ng program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:26 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = fcntl$dupfd(r3, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendmsg$IPSET_CMD_GET_BYNAME(r4, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x48, 0xe, 0x6, 0x301, 0x0, 0x0, {0x0, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x48}, 0x1, 0x0, 0x0, 0x1}, 0x0) r5 = syz_open_dev$ndb(0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) creat(&(0x7f0000000000)='./file0\x00', 0x0) r7 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r7, 0x4000000000000, 0x40, &(0x7f0000000400)=ANY=[@ANYBLOB="72617700000000000000000000000000000000000000000000000000000000000200000003000000d80200000000000090010000ffffffcb9001000000000077400200004002000040020000400200004002000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000300190010000000000000000000000000000000000000000c000737472696e6700000000000000000000000000000000000000000000000100000000626d0000000000000000000000000000bdc74c01369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa6ecab6b1d2cc05e3182f64694d7d05fb8b8c8f56627a54f905d564eeeb8334f650ca0f3c44f7fda4d20a55050342ea85ecc8838e7088de33582f36a0a375bb7008adc297a5ece1bb2df53d17bef26bb6f800000000000000000000000000000000007f00000000000000000000006000484d41524b0000000000000000efff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ac1e0001e0000002000000000000000076657468305f746f5f6261746164760069703667726574617030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b0000000000000000000000000000000000000000000400052415445455354000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x338) r8 = fcntl$dupfd(r6, 0x406, r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ioctl$NBD_DO_IT(r5, 0xab08) 03:34:26 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:26 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:26 executing program 0: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:26 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x27, 0x4, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) [ 315.202393] block nbd5: shutting down sockets [ 315.233615] block nbd5: NBD_DISCONNECT 03:34:26 executing program 3: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:26 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:26 executing program 5: clone(0x2002a2e5cfc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) 03:34:26 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:26 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockopt$CAN_RAW_LOOPBACK(r2, 0x65, 0x3, &(0x7f0000000200), &(0x7f0000000240)=0x4) r3 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r3, 0x84, 0x1e, &(0x7f0000000000), &(0x7f0000000080)=0x4) r4 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x38520) r5 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r4, 0xab00, r5) sendmsg$NFNL_MSG_COMPAT_GET(r5, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x7c, 0x0, 0xb, 0x301, 0x0, 0x0, {0x3}, [@NFTA_COMPAT_NAME={0xd, 0x1, 'trusted&\x00'}, @NFTA_COMPAT_NAME={0xe, 0x1, '/dev/nbd#\x00'}, @NFTA_COMPAT_NAME={0x5, 0x1, '\x00'}, @NFTA_COMPAT_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_COMPAT_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_COMPAT_NAME={0xe, 0x1, '/dev/nbd#\x00'}, @NFTA_COMPAT_NAME={0xe, 0x1, '/dev/nbd#\x00'}, @NFTA_COMPAT_TYPE={0x8}, @NFTA_COMPAT_REV={0x8, 0x2, 0x1, 0x0, 0x1}]}, 0x7c}, 0x1, 0x0, 0x0, 0x1}, 0x4000) r6 = syz_open_dev$ndb(0x0, 0x0, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) r8 = socket$inet_udplite(0x2, 0x2, 0x88) r9 = fcntl$dupfd(r8, 0x0, r7) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) ioctl$NBD_DO_IT(r6, 0xab08) 03:34:26 executing program 3: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:27 executing program 4: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:27 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:27 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:27 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x200e01) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) 03:34:27 executing program 0: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:27 executing program 3: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 315.974851] block nbd5: shutting down sockets 03:34:27 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x3, 0x800, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000080), 0x20) r4 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x0, 0x0) close(r4) r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r5, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r4, 0x84, 0xa, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r6}, 0x20) getsockopt$inet_sctp6_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f0000000080)={0x0, 0x80000001, 0x7bd7, 0x9, 0x9b1, 0x9, 0x8, 0x7, {r6, @in6={{0xa, 0x4e22, 0x7, @dev={0xfe, 0x80, [], 0x21}, 0x1ff}}, 0x2, 0x7, 0x8001, 0x8, 0x80000001}}, &(0x7f0000000000)=0xb0) r7 = socket$inet_udplite(0x2, 0x2, 0x88) r8 = fcntl$dupfd(r7, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) 03:34:27 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:27 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 316.255637] block nbd5: NBD_DISCONNECT 03:34:27 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) ioctl(r3, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) r6 = fcntl$dupfd(r5, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$KVM_ASSIGN_DEV_IRQ(r6, 0x4040ae70, &(0x7f0000000140)={0x8000, 0x8000, 0x3, 0x4}) ioctl$VIDIOC_DQBUF(r2, 0xc0585611, &(0x7f0000000040)={0x2, 0x1, 0x4, 0x80006000, 0x401, {0x77359400}, {0x2, 0x0, 0x3, 0x8, 0x5, 0x5, "56a27593"}, 0x4, 0x6, @offset=0x1000, 0x8, 0x0, r3}) ioctl$SOUND_MIXER_READ_RECSRC(r7, 0x80044dff, &(0x7f00000000c0)) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:27 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:27 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) ioctl(r3, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) r6 = fcntl$dupfd(r5, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$KVM_ASSIGN_DEV_IRQ(r6, 0x4040ae70, &(0x7f0000000140)={0x8000, 0x8000, 0x3, 0x4}) ioctl$VIDIOC_DQBUF(r2, 0xc0585611, &(0x7f0000000040)={0x2, 0x1, 0x4, 0x80006000, 0x401, {0x77359400}, {0x2, 0x0, 0x3, 0x8, 0x5, 0x5, "56a27593"}, 0x4, 0x6, @offset=0x1000, 0x8, 0x0, r3}) ioctl$SOUND_MIXER_READ_RECSRC(r7, 0x80044dff, &(0x7f00000000c0)) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:27 executing program 4: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:27 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:27 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:27 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) ioctl(r3, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) r6 = fcntl$dupfd(r5, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$KVM_ASSIGN_DEV_IRQ(r6, 0x4040ae70, &(0x7f0000000140)={0x8000, 0x8000, 0x3, 0x4}) ioctl$VIDIOC_DQBUF(r2, 0xc0585611, &(0x7f0000000040)={0x2, 0x1, 0x4, 0x80006000, 0x401, {0x77359400}, {0x2, 0x0, 0x3, 0x8, 0x5, 0x5, "56a27593"}, 0x4, 0x6, @offset=0x1000, 0x8, 0x0, r3}) ioctl$SOUND_MIXER_READ_RECSRC(r7, 0x80044dff, &(0x7f00000000c0)) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:27 