401] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 285.465248] _do_fork+0x257/0xfd0 [ 285.468704] ? fork_idle+0x1d0/0x1d0 [ 285.472415] ? fput+0x128/0x1a0 [ 285.476063] ? ksys_write+0x1f1/0x2d0 [ 285.479868] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 285.484621] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 285.489376] ? do_syscall_64+0x26/0x620 [ 285.493349] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 285.498714] ? do_syscall_64+0x26/0x620 [ 285.502695] __x64_sys_clone+0xbf/0x150 [ 285.506672] do_syscall_64+0xfd/0x620 [ 285.510473] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 285.515757] RIP: 0033:0x459a59 [ 285.518950] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 285.537845] RSP: 002b:00007fae07356c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 285.545553] RAX: ffffffffffffffda RBX: 00007fae07356c90 RCX: 0000000000459a59 [ 285.552817] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 285.560083] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 285.567352] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073576d4 [ 285.574628] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 [ 285.581915] CPU: 1 PID: 13597 Comm: syz-executor.4 Not tainted 4.19.79 #0 [ 285.588857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 285.598216] Call Trace: [ 285.600815] dump_stack+0x172/0x1f0 [ 285.604457] should_fail.cold+0xa/0x1b [ 285.608351] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 285.613445] ? lock_downgrade+0x880/0x880 [ 285.617608] __should_failslab+0x121/0x190 [ 285.621832] should_failslab+0x9/0x14 [ 285.625621] kmem_cache_alloc_node+0x26c/0x710 [ 285.630188] ? lockdep_hardirqs_on+0x415/0x5d0 [ 285.634757] ? trace_hardirqs_on+0x67/0x220 [ 285.639066] ? kasan_check_read+0x11/0x20 [ 285.643215] copy_process.part.0+0x1ce0/0x7a30 [ 285.647792] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 285.653318] ? proc_fail_nth_write+0x9d/0x1e0 [ 285.657826] ? proc_cwd_link+0x1d0/0x1d0 [ 285.661875] ? __f_unlock_pos+0x19/0x20 [ 285.665835] ? find_held_lock+0x35/0x130 [ 285.669897] ? __cleanup_sighand+0x70/0x70 [ 285.674116] ? lock_downgrade+0x880/0x880 [ 285.678354] ? kasan_check_write+0x14/0x20 [ 285.682575] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 285.687410] _do_fork+0x257/0xfd0 [ 285.690851] ? fork_idle+0x1d0/0x1d0 [ 285.694549] ? fput+0x128/0x1a0 [ 285.697830] ? ksys_write+0x1f1/0x2d0 [ 285.701619] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 285.706364] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 285.711105] ? do_syscall_64+0x26/0x620 [ 285.715079] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 285.720430] ? do_syscall_64+0x26/0x620 [ 285.724393] __x64_sys_clone+0xbf/0x150 [ 285.728365] do_syscall_64+0xfd/0x620 [ 285.732153] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 285.737332] RIP: 0033:0x459a59 [ 285.740510] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 285.759396] RSP: 002b:00007fefe22aec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 285.767091] RAX: ffffffffffffffda RBX: 00007fefe22aec90 RCX: 0000000000459a59 [ 285.774347] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 22:36:38 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x11, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:38 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {0x0}, {&(0x7f0000000940)=""/71, 0x47}], 0x8, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) [ 285.781610] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 285.788867] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fefe22af6d4 [ 285.796131] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000007 22:36:39 executing program 4 (fault-call:11 fault-nth:1): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:39 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000700)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$EVIOCGMASK(r0, 0x80104592, &(0x7f0000000300)={0x0, 0x20000201, &(0x7f0000000200)="14"}) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$VIDIOC_TRY_ENCODER_CMD(r3, 0xc028564e, &(0x7f00000000c0)={0x0, 0x1, [0xfffffc01, 0x8000, 0x1, 0xd1b1, 0xfffffffa, 0x3f, 0x1, 0x1]}) syz_genetlink_get_family_id$SEG6(&(0x7f0000000180)='SEG6\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket(0x10, 0x800000000080002, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) openat$vimc2(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/video2\x00', 0x2, 0x0) sendmsg(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="24000000180007121dff18946f610500020000001f003e0100000100080005000400ff7e280000001100ff000000000000eff24d8238cfa50223f7efbf7600000000000000000000000b0000", 0xfffffe23}], 0x1}, 0x0) 22:36:39 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x60, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 285.978771] x86/PAT: syz-executor.2:13601 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 286.011269] x86/PAT: syz-executor.4:13726 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:36:39 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:39 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 286.028009] x86/PAT: syz-executor.2:13722 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 286.051046] x86/PAT: syz-executor.2:13601 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 286.063174] FAULT_INJECTION: forcing a failure. [ 286.063174] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 286.071682] x86/PAT: syz-executor.2:13722 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 286.105367] CPU: 0 PID: 13726 Comm: syz-executor.4 Not tainted 4.19.79 #0 [ 286.112347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 286.121709] Call Trace: [ 286.121732] dump_stack+0x172/0x1f0 [ 286.121752] should_fail.cold+0xa/0x1b [ 286.121769] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 286.121786] ? __might_sleep+0x95/0x190 [ 286.121802] __alloc_pages_nodemask+0x1ee/0x750 [ 286.121821] ? __alloc_pages_slowpath+0x2870/0x2870 [ 286.121841] ? lockdep_hardirqs_on+0x415/0x5d0 [ 286.121856] ? trace_hardirqs_on+0x67/0x220 [ 286.121867] ? kasan_check_read+0x11/0x20 [ 286.121885] copy_process.part.0+0x3e0/0x7a30 [ 286.168253] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 286.173812] ? proc_fail_nth_write+0x9d/0x1e0 [ 286.178334] ? proc_cwd_link+0x1d0/0x1d0 [ 286.182420] ? __f_unlock_pos+0x19/0x20 [ 286.186412] ? find_held_lock+0x35/0x130 [ 286.190494] ? __cleanup_sighand+0x70/0x70 [ 286.194736] ? lock_downgrade+0x880/0x880 [ 286.198903] ? kasan_check_write+0x14/0x20 [ 286.203150] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 286.208008] _do_fork+0x257/0xfd0 [ 286.211473] ? fork_idle+0x1d0/0x1d0 [ 286.215197] ? fput+0x128/0x1a0 [ 286.218488] ? ksys_write+0x1f1/0x2d0 [ 286.222302] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 286.227067] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 286.231828] ? do_syscall_64+0x26/0x620 [ 286.235908] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 286.241271] ? do_syscall_64+0x26/0x620 [ 286.245256] __x64_sys_clone+0xbf/0x150 [ 286.249240] do_syscall_64+0xfd/0x620 22:36:39 executing program 2 (fault-call:9 fault-nth:5): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 286.253051] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 286.258244] RIP: 0033:0x459a59 [ 286.261444] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 286.280346] RSP: 002b:00007fefe22aec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 286.288055] RAX: ffffffffffffffda RBX: 00007fefe22aec90 RCX: 0000000000459a59 [ 286.295318] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 22:36:39 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0xfc, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 286.302582] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 286.309849] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fefe22af6d4 [ 286.317109] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000007 22:36:39 executing program 3: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000180), &(0x7f00000001c0)=0x4) socket$bt_cmtp(0x1f, 0x3, 0x5) r1 = socket$inet6_udp(0xa, 0x2, 0x0) getresuid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000000c0)={0x0, @dev, @multicast2}, &(0x7f0000000100)=0xc) setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000140)={@empty, r2}, 0x14) 22:36:39 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(0x0, 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:39 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x12c, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:39 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) [ 286.443891] x86/PAT: syz-executor.2:13846 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 286.476356] x86/PAT: syz-executor.4:13726 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 286.488470] FAULT_INJECTION: forcing a failure. [ 286.488470] name failslab, interval 1, probability 0, space 0, times 0 [ 286.530512] x86/PAT: syz-executor.4:13726 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 286.549530] CPU: 1 PID: 13846 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 286.556518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 286.565878] Call Trace: [ 286.568481] dump_stack+0x172/0x1f0 [ 286.572149] should_fail.cold+0xa/0x1b [ 286.576045] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 286.581160] ? lock_downgrade+0x880/0x880 [ 286.585322] __should_failslab+0x121/0x190 [ 286.589571] should_failslab+0x9/0x14 [ 286.593387] kmem_cache_alloc+0x2ae/0x700 [ 286.597542] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 286.603149] ? perf_event_init_task+0x19f/0x7a0 [ 286.607838] ? trace_hardirqs_on+0x67/0x220 [ 286.612168] dup_fd+0x85/0xb30 [ 286.615375] ? selinux_task_alloc+0xaf/0xd0 [ 286.619702] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 286.625239] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 286.630784] copy_process.part.0+0x1e6a/0x7a30 [ 286.635372] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 286.640906] ? proc_fail_nth_write+0x9d/0x1e0 [ 286.645401] ? proc_cwd_link+0x1d0/0x1d0 [ 286.649466] ? __f_unlock_pos+0x19/0x20 [ 286.653452] ? __cleanup_sighand+0x70/0x70 [ 286.657685] ? lock_downgrade+0x880/0x880 [ 286.661844] ? kasan_check_write+0x14/0x20 [ 286.666081] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 286.670937] _do_fork+0x257/0xfd0 [ 286.674397] ? fork_idle+0x1d0/0x1d0 [ 286.678109] ? fput+0x128/0x1a0 [ 286.681392] ? ksys_write+0x1f1/0x2d0 [ 286.685200] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 286.689959] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 286.694717] ? do_syscall_64+0x26/0x620 [ 286.698693] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 286.704059] ? do_syscall_64+0x26/0x620 [ 286.708034] __x64_sys_clone+0xbf/0x150 [ 286.712013] do_syscall_64+0xfd/0x620 [ 286.715839] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 286.721025] RIP: 0033:0x459a59 [ 286.724223] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 22:36:39 executing program 4 (fault-call:11 fault-nth:2): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:39 executing program 3: r0 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x200, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r0, 0x80045700, &(0x7f0000000180)) 22:36:39 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(0x0, 0x0, 0x0) fsync(0xffffffffffffffff) [ 286.743124] RSP: 002b:00007fae07356c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 286.750836] RAX: ffffffffffffffda RBX: 00007fae07356c90 RCX: 0000000000459a59 [ 286.758100] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 286.765368] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 286.772635] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073576d4 [ 286.779902] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 22:36:40 executing program 3: openat$rtc(0xffffffffffffff9c, &(0x7f0000000340)='/dev/rtc\x00', 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)}, 0x0) r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/checkreqprot\x00', 0x61883bea5100b932, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_REFRESH(r2, 0x2402, 0xf17) unshare(0x40040400) ioctl$sock_bt_hidp_HIDPCONNDEL(0xffffffffffffffff, 0x400448c9, &(0x7f0000000080)={{0x100000000, 0x0, 0x12000, 0x0, 0x774}}) syz_open_dev$ndb(&(0x7f0000000140)='/dev/nbd#\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x200e80, 0x14) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, r3, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x3) ioctl$VHOST_GET_VRING_BASE(r1, 0xc008af12, &(0x7f00000003c0)) close(0xffffffffffffffff) r4 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r4, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r5 = dup(r4) ioctl$sock_inet6_tcp_SIOCATMARK(r5, 0x8905, &(0x7f0000000100)) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, &(0x7f0000000180)={0xffffffffffffffff, r0, 0x9f5, 0x60, &(0x7f0000000040)="afadd26e7504c5f39e22000b0b9b81136075d19d7e724c84e17330c2b77f599eaa454d42859a1b4ae09d7840cc7d1abca1fb636017f91eca69b09982011b18b41ab97877596225a1c1143898b8b5175ccf09dd7b3854112c49ecc0548ee15a0d", 0x9439, 0x400, 0x6, 0x8, 0x0, 0x0, 0x80000000, 'syz1\x00'}) prctl$PR_GET_ENDIAN(0x13, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) syz_open_dev$sg(0x0, 0x0, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x0, 0x0) 22:36:40 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x300, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:40 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) [ 287.057211] x86/PAT: syz-executor.4:14010 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 287.077892] IPVS: ftp: loaded support on port[0] = 21 [ 287.084953] FAULT_INJECTION: forcing a failure. [ 287.084953] name failslab, interval 1, probability 0, space 0, times 0 [ 287.134369] CPU: 1 PID: 14010 Comm: syz-executor.4 Not tainted 4.19.79 #0 [ 287.141352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 287.150716] Call Trace: [ 287.153322] dump_stack+0x172/0x1f0 [ 287.156974] should_fail.cold+0xa/0x1b [ 287.160893] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 287.166038] ? lock_downgrade+0x880/0x880 [ 287.170209] __should_failslab+0x121/0x190 [ 287.174467] should_failslab+0x9/0x14 [ 287.178283] kmem_cache_alloc+0x2ae/0x700 [ 287.182439] ? creds_are_invalid+0x59/0x150 [ 287.186778] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 287.192326] ? __validate_process_creds+0x1d9/0x300 [ 287.197342] prepare_creds+0x3e/0x400 [ 287.197357] copy_creds+0x7b/0x610 [ 287.197371] ? lockdep_init_map+0x9/0x10 [ 287.197392] copy_process.part.0+0xb54/0x7a30 [ 287.213260] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 287.218812] ? proc_fail_nth_write+0x9d/0x1e0 [ 287.223322] ? proc_cwd_link+0x1d0/0x1d0 [ 287.227396] ? __f_unlock_pos+0x19/0x20 [ 287.231390] ? find_held_lock+0x35/0x130 [ 287.235473] ? __cleanup_sighand+0x70/0x70 [ 287.239713] ? lock_downgrade+0x880/0x880 [ 287.243876] ? kasan_check_write+0x14/0x20 [ 287.248119] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 287.252978] _do_fork+0x257/0xfd0 [ 287.256442] ? fork_idle+0x1d0/0x1d0 [ 287.260157] ? fput+0x128/0x1a0 [ 287.263442] ? ksys_write+0x1f1/0x2d0 [ 287.267267] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 287.272023] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 287.276781] ? do_syscall_64+0x26/0x620 [ 287.280755] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 287.286117] ? do_syscall_64+0x26/0x620 [ 287.290095] __x64_sys_clone+0xbf/0x150 [ 287.294073] do_syscall_64+0xfd/0x620 [ 287.297879] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 287.303066] RIP: 0033:0x459a59 [ 287.306263] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 287.325267] RSP: 002b:00007fefe22aec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 287.332979] RAX: ffffffffffffffda RBX: 00007fefe22aec90 RCX: 0000000000459a59 [ 287.340426] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 287.347695] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 287.354962] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fefe22af6d4 [ 287.362234] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000007 [ 287.378873] x86/PAT: syz-executor.2:13846 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 287.378900] x86/PAT: syz-executor.2:13846 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:40 executing program 2 (fault-call:9 fault-nth:6): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:40 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(0x0, 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:40 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x500, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:40 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {0x0}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x8, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:40 executing program 3: prctl$PR_SET_FPEXC(0xc, 0x1) syz_mount_image$ext4(&(0x7f0000000080)='ext2\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000100)=[{&(0x7f0000000380)="800000003804000019000300e60100006c000000000000000100000001000000000b00000040000080000000000000006d5ebe5a0000ffff53ef40790a6dcffec134d4da6fe57266b52e87b9b2", 0x4d, 0x400}], 0x0, 0x0) [ 287.475487] x86/PAT: syz-executor.4:14010 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 287.534834] x86/PAT: syz-executor.4:14010 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:40 executing program 5 (fault-call:6 fault-nth:0): mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 287.580987] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 287.636922] EXT4-fs (loop3): invalid first ino: 0 22:36:40 executing program 4 (fault-call:11 fault-nth:3): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:40 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x5c0, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:40 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {0x0}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x8, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) [ 287.658833] x86/PAT: syz-executor.2:14095 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 287.683732] FAULT_INJECTION: forcing a failure. [ 287.683732] name failslab, interval 1, probability 0, space 0, times 0 [ 287.696901] CPU: 1 PID: 14095 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 287.703881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 287.713236] Call Trace: [ 287.713257] dump_stack+0x172/0x1f0 [ 287.713281] should_fail.cold+0xa/0x1b [ 287.713296] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 287.713311] ? lock_downgrade+0x880/0x880 [ 287.713337] __should_failslab+0x121/0x190 [ 287.736979] should_failslab+0x9/0x14 [ 287.740784] kmem_cache_alloc_trace+0x2cc/0x760 [ 287.745464] ? lock_downgrade+0x880/0x880 [ 287.749626] ? __lock_is_held+0xb6/0x140 [ 287.753697] alloc_fdtable+0x86/0x290 [ 287.757510] dup_fd+0x743/0xb30 [ 287.760805] copy_process.part.0+0x1e6a/0x7a30 [ 287.765402] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 287.770938] ? proc_fail_nth_write+0x9d/0x1e0 [ 287.775432] ? proc_cwd_link+0x1d0/0x1d0 [ 287.779493] ? __f_unlock_pos+0x19/0x20 [ 287.783480] ? __cleanup_sighand+0x70/0x70 [ 287.787714] ? lock_downgrade+0x880/0x880 [ 287.791871] ? kasan_check_write+0x14/0x20 [ 287.796104] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 287.800952] _do_fork+0x257/0xfd0 [ 287.804413] ? fork_idle+0x1d0/0x1d0 [ 287.808129] ? fput+0x128/0x1a0 [ 287.811409] ? ksys_write+0x1f1/0x2d0 [ 287.815218] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 287.819975] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 287.824732] ? do_syscall_64+0x26/0x620 [ 287.828706] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 287.834069] ? do_syscall_64+0x26/0x620 [ 287.838049] __x64_sys_clone+0xbf/0x150 [ 287.842028] do_syscall_64+0xfd/0x620 [ 287.845834] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 287.851024] RIP: 0033:0x459a59 [ 287.854218] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 287.873123] RSP: 002b:00007fae07356c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 287.880838] RAX: ffffffffffffffda RBX: 00007fae07356c90 RCX: 0000000000459a59 [ 287.888124] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 287.895398] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 287.902683] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073576d4 [ 287.909951] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 [ 287.950782] x86/PAT: syz-executor.2:14095 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:36:41 executing program 3: r0 = syz_open_dev$mouse(&(0x7f0000000100)='/dev/input/mouse#\x00', 0x9fe, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x8001) socketpair$unix(0x1, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/dev_snmp6\x00') r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x1c083, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f00003b9fdc)) r4 = syz_open_pts(r3, 0x4000000000000002) r5 = dup3(r4, r2, 0x0) ioctl$KIOCSOUND(r4, 0x4b2f, 0xff) flistxattr(r3, &(0x7f00000001c0)=""/118, 0x76) r6 = fcntl$dupfd(r1, 0x406, 0xffffffffffffffff) write$P9_RSTATFS(r6, &(0x7f0000000140)={0x43, 0x9, 0x1, {0x3, 0x101, 0x5, 0xffffffffffffffff, 0x20, 0x100, 0xffffffffffffff80, 0x6, 0x3f}}, 0x43) clone(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) poll(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r7, &(0x7f0000000bc0), 0x4000000000002e5, 0x0, 0x0) sendmmsg$unix(r8, &(0x7f0000004e00)=[{0x0, 0x36b, 0x0, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000f6b73859e9a3ac000100006f3c7525cd09908b2131b62245f8711e07a435d0b5af4d7c0fa3ffbac46028fe53e07db8e161173ff90e48fac8dac37c4fcb74ec0e330e1646a6dcfc048062f8440000000000000000000000000000000000000000000000000000a0d2537bf748c60e5c2d19b9fffe6dbfbde523355c1448068d542c398fdaafb70f1bc173cf9004b824602859ae4fac899413e67d11048da8ece6e77b074f0ecb16e431dbde7d202b7ad61bbe36952abb9c4f7ceaf38bf820fd0ad9a61964eb14b2860c23fcd018983da32804aa4940d1491970a1e7acaf30147253e3982be096a760448c8e1b99a764070ae35cf7124e4a0fcaf3c0855193b558ef0863b6b239bca040aaf8bf9ff157e1c3d6b357d8", @ANYRES32, @ANYRES32], 0x18}], 0x492492492492556, 0x0) setsockopt$SO_TIMESTAMP(r7, 0x1, 0x23, &(0x7f0000000000)=0x7, 0x4) write$binfmt_misc(r5, &(0x7f0000000640)=ANY=[@ANYBLOB="7351a2dd0870cae0fe9b03ca1e31f2a6317cb7d93912bc3f7a7f1881f351107ded54345b0c5effd01869baccecabb7003eeee8c3754593e80aafaa06b642f85ed5c5c0f0a643ac451670ec704250f3c9cc3a3f0e0ac5dd44acf76cde9083b640eb9ae6224d3e723034fc67646891653b71e3c2549f31ef9eeec90000ffffffffe7ff19555fac9b010cbc45cbe2b47e79c784fe580940ad7065be83b137920cb7f57de26941db7d92aac2c4908114d099ad5996ee5007592451807413bbc871003a2f5655921e30e9162c346b2ca9a60400f00c8b36499e6f4a5a1dae465908d729d32e1d91203a935a9f9d2f33acebf21b840cd4bbefedc230a250da5b0cd0787c5f4c003eb4f9ad9fac786f6482f9cfbfe708ea08415ab36d242fdd05646d652eb85195832d152b73f6ccdd92235e0b0f55bd68925c7e3fd6e17f34c7757fd212f5ec5c550b7f7c466d5a1a9f477eb20bf1ddb4b01929c4ea83d9d4713ebfa3e80aaa38dfb974aa7805fb96cc1dac844b4aae4751413661905d5a145ad87991ccf82183a442f8ee911a97bf94c82a2ac96a7e3f36ce40746d066467c2be39eb36d62248c9d6fd74c7dd0e4de6554df1eab76bc98b7b2484781ec90dec48257b36a12f3fd85406e2e2f961f60b7bea02968cf7"], 0x9e) r9 = syz_open_dev$admmidi(&(0x7f0000000080)='/dev/admmidi#\x00', 0x0, 0x0) ioctl$TIOCGWINSZ(r9, 0x5413, &(0x7f0000000240)) [ 287.994471] x86/PAT: syz-executor.2:14095 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:41 executing program 2 (fault-call:9 fault-nth:7): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:41 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:41 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x5c4, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 288.126516] x86/PAT: syz-executor.4:14108 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:36:41 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {0x0}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x8, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) [ 288.200031] x86/PAT: syz-executor.2:14121 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 288.244879] FAULT_INJECTION: forcing a failure. [ 288.244879] name failslab, interval 1, probability 0, space 0, times 0 22:36:41 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x2}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 288.292282] x86/PAT: syz-executor.4:14106 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 288.325451] CPU: 1 PID: 14121 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 288.328981] x86/PAT: syz-executor.4:14106 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 288.332426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 288.332432] Call Trace: [ 288.332453] dump_stack+0x172/0x1f0 [ 288.332473] should_fail.cold+0xa/0x1b [ 288.360579] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 288.365696] ? lock_downgrade+0x880/0x880 [ 288.369868] __should_failslab+0x121/0x190 [ 288.374110] should_failslab+0x9/0x14 [ 288.377919] kmem_cache_alloc_trace+0x2cc/0x760 [ 288.382599] ? lock_downgrade+0x880/0x880 [ 288.386755] ? __lock_is_held+0xb6/0x140 [ 288.390831] alloc_fdtable+0x86/0x290 [ 288.394661] dup_fd+0x743/0xb30 [ 288.397964] copy_process.part.0+0x1e6a/0x7a30 [ 288.402564] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 288.408111] ? proc_fail_nth_write+0x9d/0x1e0 [ 288.412616] ? proc_cwd_link+0x1d0/0x1d0 [ 288.416685] ? __f_unlock_pos+0x19/0x20 [ 288.420674] ? __cleanup_sighand+0x70/0x70 [ 288.424908] ? lock_downgrade+0x880/0x880 [ 288.429075] ? kasan_check_write+0x14/0x20 [ 288.433318] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 288.438172] _do_fork+0x257/0xfd0 [ 288.441639] ? fork_idle+0x1d0/0x1d0 [ 288.445352] ? fput+0x128/0x1a0 [ 288.448632] ? ksys_write+0x1f1/0x2d0 [ 288.452436] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 288.457193] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 288.461952] ? do_syscall_64+0x26/0x620 [ 288.465927] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 288.471290] ? do_syscall_64+0x26/0x620 [ 288.475271] __x64_sys_clone+0xbf/0x150 [ 288.479249] do_syscall_64+0xfd/0x620 [ 288.483056] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 288.488243] RIP: 0033:0x459a59 [ 288.491434] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 288.510347] RSP: 002b:00007fae07356c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 288.518060] RAX: ffffffffffffffda RBX: 00007fae07356c90 RCX: 0000000000459a59 [ 288.525348] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 288.532623] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 22:36:41 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:41 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) [ 288.539903] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073576d4 [ 288.547191] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 [ 288.563568] x86/PAT: syz-executor.2:14121 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:36:41 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x600, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 288.621552] x86/PAT: syz-executor.2:14121 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:41 executing program 2 (fault-call:9 fault-nth:8): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 288.718653] x86/PAT: syz-executor.4:14289 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:36:41 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {0x0}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x8, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:42 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:42 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x700, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 288.827660] x86/PAT: syz-executor.2:14345 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:36:42 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x3}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 288.911744] FAULT_INJECTION: forcing a failure. [ 288.911744] name failslab, interval 1, probability 0, space 0, times 0 [ 288.954544] CPU: 0 PID: 14353 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 288.961526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 288.970891] Call Trace: [ 288.973504] dump_stack+0x172/0x1f0 [ 288.977158] should_fail.cold+0xa/0x1b [ 288.981074] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 288.986197] ? lock_downgrade+0x880/0x880 [ 288.990379] __should_failslab+0x121/0x190 [ 288.994630] should_failslab+0x9/0x14 [ 288.998443] kmem_cache_alloc_node_trace+0x274/0x720 [ 289.003558] ? alloc_fdtable+0x86/0x290 [ 289.007544] ? kasan_unpoison_shadow+0x35/0x50 [ 289.012147] __kmalloc_node+0x3d/0x80 [ 289.015961] kvmalloc_node+0x68/0x100 [ 289.019775] alloc_fdtable+0x142/0x290 [ 289.023781] dup_fd+0x743/0xb30 [ 289.027081] copy_process.part.0+0x1e6a/0x7a30 [ 289.031688] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 289.037235] ? proc_fail_nth_write+0x9d/0x1e0 [ 289.041744] ? proc_cwd_link+0x1d0/0x1d0 [ 289.045835] ? __f_unlock_pos+0x19/0x20 [ 289.049829] ? __cleanup_sighand+0x70/0x70 22:36:42 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x4}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 289.054070] ? lock_downgrade+0x880/0x880 [ 289.058245] ? kasan_check_write+0x14/0x20 [ 289.062491] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 289.067355] _do_fork+0x257/0xfd0 [ 289.070827] ? fork_idle+0x1d0/0x1d0 [ 289.074557] ? fput+0x128/0x1a0 [ 289.077849] ? ksys_write+0x1f1/0x2d0 [ 289.081663] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 289.086430] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 289.091197] ? do_syscall_64+0x26/0x620 [ 289.095329] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 289.100703] ? do_syscall_64+0x26/0x620 22:36:42 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x900, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 289.104692] __x64_sys_clone+0xbf/0x150 [ 289.108680] do_syscall_64+0xfd/0x620 [ 289.112490] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 289.117689] RIP: 0033:0x459a59 [ 289.120891] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 289.139802] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 289.147513] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 22:36:42 executing program 3: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) lseek(r1, 0x7ffffc, 0x0) write$binfmt_elf64(r1, &(0x7f0000000000)=ANY=[@ANYRESDEC], 0xfd14) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r2, 0xc0506617, &(0x7f00000000c0)={{0x5, 0x0, @reserved="eb2d554bdc3dda5019962dc8cdd96bbe90991461c76062fced0032061d656a02"}, 0x1a, [], "ce7394be725771c75c141c078e405e7040f47c4b1aa4c8182fdd"}) fallocate(r1, 0x100000003, 0x0, 0x28120001) fallocate(r0, 0x100000003, 0x804000, 0x28120001) 22:36:42 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0xa00, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 289.154786] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 289.154794] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 289.154801] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 289.154809] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 [ 289.208216] x86/PAT: syz-executor.2:14344 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 289.289795] x86/PAT: syz-executor.4:14269 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 289.304511] x86/PAT: syz-executor.2:14344 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 289.332516] x86/PAT: syz-executor.4:14269 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:42 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0xf00, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:42 executing program 2 (fault-call:9 fault-nth:9): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:42 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x5}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:42 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:42 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x2, 0x0, 0x0, 0x0, 0x0) 22:36:42 executing program 3: setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000000)={0x9a, {{0x2, 0x0, @local}}}, 0x88) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0xffffffffffffffff) pivot_root(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00') ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000240)={0x0, 0x102000}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x276, 0x0, 0x0, 0xfffffe3d) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f000001d000)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xd, 0xffffffffffffffff, 0xe10193f3bfdcbd86) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) setsockopt$netrom_NETROM_T1(r4, 0x103, 0x1, &(0x7f00000001c0)=0x200, 0x4) r5 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r5, 0x8916, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @rand_addr=0x7}}) arch_prctl$ARCH_GET_GS(0x1004, &(0x7f00000000c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 22:36:42 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x8, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:42 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x6}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 289.586328] x86/PAT: syz-executor.2:14489 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 289.597861] x86/PAT: syz-executor.4:14493 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 289.642833] FAULT_INJECTION: forcing a failure. [ 289.642833] name failslab, interval 1, probability 0, space 0, times 0 [ 289.668013] CPU: 0 PID: 14498 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 289.674988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 289.674995] Call Trace: [ 289.675018] dump_stack+0x172/0x1f0 22:36:42 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x1100, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 289.675036] should_fail.cold+0xa/0x1b [ 289.675053] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 289.675066] ? lock_downgrade+0x880/0x880 [ 289.675092] __should_failslab+0x121/0x190 [ 289.675109] should_failslab+0x9/0x14 [ 289.675121] kmem_cache_alloc+0x2ae/0x700 [ 289.675138] ? dup_fd+0x5c1/0xb30 [ 289.719467] copy_fs_struct+0x43/0x2d0 [ 289.719484] copy_process.part.0+0x377d/0x7a30 [ 289.727953] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 289.733507] ? proc_fail_nth_write+0x9d/0x1e0 [ 289.738014] ? proc_cwd_link+0x1d0/0x1d0 [ 289.742072] ? __f_unlock_pos+0x19/0x20 [ 289.746065] ? __cleanup_sighand+0x70/0x70 [ 289.750307] ? lock_downgrade+0x880/0x880 [ 289.754475] ? kasan_check_write+0x14/0x20 [ 289.758728] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 289.763594] _do_fork+0x257/0xfd0 [ 289.767069] ? fork_idle+0x1d0/0x1d0 [ 289.770796] ? fput+0x128/0x1a0 [ 289.774086] ? ksys_write+0x1f1/0x2d0 [ 289.777902] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 289.782670] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 289.787437] ? do_syscall_64+0x26/0x620 [ 289.791420] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 289.796783] ? do_syscall_64+0x26/0x620 [ 289.796801] __x64_sys_clone+0xbf/0x150 [ 289.796817] do_syscall_64+0xfd/0x620 [ 289.796834] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 289.796845] RIP: 0033:0x459a59 [ 289.796858] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 289.796865] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 289.796879] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 289.796886] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 289.796899] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 289.836038] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 289.836049] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 22:36:43 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x2000, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:43 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x8, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) [ 289.898847] x86/PAT: syz-executor.4:14492 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:36:43 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r1 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/mls\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r1, 0x84, 0x1c, &(0x7f0000000180), &(0x7f0000000200)=0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="25bca274769e620aa734fa0095e0612687463915e38802a9d8aea872943afd874e2f98b479a7316270146d0e02f8e63ba8863cd7dcc6760253ef", 0x3a, 0x400}], 0x0, &(0x7f0000000080)={[{@journal_async_commit='journal_async_commit'}]}) [ 289.960730] x86/PAT: syz-executor.4:14492 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:43 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x4, 0x0, 0x0, 0x0, 0x0) [ 290.062123] EXT4-fs (loop3): Unsupported filesystem blocksize 0 (1923657432 log_block_size) [ 290.109162] x86/PAT: syz-executor.4:14724 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 290.213787] x86/PAT: syz-executor.2:14488 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 290.249445] x86/PAT: syz-executor.4:14723 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:36:43 executing program 2 (fault-call:9 fault-nth:10): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:43 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x7}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:43 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x2c01, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:43 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x8, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:43 executing program 3: r0 = syz_open_dev$admmidi(&(0x7f0000000300)='/dev/admmidi#\x00', 0x7ff, 0x2) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000380)=0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2528, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/checkreqprot\x00', 0x101600, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r2, 0x0, 0x3bd, 0x200007fd, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='scalable\x00', 0x9) sendmmsg$inet(r2, &(0x7f0000000b40)=[{{0x0, 0xfffffffffffffcfb, &(0x7f0000000200)=[{&(0x7f0000000100)="8cb08f70aca1f2e24e7dc4636db1607852800ad7239bfbb123065f68cd67943bc81a1d56defee801abbb295542689614ad3cf075062ecc8fff703998f05b4a75cd21c51a0cdf5c1d22ec6c88b2f328c35d2284ce373751008f2fe11265fc7b892d9211b9f2b8d60d65de6a11b376b8379dea0e24d9d54997f9b0c35fdbb691b6a85b1dd235877eaf2c6b56cdebc12feefdd198891969cc07ec80aa29bcc95a7fa0866e97a784c0ac21edab15d06cfb51b0f47e5f4404000000000000", 0x19}, {&(0x7f0000000340)="4520d8c1ee8e08b9ee293229", 0x28c}], 0x2}}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000500)='B', 0x3c9}], 0x1}}, {{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000640)="6704848d55e654ad6f06f85d5c8caed968361a080c9a53252ca10c8e9f2257b4300eccf6f7e8f49e10382d24c8e304851ba9f674097b80c63dc396090a3762753a1400aba6fc2b7dcec89c4c03bb4f4a995e7f0d40", 0x98}], 0x1}}], 0x308, 0x40000) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8b04, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00$\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00', @ANYRES32=0x0, @ANYBLOB='\v\x00'/12]}}, 0x0) socket$netlink(0x10, 0x3, 0x10) socket$inet6_tcp(0xa, 0x1, 0x0) 22:36:43 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x8, 0x0, 0x0, 0x0, 0x0) [ 290.251007] x86/PAT: syz-executor.2:14488 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 290.277556] x86/PAT: syz-executor.4:14723 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:43 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0xa}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:43 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x3f00, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 290.408295] x86/PAT: syz-executor.2:14945 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 290.423928] x86/PAT: syz-executor.4:14946 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:36:43 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) [ 290.511722] FAULT_INJECTION: forcing a failure. [ 290.511722] name failslab, interval 1, probability 0, space 0, times 0 [ 290.566059] CPU: 0 PID: 14945 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 290.573043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 290.582404] Call Trace: [ 290.585009] dump_stack+0x172/0x1f0 [ 290.588648] should_fail.cold+0xa/0x1b [ 290.592549] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 290.597662] ? lock_downgrade+0x880/0x880 [ 290.601827] __should_failslab+0x121/0x190 [ 290.606076] should_failslab+0x9/0x14 [ 290.609884] kmem_cache_alloc+0x2ae/0x700 [ 290.614037] ? do_raw_spin_unlock+0x57/0x270 [ 290.618451] ? _raw_spin_unlock+0x2d/0x50 [ 290.622632] copy_process.part.0+0x1fd7/0x7a30 [ 290.627225] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 290.632763] ? proc_fail_nth_write+0x9d/0x1e0 [ 290.637260] ? proc_cwd_link+0x1d0/0x1d0 [ 290.641327] ? __f_unlock_pos+0x19/0x20 [ 290.645316] ? __cleanup_sighand+0x70/0x70 [ 290.649548] ? lock_downgrade+0x880/0x880 [ 290.653706] ? kasan_check_write+0x14/0x20 [ 290.657945] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 290.662794] _do_fork+0x257/0xfd0 [ 290.666256] ? fork_idle+0x1d0/0x1d0 [ 290.669974] ? fput+0x128/0x1a0 [ 290.673253] ? ksys_write+0x1f1/0x2d0 [ 290.677061] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 290.681815] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 290.686575] ? do_syscall_64+0x26/0x620 [ 290.690551] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 290.695920] ? do_syscall_64+0x26/0x620 [ 290.699896] __x64_sys_clone+0xbf/0x150 [ 290.703876] do_syscall_64+0xfd/0x620 [ 290.707687] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 290.712875] RIP: 0033:0x459a59 [ 290.716070] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 290.734976] RSP: 002b:00007fae07356c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 290.742700] RAX: ffffffffffffffda RBX: 00007fae07356c90 RCX: 0000000000459a59 [ 290.749968] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 290.757236] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 22:36:43 executing program 3: openat$audio(0xffffffffffffff9c, 0x0, 0x88001, 0x0) r0 = open(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) msgget(0x0, 0x400) syz_open_dev$sndseq(0x0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) signalfd4(r1, &(0x7f0000000000)={0x1ff}, 0x8, 0x1879200d8c1efc6b) write$FUSE_LK(0xffffffffffffffff, 0x0, 0x0) msgctl$MSG_STAT(0x0, 0xb, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket(0x10, 0x0, 0x0) r2 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0x0) keyctl$get_keyring_id(0x0, r2, 0xffff) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$SG_GET_VERSION_NUM(0xffffffffffffffff, 0x2282, &(0x7f0000001100)) ioctl$TCSETX(r0, 0x5433, &(0x7f00000002c0)={0xae6d, 0x0, [0xffff, 0xfffb, 0x0, 0x0, 0x3], 0x24d9}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000023c0)) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="02000f00000a00000000ff07000000000000000000000000000000000000000000004200000000000000018000"/62, 0x3e, 0x1c0}]) [ 290.764504] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073576d4 [ 290.771774] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 22:36:44 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x10}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 290.869381] x86/PAT: syz-executor.4:14942 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 290.911818] x86/PAT: syz-executor.4:14942 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:44 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x4000, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 291.025324] x86/PAT: syz-executor.2:14945 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 291.043381] x86/PAT: syz-executor.2:14945 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 291.056122] Dev loop3: unable to read RDB block 1 [ 291.090814] loop3: unable to read partition table 22:36:44 executing program 2 (fault-call:9 fault-nth:11): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:44 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x10, 0x0, 0x0, 0x0, 0x0) 22:36:44 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:44 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x48}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 291.117979] loop3: partition table beyond EOD, truncated [ 291.150522] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 22:36:44 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x6000, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 291.226522] x86/PAT: syz-executor.4:15182 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:36:44 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x4c}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 291.343675] x86/PAT: syz-executor.2:15254 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 291.369213] x86/PAT: syz-executor.4:15177 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 291.379663] x86/PAT: syz-executor.4:15177 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:44 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:44 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x80fe, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 291.404695] FAULT_INJECTION: forcing a failure. [ 291.404695] name failslab, interval 1, probability 0, space 0, times 0 [ 291.478851] CPU: 0 PID: 15374 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 291.485834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 291.495191] Call Trace: [ 291.497792] dump_stack+0x172/0x1f0 [ 291.501436] should_fail.cold+0xa/0x1b [ 291.505341] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 291.510902] ? lock_downgrade+0x880/0x880 [ 291.515070] __should_failslab+0x121/0x190 [ 291.519307] should_failslab+0x9/0x14 [ 291.523116] kmem_cache_alloc+0x2ae/0x700 [ 291.527279] ? trace_hardirqs_on+0x67/0x220 [ 291.531603] ? kasan_check_read+0x11/0x20 [ 291.535759] copy_process.part.0+0x2139/0x7a30 [ 291.540349] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 291.545891] ? proc_fail_nth_write+0x9d/0x1e0 [ 291.550385] ? proc_cwd_link+0x1d0/0x1d0 [ 