executing program 0: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:28 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) ioctl(r3, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) r6 = fcntl$dupfd(r5, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$KVM_ASSIGN_DEV_IRQ(r6, 0x4040ae70, &(0x7f0000000140)={0x8000, 0x8000, 0x3, 0x4}) ioctl$VIDIOC_DQBUF(r2, 0xc0585611, &(0x7f0000000040)={0x2, 0x1, 0x4, 0x80006000, 0x401, {0x77359400}, {0x2, 0x0, 0x3, 0x8, 0x5, 0x5, "56a27593"}, 0x4, 0x6, @offset=0x1000, 0x8, 0x0, r3}) ioctl$SOUND_MIXER_READ_RECSRC(r7, 0x80044dff, &(0x7f00000000c0)) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:28 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) ioctl(r3, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) r6 = fcntl$dupfd(r5, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$KVM_ASSIGN_DEV_IRQ(r6, 0x4040ae70, &(0x7f0000000140)={0x8000, 0x8000, 0x3, 0x4}) ioctl$VIDIOC_DQBUF(r2, 0xc0585611, &(0x7f0000000040)={0x2, 0x1, 0x4, 0x80006000, 0x401, {0x77359400}, {0x2, 0x0, 0x3, 0x8, 0x5, 0x5, "56a27593"}, 0x4, 0x6, @offset=0x1000, 0x8, 0x0, r3}) ioctl$SOUND_MIXER_READ_RECSRC(r7, 0x80044dff, &(0x7f00000000c0)) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:28 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000007c0)=ANY=[@ANYBLOB="72617700000000000000000000000000000000000000000000000000000000000200000003000000d80200000000000090010000ffffffcb9001000000000077400200004002000040020000400200004002000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000300190010000000000000000000000000000000000000000c000737472696e6700000000000000000000000000000000000000000000000100000000626d0000000000000000000000000000bdc74c01369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa6ecab6b1d2cc05e3182f64694d7d05fb8b8c8f56627a54f905d564eeeb8334f650ca0f3c44f7fda4d20a55050342ea85ecc8838e7088de33582f36a0a375bb7008adc297a5ece1bb2df53d17bef26bb6f800000000000000000000000000000000007f00000000000000000000006000484d41524b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ac1e0001e0000002000000000000000076657468305f746f5f6261746164760069703667726574617030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b0000000000000000000000000000000000000000000400052415445455354000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000018108150cc57a7d6026ffc4ed9489b2c118d23bee5d81a1e84941236556c4fcdc0bfc98de3d39ef22dbfebe8ea32caa035b9f53e38c3694fa319d3b3eb4b101d2736d916a04abb7f981d29881763d429ac3bf8ea327bbfd42a3756b401f40f50b220de3f708959247ac5f12d74729cb23b3717a757efbbfaffec843934607f9"], 0x338) ioctl$sock_inet_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000140)) r1 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r2 = socket(0x2, 0x1, 0x0) r3 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0xff, 0x10000) ioctl$KVM_GET_VCPU_EVENTS(r3, 0x8040ae9f, &(0x7f0000000100)) ioctl$NBD_SET_SOCK(r1, 0xab00, r2) r4 = syz_open_dev$ndb(0x0, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) r7 = fcntl$dupfd(r6, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$NBD_DO_IT(r4, 0xab08) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x212302, 0x0) ioctl$FITRIM(r8, 0xc0185879, &(0x7f0000000080)={0x8, 0x7, 0x2}) 03:34:28 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:28 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 317.076204] xt_HMARK: hash modulus can't be zero 03:34:28 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) ioctl(r3, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) r6 = fcntl$dupfd(r5, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$KVM_ASSIGN_DEV_IRQ(r6, 0x4040ae70, &(0x7f0000000140)={0x8000, 0x8000, 0x3, 0x4}) ioctl$VIDIOC_DQBUF(r2, 0xc0585611, &(0x7f0000000040)={0x2, 0x1, 0x4, 0x80006000, 0x401, {0x77359400}, {0x2, 0x0, 0x3, 0x8, 0x5, 0x5, "56a27593"}, 0x4, 0x6, @offset=0x1000, 0x8, 0x0, r3}) ioctl$SOUND_MIXER_READ_RECSRC(r7, 0x80044dff, &(0x7f00000000c0)) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) [ 317.099476] block nbd5: shutting down sockets [ 317.120851] xt_HMARK: hash modulus can't be zero 03:34:28 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) ioctl(r3, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) r6 = fcntl$dupfd(r5, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$KVM_ASSIGN_DEV_IRQ(r6, 0x4040ae70, &(0x7f0000000140)={0x8000, 0x8000, 0x3, 0x4}) ioctl$VIDIOC_DQBUF(r2, 0xc0585611, &(0x7f0000000040)={0x2, 0x1, 0x4, 0x80006000, 0x401, {0x77359400}, {0x2, 0x0, 0x3, 0x8, 0x5, 0x5, "56a27593"}, 0x4, 0x6, @offset=0x1000, 0x8, 0x0, r3}) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:28 executing program 4: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:28 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) readlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)=""/55, 0x37) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x0, 0x0) close(r4) r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r5, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r4, 0x84, 0xa, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r6}, 0x20) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f00000000c0)={0x2, 0x5, 0xed5, 0xfffff0e5, r6}, 0x10) r7 = socket$inet_udplite(0x2, 0x2, 0x88) r8 = fcntl$dupfd(r7, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) 03:34:28 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) ioctl(r3, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) r6 = fcntl$dupfd(r5, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$KVM_ASSIGN_DEV_IRQ(r6, 0x4040ae70, &(0x7f0000000140)={0x8000, 0x8000, 0x3, 0x4}) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:28 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:28 executing program 0: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:28 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:28 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) ioctl(r3, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) r6 = fcntl$dupfd(r5, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) [ 317.754385] block nbd5: NBD_DISCONNECT [ 317.758538] block nbd5: Send disconnect failed -32 03:34:28 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) ioctl(r3, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) fcntl$dupfd(r5, 0x0, r4) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:28 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:29 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) ioctl(r3, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:29 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:29 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:29 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) ioctl(r3, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) [ 318.478829] block nbd5: shutting down sockets 03:34:29 executing program 5: clone(0x10000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) 03:34:29 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:29 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:29 executing program 0: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:29 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700), 0x0, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:29 