291.554447] ? __f_unlock_pos+0x19/0x20 [ 291.558434] ? __cleanup_sighand+0x70/0x70 [ 291.562666] ? lock_downgrade+0x880/0x880 [ 291.566824] ? kasan_check_write+0x14/0x20 [ 291.571058] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 291.575907] _do_fork+0x257/0xfd0 22:36:44 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x68}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 291.579364] ? fork_idle+0x1d0/0x1d0 [ 291.583083] ? fput+0x128/0x1a0 [ 291.586455] ? ksys_write+0x1f1/0x2d0 [ 291.590260] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 291.595024] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 291.599782] ? do_syscall_64+0x26/0x620 [ 291.603755] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 291.609116] ? do_syscall_64+0x26/0x620 [ 291.613098] __x64_sys_clone+0xbf/0x150 [ 291.617087] do_syscall_64+0xfd/0x620 [ 291.620898] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 291.626092] RIP: 0033:0x459a59 [ 291.629289] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 291.648194] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 291.655919] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 291.663194] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 291.670494] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 22:36:44 executing program 3: openat$audio(0xffffffffffffff9c, 0x0, 0x88001, 0x0) r0 = open(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) msgget(0x0, 0x400) syz_open_dev$sndseq(0x0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) signalfd4(r1, &(0x7f0000000000)={0x1ff}, 0x8, 0x1879200d8c1efc6b) write$FUSE_LK(0xffffffffffffffff, 0x0, 0x0) msgctl$MSG_STAT(0x0, 0xb, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket(0x10, 0x0, 0x0) r2 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0x0) keyctl$get_keyring_id(0x0, r2, 0xffff) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$SG_GET_VERSION_NUM(0xffffffffffffffff, 0x2282, &(0x7f0000001100)) ioctl$TCSETX(r0, 0x5433, &(0x7f00000002c0)={0xae6d, 0x0, [0xffff, 0xfffb, 0x0, 0x0, 0x3], 0x24d9}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000023c0)) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="02000f00000a00000000ff07000000000000000000000000000000000000000000004200000000000000018000"/62, 0x3e, 0x1c0}]) 22:36:44 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0xc005, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:44 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x11, 0x0, 0x0, 0x0, 0x0) [ 291.677766] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 291.685040] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 [ 291.836652] x86/PAT: syz-executor.4:15443 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:36:45 executing program 2 (fault-call:9 fault-nth:12): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:45 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {0x0}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x8, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:45 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0xc0fe, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:45 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x6c}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:45 executing program 3: openat$audio(0xffffffffffffff9c, 0x0, 0x88001, 0x0) r0 = open(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) msgget(0x0, 0x400) syz_open_dev$sndseq(0x0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) signalfd4(r1, &(0x7f0000000000)={0x1ff}, 0x8, 0x1879200d8c1efc6b) write$FUSE_LK(0xffffffffffffffff, 0x0, 0x0) msgctl$MSG_STAT(0x0, 0xb, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket(0x10, 0x0, 0x0) r2 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0x0) keyctl$get_keyring_id(0x0, r2, 0xffff) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$SG_GET_VERSION_NUM(0xffffffffffffffff, 0x2282, &(0x7f0000001100)) ioctl$TCSETX(r0, 0x5433, &(0x7f00000002c0)={0xae6d, 0x0, [0xffff, 0xfffb, 0x0, 0x0, 0x3], 0x24d9}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000023c0)) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="02000f00000a00000000ff07000000000000000000000000000000000000000000004200000000000000018000"/62, 0x3e, 0x1c0}]) [ 291.952584] x86/PAT: syz-executor.2:15254 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 291.970749] x86/PAT: syz-executor.2:15254 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 292.042210] x86/PAT: syz-executor.4:15418 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 292.115217] x86/PAT: syz-executor.4:15418 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:45 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0xc405, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:45 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x30, 0x0, 0x0, 0x0, 0x0) 22:36:45 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {0x0}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x8, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:45 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x74}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 292.170263] x86/PAT: syz-executor.2:15638 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 292.228457] FAULT_INJECTION: forcing a failure. [ 292.228457] name failslab, interval 1, probability 0, space 0, times 0 [ 292.252982] CPU: 1 PID: 15642 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 292.259963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 292.269319] Call Trace: [ 292.271914] dump_stack+0x172/0x1f0 [ 292.275550] should_fail.cold+0xa/0x1b [ 292.279446] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 292.284555] ? lock_downgrade+0x880/0x880 [ 292.288715] __should_failslab+0x121/0x190 [ 292.292955] should_failslab+0x9/0x14 [ 292.296757] kmem_cache_alloc+0x2ae/0x700 [ 292.300910] ? lockdep_init_map+0x9/0x10 [ 292.304970] ? debug_mutex_init+0x2d/0x60 [ 292.309126] copy_process.part.0+0x2ad6/0x7a30 [ 292.313716] ? proc_fail_nth_write+0x9d/0x1e0 [ 292.318231] ? __cleanup_sighand+0x70/0x70 [ 292.322463] ? lock_downgrade+0x880/0x880 [ 292.326621] ? kasan_check_write+0x14/0x20 [ 292.330855] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 292.335705] _do_fork+0x257/0xfd0 [ 292.339167] ? fork_idle+0x1d0/0x1d0 [ 292.342884] ? fput+0x128/0x1a0 [ 292.346167] ? ksys_write+0x1f1/0x2d0 [ 292.349976] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 292.354733] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 292.359491] ? do_syscall_64+0x26/0x620 [ 292.363466] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 292.368830] ? do_syscall_64+0x26/0x620 [ 292.372808] __x64_sys_clone+0xbf/0x150 [ 292.376791] do_syscall_64+0xfd/0x620 [ 292.380600] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 292.386052] RIP: 0033:0x459a59 [ 292.389248] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 292.408149] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 292.415863] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 292.423131] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 292.430398] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 292.437662] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 292.444930] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 [ 292.497497] Dev loop3: unable to read RDB block 1 [ 292.527179] loop3: unable to read partition table 22:36:45 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0xfc00, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 292.556886] loop3: partition table beyond EOD, truncated [ 292.577696] x86/PAT: syz-executor.4:15653 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 292.580645] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 22:36:45 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {0x0}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x8, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:45 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x7a}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 292.691226] x86/PAT: syz-executor.4:15652 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 292.734364] x86/PAT: syz-executor.4:15652 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:46 executing program 2 (fault-call:9 fault-nth:13): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:46 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0xfe80, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:46 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x1100, 0x0, 0x0, 0x0, 0x0) 22:36:46 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="020700001000000000000000000000000800120000000100000000000000000006000000000000000000000000000200e00040e0ff00000020000000000000000000ada8008004000000200000000000030006000000000002000080ac14ffbbf00000000000000003000500000000000200423b1d632bd7b8200000000000c7"], 0x80}}, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) setsockopt$SO_TIMESTAMP(r1, 0x1, 0x22, &(0x7f00000000c0)=0x7, 0x4) 22:36:46 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x300}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:46 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) [ 292.898558] x86/PAT: syz-executor.2:15638 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 292.925975] x86/PAT: syz-executor.2:15638 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 293.009629] x86/PAT: syz-executor.4:15776 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:36:46 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0xfec0, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 293.102708] x86/PAT: syz-executor.2:15790 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:36:46 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x500}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 293.176542] x86/PAT: syz-executor.4:15774 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 293.196152] FAULT_INJECTION: forcing a failure. [ 293.196152] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 293.259531] x86/PAT: syz-executor.4:15774 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:46 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) [ 293.361721] CPU: 0 PID: 15994 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 293.368711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 293.378071] Call Trace: [ 293.380679] dump_stack+0x172/0x1f0 [ 293.384326] should_fail.cold+0xa/0x1b [ 293.388237] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 293.393364] ? __might_sleep+0x95/0x190 [ 293.397361] __alloc_pages_nodemask+0x1ee/0x750 [ 293.402050] ? __alloc_pages_slowpath+0x2870/0x2870 [ 293.407093] ? find_held_lock+0x35/0x130 [ 293.411241] ? percpu_ref_put_many+0x94/0x190 [ 293.415749] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 293.421305] alloc_pages_current+0x107/0x210 [ 293.425727] __get_free_pages+0xc/0x40 [ 293.429686] pgd_alloc+0x8b/0x3f0 [ 293.433154] ? pgd_page_get_mm+0x40/0x40 [ 293.437222] ? __lockdep_init_map+0x10c/0x5b0 [ 293.441741] ? __lockdep_init_map+0x10c/0x5b0 [ 293.446246] mm_init+0x59e/0x9d0 [ 293.449616] copy_process.part.0+0x2b3d/0x7a30 [ 293.454215] ? proc_fail_nth_write+0x9d/0x1e0 [ 293.458738] ? __cleanup_sighand+0x70/0x70 [ 293.462976] ? lock_downgrade+0x880/0x880 [ 293.467140] ? kasan_check_write+0x14/0x20 [ 293.471411] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 293.476274] _do_fork+0x257/0xfd0 [ 293.479745] ? fork_idle+0x1d0/0x1d0 [ 293.483468] ? fput+0x128/0x1a0 [ 293.486755] ? ksys_write+0x1f1/0x2d0 [ 293.490570] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 293.495336] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 293.500102] ? do_syscall_64+0x26/0x620 [ 293.504085] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 293.509455] ? do_syscall_64+0x26/0x620 [ 293.513451] __x64_sys_clone+0xbf/0x150 [ 293.517436] do_syscall_64+0xfd/0x620 [ 293.521257] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 293.526455] RIP: 0033:0x459a59 [ 293.529655] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 293.548571] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 22:36:46 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0xff00, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:46 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x1f00, 0x0, 0x0, 0x0, 0x0) [ 293.556301] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 293.563582] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 293.570858] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 293.578131] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 293.585400] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 [ 293.603207] x86/PAT: syz-executor.2:15783 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:36:46 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x600}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 293.654408] x86/PAT: syz-executor.2:15783 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:46 executing program 2 (fault-call:9 fault-nth:14): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:46 executing program 3: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/create\x00', 0x2, 0x0) write$selinux_create(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="73797374656d5f753a6f626a6563745f723a6c6f61645f706f6c6963795f657865235f743a7330202f7573722f7362696e2f6e747064203030303030303030303030303030303030303037202e2f66696c65302f2e2e2f66696c653000fd409fc6c9469924888a3d2fde4051b0963dc3476450e8755cdc2c11830624d0f127459f00c77f347088ce908286e8b2bb786c8e516784d21356e6894280"], 0x5d) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r0, 0x0, 0x1000000000000003, 0x0) r3 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f000087fff8)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r4, 0x5452, &(0x7f0000008ff8)=0x3f) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) bind$packet(0xffffffffffffffff, 0x0, 0x0) fcntl$setsig(r4, 0xa, 0x12) fcntl$setownex(r4, 0xf, &(0x7f0000000140)={0x0, r3}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) socketpair$unix(0x1, 0x0, 0x0, 0x0) recvmsg(r5, &(0x7f0000172fc8)={0x0, 0x0, 0x0}, 0x0) mkdir(&(0x7f0000042ff6)='./file0\x00', 0x80) inotify_add_watch(0xffffffffffffffff, 0x0, 0x0) inotify_add_watch(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) rmdir(0x0) dup2(r4, r5) r7 = open(&(0x7f00000001c0)='./file0\x00', 0x400000008044, 0x0) sync_file_range(r7, 0x2, 0x0, 0x5) r8 = gettid() tkill(r8, 0x16) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000200)={&(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ff7000/0x3000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)}, 0x18) sendto$packet(r2, &(0x7f0000000640)="dfbfe6034523b770ba82d52e605e575bda08461c54d27822d7e313edc8a40388cd424f5b70094e99d91056653cf27494b7428fd30000544a4a11e363064732c176026bd5ebcd38812f0d2857fccebddcfdabd9425cb5547f0effc2ef972f48bef299a1886ddc3124f4f89219a41bc6d8c721c2b3834bc39b2d9f044f7ee50b6888e97b0591f70b8a9cc73b088ca94797e4638a22560f6fa8e60fd19c4206b0c4859a6654afe232f9907b635f84577d23e9419045ef59ac340da36116c6b345c30300776e9ac8ecadb6cc58535b3b1f21460badbaa4cf1886d5a0f57513ab26ff77f8507b0edb49ba5204145ad32d8c0b1c9834201ffcd1a6fbc91a84916002165e8fd7b45d982b50c4491b448f675f677011c910582a15f803901b75ba03df4e36e0e685b21101a1de34dbc743149d5d8f7758af1a1edc097589401f779206af5f9399304106c816082ee1268f872a00000000000000", 0xff8a, 0x3ffffff, 0x0, 0x7065eb39) 22:36:46 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) [ 293.783347] x86/PAT: syz-executor.4:16064 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:36:47 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x700}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:47 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 293.844090] x86/PAT: syz-executor.2:16076 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 293.890166] FAULT_INJECTION: forcing a failure. [ 293.890166] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 293.931411] x86/PAT: syz-executor.4:16063 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 293.961384] x86/PAT: syz-executor.4:16063 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 293.970833] CPU: 0 PID: 16076 Comm: syz-executor.2 Not tainted 4.19.79 #0 22:36:47 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0xa00}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 293.977789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 293.987148] Call Trace: [ 293.989750] dump_stack+0x172/0x1f0 [ 293.993397] should_fail.cold+0xa/0x1b [ 293.997308] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 294.002431] ? __might_sleep+0x95/0x190 [ 294.006424] __alloc_pages_nodemask+0x1ee/0x750 [ 294.011109] ? __alloc_pages_slowpath+0x2870/0x2870 [ 294.016144] ? find_held_lock+0x35/0x130 [ 294.020220] ? percpu_ref_put_many+0x94/0x190 [ 294.024730] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 22:36:47 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x2000, 0x0, 0x0, 0x0, 0x0) [ 294.030279] alloc_pages_current+0x107/0x210 [ 294.034699] __get_free_pages+0xc/0x40 [ 294.038594] pgd_alloc+0x8b/0x3f0 [ 294.042059] ? pgd_page_get_mm+0x40/0x40 [ 294.046133] ? __lockdep_init_map+0x10c/0x5b0 [ 294.050641] ? __lockdep_init_map+0x10c/0x5b0 [ 294.055148] mm_init+0x59e/0x9d0 [ 294.058527] copy_process.part.0+0x2b3d/0x7a30 [ 294.063119] ? proc_fail_nth_write+0x9d/0x1e0 [ 294.067648] ? __cleanup_sighand+0x70/0x70 [ 294.071891] ? lock_downgrade+0x880/0x880 [ 294.076053] ? kasan_check_write+0x14/0x20 [ 294.080291] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 294.085144] _do_fork+0x257/0xfd0 [ 294.088607] ? fork_idle+0x1d0/0x1d0 [ 294.092325] ? fput+0x128/0x1a0 [ 294.095602] ? ksys_write+0x1f1/0x2d0 [ 294.099403] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 294.104140] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 294.108880] ? do_syscall_64+0x26/0x620 [ 294.112849] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 294.118197] ? do_syscall_64+0x26/0x620 [ 294.122169] __x64_sys_clone+0xbf/0x150 [ 294.126147] do_syscall_64+0xfd/0x620 [ 294.129946] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 294.135124] RIP: 0033:0x459a59 [ 294.138308] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 294.157251] RSP: 002b:00007fae07356c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 294.164970] RAX: ffffffffffffffda RBX: 00007fae07356c90 RCX: 0000000000459a59 [ 294.172236] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 22:36:47 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x2, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:47 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x8, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:47 executing program 3: mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='btrfs\x00', 0x0, 0x0) [ 294.179498] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 294.186761] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073576d4 [ 294.194133] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 [ 294.235665] x86/PAT: syz-executor.2:16076 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 294.284582] x86/PAT: syz-executor.2:16076 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 294.332919] x86/PAT: syz-executor.4:16301 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:36:47 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x3, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:47 executing program 3: setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, 0x0, 0x0) mmap$xdp(&(0x7f0000ffe000/0x1000)=nil, 0x100000, 0x0, 0x52, 0xffffffffffffffff, 0x0) ioctl(0xffffffffffffffff, 0x7f, 0x0) r0 = socket(0x400020000000010, 0x0, 0x0) r1 = gettid() r2 = openat$selinux_status(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/status\x00', 0x0, 0x0) r3 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r3, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) recvmmsg(r3, &(0x7f0000002f00)=[{{&(0x7f0000000340)=@alg, 0x80, &(0x7f00000003c0)=[{&(0x7f0000000540)=""/166, 0xa6}], 0x1, &(0x7f0000000600)}, 0x200}, {{&(0x7f0000000680)=@can={0x1d, 0x0}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000700)=""/248, 0xf8}, {&(0x7f0000000800)=""/21, 0x15}], 0x2, &(0x7f0000000880)=""/194, 0xc2}, 0xe30}, {{&(0x7f0000000980)=@ipx, 0x80, &(0x7f0000002dc0)=[{&(0x7f0000000a00)=""/175, 0xaf}, {&(0x7f0000000ac0)=""/255, 0xff}, {&(0x7f0000000bc0)=""/4096, 0x1000}, {&(0x7f0000001bc0)=""/131, 0x83}, {&(0x7f0000001c80)=""/237, 0xed}, {&(0x7f0000001d80)=""/49, 0x31}, {&(0x7f0000001dc0)=""/4096, 0x1000}], 0x7, &(0x7f0000002e40)=""/180, 0xb4}, 0x9}], 0x3, 0x3, &(0x7f0000002fc0)) ioctl$TUNSETIFINDEX(r2, 0x400454da, &(0x7f0000003000)=r4) getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r2, 0x84, 0x12, &(0x7f0000000100), &(0x7f0000000240)=0x4) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0xc0406618, &(0x7f0000000140)={{0x55f48f84b55022f7, 0x0, @identifier="b128035daf7f442707071c6bb666219d"}}) r5 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r5, &(0x7f00000002c0)=ANY=[@ANYPTR64=&(0x7f0000000240)=ANY=[]], 0x8) prctl$PR_SET_PTRACER(0x59616d61, r1) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r5) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) syz_open_dev$mouse(&(0x7f0000000400)='/dev/input/mouse#\x00', 0x400, 0x408200) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x2cb, 0x400000000000) syz_open_dev$cec(&(0x7f0000000000)='$\xd2(\x90\x9b\x00T\x01\x00', 0x0, 0x2) r6 = socket$inet(0x2, 0x6000000000000003, 0x6) setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f0000000040)='sit0\x00', 0x10) sendto$inet(r6, 0x0, 0x0, 0x404c0c0, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) sendto$inet(r6, &(0x7f0000000200)="0dcc72eceb6c5cc1db78d90df7d01e81ca0c21a42ff29d34db233dd42f1ef1c3ae8d360e4844115fc9280775b51310d621eb800fca90f499a24bd835", 0x3c, 0x0, &(0x7f00000001c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) getsockopt$inet_IP_XFRM_POLICY(r6, 0x0, 0x11, &(0x7f0000000440)={{{@in6=@empty, @in=@dev}}, {{@in6=@empty}, 0x0, @in6=@empty}}, &(0x7f0000000640)=0xe8) 22:36:47 executing program 2 (fault-call:9 fault-nth:15): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:47 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x8, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:47 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x4800}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 294.500081] x86/PAT: syz-executor.2:16340 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 294.527878] FAULT_INJECTION: forcing a failure. [ 294.527878] name failslab, interval 1, probability 0, space 0, times 0 22:36:47 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x4, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 294.571619] x86/PAT: syz-executor.4:16297 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 294.603737] CPU: 1 PID: 16340 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 294.610721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 294.620081] Call Trace: [ 294.622681] dump_stack+0x172/0x1f0 [ 294.626330] should_fail.cold+0xa/0x1b [ 294.630234] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 294.635355] ? lock_downgrade+0x880/0x880 [ 294.639527] __should_failslab+0x121/0x190 [ 294.643772] should_failslab+0x9/0x14 [ 294.647582] kmem_cache_alloc+0x2ae/0x700 [ 294.651740] ? get_mm_exe_file+0x289/0x3e0 [ 294.655989] ? trace_event_raw_event_task_newtask+0x440/0x440 [ 294.661900] __khugepaged_enter+0x3b/0x390 [ 294.666149] copy_process.part.0+0x7299/0x7a30 [ 294.670746] ? proc_fail_nth_write+0x9d/0x1e0 [ 294.675269] ? __cleanup_sighand+0x70/0x70 [ 294.679504] ? lock_downgrade+0x880/0x880 [ 294.683664] ? kasan_check_write+0x14/0x20 [ 294.687905] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 294.692764] _do_fork+0x257/0xfd0 [ 294.696233] ? fork_idle+0x1d0/0x1d0 [ 294.699950] ? fput+0x128/0x1a0 [ 294.703277] ? ksys_write+0x1f1/0x2d0 [ 294.707078] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 294.707092] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 294.707109] ? do_syscall_64+0x26/0x620 [ 294.720552] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 294.725938] ? do_syscall_64+0x26/0x620 [ 294.729925] __x64_sys_clone+0xbf/0x150 [ 294.733922] do_syscall_64+0xfd/0x620 [ 294.737741] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 294.742936] RIP: 0033:0x459a59 [ 294.746132] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 294.765042] RSP: 002b:00007fae07356c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 22:36:47 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x5, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:47 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x6, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 294.766417] x86/PAT: syz-executor.4:16297 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 294.772757] RAX: ffffffffffffffda RBX: 00007fae07356c90 RCX: 0000000000459a59 [ 294.772766] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 294.772774] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 294.772783] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073576d4 [ 294.772791] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 [ 294.794740] x86/PAT: syz-executor.2:16340 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:36:48 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x3000, 0x0, 0x0, 0x0, 0x0) 22:36:48 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x8, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:48 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x4c00}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 294.848673] x86/PAT: syz-executor.2:16340 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:48 executing program 2 (fault-call:9 fault-nth:16): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:48 executing program 3: openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) lsetxattr$trusted_overlay_opaque(&(0x7f0000000440)='./bus\x00', &(0x7f0000000480)='trusted.overlay.opaque\x00', &(0x7f00000004c0)='y\x00', 0x2, 0x6) openat$zero(0xffffffffffffff9c, &(0x7f0000000200)='/dev/zero\x00', 0x0, 0x0) open(0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x14107e, 0x0) write$binfmt_aout(r1, &(0x7f0000000640)=ANY=[@ANYBLOB="bcef637615f704c4f004000010006b2fe0cc7ba626ab04a14f42ff858272a3203613c6118f7999487de970dc0ef7ceebfe9cff2d213855b50792461597723e24a4386f19cd199d1609bc6e9d0600000000000000a67f74525be599daad5d7827cab0accce71e2ff18fb62af355057747eb4961042386e187e68f1f957520b59bee0300000000000000f3a2e080d4d81661021fb75a00000000005f1e9c2198ddceeed6d6745537aae7e67027c8d24c07bb31defc9d2dab9d565b40f151d67cde67d5c7261c2d75e80f2f2f449b1014009cc5f1536dbca6a9ba1fee7ac79191ec43d61c69ef6bea73be075e67cd19d68c5ee3dc6cc9a27beac684fbb143d181410a1c9adb1990c740dacb82e6afba829ac330fb144b82ce5ab0e9c3bf5dcca823262020493182f7c114ff141f8fbdcc27742ab3aabced7a19b04750c6f6f55f"], 0x7b) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unlink(&(0x7f0000001e00)='./bus\x00') sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) open(&(0x7f0000000140)='./bus\x00', 0x4002, 0x7) r2 = socket$alg(0x26, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r3 = accept4$llc(0xffffffffffffffff, &(0x7f00000003c0)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, &(0x7f0000000400)=0x10, 0xc1800) fcntl$setsig(r3, 0xa, 0x3a) r4 = creat(&(0x7f0000000040)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r4, 0x7, &(0x7f0000027000)={0x1}) r5 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) setxattr$trusted_overlay_opaque(&(0x7f0000000100)='./file0\x00', &(0x7f0000000340)='trusted.overlay.opaque\x00', &(0x7f0000000380)='y\x00', 0x2, 0x1) fchdir(r5) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000400)=ANY=[], 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000240), 0x7fff) bind$alg(r2, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes-aesni)\x00'}, 0x58) accept4(r2, 0x0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) recvfrom(0xffffffffffffffff, &(0x7f0000003240)=""/4096, 0x100000205, 0x0, 0x0, 0x415) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4008220d}, 0xc, &(0x7f0000000280)={&(0x7f0000000600)={0x2c, 0x0, 0x400, 0x70bd25, 0x25dfdbfe, {{}, 0x0, 0x4108, 0x0, {0x10, 0x18, {0x8cf7, @bearer=@l2={'ib', 0x3a, 'nr0\x00'}}}}, ["", "", "", "", "", "", ""]}, 0x2c}, 0x1, 0x0, 0x0, 0x600c404}, 0x4004000) 22:36:48 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x7, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:48 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:48 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x6800}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 295.072456] x86/PAT: syz-executor.4:16544 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 295.088201] x86/PAT: syz-executor.2:16548 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 295.124680] FAULT_INJECTION: forcing a failure. [ 295.124680] name failslab, interval 1, probability 0, space 0, times 0 [ 295.137538] CPU: 0 PID: 16548 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 295.144603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 295.153977] Call Trace: [ 295.154000] dump_stack+0x172/0x1f0 [ 295.160214] should_fail.cold+0xa/0x1b [ 295.164120] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 295.169236] ? lock_downgrade+0x880/0x880 [ 295.173405] __should_failslab+0x121/0x190 [ 295.177648] should_failslab+0x9/0x14 [ 295.177663] kmem_cache_alloc+0x2ae/0x700 [ 295.177678] ? kasan_check_read+0x11/0x20 [ 295.177695] ? do_raw_spin_unlock+0x57/0x270 [ 295.194189] vm_area_dup+0x21/0x170 [ 295.197829] copy_process.part.0+0x3407/0x7a30 [ 295.202450] ? __cleanup_sighand+0x70/0x70 [ 295.206702] ? lock_downgrade+0x880/0x880 [ 295.210865] ? kasan_check_write+0x14/0x20 [ 295.215114] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 295.219971] _do_fork+0x257/0xfd0 [ 295.223440] ? fork_idle+0x1d0/0x1d0 [ 295.227151] ? fput+0x128/0x1a0 [ 295.230426] ? ksys_write+0x1f1/0x2d0 [ 295.234240] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 295.239006] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 295.243770] ? do_syscall_64+0x26/0x620 [ 295.247763] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 295.253137] ? do_syscall_64+0x26/0x620 [ 295.257130] __x64_sys_clone+0xbf/0x150 [ 295.261115] do_syscall_64+0xfd/0x620 [ 295.264929] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 295.270120] RIP: 0033:0x459a59 [ 295.273314] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 295.292308] RSP: 002b:00007fae07356c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 295.300028] RAX: ffffffffffffffda RBX: 00007fae07356c90 RCX: 0000000000459a59 [ 295.307417] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 295.314697] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 22:36:48 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x8, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:48 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x6c00}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 295.321971] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073576d4 [ 295.329253] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 22:36:48 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:48 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f00000001c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(0x0, 0x0) syncfs(r1) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_open_dev$sndpcmc(0x0, 0x1020, 0x40a900) connect$bt_sco(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) setresgid(0x0, 0xee01, 0x0) unlink(&(0x7f0000000400)='./bus\x00') r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f00000002c0)=""/23, &(0x7f0000000300)=0x17) getsockopt$inet_sctp6_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x61c000) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, &(0x7f0000000340)={0x0, 0x0, 'client0\x00', 0x2, "ecded70180000050", "8cb325891806f5e50c80c6ffc3877947e115692ca5e56792b0e5696a95f5ee21"}) syz_open_dev$dmmidi(&(0x7f0000000640)='/dev/dmmidi#\x00', 0x401, 0x800) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x12, r6, 0x0) readv(r6, &(0x7f00000007c0)=[{&(0x7f0000002300)=""/4096, 0x1000}], 0x3b6) getpeername$unix(r4, &(0x7f00000007c0)=@abs, &(0x7f0000000440)=0xffffffbb) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r5, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000013000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r7 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r8) [ 295.371480] x86/PAT: syz-executor.2:16548 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 295.391649] x86/PAT: syz-executor.2:16548 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 295.490470] x86/PAT: syz-executor.4:16543 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 295.513472] x86/PAT: syz-executor.4:16543 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:48 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x3f00, 0x0, 0x0, 0x0, 0x0) 22:36:48 executing program 2 (fault-call:9 fault-nth:17): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:48 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x9, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:48 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x7400}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 295.636674] x86/PAT: syz-executor.2:16782 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 295.696903] FAULT_INJECTION: forcing a failure. [ 295.696903] name failslab, interval 1, probability 0, space 0, times 0 [ 295.730537] x86/PAT: syz-executor.4:16789 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:36:48 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:48 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0xa, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 295.753401] CPU: 1 PID: 16782 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 295.760526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 295.769881] Call Trace: [ 295.769907] dump_stack+0x172/0x1f0 [ 295.769930] should_fail.cold+0xa/0x1b [ 295.769949] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 295.769963] ? lock_downgrade+0x880/0x880 [ 295.769988] __should_failslab+0x121/0x190 [ 295.770009] should_failslab+0x9/0x14 [ 295.789326] kmem_cache_alloc+0x2ae/0x700 22:36:49 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0xf, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 295.797338] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 295.797353] ? __vm_enough_memory+0x324/0x5a0 [ 295.797373] vm_area_dup+0x21/0x170 [ 295.797390] copy_process.part.0+0x3407/0x7a30 [ 295.819230] ? __cleanup_sighand+0x70/0x70 [ 295.823481] ? lock_downgrade+0x880/0x880 [ 295.827660] ? kasan_check_write+0x14/0x20 [ 295.831908] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 295.836765] _do_fork+0x257/0xfd0 [ 295.840231] ? fork_idle+0x1d0/0x1d0 [ 295.843953] ? fput+0x128/0x1a0 [ 295.847253] ? ksys_write+0x1f1/0x2d0 [ 295.851075] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 295.855845] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 295.860620] ? do_syscall_64+0x26/0x620 [ 295.864600] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 295.864616] ? do_syscall_64+0x26/0x620 [ 295.864634] __x64_sys_clone+0xbf/0x150 [ 295.864651] do_syscall_64+0xfd/0x620 [ 295.864670] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 295.873985] RIP: 0033:0x459a59 [ 295.890096] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 295.909003] RSP: 002b:00007fae07356c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 295.909020] RAX: ffffffffffffffda RBX: 00007fae07356c90 RCX: 0000000000459a59 [ 295.909028] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 295.909036] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 295.909045] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073576d4 [ 295.909053] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 22:36:49 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x30f, &(0x7f0000000040)=ANY=[@ANYBLOB="61124c000000000061138c0000000000bf200000000000001500000008ffffffbd0301000000000095000000000000006916000000000000bf67000000000000170600000fff07006706000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad43010000000000950000000000000005000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x13}, 0x48) [ 295.949788] x86/PAT: syz-executor.2:16782 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:36:49 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x7a00}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 296.028695] x86/PAT: syz-executor.4:16788 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 296.044507] x86/PAT: syz-executor.2:16782 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:49 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x10, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:49 executing program 2 (fault-call:9 fault-nth:18): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 296.111552] x86/PAT: syz-executor.4:16788 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:49 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x4000, 0x0, 0x0, 0x0, 0x0) 22:36:49 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {0x0}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x8, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:49 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x100000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:49 executing program 3: openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$rds(0x15, 0x5, 0x0) mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x2000000, 0x13, r0, 0x0) r1 = socket(0x0, 0x0, 0x0) socket(0x10, 0x0, 0x0) poll(0x0, 0x0, 0x8000000000000200) r2 = memfd_create(&(0x7f0000000540)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86Xe\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\xe5j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x80dX\xcc\xab\x84\xd1\x01_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2L\xf0\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU\".\x18)\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf', 0x0) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000140)={{{@in=@multicast2, @in6=@mcast2}}, {{@in=@remote}, 0x0, @in6}}, &(0x7f0000000440)=0x38e) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x802, 0x0) ioctl$RTC_ALM_READ(r3, 0x80247008, &(0x7f0000000000)) ioctl$EVIOCSABS0(r3, 0x401845c0, &(0x7f0000000080)={0x9, 0xac, 0x6, 0xd2, 0x0, 0x8}) [ 296.293280] x86/PAT: syz-executor.2:17119 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:36:49 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x11, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 296.335673] x86/PAT: syz-executor.4:17129 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 296.366153] FAULT_INJECTION: forcing a failure. [ 296.366153] name failslab, interval 1, probability 0, space 0, times 0 [ 296.402944] CPU: 0 PID: 17133 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 296.409928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 296.419322] Call Trace: [ 296.421941] dump_stack+0x172/0x1f0 [ 296.425588] should_fail.cold+0xa/0x1b [ 296.429489] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 296.434607] ? find_held_lock+0x35/0x130 [ 296.438679] ? percpu_ref_put_many+0x94/0x190 [ 296.443193] __should_failslab+0x121/0x190 [ 296.447440] should_failslab+0x9/0x14 [ 296.451246] kmem_cache_alloc+0x47/0x700 [ 296.455315] ? __lock_is_held+0xb6/0x140 [ 296.459457] anon_vma_clone+0xde/0x480 [ 296.463369] anon_vma_fork+0x8f/0x4a0 [ 296.467257] ? dup_userfaultfd+0x15e/0x6c0 [ 296.471506] ? memcpy+0x46/0x50 [ 296.474803] copy_process.part.0+0x34e5/0x7a30 [ 296.479424] ? __cleanup_sighand+0x70/0x70 [ 296.483666] ? lock_downgrade+0x880/0x880 [ 296.487833] ? kasan_check_write+0x14/0x20 [ 296.492076] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 296.496940] _do_fork+0x257/0xfd0 22:36:49 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {0x0}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x8, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:49 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0xf0ff7f}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:49 executing program 3: openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$rds(0x15, 0x5, 0x0) mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x2000000, 0x13, r0, 0x0) r1 = socket(0x0, 0x0, 0x0) socket(0x10, 0x0, 0x0) poll(0x0, 0x0, 0x8000000000000200) r2 = memfd_create(&(0x7f0000000540)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86Xe\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\xe5j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x80dX\xcc\xab\x84\xd1\x01_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2L\xf0\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU\".\x18)\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf', 0x0) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000140)={{{@in=@multicast2, @in6=@mcast2}}, {{@in=@remote}, 0x0, @in6}}, &(0x7f0000000440)=0x38e) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x802, 0x0) ioctl$RTC_ALM_READ(r3, 0x80247008, &(0x7f0000000000)) ioctl$EVIOCSABS0(r3, 0x401845c0, &(0x7f0000000080)={0x9, 0xac, 0x6, 0xd2, 0x0, 0x8}) [ 296.500405] ? fork_idle+0x1d0/0x1d0 [ 296.504133] ? fput+0x128/0x1a0 [ 296.507420] ? ksys_write+0x1f1/0x2d0 [ 296.511229] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 296.515991] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 296.520339] x86/PAT: syz-executor.4:17123 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 296.520748] ? do_syscall_64+0x26/0x620 [ 296.533368] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 296.538740] ? do_syscall_64+0x26/0x620 [ 296.538761] __x64_sys_clone+0xbf/0x150 [ 296.546684] do_syscall_64+0xfd/0x620 [ 296.546704] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 296.546714] RIP: 0033:0x459a59 [ 296.546728] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 296.546735] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 296.546748] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 296.546759] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 22:36:49 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x551e, 0x0, 0x0, 0x0, 0x0) [ 296.556033] x86/PAT: syz-executor.4:17123 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 296.558890] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 296.558903] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 296.558915] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 22:36:49 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x60, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:49 executing program 2 (fault-call:9 fault-nth:19): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 296.668176] x86/PAT: syz-executor.2:17347 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 296.686444] x86/PAT: syz-executor.2:17347 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:50 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x1000000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:50 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/route\x00') preadv(0xffffffffffffffff, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r0, 0x800448d3, &(0x7f0000000500)={{0x7, 0x1, 0x0, 0x8, 0x4, 0x9}, 0x9, 0x557, 0x9d07, 0x7ff, 0x81, "3d9c313f7c083054e060bc8577119d4c0d8d1fe17d1c80768e993c0a36eaf10b664fc6dcd4bab9809610be96ffeba41a4d582dde93380f94fd945eaafa35bee79cc889535e7d915f1ac7a4664f3015f7d9d62751cb070e6c2da59b78026379681a4614edc19e9cf804ce2c11589a37e5997afe190137ee7d24ddfbd8da6d0ee8"}) r1 = perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0, 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r1, 0x0) read(r2, &(0x7f0000367fe4)=""/91, 0x275) perf_event_open(&(0x7f00000005c0)={0x4, 0x70, 0x6, 0x1, 0x3, 0x8, 0x0, 0x3, 0x10020, 0xd, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, 0x6, @perf_bp={&(0x7f0000000140)}, 0xf8b5e8d57695e2c, 0x3, 0x6, 0x9, 0x6, 0x5, 0x9}, 0x0, 0x10, r2, 0x9) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x6, 0x0) mount(&(0x7f0000000200)=@md0='/dev/md0\x00', &(0x7f0000000640)='./file0\x00', &(0x7f0000000680)='ext2\x00', 0x20000, &(0x7f00000006c0)='\x00') setsockopt$inet6_int(r3, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) r4 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r4, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) bind$inet6(r4, &(0x7f0000000700)={0xa, 0x4e24, 0x6, @dev={0xfe, 0x80, [], 0x25}}, 0x1c) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) ioctl$FS_IOC_MEASURE_VERITY(r3, 0xc0046686, &(0x7f0000000040)={0x1, 0x99, "b7ee1280b2c610ee889637239696ab159f50a7512558f6abb458cdcc16f78930a82a4826cbf13468d177861e97bb5ae0c149682300053f1aa094f2679d5fec6ab45d3aaa9fd58d2f9ad452532ccfc3e585f37ff5007625cae503fa175b72a4ee90b4bbd9d62fddb84bdaf32102a28f8a80fa0b8348414c83c8b93f5f7dab9257524f73021b1fb291e432aa83d40a42d2299f9c41ca6dfc9203"}) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="ac010000170001000000000000000000e0000001000000000000000000000000000000000000000000000000000000000000ffffac1414007f0000010000000000000000000000000000000000000000000000000000000100"/104, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000e000000100000000000000000000000000000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000084000500fe8000000000000000000000000000bb000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000d24639b3899290965e8add75ed0afdd8000000003c000000000000007f0000010000000000000000000000000000000000000000000000000000000000000000f3fee85cb8e09931a3c49bb1540317ce92250200a084380c435fc8efb8ee2c110d2cf3d83971014121390fd34cda821763547b0b9d41e8a22408a311436a57df9f4ff10ccd35394afe3b8d0730f96ddb7f7896d2f0e339d6489c847850df9ca662470a35a570533b2b015f76ebc011119f7d835fca9be55c7f32e4cba4d00c357b7299be1e1a441a3bc1dd"], 0x1ac}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x14, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}}, 0x14}, 0x1, 0xfdffffff00000000}, 0x0) [ 296.821361] x86/PAT: syz-executor.4:17445 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 296.849939] x86/PAT: syz-executor.2:17463 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:36:50 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {0x0}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x8, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) [ 296.913236] FAULT_INJECTION: forcing a failure. [ 296.913236] name failslab, interval 1, probability 0, space 0, times 0 [ 296.932991] CPU: 1 PID: 17480 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 296.939978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 296.949336] Call Trace: [ 296.951929] dump_stack+0x172/0x1f0 [ 296.955573] should_fail.cold+0xa/0x1b [ 296.959477] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 296.964596] ? find_held_lock+0x35/0x130 [ 296.968669] ? percpu_ref_put_many+0x94/0x190 [ 296.973179] __should_failslab+0x121/0x190 [ 296.977426] should_failslab+0x9/0x14 [ 296.981233] kmem_cache_alloc+0x47/0x700 [ 296.985340] ? __lock_is_held+0xb6/0x140 [ 296.989422] anon_vma_clone+0xde/0x480 [ 296.993326] anon_vma_fork+0x8f/0x4a0 [ 296.997133] ? dup_userfaultfd+0x15e/0x6c0 [ 297.001379] ? memcpy+0x46/0x50 [ 297.004675] copy_process.part.0+0x34e5/0x7a30 [ 297.009319] ? __cleanup_sighand+0x70/0x70 [ 297.013562] ? lock_downgrade+0x880/0x880 [ 297.017731] ? kasan_check_write+0x14/0x20 [ 297.021976] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 297.026832] _do_fork+0x257/0xfd0 [ 297.030301] ? fork_idle+0x1d0/0x1d0 [ 297.034020] ? fput+0x128/0x1a0 [ 297.037308] ? ksys_write+0x1f1/0x2d0 [ 297.041118] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 297.045876] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 297.045891] ? do_syscall_64+0x26/0x620 [ 297.045907] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 297.045918] ? do_syscall_64+0x26/0x620 22:36:50 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0xfc, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:50 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x12c, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 297.045936] __x64_sys_clone+0xbf/0x150 [ 297.045954] do_syscall_64+0xfd/0x620 [ 297.045972] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 297.045990] RIP: 0033:0x459a59 [ 297.068035] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 297.068044] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 297.068060] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 297.068068] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 297.068076] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 297.068084] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 297.068092] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 22:36:50 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x7597, 0x0, 0x0, 0x0, 0x0) [ 297.069822] audit: type=1400 audit(1570833410.093:100): avc: denied { name_bind } for pid=17491 comm="syz-executor.3" src=20004 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 22:36:50 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x2000000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 297.208912] x86/PAT: syz-executor.2:17480 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 297.221834] audit: type=1400 audit(1570833410.093:101): avc: denied { node_bind } for pid=17491 comm="syz-executor.3" saddr=fe80::25 src=20004 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:node_t:s0 tclass=dccp_socket permissive=1 22:36:50 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) [ 297.290346] x86/PAT: syz-executor.2:17578 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 297.315396] x86/PAT: syz-executor.2:17480 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 297.329788] x86/PAT: syz-executor.4:17584 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:36:50 executing program 2 (fault-call:9 fault-nth:20): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:50 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x3000000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:50 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x300, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 297.410932] x86/PAT: syz-executor.2:17578 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:50 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/route\x00') preadv(0xffffffffffffffff, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r0, 0x800448d3, &(0x7f0000000500)={{0x7, 0x1, 0x0, 0x8, 0x4, 0x9}, 0x9, 0x557, 0x9d07, 0x7ff, 0x81, "3d9c313f7c083054e060bc8577119d4c0d8d1fe17d1c80768e993c0a36eaf10b664fc6dcd4bab9809610be96ffeba41a4d582dde93380f94fd945eaafa35bee79cc889535e7d915f1ac7a4664f3015f7d9d62751cb070e6c2da59b78026379681a4614edc19e9cf804ce2c11589a37e5997afe190137ee7d24ddfbd8da6d0ee8"}) r1 = perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0, 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r1, 0x0) read(r2, &(0x7f0000367fe4)=""/91, 0x275) perf_event_open(&(0x7f00000005c0)={0x4, 0x70, 0x6, 0x1, 0x3, 0x8, 0x0, 0x3, 0x10020, 0xd, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, 0x6, @perf_bp={&(0x7f0000000140)}, 0xf8b5e8d57695e2c, 0x3, 0x6, 0x9, 0x6, 0x5, 0x9}, 0x0, 0x10, r2, 0x9) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x6, 0x0) mount(&(0x7f0000000200)=@md0='/dev/md0\x00', &(0x7f0000000640)='./file0\x00', &(0x7f0000000680)='ext2\x00', 0x20000, &(0x7f00000006c0)='\x00') setsockopt$inet6_int(r3, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) r4 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r4, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) bind$inet6(r4, &(0x7f0000000700)={0xa, 0x4e24, 0x6, @dev={0xfe, 0x80, [], 0x25}}, 0x1c) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) ioctl$FS_IOC_MEASURE_VERITY(r3, 0xc0046686, &(0x7f0000000040)={0x1, 0x99, "b7ee1280b2c610ee889637239696ab159f50a7512558f6abb458cdcc16f78930a82a4826cbf13468d177861e97bb5ae0c149682300053f1aa094f2679d5fec6ab45d3aaa9fd58d2f9ad452532ccfc3e585f37ff5007625cae503fa175b72a4ee90b4bbd9d62fddb84bdaf32102a28f8a80fa0b8348414c83c8b93f5f7dab9257524f73021b1fb291e432aa83d40a42d2299f9c41ca6dfc9203"}) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="ac010000170001000000000000000000e0000001000000000000000000000000000000000000000000000000000000000000ffffac1414007f0000010000000000000000000000000000000000000000000000000000000100"/104, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000e000000100000000000000000000000000000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000084000500fe8000000000000000000000000000bb000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000d24639b3899290965e8add75ed0afdd8000000003c000000000000007f0000010000000000000000000000000000000000000000000000000000000000000000f3fee85cb8e09931a3c49bb1540317ce92250200a084380c435fc8efb8ee2c110d2cf3d83971014121390fd34cda821763547b0b9d41e8a22408a311436a57df9f4ff10ccd35394afe3b8d0730f96ddb7f7896d2f0e339d6489c847850df9ca662470a35a570533b2b015f76ebc011119f7d835fca9be55c7f32e4cba4d00c357b7299be1e1a441a3bc1dd"], 0x1ac}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x14, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}}, 0x14}, 0x1, 0xfdffffff00000000}, 0x0) [ 297.455138] x86/PAT: syz-executor.4:17581 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:36:50 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) [ 297.507894] x86/PAT: syz-executor.4:17581 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:50 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x9775, 0x0, 0x0, 0x0, 0x0) 22:36:50 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x4000000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 297.594081] x86/PAT: syz-executor.2:17804 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 297.662646] FAULT_INJECTION: forcing a failure. [ 297.662646] name failslab, interval 1, probability 0, space 0, times 0 22:36:50 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x500, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 297.703021] x86/PAT: syz-executor.4:17845 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 297.731595] CPU: 0 PID: 17850 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 297.738582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 297.747945] Call Trace: [ 297.750553] dump_stack+0x172/0x1f0 [ 297.754196] should_fail.cold+0xa/0x1b [ 297.758102] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 297.763223] ? lock_downgrade+0x880/0x880 [ 297.767404] __should_failslab+0x121/0x190 [ 297.771656] should_failslab+0x9/0x14 [ 297.775466] kmem_cache_alloc+0x2ae/0x700 [ 297.779623] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 297.784647] ? __vm_enough_memory+0x324/0x5a0 [ 297.789157] vm_area_dup+0x21/0x170 [ 297.792805] copy_process.part.0+0x3407/0x7a30 [ 297.797421] ? __cleanup_sighand+0x70/0x70 [ 297.801677] ? lock_downgrade+0x880/0x880 [ 297.805850] ? kasan_check_write+0x14/0x20 [ 297.810092] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 297.814959] _do_fork+0x257/0xfd0 [ 297.818431] ? fork_idle+0x1d0/0x1d0 [ 297.822158] ? fput+0x128/0x1a0 [ 297.825450] ? ksys_write+0x1f1/0x2d0 [ 297.829262] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 297.834204] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 297.835716] x86/PAT: syz-executor.4:17825 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 297.838964] ? do_syscall_64+0x26/0x620 22:36:51 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0xff0f, 0x0, 0x0, 0x0, 0x0) [ 297.838981] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 297.838992] ? do_syscall_64+0x26/0x620 [ 297.839010] __x64_sys_clone+0xbf/0x150 [ 297.854341] x86/PAT: syz-executor.4:17825 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 297.857000] do_syscall_64+0xfd/0x620 [ 297.857022] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 297.857035] RIP: 0033:0x459a59 22:36:51 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x5c0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:51 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) [ 297.885766] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 297.904677] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 297.912406] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 297.919686] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 297.926964] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 297.934234] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 297.934243] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 22:36:51 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x5000000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 297.956805] x86/PAT: syz-executor.2:17850 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 297.999658] x86/PAT: syz-executor.2:17850 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:51 executing program 2 (fault-call:9 fault-nth:21): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:51 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/route\x00') preadv(0xffffffffffffffff, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r0, 0x800448d3, &(0x7f0000000500)={{0x7, 0x1, 0x0, 0x8, 0x4, 0x9}, 0x9, 0x557, 0x9d07, 0x7ff, 0x81, "3d9c313f7c083054e060bc8577119d4c0d8d1fe17d1c80768e993c0a36eaf10b664fc6dcd4bab9809610be96ffeba41a4d582dde93380f94fd945eaafa35bee79cc889535e7d915f1ac7a4664f3015f7d9d62751cb070e6c2da59b78026379681a4614edc19e9cf804ce2c11589a37e5997afe190137ee7d24ddfbd8da6d0ee8"}) r1 = perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0, 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r1, 0x0) read(r2, &(0x7f0000367fe4)=""/91, 0x275) perf_event_open(&(0x7f00000005c0)={0x4, 0x70, 0x6, 0x1, 0x3, 0x8, 0x0, 0x3, 0x10020, 0xd, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, 0x6, @perf_bp={&(0x7f0000000140)}, 0xf8b5e8d57695e2c, 0x3, 0x6, 0x9, 0x6, 0x5, 0x9}, 0x0, 0x10, r2, 0x9) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x6, 0x0) mount(&(0x7f0000000200)=@md0='/dev/md0\x00', &(0x7f0000000640)='./file0\x00', &(0x7f0000000680)='ext2\x00', 0x20000, &(0x7f00000006c0)='\x00') setsockopt$inet6_int(r3, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) r4 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r4, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) bind$inet6(r4, &(0x7f0000000700)={0xa, 0x4e24, 0x6, @dev={0xfe, 0x80, [], 0x25}}, 0x1c) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) ioctl$FS_IOC_MEASURE_VERITY(r3, 0xc0046686, &(0x7f0000000040)={0x1, 0x99, "b7ee1280b2c610ee889637239696ab159f50a7512558f6abb458cdcc16f78930a82a4826cbf13468d177861e97bb5ae0c149682300053f1aa094f2679d5fec6ab45d3aaa9fd58d2f9ad452532ccfc3e585f37ff5007625cae503fa175b72a4ee90b4bbd9d62fddb84bdaf32102a28f8a80fa0b8348414c83c8b93f5f7dab9257524f73021b1fb291e432aa83d40a42d2299f9c41ca6dfc9203"}) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="ac010000170001000000000000000000e0000001000000000000000000000000000000000000000000000000000000000000ffffac1414007f0000010000000000000000000000000000000000000000000000000000000100"/104, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000e000000100000000000000000000000000000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000084000500fe8000000000000000000000000000bb000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000d24639b3899290965e8add75ed0afdd8000000003c000000000000007f0000010000000000000000000000000000000000000000000000000000000000000000f3fee85cb8e09931a3c49bb1540317ce92250200a084380c435fc8efb8ee2c110d2cf3d83971014121390fd34cda821763547b0b9d41e8a22408a311436a57df9f4ff10ccd35394afe3b8d0730f96ddb7f7896d2f0e339d6489c847850df9ca662470a35a570533b2b015f76ebc011119f7d835fca9be55c7f32e4cba4d00c357b7299be1e1a441a3bc1dd"], 0x1ac}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x14, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}}, 0x14}, 0x1, 0xfdffffff00000000}, 0x0) 22:36:51 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x5c4, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 298.098136] x86/PAT: syz-executor.4:18039 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:36:51 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x8, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) [ 298.238941] x86/PAT: syz-executor.2:18110 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 298.260205] x86/PAT: syz-executor.4:18034 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:36:51 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x6000000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 298.282649] x86/PAT: syz-executor.4:18034 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:51 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x20010, 0x0, 0x0, 0x0, 0x0) [ 298.320151] FAULT_INJECTION: forcing a failure. [ 298.320151] name failslab, interval 1, probability 0, space 0, times 0 22:36:51 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x8, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:51 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x600, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 298.404536] CPU: 0 PID: 18110 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 298.411515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 298.420872] Call Trace: [ 298.423474] dump_stack+0x172/0x1f0 [ 298.427126] should_fail.cold+0xa/0x1b [ 298.431037] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 298.436151] ? lock_downgrade+0x880/0x880 [ 298.440321] __should_failslab+0x121/0x190 [ 298.444578] should_failslab+0x9/0x14 [ 298.448389] kmem_cache_alloc+0x2ae/0x700 [ 298.452537] ? anon_vma_clone+0x320/0x480 [ 298.456697] anon_vma_fork+0xfc/0x4a0 [ 298.460504] ? dup_userfaultfd+0x15e/0x6c0 [ 298.464742] ? memcpy+0x46/0x50 [ 298.468038] copy_process.part.0+0x34e5/0x7a30 [ 298.472649] ? __cleanup_sighand+0x70/0x70 [ 298.476891] ? lock_downgrade+0x880/0x880 [ 298.481054] ? kasan_check_write+0x14/0x20 [ 298.483646] x86/PAT: syz-executor.4:18159 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 298.485291] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 298.485313] _do_fork+0x257/0xfd0 22:36:51 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x7000000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 298.485331] ? fork_idle+0x1d0/0x1d0 [ 298.485345] ? fput+0x128/0x1a0 [ 298.485361] ? ksys_write+0x1f1/0x2d0 [ 298.513152] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 298.517914] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 298.523658] ? do_syscall_64+0x26/0x620 [ 298.527624] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 298.532978] ? do_syscall_64+0x26/0x620 [ 298.536945] __x64_sys_clone+0xbf/0x150 [ 298.540911] do_syscall_64+0xfd/0x620 [ 298.544706] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 298.549881] RIP: 0033:0x459a59 [ 298.553060] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 298.571947] RSP: 002b:00007fae07356c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 298.579653] RAX: ffffffffffffffda RBX: 00007fae07356c90 RCX: 0000000000459a59 [ 298.586905] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 298.594156] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 22:36:51 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x700, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 298.601411] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073576d4 [ 298.608668] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 22:36:51 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0xa000000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:51 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x8, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) [ 298.778848] x86/PAT: syz-executor.4:18158 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 298.800922] x86/PAT: syz-executor.4:18158 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 298.803393] x86/PAT: syz-executor.2:18110 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:36:52 executing program 2 (fault-call:9 fault-nth:22): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:52 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x900, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:52 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x20200, 0x0, 0x0, 0x0, 0x0) 22:36:52 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x8, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 22:36:52 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x48000000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 298.917298] x86/PAT: syz-executor.2:18110 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 298.989933] x86/PAT: syz-executor.4:18293 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:36:52 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x141042, 0x0) 22:36:52 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0xa00, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 299.105812] x86/PAT: syz-executor.2:18368 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 299.120209] x86/PAT: syz-executor.4:18290 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:36:52 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/route\x00') preadv(0xffffffffffffffff, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r0, 0x800448d3, &(0x7f0000000500)={{0x7, 0x1, 0x0, 0x8, 0x4, 0x9}, 0x9, 0x557, 0x9d07, 0x7ff, 0x81, "3d9c313f7c083054e060bc8577119d4c0d8d1fe17d1c80768e993c0a36eaf10b664fc6dcd4bab9809610be96ffeba41a4d582dde93380f94fd945eaafa35bee79cc889535e7d915f1ac7a4664f3015f7d9d62751cb070e6c2da59b78026379681a4614edc19e9cf804ce2c11589a37e5997afe190137ee7d24ddfbd8da6d0ee8"}) r1 = perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0, 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r1, 0x0) read(r2, &(0x7f0000367fe4)=""/91, 0x275) perf_event_open(&(0x7f00000005c0)={0x4, 0x70, 0x6, 0x1, 0x3, 0x8, 0x0, 0x3, 0x10020, 0xd, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, 0x6, @perf_bp={&(0x7f0000000140)}, 0xf8b5e8d57695e2c, 0x3, 0x6, 0x9, 0x6, 0x5, 0x9}, 0x0, 0x10, r2, 0x9) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x6, 0x0) mount(&(0x7f0000000200)=@md0='/dev/md0\x00', &(0x7f0000000640)='./file0\x00', &(0x7f0000000680)='ext2\x00', 0x20000, &(0x7f00000006c0)='\x00') setsockopt$inet6_int(r3, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) r4 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r4, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) bind$inet6(r4, &(0x7f0000000700)={0xa, 0x4e24, 0x6, @dev={0xfe, 0x80, [], 0x25}}, 0x1c) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) ioctl$FS_IOC_MEASURE_VERITY(r3, 0xc0046686, &(0x7f0000000040)={0x1, 0x99, "b7ee1280b2c610ee889637239696ab159f50a7512558f6abb458cdcc16f78930a82a4826cbf13468d177861e97bb5ae0c149682300053f1aa094f2679d5fec6ab45d3aaa9fd58d2f9ad452532ccfc3e585f37ff5007625cae503fa175b72a4ee90b4bbd9d62fddb84bdaf32102a28f8a80fa0b8348414c83c8b93f5f7dab9257524f73021b1fb291e432aa83d40a42d2299f9c41ca6dfc9203"}) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="ac010000170001000000000000000000e0000001000000000000000000000000000000000000000000000000000000000000ffffac1414007f0000010000000000000000000000000000000000000000000000000000000100"/104, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000e000000100000000000000000000000000000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000084000500fe8000000000000000000000000000bb000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000d24639b3899290965e8add75ed0afdd8000000003c000000000000007f0000010000000000000000000000000000000000000000000000000000000000000000f3fee85cb8e09931a3c49bb1540317ce92250200a084380c435fc8efb8ee2c110d2cf3d83971014121390fd34cda821763547b0b9d41e8a22408a311436a57df9f4ff10ccd35394afe3b8d0730f96ddb7f7896d2f0e339d6489c847850df9ca662470a35a570533b2b015f76ebc011119f7d835fca9be55c7f32e4cba4d00c357b7299be1e1a441a3bc1dd"], 0x1ac}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x14, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}}, 0x14}, 0x1, 0xfdffffff00000000}, 0x0) 22:36:52 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x4c000000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 299.155971] x86/PAT: syz-executor.4:18290 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 299.169980] FAULT_INJECTION: forcing a failure. [ 299.169980] name failslab, interval 1, probability 0, space 0, times 0 [ 299.195742] CPU: 0 PID: 18405 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 299.202721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 299.212082] Call Trace: [ 299.214682] dump_stack+0x172/0x1f0 [ 299.218335] should_fail.cold+0xa/0x1b [ 299.222261] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 299.227373] ? lock_downgrade+0x880/0x880 [ 299.231539] __should_failslab+0x121/0x190 [ 299.235783] should_failslab+0x9/0x14 [ 299.239589] kmem_cache_alloc+0x2ae/0x700 [ 299.243738] ? anon_vma_clone+0x320/0x480 [ 299.247905] anon_vma_fork+0x1ea/0x4a0 [ 299.251792] ? dup_userfaultfd+0x15e/0x6c0 [ 299.256040] copy_process.part.0+0x34e5/0x7a30 [ 299.260650] ? __cleanup_sighand+0x70/0x70 [ 299.264883] ? lock_downgrade+0x880/0x880 [ 299.269044] ? kasan_check_write+0x14/0x20 [ 299.273282] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 299.278140] _do_fork+0x257/0xfd0 [ 299.281601] ? fork_idle+0x1d0/0x1d0 [ 299.285319] ? fput+0x128/0x1a0 [ 299.288610] ? ksys_write+0x1f1/0x2d0 [ 299.292425] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 299.297190] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 299.301948] ? do_syscall_64+0x26/0x620 22:36:52 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x0, 0x0) [ 299.305926] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 299.311295] ? do_syscall_64+0x26/0x620 [ 299.315280] __x64_sys_clone+0xbf/0x150 [ 299.319259] do_syscall_64+0xfd/0x620 [ 299.323059] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 299.328232] RIP: 0033:0x459a59 [ 299.331406] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 22:36:52 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x7ffff, 0x0, 0x0, 0x0, 0x0) 22:36:52 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0xf00, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 299.350331] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 299.358029] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 299.365294] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 299.372547] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 299.379799] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 299.387049] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 [ 299.425338] x86/PAT: syz-executor.2:18405 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 299.488722] x86/PAT: syz-executor.2:18405 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:52 executing program 2 (fault-call:9 fault-nth:23): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:52 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x1100, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 299.541639] x86/PAT: syz-executor.4:18424 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:36:52 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x68000000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:52 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/route\x00') preadv(0xffffffffffffffff, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r0, 0x800448d3, &(0x7f0000000500)={{0x7, 0x1, 0x0, 0x8, 0x4, 0x9}, 0x9, 0x557, 0x9d07, 0x7ff, 0x81, "3d9c313f7c083054e060bc8577119d4c0d8d1fe17d1c80768e993c0a36eaf10b664fc6dcd4bab9809610be96ffeba41a4d582dde93380f94fd945eaafa35bee79cc889535e7d915f1ac7a4664f3015f7d9d62751cb070e6c2da59b78026379681a4614edc19e9cf804ce2c11589a37e5997afe190137ee7d24ddfbd8da6d0ee8"}) r1 = perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0, 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r1, 0x0) read(r2, &(0x7f0000367fe4)=""/91, 0x275) perf_event_open(&(0x7f00000005c0)={0x4, 0x70, 0x6, 0x1, 0x3, 0x8, 0x0, 0x3, 0x10020, 0xd, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, 0x6, @perf_bp={&(0x7f0000000140)}, 0xf8b5e8d57695e2c, 0x3, 0x6, 0x9, 0x6, 0x5, 0x9}, 0x0, 0x10, r2, 0x9) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x6, 0x0) mount(&(0x7f0000000200)=@md0='/dev/md0\x00', &(0x7f0000000640)='./file0\x00', &(0x7f0000000680)='ext2\x00', 0x20000, &(0x7f00000006c0)='\x00') setsockopt$inet6_int(r3, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) r4 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r4, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) bind$inet6(r4, &(0x7f0000000700)={0xa, 0x4e24, 0x6, @dev={0xfe, 0x80, [], 0x25}}, 0x1c) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) ioctl$FS_IOC_MEASURE_VERITY(r3, 0xc0046686, &(0x7f0000000040)={0x1, 0x99, "b7ee1280b2c610ee889637239696ab159f50a7512558f6abb458cdcc16f78930a82a4826cbf13468d177861e97bb5ae0c149682300053f1aa094f2679d5fec6ab45d3aaa9fd58d2f9ad452532ccfc3e585f37ff5007625cae503fa175b72a4ee90b4bbd9d62fddb84bdaf32102a28f8a80fa0b8348414c83c8b93f5f7dab9257524f73021b1fb291e432aa83d40a42d2299f9c41ca6dfc9203"}) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="ac010000170001000000000000000000e0000001000000000000000000000000000000000000000000000000000000000000ffffac1414007f0000010000000000000000000000000000000000000000000000000000000100"/104, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000e000000100000000000000000000000000000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000084000500fe8000000000000000000000000000bb000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000d24639b3899290965e8add75ed0afdd8000000003c000000000000007f0000010000000000000000000000000000000000000000000000000000000000000000f3fee85cb8e09931a3c49bb1540317ce92250200a084380c435fc8efb8ee2c110d2cf3d83971014121390fd34cda821763547b0b9d41e8a22408a311436a57df9f4ff10ccd35394afe3b8d0730f96ddb7f7896d2f0e339d6489c847850df9ca662470a35a570533b2b015f76ebc011119f7d835fca9be55c7f32e4cba4d00c357b7299be1e1a441a3bc1dd"], 0x1ac}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x14, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}}, 0x14}, 0x1, 0xfdffffff00000000}, 0x0) [ 299.682905] x86/PAT: syz-executor.2:18564 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 299.717960] x86/PAT: syz-executor.4:18420 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:36:52 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x0, 0x0) [ 299.760255] FAULT_INJECTION: forcing a failure. [ 299.760255] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 299.785695] x86/PAT: syz-executor.4:18420 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 299.794590] CPU: 1 PID: 18564 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 299.801542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 299.810903] Call Trace: [ 299.813515] dump_stack+0x172/0x1f0 [ 299.817150] should_fail.cold+0xa/0x1b [ 299.821065] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 299.826185] ? __might_sleep+0x95/0x190 [ 299.830172] __alloc_pages_nodemask+0x1ee/0x750 [ 299.834854] ? __alloc_pages_slowpath+0x2870/0x2870 [ 299.839883] ? kasan_slab_alloc+0xf/0x20 [ 299.843957] ? kmem_cache_alloc+0x12e/0x700 [ 299.848284] ? anon_vma_fork+0x1ea/0x4a0 [ 299.852357] ? __lock_acquire+0x6ee/0x49c0 [ 299.856600] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 299.862154] alloc_pages_current+0x107/0x210 [ 299.866578] get_zeroed_page+0x14/0x50 [ 299.870477] __pud_alloc+0x3b/0x250 [ 299.874112] pud_alloc+0xde/0x150 [ 299.877573] copy_page_range+0x37a/0x1f90 [ 299.881728] ? anon_vma_fork+0x371/0x4a0 [ 299.885800] ? find_held_lock+0x35/0x130 [ 299.889864] ? anon_vma_fork+0x371/0x4a0 [ 299.893931] ? copy_process.part.0+0x30f9/0x7a30 [ 299.898693] ? copy_process.part.0+0x30f9/0x7a30 [ 299.903454] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 299.903472] ? pmd_alloc+0x180/0x180 [ 299.912187] ? __vma_link_rb+0x279/0x370 [ 299.916249] copy_process.part.0+0x543d/0x7a30 [ 299.916286] ? __cleanup_sighand+0x70/0x70 [ 299.925093] ? lock_downgrade+0x880/0x880 [ 299.925118] ? kasan_check_write+0x14/0x20 [ 299.933478] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 299.938338] _do_fork+0x257/0xfd0 [ 299.941804] ? fork_idle+0x1d0/0x1d0 [ 299.945522] ? fput+0x128/0x1a0 [ 299.948807] ? ksys_write+0x1f1/0x2d0 [ 299.952622] ? trace_hardirqs_on_thunk+0x1a/0x1c 22:36:52 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x2000, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:53 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x2c01, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 299.957379] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 299.957396] ? do_syscall_64+0x26/0x620 [ 299.957413] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 299.957427] ? do_syscall_64+0x26/0x620 [ 299.957446] __x64_sys_clone+0xbf/0x150 [ 299.957464] do_syscall_64+0xfd/0x620 [ 299.957483] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 299.957494] RIP: 0033:0x459a59 22:36:53 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x80000, 0x0, 0x0, 0x0, 0x0) 22:36:53 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x6c000000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 299.957508] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 299.957516] RSP: 002b:00007fae07356c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 299.957531] RAX: ffffffffffffffda RBX: 00007fae07356c90 RCX: 0000000000459a59 [ 299.957538] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 299.957545] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 299.957556] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073576d4 [ 299.971614] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 [ 299.983603] x86/PAT: syz-executor.2:18564 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:36:53 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x3f00, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:53 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x74000000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 300.212346] x86/PAT: syz-executor.2:18564 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:53 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0xfffff, 0x0, 0x0, 0x0, 0x0) 22:36:53 executing program 2 (fault-call:9 fault-nth:24): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:53 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x4000, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:53 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x7a000000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 300.423796] x86/PAT: syz-executor.4:18773 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 300.497480] x86/PAT: syz-executor.2:18782 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:36:53 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/route\x00') preadv(0xffffffffffffffff, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r0, 0x800448d3, &(0x7f0000000500)={{0x7, 0x1, 0x0, 0x8, 0x4, 0x9}, 0x9, 0x557, 0x9d07, 0x7ff, 0x81, "3d9c313f7c083054e060bc8577119d4c0d8d1fe17d1c80768e993c0a36eaf10b664fc6dcd4bab9809610be96ffeba41a4d582dde93380f94fd945eaafa35bee79cc889535e7d915f1ac7a4664f3015f7d9d62751cb070e6c2da59b78026379681a4614edc19e9cf804ce2c11589a37e5997afe190137ee7d24ddfbd8da6d0ee8"}) r1 = perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0, 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r1, 0x0) read(r2, &(0x7f0000367fe4)=""/91, 0x275) perf_event_open(&(0x7f00000005c0)={0x4, 0x70, 0x6, 0x1, 0x3, 0x8, 0x0, 0x3, 0x10020, 0xd, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, 0x6, @perf_bp={&(0x7f0000000140)}, 0xf8b5e8d57695e2c, 0x3, 0x6, 0x9, 0x6, 0x5, 0x9}, 0x0, 0x10, r2, 0x9) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x6, 0x0) mount(&(0x7f0000000200)=@md0='/dev/md0\x00', &(0x7f0000000640)='./file0\x00', &(0x7f0000000680)='ext2\x00', 0x20000, &(0x7f00000006c0)='\x00') setsockopt$inet6_int(r3, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) r4 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r4, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) bind$inet6(r4, &(0x7f0000000700)={0xa, 0x4e24, 0x6, @dev={0xfe, 0x80, [], 0x25}}, 0x1c) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) ioctl$FS_IOC_MEASURE_VERITY(r3, 0xc0046686, &(0x7f0000000040)={0x1, 0x99, "b7ee1280b2c610ee889637239696ab159f50a7512558f6abb458cdcc16f78930a82a4826cbf13468d177861e97bb5ae0c149682300053f1aa094f2679d5fec6ab45d3aaa9fd58d2f9ad452532ccfc3e585f37ff5007625cae503fa175b72a4ee90b4bbd9d62fddb84bdaf32102a28f8a80fa0b8348414c83c8b93f5f7dab9257524f73021b1fb291e432aa83d40a42d2299f9c41ca6dfc9203"}) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="ac010000170001000000000000000000e0000001000000000000000000000000000000000000000000000000000000000000ffffac1414007f0000010000000000000000000000000000000000000000000000000000000100"/104, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000e000000100000000000000000000000000000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000084000500fe8000000000000000000000000000bb000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000d24639b3899290965e8add75ed0afdd8000000003c000000000000007f0000010000000000000000000000000000000000000000000000000000000000000000f3fee85cb8e09931a3c49bb1540317ce92250200a084380c435fc8efb8ee2c110d2cf3d83971014121390fd34cda821763547b0b9d41e8a22408a311436a57df9f4ff10ccd35394afe3b8d0730f96ddb7f7896d2f0e339d6489c847850df9ca662470a35a570533b2b015f76ebc011119f7d835fca9be55c7f32e4cba4d00c357b7299be1e1a441a3bc1dd"], 0x1ac}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x14, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}}, 0x14}, 0x1, 0xfdffffff00000000}, 0x0) 22:36:53 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x0, 0x0) 22:36:53 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x6000, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:53 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x7fffeefa}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 300.547004] FAULT_INJECTION: forcing a failure. [ 300.547004] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 300.597161] x86/PAT: syz-executor.4:18771 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 300.630601] CPU: 0 PID: 18825 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 300.637586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 300.642080] x86/PAT: syz-executor.4:18771 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 300.646943] Call Trace: [ 300.646965] dump_stack+0x172/0x1f0 [ 300.646988] should_fail.cold+0xa/0x1b [ 300.647006] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 300.647025] ? __might_sleep+0x95/0x190 [ 300.647043] __alloc_pages_nodemask+0x1ee/0x750 [ 300.647055] ? __pud_alloc+0x1d3/0x250 [ 300.647072] ? __alloc_pages_slowpath+0x2870/0x2870 [ 300.688416] ? __pud_alloc+0x1d3/0x250 [ 300.692317] ? lock_downgrade+0x880/0x880 22:36:53 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x100000, 0x0, 0x0, 0x0, 0x0) [ 300.696479] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 300.702030] alloc_pages_current+0x107/0x210 [ 300.706446] ? do_raw_spin_unlock+0x57/0x270 [ 300.710866] __pmd_alloc+0x41/0x460 [ 300.714494] ? pmd_val+0x100/0x100 [ 300.718044] pmd_alloc+0x10c/0x180 [ 300.721598] copy_page_range+0x633/0x1f90 [ 300.725750] ? anon_vma_fork+0x371/0x4a0 [ 300.729828] ? find_held_lock+0x35/0x130 [ 300.733895] ? anon_vma_fork+0x371/0x4a0 [ 300.737993] ? copy_process.part.0+0x30f9/0x7a30 [ 300.742761] ? __sanitizer_cov_trace_cmp8+0x18/0x20 22:36:53 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/route\x00') preadv(0xffffffffffffffff, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r0, 0x800448d3, &(0x7f0000000500)={{0x7, 0x1, 0x0, 0x8, 0x4, 0x9}, 0x9, 0x557, 0x9d07, 0x7ff, 0x81, "3d9c313f7c083054e060bc8577119d4c0d8d1fe17d1c80768e993c0a36eaf10b664fc6dcd4bab9809610be96ffeba41a4d582dde93380f94fd945eaafa35bee79cc889535e7d915f1ac7a4664f3015f7d9d62751cb070e6c2da59b78026379681a4614edc19e9cf804ce2c11589a37e5997afe190137ee7d24ddfbd8da6d0ee8"}) r1 = perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0, 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r1, 0x0) read(r2, &(0x7f0000367fe4)=""/91, 0x275) perf_event_open(&(0x7f00000005c0)={0x4, 0x70, 0x6, 0x1, 0x3, 0x8, 0x0, 0x3, 0x10020, 0xd, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, 0x6, @perf_bp={&(0x7f0000000140)}, 0xf8b5e8d57695e2c, 0x3, 0x6, 0x9, 0x6, 0x5, 0x9}, 0x0, 0x10, r2, 0x9) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x6, 0x0) mount(&(0x7f0000000200)=@md0='/dev/md0\x00', &(0x7f0000000640)='./file0\x00', &(0x7f0000000680)='ext2\x00', 0x20000, &(0x7f00000006c0)='\x00') setsockopt$inet6_int(r3, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) r4 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r4, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) bind$inet6(r4, &(0x7f0000000700)={0xa, 0x4e24, 0x6, @dev={0xfe, 0x80, [], 0x25}}, 0x1c) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) ioctl$FS_IOC_MEASURE_VERITY(r3, 0xc0046686, &(0x7f0000000040)={0x1, 0x99, "b7ee1280b2c610ee889637239696ab159f50a7512558f6abb458cdcc16f78930a82a4826cbf13468d177861e97bb5ae0c149682300053f1aa094f2679d5fec6ab45d3aaa9fd58d2f9ad452532ccfc3e585f37ff5007625cae503fa175b72a4ee90b4bbd9d62fddb84bdaf32102a28f8a80fa0b8348414c83c8b93f5f7dab9257524f73021b1fb291e432aa83d40a42d2299f9c41ca6dfc9203"}) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="ac010000170001000000000000000000e0000001000000000000000000000000000000000000000000000000000000000000ffffac1414007f0000010000000000000000000000000000000000000000000000000000000100"/104, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000e000000100000000000000000000000000000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000084000500fe8000000000000000000000000000bb000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000d24639b3899290965e8add75ed0afdd8000000003c000000000000007f0000010000000000000000000000000000000000000000000000000000000000000000f3fee85cb8e09931a3c49bb1540317ce92250200a084380c435fc8efb8ee2c110d2cf3d83971014121390fd34cda821763547b0b9d41e8a22408a311436a57df9f4ff10ccd35394afe3b8d0730f96ddb7f7896d2f0e339d6489c847850df9ca662470a35a570533b2b015f76ebc011119f7d835fca9be55c7f32e4cba4d00c357b7299be1e1a441a3bc1dd"], 0x1ac}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x14, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}}, 0x14}, 0x1, 0xfdffffff00000000}, 0x0) 22:36:53 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x80fe, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 300.747790] ? pmd_alloc+0x180/0x180 [ 300.751516] ? __vma_link_rb+0x279/0x370 [ 300.755596] copy_process.part.0+0x543d/0x7a30 [ 300.760215] ? __cleanup_sighand+0x70/0x70 [ 300.764456] ? lock_downgrade+0x880/0x880 [ 300.768639] ? kasan_check_write+0x14/0x20 [ 300.772884] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 300.777998] _do_fork+0x257/0xfd0 [ 300.781469] ? fork_idle+0x1d0/0x1d0 [ 300.785190] ? fput+0x128/0x1a0 [ 300.788484] ? ksys_write+0x1f1/0x2d0 [ 300.792295] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 300.792311] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 300.792329] ? do_syscall_64+0x26/0x620 [ 300.805790] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 300.805806] ? do_syscall_64+0x26/0x620 [ 300.805824] __x64_sys_clone+0xbf/0x150 [ 300.805841] do_syscall_64+0xfd/0x620 [ 300.805857] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 300.805868] RIP: 0033:0x459a59 [ 300.805880] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 300.805891] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 [ 300.822951] ORIG_RAX: 0000000000000038 [ 300.822962] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 300.822970] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 300.822979] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 300.822988] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 300.822996] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 22:36:54 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0xc005, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:54 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x7fffefbc}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 300.907819] x86/PAT: syz-executor.2:18825 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 300.976579] x86/PAT: syz-executor.4:18910 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 301.007010] x86/PAT: syz-executor.2:18825 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:54 executing program 2 (fault-call:9 fault-nth:25): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:54 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0xc0fe, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:54 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x7ffff000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 301.148997] x86/PAT: syz-executor.2:18930 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:36:54 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/route\x00') preadv(0xffffffffffffffff, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r0, 0x800448d3, &(0x7f0000000500)={{0x7, 0x1, 0x0, 0x8, 0x4, 0x9}, 0x9, 0x557, 0x9d07, 0x7ff, 0x81, "3d9c313f7c083054e060bc8577119d4c0d8d1fe17d1c80768e993c0a36eaf10b664fc6dcd4bab9809610be96ffeba41a4d582dde93380f94fd945eaafa35bee79cc889535e7d915f1ac7a4664f3015f7d9d62751cb070e6c2da59b78026379681a4614edc19e9cf804ce2c11589a37e5997afe190137ee7d24ddfbd8da6d0ee8"}) r1 = perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0, 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r1, 0x0) read(r2, &(0x7f0000367fe4)=""/91, 0x275) perf_event_open(&(0x7f00000005c0)={0x4, 0x70, 0x6, 0x1, 0x3, 0x8, 0x0, 0x3, 0x10020, 0xd, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, 0x6, @perf_bp={&(0x7f0000000140)}, 0xf8b5e8d57695e2c, 0x3, 0x6, 0x9, 0x6, 0x5, 0x9}, 0x0, 0x10, r2, 0x9) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x6, 0x0) mount(&(0x7f0000000200)=@md0='/dev/md0\x00', &(0x7f0000000640)='./file0\x00', &(0x7f0000000680)='ext2\x00', 0x20000, &(0x7f00000006c0)='\x00') setsockopt$inet6_int(r3, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) r4 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r4, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) bind$inet6(r4, &(0x7f0000000700)={0xa, 0x4e24, 0x6, @dev={0xfe, 0x80, [], 0x25}}, 0x1c) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) ioctl$FS_IOC_MEASURE_VERITY(r3, 0xc0046686, &(0x7f0000000040)={0x1, 0x99, "b7ee1280b2c610ee889637239696ab159f50a7512558f6abb458cdcc16f78930a82a4826cbf13468d177861e97bb5ae0c149682300053f1aa094f2679d5fec6ab45d3aaa9fd58d2f9ad452532ccfc3e585f37ff5007625cae503fa175b72a4ee90b4bbd9d62fddb84bdaf32102a28f8a80fa0b8348414c83c8b93f5f7dab9257524f73021b1fb291e432aa83d40a42d2299f9c41ca6dfc9203"}) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="ac010000170001000000000000000000e0000001000000000000000000000000000000000000000000000000000000000000ffffac1414007f0000010000000000000000000000000000000000000000000000000000000100"/104, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000e000000100000000000000000000000000000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000084000500fe8000000000000000000000000000bb000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000d24639b3899290965e8add75ed0afdd8000000003c000000000000007f0000010000000000000000000000000000000000000000000000000000000000000000f3fee85cb8e09931a3c49bb1540317ce92250200a084380c435fc8efb8ee2c110d2cf3d83971014121390fd34cda821763547b0b9d41e8a22408a311436a57df9f4ff10ccd35394afe3b8d0730f96ddb7f7896d2f0e339d6489c847850df9ca662470a35a570533b2b015f76ebc011119f7d835fca9be55c7f32e4cba4d00c357b7299be1e1a441a3bc1dd"], 0x1ac}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x14, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}}, 0x14}, 0x1, 0xfdffffff00000000}, 0x0) 22:36:54 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0xc405, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 301.197861] FAULT_INJECTION: forcing a failure. [ 301.197861] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 301.246283] x86/PAT: syz-executor.4:18910 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:36:54 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/route\x00') preadv(0xffffffffffffffff, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r0, 0x800448d3, &(0x7f0000000500)={{0x7, 0x1, 0x0, 0x8, 0x4, 0x9}, 0x9, 0x557, 0x9d07, 0x7ff, 