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r4 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) ioctl(r4, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) 03:34:29 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) ioctl(r3, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:29 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_init_net_socket$ax25(0x3, 0x3, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:29 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) getsockopt$inet6_opts(r1, 0x29, 0x39, &(0x7f00000001c0)=""/223, &(0x7f00000002c0)=0xdf) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000c00)=ANY=[@ANYBLOB="72617700000000000000000000000000000000000000000000000000000000000200000003000000d80200000000000090010000ffffffcb900100000000007740f1ff004002000040020000400200004002000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000300190010000000000000000000000000000000000000000c000737472696e6700000000000000000000000000000000000000000000000100000000626d0000000000000000000000000000bdc74c01369df17d17ac76fa5f9b3bfa0c34430d862040bc25b2b73a59aa6ecab6b1d2cc05e3182f64694d7d05fb8b8c8f56627a54f905d564eeeb8334f650ca0f3c44f7fda4d20a5505395b0d89095ee189582f36a0a375bb7008adc297a5ece1bb2df53d17bef26bb6f80000000000000000000000007f00000000000000000000006000484d41524b0000000000000000000000000000000017000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ac1e0001e0ae136b38daf9862700000076657468305f746f5f62617461647600697036677265746170300000000000000000000000000000000000000000000000000000000000dda00000000000000000000000000000007000b000000000000000d6b0cb454494804d0000000000004000524154454553540000000000000000000000000000000000000000000000737965387a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000026d61262a4f2c5ea5f4dae6a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280000000000000000000000000000000000000000000000000000000000004896f51f4d78867c2bba5ec968c3cc6c9ffff013a097b3900ca03b87b66ab5285450da86d5825644ddc414756f900b22c5fca6272c498402cf895aae964440bfcb6ad4bc3b998f7dd71a2d0a5689cd87a983d23e17b7d48243f34e2ec56784f03e5d4af42b3eb4d0d42c0857d171b816739db46cf5f39eb56ab410dc6b9dc43af15be5e618cb65c7d29ce968e122632453c7c602f041f67569e1b35b017cb35ab125e54654be78adeace27b06d9647ef5a6ce8131a3b0a9986c5dda2732a760c8eafa7d9d960291ce6175abb63f7814d5b6d0667d62f3c1d365d72a018aaffdd1e5e1f5d9040921fc0a3e90ba0df982d38366883c2cf29601bfd"], 0x338) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000300)="0583952ed08475f95f9fa5bca0a7088c93dd87317914982efb31b3e2c93cd60f2ce0cefd62b2e052abd95881d86cdd36517185c50927a873239ebb4acbdd2907bae96720b825aac4073680a656fd9b1ff2d57a23039348edb14031a6342ebd30fd43fb6b433a1cbc297b8c4dd7e5a1112a714e32494707c8dd17ebfcfc4a05cb1be63272f5adaca87c1c93613f50310fdb133f266ca1438d835c7bcd8f8218bda33ed614925bd2d330577a5fbea9dfa35c34c6a9", 0xb4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = socket$inet_udplite(0x2, 0x2, 0x88) r8 = fcntl$dupfd(r7, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080)='nl80211\x00') sendmsg$NL80211_CMD_GET_REG(r8, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x58, r9, 0x100, 0x70bd2d, 0x25dfdbfd, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}, @NL80211_ATTR_REG_RULES={0x14, 0x22, 0x0, 0x1, [@NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x100}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x8}]}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0xde}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x4}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x2}]}, 0x58}, 0x1, 0x0, 0x0, 0x28880}, 0x40050) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) [ 318.648479] block nbd5: NBD_DISCONNECT [ 318.654509] block nbd5: Send disconnect failed -32 [ 318.685690] block nbd5: shutting down sockets 03:34:29 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:29 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700), 0x0, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:29 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:30 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) fcntl$dupfd(r1, 0x0, r0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) [ 318.849070] block nbd5: NBD_DISCONNECT [ 318.864911] block nbd5: Send disconnect failed -32 [ 318.884922] block nbd5: shutting down sockets 03:34:30 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000400)='IPVS\x00') r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) sendmsg$IPVS_CMD_NEW_SERVICE(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)={0x20, r2, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0xc, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6}]}]}, 0x20}, 0x1, 0xa00000000000000}, 0x0) sendmsg$IPVS_CMD_GET_CONFIG(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000080)={0x140, r2, 0x0, 0x70bd29, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1}, @IPVS_CMD_ATTR_DEST={0x60, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x8}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x4}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@remote}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e24}]}, @IPVS_CMD_ATTR_SERVICE={0x20, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wlc\x00'}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x4, 0x15}}]}, @IPVS_CMD_ATTR_DAEMON={0x18, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @rand_addr="2f3696e3f65444a33d126c53a1d47698"}]}, @IPVS_CMD_ATTR_SERVICE={0x58, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x2a}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@broadcast}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@multicast2}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x8, 0x36}}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0xc}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x8}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x1ff}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e24}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x4}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}]}]}, 0x140}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r6 = syz_open_dev$ndb(0x0, 0x0, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) r8 = socket$inet_udplite(0x2, 0x2, 0x88) r9 = fcntl$dupfd(r8, 0x0, r7) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) ioctl$NBD_DO_IT(r6, 0xab08) [ 319.099372] block nbd5: shutting down sockets 03:34:30 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700), 0x0, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:30 executing program 0: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:30 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) fcntl$dupfd(r1, 0x0, r0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:30 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:30 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x0, 0x0) close(r2) r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r3, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f00000000c0)=ANY=[@ANYBLOB="81000000231cb568a90a1a50c164c675d50fdc6d5b22f884c282c799fab08d4c614111a6101a26d442010100000000000037af32e42beec8975cc9f536075e40e1d0b18f96f7cc15341b841e9d72743897491ec9276c177d8573651d554c867b8b927b73dc6176a403f7d39d40d93a7eaae656761722fd52c0613cc3cac7ccfe41890c1edf7bf5a90000000000000058f6dac1fb0990ee1951ff9f12852f10b8142ff8547c762fd3cfe277a44bd7c7488be010a79f81b1c89fc884ccbc1723f785b8d1a2c91060022c3a6c03aa2282f186fbad01829765f0", @ANYRES32=0x0], &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4}, 