0x81, "3d9c313f7c083054e060bc8577119d4c0d8d1fe17d1c80768e993c0a36eaf10b664fc6dcd4bab9809610be96ffeba41a4d582dde93380f94fd945eaafa35bee79cc889535e7d915f1ac7a4664f3015f7d9d62751cb070e6c2da59b78026379681a4614edc19e9cf804ce2c11589a37e5997afe190137ee7d24ddfbd8da6d0ee8"}) r1 = perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0, 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r1, 0x0) read(r2, &(0x7f0000367fe4)=""/91, 0x275) perf_event_open(&(0x7f00000005c0)={0x4, 0x70, 0x6, 0x1, 0x3, 0x8, 0x0, 0x3, 0x10020, 0xd, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, 0x6, @perf_bp={&(0x7f0000000140)}, 0xf8b5e8d57695e2c, 0x3, 0x6, 0x9, 0x6, 0x5, 0x9}, 0x0, 0x10, r2, 0x9) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x6, 0x0) mount(&(0x7f0000000200)=@md0='/dev/md0\x00', &(0x7f0000000640)='./file0\x00', &(0x7f0000000680)='ext2\x00', 0x20000, &(0x7f00000006c0)='\x00') setsockopt$inet6_int(r3, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) r4 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r4, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) bind$inet6(r4, &(0x7f0000000700)={0xa, 0x4e24, 0x6, @dev={0xfe, 0x80, [], 0x25}}, 0x1c) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) ioctl$FS_IOC_MEASURE_VERITY(r3, 0xc0046686, &(0x7f0000000040)={0x1, 0x99, "b7ee1280b2c610ee889637239696ab159f50a7512558f6abb458cdcc16f78930a82a4826cbf13468d177861e97bb5ae0c149682300053f1aa094f2679d5fec6ab45d3aaa9fd58d2f9ad452532ccfc3e585f37ff5007625cae503fa175b72a4ee90b4bbd9d62fddb84bdaf32102a28f8a80fa0b8348414c83c8b93f5f7dab9257524f73021b1fb291e432aa83d40a42d2299f9c41ca6dfc9203"}) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="ac010000170001000000000000000000e0000001000000000000000000000000000000000000000000000000000000000000ffffac1414007f0000010000000000000000000000000000000000000000000000000000000100"/104, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000e000000100000000000000000000000000000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000084000500fe8000000000000000000000000000bb000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000d24639b3899290965e8add75ed0afdd8000000003c000000000000007f0000010000000000000000000000000000000000000000000000000000000000000000f3fee85cb8e09931a3c49bb1540317ce92250200a084380c435fc8efb8ee2c110d2cf3d83971014121390fd34cda821763547b0b9d41e8a22408a311436a57df9f4ff10ccd35394afe3b8d0730f96ddb7f7896d2f0e339d6489c847850df9ca662470a35a570533b2b015f76ebc011119f7d835fca9be55c7f32e4cba4d00c357b7299be1e1a441a3bc1dd"], 0x1ac}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x14, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}}, 0x14}, 0x1, 0xfdffffff00000000}, 0x0) [ 301.288391] CPU: 0 PID: 18976 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 301.295394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 301.304777] Call Trace: [ 301.304801] dump_stack+0x172/0x1f0 [ 301.304823] should_fail.cold+0xa/0x1b [ 301.304841] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 301.304859] ? __might_sleep+0x95/0x190 [ 301.304876] __alloc_pages_nodemask+0x1ee/0x750 [ 301.304891] ? find_held_lock+0x35/0x130 [ 301.304906] ? __alloc_pages_slowpath+0x2870/0x2870 22:36:54 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0xbcefff7f}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 301.314998] ? lock_downgrade+0x880/0x880 [ 301.315017] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 301.315037] alloc_pages_current+0x107/0x210 [ 301.315057] pte_alloc_one+0x1b/0x1a0 [ 301.315072] __pte_alloc+0x2a/0x360 [ 301.315093] copy_page_range+0x151f/0x1f90 [ 301.363540] ? anon_vma_fork+0x371/0x4a0 [ 301.367614] ? find_held_lock+0x35/0x130 [ 301.367632] ? anon_vma_fork+0x371/0x4a0 [ 301.367651] ? copy_process.part.0+0x30f9/0x7a30 [ 301.367673] ? pmd_alloc+0x180/0x180 [ 301.375864] ? __vma_link_rb+0x279/0x370 [ 301.375885] copy_process.part.0+0x543d/0x7a30 [ 301.375923] ? __cleanup_sighand+0x70/0x70 [ 301.375935] ? lock_downgrade+0x880/0x880 [ 301.375962] ? kasan_check_write+0x14/0x20 [ 301.384425] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 301.393044] _do_fork+0x257/0xfd0 [ 301.393063] ? fork_idle+0x1d0/0x1d0 [ 301.393077] ? fput+0x128/0x1a0 [ 301.393093] ? ksys_write+0x1f1/0x2d0 [ 301.401475] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 301.401492] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 301.401506] ? do_syscall_64+0x26/0x620 [ 301.401524] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 301.410573] ? do_syscall_64+0x26/0x620 [ 301.410594] __x64_sys_clone+0xbf/0x150 [ 301.410610] do_syscall_64+0xfd/0x620 [ 301.410629] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 301.417757] RIP: 0033:0x459a59 [ 301.417773] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 301.417782] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 301.417798] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 301.417806] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 301.417817] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 301.417825] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 301.417833] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 [ 301.470883] x86/PAT: syz-executor.2:18976 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:36:54 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x200000, 0x0, 0x0, 0x0, 0x0) 22:36:54 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0xfc00, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:54 executing program 2 (fault-call:9 fault-nth:26): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 301.483472] x86/PAT: syz-executor.4:18910 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 301.507250] x86/PAT: syz-executor.2:18976 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:54 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0xfe80, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 301.680214] x86/PAT: syz-executor.2:19053 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 301.709247] FAULT_INJECTION: forcing a failure. [ 301.709247] name failslab, interval 1, probability 0, space 0, times 0 22:36:54 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0xfaeeff7f}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 301.740618] CPU: 0 PID: 19053 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 301.747590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 301.756942] Call Trace: [ 301.756965] dump_stack+0x172/0x1f0 [ 301.756987] should_fail.cold+0xa/0x1b [ 301.757006] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 301.757022] ? lock_downgrade+0x880/0x880 [ 301.757044] __should_failslab+0x121/0x190 [ 301.757063] should_failslab+0x9/0x14 [ 301.780607] kmem_cache_alloc+0x2ae/0x700 [ 301.780625] ? alloc_pages_current+0x10f/0x210 [ 301.780644] ? do_raw_spin_unlock+0x57/0x270 [ 301.788577] __pmd_alloc+0xc9/0x460 [ 301.797533] ? pmd_val+0x100/0x100 [ 301.797549] pmd_alloc+0x10c/0x180 [ 301.797567] copy_page_range+0x633/0x1f90 [ 301.797580] ? anon_vma_fork+0x371/0x4a0 [ 301.797597] ? find_held_lock+0x35/0x130 [ 301.797611] ? anon_vma_fork+0x371/0x4a0 [ 301.797630] ? copy_process.part.0+0x30f9/0x7a30 [ 301.812549] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 301.812569] ? pmd_alloc+0x180/0x180 [ 301.820669] ? __vma_link_rb+0x279/0x370 [ 301.820693] copy_process.part.0+0x543d/0x7a30 [ 301.834508] ? __cleanup_sighand+0x70/0x70 [ 301.834526] ? lock_downgrade+0x880/0x880 [ 301.834550] ? kasan_check_write+0x14/0x20 [ 301.834564] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 301.834579] _do_fork+0x257/0xfd0 [ 301.834595] ? fork_idle+0x1d0/0x1d0 [ 301.834609] ? fput+0x128/0x1a0 [ 301.834627] ? ksys_write+0x1f1/0x2d0 [ 301.851188] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 301.851200] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 301.851215] ? do_syscall_64+0x26/0x620 [ 301.858277] x86/PAT: syz-executor.4:19056 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 301.859575] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 301.859594] ? do_syscall_64+0x26/0x620 [ 301.910011] __x64_sys_clone+0xbf/0x150 [ 301.913977] do_syscall_64+0xfd/0x620 [ 301.917769] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 301.922944] RIP: 0033:0x459a59 [ 301.926214] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 301.945111] RSP: 002b:00007fae07356c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 301.952814] RAX: ffffffffffffffda RBX: 00007fae07356c90 RCX: 0000000000459a59 [ 301.960071] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 301.967334] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 301.974593] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073576d4 [ 301.981859] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 22:36:55 executing program 2 (fault-call:9 fault-nth:27): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 302.036234] x86/PAT: syz-executor.4:19056 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:36:55 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/route\x00') preadv(0xffffffffffffffff, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r0, 0x800448d3, &(0x7f0000000500)={{0x7, 0x1, 0x0, 0x8, 0x4, 0x9}, 0x9, 0x557, 0x9d07, 0x7ff, 0x81, "3d9c313f7c083054e060bc8577119d4c0d8d1fe17d1c80768e993c0a36eaf10b664fc6dcd4bab9809610be96ffeba41a4d582dde93380f94fd945eaafa35bee79cc889535e7d915f1ac7a4664f3015f7d9d62751cb070e6c2da59b78026379681a4614edc19e9cf804ce2c11589a37e5997afe190137ee7d24ddfbd8da6d0ee8"}) r1 = perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0, 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r1, 0x0) read(r2, &(0x7f0000367fe4)=""/91, 0x275) perf_event_open(&(0x7f00000005c0)={0x4, 0x70, 0x6, 0x1, 0x3, 0x8, 0x0, 0x3, 0x10020, 0xd, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, 0x6, @perf_bp={&(0x7f0000000140)}, 0xf8b5e8d57695e2c, 0x3, 0x6, 0x9, 0x6, 0x5, 0x9}, 0x0, 0x10, r2, 0x9) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x6, 0x0) mount(&(0x7f0000000200)=@md0='/dev/md0\x00', &(0x7f0000000640)='./file0\x00', &(0x7f0000000680)='ext2\x00', 0x20000, &(0x7f00000006c0)='\x00') setsockopt$inet6_int(r3, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) r4 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r4, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) bind$inet6(r4, &(0x7f0000000700)={0xa, 0x4e24, 0x6, @dev={0xfe, 0x80, [], 0x25}}, 0x1c) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) ioctl$FS_IOC_MEASURE_VERITY(r3, 0xc0046686, &(0x7f0000000040)={0x1, 0x99, "b7ee1280b2c610ee889637239696ab159f50a7512558f6abb458cdcc16f78930a82a4826cbf13468d177861e97bb5ae0c149682300053f1aa094f2679d5fec6ab45d3aaa9fd58d2f9ad452532ccfc3e585f37ff5007625cae503fa175b72a4ee90b4bbd9d62fddb84bdaf32102a28f8a80fa0b8348414c83c8b93f5f7dab9257524f73021b1fb291e432aa83d40a42d2299f9c41ca6dfc9203"}) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="ac010000170001000000000000000000e0000001000000000000000000000000000000000000000000000000000000000000ffffac1414007f0000010000000000000000000000000000000000000000000000000000000100"/104, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000e000000100000000000000000000000000000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000084000500fe8000000000000000000000000000bb000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000d24639b3899290965e8add75ed0afdd8000000003c000000000000007f0000010000000000000000000000000000000000000000000000000000000000000000f3fee85cb8e09931a3c49bb1540317ce92250200a084380c435fc8efb8ee2c110d2cf3d83971014121390fd34cda821763547b0b9d41e8a22408a311436a57df9f4ff10ccd35394afe3b8d0730f96ddb7f7896d2f0e339d6489c847850df9ca662470a35a570533b2b015f76ebc011119f7d835fca9be55c7f32e4cba4d00c357b7299be1e1a441a3bc1dd"], 0x1ac}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x14, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}}, 0x14}, 0x1, 0xfdffffff00000000}, 0x0) 22:36:55 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0xfec0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 302.164402] x86/PAT: syz-executor.4:19056 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 302.223130] x86/PAT: syz-executor.2:19071 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 302.301286] FAULT_INJECTION: forcing a failure. [ 302.301286] name failslab, interval 1, probability 0, space 0, times 0 [ 302.341390] x86/PAT: syz-executor.4:19054 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 302.354489] CPU: 1 PID: 19106 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 302.361442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 302.361449] Call Trace: [ 302.361470] dump_stack+0x172/0x1f0 [ 302.361491] should_fail.cold+0xa/0x1b [ 302.373432] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 302.373450] ? lock_downgrade+0x880/0x880 [ 302.380941] __should_failslab+0x121/0x190 [ 302.380958] should_failslab+0x9/0x14 [ 302.390168] kmem_cache_alloc+0x2ae/0x700 [ 302.390181] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 302.390198] ? __vm_enough_memory+0x324/0x5a0 [ 302.398196] vm_area_dup+0x21/0x170 [ 302.398213] copy_process.part.0+0x3407/0x7a30 [ 302.407361] ? __cleanup_sighand+0x70/0x70 [ 302.407373] ? lock_downgrade+0x880/0x880 [ 302.407396] ? kasan_check_write+0x14/0x20 [ 302.415476] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 302.415497] _do_fork+0x257/0xfd0 [ 302.415515] ? fork_idle+0x1d0/0x1d0 [ 302.424306] ? fput+0x128/0x1a0 [ 302.424322] ? ksys_write+0x1f1/0x2d0 [ 302.424340] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 302.424356] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 302.432697] ? do_syscall_64+0x26/0x620 [ 302.432711] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 302.432727] ? do_syscall_64+0x26/0x620 [ 302.440980] __x64_sys_clone+0xbf/0x150 [ 302.441002] do_syscall_64+0xfd/0x620 [ 302.447957] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 302.447967] RIP: 0033:0x459a59 [ 302.447983] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 302.456486] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 302.456501] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 302.456510] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 302.456518] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 302.456524] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 302.456535] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 [ 302.470095] x86/PAT: syz-executor.4:19054 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 302.502169] x86/PAT: syz-executor.2:19106 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 302.523055] x86/PAT: syz-executor.2:19106 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:55 executing program 3 (fault-call:6 fault-nth:0): mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x141042, 0x0) 22:36:55 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x7ffffffff000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:55 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x300000, 0x0, 0x0, 0x0, 0x0) 22:36:55 executing program 2 (fault-call:9 fault-nth:28): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:55 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0xff00, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:55 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x10000000000000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 302.692028] x86/PAT: syz-executor.4:19184 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 302.725806] x86/PAT: syz-executor.2:19191 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:36:55 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000080)='./file0\x00', 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$TIOCGISO7816(0xffffffffffffffff, 0x80285442, &(0x7f00000001c0)) setxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='security.capability\x00', &(0x7f0000000240)=@v2={0x2000000, [{0x7fffffff, 0x1}, {0x7, 0x200}]}, 0x14, 0x0) getxattr(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=@known='security.capability\x00', &(0x7f0000227f74)=""/140, 0x8c) [ 302.762339] FAULT_INJECTION: forcing a failure. [ 302.762339] name failslab, interval 1, probability 0, space 0, times 0 22:36:56 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x34000, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 302.805100] FAULT_INJECTION: forcing a failure. [ 302.805100] name failslab, interval 1, probability 0, space 0, times 0 [ 302.814943] CPU: 1 PID: 19191 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 302.823324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 302.832680] Call Trace: [ 302.835282] dump_stack+0x172/0x1f0 [ 302.838933] should_fail.cold+0xa/0x1b [ 302.842848] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 302.847967] ? find_held_lock+0x35/0x130 [ 302.852044] ? percpu_ref_put_many+0x94/0x190 [ 302.856554] __should_failslab+0x121/0x190 [ 302.860797] should_failslab+0x9/0x14 [ 302.864608] kmem_cache_alloc+0x47/0x700 [ 302.868682] ? __lock_is_held+0xb6/0x140 [ 302.872759] anon_vma_clone+0xde/0x480 [ 302.876667] anon_vma_fork+0x8f/0x4a0 [ 302.880475] ? dup_userfaultfd+0x15e/0x6c0 [ 302.884721] ? memcpy+0x46/0x50 [ 302.888018] copy_process.part.0+0x34e5/0x7a30 [ 302.892638] ? __cleanup_sighand+0x70/0x70 [ 302.896880] ? lock_downgrade+0x880/0x880 [ 302.901047] ? kasan_check_write+0x14/0x20 22:36:56 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x40000, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 302.905292] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 302.910153] _do_fork+0x257/0xfd0 [ 302.913621] ? fork_idle+0x1d0/0x1d0 [ 302.917347] ? fput+0x128/0x1a0 [ 302.920639] ? ksys_write+0x1f1/0x2d0 [ 302.924447] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 302.929210] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 302.933968] ? do_syscall_64+0x26/0x620 [ 302.937951] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 302.943321] ? do_syscall_64+0x26/0x620 [ 302.947301] __x64_sys_clone+0xbf/0x150 [ 302.951291] do_syscall_64+0xfd/0x620 22:36:56 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0xf0ff7f00000000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 302.955105] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 302.960298] RIP: 0033:0x459a59 [ 302.963494] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 302.982401] RSP: 002b:00007fae07356c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 302.990117] RAX: ffffffffffffffda RBX: 00007fae07356c90 RCX: 0000000000459a59 [ 302.997396] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 303.004671] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 303.011958] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073576d4 [ 303.019234] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 [ 303.027584] CPU: 0 PID: 19210 Comm: syz-executor.3 Not tainted 4.19.79 #0 [ 303.034540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 303.036791] x86/PAT: syz-executor.4:19183 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 303.043892] Call Trace: [ 303.055129] dump_stack+0x172/0x1f0 [ 303.058775] should_fail.cold+0xa/0x1b [ 303.062686] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 303.063555] x86/PAT: syz-executor.4:19183 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 303.067789] ? lock_downgrade+0x880/0x880 [ 303.067811] __should_failslab+0x121/0x190 [ 303.067833] should_failslab+0x9/0x14 [ 303.067845] __kmalloc+0x2e2/0x750 [ 303.067855] ? __lock_acquire+0x6ee/0x49c0 [ 303.067929] ? get_pid_task+0xd4/0x190 [ 303.067947] ? rw_copy_check_uvector+0x28c/0x330 [ 303.105184] rw_copy_check_uvector+0x28c/0x330 [ 303.109758] ? mark_held_locks+0x100/0x100 [ 303.114055] import_iovec+0xc2/0x3e0 [ 303.117760] ? dup_iter+0x270/0x270 [ 303.121374] ? find_held_lock+0x35/0x130 [ 303.125421] ? __fget+0x340/0x540 [ 303.128866] vfs_readv+0xc6/0x160 [ 303.132305] ? compat_rw_copy_check_uvector+0x400/0x400 [ 303.137657] ? kasan_check_read+0x11/0x20 [ 303.141924] ? __fget+0x367/0x540 [ 303.145375] ? iterate_fd+0x360/0x360 [ 303.149285] ? __fget_light+0x1a9/0x230 [ 303.153261] do_preadv+0x1c4/0x280 [ 303.156797] ? do_readv+0x370/0x370 [ 303.160440] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 303.165198] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 303.169949] ? do_syscall_64+0x26/0x620 [ 303.173915] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 303.179269] ? do_syscall_64+0x26/0x620 [ 303.183247] __x64_sys_preadv+0x9a/0xf0 [ 303.187211] do_syscall_64+0xfd/0x620 [ 303.191003] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 303.196180] RIP: 0033:0x459a59 [ 303.199363] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 303.218249] RSP: 002b:00007f1f24627c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 303.225955] RAX: ffffffffffffffda RBX: 00007f1f24627c90 RCX: 0000000000459a59 [ 303.233208] RDX: 00000000000002a9 RSI: 00000000200009c0 RDI: 0000000000000005 [ 303.240470] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 303.247732] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1f246286d4 22:36:56 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x400000, 0x0, 0x0, 0x0, 0x0) [ 303.254992] R13: 00000000004c6fa7 R14: 00000000004dc6c0 R15: 0000000000000006 22:36:56 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) tkill(0x0, 0x9) r1 = socket$inet6(0xa, 0x802, 0x0) bind$inet6(r1, &(0x7f000000d000)={0xa, 0x4e20}, 0x1c) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRES32, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r2, &(0x7f0000002540), 0x1000) write$FUSE_INIT(r2, &(0x7f0000000080)={0x50, 0x0, 0x1}, 0x50) read$FUSE(r2, &(0x7f0000000480), 0x93f) write$FUSE_ENTRY(r2, &(0x7f0000000280)={0x90, 0x0, 0x2, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000002c0f}}}, 0x90) r3 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r3, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r4 = dup3(r0, r3, 0x80000) ioctl$SG_GET_PACK_ID(r4, 0x227c, &(0x7f0000000100)) ioctl$int_in(r2, 0x5452, &(0x7f00000000c0)) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, 0x0, 0x0) connect$inet6(r1, 0x0, 0x0) syz_emit_ethernet(0x3e, &(0x7f00000001c0)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "50a09c", 0x8, 0xffffff11, 0x0, @remote, @local, {[], @udp={0x0, 0x0, 0x8}}}}}}, 0x0) syz_open_procfs(0x0, 0x0) r5 = openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000600)={'team_slave_0\x00'}) mkdirat(r5, &(0x7f0000000740)='./bus\x00', 0x0) write$FUSE_INIT(r5, &(0x7f0000000140)={0x50, 0x0, 0x0, {0x7, 0x1f, 0xfffffffffffffffd, 0x80, 0x2, 0x0, 0x0, 0x628}}, 0x50) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2}, 0x1c) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) rmdir(&(0x7f0000000200)='./file0\x00') [ 303.303969] x86/PAT: syz-executor.2:19411 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 303.382832] x86/PAT: syz-executor.2:19411 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 303.419024] x86/PAT: syz-executor.4:19421 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:36:56 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x141042, 0x0) 22:36:56 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x100000, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:56 executing program 2 (fault-call:9 fault-nth:29): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:56 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0xf0ffffff7f0000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:56 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x400300, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 303.629434] x86/PAT: syz-executor.2:19434 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:36:56 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x100000000000000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 303.691038] x86/PAT: syz-executor.4:19416 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 303.719346] x86/PAT: syz-executor.4:19416 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 303.719997] FAULT_INJECTION: forcing a failure. [ 303.719997] name failslab, interval 1, probability 0, space 0, times 0 22:36:56 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) tkill(0x0, 0x9) r1 = socket$inet6(0xa, 0x802, 0x0) bind$inet6(r1, &(0x7f000000d000)={0xa, 0x4e20}, 0x1c) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRES32, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r2, &(0x7f0000002540), 0x1000) write$FUSE_INIT(r2, &(0x7f0000000080)={0x50, 0x0, 0x1}, 0x50) read$FUSE(r2, &(0x7f0000000480), 0x93f) write$FUSE_ENTRY(r2, &(0x7f0000000280)={0x90, 0x0, 0x2, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000002c0f}}}, 0x90) r3 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r3, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r4 = dup3(r0, r3, 0x80000) ioctl$SG_GET_PACK_ID(r4, 0x227c, &(0x7f0000000100)) ioctl$int_in(r2, 0x5452, &(0x7f00000000c0)) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, 0x0, 0x0) connect$inet6(r1, 0x0, 0x0) syz_emit_ethernet(0x3e, &(0x7f00000001c0)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "50a09c", 0x8, 0xffffff11, 0x0, @remote, @local, {[], @udp={0x0, 0x0, 0x8}}}}}}, 0x0) syz_open_procfs(0x0, 0x0) r5 = openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000600)={'team_slave_0\x00'}) mkdirat(r5, &(0x7f0000000740)='./bus\x00', 0x0) write$FUSE_INIT(r5, &(0x7f0000000140)={0x50, 0x0, 0x0, {0x7, 0x1f, 0xfffffffffffffffd, 0x80, 0x2, 0x0, 0x0, 0x628}}, 0x50) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2}, 0x1c) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) rmdir(&(0x7f0000000200)='./file0\x00') 22:36:56 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x6b6b6b, 0x0, 0x0, 0x0, 0x0) [ 303.826100] CPU: 0 PID: 19434 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 303.833088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 303.842448] Call Trace: [ 303.845052] dump_stack+0x172/0x1f0 [ 303.848694] should_fail.cold+0xa/0x1b [ 303.852600] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 303.857729] ? find_held_lock+0x35/0x130 [ 303.861808] ? percpu_ref_put_many+0x94/0x190 [ 303.866320] __should_failslab+0x121/0x190 [ 303.870569] should_failslab+0x9/0x14 [ 303.874372] kmem_cache_alloc+0x47/0x700 [ 303.878444] ? __lock_is_held+0xb6/0x140 [ 303.882523] anon_vma_clone+0xde/0x480 [ 303.886427] anon_vma_fork+0x8f/0x4a0 [ 303.890232] ? dup_userfaultfd+0x15e/0x6c0 [ 303.894469] ? memcpy+0x46/0x50 [ 303.897758] copy_process.part.0+0x34e5/0x7a30 [ 303.902370] ? __cleanup_sighand+0x70/0x70 [ 303.906611] ? lock_downgrade+0x880/0x880 [ 303.910775] ? kasan_check_write+0x14/0x20 [ 303.915018] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 303.919872] _do_fork+0x257/0xfd0 [ 303.923333] ? fork_idle+0x1d0/0x1d0 [ 303.927049] ? fput+0x128/0x1a0 [ 303.930340] ? ksys_write+0x1f1/0x2d0 [ 303.934149] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 303.938908] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 303.943671] ? do_syscall_64+0x26/0x620 [ 303.947647] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 303.953012] ? do_syscall_64+0x26/0x620 [ 303.956994] __x64_sys_clone+0xbf/0x150 [ 303.960975] do_syscall_64+0xfd/0x620 [ 303.964797] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 303.969985] RIP: 0033:0x459a59 [ 303.973182] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 303.992092] RSP: 002b:00007fae07356c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 303.999818] RAX: ffffffffffffffda RBX: 00007fae07356c90 RCX: 0000000000459a59 [ 304.007095] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 304.014375] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 22:36:57 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x141042, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)={&(0x7f0000000000)='./file0\x00', 0x0, 0x10}, 0x10) 22:36:57 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x200000000000000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:57 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x1000000, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:57 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) tkill(0x0, 0x9) r1 = socket$inet6(0xa, 0x802, 0x0) bind$inet6(r1, &(0x7f000000d000)={0xa, 0x4e20}, 0x1c) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRES32, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r2, &(0x7f0000002540), 0x1000) write$FUSE_INIT(r2, &(0x7f0000000080)={0x50, 0x0, 0x1}, 0x50) read$FUSE(r2, &(0x7f0000000480), 0x93f) write$FUSE_ENTRY(r2, &(0x7f0000000280)={0x90, 0x0, 0x2, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000002c0f}}}, 0x90) r3 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r3, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r4 = dup3(r0, r3, 0x80000) ioctl$SG_GET_PACK_ID(r4, 0x227c, &(0x7f0000000100)) ioctl$int_in(r2, 0x5452, &(0x7f00000000c0)) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, 0x0, 0x0) connect$inet6(r1, 0x0, 0x0) syz_emit_ethernet(0x3e, &(0x7f00000001c0)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "50a09c", 0x8, 0xffffff11, 0x0, @remote, @local, {[], @udp={0x0, 0x0, 0x8}}}}}}, 0x0) syz_open_procfs(0x0, 0x0) r5 = openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000600)={'team_slave_0\x00'}) mkdirat(r5, &(0x7f0000000740)='./bus\x00', 0x0) write$FUSE_INIT(r5, &(0x7f0000000140)={0x50, 0x0, 0x0, {0x7, 0x1f, 0xfffffffffffffffd, 0x80, 0x2, 0x0, 0x0, 0x628}}, 0x50) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2}, 0x1c) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) rmdir(&(0x7f0000000200)='./file0\x00') [ 304.021653] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073576d4 [ 304.028940] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 22:36:57 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x300000000000000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 304.135033] x86/PAT: syz-executor.2:19657 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 304.172031] x86/PAT: syz-executor.4:19663 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:36:57 executing program 2 (fault-call:9 fault-nth:30): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 304.262691] x86/PAT: syz-executor.2:19657 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 304.286541] x86/PAT: syz-executor.4:19658 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:36:57 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x2000000, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 304.348810] x86/PAT: syz-executor.4:19658 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:57 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x700101, 0x0, 0x0, 0x0, 0x0) 22:36:57 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x400000000000000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:57 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x3000000, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 304.511983] x86/PAT: syz-executor.2:19876 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:36:57 executing program 0: bind$bt_rfcomm(0xffffffffffffffff, 0x0, 0x0) sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0x0, 0x2}}, 0xa) sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) bind$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000040)={0x1f, {0xffffffffffffffff}}, 0xa) sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="78904340c7e8508f01311927b946e7cd4e30cc4c1bb43574fd423c2359bada583f1f", @ANYPTR64], 0x8) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="0008006de78b6bda"], 0xda00) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$VHOST_SET_VRING_ENDIAN(r4, 0x4008af13, &(0x7f0000000100)={0x0, 0x5e}) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) 22:36:57 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x500000000000000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:57 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fstat(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000340)={{{@in=@broadcast, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in6=@ipv4={[], [], @initdev}}}, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000a00)={0x0, 0x0, 0x0}, 0x0) lchown(&(0x7f0000000300)='./file0\x00', r2, r3) chown(&(0x7f0000000000)='./file0\x00', r1, r3) r4 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000b40)=@nat={'nat\x00', 0x1b, 0x5, 0x568, 0x0, 0x130, 0x130, 0x130, 0x278, 0x4d0, 0x4d0, 0x4d0, 0x4d0, 0x4d0, 0x5, &(0x7f0000000ac0), {[{{@ip={@local, @rand_addr=0x3, 0xff000000, 0x0, 'nr0\x00', 'lapb0\x00', {0xff}, {0x657f457c3d9b353e}, 0x6c, 0x0, 0x1}, 0x0, 0xf8, 0x130, 0x0, {}, [@common=@unspec=@quota={0x38, 'quota\x00', 0x0, {0x0, 0x0, 0x4000000000000000, 0x9}}, @common=@ttl={0x28, 'ttl\x00', 0x0, {0x3, 0x7}}]}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x2, @local, @empty, @icmp_id=0x68, @icmp_id=0x68}}}}, {{@uncond, 0x0, 0x110, 0x148, 0x0, {}, [@common=@osf={0x50, 'osf\x00', 0x0, {'syz0\x00', 0x4, 0x4, 0x0, 0x1}}, @common=@icmp={0x28, 'icmp\x00', 0x0, {0x3, 0xff, 0xff, 0x1}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0xc, @remote, @rand_addr=0x800, @gre_key, @icmp_id=0x68}}}}, {{@ip={@initdev={0xac, 0x1e, 0x1, 0x0}, @loopback, 0xff, 0xffffffff, 'team0\x00', 'veth0\x00', {0xe969fed041d9d738}, {0xff}, 0x4, 0x2, 0x8}, 0x0, 0xf0, 0x128, 0x0, {}, [@common=@ah={0x30, 'ah\x00', 0x0, {0x43, 0x101}}, @common=@icmp={0x28, 'icmp\x00', 0x0, {0x0, 0x81, 0xdf}}]}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x1, {0x2, @multicast2, @dev={0xac, 0x14, 0x14, 0x18}, @port=0x4e22, @gre_key}}}}, {{@uncond, 0x0, 0xf8, 0x130, 0x0, {}, [@common=@set={0x40, 'set\x00', 0x0, {{0x6, [0x3, 0x400, 0x4, 0x6, 0x81, 0x80000000], 0x6e, 0x9}}}, @common=@socket0={0x20, 'socket\x00'}]}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x1, {0x2, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1, @gre_key=0x4000, @gre_key=0x5}}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x5c8) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r5 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r6 = openat$cgroup_procs(r5, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) setxattr$trusted_overlay_origin(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000440)='trusted.overlay.origin\x00', &(0x7f0000001140)='y\x00', 0x2, 0x0) preadv(r6, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) writev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000a40)="8dc3266d60ac0b618cb78d243fe86da56df9f2cf799cc28cc46785f1c888b9d119810284527e7b64df7d02c2a596094820221813db1d74dd58b67d111e2601832e", 0x41}, {&(0x7f00000000c0)="fadd071b9a452b1260a3b732bcfad7387efa75ef4248830ae90803da2cc6494c88555525ef1bf19e5c6c07b23681329aff50aa", 0x33}], 0x2) open(0x0, 0x141042, 0x0) [ 304.625932] x86/PAT: syz-executor.4:19886 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 304.661895] FAULT_INJECTION: forcing a failure. [ 304.661895] name failslab, interval 1, probability 0, space 0, times 0 [ 304.687112] CPU: 1 PID: 19888 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 304.694105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 304.703473] Call Trace: [ 304.706082] dump_stack+0x172/0x1f0 [ 304.709737] should_fail.cold+0xa/0x1b [ 304.713645] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 304.718776] ? __lock_is_held+0xb6/0x140 [ 304.722863] __should_failslab+0x121/0x190 [ 304.727115] should_failslab+0x9/0x14 [ 304.730938] kmem_cache_alloc+0x47/0x700 [ 304.735017] ? anon_vma_chain_link+0x154/0x1c0 [ 304.739615] anon_vma_clone+0xde/0x480 [ 304.743526] anon_vma_fork+0x8f/0x4a0 [ 304.747332] ? dup_userfaultfd+0x15e/0x6c0 [ 304.751573] ? memcpy+0x46/0x50 [ 304.754876] copy_process.part.0+0x34e5/0x7a30 [ 304.759490] ? __cleanup_sighand+0x70/0x70 [ 304.763777] ? lock_downgrade+0x880/0x880 [ 304.767931] ? kasan_check_write+0x14/0x20 [ 304.767946] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 304.767963] _do_fork+0x257/0xfd0 [ 304.767979] ? fork_idle+0x1d0/0x1d0 [ 304.767996] ? fput+0x128/0x1a0 [ 304.777056] ? ksys_write+0x1f1/0x2d0 [ 304.777077] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 304.777090] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 304.777102] ? do_syscall_64+0x26/0x620 [ 304.777118] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 304.777130] ? do_syscall_64+0x26/0x620 [ 304.777148] __x64_sys_clone+0xbf/0x150 [ 304.777162] do_syscall_64+0xfd/0x620 [ 304.777179] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 304.784317] RIP: 0033:0x459a59 [ 304.784331] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 304.784338] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 304.784352] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 304.784359] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 304.784366] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 304.784373] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 22:36:57 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x600000000000000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:57 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x4000000, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:58 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$MON_IOCX_GET(r1, 0x40189206, &(0x7f00000002c0)={&(0x7f0000000180), &(0x7f0000000240)=""/66, 0x42}) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x101480, 0x0) r3 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/status\x00', 0x0, 0x0) bind$bt_sco(r3, &(0x7f0000000340)={0x1f, {0x8, 0x65, 0x2, 0x97, 0x4, 0x5}}, 0x8) openat(r2, &(0x7f00000000c0)='./file0\x00', 0x20000, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r4 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r5 = openat$cgroup_procs(r4, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r5, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/61, 0xfdfa}], 0x8, 0x0) open(0x0, 0x141042, 0x0) bind(0xffffffffffffffff, &(0x7f0000000a40)=@alg={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(aes-aesni)\x00'}, 0x80) [ 304.784381] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 [ 304.911000] x86/PAT: syz-executor.2:19888 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 304.993599] x86/PAT: syz-executor.4:19886 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 305.029419] x86/PAT: syz-executor.2:19888 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:58 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x700000000000000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 305.059152] x86/PAT: syz-executor.4:19886 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:58 executing program 2 (fault-call:9 fault-nth:31): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:58 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x5000000, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:58 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x1000000, 0x0, 0x0, 0x0, 0x0) 22:36:58 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fstat(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000340)={{{@in=@broadcast, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in6=@ipv4={[], [], @initdev}}}, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000a00)={0x0, 0x0, 0x0}, 0x0) lchown(&(0x7f0000000300)='./file0\x00', r2, r3) chown(&(0x7f0000000000)='./file0\x00', r1, r3) r4 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000b40)=@nat={'nat\x00', 0x1b, 0x5, 0x568, 0x0, 0x130, 0x130, 0x130, 0x278, 0x4d0, 0x4d0, 0x4d0, 0x4d0, 0x4d0, 0x5, &(0x7f0000000ac0), {[{{@ip={@local, @rand_addr=0x3, 0xff000000, 0x0, 'nr0\x00', 'lapb0\x00', {0xff}, {0x657f457c3d9b353e}, 0x6c, 0x0, 0x1}, 0x0, 0xf8, 0x130, 0x0, {}, [@common=@unspec=@quota={0x38, 'quota\x00', 0x0, {0x0, 0x0, 0x4000000000000000, 0x9}}, @common=@ttl={0x28, 'ttl\x00', 0x0, {0x3, 0x7}}]}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x2, @local, @empty, @icmp_id=0x68, @icmp_id=0x68}}}}, {{@uncond, 0x0, 0x110, 0x148, 0x0, {}, [@common=@osf={0x50, 'osf\x00', 0x0, {'syz0\x00', 0x4, 0x4, 0x0, 0x1}}, @common=@icmp={0x28, 'icmp\x00', 0x0, {0x3, 0xff, 0xff, 0x1}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0xc, @remote, @rand_addr=0x800, @gre_key, @icmp_id=0x68}}}}, {{@ip={@initdev={0xac, 0x1e, 0x1, 0x0}, @loopback, 0xff, 0xffffffff, 'team0\x00', 'veth0\x00', {0xe969fed041d9d738}, {0xff}, 0x4, 0x2, 0x8}, 0x0, 0xf0, 0x128, 0x0, {}, [@common=@ah={0x30, 'ah\x00', 0x0, {0x43, 0x101}}, @common=@icmp={0x28, 'icmp\x00', 0x0, {0x0, 0x81, 0xdf}}]}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x1, {0x2, @multicast2, @dev={0xac, 0x14, 0x14, 0x18}, @port=0x4e22, @gre_key}}}}, {{@uncond, 0x0, 0xf8, 0x130, 0x0, {}, [@common=@set={0x40, 'set\x00', 0x0, {{0x6, [0x3, 0x400, 0x4, 0x6, 0x81, 0x80000000], 0x6e, 0x9}}}, @common=@socket0={0x20, 'socket\x00'}]}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x1, {0x2, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1, @gre_key=0x4000, @gre_key=0x5}}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x5c8) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r5 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r6 = openat$cgroup_procs(r5, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) setxattr$trusted_overlay_origin(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000440)='trusted.overlay.origin\x00', &(0x7f0000001140)='y\x00', 0x2, 0x0) preadv(r6, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) writev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000a40)="8dc3266d60ac0b618cb78d243fe86da56df9f2cf799cc28cc46785f1c888b9d119810284527e7b64df7d02c2a596094820221813db1d74dd58b67d111e2601832e", 0x41}, {&(0x7f00000000c0)="fadd071b9a452b1260a3b732bcfad7387efa75ef4248830ae90803da2cc6494c88555525ef1bf19e5c6c07b23681329aff50aa", 0x33}], 0x2) open(0x0, 0x141042, 0x0) 22:36:58 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0xa00000000000000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:58 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x1, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x141042, 0x0) 22:36:58 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x6000000, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:36:58 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000500)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r0, 0xc0096616, &(0x7f0000000040)={0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}) write$P9_RAUTH(r1, &(0x7f0000000080)={0x14}, 0x14) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 305.300445] x86/PAT: syz-executor.4:20230 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 305.320263] x86/PAT: syz-executor.2:20232 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 305.372393] FAULT_INJECTION: forcing a failure. [ 305.372393] name failslab, interval 1, probability 0, space 0, times 0 22:36:58 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x4800000000000000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 305.436753] CPU: 1 PID: 20239 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 305.443734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 305.453098] Call Trace: [ 305.455698] dump_stack+0x172/0x1f0 [ 305.459343] should_fail.cold+0xa/0x1b [ 305.463264] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 305.468380] ? lock_downgrade+0x880/0x880 [ 305.472546] __should_failslab+0x121/0x190 [ 305.476797] should_failslab+0x9/0x14 [ 305.480612] kmem_cache_alloc+0x2ae/0x700 22:36:58 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x7000000, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 305.484764] ? anon_vma_clone+0x320/0x480 [ 305.488923] anon_vma_fork+0xfc/0x4a0 [ 305.492734] ? dup_userfaultfd+0x15e/0x6c0 [ 305.496978] ? memcpy+0x46/0x50 [ 305.500269] copy_process.part.0+0x34e5/0x7a30 [ 305.504887] ? __cleanup_sighand+0x70/0x70 [ 305.509131] ? lock_downgrade+0x880/0x880 [ 305.513303] ? kasan_check_write+0x14/0x20 [ 305.517551] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 305.522402] _do_fork+0x257/0xfd0 [ 305.525865] ? fork_idle+0x1d0/0x1d0 [ 305.529585] ? fput+0x128/0x1a0 [ 305.532876] ? ksys_write+0x1f1/0x2d0 22:36:58 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x8000000, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 305.536688] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 305.541457] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 305.546231] ? do_syscall_64+0x26/0x620 [ 305.550218] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 305.555675] ? do_syscall_64+0x26/0x620 [ 305.559765] __x64_sys_clone+0xbf/0x150 [ 305.563754] do_syscall_64+0xfd/0x620 [ 305.567570] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 305.572769] RIP: 0033:0x459a59 22:36:58 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x9000000, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 305.575975] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 305.594986] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 305.602801] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 305.610089] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 305.617376] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 305.624681] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 305.631960] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 22:36:58 executing program 2 (fault-call:9 fault-nth:32): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:36:58 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0xa000000, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 305.719792] x86/PAT: syz-executor.2:20239 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 305.724905] x86/PAT: syz-executor.4:20230 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 305.729155] x86/PAT: syz-executor.2:20239 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 305.750690] x86/PAT: syz-executor.4:20230 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:58 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x1017000, 0x0, 0x0, 0x0, 0x0) 22:36:58 executing program 0: r0 = shmget$private(0x0, 0x1000, 0x54000000, &(0x7f0000ffe000/0x1000)=nil) shmctl$SHM_INFO(r0, 0xe, &(0x7f0000000000)) r1 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000002fc8)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="5500000018007f0212fe01b2a4a280930a06000000a84306910000000b000f0035020000060003d91900154004000001d40240dc000000002afaf984136ef75afb83de441100d13d0d0005000000060cec4faba7d4", 0x55}], 0xa7}, 0x0) prctl$PR_GET_CHILD_SUBREAPER(0x25) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/current\x00', 0x2, 0x0) 22:36:58 executing program 3: r0 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x7f, 0x200) getsockopt$EBT_SO_GET_ENTRIES(r0, 0x0, 0x81, &(0x7f0000000300)={'nat\x00', 0x0, 0x3, 0x17, [], 0x9, &(0x7f0000000240)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], &(0x7f00000000c0)=""/23}, &(0x7f0000000180)=0x78) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) r1 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r2, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x141042, 0x0) 22:36:58 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x4c00000000000000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:59 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0xf000000, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 305.855989] netlink: 'syz-executor.0': attribute type 15 has an invalid length. [ 305.907305] netlink: 'syz-executor.0': attribute type 21 has an invalid length. [ 305.936508] IPv6: NLM_F_CREATE should be specified when creating new route [ 305.946478] x86/PAT: syz-executor.2:20548 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 305.980736] FAULT_INJECTION: forcing a failure. [ 305.980736] name failslab, interval 1, probability 0, space 0, times 0 [ 305.994559] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 306.001123] IPv6: NLM_F_CREATE should be set when creating new route [ 306.007685] IPv6: NLM_F_CREATE should be set when creating new route [ 306.031393] CPU: 0 PID: 20548 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 306.038375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 306.047741] Call Trace: [ 306.050360] dump_stack+0x172/0x1f0 [ 306.053999] should_fail.cold+0xa/0x1b [ 306.057900] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 306.063015] ? lock_downgrade+0x880/0x880 [ 306.067187] __should_failslab+0x121/0x190 [ 306.071429] should_failslab+0x9/0x14 [ 306.075235] kmem_cache_alloc+0x2ae/0x700 22:36:59 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x6800000000000000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:59 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) write$binfmt_script(r2, &(0x7f0000000a40)={'#! ', './file0', [{}, {0x20, 'cgroup2\x00'}], 0xa, "ee1f4e265620ad2006243ee827803d8901586d326dc5ad382285bd7ae9b03e8d421a1d5f50aace9460a14d378c6df135c853aae177a9834c73eb21bed79501c45025166ac282d5961ba7ca86a38f9358fedfc9a970298caca9fd807571312e5acbec41f07cce4d7869f192d7106f1f9e9832bd64c15669019b51c7c3b88ec8b076b8277257a284319451e3daac9b8d1c4068a2a68fbc8e4a04f1a2f648bf586b109ed4d97a75f60674280de82d20524669a3214559572cb042adaf8307b2d6955e310ca522dbce849072f25fc5e53214c79f3825211b70aa01069f1d13b7c6b0f9b897d309195d0736a048162c122d7086c1b03b5851d42cfbad868bcdc0e4a69672abeb9d9404f055cb57e41010afed896e336b0bf2ac63640673024b684eb38d1d36e1a6b83e1bb2b92e904e4e4ba1b5403130c64208bf106fdfac46136a10513d1391fe194bc874f54996befc4242e3c2f366df2009372e75e4533b88052125910b77ce4e2b1ebcf400c61a9f0baa0fcd23d5f9c7cb1505ec88c032cf91b36265c0c650f2f5210fed1a891e688bd6f56ed850a4c7f0494a507ad005dbc82735c923027e267690bf1ea5dbf710053e68d7481f2e220effc49f95ebe6c5e1a65665b845566f6753596e538f902f6a69c820c053d391898672348508987f0e2cf2bb300645d5d6a400f143c9a07d18756257e6726e79490d6a07b308143b7001fdde1c161aee11822788f05e7ccd7a71dbb694b4f76f25e3831e82c2b0fb560785edfe71920fc5fcd062a016afcb99073fd9f98fb466bbf1ef37251e29d4763569891eba468c9160668c8b5836dc92088c7aff814ec0b1bee64f887d14496a306132e84a878d40105b6c5e0bd37812077a93c3783c7c864da47a6eea76592c4dc42d2c7380c75c2cb65223142d23045a060d473770d43f680d31abf11e202ddbfb0bd89bd37a5d0bf014d71d5f9933c707ff73942c0ad31f8e3f94170c266ad12aaac8c5ed7c9b78f05776a65a06647ad814c97a9cc07103a420320b1e59e0e022ef9217f658c31dd7560f32a3269b4e949561bfc3d41fda96a3e78c88f8e82913373161e76580be3678f0e0296781daa51e23756d479f532fd60cf8105262d8a3e75bb790c6f4b555767d47a8e3101ea6be131f8d03bac6026f80b3ce767b93bfd7ad03a8126df192374d52305744fcf61ac4760c1bb98d0eec1858191b82287b38659c1653b0068a3e34998dc336f49f959df43c34f1a417cf6faa74222ca024b1756a317b973907d20bbd38c1fae18df55ef2b688866d9b95ff6a28973456981a9f4550bc9cb35e56c76aee6162109eef72b8bbddb28b81d56712a665ba5959127742e257298f148e06aeb617d07a9e4e7fc28cb991a0647817a875ecbac7df99da1a6d92e180f0bfaa5074a92fd54efb4037dee6a10d6e5226140e6c4dd118b897e0e63964def93b7fdf9d8e3651005c565f83f564455ecb63d7a60a0dd83f5e647ae4d49af8c183669d277abc2af8633a2e48194c67eadb7e15c6b60f03dad6c458f463a7bbb846382030e6ebdeeba6491c7df220d7f94640628da05842db1230df651d9de016fe4a9426948c5dde0fec5d0c3c3634240c00e595e4cbbce19d072f040130c107b7e61e750d2a6c791d4029d0ec6d86702cf03591aff6646aacb0a57e47e9ecf927ee3546baa0c0d0979cee05017a8203e6d4dbb35891c4428739fa45fbed0ef7dfe13b8bb96c35ec1c8bb3be69a5ce0a82797c08e26595a8cac1ff89e9e547f3888d44cc7a46c1d426d04beeacfbeeb29cb1c871a1852be1269614b23bf29121456f86ae413455d18b4cc3eab959f31e8d538b05075f61fbc92144db1f6e559dd572bddd0b85e6ec09d9003a56d73f19f38f85f7075bde1a8b7a30860b3723befa0d223b6204a4983b96882d143d3e5e9fd2c119190fff151c073081feb05650e92769c90f7bfe60ff889e270571cdb723f75be7886c2f4439c67c2301f18caaa154a8c8a603717af4bc9432bec83330876ab495f1a1e9432721e83c3ede00bebd7f218cd6aced7f2f22bcc037d5f7d912800750c9e31bf93633b341b60805c03880629eea4c315ae07b752e36a004dd678a555db75990e66186bc2f56a2aca11540b13e02c4f28b06bd7788105681ddf2f3b5dc00d0dedb736c21078b60594579069f29d3b2231a54df51f164c77367895816ec689b8d6748ce2e1b14496d81243c0aa3d682feaf7b8baefd6dbfd2ceb47ee7a998d2647fc72346931cd7c8ffc344032e27dca9d95ac259172719a575e50f1b8e89331c5c301c7dc291f2367add7f6f504f6a105b6b7c8b26e6440f22b3c1cd74d7e8ba5cc5796c72c2fd33501dc01ed6a3b265927f680f956f69dc6729b71a5ed7a9dd483f4db1f7da7a807969a89b9a81cf8d908c449fdb5c16d746ff1f0dc2e4188700b00e88da5e18ecf624a6a69bdd26c12ae59440ef78ea2c11c11d15466aa62dce610f7f765ff8a7bcc386ff638723d3ae268b57a89ddd13d9914ad26135672e9e3bab3cbf71fd50a8cb283a707cc1a17678617122820e633f1955baf8bb98f5aa534e244ddf72bf5348c5e3cf589e87a9f2fc8c97c1e253f0faa144ec086c2ac9707b1597e3b4b35a5bf94a61f059a78b501212f38e0a8964b08cb6a4b453bed0706e749409b93aebe56bbd5dc3de05a8a9f307361b8511c4cd698477b0b065d97caf58aa953be1e494719ed9f9bdd4c336c6b3c34a011727dfa2b8253181ccf10dafee1acc9327d7744bf37d627c4119dfc77ac63518d9204c2bc1b4a980e4aa98bdc59d8cb266c16d69e91d3de37987884e358d4b2bcf0fed7f8e2e080d6bfbf162b741e10495ce6669e5bb4adb21228bf5413e3f92292f26771bf0047166fad00fc895869d9bd058b3d6a90d22e75dc1f86b749469d76228d279035398bad8a92ba3272b87cf9cc07bf4a444ecf2d526c97d5beee35026dd9d229a28e984e930af2be33a6e836830ace047b0fbf73086e80325ee6491a54e11d64a32cf351af771199d54e750036b50b68a56d76d12afc260d95b7d20c443fc5726f850464d76d70f1b8089063600d70c5bf9ae60e0642badc56a670a96627b1a37ab5e3d9ce77d59cf9a1301db6ce3d1df02db5b27b466c7153372090ce690da7cb17ed972355c890cb96c92b79fbc7b111ebadb502623e4ace19bd519823bdec005f8403f00f5c1f88b7e7ceccf0c5531e06ea0ea6300f826aabe6bbe8580c8bc642724606f3ded1cb8bf0c92d7c1129cc09202f33e6feb25ab5ee49bf06676bbc19522976c4ad2ca8c8060fb09ce6e562915c2a06ce91b1b12589990b9d5c25e4a72bb54e4a63fdc53959f14acdd00aabdfc97ab758858c9c04d4715b3020e15aedf9933dbc3a775233e0d5dce8881530cd345ad7c69949cabb8276a58254871224b82c160d40f3f4c1bd0688926cbb0c480fa3949036fd0fed47901d845c414c72377d15c79c3907a1dc2668facdd0b9052ea8daef970e8da2478b16722878532c1accb9628fbd0ce6e5dee78a3ee9d5bb62782653c93a591ca30602024332bc1849358007fce79e7c27f698b2114d77edabb7606b4b80cf9a2a65c8f883287b3ad60ad9a511bc5bad195e00a78fe2a39a6410328ea03223492e058bd9876bc1ca53c9ab1040c77d7121f5104d983b39e3b1cabe6a2d71ef55b904e7a97fd77639511b403232bfc1fa726fffa9e900c3a6c95464a26e57f6e7cc4c68bc7ce051c24f667ba3e1ddf665c1da0c989ab1b38953d5b2b47373cdffaa03630478bd4ebc6abefd92091bf247a54e7e54dc98d5e1521a88add2ffd239c41ae06acc0f499486a2be875e6a93e823daaaeb88c750fbf54feb95f9fb1f50bc3107766f710dbc56de2ffc896c5cf2b27e3021dacde5da0d35c8df602574def33a0ebd0cae7eea2049d5a7558142e980131372d7f2dd92265f884ae4438e1f258e1e5a658c036bb76a3f36084521ffb7d123f606735620fd4141362674f37c3de7b70e4f5afa912187760b1f6bc8fc6497f1439a99576f8f663be96b0ee12ad2ca28de39988abde7b1da0a79a629c7148605ad0c9dde6038074b5fb4ad6ba8a65ac80c25bf5345ecc048337429e3f7a0f9c889e638e971e1835d6a563c93d4af70e063f456db15a2da9a5fe11c3bd3ff5aa049e9eb5eaae6718d9f43ba317be0a0dbca8ab14ff1969054fcaba8393c3b0ed8c06577ef031f3e0b3403ea6f68698f0adbccd3b54a9f230c161d5c2ef03699198f8b903e32173ea4b9365427df69580094a8fce2adf6134309d354e721e58bdc7b7808e68e8db4da1c94656e8a89ad976fc41475151f3c171473fbe56a458e88dc3b1e8132149249c64485e7697ade534c7e59af60fdb6a3d0f3236be95b2561f5f825165d1957eb3f3578887bf2769a448646b190951f6e28c1098b09116b7c3a2bb1862675581d158b4940543ced7e88c577d8a46b11bc6d0c004a84f6b6f257fed949c7661f4ef875a76301fd3cd34fe5a8034d3b8ca39e31d3bdb5d9cfce78af3e3a9ce06134c7d1c071f4d8d70420116024afb626a3b04f15b4a3ebe04ab4db4e580945fb32c3449280058893cb55a0b73a3e799ae1ed120a5031427627959d805d192051e78f89db4bc903999d924cda4c98f104d0add5289bcd2de7bcdd2d8ede44b88ec12609b58ebb3cd5e6988ab1ad7d313c4c3887285d92553489102715106a64fac2111f834ca19b4cf4f84d38dae810348ed3329178a9e7baf02e0a6423bca6b68613f668026f1369d26e94670f3696eeff40c08862088f05e9624763e8d7f01d5a527c5f28a0972fb5d1b63f1d4d90a48e155abd38f83550d3850c1ba8d5f5ac57d2e20f8c886cbdb541b2e97a7b4edc2a6e643e93d799fe806de93d0782a377760ead12fe808ff2adf81129fc224eba6bbe6e0b97968ade7400bdffc05cb6f176686daace6b0eb3ec70742e9434d99e3eb6ed289a30ff412da18e9a392bb1c6f54819a5df0fa222ea1bfc78a60fe3cab1c8abc5bf4b23b3e3777d9b75331a7e94246806a47c7df9a2378e7d7064d51d7b7cce32e1b9ba15965c1069c4bcbb3c605022f690b721500055f3dc6fbf9d6100df6d3e83733ab4dc80887b7ae226c4fdc5275a70e1f1e84fa91afd0229dfe9b05968dd99e7eaffd54a777ae59cfb710b93a63f02fbb61675bd86bc88f8040731ce4e61c96e3f200be0f0477131dfda7ac2ab4226b3c6889d41eeab8c968ca97d4af65de8e7addea3ad76c94683c33a1b6fe6ecba964e243306b49add9c9211904718282c0febfc2cd9a9a750617a6bcff6f7be5fc4740957498896a42b7e636e8278a82fb512011bdb49cdf60a542896b45e502a977dc291034991d764a86565372bc76bb8df70ab894a27058661288283891dca881227d3f4e7924b2b59be3ee33a1cba905cc8be8d85e686c66017e0b01f5e487a5d856b37134aa84e47ad29725a8327d33d48f5ade650e5801174f09abab907971cd847196ad5147be6f762d2fdb3179ec9aeb57d27f931caa8911fca1ef798d6bdc198500c14e816c937b982bbf3c158204f369cc2a726ede2d62841518b1364ab24284929cb3f81766ebdad5423ec1e7ec6b697a61258235d02bd63b308bd0c41703d3814760fed62c27adbe848f5399c37967a7a9d72ddb9fc641c9630d8c33fa1dde308c6e4e115f8812aa430b69515578e5365316ca9c7c6465091f5309c72c752cec4b43934d67e96faf2f237b485fe307a4041247adc2e64125a1a47ebab7d68cca336595440d"}, 0x1015) open(0x0, 0x141042, 0x0) [ 306.080444] ? anon_vma_clone+0x320/0x480 [ 306.084605] anon_vma_fork+0xfc/0x4a0 [ 306.088422] ? dup_userfaultfd+0x15e/0x6c0 [ 306.092658] ? memcpy+0x46/0x50 [ 306.095953] copy_process.part.0+0x34e5/0x7a30 [ 306.100566] ? __cleanup_sighand+0x70/0x70 [ 306.104802] ? lock_downgrade+0x880/0x880 [ 306.108974] ? kasan_check_write+0x14/0x20 [ 306.113214] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 306.118073] _do_fork+0x257/0xfd0 [ 306.121545] ? fork_idle+0x1d0/0x1d0 [ 306.125271] ? fput+0x128/0x1a0 [ 306.128565] ? ksys_write+0x1f1/0x2d0 [ 306.132366] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 306.137113] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 306.141857] ? do_syscall_64+0x26/0x620 [ 306.145841] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 306.151197] ? do_syscall_64+0x26/0x620 [ 306.155180] __x64_sys_clone+0xbf/0x150 [ 306.159150] do_syscall_64+0xfd/0x620 [ 306.162942] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 306.168115] RIP: 0033:0x459a59 [ 306.171293] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 306.190176] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 306.197874] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 306.205133] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 306.212393] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 306.219652] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 306.226916] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 [ 306.243437] netlink: 'syz-executor.0': attribute type 15 has an invalid length. [ 306.251123] netlink: 'syz-executor.0': attribute type 21 has an invalid length. [ 306.268427] x86/PAT: syz-executor.2:20548 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:36:59 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x2000000, 0x0, 0x0, 0x0, 0x0) [ 306.270517] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE 22:36:59 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x220101, 0x0) fchdir(r0) socket$alg(0x26, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_submit(r2, 0x0, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0xfffffffffffffe8a, 0x0, 0x0, 0x1}]) connect$vsock_stream(r1, &(0x7f00000001c0)={0x28, 0x0, 0x2711, @my=0x1}, 0x10) ioctl$IOC_PR_RELEASE(r0, 0x401070ca, &(0x7f0000000080)={0x673, 0x1, 0x1}) getresuid(&(0x7f0000000340), &(0x7f0000000500)=0x0, &(0x7f0000000580)) stat(&(0x7f00000005c0)='./bus\x00', &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$gfs2(&(0x7f0000000140)='gfs2\x00', &(0x7f0000000180)='./bus\x00', 0x7, 0x2, &(0x7f0000000300)=[{&(0x7f00000003c0)="aa3429a39cdeb00b81a4345a3da39d3ef3d56c176e78e579ac79ba6bc11595f2f2fa6fd26323c2b4f6330c46bbf5be7c26c583bfabb1e3563832e2a531f9212872555beeb9b25d00a6630bc9c69c7a31aae74842d36cab7c9b6c675066d71d9ddfe494b81d529dc1f7783c514302fac366671434674da4358fedb86bb67741f8c0f584a83772e7247a385209c072ee27f31f394d92f0c3023e5bb580576cf7732b3734ee8b9b2bf98ef71315070c32b8f0f6672acb7e1703c557c4e947866dadf4cdffd776da9a320f30e7e8844035af648ecabff5e9e3a59f6f90693f0dcecd17bab6af0e85da041a", 0xe9}, {&(0x7f0000000240)="669d80a130ce1ccddf7a89cf68300661e159812f80cec4bc34671a04010dbc3df95d76458e2c83a96f6e371923e38317f363951cbe78e2fae0a982d0", 0x3c, 0x10001}], 0x40, &(0x7f0000000680)={[{@data_writeback='data=writeback'}, {@nosuiddir='nosuiddir'}, {@lockproto_nolock='lockproto=lock_nolock'}, {@norecovery='norecovery'}], [{@dont_hash='dont_hash'}, {@dont_measure='dont_measure'}, {@euid_gt={'euid>', r3}}, {@dont_appraise='dont_appraise'}, {@pcr={'pcr', 0x3d, 0x38}}, {@fowner_eq={'fowner', 0x3d, r4}}, {@obj_user={'obj_user', 0x3d, ')ppp0'}}, {@subj_role={'subj_role', 0x3d, 'securityposix_acl_access\x9b\\vmnet1#'}}, {@appraise_type='appraise_type=imasig'}]}) creat(0x0, 0xf000000) fallocate(0xffffffffffffffff, 0x4000000000000010, 0x0, 0x7fff) 22:36:59 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x10000000, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 306.327027] x86/PAT: syz-executor.2:20548 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:59 executing program 2 (fault-call:9 fault-nth:33): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 306.385393] x86/PAT: syz-executor.4:20698 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:36:59 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x6c00000000000000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:36:59 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x11000000, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 306.606688] x86/PAT: syz-executor.2:20800 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 306.622063] x86/PAT: syz-executor.4:20697 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 306.639455] x86/PAT: syz-executor.4:20697 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:36:59 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x4000000, 0x0, 0x0, 0x0, 0x0) 22:36:59 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) inotify_init1(0x0) io_setup(0x300, &(0x7f0000000000)=0x0) io_submit(r1, 0x20000103, &(0x7f0000000040)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) [ 306.699966] FAULT_INJECTION: forcing a failure. [ 306.699966] name failslab, interval 1, probability 0, space 0, times 0 22:36:59 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x7400000000000000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 306.768837] x86/PAT: syz-executor.4:20923 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 306.819805] CPU: 1 PID: 20800 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 306.826788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 306.836154] Call Trace: [ 306.838758] dump_stack+0x172/0x1f0 [ 306.842404] should_fail.cold+0xa/0x1b [ 306.846307] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 306.851424] ? __lock_is_held+0xb6/0x140 [ 306.855507] __should_failslab+0x121/0x190 [ 306.859776] should_failslab+0x9/0x14 [ 306.863583] kmem_cache_alloc+0x47/0x700 22:37:00 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x6, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r4, 0xc018620c, &(0x7f0000000a40)={0x1}) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r5 = accept(r2, 0x0, &(0x7f0000000440)) ioctl$RTC_PLL_GET(r1, 0x80207011, &(0x7f00000000c0)) r6 = accept4$tipc(r5, &(0x7f0000000000), &(0x7f0000002080)=0xfffffffffffffe64, 0x800) sendmsg(r6, &(0x7f0000000380)={&(0x7f0000000240)=@nfc_llcp={0x27, 0x0, 0x0, 0x7, 0x10, 0x80, "ac33d9c5069f43b4af05fc4a4d0083efa8b1bcad9a23f95887be643faa85e16e8240dde0d00b152ec442da8c9d0d193533987ec795cbae2b830952a793266b", 0x3b}, 0x80, &(0x7f0000000340)=[{&(0x7f00000002c0)="4b0c494bd56467423d4f7d505edf6be6fd194b83c281d1d6c26414ce0980c26cab4b30a12fb5e7e56210aeb34bb4001e51d36f38586e4ebbaa27e6f9f07f33b92ce3a79f8b4cb80cb2c6cdaf48d2da2997d0ee1d7e94335114cae8aecde6b1674c9880b380c7ef1ee7de7ad8885e8c8f4e5152dedc69c7c657c4a7", 0x7b}, {&(0x7f0000000180)="7d857126403a7c3c000c3deaeeed5285ebdefc128a8c36d659b628f44cdbd89ca502482e0a2247f890b532d3e03310d0a5c8e708ba8b11ecf8a84010a93e", 0x3e}], 0x2, &(0x7f0000003180)=ANY=[@ANYBLOB="800000000000000001010000070000006ba2af216531ef53756e00b61ed296e55e794329c5e46f96c2a717ebe2ec8e42d3c457b0ed8478b30e3721f29307cbbd26f912ff83badde8b7b6eb278293f8e604e877c1b2660911f85e900945db94721981f63df8cbc3b97cac682e4c92cd77b1dda13ae699486c6d9ab20d00000000000100000000000099a3c276090000007c46dd1685d0d3d1c3d91c44a3c1b84bc996a0b7f23793e2f4058e96343e44a4f8f671524fbf0a8c4455b973e5ea85e994f87e8aacef9cdc6b6ecd724cd7f437f7297fba7b2f0990bbd134959e5b5bb5fe948e4cdcc413b780f6573fa7fed11450295429b33abebf484755a20511d2ee94729d6fafe1ff6461f65c7c6fb3ad6dec1a0238d3d339cde2b528f8defa36e43e56270539ec8cdc5d76e7058ac9ba0e9df55e2384203c60c5e5f5d86e59779a58645d1e35cfd96ccc6cb7d368a0f314c7d59dc247625bfe40bf26b360f809fe507dc480d3b66dbeeda32b2b71b762545ff9e17fb2f798420c3d7b0000000000100000000000000001000000000000001010000000000000090100007f0000007ab4e7415baf47a6eefcefb859fa127ea2b12206c0292acf14befedc1f0cc594146c041e3575e35f45636e021b3b5df07bb9f22326816ea1125e39355195d119352834719251ad8b1fb982736a29c7a62f81ed0837da3176b4c2b3c957883f5d9d20db05e977da84303e2919d195a2036da8e85c054e88a8f7143c546d5d6a6f47f2655ecdc8dede3a7fba08ff01ffbfcbf76b009a2afd7544596676636b5d2479d36306462a77ca4bc96cf068c6cd982a2c347d3b4930aca0be927d70a2a5a47aac56aeeb02ac4d007c88793188fccf52e689baefa36ca77ee64a5d7a03fa9011aae39da722d8609cc4915d600ad8c25fb0005248dcf6bb4f664133344df1a97bee71c33fcf42719f6de05476dc820c2b6c47ef0d18d641b9ed7faa9641b1c96ac934b6fea72d1346d67164e5300524251db2e0b2a78e6555835c39c5d4b80a58aa0584f09e334c434c45d27ebe026bcb43ea65f1a374fb4f540929dd56a60d834606bddb089d0a92f8667582a351d6fd55131298cb6cdf13c773685e768d9874c0f8a7679192de616afa26d956f263edd29f55fbaa344dabaccb92fc36f9283f85729a0a2ae6cfa9daf7c2d2186af2b3c5b02819fdab6d228a716ac27d16f6ec53df6e3cfa91770143c3a44f5f361842e95b37ae4f63a3aa7ceb3b279e7517d18bba5cf4bc8622d077c444945e4251b816e4d02a84804e47a14f5b176ea7cd218335218ea8a1dcb127d49baacfa556079924409cac9cae2973d581488ba357a9eeb4aa4b0b5996686c4e78b395922f8deb9deb23bc94d03f724728c7398fff05a4d0a978f4b4cce0a4481368c738bb982f5b93f39ee6f03f134b6e4553c87d1fb3844515856162f83e0d6224f0d548bfa64cc7e706d7b2c990d4858148386542017348877c2ab24281c98ea3bc67095166e41e29d633a53d9aa04cbbaa70278c224432a6a93553072d1f36bcc4dc29a92d8ea9743ba09a925da44f4a117507128eca99a0f382dbac4ca443ff6481839ed4afe4bdc5a3888c3d973001bace7d0ba84829008c2e9e226484ea3d275e410e3c8c5487f132ca7b36ed27b0f283bb241c1c2afaa14fcb18b392b821e407d1f95501706abe55429a43a5453d507320025d470f4249fa9c2bb1ed060a455af63e33a9a34eb7b3d87cb2cac87cae25a4d97188450dfb1c3195d1cfa7339ffcefaf06f718856fb0043321d77c605a71b4a909f29b62360f855d2068c24ac75ff3ea67a2925eec7a045078e8a4a4d6b93f12f35c4b6f141a1e883af4bab5866c5d83f4e225f016e180359eba8e635cc7bfb357ebd5bd5d2276f1826c1e0bbe163b6a768835d51ba484a81057fd8c62d26070b0eb6ab212453293f8d227f29be7735d25a163640cd395a21fb403b98dfcf544977c16764fa304f387647187f41ebc50abfd43d435d9da4aeef78121364f9dc781d7967e6dc0dba573f9bf401ae43681d5443627a50f7256891e543538dbf325d9c43d6bfc3556855de7f5a47368b6095e95f55fa6eda41816ec14a57f5d2c81f88f9d60d4da834f41f75f27beffdebabe41b3c98e4a64d2e42ce716db6d1d72e42785c1274b622b07bc814b05b0794dcd4a8f47fee539f933a1b04ded1f09e29e12ee9db882e2709ef19c393605472bb0df7f0704e55990d063bcf345857202539e5a1aa4e3c2247db123569b1760ef0feadf73a34d628a3df0b272d33c35efefbc9d6f207e9cc3b6737bed61ab9106bd78d27189c40ec2687e536f2a012a75d06e28df8fbe15176bad58bf20964e5c28b5a6edaaf4e09e93d3201cf71baade94dda4ec0989e1086a24b445fe5ff9cb552b4cd11f0853384ac243d0b622f6c44b6ee42aa981bbbefacc1db9b6bb7ac8d4be81020e85c2941d8ee9b073f1745e528895828d450f099d012a3b03c16b680e4d178f929f55ba3d68a851aa7924fad7e83c54195a6317659c4ecc1dad6773735491431669e6a6d14dfad1bf25b3d695dc8dd9429b10eae63aabf6a8e35d3c8b4260a55090ff953b676d4a5fdadfb8b4f5ec7b24357a2a6078965cef343578f96c23cacba816e3fcfa127dc84fc169e1aa4d158329aa82f2ff3b79d2c7269c92811a8ae924ce15ac5a1751a7a1be856308e8e68ca74d49b72234dadb88841f57f55e3fc00ff4b4d2fa10b587e049a647fd72030f20e6630bb2dede3233862166cab3bf918d31f15f67b117185ed0aab6c0dd5e17519c4c0a71b5dfb8297f1c65afd2f1fd3f23da73fe86aab5ac001145eb35d1a6127849f82c9ef08f16ddce2f411f5b965ccb5c678ffd011e22608ba188ed40a4cc84506e45c9b3fda9c335e0faf93e0e0fe2638bb0ec36bad186a711d24138b1bf8e796def438ec7f16d3a762f116b8a3b34c6e6b327d7fbe02b53d46556cb29a2357fd3e0408d9a8e2b4a3d959df967bf7bc688085e57478e71c90da71aa07e2e4b162dd41ea07d46182d419d8eb471f24c7bbc22de24a24d2898dba9c4af801fd30ccc956d0648944d57eecd6e64e210eccbe5381eac731679604d8ad8bdb210022382347266f550accce7cf59912670165072ab2454bd24b11a682376dd0439d33d2e51e864db5513c2aa658d2288326623251404ca5ee0dfe0e29e508a8e8f62b013568f88cbbda641040828c7ebd9dfc686b10c1c18ab0df9790ed5fc008365543d6ff922b56420c0846cde188c76eb8da3a68f8bf6ce5fe62ca546672338b9631e49abb95373884222d9a7ffbab3ce133b020cd27777645eaed58299010dc979d6ef51280136e3ecbf3d73a4e2b835d4d58d1ea835eb38a56f376d8536bbd8d529a06dfaa513ab1f31811b6f31c144b4fcd3a66b9a4f063ee017326b424a34e70ba70819cf98f60cf61735070f256f630b62d0d47393f32837a68163515e34214510989642cf06ae95c68444e17cdbab3966306c787218fc8d51b103de3cf33ffbf49d238f37f6794105b5f8f88e23f80c43fd437b2dfcb48030c8950a6fbe0e716fcb27ff38bc676501f546e8ce5071a4c82889998044878aab50253aefe800adeabcbefbf7de417f9b74a0b0bf14f3862ecf61d3cc7d7f902f239ef5eb8d3d29efb10041d5868966480bf63a1436f886f9bda93ffe293442331f93358b59e08c85fa9be85546949fce3018f6cd693009d4f0704b62c28574ac7d18706708a3199f401b52f92019a069757b95181f648516d627cb2cbbbdf172b9cc2fc03bb2a340616d5d088a7c6df283bda777111a9b327e03f9fbeccb724ce35ea944a543444bef6a639fde30bdd4a0e823cc25bd2aa468e024b4991355b06602722c9208805707aeb291a05a991c0522f52b37b061da184071b8d0d12306b43517cb9bf08d7a4946d7c985eb81ef94aba5f73ba4478f1b3f3d79990af23dbea856ebf1d3a5162f1dda464d2c57e33c7795503f5babd13e7ae2ad124664f67879da83fd43446e93abb6e68f27e51d52abd05c0fb3512eba10e120b66927b6d29a859cc4494f15828867e63f2d3d6afb0a6c1451e09198a21347f64fbfa275cb319c5c21a7a003f6a6d56c2347f253c40a8e5cf4ab4aa92a37e9b1df4cbee7d199b44f7b3dad31cf2a9a546edd9798727380fdd376b4b012d9e4c1663951f08c85ca70f0e70aec5b803adde8ab08e5f0c616de197bd162f424559b454d672a5ad6a4fba24e5e989e0ef3d0d3ca95701f98c4b7e08fdb26c2a2feb9cf8071cc87486d291243576af3e8d867c5c6e9580dc45a872fa6525d4fbdd9caf1bc910353e60ada1981b5e0255d0f43272fd076829f2431972b3ad683a890f342db7d08e71bb489903b4f48f5ceb1d826534c19ee7108fd7b0a8742b20ed9b29b1057aeb35c1b8f6b80221d55b9499e881b6a1dfcbb69d50e6912789f1b09ac6dcad98e8f35f95514ffcb4e569d0b2637cf5b17167bf0b14fa7d57064c97252ecb37615f1baf51b991e9bfba96b0d6f3b4594cade0badea4701376bda0e29c489b011b62ca7ffd9dd5ffcaf4cfb2e2a5606078209825234a1fabbfb5ca6e2fc625d5786fd612e1f81331a127d471d76b4e5b6dda6f0eec35f286535c06a3aaf8dc53d4e3d4e58ff6a84cf3d931fab88353d73f5892fbf7e43ad76d66dece4c5323713ccb7b60800ca73f241c8b25db8faae9132eb76b32f9843251dc04a12a8567ddf3678f5ccb73a178241843639304ddcf7832bdc46eb3af1156888668782aa4a5a004e053da3ed0984d0888ad85e9d1dffec5a59545633b3103d5c9233e2a87a5829c552a65ba8b4804196796156d8c4ae1506258639b0c0d00ac8384a1d6c9cc5d391f0ffeef49416691b1aaf017ad2d1c8c1c21604ceea4c550c8b8cc3d963fb676563a872349717b9f342f469f1c61a0cc198bb51ba6ff89ec294f17eeaf87cd2b3a5de74db42fdb1a13113054355b01c908cbd23caccdc454966f9fdc373cd87765a3f69010d5934605bbea88d245eafc2bd4c2c761e35e11677e111c1872dff7b53a0af664d9ad156a7c9cd703b1d0393ce95227c9bd6e7661e4da20562d9ec088f71557df6dbc32bb41ae673eceeffcf3dacac46163d45e482ef08b1bfa87fcb9805592f925b095161ce4c4993a367c4a98c6d4a3f66d38e6254c91b2f2052d364346dd7e893359b6cd55b1178f1dac9ea843d86e38a04e9266da43255cd9531baaf1674ff08c6d87a117171b8b5b34599ee7bf97bd7c977f4cc4b11d1808525dc518284f107a10f552915df4480f822ce39b7dc460fb7d5fdee6233ca55aa42bbedd05085bd4e3bcdba294d450f924da4562e1cb1b2617b1484ffb9b96aa2d686a7564165c786b157d63442583eab932445876b38783443891f47589eda8a57c2972a8c72cd81dd45a23818c8093682ce8841aa2149f67838a42c2ac7c21b64c1ed175597ad532e84940288bc3f7fdcf652d17de22c9c2d6563a8abb03a2b4e273d17311553d1658f0b254524b531af8a174906a568c9f5362601845c605a1ecdaa57e13d812e86eb1a4f78ac610cc88693ccb0fc065380ae142cd8f1af6ad096a1bf5509240f3a2256bb8029d8f87277a6ea078a68912d5ffdbbbbcbb904b9823ddb847d4c5f534f536a6811bedbde09000000000000004237d18f386d464bc92ae26c5d87a5313654c727e2e05bd0c8f49e90218f868786eb26c51219a0834c934ac3321acd7b2b16fed18b822b65ed8a76418ebbd3113e1bb0973ebfa30f3c97791f83f26c7637f2110e73ab9b231313519984109015cec38d30959abddb61426383a7d3ea288b3ee881dae353a722e4b8e331dcf7ba288158765544b6da1c6054dfd7178cf7ec0ef0cc0960fde89a54b33666f7694947a1ccac722430854f3a7d97a077be71bf03963ca160f328b4ef26f3b725e74cd48d20b25199699b3adc11c38cc031079a948818c6f07ea77d42e8d5924f09922a2b077a29a9a39078d0d57c6393baf3fbac464f5e337dae46ef871beb51dbc2a7196e998864913f12e6096dc8cbcad0099d494a81123730d007b0c5f66171cb9edb861df478111580de699e99e7680098f75ddf7bc65e3a71c78cc69afc91c2487627d05210a708b7700f674930cb28bb6cfaf41836e27148f473bf2e3ac76a659a26db641eed5611e464d757d34c5ecff710d34028e86231905e1436084ffead8bf8a2ec7dbad94f79251eabb88e4e915cc4b0b400d8da1fa3cc8c580b5a161633678fa794b8bf7fc4e02604e8d4aeeb7fba95b6a9a6fe0d91e49fe097eff715ec2d5effbdc5b416cb45bda00b546be1d615dcf1d17560ee0c59f4ef28ed976b433f3953f13e3000000000000000ef00000020000000fc30a2afb9514a589dd0c59c1ad7c6dcf7911bfb952c18d3df9700000000000010010000000000001401000001000000ebe3cdd28f5cbaea069b9422595cb0f6ecea89bc6ae6f4062b14c8fd54b328987f7fe1774d4b0a12fa4fe116b2df398e2def203a3ca5a496ae640d600de332615e81ab9b2b60d047d46bfebe2cc109bcbfeeb54baf758567dd5ad24af6bd23ece1ab34f57c53912e03837a14ab5c832418e2a863c6bab4d97fc9cc6a41f302705710147198c24f7fc48292092742da3a43b7cbd3d15e653794fda37279b04f307384084171158b73cac07b35fd6e08425264e799ceaf779a97c67ced394d6b21a7ab91c143eb300c7b20d9a55b0f499950dad9fb98cadaf593adfd3a6afbe34f60e1a768255878f2a29d49f4b108000000000000009088ea8467000000000000f80000000000000015010000070000000c6d4e3c2a79926010ba65ef0af498c5bf29d485599a7d625a91e64987c11e107544a3115c162dc6d1ff68365bedbcf7fa854c679d206d020744aa6e6f607f6eaba9586445998f52b24cf05732b9a009d9444ab681ced56e93b54d0e6dd0def2caa7d638e94b1b1dfc8142ed8dc0c6ccf13c7cae93cb209918722d04e4a4a8052065350c3952c95808e558f189462ee72c2f03a6f9279ac9b037a8b53883f3cd9b824cf07718d5b6989f854b94c2c96e062da05a85fc2bb460bfec5a2f29e657d8b1ea016cf982cb358dcf433c6691360d0deab7dd5210599ddcbecec2ca42997cf500b18cf60000c800000000000000000000000600000035210f398fc857f7d1803d31933eef48826ad99bb42ac520734eda914cb43d8e294ca6a22e681f77f485b88f53bf8d3615305504e0b1c82523310cca7611b2380da5e652caad618664a2c4055033b499ef8ca047fdca3840e19e4b1e8abad864a421e3524f286762e10e07db5dce4dc26336f440a26b5791d87aa9543a8199db477dd06fb8692d936a478b55e8dca2dc7ed0750adc83283dd6bd16c4b248b208130398976abbfd658468b6a0c6f445ec14ee390000000000a8000000000000000f01000004000000563dc358a538d2224dca32eb31b34e173dde1a63b1c47268a48f7a1b73c6d9f9f55199ccb35a597c0df464f8dc4f08bef89b5e4fe825fb951de32bfb41f563c06db4122c44312411fea1604ed83804d15ecfb1a32a518bf3aff0c680f7d7c959badc82cfd5fb4360bc86635f7fe60d6c8de3ea399540f309421b0fbe5fae2200bcc8a11014a465c259304b7caaff6d145aa6000000000000c0000000000000007289c9af0200000089b7df0996986f55ac2e312d2683c211c4aea0e5d2f35e0ecbe288781c47fe11cff6940cec37bb4eda20cdb123bfc3301558920e20ea8f2c85e62fff92d27ee743a4d49d61cb38132b4985f3a0802b852431b75eb26b68dd31fa0db0b274bfe85966fe1f315ea4ba8e3b56719bc63329e0708520e599908e84ed3f494c75d9be7415e42e1a961245909301bc02a71f576a81fe16b6cfd8edac22d516d9bdea659537a625ca62f6e14c955fcd1a512b7c937abd91d4969d3e06b0d9e51431031439cef5ff978ed4d0e21035bfdc4d2b774adeeee75ba082d2e0fefa3b7d0cfc7a9e1dcc8463d46c9f468215443d0765597d9923d2909534fdebcde112278ecb3a2877a230136e35698d1f3ae6188dc3ac6ed5e63e936c41804eeb3f012f0a6b823ae01f71e680cd6a6d22c038237718d584b928463e87c093cd033209f67eee85824c87b246"], 0x1608}, 0x4000020) r7 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r8 = openat$cgroup_procs(r7, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r8, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x141042, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) fcntl$getflags(0xffffffffffffffff, 0xb) 22:37:00 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x20000000, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 306.867660] ? anon_vma_chain_link+0x154/0x1c0 [ 306.872256] anon_vma_clone+0xde/0x480 [ 306.876166] anon_vma_fork+0x8f/0x4a0 [ 306.879978] ? dup_userfaultfd+0x15e/0x6c0 [ 306.884218] ? memcpy+0x46/0x50 [ 306.887514] copy_process.part.0+0x34e5/0x7a30 [ 306.892142] ? __cleanup_sighand+0x70/0x70 [ 306.896379] ? lock_downgrade+0x880/0x880 [ 306.896407] ? kasan_check_write+0x14/0x20 [ 306.896419] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 306.896439] _do_fork+0x257/0xfd0 [ 306.904907] ? fork_idle+0x1d0/0x1d0 [ 306.904924] ? fput+0x128/0x1a0 22:37:00 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x2c010000, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 306.904937] ? ksys_write+0x1f1/0x2d0 [ 306.904957] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 306.904969] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 306.904986] ? do_syscall_64+0x26/0x620 [ 306.937488] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 306.942875] ? do_syscall_64+0x26/0x620 [ 306.946863] __x64_sys_clone+0xbf/0x150 [ 306.950861] do_syscall_64+0xfd/0x620 [ 306.954691] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 306.959912] RIP: 0033:0x459a59 22:37:00 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x3f000000, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 306.963119] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 306.982039] RSP: 002b:00007fae07356c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 306.989871] RAX: ffffffffffffffda RBX: 00007fae07356c90 RCX: 0000000000459a59 [ 306.997150] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 307.004433] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 307.011709] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073576d4 [ 307.018986] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 22:37:00 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$sock_inet6_udp_SIOCOUTQ(r1, 0x5411, &(0x7f0000000000)) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000080)={@pptp={0x18, 0x2, {0x3, @multicast2}}, {}, &(0x7f0000000040), 0x62}, 0xa0) unshare(0x8000000) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$IP_VS_SO_SET_ZERO(0xffffffffffffffff, 0x0, 0x48f, &(0x7f0000000340)={0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'lblcr\x00'}, 0x2c) [ 307.105094] x86/PAT: syz-executor.4:20922 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:37:00 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x40000000, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:00 executing program 2 (fault-call:9 fault-nth:34): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:37:00 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x8000000, 0x0, 0x0, 0x0, 0x0) [ 307.151808] x86/PAT: syz-executor.4:20922 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:37:00 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0x7a00000000000000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 307.235456] x86/PAT: syz-executor.2:20974 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 307.248158] x86/PAT: syz-executor.2:20974 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:37:00 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0) close(r0) syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r2, 0x0, r1) r3 = perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0, 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r3, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0, 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r4, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x2, 0x0, 0x0, 0xe1) r5 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r5, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000000)={0x0, r5, 0x8, 0x6, 0xfffffffffffffff7, 0x1}) 22:37:00 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x60000000, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:00 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000000)=0x0) ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, &(0x7f00000000c0)=r2) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop-control\x00', 0x80000, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x141042, 0x0) 22:37:00 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0xbcefff7f00000000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 307.368613] x86/PAT: syz-executor.4:21136 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:37:00 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) bind$inet6(r2, &(0x7f0000000280)={0xa, 0x4e20, 0x2, @mcast2, 0x7}, 0x1c) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, 0x0) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000340)={r6}, 0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r5, 0x84, 0x0, &(0x7f0000000080)={r6, 0x20, 0x0, 0x6}, 0x10) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000180)={r6, 0x42, 0x9, 0x4, 0x2, 0x9, 0x0, 0x1, {0x0, @in6={{0xa, 0x4e20, 0x7, @rand_addr="0b3637a357840fa6723e1d39bf0c3cd0"}}, 0x6, 0x2, 0x3988, 0x0, 0x64c}}, &(0x7f0000000240)=0xb0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r4, 0x84, 0x77, &(0x7f0000000000)={r6, 0x0, 0x7, [0x0, 0x5, 0x5, 0x5, 0x400, 0x4b5c, 0x6]}, &(0x7f00000000c0)=0x16) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000100)={r7}, &(0x7f0000000140)=0x8) [ 307.456567] x86/PAT: syz-executor.2:21176 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 307.514939] FAULT_INJECTION: forcing a failure. [ 307.514939] name failslab, interval 1, probability 0, space 0, times 0 22:37:00 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0, 0xfaeeff7f00000000}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 307.611092] x86/PAT: syz-executor.4:21110 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 307.630649] CPU: 1 PID: 21185 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 307.637632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 307.646998] Call Trace: [ 307.649600] dump_stack+0x172/0x1f0 [ 307.653248] should_fail.cold+0xa/0x1b [ 307.657246] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 307.662364] ? lock_downgrade+0x880/0x880 [ 307.663783] x86/PAT: syz-executor.4:21110 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 307.666530] __should_failslab+0x121/0x190 [ 307.666547] should_failslab+0x9/0x14 [ 307.666561] kmem_cache_alloc+0x2ae/0x700 [ 307.666574] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 307.666591] ? __vm_enough_memory+0x324/0x5a0 [ 307.696897] vm_area_dup+0x21/0x170 [ 307.700529] copy_process.part.0+0x3407/0x7a30 [ 307.705140] ? __cleanup_sighand+0x70/0x70 [ 307.709376] ? lock_downgrade+0x880/0x880 [ 307.713538] ? kasan_check_write+0x14/0x20 [ 307.717775] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 307.722634] _do_fork+0x257/0xfd0 [ 307.726101] ? fork_idle+0x1d0/0x1d0 [ 307.729820] ? fput+0x128/0x1a0 [ 307.733103] ? ksys_write+0x1f1/0x2d0 [ 307.736913] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 307.741674] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 307.746433] ? do_syscall_64+0x26/0x620 [ 307.750419] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 307.755788] ? do_syscall_64+0x26/0x620 22:37:00 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0xd1aa0e20b18cafbc, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_ACCEPT(r0, &(0x7f0000000240)={0x8, 0x120, 0xfa00, {0x1, {0x7, 0xffff, "1f36f150c68de4e4aac56236e77961bfabb480a89e4c09239ef84bf11ce23ed4b2068087773e53f12b5bc9131c2919d7d4d67849ee1c04c0e20cc987fd0c9552ae85bc58b9f082db7d8d8700b7b151a8ea0dd64095d2dbd27b3fb4d34bff78c64a8216a4fed1d415ee460bcb630851763ce8b02456d3eb7b3f2d61c185c9d3d7ab57523de7bbe2cbdae2e4495f854ea840b069cef6a6c473bc00fec909b3b0e372d8c98d6d444adfa6be8bcdce1964f5db4e89e2de8a269f89200e4d9108ce1df9bba83d2986103bd344ccf8b1ca066be624cd3aef7a8ccfe362e7e020160435478d9c83aa44809dcfa409b157a5a245cf5209b5dd5c9487bb7f55dfa11ad656", 0x43, 0x3, 0x47, 0x0, 0x1, 0xff, 0x1}, r4}}, 0x128) open(0x0, 0x141042, 0x0) [ 307.759771] __x64_sys_clone+0xbf/0x150 [ 307.763751] do_syscall_64+0xfd/0x620 [ 307.767561] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 307.772752] RIP: 0033:0x459a59 [ 307.775957] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 307.794871] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 307.802593] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 22:37:01 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x8dffffff, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:01 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x10000200, 0x0, 0x0, 0x0, 0x0) [ 307.809873] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 307.817175] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 307.824457] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 307.831732] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 [ 307.908020] x86/PAT: syz-executor.2:21185 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 307.965909] x86/PAT: syz-executor.4:21404 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 307.994534] x86/PAT: syz-executor.2:21185 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:37:01 executing program 2 (fault-call:9 fault-nth:35): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:37:01 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) bind$inet6(r2, &(0x7f0000000280)={0xa, 0x4e20, 0x2, @mcast2, 0x7}, 0x1c) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, 0x0) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000340)={r6}, 0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r5, 0x84, 0x0, &(0x7f0000000080)={r6, 0x20, 0x0, 0x6}, 0x10) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000180)={r6, 0x42, 0x9, 0x4, 0x2, 0x9, 0x0, 0x1, {0x0, @in6={{0xa, 0x4e20, 0x7, @rand_addr="0b3637a357840fa6723e1d39bf0c3cd0"}}, 0x6, 0x2, 0x3988, 0x0, 0x64c}}, &(0x7f0000000240)=0xb0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r4, 0x84, 0x77, &(0x7f0000000000)={r6, 0x0, 0x7, [0x0, 0x5, 0x5, 0x5, 0x400, 0x4b5c, 0x6]}, &(0x7f00000000c0)=0x16) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000100)={r7}, &(0x7f0000000140)=0x8) 22:37:01 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0xc0050000, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:01 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x2}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 308.120393] x86/PAT: syz-executor.4:21401 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 308.180276] x86/PAT: syz-executor.2:21591 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 308.183017] x86/PAT: syz-executor.4:21401 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:37:01 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0xc4050000, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:01 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x11000000, 0x0, 0x0, 0x0, 0x0) 22:37:01 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x4}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 308.287063] FAULT_INJECTION: forcing a failure. [ 308.287063] name failslab, interval 1, probability 0, space 0, times 0 [ 308.342162] CPU: 0 PID: 21624 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 308.349175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 308.358536] Call Trace: [ 308.361156] dump_stack+0x172/0x1f0 [ 308.364802] should_fail.cold+0xa/0x1b [ 308.368706] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 308.373820] ? find_held_lock+0x35/0x130 [ 308.377894] ? percpu_ref_put_many+0x94/0x190 [ 308.382405] __should_failslab+0x121/0x190 [ 308.386699] should_failslab+0x9/0x14 [ 308.390536] kmem_cache_alloc+0x47/0x700 [ 308.394597] ? __lock_is_held+0xb6/0x140 [ 308.398674] anon_vma_clone+0xde/0x480 [ 308.402553] anon_vma_fork+0x8f/0x4a0 [ 308.406350] ? dup_userfaultfd+0x15e/0x6c0 [ 308.410634] ? memcpy+0x46/0x50 [ 308.413951] copy_process.part.0+0x34e5/0x7a30 [ 308.418540] ? __cleanup_sighand+0x70/0x70 [ 308.422775] ? finish_task_switch+0x146/0x7c0 [ 308.427267] ? lockdep_hardirqs_on+0x415/0x5d0 [ 308.431836] ? trace_hardirqs_on+0x67/0x220 [ 308.436152] ? kasan_check_read+0x11/0x20 [ 308.440297] _do_fork+0x257/0xfd0 [ 308.443734] ? fork_idle+0x1d0/0x1d0 [ 308.447437] ? pci_mmcfg_check_reserved+0x170/0x170 [ 308.452452] ? prepare_exit_to_usermode+0x293/0x2f0 [ 308.457476] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 308.462229] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 308.466987] ? do_syscall_64+0x26/0x620 [ 308.470948] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 308.476313] ? do_syscall_64+0x26/0x620 [ 308.480294] __x64_sys_clone+0xbf/0x150 [ 308.484267] do_syscall_64+0xfd/0x620 [ 308.488069] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 308.493242] RIP: 0033:0x459a59 [ 308.496426] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 308.515329] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 308.523040] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 308.530317] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 22:37:01 executing program 3: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x141042, 0x0) 22:37:01 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) bind$inet6(r2, &(0x7f0000000280)={0xa, 0x4e20, 0x2, @mcast2, 0x7}, 0x1c) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, 0x0) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000340)={r6}, 0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r5, 0x84, 0x0, &(0x7f0000000080)={r6, 0x20, 0x0, 0x6}, 0x10) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000180)={r6, 0x42, 0x9, 0x4, 0x2, 0x9, 0x0, 0x1, {0x0, @in6={{0xa, 0x4e20, 0x7, @rand_addr="0b3637a357840fa6723e1d39bf0c3cd0"}}, 0x6, 0x2, 0x3988, 0x0, 0x64c}}, &(0x7f0000000240)=0xb0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r4, 0x84, 0x77, &(0x7f0000000000)={r6, 0x0, 0x7, [0x0, 0x5, 0x5, 0x5, 0x400, 0x4b5c, 0x6]}, &(0x7f00000000c0)=0x16) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000100)={r7}, &(0x7f0000000140)=0x8) [ 308.537588] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 308.544858] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 308.552122] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 [ 308.665422] x86/PAT: syz-executor.4:21639 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:37:01 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x6}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:37:01 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0xf5ffffff, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 308.752489] x86/PAT: syz-executor.2:21591 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 308.791901] x86/PAT: syz-executor.2:21591 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 308.820337] x86/PAT: syz-executor.4:21636 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:37:02 executing program 2 (fault-call:9 fault-nth:36): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:37:02 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0xfc000000, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 308.875395] x86/PAT: syz-executor.4:21636 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:37:02 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x8}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:37:02 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) bind$inet6(r2, &(0x7f0000000280)={0xa, 0x4e20, 0x2, @mcast2, 0x7}, 0x1c) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, 0x0) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000340)={r6}, 0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r5, 0x84, 0x0, &(0x7f0000000080)={r6, 0x20, 0x0, 0x6}, 0x10) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000180)={r6, 0x42, 0x9, 0x4, 0x2, 0x9, 0x0, 0x1, {0x0, @in6={{0xa, 0x4e20, 0x7, @rand_addr="0b3637a357840fa6723e1d39bf0c3cd0"}}, 0x6, 0x2, 0x3988, 0x0, 0x64c}}, &(0x7f0000000240)=0xb0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r4, 0x84, 0x77, &(0x7f0000000000)={r6, 0x0, 0x7, [0x0, 0x5, 0x5, 0x5, 0x400, 0x4b5c, 0x6]}, &(0x7f00000000c0)=0x16) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000100)={r7}, &(0x7f0000000140)=0x8) 22:37:02 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x1e550000, 0x0, 0x0, 0x0, 0x0) 22:37:02 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$TCSETSW(r3, 0x5403, &(0x7f0000000000)={0x9, 0x9, 0x9, 0xfff, 0x14, 0x9, 0x88, 0x8f, 0xc5e, 0x7f, 0x4, 0xde88}) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x141042, 0x0) [ 309.093576] x86/PAT: syz-executor.2:21855 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:37:02 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0xfe800000, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 309.161861] x86/PAT: syz-executor.4:21864 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 309.170206] FAULT_INJECTION: forcing a failure. [ 309.170206] name failslab, interval 1, probability 0, space 0, times 0 [ 309.203285] CPU: 0 PID: 21871 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 309.210278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 309.219736] Call Trace: [ 309.222350] dump_stack+0x172/0x1f0 [ 309.226002] should_fail.cold+0xa/0x1b [ 309.226023] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 309.226045] ? __lock_is_held+0xb6/0x140 [ 309.235024] ? __lock_is_held+0xb6/0x140 [ 309.235050] __should_failslab+0x121/0x190 [ 309.235068] should_failslab+0x9/0x14 [ 309.235082] kmem_cache_alloc+0x47/0x700 [ 309.235098] ? anon_vma_chain_link+0x154/0x1c0 [ 309.235119] anon_vma_clone+0xde/0x480 [ 309.263784] anon_vma_fork+0x8f/0x4a0 [ 309.267608] ? dup_userfaultfd+0x15e/0x6c0 [ 309.271862] ? memcpy+0x46/0x50 [ 309.275171] copy_process.part.0+0x34e5/0x7a30 [ 309.279806] ? __cleanup_sighand+0x70/0x70 [ 309.284051] ? lock_downgrade+0x880/0x880 [ 309.288231] ? kasan_check_write+0x14/0x20 [ 309.292482] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 309.297346] _do_fork+0x257/0xfd0 [ 309.300823] ? fork_idle+0x1d0/0x1d0 [ 309.304557] ? fput+0x128/0x1a0 [ 309.307854] ? ksys_write+0x1f1/0x2d0 [ 309.311680] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 309.316453] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 309.321226] ? do_syscall_64+0x26/0x620 [ 309.325218] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 309.330609] ? do_syscall_64+0x26/0x620 [ 309.334606] __x64_sys_clone+0xbf/0x150 [ 309.338605] do_syscall_64+0xfd/0x620 [ 309.342434] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 309.347637] RIP: 0033:0x459a59 22:37:02 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0xa}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:37:02 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) bind$inet6(r2, &(0x7f0000000280)={0xa, 0x4e20, 0x2, @mcast2, 0x7}, 0x1c) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, 0x0) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000340)={r6}, 0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r5, 0x84, 0x0, &(0x7f0000000080)={r6, 0x20, 0x0, 0x6}, 0x10) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000180)={r6, 0x42, 0x9, 0x4, 0x2, 0x9, 0x0, 0x1, {0x0, @in6={{0xa, 0x4e20, 0x7, @rand_addr="0b3637a357840fa6723e1d39bf0c3cd0"}}, 0x6, 0x2, 0x3988, 0x0, 0x64c}}, &(0x7f0000000240)=0xb0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r4, 0x84, 0x77, &(0x7f0000000000)={r6, 0x0, 0x7, [0x0, 0x5, 0x5, 0x5, 0x400, 0x4b5c, 0x6]}, &(0x7f00000000c0)=0x16) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000100)={r7}, &(0x7f0000000140)=0x8) [ 309.350844] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 309.358378] x86/PAT: syz-executor.4:21863 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 309.369770] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 309.369786] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 309.369795] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 22:37:02 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0xfec00000, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 309.369803] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 309.369812] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 309.369820] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 [ 309.447657] x86/PAT: syz-executor.2:22074 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:37:02 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0xec, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xd3, 0x10001}, 0x0, 0x1f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x141042, 0x0) r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x200) fchmodat(r2, &(0x7f00000000c0)='./file0/file0\x00', 0x110) write$FUSE_POLL(r0, &(0x7f0000000180)={0x18, 0x0, 0x7, {0x8}}, 0x18) [ 309.510553] x86/PAT: syz-executor.2:22074 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:37:02 executing program 2 (fault-call:9 fault-nth:37): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:37:02 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0xff000000, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:02 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0xc}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 309.634756] x86/PAT: syz-executor.4:21863 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:37:02 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) bind$inet6(r2, &(0x7f0000000280)={0xa, 0x4e20, 0x2, @mcast2, 0x7}, 0x1c) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, 0x0) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000340)={r6}, 0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r5, 0x84, 0x0, &(0x7f0000000080)={r6, 0x20, 0x0, 0x6}, 0x10) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000180)={r6, 0x42, 0x9, 0x4, 0x2, 0x9, 0x0, 0x1, {0x0, @in6={{0xa, 0x4e20, 0x7, @rand_addr="0b3637a357840fa6723e1d39bf0c3cd0"}}, 0x6, 0x2, 0x3988, 0x0, 0x64c}}, &(0x7f0000000240)=0xb0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r4, 0x84, 0x77, &(0x7f0000000000)={r6, 0x0, 0x7, [0x0, 0x5, 0x5, 0x5, 0x400, 0x4b5c, 0x6]}, &(0x7f00000000c0)=0x16) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000100)={r7}, &(0x7f0000000140)=0x8) 22:37:02 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x1f000000, 0x0, 0x0, 0x0, 0x0) 22:37:02 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0xffffff7f, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 309.762123] x86/PAT: syz-executor.2:22102 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:37:03 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0xe}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 309.815784] FAULT_INJECTION: forcing a failure. [ 309.815784] name failslab, interval 1, probability 0, space 0, times 0 [ 309.847956] x86/PAT: syz-executor.4:22161 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 309.944170] audit: type=1400 audit(1570833423.103:102): avc: denied { sys_admin } for pid=22160 comm="syz-executor.4" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 309.995700] CPU: 1 PID: 22195 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 310.002695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 310.012334] Call Trace: [ 310.014949] dump_stack+0x172/0x1f0 [ 310.018606] should_fail.cold+0xa/0x1b [ 310.022522] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 310.027651] ? __lock_is_held+0xb6/0x140 [ 310.031760] __should_failslab+0x121/0x190 [ 310.036010] should_failslab+0x9/0x14 [ 310.039853] kmem_cache_alloc+0x47/0x700 22:37:03 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) bind$inet6(r2, &(0x7f0000000280)={0xa, 0x4e20, 0x2, @mcast2, 0x7}, 0x1c) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, 0x0) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000340)={r6}, 0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r5, 0x84, 0x0, &(0x7f0000000080)={r6, 0x20, 0x0, 0x6}, 0x10) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000180)={r6, 0x42, 0x9, 0x4, 0x2, 0x9, 0x0, 0x1, {0x0, @in6={{0xa, 0x4e20, 0x7, @rand_addr="0b3637a357840fa6723e1d39bf0c3cd0"}}, 0x6, 0x2, 0x3988, 0x0, 0x64c}}, &(0x7f0000000240)=0xb0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r4, 0x84, 0x77, &(0x7f0000000000)={r6, 0x0, 0x7, [0x0, 0x5, 0x5, 0x5, 0x400, 0x4b5c, 0x6]}, &(0x7f00000000c0)=0x16) 22:37:03 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0, 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r1, 0x0) ioctl$PERF_EVENT_IOC_ID(r1, 0x80082407, &(0x7f00000000c0)) r2 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$cgroup_procs(r2, &(0x7f0000000000)='tasks\x00', 0x2, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r3 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r4, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x141042, 0x0) [ 310.043932] ? anon_vma_chain_link+0x154/0x1c0 [ 310.048542] anon_vma_clone+0xde/0x480 [ 310.052454] anon_vma_fork+0x8f/0x4a0 [ 310.056271] ? dup_userfaultfd+0x15e/0x6c0 [ 310.060520] ? memcpy+0x46/0x50 [ 310.063816] copy_process.part.0+0x34e5/0x7a30 [ 310.068437] ? __cleanup_sighand+0x70/0x70 [ 310.072684] ? lock_downgrade+0x880/0x880 [ 310.076853] ? kasan_check_write+0x14/0x20 [ 310.081115] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 310.081140] _do_fork+0x257/0xfd0 [ 310.089433] ? fork_idle+0x1d0/0x1d0 22:37:03 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0xffffff8d, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 310.089449] ? fput+0x128/0x1a0 [ 310.089465] ? ksys_write+0x1f1/0x2d0 [ 310.089483] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 310.089499] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 310.105027] ? do_syscall_64+0x26/0x620 [ 310.105044] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 310.105058] ? do_syscall_64+0x26/0x620 [ 310.105080] __x64_sys_clone+0xbf/0x150 [ 310.119191] do_syscall_64+0xfd/0x620 [ 310.119212] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 310.119225] RIP: 0033:0x459a59 22:37:03 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) bind$inet6(r2, &(0x7f0000000280)={0xa, 0x4e20, 0x2, @mcast2, 0x7}, 0x1c) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, 0x0) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000340)={r6}, 0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r5, 0x84, 0x0, &(0x7f0000000080)={r6, 0x20, 0x0, 0x6}, 0x10) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000180)={r6, 0x42, 0x9, 0x4, 0x2, 0x9, 0x0, 0x1, {0x0, @in6={{0xa, 0x4e20, 0x7, @rand_addr="0b3637a357840fa6723e1d39bf0c3cd0"}}, 0x6, 0x2, 0x3988, 0x0, 0x64c}}, &(0x7f0000000240)=0xb0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r4, 0x84, 0x77, &(0x7f0000000000)={r6, 0x0, 0x7, [0x0, 0x5, 0x5, 0x5, 0x400, 0x4b5c, 0x6]}, &(0x7f00000000c0)=0x16) [ 310.139449] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 310.158370] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 310.166103] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 310.173392] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 310.180673] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 310.187975] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 310.195263] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 22:37:03 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x10}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 310.246844] x86/PAT: syz-executor.2:22227 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:37:03 executing program 2 (fault-call:9 fault-nth:38): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:37:03 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0xfffffff5, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 310.385186] x86/PAT: syz-executor.4:22160 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 310.390979] x86/PAT: syz-executor.2:22227 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 310.406020] x86/PAT: syz-executor.4:22160 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:37:03 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x3f000000, 0x0, 0x0, 0x0, 0x0) 22:37:03 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x12}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:37:03 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) bind$inet6(r2, &(0x7f0000000280)={0xa, 0x4e20, 0x2, @mcast2, 0x7}, 0x1c) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, 0x0) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000340)={r6}, 0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r5, 0x84, 0x0, &(0x7f0000000080)={r6, 0x20, 0x0, 0x6}, 0x10) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000180)={r6, 0x42, 0x9, 0x4, 0x2, 0x9, 0x0, 0x1, {0x0, @in6={{0xa, 0x4e20, 0x7, @rand_addr="0b3637a357840fa6723e1d39bf0c3cd0"}}, 0x6, 0x2, 0x3988, 0x0, 0x64c}}, &(0x7f0000000240)=0xb0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r4, 0x84, 0x77, &(0x7f0000000000)={r6, 0x0, 0x7, [0x0, 0x5, 0x5, 0x5, 0x400, 0x4b5c, 0x6]}, &(0x7f00000000c0)=0x16) 22:37:03 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x10}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 310.650464] x86/PAT: syz-executor.4:22451 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:37:03 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280)='/selinux/policy\x00', 0x0, 0x0) read$FUSE(r2, 0x0, 0x0) r3 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r3, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) getsockopt$inet_sctp6_SCTP_RTOINFO(r3, 0x84, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000a40)=[{{&(0x7f0000000ac0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/45, 0x2d}], 0x1, &(0x7f00000002c0)=""/138, 0x8a}, 0x6}, {{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000180)=""/17, 0x11}], 0x1}, 0x2}], 0x2, 0x2, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x141042, 0x0) [ 310.723442] x86/PAT: syz-executor.2:22452 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 310.740109] FAULT_INJECTION: forcing a failure. [ 310.740109] name failslab, interval 1, probability 0, space 0, times 0 [ 310.754481] CPU: 0 PID: 22452 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 310.761452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 310.770828] Call Trace: [ 310.773441] dump_stack+0x172/0x1f0 [ 310.777090] should_fail.cold+0xa/0x1b [ 310.781000] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 310.786112] ? lock_downgrade+0x880/0x880 [ 310.790278] __should_failslab+0x121/0x190 [ 310.794528] should_failslab+0x9/0x14 [ 310.798334] kmem_cache_alloc+0x2ae/0x700 [ 310.802490] ? anon_vma_clone+0x320/0x480 [ 310.806655] anon_vma_fork+0xfc/0x4a0 [ 310.810460] ? dup_userfaultfd+0x15e/0x6c0 [ 310.810473] ? memcpy+0x46/0x50 [ 310.810492] copy_process.part.0+0x34e5/0x7a30 22:37:03 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) bind$inet6(r2, &(0x7f0000000280)={0xa, 0x4e20, 0x2, @mcast2, 0x7}, 0x1c) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, 0x0) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000340)={r6}, 0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r5, 0x84, 0x0, &(0x7f0000000080)={r6, 0x20, 0x0, 0x6}, 0x10) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000180)={r6, 0x42, 0x9, 0x4, 0x2, 0x9, 0x0, 0x1, {0x0, @in6={{0xa, 0x4e20, 0x7, @rand_addr="0b3637a357840fa6723e1d39bf0c3cd0"}}, 0x6, 0x2, 0x3988, 0x0, 0x64c}}, &(0x7f0000000240)=0xb0) [ 310.822577] ? __cleanup_sighand+0x70/0x70 [ 310.826825] ? lock_downgrade+0x880/0x880 [ 310.830993] ? kasan_check_write+0x14/0x20 [ 310.835237] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 310.840095] _do_fork+0x257/0xfd0 [ 310.843562] ? fork_idle+0x1d0/0x1d0 [ 310.847291] ? fput+0x128/0x1a0 [ 310.850590] ? ksys_write+0x1f1/0x2d0 [ 310.854408] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 310.859168] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 310.863934] ? do_syscall_64+0x26/0x620 [ 310.867922] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 310.873298] ? do_syscall_64+0x26/0x620 [ 310.877282] __x64_sys_clone+0xbf/0x150 [ 310.881265] do_syscall_64+0xfd/0x620 [ 310.885079] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 310.890278] RIP: 0033:0x459a59 [ 310.893474] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 310.912385] RSP: 002b:00007fae07356c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 22:37:04 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) bind$inet6(r2, &(0x7f0000000280)={0xa, 0x4e20, 0x2, @mcast2, 0x7}, 0x1c) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, 0x0) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000340)={r6}, 0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r5, 0x84, 0x0, &(0x7f0000000080)={r6, 0x20, 0x0, 0x6}, 0x10) 22:37:04 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:04 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x14}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 310.920220] RAX: ffffffffffffffda RBX: 00007fae07356c90 RCX: 0000000000459a59 [ 310.927499] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 310.934782] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 310.942058] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073576d4 [ 310.942068] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 22:37:04 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x2]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 311.118054] x86/PAT: syz-executor.4:22450 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 311.173057] x86/PAT: syz-executor.4:22450 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 311.262786] x86/PAT: syz-executor.2:22452 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 311.278467] x86/PAT: syz-executor.2:22452 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:37:04 executing program 2 (fault-call:9 fault-nth:39): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:37:04 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x16}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:37:04 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x40000000, 0x0, 0x0, 0x0, 0x0) 22:37:04 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x3]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:04 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) bind$inet6(r2, &(0x7f0000000280)={0xa, 0x4e20, 0x2, @mcast2, 0x7}, 0x1c) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, 0x0) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000340)={r5}, 0x8) [ 311.411378] x86/PAT: syz-executor.4:22691 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:37:04 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x18}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:37:04 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) accept(r0, &(0x7f0000000240)=@in6={0xa, 0x0, 0x0, @initdev}, &(0x7f0000000180)=0x80) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='bpf\x00', 0x2000000, &(0x7f00000002c0)=ANY=[@ANYBLOB="6d6f64653d303030303030303030306c691fd06acac6a6f3ed3f60c8cf303030303030303030303230302c6d6f64653d30303030303030303030303030303030303134343432312c6d6f64653d30313737373737373737373737373737373737373035332c7063723d30303030303030303030303030303030303033302c00"]) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r2, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x141042, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$TIOCGICOUNT(r4, 0x545d, 0x0) [ 311.498598] x86/PAT: syz-executor.2:22698 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:37:04 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) bind$inet6(r2, &(0x7f0000000280)={0xa, 0x4e20, 0x2, @mcast2, 0x7}, 0x1c) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, 0x0) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000340)={r5}, 0x8) [ 311.550575] IPVS: ftp: loaded support on port[0] = 21 22:37:04 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x4]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:04 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x1a}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 311.665764] FAULT_INJECTION: forcing a failure. [ 311.665764] name failslab, interval 1, probability 0, space 0, times 0 [ 311.734751] CPU: 1 PID: 22704 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 311.741850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 311.751208] Call Trace: [ 311.753814] dump_stack+0x172/0x1f0 [ 311.757466] should_fail.cold+0xa/0x1b [ 311.761377] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 311.766496] ? lock_downgrade+0x880/0x880 [ 311.770670] __should_failslab+0x121/0x190 [ 311.774917] should_failslab+0x9/0x14 [ 311.778725] kmem_cache_alloc+0x2ae/0x700 [ 311.782883] ? anon_vma_clone+0x320/0x480 [ 311.787050] anon_vma_fork+0x1ea/0x4a0 [ 311.790948] ? dup_userfaultfd+0x15e/0x6c0 [ 311.795193] copy_process.part.0+0x34e5/0x7a30 [ 311.799809] ? __cleanup_sighand+0x70/0x70 [ 311.804043] ? lock_downgrade+0x880/0x880 [ 311.808206] ? kasan_check_write+0x14/0x20 [ 311.812449] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 311.817309] _do_fork+0x257/0xfd0 [ 311.820769] ? fork_idle+0x1d0/0x1d0 [ 311.824491] ? fput+0x128/0x1a0 [ 311.827776] ? ksys_write+0x1f1/0x2d0 [ 311.831586] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 311.836603] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 311.841361] ? do_syscall_64+0x26/0x620 [ 311.845337] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 311.850702] ? do_syscall_64+0x26/0x620 [ 311.854683] __x64_sys_clone+0xbf/0x150 [ 311.858664] do_syscall_64+0xfd/0x620 [ 311.862471] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 311.867662] RIP: 0033:0x459a59 22:37:05 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0}}], 0x1, 0x4100, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x141042, 0x0) 22:37:05 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) bind$inet6(r2, &(0x7f0000000280)={0xa, 0x4e20, 0x2, @mcast2, 0x7}, 0x1c) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, 0x0) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000340)={r5}, 0x8) [ 311.870863] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 311.889854] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 311.897579] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 311.904851] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 311.904859] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 311.904867] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 311.904874] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 22:37:05 executing program 2 (fault-call:9 fault-nth:40): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:37:05 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x5]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 312.055734] x86/PAT: syz-executor.2:22698 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 312.072670] x86/PAT: syz-executor.2:22698 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 312.226570] x86/PAT: syz-executor.4:22691 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 312.250474] x86/PAT: syz-executor.2:22975 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 312.267420] FAULT_INJECTION: forcing a failure. [ 312.267420] name failslab, interval 1, probability 0, space 0, times 0 [ 312.272251] x86/PAT: syz-executor.4:22691 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 312.285347] CPU: 0 PID: 22975 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 312.294379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 312.303742] Call Trace: [ 312.306346] dump_stack+0x172/0x1f0 [ 312.309993] should_fail.cold+0xa/0x1b [ 312.313893] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 312.313909] ? __lock_is_held+0xb6/0x140 [ 312.313931] __should_failslab+0x121/0x190 [ 312.313943] should_failslab+0x9/0x14 [ 312.313953] kmem_cache_alloc+0x47/0x700 [ 312.313965] ? anon_vma_chain_link+0x154/0x1c0 [ 312.313978] anon_vma_clone+0xde/0x480 [ 312.313992] anon_vma_fork+0x8f/0x4a0 [ 312.314004] ? dup_userfaultfd+0x15e/0x6c0 [ 312.351805] ? memcpy+0x46/0x50 [ 312.355184] copy_process.part.0+0x34e5/0x7a30 [ 312.359792] ? __cleanup_sighand+0x70/0x70 [ 312.364059] ? lock_downgrade+0x880/0x880 [ 312.368228] ? kasan_check_write+0x14/0x20 [ 312.372476] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 312.377339] _do_fork+0x257/0xfd0 [ 312.380803] ? fork_idle+0x1d0/0x1d0 [ 312.384522] ? fput+0x128/0x1a0 [ 312.387816] ? ksys_write+0x1f1/0x2d0 [ 312.391626] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 312.396391] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 312.401159] ? do_syscall_64+0x26/0x620 [ 312.405140] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 312.410509] ? do_syscall_64+0x26/0x620 [ 312.414495] __x64_sys_clone+0xbf/0x150 [ 312.418484] do_syscall_64+0xfd/0x620 [ 312.422296] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 312.427496] RIP: 0033:0x459a59 [ 312.430693] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 312.449595] RSP: 002b:00007fae07356c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 312.457343] RAX: ffffffffffffffda RBX: 00007fae07356c90 RCX: 0000000000459a59 [ 312.464608] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 22:37:05 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x6b6b6b00, 0x0, 0x0, 0x0, 0x0) 22:37:05 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x1c}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:37:05 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) bind$inet6(r2, &(0x7f0000000280)={0xa, 0x4e20, 0x2, @mcast2, 0x7}, 0x1c) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, 0x0) 22:37:05 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x6]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 312.471873] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 312.479133] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073576d4 [ 312.486396] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 22:37:05 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x20) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x4, 0x3, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lsetxattr$system_posix_acl(0x0, 0x0, 0x0, 0x0, 0x0) ioctl(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000300)={{{@in6=@loopback, @in6=@mcast2}}, {{@in6=@loopback}, 0x0, @in6=@initdev}}, 0x0) rmdir(0x0) open(0x0, 0x8040, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x2) getpgrp(0x0) syz_open_dev$sndpcmc(0x0, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="3c010000100013070000ea54797a73449e3da443cf7e000000000000fe8000"/76, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff0200000000000000accf3748000000000000010000000032000000e0000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff0002000000000000000000469496bbbd8b457bc2549d13feb28100004c001200726663343130362867636d28616573292900"/259], 0x13c}}, 0x0) fcntl$getown(0xffffffffffffffff, 0x9) ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x3) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x4002011, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r2, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x141042, 0x0) fcntl$getownex(r2, 0x10, &(0x7f0000000000)) r3 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r3, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) [ 312.588890] x86/PAT: syz-executor.2:22975 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:37:05 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x1e}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:37:05 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x7]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 312.638572] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.3'. [ 312.658157] x86/PAT: syz-executor.2:22975 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:37:05 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) bind$inet6(r2, &(0x7f0000000280)={0xa, 0x4e20, 0x2, @mcast2, 0x7}, 0x1c) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) 22:37:05 executing program 2 (fault-call:9 fault-nth:41): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:37:06 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x75970000, 0x0, 0x0, 0x0, 0x0) 22:37:06 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x22}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 312.928914] x86/PAT: syz-executor.4:23269 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 312.947945] x86/PAT: syz-executor.2:23268 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:37:06 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 313.011486] FAULT_INJECTION: forcing a failure. [ 313.011486] name failslab, interval 1, probability 0, space 0, times 0 22:37:06 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) bind$inet6(r2, &(0x7f0000000280)={0xa, 0x4e20, 0x2, @mcast2, 0x7}, 0x1c) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) 22:37:06 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x8, 0x9, 0x1e, 0x8, "efb2b8625788033e2cde023630c3905ce5cb1c2550e1f18b2bcfdaef5d746cc6c0adf1e167fd0f2cf4a3c60a915fa61fda8de6bd4980f0d28fa341162d098a58", "389f453b6d8065f08442f7118c2dce3b3810e23b62bc4de369e9c6c1cbb781eb", [0xfff, 0x8]}) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x141042, 0x0) [ 313.181308] x86/PAT: syz-executor.4:23266 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:37:06 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x24}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 313.222499] x86/PAT: syz-executor.4:23266 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 313.232311] CPU: 1 PID: 23274 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 313.239274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 313.248636] Call Trace: [ 313.251241] dump_stack+0x172/0x1f0 [ 313.254890] should_fail.cold+0xa/0x1b [ 313.258801] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 313.263917] ? lock_downgrade+0x880/0x880 [ 313.268086] __should_failslab+0x121/0x190 [ 313.272336] should_failslab+0x9/0x14 [ 313.276143] kmem_cache_alloc+0x2ae/0x700 [ 313.280297] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 313.285851] ptlock_alloc+0x20/0x70 [ 313.289499] pte_alloc_one+0x6d/0x1a0 [ 313.293302] __pte_alloc+0x2a/0x360 [ 313.296933] copy_page_range+0x151f/0x1f90 [ 313.296945] ? anon_vma_fork+0x371/0x4a0 [ 313.296961] ? find_held_lock+0x35/0x130 [ 313.296973] ? anon_vma_fork+0x371/0x4a0 [ 313.296993] ? vma_compute_subtree_gap+0x158/0x230 [ 313.318301] ? vma_gap_callbacks_rotate+0x62/0x80 [ 313.323161] ? pmd_alloc+0x180/0x180 [ 313.326889] ? __vma_link_rb+0x279/0x370 [ 313.330964] copy_process.part.0+0x543d/0x7a30 [ 313.335583] ? __cleanup_sighand+0x70/0x70 [ 313.339825] ? lock_downgrade+0x880/0x880 [ 313.343993] ? kasan_check_write+0x14/0x20 [ 313.348233] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 313.353094] _do_fork+0x257/0xfd0 [ 313.356557] ? fork_idle+0x1d0/0x1d0 [ 313.360281] ? fput+0x128/0x1a0 [ 313.363570] ? ksys_write+0x1f1/0x2d0 [ 313.367383] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 313.372148] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 313.377083] ? do_syscall_64+0x26/0x620 [ 313.381066] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 313.386439] ? do_syscall_64+0x26/0x620 [ 313.390426] __x64_sys_clone+0xbf/0x150 [ 313.394422] do_syscall_64+0xfd/0x620 [ 313.398229] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 313.403431] RIP: 0033:0x459a59 22:37:06 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) bind$inet6(r2, &(0x7f0000000280)={0xa, 0x4e20, 0x2, @mcast2, 0x7}, 0x1c) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) 22:37:06 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) bind$inet6(r2, &(0x7f0000000280)={0xa, 0x4e20, 0x2, @mcast2, 0x7}, 0x1c) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r3) 22:37:06 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x9]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 313.406630] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 313.425533] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 313.425548] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 313.425555] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 313.425563] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 313.425575] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 313.462357] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 22:37:06 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0xa]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:06 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0xf4ffffff, 0x0, 0x0, 0x0, 0x0) [ 313.589606] x86/PAT: syz-executor.2:23274 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 313.666207] x86/PAT: syz-executor.2:23274 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 313.686210] x86/PAT: syz-executor.4:23475 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:37:07 executing program 2 (fault-call:9 fault-nth:42): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:37:07 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) bind$inet6(r2, &(0x7f0000000280)={0xa, 0x4e20, 0x2, @mcast2, 0x7}, 0x1c) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r3) 22:37:07 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x26}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:37:07 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0xf]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 313.907175] x86/PAT: syz-executor.4:23472 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:37:07 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0xffffffffffffffe0}}], 0x1, 0x10101, 0x0) preadv(r1, &(0x7f00000009c0), 0x0, 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0x1) open(0x0, 0x202, 0x40) 22:37:07 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x28}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 313.968417] x86/PAT: syz-executor.2:23620 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 314.007282] x86/PAT: syz-executor.4:23472 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 314.025560] FAULT_INJECTION: forcing a failure. [ 314.025560] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 314.054076] CPU: 1 PID: 23624 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 314.061067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 314.070434] Call Trace: 22:37:07 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x2a}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 314.073038] dump_stack+0x172/0x1f0 [ 314.076689] should_fail.cold+0xa/0x1b [ 314.080612] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 314.085743] ? __might_sleep+0x95/0x190 [ 314.089740] __alloc_pages_nodemask+0x1ee/0x750 [ 314.094424] ? __lock_is_held+0xb6/0x140 [ 314.098500] ? __alloc_pages_slowpath+0x2870/0x2870 [ 314.103531] ? find_held_lock+0x35/0x130 [ 314.107603] ? find_held_lock+0x35/0x130 [ 314.111679] ? copy_page_range+0x124f/0x1f90 [ 314.116109] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 314.121658] alloc_pages_current+0x107/0x210 [ 314.126079] pte_alloc_one+0x1b/0x1a0 [ 314.129893] __pte_alloc+0x2a/0x360 [ 314.133619] copy_page_range+0x151f/0x1f90 [ 314.137872] ? anon_vma_fork+0x371/0x4a0 [ 314.141971] ? pmd_alloc+0x180/0x180 [ 314.145710] ? __vma_link_rb+0x279/0x370 [ 314.149793] copy_process.part.0+0x543d/0x7a30 [ 314.154416] ? __cleanup_sighand+0x70/0x70 [ 314.158665] ? lock_downgrade+0x880/0x880 [ 314.162838] ? kasan_check_write+0x14/0x20 [ 314.167076] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 314.171946] _do_fork+0x257/0xfd0 [ 314.175411] ? fork_idle+0x1d0/0x1d0 [ 314.179128] ? fput+0x128/0x1a0 [ 314.182409] ? ksys_write+0x1f1/0x2d0 [ 314.186217] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 314.190976] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 314.195732] ? do_syscall_64+0x26/0x620 [ 314.199709] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 314.205074] ? do_syscall_64+0x26/0x620 [ 314.209056] __x64_sys_clone+0xbf/0x150 [ 314.213034] do_syscall_64+0xfd/0x620 [ 314.216841] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 314.222031] RIP: 0033:0x459a59 [ 314.225221] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 314.244141] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 314.251958] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 314.259233] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 314.266520] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 22:37:07 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) bind$inet6(r2, &(0x7f0000000280)={0xa, 0x4e20, 0x2, @mcast2, 0x7}, 0x1c) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r3) [ 314.273804] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 314.281086] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 22:37:07 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x10]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:07 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0xff0f0000, 0x0, 0x0, 0x0, 0x0) [ 314.319931] x86/PAT: syz-executor.2:23624 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 314.348665] x86/PAT: syz-executor.2:23624 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:37:07 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x141042, 0x0) 22:37:07 executing program 2 (fault-call:9 fault-nth:43): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:37:07 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x2c}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 314.494991] x86/PAT: syz-executor.4:23742 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:37:07 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x11]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 314.599939] x86/PAT: syz-executor.2:23752 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:37:07 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) bind$inet6(r2, &(0x7f0000000280)={0xa, 0x4e20, 0x2, @mcast2, 0x7}, 0x1c) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 314.671562] FAULT_INJECTION: forcing a failure. [ 314.671562] name failslab, interval 1, probability 0, space 0, times 0 [ 314.699545] x86/PAT: syz-executor.4:23740 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:37:07 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x2e}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 314.744924] x86/PAT: syz-executor.4:23740 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:37:07 executing program 3: r0 = syz_open_dev$dmmidi(&(0x7f00000000c0)='/dev/dmmidi#\x00', 0x6, 0x181400) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x1, 0x0) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f00000000c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000080)={0xffffffffffffffff}, 0x0, {0xa, 0x4e24, 0x0, @local}}}, 0x38) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f00000000c0)={0x11, 0x10, 0xfa00, {&(0x7f0000000080), r2}}, 0x18) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000300)={0x11, 0x10, 0xfa00, {&(0x7f0000000180), r2}}, 0x18) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r3 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r4, &(0x7f00000009c0)=[{&(0x7f0000000240)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0x25c}, {&(0x7f00000006c0)=""/189, 0xbd}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000000)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x10000000000001b6, 0x0) open(0x0, 0x141042, 0x0) [ 314.793201] CPU: 1 PID: 23849 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 314.800185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 314.809551] Call Trace: [ 314.812149] dump_stack+0x172/0x1f0 [ 314.815785] should_fail.cold+0xa/0x1b [ 314.819685] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 314.824795] ? lock_downgrade+0x880/0x880 [ 314.828972] __should_failslab+0x121/0x190 [ 314.833217] should_failslab+0x9/0x14 [ 314.837025] kmem_cache_alloc+0x2ae/0x700 [ 314.841188] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 314.846735] ptlock_alloc+0x20/0x70 [ 314.850389] pte_alloc_one+0x6d/0x1a0 [ 314.854191] __pte_alloc+0x2a/0x360 [ 314.857823] copy_page_range+0x151f/0x1f90 [ 314.862062] ? anon_vma_fork+0x371/0x4a0 [ 314.866148] ? pmd_alloc+0x180/0x180 [ 314.869864] ? __vma_link_rb+0x279/0x370 [ 314.873929] copy_process.part.0+0x543d/0x7a30 [ 314.878541] ? __cleanup_sighand+0x70/0x70 [ 314.882773] ? lock_downgrade+0x880/0x880 [ 314.886932] ? kasan_check_write+0x14/0x20 [ 314.891168] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 314.896019] _do_fork+0x257/0xfd0 [ 314.899481] ? fork_idle+0x1d0/0x1d0 [ 314.903193] ? fput+0x128/0x1a0 [ 314.906474] ? ksys_write+0x1f1/0x2d0 [ 314.910282] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 314.915041] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 314.919800] ? do_syscall_64+0x26/0x620 [ 314.923778] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 314.929140] ? do_syscall_64+0x26/0x620 [ 314.933120] __x64_sys_clone+0xbf/0x150 [ 314.937097] do_syscall_64+0xfd/0x620 [ 314.940919] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 314.946107] RIP: 0033:0x459a59 [ 314.949409] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 314.968414] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 314.976130] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 314.983395] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 22:37:08 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x60]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:08 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0xffff0700, 0x0, 0x0, 0x0, 0x0) [ 314.990660] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 314.997930] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 315.005200] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 [ 315.089343] x86/PAT: syz-executor.2:23849 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:37:08 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x30}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:37:08 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) bind$inet6(r2, &(0x7f0000000280)={0xa, 0x4e20, 0x2, @mcast2, 0x7}, 0x1c) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 315.177286] x86/PAT: syz-executor.4:23976 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 315.191949] x86/PAT: syz-executor.2:23849 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:37:08 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0xfc]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:08 executing program 2 (fault-call:9 fault-nth:44): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 315.352086] x86/PAT: syz-executor.4:23973 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:37:08 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) accept$unix(0xffffffffffffffff, 0x0, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/143, 0x8f}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xbc}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x8, 0x0) open(0x0, 0x141042, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r3, &(0x7f0000000300)="ec5e18e17fdb262ac5ae020000000000000058fadda7d0960eaff0fa2ab1ba6f8118f003de97544e6600f617c63cb58ced3bab3e45133d00"/68, &(0x7f0000000240)="ed96889caf13cfd3bda433dd7ed74bb4ff8adbc4a394dadf6ee0c6354fe7e88535237e423fd363cb0e68db350c40160f0b65a9f4e228efc1c91a6c55bbc10fc89966fff3d5556d07d69071ea3140e36e0ff6fdff729f09d2aa2b079c2ae768e1036e909421edfa952349da1a5f14ec87a0c54fb547f0faf7e0737b9c8ae639260fb4a0689c3c43cfaa92544858b4bf44528a385983a669fe7fb5396fa3aa82306c6a83284837af052178112dad8b6ee76cd39a99570a4eb8484089dac1"}, 0x20) pipe2(&(0x7f00000000c0), 0x18c800) 22:37:08 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x32}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 315.400166] x86/PAT: syz-executor.4:23973 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 315.426016] x86/PAT: syz-executor.2:24191 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:37:08 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0xffff0f00, 0x0, 0x0, 0x0, 0x0) [ 315.470133] FAULT_INJECTION: forcing a failure. [ 315.470133] name failslab, interval 1, probability 0, space 0, times 0 22:37:08 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 22:37:08 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 315.622353] x86/PAT: syz-executor.4:24209 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:37:08 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r3 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r3, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) ioctl$FS_IOC_GETFSLABEL(r3, 0x81009431, &(0x7f0000000280)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000000)=@assoc_value={0x0, 0x4}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000180)={r4, 0x18, "7dc7999a0dd4eb57506bd8b3dbc563fdd9f90ea606014ea7"}, &(0x7f0000000240)=0x20) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146, 0xfffffffffffffd90}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13, 0xffffff81}, {&(0x7f0000000a40)=""/71}], 0x2a9, 0x0) open(0x0, 0x141042, 0x0) 22:37:08 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x34}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:37:08 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x2]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 315.806473] x86/PAT: syz-executor.4:24200 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:37:09 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 315.849542] x86/PAT: syz-executor.4:24200 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:37:09 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0xfffffff4, 0x0, 0x0, 0x0, 0x0) [ 315.945392] CPU: 0 PID: 24191 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 315.952382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 315.961746] Call Trace: [ 315.964355] dump_stack+0x172/0x1f0 [ 315.968129] should_fail.cold+0xa/0x1b [ 315.972050] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 315.977170] ? lock_downgrade+0x880/0x880 [ 315.981346] __should_failslab+0x121/0x190 [ 315.985592] should_failslab+0x9/0x14 [ 315.989401] kmem_cache_alloc+0x2ae/0x700 22:37:09 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x36}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 315.993553] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 315.998570] ? __vm_enough_memory+0x324/0x5a0 [ 315.998589] vm_area_dup+0x21/0x170 [ 315.998603] copy_process.part.0+0x3407/0x7a30 [ 315.998637] ? __cleanup_sighand+0x70/0x70 [ 315.998649] ? lock_downgrade+0x880/0x880 [ 315.998671] ? kasan_check_write+0x14/0x20 [ 315.998683] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 315.998698] _do_fork+0x257/0xfd0 [ 315.998714] ? fork_idle+0x1d0/0x1d0 [ 315.998728] ? fput+0x128/0x1a0 [ 315.998745] ? ksys_write+0x1f1/0x2d0 [ 316.043038] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 316.047823] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 316.052585] ? do_syscall_64+0x26/0x620 [ 316.056568] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 316.061940] ? do_syscall_64+0x26/0x620 [ 316.065923] __x64_sys_clone+0xbf/0x150 [ 316.069938] do_syscall_64+0xfd/0x620 [ 316.073776] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 