0x20) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000000)={r4, 0x3ed5, 0x7fff}, &(0x7f0000000080)=0x8) r5 = socket(0x4, 0x80000, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r5) r6 = syz_open_dev$ndb(0x0, 0x0, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) r8 = socket$inet_udplite(0x2, 0x2, 0x88) r9 = fcntl$dupfd(r8, 0x0, r7) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) ioctl$NBD_DO_IT(r6, 0xab08) 03:34:30 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:30 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) fcntl$dupfd(r1, 0x0, r0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:30 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:30 executing program 1: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:30 executing program 1: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:30 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:30 executing program 1: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:30 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:31 executing program 0: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:31 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:31 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:31 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:31 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:31 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r0 = socket(0x2, 0x1, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x10001, 0x0) ioctl$NBD_SET_SOCK(r1, 0xab00, r0) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) 03:34:31 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) [ 320.367497] block nbd5: NBD_DISCONNECT 03:34:31 executing program 5: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/keys\x00', 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'team0\x00', 0x400}) clone(0x200c282db7c, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x165240) socket(0x2, 0x1, 0x0) r1 = syz_open_dev$ndb(0x0, 0x0, 0x22c040) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vga_arbiter\x00', 0x640, 0x0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000140)={0x0, 0x0, r3}) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = socket$inet_udplite(0x2, 0x2, 0x88) r8 = fcntl$dupfd(r7, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r8, 0x84, 0x4, &(0x7f0000000180)=0x1, 0x4) ioctl$NBD_DO_IT(r1, 0xab08) write$USERIO_CMD_SET_PORT_TYPE(0xffffffffffffffff, &(0x7f0000000000), 0x2) 03:34:31 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:31 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) socket$nl_audit(0x10, 0x3, 0x9) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) 03:34:31 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:31 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) [ 320.625270] block nbd5: NBD_DISCONNECT [ 320.633061] block nbd5: Send disconnect failed -32 [ 320.650806] block nbd5: shutting down sockets 03:34:32 executing program 0: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:32 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:32 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) ioctl(r6, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r6, &(0x7f0000000000)={0x10000005}) ioctl$NBD_DO_IT(r2, 0xab08) 03:34:32 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:32 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:32 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:32 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:32 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x5, 0x2, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x1a3803) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) r4 = epoll_create1(0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000240)) r5 = syz_open_pts(r3, 0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r5, &(0x7f0000000080)) dup3(r4, r3, 0x0) ioctl$KDFONTOP_GET(r3, 0x4b72, &(0x7f0000000000)={0x1, 0x0, 0x12, 0x6, 0xf1, &(0x7f0000000080)}) socket$inet6_tcp(0xa, 0x1, 0x0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) r7 = fcntl$dupfd(r6, 0x406, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$PPPIOCSACTIVE(0xffffffffffffffff, 0x40107446, &(0x7f00000004c0)={0x2000000000000087, &(0x7f0000000500)=[{0x101, 0x1, 0x6, 0x7}, {0x4, 0x4, 0x0, 0x1}, {0xffff, 0x7f, 0x0, 0x1000}]}) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) [ 321.224385] block nbd5: NBD_DISCONNECT [ 321.237049] block nbd5: Send disconnect failed -32 [ 321.247733] block nbd5: shutting down sockets 03:34:32 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:32 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 321.402807] block nbd5: NBD_DISCONNECT 03:34:32 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:32 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:33 executing program 0: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:33 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:33 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x200, 0x0) ioctl$PPPIOCSFLAGS(r5, 0x40047459, &(0x7f0000000080)=0x2000400) r6 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) 03:34:33 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:33 executing program 1: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:33 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:33 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:33 executing program 1: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) [ 322.089903] QAT: Invalid ioctl [ 322.102943] block nbd5: NBD_DISCONNECT [ 322.107011] block nbd5: Send disconnect failed -32 [ 322.166421] block nbd5: shutting down sockets 03:34:33 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f00000000c0)='/dev/nbd#\x00', 0x0, 0x468046) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = socket$inet6(0xa, 0xb, 0x86) getsockopt$sock_int(r2, 0x1, 0x1, &(0x7f0000000000), &(0x7f0000000080)=0x4) r3 = syz_open_dev$ndb(0x0, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) r6 = fcntl$dupfd(r5, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$NBD_DO_IT(r3, 0xab08) 03:34:33 executing program 1: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:33 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:33 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) [ 322.329220] block nbd5: NBD_DISCONNECT 03:34:34 executing program 0: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:34 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) syz_open_dev$ndb(0x0, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = fcntl$dupfd(r3, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) 03:34:34 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:34 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:34 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:34 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:34 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 