316.078971] RIP: 0033:0x459a59 [ 316.082169] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 316.101076] RSP: 002b:00007fae07356c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 316.108805] RAX: ffffffffffffffda RBX: 00007fae07356c90 RCX: 0000000000459a59 [ 316.116079] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 316.123357] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 316.130644] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073576d4 [ 316.137936] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 [ 316.184652] x86/PAT: syz-executor.4:24527 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:37:09 executing program 2 (fault-call:9 fault-nth:45): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:37:09 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x3]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:09 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) ioctl$FS_IOC_GETVERSION(r0, 0x80087601, &(0x7f0000000000)) r1 = open(&(0x7f0000000180)='./file0\x00', 0x128140, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r2, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x80404525, &(0x7f00000000c0)=""/52) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000280)={{{@in=@local, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@dev}}, &(0x7f0000000380)=0xe8) mount$9p_fd(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000240)='9p\x00', 0x80000, &(0x7f0000000a40)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno'}, 0x2c, {[{@uname={'uname', 0x3d, 'cgroup2\x00'}}, {@fscache='fscache'}, {@mmap='mmap'}, {@access_client='access=client'}, {@dfltuid={'dfltuid', 0x3d, r3}}, {@uname={'uname', 0x3d, 'cgroup.procs\x00'}}, {@loose='loose'}], [{@measure='measure'}]}}) open(0x0, 0x141042, 0x0) 22:37:09 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 22:37:09 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x38}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 316.268086] x86/PAT: syz-executor.2:24191 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 316.277057] x86/PAT: syz-executor.2:24191 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 316.292371] x86/PAT: syz-executor.4:24526 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 316.304829] x86/PAT: syz-executor.4:24526 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:37:09 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x21fffffff, 0x0, 0x0, 0x0, 0x0) 22:37:09 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x3a}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:37:09 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 316.437094] x86/PAT: syz-executor.2:24646 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:37:09 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x4]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 316.490196] FAULT_INJECTION: forcing a failure. [ 316.490196] name failslab, interval 1, probability 0, space 0, times 0 [ 316.584519] x86/PAT: syz-executor.4:24756 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:37:09 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x3c}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 316.744555] CPU: 1 PID: 24730 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 316.751561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 316.760926] Call Trace: [ 316.763534] dump_stack+0x172/0x1f0 [ 316.767181] should_fail.cold+0xa/0x1b [ 316.771092] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 316.772342] x86/PAT: syz-executor.4:24753 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 316.776210] ? find_held_lock+0x35/0x130 [ 316.776230] ? percpu_ref_put_many+0x94/0x190 [ 316.776250] __should_failslab+0x121/0x190 [ 316.776265] should_failslab+0x9/0x14 [ 316.776279] kmem_cache_alloc+0x47/0x700 [ 316.785130] x86/PAT: syz-executor.4:24753 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 316.788989] ? __lock_is_held+0xb6/0x140 [ 316.789015] anon_vma_clone+0xde/0x480 [ 316.822166] anon_vma_fork+0x8f/0x4a0 [ 316.825984] ? dup_userfaultfd+0x15e/0x6c0 [ 316.830227] ? memcpy+0x46/0x50 [ 316.830247] copy_process.part.0+0x34e5/0x7a30 [ 316.838108] ? __cleanup_sighand+0x70/0x70 [ 316.838123] ? lock_downgrade+0x880/0x880 [ 316.846499] ? kasan_check_write+0x14/0x20 [ 316.850749] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 316.855656] _do_fork+0x257/0xfd0 [ 316.859135] ? fork_idle+0x1d0/0x1d0 [ 316.862856] ? fput+0x128/0x1a0 [ 316.866153] ? ksys_write+0x1f1/0x2d0 [ 316.869963] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 316.869978] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 316.869994] ? do_syscall_64+0x26/0x620 [ 316.883466] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 316.888857] ? do_syscall_64+0x26/0x620 [ 316.892846] __x64_sys_clone+0xbf/0x150 [ 316.896844] do_syscall_64+0xfd/0x620 [ 316.900665] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 316.905859] RIP: 0033:0x459a59 [ 316.909069] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 316.909078] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 316.909092] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 22:37:10 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000180)={&(0x7f00000000c0)='./file0\x00'}, 0x10) r0 = socket$inet6_dccp(0xa, 0x6, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=@newqdisc={0x58, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfb={{0x8, 0x1, 'sfb\x00'}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28}}}]}, 0x58}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="340000002c00010700"/20, @ANYRES32=r4, @ANYBLOB="1000000000000000030700000c000100090000007570010004000200"], 0x34}}, 0x0) recvfrom(r0, &(0x7f0000000240)=""/38, 0x26, 0x20002102, &(0x7f0000000280)=@hci={0x1f, r4, 0x1}, 0x80) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r5 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r6 = openat$cgroup_procs(r5, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r8 = dup(r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r6, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r9 = socket$kcm(0xa, 0x2, 0x88) sendmsg$kcm(r9, &(0x7f0000000580)={&(0x7f0000000080)=@nfc={0x27, 0x1, 0x1, 0x1}, 0x80, &(0x7f0000000140)=[{&(0x7f00000005c0)="769b58a84effca10f29d18327a130368a239c62befc59149879c9c3375db026039f53fef1c28cb0f94f98a2753095a63d3040fc2f6241fe8b23b869483f8a73fd615c4c7c79102346d0c1f770dd116787fa9dac29281ba92b30a1e2f8c2b46461a33bab28969860bee32fb998fc24d48b01c5aafaf30ff27e0d6a8480397b9a80c3bc967e957dde7d6e4fdaa4b24e40d1aa8d26b40d493ad75a8e5cf58c3505f166380b901a3778abf21500e1252c56271c49d05ef48f0c68444479ea8a4d15291f2152b146735298bf68988fc2c6e5ff47bb0664a9fbcd45e866b14f76cf4959f5e15e6219dd03acc1b035160d6846f883a738d712c9cbd047a3856bbe84c0ae4e433f089e1e25b8a72a46c502af5f6b9e9c86ef22ccfdb3eef8d44bb64a3ba64f60ab1d8265b21c860ce2e4f5aca4ff41c60fc1a31da299d2546975a13003b55e4600dbcc59dc5d1003a05f07e038f28bf6a0b7da730a53a569bd5966d0ccd95361f5fc7601d696802fb3bab8a2961d67fabc187c73b366e900de0f651d80b4c2db2f734d9554f5c986bedc1bb4aef7172ca4dac41966074bde73b05ffbebd4518b5d3983a60b3024945ee20324e281ae80ec05cc076c6e50072bb7b473258be60281199efd42197ba107c441824002dee91d59ea609b2164fe754427bff90df7c4849ad7a5460d6f5ff0300008cedbf41bb81c50901cc1eeff8fd4bc2ec38387de9e1a7476009654b9161c66fe14795188cbcf072c23441f8907145ec0eab52f0d2ea2ff14c7be176fdd58e889460d86d8da598e5b812d9cf8e57674f476cfda0b73e8e8b7b333621e4fc08a43366efeda92b3beecacb5f5472637d61a7f2acedc6c664e674df9769cf948b49e4a8253d841e29d853bb829b7d0e3e132d6227016f7052d14fd8d2a105e9e2578bce4b3b4adbc2436d4eda84eb7448258f4efe3368ef6d94f4d1e60941dfe345d6d3820ddf47d5cda86dd27a56170498b2f803dd7b907aef7381e5158c9d02c262661271e99197a5dd071c304ad3c98dc9405add9e7b2c7c8ee09713f9327926881938b2e7881e4027ca09bcc509d154cfa25140fbbc243d94c1ed6ffe0b5011255efcd682d829970ee54dadea3a0598c27239ab43a123259b4d2bca808d9eb34c032703561d89ebc6ab024c8af542831d34bfed54af42691f852ddc20ee2eebbfcfa6712d296a2a317fae6f78a0e555af174b22dd330d1d49553e04c0c28e725861dc745cb9f333c2b2ce25ae8af82f04499e30ee5d4485fa1b1b50cacd680862217f88fd89a22dfaecfd183960fce392e1b3ab4906a160083f4f1589dbf24bb4b70e693ee6979d3a2f2781ded84def126b0aa16ca6a8f3361070cdb501a22dfa8877ae9e0258b625e112f2f583efdbcdaf94c4681e6bedf53a9f871d0b8e137d3ab2252b4abdc2dc029e7e4efe3237e4cd31ee8580c37ff42a134eaae53b207ce98b6001577c9b047ac15f2b79528369e3be24e81cc7feb9a59f5e292f522998f060cb80e2472dd8b19c131ec3089d442c4d02c46e98de4c9ca1b35b8e65ce71dd757a6f19b944353e7426d96cb11a24f84d8f52d571cb3397cb3fd03f10c69c4530d7dfcda5cf528a4dce7506af9c1eab51f6559a22a2dcb6c0ace10795cdaf5e8cab40afa329ccfa3c128d90dcb62cd58743fd97d3eaa9a8311cb07460c136c68bfd1d60310ee2154105304981ce5cd785f46b2c6893c278063d993e61a5d530a2cd0c7cd299f7156a22329738a88ec0967ffbaeb9abed51bd31bddcf314cf90228ae71ff1d3a78ef88317dcd8da7aaa19ebdfa02b62d83ccfbe8afc65301d627c6e1b1598dfb194c20cdf5e3143080b66db11355a4d6becc6a46a66af7eed1880c606f07b47f01de98f4dfd2e3bb5e97c54a8b680c1a506d5d5e931f3bc1b6af3cdff46ad5ed60e6fc5964597e990b77cde66f86a44bfa8555966bc2ce23471c21e703794574e05", 0xfffffffffffffd2e}], 0x1}, 0xe003) sendmsg$kcm(r9, &(0x7f00000031c0)={0x0, 0x0, &(0x7f0000003180)=[{&(0x7f0000003140)="cb", 0x1}], 0x1}, 0x8040) sendmsg$kcm(r9, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000280)="e4022f5def39273a0a498ad911b4", 0xe}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) connect$bt_rfcomm(r3, &(0x7f0000000440)={0x1f, {0x4, 0x7, 0x90, 0x3, 0x7, 0x20}, 0x7}, 0xa) socket$inet6_sctp(0xa, 0x5, 0x84) 22:37:10 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x5]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 316.909103] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 316.950360] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 316.957771] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 316.965059] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 22:37:10 executing program 2 (fault-call:9 fault-nth:46): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:37:10 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x1b11820000, 0x0, 0x0, 0x0, 0x0) 22:37:10 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) socket$inet6(0xa, 0x6, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 22:37:10 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x3e}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:37:10 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x6]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:10 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x141042, 0x0) [ 317.321351] x86/PAT: syz-executor.2:24979 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 317.330413] x86/PAT: syz-executor.2:24979 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 317.411219] x86/PAT: syz-executor.4:24981 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:37:10 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) socket$inet6(0xa, 0x6, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 22:37:10 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x42}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:37:10 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x7]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 317.520551] x86/PAT: syz-executor.2:25039 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:37:10 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_stats\x00', 0x0, 0x0) open(0x0, 0x141042, 0x0) [ 317.604755] x86/PAT: syz-executor.4:24980 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 317.617176] FAULT_INJECTION: forcing a failure. [ 317.617176] name failslab, interval 1, probability 0, space 0, times 0 [ 317.636032] x86/PAT: syz-executor.4:24980 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:37:10 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x10000000000, 0x0, 0x0, 0x0, 0x0) [ 317.769742] CPU: 0 PID: 25204 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 317.776731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 317.786099] Call Trace: [ 317.788710] dump_stack+0x172/0x1f0 [ 317.792360] should_fail.cold+0xa/0x1b [ 317.796269] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 317.801390] ? find_held_lock+0x35/0x130 [ 317.805486] ? percpu_ref_put_many+0x94/0x190 [ 317.810001] __should_failslab+0x121/0x190 [ 317.814253] should_failslab+0x9/0x14 22:37:10 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0xc0}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 317.818060] kmem_cache_alloc+0x47/0x700 [ 317.822133] ? __lock_is_held+0xb6/0x140 [ 317.826213] anon_vma_clone+0xde/0x480 [ 317.830121] anon_vma_fork+0x8f/0x4a0 [ 317.833930] ? dup_userfaultfd+0x15e/0x6c0 [ 317.838188] ? memcpy+0x46/0x50 [ 317.841479] copy_process.part.0+0x34e5/0x7a30 [ 317.846089] ? __cleanup_sighand+0x70/0x70 [ 317.850335] ? lock_downgrade+0x880/0x880 [ 317.854512] ? kasan_check_write+0x14/0x20 [ 317.858752] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 317.863610] _do_fork+0x257/0xfd0 [ 317.867081] ? fork_idle+0x1d0/0x1d0 [ 317.870805] ? fput+0x128/0x1a0 [ 317.874094] ? ksys_write+0x1f1/0x2d0 [ 317.877910] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 317.882679] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 317.887447] ? do_syscall_64+0x26/0x620 [ 317.891430] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 317.896800] ? do_syscall_64+0x26/0x620 [ 317.900786] __x64_sys_clone+0xbf/0x150 [ 317.904773] do_syscall_64+0xfd/0x620 [ 317.908589] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 317.913784] RIP: 0033:0x459a59 [ 317.916983] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 317.935981] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 317.943730] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 317.951017] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 317.958296] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 317.965589] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 317.972877] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 [ 318.095304] x86/PAT: syz-executor.4:25321 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 318.242705] x86/PAT: syz-executor.4:25320 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 318.260603] x86/PAT: syz-executor.2:25000 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 318.262301] x86/PAT: syz-executor.4:25320 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:37:11 executing program 2 (fault-call:9 fault-nth:47): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:37:11 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x8]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:11 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 22:37:11 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000240)='auto\xa9s\x00\xa6\xe0\x9d\xab\xeb\x7f\vC\xefp\x89\xd3D\xb5Bp\xebP\xc3\x92\xcf\xa5\xa1\xa0\x0faZ\x8c\xf5\xa0\xcb\x0e\xde:\xaa\x9d\x96\x03\xbaO)D\x19?\xc3\xc8\x82@\xd3=\xcd\xf8\x82\x83\xa1`\xd4\x05\xf8kle=\xb14TM\x81\xd1u\x1f\x01\xfd\xeb\tL\xda\xfc:\xb4\x9euH\xb7uQ\x81\xef\xa8\xe5\x9a\xcfo\x03\xd9-\x02\f\r\xcd\xbb\xdcCN\x01\xab\x8fK\xf2\xb6', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = epoll_create1(0x80000) mount(&(0x7f00000000c0)=@sg0='/dev/sg0\x00', &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='pstore\x00', 0x2, &(0x7f0000000200)='%cgroup!') r2 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x10000, 0x0) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r2) r3 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(r0, &(0x7f0000000040)=[{{&(0x7f00000002c0)=@ipx, 0x80, 0x0, 0xfe93}, 0x10001}], 0x400000000000367, 0x40000000, 0x0) preadv(r3, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) r4 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r4, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) write$binfmt_script(r4, &(0x7f0000000a40)={'#! ', './file0', [{0x20, '/selinux/enforce\x00'}, {0x20, 'cgroup.procs\x00'}, {0x20, 'cgroup.procs\x00'}, {0x20, 'cgroup.procs\x00'}, {0x20, 'bdev'}, {0x20, '%cgroup!'}], 0xa, "a98e40e1053ed144f318580343ea4877cc2c791158105054b4afe502793f1e9a74f7c3998afbb11b9afaf00a61a5c88fa170e4661ff628a6be4944b9b9ee6c16a3a9cbb329a02a1476f7c159389e5417b38d40a95ed3abd2902de951f4e9f5718668b046a55e2148951d7d2b94eb04516a02b1deea8a32cf94337cd35daaa453c2d5e3eb9b758cca2cdf4bbfdbd5c9771d485904f8e073d56484de5930d5fd23893b686501cb8c3e29251221c41d2220591c99c39adf9d2c59cb852d2e6ca96b856d72ca1bb0d4b04cf46ff7344d17"}, 0x124) open(0x0, 0x141042, 0x0) 22:37:11 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x20000404}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:37:11 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x200000000000, 0x0, 0x0, 0x0, 0x0) [ 318.286049] x86/PAT: syz-executor.2:25000 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 318.436853] x86/PAT: syz-executor.4:25440 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:37:11 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 22:37:11 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x9]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:11 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x7ffff000}, {0x0}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:37:11 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) r2 = open(0x0, 0x141042, 0x0) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r2, 0x4020565b, &(0x7f0000000000)={0x5, 0x3f, 0x1}) [ 318.544515] x86/PAT: syz-executor.2:25507 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 318.623554] FAULT_INJECTION: forcing a failure. [ 318.623554] name failslab, interval 1, probability 0, space 0, times 0 [ 318.653617] x86/PAT: syz-executor.4:25435 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 318.670389] CPU: 0 PID: 25637 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 318.677373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 318.686737] Call Trace: [ 318.689243] x86/PAT: syz-executor.4:25435 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 318.689336] dump_stack+0x172/0x1f0 [ 318.689357] should_fail.cold+0xa/0x1b [ 318.705523] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 318.710637] ? __lock_is_held+0xb6/0x140 [ 318.714711] __should_failslab+0x121/0x190 [ 318.718968] should_failslab+0x9/0x14 [ 318.722772] kmem_cache_alloc+0x47/0x700 [ 318.726844] ? anon_vma_chain_link+0x154/0x1c0 [ 318.731444] anon_vma_clone+0xde/0x480 [ 318.735347] anon_vma_fork+0x8f/0x4a0 [ 318.739156] ? dup_userfaultfd+0x15e/0x6c0 [ 318.743397] ? memcpy+0x46/0x50 [ 318.746687] copy_process.part.0+0x34e5/0x7a30 [ 318.751309] ? __cleanup_sighand+0x70/0x70 [ 318.755549] ? lock_downgrade+0x880/0x880 [ 318.759713] ? kasan_check_write+0x14/0x20 [ 318.763955] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 318.768815] _do_fork+0x257/0xfd0 [ 318.772277] ? fork_idle+0x1d0/0x1d0 [ 318.776091] ? fput+0x128/0x1a0 [ 318.779377] ? ksys_write+0x1f1/0x2d0 [ 318.783183] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 318.787938] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 318.792701] ? do_syscall_64+0x26/0x620 [ 318.796684] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 318.802056] ? do_syscall_64+0x26/0x620 [ 318.806045] __x64_sys_clone+0xbf/0x150 [ 318.810035] do_syscall_64+0xfd/0x620 [ 318.813850] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 318.819044] RIP: 0033:0x459a59 22:37:12 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) socket$inet6(0xa, 0x6, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 22:37:12 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0xa]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 318.822244] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 318.841148] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 318.848854] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 318.848862] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 318.848868] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 318.848875] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 318.848882] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 22:37:12 executing program 2 (fault-call:9 fault-nth:48): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:37:12 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x400000000000, 0x0, 0x0, 0x0, 0x0) 22:37:12 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0, 0x2}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:37:12 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0xf]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:12 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) socket$inet6(0xa, 0x6, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 22:37:12 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r2, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/52, 0x34}, {&(0x7f00000005c0)=""/209, 0xd1}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000240)=""/87, 0x57}], 0x8, 0x0) ioctl$TIOCGSID(r1, 0x5429, &(0x7f00000000c0)=0x0) write$cgroup_pid(r2, &(0x7f0000000180)=r3, 0x12) open(0x0, 0x141042, 0x0) ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, &(0x7f0000000000)={0x7, 0xffff, 0x7, 0xb285, 0x2574}) [ 319.113798] x86/PAT: syz-executor.2:25507 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 319.122815] x86/PAT: syz-executor.2:25507 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 319.174025] x86/PAT: syz-executor.4:25774 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:37:12 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0, 0x3}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 319.271161] x86/PAT: syz-executor.2:25789 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 319.312567] FAULT_INJECTION: forcing a failure. [ 319.312567] name failslab, interval 1, probability 0, space 0, times 0 22:37:12 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x10]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:12 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) socket$inet6(0xa, 0x6, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 319.368294] CPU: 1 PID: 25789 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 319.375279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 319.384638] Call Trace: [ 319.384664] dump_stack+0x172/0x1f0 [ 319.384690] should_fail.cold+0xa/0x1b [ 319.394780] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 319.399894] ? lock_downgrade+0x880/0x880 [ 319.399917] __should_failslab+0x121/0x190 [ 319.408302] should_failslab+0x9/0x14 [ 319.412113] kmem_cache_alloc+0x2ae/0x700 [ 319.416273] ? anon_vma_clone+0x320/0x480 [ 319.420443] anon_vma_fork+0xfc/0x4a0 [ 319.424249] ? dup_userfaultfd+0x15e/0x6c0 [ 319.424268] ? memcpy+0x46/0x50 [ 319.424288] copy_process.part.0+0x34e5/0x7a30 [ 319.431798] ? __cleanup_sighand+0x70/0x70 [ 319.440558] ? lock_downgrade+0x880/0x880 [ 319.444727] ? kasan_check_write+0x14/0x20 [ 319.448975] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 319.453831] _do_fork+0x257/0xfd0 [ 319.457299] ? fork_idle+0x1d0/0x1d0 [ 319.461041] ? fput+0x128/0x1a0 [ 319.464328] ? ksys_write+0x1f1/0x2d0 [ 319.468141] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 319.473035] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 319.477803] ? do_syscall_64+0x26/0x620 [ 319.481787] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 319.487160] ? do_syscall_64+0x26/0x620 [ 319.491150] __x64_sys_clone+0xbf/0x150 [ 319.495141] do_syscall_64+0xfd/0x620 [ 319.498968] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 319.504162] RIP: 0033:0x459a59 22:37:12 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x11]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:12 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 319.507367] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 319.526273] RSP: 002b:00007fae07356c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 319.533980] RAX: ffffffffffffffda RBX: 00007fae07356c90 RCX: 0000000000459a59 [ 319.541263] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 319.548557] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 319.555834] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073576d4 22:37:12 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000240)={0xa1, {{0xa, 0x4e22, 0x7, @mcast1, 0x100}}, {{0xa, 0x4e23, 0x10f011dd, @dev={0xfe, 0x80, [], 0x29}}}}, 0x108) r1 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r2, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x141042, 0x0) [ 319.555842] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 [ 319.642503] x86/PAT: syz-executor.4:25773 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 319.652190] x86/PAT: syz-executor.4:25773 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 319.689249] QAT: Invalid ioctl 22:37:13 executing program 2 (fault-call:9 fault-nth:49): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:37:13 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0, 0x4}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:37:13 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x551e00000000, 0x0, 0x0, 0x0, 0x0) 22:37:13 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 22:37:13 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x60]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 319.812922] x86/PAT: syz-executor.2:25784 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 319.823164] x86/PAT: syz-executor.2:25784 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:37:13 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$KVM_SET_MP_STATE(r1, 0x4004ae99, &(0x7f00000000c0)=0x3) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r2 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r3 = openat$cgroup_procs(r2, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) r4 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r4, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) recvmmsg(r4, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) preadv(r3, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x141042, 0x0) r5 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r5, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r6 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ubi_ctrl\x00', 0x2000, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r6, 0x84, 0x1c, &(0x7f0000000240), &(0x7f0000000280)=0x4) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r5, 0x6, 0x1d, &(0x7f0000000000)={0x3, 0x5, 0x5, 0x800, 0x2}, 0x14) [ 319.924556] x86/PAT: syz-executor.4:26025 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:37:13 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 319.967801] x86/PAT: syz-executor.2:26031 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:37:13 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0xfc]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:13 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0, 0x5}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 320.052045] FAULT_INJECTION: forcing a failure. [ 320.052045] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 320.063920] CPU: 0 PID: 26038 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 320.070857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 320.080220] Call Trace: [ 320.082820] dump_stack+0x172/0x1f0 [ 320.086469] should_fail.cold+0xa/0x1b [ 320.090373] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 320.095494] ? mark_held_locks+0x100/0x100 [ 320.099776] __alloc_pages_nodemask+0x1ee/0x750 [ 320.104483] ? find_held_lock+0x35/0x130 [ 320.108554] ? __alloc_pages_slowpath+0x2870/0x2870 [ 320.113595] cache_grow_begin+0x91/0x8c0 [ 320.117669] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 320.123224] kmem_cache_alloc+0x63b/0x700 [ 320.127384] ? anon_vma_clone+0x320/0x480 [ 320.131550] anon_vma_fork+0xfc/0x4a0 [ 320.135364] ? dup_userfaultfd+0x15e/0x6c0 [ 320.139611] ? memcpy+0x46/0x50 [ 320.142923] copy_process.part.0+0x34e5/0x7a30 [ 320.147563] ? __cleanup_sighand+0x70/0x70 [ 320.151809] ? lock_downgrade+0x880/0x880 [ 320.155988] ? kasan_check_write+0x14/0x20 [ 320.160252] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 320.165158] _do_fork+0x257/0xfd0 [ 320.168648] ? fork_idle+0x1d0/0x1d0 [ 320.172378] ? fput+0x128/0x1a0 [ 320.175676] ? ksys_write+0x1f1/0x2d0 [ 320.179507] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 320.184279] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 320.189060] ? do_syscall_64+0x26/0x620 [ 320.193047] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 320.198427] ? do_syscall_64+0x26/0x620 [ 320.202430] __x64_sys_clone+0xbf/0x150 [ 320.206427] do_syscall_64+0xfd/0x620 [ 320.210250] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 320.215450] RIP: 0033:0x459a59 [ 320.218655] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 320.222589] x86/PAT: syz-executor.4:26018 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:37:13 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 320.237568] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 320.237584] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 320.237592] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 320.237599] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 320.237607] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 320.237615] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 22:37:13 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:13 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x7fd4aea6f000, 0x0, 0x0, 0x0, 0x0) [ 320.365687] x86/PAT: syz-executor.4:26018 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 320.471426] x86/PAT: syz-executor.2:26038 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 320.562956] x86/PAT: syz-executor.4:26259 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:37:13 executing program 2 (fault-call:9 fault-nth:50): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:37:13 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 22:37:13 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0, 0x6}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:37:13 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) recvfrom$unix(r3, &(0x7f0000000240)=""/106, 0x6a, 0x20, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x141042, 0x0) 22:37:13 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x2]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 320.624499] x86/PAT: syz-executor.2:26038 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:37:13 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x82111b000000, 0x0, 0x0, 0x0, 0x0) 22:37:13 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 22:37:13 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0, 0x7}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 320.675441] x86/PAT: syz-executor.4:26259 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 320.692936] x86/PAT: syz-executor.4:26259 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:37:14 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x3]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:14 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prctl$PR_GET_THP_DISABLE(0x2a) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x40080, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f00000000c0)='*\x00') r1 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r2, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x141042, 0x0) [ 320.838054] x86/PAT: syz-executor.2:26481 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 320.871745] x86/PAT: syz-executor.4:26484 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:37:14 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 320.907080] FAULT_INJECTION: forcing a failure. [ 320.907080] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 320.944528] CPU: 1 PID: 26490 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 320.951515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 320.960883] Call Trace: [ 320.963494] dump_stack+0x172/0x1f0 [ 320.967147] should_fail.cold+0xa/0x1b [ 320.971070] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 320.976198] ? __might_sleep+0x95/0x190 [ 320.980192] __alloc_pages_nodemask+0x1ee/0x750 [ 320.984983] ? save_stack+0xa9/0xd0 [ 320.988626] ? __alloc_pages_slowpath+0x2870/0x2870 [ 320.993677] ? copy_process.part.0+0x34e5/0x7a30 [ 320.998456] ? mark_held_locks+0x100/0x100 [ 321.002716] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 321.008282] alloc_pages_current+0x107/0x210 [ 321.012710] pte_alloc_one+0x1b/0x1a0 [ 321.016522] __pte_alloc+0x2a/0x360 [ 321.020164] copy_page_range+0x151f/0x1f90 [ 321.024410] ? anon_vma_fork+0x371/0x4a0 [ 321.028487] ? find_held_lock+0x35/0x130 [ 321.032564] ? anon_vma_fork+0x371/0x4a0 [ 321.036654] ? lock_downgrade+0x880/0x880 [ 321.040825] ? pmd_alloc+0x180/0x180 [ 321.044556] ? __vma_link_rb+0x279/0x370 [ 321.048642] copy_process.part.0+0x543d/0x7a30 [ 321.053264] ? __cleanup_sighand+0x70/0x70 [ 321.057511] ? lock_downgrade+0x880/0x880 [ 321.061692] ? kasan_check_write+0x14/0x20 [ 321.065943] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 321.070802] _do_fork+0x257/0xfd0 [ 321.074273] ? fork_idle+0x1d0/0x1d0 [ 321.077993] ? fput+0x128/0x1a0 [ 321.081290] ? ksys_write+0x1f1/0x2d0 [ 321.085099] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 321.089862] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 321.094638] ? do_syscall_64+0x26/0x620 [ 321.098615] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 321.104006] ? do_syscall_64+0x26/0x620 [ 321.108013] __x64_sys_clone+0xbf/0x150 [ 321.111996] do_syscall_64+0xfd/0x620 [ 321.115805] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 321.120993] RIP: 0033:0x459a59 [ 321.124190] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 321.143107] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 321.150847] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 22:37:14 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/60, 0x3c}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x8, 0x0) [ 321.158137] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 321.166383] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 321.173672] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 321.180945] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 [ 321.215198] x86/PAT: syz-executor.4:26484 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 321.224009] x86/PAT: syz-executor.4:26484 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:37:14 executing program 2 (fault-call:9 fault-nth:51): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:37:14 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x4]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:14 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0, 0xa}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:37:14 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0, 0x10}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:37:14 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 321.432697] x86/PAT: syz-executor.4:26482 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 321.479001] x86/PAT: syz-executor.4:26482 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:37:14 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x2001000000000, 0x0, 0x0, 0x0, 0x0) 22:37:14 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x5]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:14 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f00000007c0)=""/142, 0x8e}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x8, 0x0) open(0x0, 0x141042, 0x0) 22:37:14 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0, 0x48}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:37:14 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 321.562325] x86/PAT: syz-executor.2:26820 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 321.641267] FAULT_INJECTION: forcing a failure. [ 321.641267] name failslab, interval 1, probability 0, space 0, times 0 [ 321.669978] x86/PAT: syz-executor.4:26832 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 321.679689] CPU: 0 PID: 26833 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 321.686648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 321.696010] Call Trace: [ 321.698614] dump_stack+0x172/0x1f0 [ 321.698635] should_fail.cold+0xa/0x1b [ 321.698654] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 321.706252] ? lock_downgrade+0x880/0x880 [ 321.706274] __should_failslab+0x121/0x190 [ 321.706289] should_failslab+0x9/0x14 [ 321.706301] kmem_cache_alloc+0x2ae/0x700 [ 321.706316] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 321.706334] ptlock_alloc+0x20/0x70 [ 321.706350] pte_alloc_one+0x6d/0x1a0 [ 321.706365] __pte_alloc+0x2a/0x360 [ 321.706379] copy_page_range+0x151f/0x1f90 [ 321.706394] ? anon_vma_fork+0x371/0x4a0 [ 321.752603] ? find_held_lock+0x35/0x130 [ 321.756681] ? anon_vma_fork+0x371/0x4a0 [ 321.760762] ? lock_downgrade+0x880/0x880 [ 321.764931] ? pmd_alloc+0x180/0x180 [ 321.768663] ? __vma_link_rb+0x279/0x370 [ 321.772738] copy_process.part.0+0x543d/0x7a30 [ 321.777443] ? __cleanup_sighand+0x70/0x70 [ 321.781680] ? lock_downgrade+0x880/0x880 [ 321.785836] ? kasan_check_write+0x14/0x20 [ 321.790062] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 321.794900] _do_fork+0x257/0xfd0 [ 321.798347] ? fork_idle+0x1d0/0x1d0 [ 321.802047] ? fput+0x128/0x1a0 [ 321.805314] ? ksys_write+0x1f1/0x2d0 [ 321.810235] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 321.814981] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 321.819726] ? do_syscall_64+0x26/0x620 [ 321.823689] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 321.829039] ? do_syscall_64+0x26/0x620 [ 321.833002] __x64_sys_clone+0xbf/0x150 [ 321.836968] do_syscall_64+0xfd/0x620 [ 321.840759] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 321.845935] RIP: 0033:0x459a59 [ 321.849115] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 321.868009] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 321.875705] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 321.882972] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 22:37:15 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x6]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:15 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 321.890228] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 321.897510] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 321.904773] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 [ 322.096535] x86/PAT: syz-executor.2:26833 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:37:15 executing program 2 (fault-call:9 fault-nth:52): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:37:15 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0, 0x4c}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:37:15 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 22:37:15 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x7]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:15 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x90aeaddc9ba87ffe, 0x0) ioctl$VFIO_IOMMU_MAP_DMA(r0, 0x3b71, &(0x7f00000000c0)={0x20, 0x3, 0x6, 0x6, 0x80000001}) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r2, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x141042, 0x0) 22:37:15 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x2020000000000, 0x0, 0x0, 0x0, 0x0) [ 322.144133] x86/PAT: syz-executor.4:26828 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 322.146977] x86/PAT: syz-executor.2:26833 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 322.161352] x86/PAT: syz-executor.4:26828 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:37:15 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 22:37:15 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0, 0x68}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:37:15 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x8]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 322.333756] x86/PAT: syz-executor.2:27105 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 322.367164] x86/PAT: syz-executor.4:27103 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 322.396119] FAULT_INJECTION: forcing a failure. [ 322.396119] name failslab, interval 1, probability 0, space 0, times 0 [ 322.461794] CPU: 1 PID: 27171 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 322.468773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 322.478138] Call Trace: [ 322.480746] dump_stack+0x172/0x1f0 [ 322.484389] should_fail.cold+0xa/0x1b [ 322.488298] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 322.493501] ? lock_downgrade+0x880/0x880 [ 322.497675] __should_failslab+0x121/0x190 [ 322.501926] should_failslab+0x9/0x14 [ 322.505741] kmem_cache_alloc+0x2ae/0x700 [ 322.509898] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 322.514927] ? __vm_enough_memory+0x324/0x5a0 [ 322.519438] vm_area_dup+0x21/0x170 [ 322.523078] copy_process.part.0+0x3407/0x7a30 [ 322.527692] ? __cleanup_sighand+0x70/0x70 [ 322.531928] ? lock_downgrade+0x880/0x880 [ 322.536085] ? kasan_check_write+0x14/0x20 [ 322.540323] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 322.545177] _do_fork+0x257/0xfd0 [ 322.548640] ? fork_idle+0x1d0/0x1d0 [ 322.552364] ? fput+0x128/0x1a0 [ 322.555651] ? ksys_write+0x1f1/0x2d0 22:37:15 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0), 0x0, 0x3) open(0x0, 0x141042, 0x0) 22:37:15 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 322.559484] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 322.564241] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 322.569006] ? do_syscall_64+0x26/0x620 [ 322.572992] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 322.578368] ? do_syscall_64+0x26/0x620 [ 322.582350] __x64_sys_clone+0xbf/0x150 [ 322.582371] do_syscall_64+0xfd/0x620 [ 322.582391] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 322.582405] RIP: 0033:0x459a59 [ 322.590171] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 322.590180] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 322.590195] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 322.590204] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 322.590213] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 322.590221] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 322.590228] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 22:37:15 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x9]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 322.623411] x86/PAT: syz-executor.4:27082 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 322.675664] x86/PAT: syz-executor.4:27082 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 322.751126] x86/PAT: syz-executor.2:27105 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 322.763920] x86/PAT: syz-executor.2:27105 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:37:15 executing program 2 (fault-call:9 fault-nth:53): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:37:15 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 22:37:15 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0, 0x6c}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:37:15 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x8000000000000, 0x0, 0x0, 0x0, 0x0) 22:37:16 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0xa]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:16 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x141042, 0x0) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) fgetxattr(r2, &(0x7f0000000000)=@known='trusted.overlay.upper\x00', &(0x7f0000000240)=""/250, 0xfa) 22:37:16 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 322.916817] x86/PAT: syz-executor.4:27399 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 322.959679] x86/PAT: syz-executor.2:27402 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:37:16 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0, 0x74}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 323.028253] FAULT_INJECTION: forcing a failure. [ 323.028253] name failslab, interval 1, probability 0, space 0, times 0 [ 323.085284] x86/PAT: syz-executor.4:27394 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 323.093380] CPU: 0 PID: 27463 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 323.100934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 323.110291] Call Trace: [ 323.110317] dump_stack+0x172/0x1f0 [ 323.110337] should_fail.cold+0xa/0x1b [ 323.110354] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 323.110370] ? find_held_lock+0x35/0x130 [ 323.110388] ? percpu_ref_put_many+0x94/0x190 22:37:16 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 22:37:16 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x10000000000000, 0x0, 0x0, 0x0, 0x0) [ 323.110405] __should_failslab+0x121/0x190 [ 323.110421] should_failslab+0x9/0x14 [ 323.134895] x86/PAT: syz-executor.4:27394 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 323.138487] kmem_cache_alloc+0x47/0x700 [ 323.138504] ? __lock_is_held+0xb6/0x140 [ 323.138523] anon_vma_clone+0xde/0x480 [ 323.162987] anon_vma_fork+0x8f/0x4a0 [ 323.166807] ? dup_userfaultfd+0x15e/0x6c0 [ 323.171101] ? memcpy+0x46/0x50 [ 323.174398] copy_process.part.0+0x34e5/0x7a30 [ 323.179024] ? __cleanup_sighand+0x70/0x70 22:37:16 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 323.183272] ? lock_downgrade+0x880/0x880 [ 323.187454] ? kasan_check_write+0x14/0x20 [ 323.191699] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 323.196563] _do_fork+0x257/0xfd0 [ 323.200031] ? fork_idle+0x1d0/0x1d0 [ 323.203756] ? fput+0x128/0x1a0 [ 323.207048] ? ksys_write+0x1f1/0x2d0 [ 323.210989] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 323.215783] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 323.220552] ? do_syscall_64+0x26/0x620 [ 323.224539] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 323.229915] ? do_syscall_64+0x26/0x620 22:37:16 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 323.233908] __x64_sys_clone+0xbf/0x150 [ 323.237896] do_syscall_64+0xfd/0x620 [ 323.241715] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 323.246901] RIP: 0033:0x459a59 [ 323.250097] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 323.269006] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 323.276820] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 323.284104] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 323.291385] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 323.298680] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 323.305961] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 [ 323.387878] x86/PAT: syz-executor.4:27597 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 323.407950] x86/PAT: syz-executor.2:27618 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:37:16 executing program 2 (fault-call:9 fault-nth:54): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:37:16 executing program 0: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 22:37:16 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0xf]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:16 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-control\x00', 0x202100, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000180)={0x190, @tick=0x8000, 0x40, {0xf9}, 0xf3, 0x6, 0x2}) r1 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) syz_mount_image$erofs(&(0x7f0000000200)='erofs\x00', &(0x7f0000000240)='./file0/file0\x00', 0x1, 0x2, &(0x7f0000000440)=[{&(0x7f0000000280)="69d176f4a76a396d1f9c353e22bd540614950f8ad0b9e3cbc4e6e515368ea308ba772b073be11ca5bb73bb6cd39a4df57764bcd9e3c8b8dd7f856db84ef4051de2d1331a1b7e956dcb0d10412bf5fc6f2fff71623984458a7283d53bd51d67d5a8521c031b6a3c36d5ffa5560ba9697f6626ed126de0f60038e4091a955624eb53db8fadf7dbbc695df8a8ecc844db0c11b4d63289d128fdff91f3ab51609e3e8f23811f26e79442bc89f80e88ec20409ff3543af4c97a1b7bd4c154545f6fdc8d", 0xc1, 0x3}, {&(0x7f0000000380)="fa479ceb02dc045fba2fec1a04a3d39dfed23a063d", 0x15, 0xc0000000000}], 0xa011, &(0x7f0000000a40)=ANY=[@ANYBLOB="6661754c745f696e6a656374696f6e3d3078303030303030303030303030303030342c6e6f61636c2c61636c2c757365725f78617474722c6e6f757365725f78617474722c757365725f78617474722c61636c2c6e6f61636c2c7375626a6f786e6574312e707070312c7063723d30303030303030303030303030303030303034392c6673636f6e746578743d73797374656d5f752c6d6a736b3d5e4d41595f415050454e442c646f6e745f686173682c66756e633d4649524d0600000000000000434b2c7375626a5f757365723d2c00"/220]) r2 = openat$cgroup_procs(r1, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) r3 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r3, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r4 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r4, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) recvmmsg(r4, &(0x7f0000003140), 0x0, 0x2, 0x0) preadv(r2, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x141042, 0x0) 22:37:16 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0, 0x7a}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 323.447290] x86/PAT: syz-executor.2:27618 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:37:16 executing program 0: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 22:37:16 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x10]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 323.574131] x86/PAT: syz-executor.4:27594 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 323.591822] x86/PAT: syz-executor.2:27719 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 323.611605] x86/PAT: syz-executor.4:27594 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:37:16 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0, 0x300}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 323.660121] FAULT_INJECTION: forcing a failure. [ 323.660121] name failslab, interval 1, probability 0, space 0, times 0 [ 323.705187] CPU: 1 PID: 27782 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 323.712171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 323.721534] Call Trace: [ 323.724140] dump_stack+0x172/0x1f0 [ 323.727796] should_fail.cold+0xa/0x1b [ 323.731706] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 323.736826] ? lock_downgrade+0x880/0x880 [ 323.741000] __should_failslab+0x121/0x190 [ 323.745252] should_failslab+0x9/0x14 [ 323.749068] kmem_cache_alloc+0x2ae/0x700 [ 323.753230] ? anon_vma_clone+0x320/0x480 [ 323.757400] anon_vma_fork+0xfc/0x4a0 [ 323.761209] ? dup_userfaultfd+0x15e/0x6c0 [ 323.765450] ? memcpy+0x46/0x50 [ 323.768745] copy_process.part.0+0x34e5/0x7a30 [ 323.773373] ? __cleanup_sighand+0x70/0x70 [ 323.777628] ? lock_downgrade+0x880/0x880 [ 323.781802] ? kasan_check_write+0x14/0x20 [ 323.786043] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 323.790913] _do_fork+0x257/0xfd0 [ 323.794382] ? fork_idle+0x1d0/0x1d0 [ 323.798119] ? fput+0x128/0x1a0 [ 323.801433] ? ksys_write+0x1f1/0x2d0 [ 323.805250] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 323.810020] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 323.814816] ? do_syscall_64+0x26/0x620 [ 323.818809] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 323.824179] ? do_syscall_64+0x26/0x620 [ 323.828163] __x64_sys_clone+0xbf/0x150 [ 323.832151] do_syscall_64+0xfd/0x620 [ 323.835988] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 323.841204] RIP: 0033:0x459a59 [ 323.844410] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 323.863319] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 323.871048] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 323.878324] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 323.885607] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 323.892884] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 22:37:16 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x11]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:17 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x20000000000000, 0x0, 0x0, 0x0, 0x0) 22:37:17 executing program 0: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 22:37:17 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) flock(r2, 0xd) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x141042, 0x0) [ 323.900169] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 [ 323.951100] x86/PAT: syz-executor.2:27782 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 323.985464] x86/PAT: syz-executor.2:27782 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:37:17 executing program 2 (fault-call:9 fault-nth:55): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:37:17 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x60]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:17 executing program 0: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 324.047777] x86/PAT: syz-executor.4:27868 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:37:17 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0, 0x500}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:37:17 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0xfc]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 324.183675] x86/PAT: syz-executor.2:27888 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:37:17 executing program 0: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 324.252001] FAULT_INJECTION: forcing a failure. [ 324.252001] name failslab, interval 1, probability 0, space 0, times 0 [ 324.292998] x86/PAT: syz-executor.4:27862 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 324.334364] CPU: 1 PID: 28059 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 324.341346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 324.350707] Call Trace: [ 324.353319] dump_stack+0x172/0x1f0 [ 324.356966] should_fail.cold+0xa/0x1b [ 324.360870] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 324.365983] ? lock_downgrade+0x880/0x880 [ 324.370151] __should_failslab+0x121/0x190 [ 324.374398] should_failslab+0x9/0x14 [ 324.378206] kmem_cache_alloc+0x2ae/0x700 [ 324.382356] ? anon_vma_clone+0x320/0x480 [ 324.386515] anon_vma_fork+0x1ea/0x4a0 [ 324.390415] ? dup_userfaultfd+0x15e/0x6c0 [ 324.394663] copy_process.part.0+0x34e5/0x7a30 [ 324.399276] ? __cleanup_sighand+0x70/0x70 [ 324.403510] ? lock_downgrade+0x880/0x880 [ 324.407673] ? kasan_check_write+0x14/0x20 [ 324.411908] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 324.416779] _do_fork+0x257/0xfd0 [ 324.420257] ? fork_idle+0x1d0/0x1d0 [ 324.423976] ? fput+0x128/0x1a0 [ 324.427257] ? ksys_write+0x1f1/0x2d0 [ 324.431066] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 324.435834] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 324.440608] ? do_syscall_64+0x26/0x620 [ 324.444588] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 324.444603] ? do_syscall_64+0x26/0x620 [ 324.444621] __x64_sys_clone+0xbf/0x150 [ 324.444638] do_syscall_64+0xfd/0x620 [ 324.453965] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 324.466885] RIP: 0033:0x459a59 22:37:17 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:17 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180)='/dev/zero\x00', 0x0, 0x0) setsockopt$inet6_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000240)="a8739d1da749c4d48bbbd126fb10bb3b1061c92575f5078640e95ad7ff16e8d822ef85cb3b9eea748c4758fa1c82900672a990a944452d78a6ce3dcdd1363e181c8a8928344defdb69e5b1c5a7880532ac95de721bdde5281235ed577fc5b59f5d42eb6f9cb1ee96e50d1c20458f3b7fc038c3d0038c967cf62e4f8d36325c5832494fa6f036a2d24a5f78f11ac4d58b237ae5d614e99cd5cfe79ad4a07a3d5a007153b99762c0b27e5e644645757a0de5dd59a1ab4b92ae2fb3d52e12957024730b09a3dd579aefc4a11660b73a940ebc4705705f07d229fa", 0xd9) r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/checkreqprot\x00', 0x0, 0x0) sendmmsg$inet_sctp(r1, &(0x7f00000000c0), 0x0, 0x8004) r2 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r3 = openat$cgroup_procs(r2, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r3, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) ioctl$VT_RESIZE(r2, 0x5609, &(0x7f00000000c0)={0x401, 0xd28c}) open(0x0, 0x141042, 0x0) [ 324.470084] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 324.488997] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 324.496726] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 324.504008] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 324.511289] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 324.514545] x86/PAT: syz-executor.4:27862 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 324.518574] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 22:37:17 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x2]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 324.518583] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 22:37:17 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x30000000000000, 0x0, 0x0, 0x0, 0x0) 22:37:17 executing program 0: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 22:37:17 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0, 0x600}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 324.657112] x86/PAT: syz-executor.2:28059 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 324.674034] x86/PAT: syz-executor.2:28059 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:37:17 executing program 2 (fault-call:9 fault-nth:56): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:37:17 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x3]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:17 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 22:37:18 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0, 0x700}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 324.824140] x86/PAT: syz-executor.4:28207 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 324.871254] x86/PAT: syz-executor.2:28223 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 324.949136] FAULT_INJECTION: forcing a failure. [ 324.949136] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 324.970438] x86/PAT: syz-executor.4:28194 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:37:18 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 22:37:18 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x4]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 325.010181] x86/PAT: syz-executor.4:28194 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 325.042185] CPU: 1 PID: 28303 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 325.049167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 325.058969] Call Trace: [ 325.061575] dump_stack+0x172/0x1f0 [ 325.065224] should_fail.cold+0xa/0x1b [ 325.069132] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 325.074253] ? __might_sleep+0x95/0x190 [ 325.078249] __alloc_pages_nodemask+0x1ee/0x750 [ 325.082938] ? __alloc_pages_slowpath+0x2870/0x2870 [ 325.087969] ? save_stack+0x45/0xd0 [ 325.091611] ? kasan_kmalloc+0xce/0xf0 [ 325.095509] ? kasan_slab_alloc+0xf/0x20 [ 325.099585] ? __lock_acquire+0x6ee/0x49c0 [ 325.103834] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 325.109421] alloc_pages_current+0x107/0x210 [ 325.113858] pte_alloc_one+0x1b/0x1a0 [ 325.117684] copy_huge_pmd+0x7d/0x620 [ 325.121498] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 325.127052] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 325.132649] copy_page_range+0x7a1/0x1f90 [ 325.136899] ? anon_vma_fork+0x371/0x4a0 [ 325.140997] ? find_held_lock+0x35/0x130 [ 325.145069] ? anon_vma_fork+0x371/0x4a0 [ 325.145093] ? vma_compute_subtree_gap+0x158/0x230 [ 325.145111] ? vma_gap_callbacks_rotate+0x62/0x80 [ 325.154126] ? pmd_alloc+0x180/0x180 [ 325.162658] ? __vma_link_rb+0x279/0x370 [ 325.166746] copy_process.part.0+0x543d/0x7a30 [ 325.171373] ? __cleanup_sighand+0x70/0x70 [ 325.175629] ? lock_downgrade+0x880/0x880 [ 325.179810] ? kasan_check_write+0x14/0x20 [ 325.184062] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 325.188973] _do_fork+0x257/0xfd0 [ 325.192451] ? fork_idle+0x1d0/0x1d0 [ 325.196184] ? fput+0x128/0x1a0 [ 325.199490] ? ksys_write+0x1f1/0x2d0 [ 325.203337] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 325.208126] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 325.212906] ? do_syscall_64+0x26/0x620 [ 325.216903] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 325.222289] ? do_syscall_64+0x26/0x620 [ 325.226289] __x64_sys_clone+0xbf/0x150 [ 325.230286] do_syscall_64+0xfd/0x620 [ 325.234106] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 325.239308] RIP: 0033:0x459a59 [ 325.242509] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 22:37:18 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x5]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:18 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x141042, 0x0) 22:37:18 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 22:37:18 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x40000000000000, 0x0, 0x0, 0x0, 0x0) 22:37:18 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 325.261417] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 325.269140] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 325.269148] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 325.269154] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 325.269162] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 325.269169] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 22:37:18 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x6]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:18 executing program 2 (fault-call:9 fault-nth:57): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:37:18 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0, 0xa00}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 325.293914] x86/PAT: syz-executor.2:28303 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 325.330372] x86/PAT: syz-executor.2:28303 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 325.384138] x86/PAT: syz-executor.4:28348 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 325.532032] x86/PAT: syz-executor.2:28391 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:37:18 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0, 0x4800}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:37:18 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 325.587141] FAULT_INJECTION: forcing a failure. [ 325.587141] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 325.619345] x86/PAT: syz-executor.4:28348 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:37:18 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x7]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 325.669759] CPU: 0 PID: 28537 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 325.676741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 325.686100] Call Trace: [ 325.686123] dump_stack+0x172/0x1f0 [ 325.686145] should_fail.cold+0xa/0x1b [ 325.686162] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 325.686181] ? __might_sleep+0x95/0x190 [ 325.686199] __alloc_pages_nodemask+0x1ee/0x750 [ 325.692406] ? __alloc_pages_slowpath+0x2870/0x2870 [ 325.715006] ? save_stack+0x45/0xd0 [ 325.718647] ? kasan_kmalloc+0xce/0xf0 [ 325.722541] ? kasan_slab_alloc+0xf/0x20 [ 325.726646] ? __lock_acquire+0x6ee/0x49c0 [ 325.730888] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 325.736438] alloc_pages_current+0x107/0x210 [ 325.740859] pte_alloc_one+0x1b/0x1a0 [ 325.744687] copy_huge_pmd+0x7d/0x620 [ 325.747441] x86/PAT: syz-executor.4:28348 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 325.748495] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 325.748508] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 325.748525] copy_page_range+0x7a1/0x1f90 [ 325.772401] ? anon_vma_fork+0x371/0x4a0 [ 325.776490] ? find_held_lock+0x35/0x130 [ 325.780555] ? anon_vma_fork+0x371/0x4a0 [ 325.784626] ? vma_compute_subtree_gap+0x158/0x230 [ 325.789571] ? vma_gap_callbacks_rotate+0x62/0x80 [ 325.794431] ? pmd_alloc+0x180/0x180 [ 325.798162] ? __vma_link_rb+0x279/0x370 [ 325.802245] copy_process.part.0+0x543d/0x7a30 [ 325.806861] ? __cleanup_sighand+0x70/0x70 [ 325.811108] ? lock_downgrade+0x880/0x880 [ 325.815272] ? kasan_check_write+0x14/0x20 22:37:18 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4007f, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x3, 0x0, 0x8, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000a40)={{{@in=@broadcast, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in=@remote}}, &(0x7f0000000440)=0xe8) mount$overlay(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='overlay\x00', 0x0, &(0x7f0000000b40)={[{@nfs_export_on='nfs_export=on'}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on='xino=on'}, {@xino_on='xino=on'}, {@default_permissions='default_permissions'}, {@index_off='index=off'}, {@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on='xino=on'}, {@redirect_dir={'redirect_dir', 0x3d, './file0'}}], [{@defcontext={'defcontext', 0x3d, 'user_u'}}, {@audit='audit'}, {@subj_role={'subj_role', 0x3d, 'cgroup2\x00'}}, {@mask={'mask', 0x3d, '^MAY_READ'}}, {@euid_lt={'euid<', r5}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'cgroup2\x00'}}, {@fsname={'fsname'}}, {@appraise='appraise'}, {@pcr={'pcr', 0x3d, 0x3f}}, {@smackfsroot={'smackfsroot'}}]}) setsockopt$inet_sctp_SCTP_INITMSG(r4, 0x84, 0x2, &(0x7f0000000180)={0x1, 0x7, 0x2, 0x1}, 0x8) ioctl$FIBMAP(r2, 0x1, &(0x7f00000000c0)=0x800) r6 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r6, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) connect(r6, &(0x7f0000000240)=@nl=@unspec, 0x80) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x141042, 0x0) getsockopt$inet_sctp_SCTP_AUTOCLOSE(0xffffffffffffffff, 0x84, 0x4, &(0x7f00000002c0), &(0x7f0000000300)=0x4) [ 325.819521] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 325.824390] _do_fork+0x257/0xfd0 [ 325.827858] ? fork_idle+0x1d0/0x1d0 [ 325.831584] ? fput+0x128/0x1a0 [ 325.834874] ? ksys_write+0x1f1/0x2d0 [ 325.838691] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 325.843464] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 325.848232] ? do_syscall_64+0x26/0x620 [ 325.852217] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 325.857598] ? do_syscall_64+0x26/0x620 [ 325.861588] __x64_sys_clone+0xbf/0x150 [ 325.865586] do_syscall_64+0xfd/0x620 22:37:19 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x8]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:19 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 325.869410] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 325.874608] RIP: 0033:0x459a59 [ 325.877814] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 325.897421] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 325.905150] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 325.912438] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 22:37:19 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x6b6b6b00000000, 0x0, 0x0, 0x0, 0x0) [ 325.919724] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 325.926998] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 325.934266] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 22:37:19 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0, 0x4c00}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 325.962634] x86/PAT: syz-executor.2:28537 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:37:19 executing program 2 (fault-call:9 fault-nth:58): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 326.030839] x86/PAT: syz-executor.2:28537 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 326.048524] x86/PAT: syz-executor.4:28590 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 326.056413] overlayfs: unrecognized mount option "audit" or missing value 22:37:19 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x9]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:19 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 326.201698] x86/PAT: syz-executor.4:28589 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:37:19 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0, 0x6800}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:37:19 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) getsockopt$inet_sctp_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f00000002c0)={0x3, [0xff, 0x28, 0x6]}, &(0x7f0000000300)=0xa) getsockopt$inet_sctp6_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000000000)=@assoc_id=0x0, &(0x7f00000000c0)=0x4) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000240)={r3, 0x77, "a742db34a7533a3572e20735833dacaad7ccd51cc91bd9de69b69ab23dcb684fd0198274ace0982f25972b6516735ab1c9514058c977fc251483a6e1c945404d1963542f9b1398b360b0fd8f5d5878412063da7106f66c2649750f49a36fced93961b6b716951d8f7044ee89b3948f1cdaf5d42400ecc7"}, &(0x7f0000000180)=0x7f) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f0000000380)=[{&(0x7f0000000b40)=""/4096, 0x1000}], 0x1, 0x0) open(0x0, 0x141042, 0x0) [ 326.247586] x86/PAT: syz-executor.4:28589 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 326.275411] x86/PAT: syz-executor.2:28802 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:37:19 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x70010100000000, 0x0, 0x0, 0x0, 0x0) [ 326.310785] FAULT_INJECTION: forcing a failure. [ 326.310785] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 326.381536] CPU: 1 PID: 28802 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 326.388512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 326.397876] Call Trace: [ 326.400480] dump_stack+0x172/0x1f0 [ 326.404125] should_fail.cold+0xa/0x1b [ 326.408038] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 326.413161] ? __might_sleep+0x95/0x190 [ 326.417152] __alloc_pages_nodemask+0x1ee/0x750 [ 326.421829] ? copy_huge_pmd+0x415/0x620 [ 326.425905] ? __alloc_pages_slowpath+0x2870/0x2870 [ 326.430939] ? lock_downgrade+0x880/0x880 [ 326.435096] ? pmd_pfn+0x12e/0x1d0 [ 326.438649] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 326.444195] alloc_pages_current+0x107/0x210 [ 326.448613] pte_alloc_one+0x1b/0x1a0 [ 326.452434] __pte_alloc+0x2a/0x360 [ 326.456070] copy_page_range+0x151f/0x1f90 [ 326.460313] ? anon_vma_fork+0x371/0x4a0 [ 326.464387] ? find_held_lock+0x35/0x130 [ 326.468459] ? anon_vma_fork+0x371/0x4a0 [ 326.472531] ? vma_compute_subtree_gap+0x158/0x230 [ 326.477489] ? vma_gap_callbacks_rotate+0x62/0x80 [ 326.482344] ? pmd_alloc+0x180/0x180 [ 326.486066] ? __vma_link_rb+0x279/0x370 [ 326.490140] copy_process.part.0+0x543d/0x7a30 [ 326.494760] ? __cleanup_sighand+0x70/0x70 [ 326.499003] ? lock_downgrade+0x880/0x880 [ 326.503147] ? kasan_check_write+0x14/0x20 [ 326.507380] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 326.512235] _do_fork+0x257/0xfd0 [ 326.515703] ? fork_idle+0x1d0/0x1d0 [ 326.519429] ? fput+0x128/0x1a0 [ 326.520785] x86/PAT: syz-executor.4:28919 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 326.522715] ? ksys_write+0x1f1/0x2d0 [ 326.522740] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 326.539921] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 326.544674] ? do_syscall_64+0x26/0x620 [ 326.548644] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 326.553996] ? do_syscall_64+0x26/0x620 [ 326.557967] __x64_sys_clone+0xbf/0x150 [ 326.561936] do_syscall_64+0xfd/0x620 [ 326.565734] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 326.570910] RIP: 0033:0x459a59 [ 326.574095] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 326.593000] RSP: 002b:00007fae07356c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 326.600698] RAX: ffffffffffffffda RBX: 00007fae07356c90 RCX: 0000000000459a59 [ 326.607954] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 326.615210] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 326.622469] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073576d4 22:37:19 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) open(&(0x7f0000000280)='./file0\x00', 0x20881, 0x15) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0}, 0x80000000}], 0x1, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x141042, 0x0) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) r3 = dup(r2) r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00') r5 = openat$null(0xffffffffffffff9c, &(0x7f0000000140)='/dev/null\x00', 0x0, 0x0) lseek(r5, 0x0, 0x0) ioctl$KVM_SET_IDENTITY_MAP_ADDR(r5, 0x4008ae48, 0x0) sendmsg$TIPC_CMD_DISABLE_BEARER(r5, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000090}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x30, r4, 0xd771fe8bd7ab8370, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4102, 0x0, {0x14, 0x13, @l2={'ib', 0x3a, 'bond_slave_1\x00'}}}, ["", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) sendmsg$TIPC_CMD_SHOW_LINK_STATS(r3, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x30, r4, 0x20, 0x70bd28, 0x25dfdbff, {{}, 0x0, 0xb, 0x0, {0x14, 0x14, 'broadcast-link\x00'}}, ["", "", "", "", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000e1}, 0x428e1) 22:37:19 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 22:37:19 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0, 0x6c00}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:37:19 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0xa]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 326.629734] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 22:37:19 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 22:37:20 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0xf]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 326.868558] x86/PAT: syz-executor.2:28802 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:37:20 executing program 2 (fault-call:9 fault-nth:59): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:37:20 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0, 0x7400}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:37:20 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 326.910044] x86/PAT: syz-executor.2:28802 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 326.943629] x86/PAT: syz-executor.4:28834 freeing invalid memtype [mem 0x00000000-0x00000fff] 22:37:20 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x10]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 327.022297] x86/PAT: syz-executor.4:28834 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:37:20 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0, 0x7a00}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 327.125530] x86/PAT: syz-executor.2:29152 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 327.158335] FAULT_INJECTION: forcing a failure. [ 327.158335] name failslab, interval 1, probability 0, space 0, times 0 [ 327.204091] CPU: 0 PID: 29152 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 327.211075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 327.220455] Call Trace: [ 327.223068] dump_stack+0x172/0x1f0 [ 327.226724] should_fail.cold+0xa/0x1b [ 327.230642] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 327.235771] ? lock_downgrade+0x880/0x880 [ 327.239953] __should_failslab+0x121/0x190 [ 327.244235] should_failslab+0x9/0x14 [ 327.248054] kmem_cache_alloc+0x2ae/0x700 [ 327.252226] ? pmd_pfn+0x12e/0x1d0 [ 327.252244] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 327.261415] ptlock_alloc+0x20/0x70 [ 327.261433] pte_alloc_one+0x6d/0x1a0 [ 327.261450] __pte_alloc+0x2a/0x360 [ 327.272481] copy_page_range+0x151f/0x1f90 [ 327.276728] ? anon_vma_fork+0x371/0x4a0 [ 327.280815] ? find_held_lock+0x35/0x130 [ 327.284894] ? anon_vma_fork+0x371/0x4a0 [ 327.288981] ? vma_compute_subtree_gap+0x158/0x230 [ 327.293933] ? vma_gap_callbacks_rotate+0x62/0x80 [ 327.298796] ? pmd_alloc+0x180/0x180 [ 327.302530] ? __vma_link_rb+0x279/0x370 [ 327.306609] copy_process.part.0+0x543d/0x7a30 [ 327.311227] ? __cleanup_sighand+0x70/0x70 [ 327.315471] ? lock_downgrade+0x880/0x880 [ 327.319626] ? kasan_check_write+0x14/0x20 [ 327.323855] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 327.328691] _do_fork+0x257/0xfd0 [ 327.332192] ? fork_idle+0x1d0/0x1d0 [ 327.335904] ? fput+0x128/0x1a0 [ 327.339185] ? ksys_write+0x1f1/0x2d0 [ 327.344373] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 327.349157] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 327.353900] ? do_syscall_64+0x26/0x620 [ 327.357865] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 327.363214] ? do_syscall_64+0x26/0x620 [ 327.367176] __x64_sys_clone+0xbf/0x150 [ 327.371184] do_syscall_64+0xfd/0x620 [ 327.374971] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 327.380150] RIP: 0033:0x459a59 [ 327.383330] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 22:37:20 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0xf0a6aed47f0000, 0x0, 0x0, 0x0, 0x0) 22:37:20 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x1, @rand_addr="b048b730810a463c6b57b0ef132d708a"}, 0x1c) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x3f, &(0x7f0000000000), &(0x7f00000000c0)=0x4) r1 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r2, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x141042, 0x0) 22:37:20 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x11]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:20 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0, 0x100000}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 327.402219] RSP: 002b:00007fae07356c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 327.409960] RAX: ffffffffffffffda RBX: 00007fae07356c90 RCX: 0000000000459a59 [ 327.417220] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 327.424480] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 327.431760] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073576d4 [ 327.439043] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 22:37:20 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 327.464824] x86/PAT: syz-executor.2:29152 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 327.473628] x86/PAT: syz-executor.2:29152 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:37:20 executing program 2 (fault-call:9 fault-nth:60): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 327.569903] x86/PAT: syz-executor.4:29173 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:37:20 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0, 0xf0ff7f}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:37:20 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x60]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:20 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 327.729567] x86/PAT: syz-executor.4:29168 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 327.747889] x86/PAT: syz-executor.2:29333 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 327.774834] x86/PAT: syz-executor.4:29168 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 327.817687] FAULT_INJECTION: forcing a failure. [ 327.817687] name failslab, interval 1, probability 0, space 0, times 0 22:37:21 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) shutdown(r1, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r2, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f00000005c0)=""/214, 0xd6}, {&(0x7f00000006c0)=""/194, 0xc2}, {&(0x7f0000000240)=""/146, 0x92}, {&(0x7f0000000880)=""/144, 0x90}, {&(0x7f0000000480)=""/13, 0xd}, {&(0x7f0000000940)=""/71, 0x47}], 0x8, 0x0) r3 = dup(r0) mknodat(r3, &(0x7f0000000000)='./file0\x00', 0x26a5fcbb91795d9, 0x1) open(0x0, 0x141042, 0x0) 22:37:21 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x100000000000000, 0x0, 0x0, 0x0, 0x0) 22:37:21 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0, 0x1000000}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:37:21 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0xfc]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 327.905157] CPU: 0 PID: 29333 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 327.912137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 327.921503] Call Trace: [ 327.924110] dump_stack+0x172/0x1f0 [ 327.927764] should_fail.cold+0xa/0x1b [ 327.931679] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 327.936809] ? lock_downgrade+0x880/0x880 [ 327.940978] __should_failslab+0x121/0x190 [ 327.945223] should_failslab+0x9/0x14 [ 327.945238] kmem_cache_alloc+0x2ae/0x700 22:37:21 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 327.945251] ? pmd_alloc+0x180/0x180 [ 327.945274] vm_area_dup+0x21/0x170 [ 327.953231] copy_process.part.0+0x3407/0x7a30 [ 327.965153] ? __cleanup_sighand+0x70/0x70 [ 327.969394] ? lock_downgrade+0x880/0x880 [ 327.973560] ? kasan_check_write+0x14/0x20 [ 327.977802] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 327.982659] _do_fork+0x257/0xfd0 [ 327.986131] ? fork_idle+0x1d0/0x1d0 [ 327.989853] ? fput+0x128/0x1a0 [ 327.993147] ? ksys_write+0x1f1/0x2d0 [ 327.996962] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 328.001717] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 328.001732] ? do_syscall_64+0x26/0x620 [ 328.001750] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 328.015820] ? do_syscall_64+0x26/0x620 [ 328.019818] __x64_sys_clone+0xbf/0x150 [ 328.023822] do_syscall_64+0xfd/0x620 [ 328.023841] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 328.023856] RIP: 0033:0x459a59 [ 328.036011] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 328.054929] RSP: 002b:00007fae07356c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 328.062652] RAX: ffffffffffffffda RBX: 00007fae07356c90 RCX: 0000000000459a59 [ 328.069935] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 328.077220] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 328.084508] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073576d4 [ 328.091787] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 22:37:21 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 328.167682] x86/PAT: syz-executor.4:29409 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:37:21 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:21 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 328.280227] x86/PAT: syz-executor.2:29333 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 328.282748] x86/PAT: syz-executor.4:29406 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 328.336213] x86/PAT: syz-executor.4:29406 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 328.363408] x86/PAT: syz-executor.2:29333 freeing invalid memtype [mem 0x00002000-0x00002fff] 22:37:21 executing program 2 (fault-call:9 fault-nth:61): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 22:37:21 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0, 0x2000000}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) 22:37:21 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0xfff, 0x101081) ioctl$PIO_UNIMAPCLR(r0, 0x4b68, &(0x7f00000000c0)={0x0, 0x6, 0xff}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r1, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) r2 = inotify_init1(0x80000) preadv(r2, &(0x7f00000009c0), 0x2a9, 0x3) open(0x0, 0x141042, 0x0) 22:37:21 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x2]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) 22:37:21 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x200000000000000, 0x0, 0x0, 0x0, 0x0) 22:37:21 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 22:37:21 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000003c0)=""/68, 0x44}, {0x0, 0x3000000}, {&(0x7f00000006c0)=""/194, 0xc2}, {0x0}, {0x0}, {0x0}], 0x7, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) fsync(0xffffffffffffffff) [ 328.580884] x86/PAT: syz-executor.4:29649 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 328.595594] x86/PAT: syz-executor.2:29664 freeing invalid memtype [mem 0x00001000-0x00001fff] 22:37:21 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x400, 0x0, 0x0, 0x0, 0x0, 0x800000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154}, {&(0x7f00000003c0)=""/68}, {&(0x7f00000005c0)=""/214}, {&(0x7f00000006c0)=""/194}, {&(0x7f00000007c0)=""/146}, {&(0x7f0000000880)=""/144}, {&(0x7f0000000480)=""/13}, {&(0x7f0000000940)=""/71}], 0x2a9, 0x0) open(0x0, 0x141042, 0x0) 22:37:21 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @ipv4}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000000)=0xffffffffffffffff, 0x11e) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 22:37:21 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x3]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 328.662652] FAULT_INJECTION: forcing a failure. [ 328.662652] name failslab, interval 1, probability 0, space 0, times 0 [ 328.745655] CPU: 0 PID: 29768 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 328.752659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 328.762029] Call Trace: [ 328.764642] dump_stack+0x172/0x1f0 [ 328.768297] should_fail.cold+0xa/0x1b [ 328.772165] x86/PAT: syz-executor.4:29645 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 328.772212] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 328.786077] ? lock_downgrade+0x880/0x880 [ 328.790253] __should_failslab+0x121/0x190 [ 328.794517] should_failslab+0x9/0x14 [ 328.798332] kmem_cache_alloc_trace+0x2cc/0x760 [ 328.803014] ? __init_cache_modes+0x260/0x260 [ 328.807386] x86/PAT: syz-executor.4:29645 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 328.807528] ? follow_phys+0x276/0x360 [ 328.807548] reserve_memtype+0x1e1/0x880 [ 328.824176] ? lock_downgrade+0x880/0x880 [ 328.828345] ? pat_init+0x4b0/0x4b0 [ 328.831989] ? __init_cache_modes+0x260/0x260 [ 328.836502] ? do_raw_spin_unlock+0x57/0x270 [ 328.840934] reserve_pfn_range+0x1b3/0x500 [ 328.845191] ? arch_io_reserve_memtype_wc+0xa0/0xa0 [ 328.850222] ? save_stack+0x45/0xd0 [ 328.853865] ? kasan_slab_alloc+0xf/0x20 [ 328.857938] ? kmem_cache_alloc+0x12e/0x700 [ 328.862266] ? vm_area_dup+0x21/0x170 [ 328.866075] ? copy_process.part.0+0x3407/0x7a30 [ 328.870839] ? _do_fork+0x257/0xfd0 [ 328.874477] ? __x64_sys_clone+0xbf/0x150 [ 328.878651] track_pfn_copy+0x196/0x1e0 [ 328.882632] ? reserve_pfn_range+0x500/0x500 [ 328.887053] ? get_mem_cgroup_from_mm+0x139/0x320 [ 328.891934] copy_page_range+0x15f6/0x1f90 22:37:22 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x4]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 328.896188] ? copy_process.part.0+0x30f9/0x7a30 [ 328.900960] ? find_held_lock+0x35/0x130 [ 328.905041] ? vma_compute_subtree_gap+0x158/0x230 [ 328.909989] ? vma_gap_callbacks_rotate+0x62/0x80 [ 328.914848] ? pmd_alloc+0x180/0x180 [ 328.918580] ? __vma_link_rb+0x279/0x370 [ 328.922661] copy_process.part.0+0x543d/0x7a30 [ 328.927281] ? __cleanup_sighand+0x70/0x70 [ 328.931524] ? lock_downgrade+0x880/0x880 [ 328.935721] ? kasan_check_write+0x14/0x20 [ 328.939964] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 328.944826] _do_fork+0x257/0xfd0 [ 328.948295] ? fork_idle+0x1d0/0x1d0 [ 328.952023] ? fput+0x128/0x1a0 [ 328.955315] ? ksys_write+0x1f1/0x2d0 [ 328.959128] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 328.963894] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 328.968660] ? do_syscall_64+0x26/0x620 [ 328.972645] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 328.978019] ? do_syscall_64+0x26/0x620 [ 328.982010] __x64_sys_clone+0xbf/0x150 [ 328.986003] do_syscall_64+0xfd/0x620 [ 328.989819] entry_SYSCALL_64_after_hwframe+0x49/0xbe 22:37:22 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x5]}, 0x3}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000200)='/', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002480), 0x0, 0xffffffffffffffff}}], 0x2, 0x40) [ 328.995102] RIP: 0033:0x459a59 [ 328.998318] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 329.017247] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 329.024981] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 329.032288] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 329.039577] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 329.039590] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 329.054135] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 [ 329.079928] WARNING: CPU: 0 PID: 29768 at arch/x86/mm/pat.c:1064 untrack_pfn+0x25c/0x2a0 [ 329.088212] Kernel panic - not syncing: panic_on_warn set ... [ 329.088212] [ 329.088768] kobject: 'loop0' (0000000049d436d4): kobject_uevent_env [ 329.095602] CPU: 0 PID: 29768 Comm: syz-executor.2 Not tainted 4.19.79 #0 [ 329.095611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 329.095616] Call Trace: [ 329.095642] dump_stack+0x172/0x1f0 [ 329.095662] panic+0x263/0x507 [ 329.095676] ? __warn_printk+0xf3/0xf3 [ 329.095698] ? untrack_pfn+0x25c/0x2a0 [ 329.095714] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 329.095727] ? __warn.cold+0x5/0x4a [ 329.095746] ? untrack_pfn+0x25c/0x2a0 [ 329.104181] kobject: 'loop0' (0000000049d436d4): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 329.109092] __warn.cold+0x20/0x4a [ 329.109109] ? untrack_pfn+0x25c/0x2a0 [ 329.109125] report_bug+0x263/0x2b0 [ 329.109209] do_error_trap+0x204/0x360 [ 329.109228] ? math_error+0x340/0x340 [ 329.143212] kobject: 'loop3' (000000009e3f22e7): kobject_uevent_env [ 329.145079] ? kasan_check_read+0x11/0x20 [ 329.145096] ? do_raw_spin_unlock+0x57/0x270 [ 329.145111] ? error_entry+0x7c/0xe0 [ 329.145127] ? trace_hardirqs_off_caller+0x65/0x220 [ 329.145144] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 329.145162] do_invalid_op+0x1b/0x20 [ 329.145176] invalid_op+0x14/0x20 [ 329.151306] kobject: 'loop3' (000000009e3f22e7): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 329.158559] RIP: 0010:untrack_pfn+0x25c/0x2a0 [ 329.158573] Code: 00 00 00 00 48 8b 45 d0 65 48 33 04 25 28 00 00 00 75 28 48 81 c4 88 00 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 64 af 3a 00 <0f> 0b eb b3 48 89 df e8 88 44 71 00 e9 b0 fe ff ff e8 5e 20 0e 00 [ 329.158580] RSP: 0018:ffff88808bcb78a0 EFLAGS: 00010246 [ 329.158592] RAX: 0000000000040000 RBX: ffff88809f80a358 RCX: ffffc9000a492000 [ 329.158599] RDX: 0000000000040000 RSI: ffffffff8130cb1c RDI: 0000000000000005 [ 329.158607] RBP: ffff88808bcb7950 R08: ffff88805a5e6380 R09: ffffed10154740a6 [ 329.158614] R10: ffffed10154740a5 R11: ffff8880aa3a052b R12: 1ffff11011796f15 [ 329.158621] R13: 00000000ffffffea R14: 0000000000000000 R15: ffff88808bcb7928 [ 329.158643] ? untrack_pfn+0x25c/0x2a0 [ 329.158663] ? track_pfn_insert+0x180/0x180 [ 329.158678] ? vm_normal_page_pmd+0x400/0x400 [ 329.158696] ? kasan_check_read+0x11/0x20 [ 329.158711] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 329.158728] ? uprobe_munmap+0xad/0x2b0 [ 329.313903] unmap_single_vma+0x1c2/0x300 [ 329.318043] unmap_vmas+0xae/0x180 [ 329.321573] exit_mmap+0x2c2/0x530 [ 329.325112] ? __ia32_sys_munmap+0x80/0x80 [ 329.329360] ? __khugepaged_exit+0x2da/0x400 [ 329.333806] ? rcu_read_lock_sched_held+0x110/0x130 [ 329.338812] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 329.344345] ? __khugepaged_exit+0xcf/0x400 [ 329.348661] mmput+0x15f/0x4c0 [ 329.351843] copy_process.part.0+0x5aaf/0x7a30 [ 329.356426] ? __cleanup_sighand+0x70/0x70 [ 329.360643] ? lock_downgrade+0x880/0x880 [ 329.364794] ? kasan_check_write+0x14/0x20 [ 329.369023] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 329.373849] _do_fork+0x257/0xfd0 [ 329.377287] ? fork_idle+0x1d0/0x1d0 [ 329.380991] ? fput+0x128/0x1a0 [ 329.384260] ? ksys_write+0x1f1/0x2d0 [ 329.388055] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 329.392795] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 329.397537] ? do_syscall_64+0x26/0x620 [ 329.401494] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 329.406849] ? do_syscall_64+0x26/0x620 [ 329.410827] __x64_sys_clone+0xbf/0x150 [ 329.414804] do_syscall_64+0xfd/0x620 [ 329.418602] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 329.423784] RIP: 0033:0x459a59 [ 329.426973] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 329.445873] RSP: 002b:00007fae07335c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 329.453579] RAX: ffffffffffffffda RBX: 00007fae07335c90 RCX: 0000000000459a59 [ 329.460841] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 329.468095] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 329.475354] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae073366d4 [ 329.482613] R13: 00000000004bff5a R14: 00000000004d2130 R15: 0000000000000005 [ 329.491321] Kernel Offset: disabled [ 329.495036] Rebooting in 86400 seconds..