322.986581] block nbd5: shutting down sockets 03:34:34 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x4100) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) 03:34:34 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:34 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:34 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$SIOCX25SCALLUSERDATA(r1, 0x89e5, &(0x7f0000000080)={0x17, "5633cf9947a8d66f88f4a4d327318e5986f0ba1e3760e8b4137423c16afbf96b8eaa83cc2f514e7f3ca6ba5f7bfab53f3e57eeb1a0a5da9c5d1cb81146bc59d7e02e3dd9412f9aa726273b6c889ec514cb5fa1a49bca51a0017a7cb0b4d2f0e4f3dfdbb91c4e81285f0120effbdffd636e6a1650cec9348ac20cfe025802c072"}) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) 03:34:34 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) [ 323.115904] block nbd5: NBD_DISCONNECT [ 323.122032] block nbd5: Send disconnect failed -32 [ 323.139914] block nbd5: shutting down sockets [ 323.258441] block nbd5: NBD_DISCONNECT [ 323.268675] block nbd5: Send disconnect failed -32 [ 323.291567] block nbd5: shutting down sockets [ 323.682308] NOHZ: local_softirq_pending 08 03:34:34 executing program 0: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:34 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:34 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:34 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r0 = socket(0x2, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = fcntl$dupfd(r2, 0x0, r1) setregid(0x0, 0xee01) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, &(0x7f0000000180)=ANY=[@ANYBLOB="72617700000000000000000000000000000000000000000000000000000000000200000003000000d80200000000000090010000ffffffcb900100000000007740020000400200004002000040020000400200000300000000000000000000000000000000000000000000000000000000000000000000f9ff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000300190010000000000000000000000000000000000006d19167cadd0191d4b033186dc0000c000737472696e6700000000000000000000000000000000000000000000000100000000626d0000000000000000000000000000bdc74c01369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa6ecab6b1d2cc05e3182f64694d7d05fb8b8c8f56627a54f905d564eeeb8334f650ca0f3c44f7fda4d20a55050342ea85ecc8838e7088de33582f36a0a375bb7008adc297a5ece1bb2df53d17bef26bb6f800000000000000000000000000000000007f00000000000000000000006000484d41524b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00000000000000000000000000000000000000000000000000000000000000ac1e0001e0000002000000000000000076657468305f746f5f62617461647600697036677265746170300000000000000000000000000000000000000000000000000000000000000000000000000000000000007826d88e47f10e41000000000000000000000000000000000000000040005241544545535400c8bff0d100000000000000000000000000000000000073797a31000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070009800000000000000000000018000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000fb630fac91ec18390150fa16286f80d8028a96890e38eb062ce532317764dda518e319caa49ccc70cd9fd4d8ae85a804695e510abf354c402214d4f50cdc5fc5ebf29161ee0597c07bbd7a6321448ded7538bc5a2964b7f203cd9b043e4a346dcdc242e947f784acd749c60767b3aa92339b1dc15009344eb1e374fcd7e86e521c5454d374dad62181ae84c38fc72454ab8fff16e368f3829bb3a6e9d784d06fa17d37dd77527b35a0c1048937537f32ba7452f85e6798fbe9c9d03682f616"], 0x338) ioctl$EXT4_IOC_MOVE_EXT(r4, 0xc028660f, &(0x7f0000000140)={0x0, r0, 0x1000, 0x3, 0x100000001, 0x9}) sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x7, 0x1, 0x801, 0x0, 0x0, {0x5, 0x0, 0x9}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x48000}, 0x20040084) ioctl$NBD_SET_SOCK(0xffffffffffffffff, 0xab00, 0xffffffffffffffff) r5 = syz_open_dev$ndb(0x0, 0x0, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = socket$inet_udplite(0x2, 0x2, 0x88) r8 = fcntl$dupfd(r7, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x0) ioctl$NBD_DO_IT(r5, 0xab08) 03:34:34 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:34 executing program 5: clone(0x53004400, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) 03:34:35 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:35 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:35 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:35 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:35 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:35 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, 0x0, 0x0) [ 324.154393] IPVS: ftp: loaded support on port[0] = 21 03:34:35 executing program 0: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:35 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, 0x0, 0x0) 03:34:35 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, 0x0, 0x0) 03:34:35 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:35 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:36 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:36 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) 03:34:36 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:36 executing program 0: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:36 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) 03:34:36 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) 03:34:36 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:36 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)}, 0x0) 03:34:36 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)}, 0x0) 03:34:36 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:36 executing program 0: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:36 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:36 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)}, 0x0) 03:34:36 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000080)=0x110, 0x4) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000040)='lo\x00\x96o\xd6Q\xb9Y\xa9\xc8J,\x00\xd2\x97\x04\x03\xdc\r') ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ') r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000100)='NLBL_CIPSOv4\x00') sendmsg$NLBL_CIPSOV4_C_REMOVE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="1af5eff25331f2c060d7f77959a2f8d4cb0baf48ba8a8d24a25bf5f947d295fb747f57b749cf9c62d9a5ff3ada239f3b62d2e25f348b729db5ccf8a8c771329c6867a9e6d3616c829a9eb1c09f", @ANYRES16=r3, @ANYBLOB="02002bbd7000ffdbdf250200000c0800"], 0x3}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000140)={&(0x7f00000023c0)=ANY=[@ANYBLOB="b40300001eb9764eb445b89e034fa4b2a1d55bdf1e8efd42d46eac8e12419372b343914b7fbfdd2b4b5dcab5bdfdd85c940b4757739c811d374c929c64c29dab6339f05012b01568cdb039d240e70bf5a3bb6fbff62fad37adb611ab8b5e287eb025e4485a59216c905004eaba04b25340c9789286a7842c28471c291e6ebb10113a8affffffff64e1e844c64278c1ef47eb56b7ac5853be4dcba37f94a88c3a806ce18dc3856da4d3a7fc19264415e06bc306e680655d6edcb86b8d211e7408", @ANYRES16=r3, @ANYBLOB="010026bd7000fbdbdf250100000018010c8044000b8008000a00d514000008000900884d7a5a08000900e9ffa43608000a006009000008000900e0aed83608000a0015c100000800090096744730080009e06327a6031c000b8008000900d546d87e08000a00de42000008000a00307900003c000b8008000a00781f000008000900bb642725080009005a17dc2d08000900329d8f1308000a008ee60000080009005e80493008000a0071c600000c000b8008000a0026d8000034000b8008000a00b49d000008000a0070bb000008000a008114000008000a0084c2000008000900c8e7bf6508000a00803500002c700b80080009001a70766f080009004bd66d6008000a006984000008000a002280000008000900d3792f350c000b8008000a00f4580000940108804c00078008000500ed93e802080006003500000008000600c2000000080005003e89901308000600f3000000080006003e00000008000600520000000800050007000000080006006d0000000c00078008000500a582de2b34000780080005040041c91308000600740000000800060030000000080006004500000008000600a4000000080006009b0000004400078008000500d4c13d3f08000500a7d5eb1c080006007900000008000600190000000800060073000000080006008700000008000500877e5411080005000df98e5a0c00078008000600940000000c000780080006008f0000002c00078008000600cf00000008000500cf135e5e08000500f9d7b748080005000e8f995a080005009895a76b080006001000000008000600fb00100000000600ea00000008000500900f854b3c00078008000500ec317b050800060055000000080006000a00000008000500504d9f4a080005008c7b4f160800060009000000080005007c7f970814000780080005009fe95b6908000500f64bdb6b08000100010000001400048005000300070000000500030001000000c800088034000780080005004aac595408000500f424610b08000500eda2887208000500e3efce0208000500a3c4e039080006005a0000001c000780080005001a7b485708000500b1098220080006006900000014000780080005008f49e21508000600af0000000c000780080006009500000054000780080005005e4be72908000500893ab819080006001000000008000500d0ab71120800050016884f0b0800050086f9871108000600db000000080005005abc685a080006002100000008000500e59bf17a08000100020000000800020001000000a9559d33f233bb1322c254b00b8d0ea82366bacad77578fc558b99b9da2bd8f44f101bf5f2f02f93f1a2586b52a3784a8f4914db2efa9991450e98dc1257f67ba97e521c994999e3e55f4df8c374f0c7110894427741f6ff3546deae29a2cec3868fd629b300"/1043], 0x3b4}}, 0x4040000) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r3, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0xffffffffffffffff}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8010}, 0x4) sendmsg$NLBL_CIPSOV4_C_LISTALL(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000080)={0x108, r3, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_MLSLVLLST={0xa8, 0x8, 0x0, 0x1, [{0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x16}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4bc41372}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xb4}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x38b152e5}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x67350a8c}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x19cc8eb0}]}, {0x44, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1ac8cb69}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x384964a2}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x17287676}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe1}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x655ad0fc}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x12dfd94d}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe1}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x8d423e0}]}, {0x2c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xa7}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3a970523}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x12}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x5}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xf8}]}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x1}, @NLBL_CIPSOV4_A_MLSCATLST={0x3c, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5208daa4}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2ed2}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7ad0}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9ddd}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3b265f42}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5301362e}]}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x108}, 0x1, 0x0, 0x0, 0x40000}, 0x88080) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r4 = syz_open_dev$ndb(0x0, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) r7 = fcntl$dupfd(r6, 0x406, r5) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$NBD_DO_IT(r4, 0xab08) [ 325.638524] block nbd5: NBD_DISCONNECT [ 325.642766] block nbd5: Send disconnect failed -32 03:34:36 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[]}}, 0x0) 03:34:36 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:36 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) ioctl(r6, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") r7 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCGSOFTCAR(r7, 0x5419, &(0x7f0000000100)) accept$ax25(r6, &(0x7f0000000080)={{0x3, @null}, [@netrom, @null, @rose, @netrom, @default, @null, @remote, @null]}, &(0x7f0000000000)=0x48) ioctl$NBD_DO_IT(r2, 0xab08) [ 325.717269] block nbd5: shutting down sockets 03:34:36 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:37 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[]}}, 0x0) [ 325.885501] block nbd5: NBD_DISCONNECT [ 325.911402] block nbd5: Send disconnect failed -32 [ 325.934224] block nbd5: shutting down sockets 03:34:37 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[]}}, 0x0) 03:34:37 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x200004000000) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) dup2(r3, 0xffffffffffffffff) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000200)={0x3, 0x40, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast1}, {0xa, 0x0, 0x0, @loopback={0xff00000000000000}}, r5}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r2, &(0x7f0000000000)={0x4, 0x8, 0xfa00, {r5}}, 0x10) r6 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r6) r7 = syz_open_dev$ndb(0x0, 0x0, 0x0) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) r9 = socket$inet_udplite(0x2, 0x2, 0x88) r10 = fcntl$dupfd(r9, 0x0, r8) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) ioctl$NBD_DO_IT(r7, 0xab08) 03:34:37 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB], 0x1}}, 0x0) 03:34:37 executing program 0: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 326.172065] block nbd5: NBD_DISCONNECT [ 326.176139] block nbd5: Send disconnect failed -32 [ 326.202562] block nbd5: shutting down sockets 03:34:37 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:37 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:37 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB], 0x1}}, 0x0) 03:34:37 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$NBD_CLEAR_SOCK(r5, 0xab04) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = socket$inet_udplite(0x2, 0x2, 0x88) r8 = fcntl$dupfd(r7, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) [ 326.465143] block nbd5: NBD_DISCONNECT [ 326.469321] block nbd5: Send disconnect failed -32 [ 326.495303] block nbd5: shutting down sockets 03:34:37 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:37 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB], 0x1}}, 0x0) 03:34:37 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000080)={{{@in=@multicast2, @in=@empty}}, {{@in=@local}, 0x0, @in=@remote}}, &(0x7f0000000000)=0xe8) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) 03:34:37 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:37 executing program 0: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:38 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed"], 0x1}}, 0x0) [ 326.844503] block nbd5: NBD_DISCONNECT [ 326.850364] block nbd5: Send disconnect failed -32 [ 326.866045] block nbd5: shutting down sockets 03:34:38 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x68500) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) 03:34:38 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed"], 0x1}}, 0x0) [ 327.013214] block nbd5: NBD_DISCONNECT [ 327.027574] block nbd5: Send disconnect failed -32 [ 327.050197] block nbd5: shutting down sockets 03:34:38 executing program 5: clone(0x80240000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) socket(0x9, 0x801, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$NBD_SET_SOCK(r0, 0xab00, r3) r4 = syz_open_dev$ndb(0x0, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) r8 = socket$inet_udplite(0x2, 0x2, 0x88) r9 = fcntl$dupfd(r8, 0x0, r7) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r9, 0x84, 0x6, &(0x7f0000000080)={0x0, @in6={{0xa, 0x4e20, 0x1, @ipv4={[], [], @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x3f}}}, &(0x7f0000000000)=0x84) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r9, 0x84, 0x72, &(0x7f0000000140)={r10, 0x10000}, &(0x7f0000000180)=0xc) r11 = fcntl$dupfd(r6, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r11, 0x8912, 0x400200) ioctl$NBD_DO_IT(r4, 0xab08) 03:34:38 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:38 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed"], 0x1}}, 0x0) 03:34:38 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:38 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:38 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbb"], 0x1}}, 0x0) 03:34:38 executing program 0: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:38 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:38 executing program 5: r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010000d0700000000ff03000000000010", @ANYRES32=r1, @ANYBLOB="004e7c7c5b8a00001c0012000c000100626f6e64000000060c0002000800010006000000"], 0x3c}}, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = fcntl$dupfd(r3, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x64, 0x0, 0x8, 0x70bd27, 0x25dfdbfd, {}, [@GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @remote}, @GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_PEER_ADDRESS={0x8, 0x4, @remote}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0xc}}, @GTPA_FLOW={0x6, 0x6, 0x4}, @GTPA_FLOW={0x6, 0x6, 0x2}, @GTPA_LINK={0x8}, @GTPA_LINK={0x8, 0x1, r1}, @GTPA_NET_NS_FD={0x8, 0x7, r4}]}, 0x64}, 0x1, 0x0, 0x0, 0x40400d5}, 0x8000) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r5 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r6 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r5, 0xab00, r6) r7 = syz_open_dev$ndb(0x0, 0x0, 0x0) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) r9 = socket$inet_udplite(0x2, 0x2, 0x88) r10 = fcntl$dupfd(r9, 0x0, r8) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) ioctl$NBD_DO_IT(r7, 0xab08) 03:34:38 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r4 = fcntl$dupfd(r0, 0x406, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) 03:34:38 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbb"], 0x1}}, 0x0) [ 327.768177] block nbd5: NBD_DISCONNECT [ 327.772611] block nbd5: Send disconnect failed -32 [ 327.796700] block nbd5: shutting down sockets 03:34:38 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:39 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbb"], 0x1}}, 0x0) [ 327.829438] block nbd5: NBD_DISCONNECT [ 327.869237] block nbd5: Send disconnect failed -32 [ 327.888857] block nbd5: shutting down sockets 03:34:39 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) syz_open_dev$ndb(0x0, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) accept4(r2, &(0x7f0000000080)=@tipc=@id, &(0x7f0000000100)=0x80, 0x80800) r4 = fcntl$dupfd(r3, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) ioctl(r2, 0x400dab2, &(0x7f0000000000)="f5b2c222d55abece0f50a9d237e94fce19683acff847a071") r6 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r6, 0x4000000000000, 0x40, &(0x7f0000000400)=ANY=[@ANYBLOB="72617700000000000000000000000000000000000000000000000000000000000200000003000000d80200000000000090010000ffffffcb900100000000007740020000400200004002000040020000400200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000300190010000000000000000000000000000000000000000c000737472696e6700000000000000000000000000000000000000000000000100000000626d0000000000000000000000000000bdc74c01369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa6ecab6b1d2cc05e3182f64694d7d05fb8b8c8f56627a54f905d564eeeb8334f650ca0f3c44f7fda4d20a55050342ea85ecc8838e7088de33582f36a0a375bb7008adc297a5ece1bb2df53d17bef26bb6f800000000000000000000000000000000007f00000000000000000000006000484d41524b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ac1e0001e0000002000000000000000076657468305f746f5f6261746164760069703667726574617030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b0000000000000000000000000000000000000000000400052415445455354000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x338) r7 = dup3(r5, r6, 0x80000) ioctl$NBD_DO_IT(r7, 0xab08) r8 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r8, 0x4000000000000, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x2, 0x3, 0x2d8, 0x0, 0x190, 0xcbffffff, 0x190, 0x77000000, 0x240, 0x240, 0x240, 0x240, 0x240, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x130, 0x190, 0x0, {}, [@common=@unspec=@string={{0xc0, 'string\x00'}, {0x0, 0x0, 'bm\x00', "bdc74c01369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa6ecab6b1d2cc05e3182f64694d7d05fb8b8c8f56627a54f905d564eeeb8334f650ca0f3c44f7fda4d20a55050342ea85ecc8838e7088de33582f36a0a375bb7008adc297a5ece1bb2df53d17bef26bb6f800", 0x7f}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@empty}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, 0x0, 0x0, 'veth0_to_batadv\x00', 'ip6gretap0\x00'}, 0x0, 0x70, 0xb0}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x338) setsockopt$IPT_SO_SET_REPLACE(r8, 0x0, 0x40, &(0x7f0000000740)=ANY=[@ANYBLOB="6d616e676c6500000000000000000000000000000000000000000000000000001f000000060000004004000000000000500200000000000000000000e8020000a8030000a8030000a8030000a8030000a803000006000000", @ANYPTR=&(0x7f0000000140)=ANY=[@ANYBLOB='\x00'/96], @ANYBLOB="ac14141be0000001000000ffff00000076657468315f766972745f776966690076657468315f746f5f62617461647600ff000300000000000000000000000000ff00000000000000000000000000000089000312000000007000d000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000200000006000000020000000400000000000000020000000100000002040000040000002d97cb2e030000000300000004000000000000000400000002030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800434845434b53554d00000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000000000000000000000000000000000000000002800727066696c7465720000000000000000000000000000000000000000000003000000000000002800727066696c7465720000000000000000000000000000000000000000000009000000000000002800434845434b53554d0000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070009800000000000000000000000000000000000000000028004e46515545554500000000000000000000000000000000000000000000038e0a660702000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800c00000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000400000000000000280045434e000000000000000000000000000000000000000000000000000000101d020000000000000000000000000000000000409eed1dc2321a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000fe"], 0x4a0) 03:34:39 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a9"], 0x1}}, 0x0) 03:34:39 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:39 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:39 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x440) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000000080)=0xc) setfsgid(r4) fchown(0xffffffffffffffff, 0x0, r4) fchownat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, r4, 0x800) r5 = socket$inet_udplite(0x2, 0x2, 0x88) r6 = fcntl$dupfd(r5, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) r8 = socket$inet_udplite(0x2, 0x2, 0x88) r9 = fcntl$dupfd(r8, 0x0, r7) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r9, 0x54a3) [ 328.203054] block nbd5: NBD_DISCONNECT [ 328.219987] block nbd5: Send disconnect failed -32 [ 328.246651] block nbd5: shutting down sockets 03:34:39 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a9"], 0x1}}, 0x0) 03:34:39 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:39 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:39 executing program 0: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:39 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) r7 = epoll_create1(0x0) ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000240)) r8 = syz_open_pts(r6, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r8, &(0x7f0000000080)) ioctl$TCSETS2(r8, 0x402c542b, &(0x7f0000000000)={0x7ff, 0x97, 0x6, 0x6, 0x76, "15000000000000000000004098993200", 0xffff, 0x56a8}) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x3c}}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000827bd7000fbdbdf250700000008000100dd00080014000400766574683100000000000000000000000800030062dfe4", @ANYRES32=0x0, @ANYBLOB="08000300", @ANYRES32=r9, @ANYBLOB="0800050004000000140004006e657470636930000000000000000000"], 0x5c}, 0x1, 0x0, 0x0, 0x810}, 0xc38b5a2ef8be310d) 03:34:39 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a9"], 0x1}}, 0x0) [ 328.585338] block nbd5: NBD_DISCONNECT [ 328.595649] block nbd5: Send disconnect failed -32 [ 328.619913] block nbd5: shutting down sockets 03:34:39 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287f"], 0x1}}, 0x0) 03:34:39 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x729002) r1 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") ioctl$sock_TIOCOUTQ(r1, 0x5411, &(0x7f0000000000)) r2 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r2) r3 = syz_open_dev$ndb(0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet_buf(r2, 0x0, 0x27, &(0x7f0000000200)=""/4096, &(0x7f0000000080)=0x1000) socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, &(0x7f0000001200)=ANY=[@ANYBLOB="72617700000000000000000000000000000000000000000000000000000000000200000003000000d80200000000000090010000ffffffcb9001000000000077400200004002000040020000400200004002000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000300190010000000000000000000000000000000000000000c000737472696e6700000000000000000000000000000000000000000000000100000000626d0000000000000000000000000000bdc74c01369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa6ecab6b1d2cc05e3182f64694d7d05fb8b8c8f56627a54f905d564eeeb8334f650ca0f3c44f7fda4d20a55050342ea85ecc8838e7088de33582f36a0a375bb7008adc297a5ece1bb2df53d17bef26bb6f8000000000000f9d60000000000000000007f00000000000000000000006000484d41524b0000000000000000000000000000c5b99fe870db6f962d74c2aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ac1e0001e0000002000000000000000076657468305f746f5f6261746164760069703667726574617030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b0000000000000000000000000000000000000000000400052415445455354000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000dd892d0e68e2c0393c49763ab2c6338b7717bd28892c0356b89315469dbb82e31b1509679346bfa4288b63f10ce2bf58aee53825d380f4c49a21f6ae1e51ea5e9c92fb5a9f10b669147eb1536edbc472f156675fa7770dad294a6adb43802d5688427d44cf41dbdeb31c0bafd4936b1d0c0b1ffb67de22335e246a16f9302974935fdfc7e5ec8fc177262bab00abe3d110ba3e87beb893ddef41a67ddce10ffb9892098ed93b666ee4ed67ed"], 0x338) r5 = syz_init_net_socket$ax25(0x3, 0x3, 0xcf) ioctl(r5, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") socket$inet_tcp(0x2, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x9) ioctl$NBD_DO_IT(r3, 0xab08) 03:34:39 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = fcntl$dupfd(r3, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$VIDIOC_G_CROP(r4, 0xc014563b, &(0x7f0000000000)={0x4, {0x2, 0xfff, 0x648, 0x8c26}}) r5 = syz_open_dev$ndb(0x0, 0x0, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = socket$inet_udplite(0x2, 0x2, 0x88) r8 = fcntl$dupfd(r7, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ioctl$NBD_DO_IT(r5, 0xab08) [ 328.905470] block nbd5: shutting down sockets 03:34:40 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:40 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r1, 0x110, 0x4, &(0x7f0000000080), 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r2 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x400) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r5, 0x84, 0x8, &(0x7f0000000000)=0xfffffffa, 0x4) r6 = socket(0x27, 0x1, 0x20) ioctl$NBD_SET_SOCK(r2, 0xab00, r6) r7 = syz_open_dev$ndb(0x0, 0x0, 0x0) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) r9 = socket$inet_udplite(0x2, 0x2, 0x88) r10 = fcntl$dupfd(r9, 0x0, r8) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) ioctl$NBD_DO_IT(r7, 0xab08) 03:34:40 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287f"], 0x1}}, 0x0) 03:34:40 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287f"], 0x1}}, 0x0) 03:34:40 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:40 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:40 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) r7 = epoll_create1(0x0) ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000240)) r8 = syz_open_pts(r6, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r8, &(0x7f0000000080)) ioctl$KDSETMODE(r8, 0x4b3a, 0x0) 03:34:40 executing program 0: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:40 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e6"], 0x1}}, 0x0) 03:34:40 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e6"], 0x1}}, 0x0) [ 329.432874] block nbd5: NBD_DISCONNECT [ 329.447540] block nbd5: Send disconnect failed -32 [ 329.468787] block nbd5: shutting down sockets 03:34:40 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) r6 = syz_init_net_socket$ax25(0x3, 0x3, 0xc3) ioctl(r6, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") ioctl$sock_FIOGETOWN(r6, 0x8903, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) r7 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r7, 0x4000000000000, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x2, 0x3, 0x2d8, 0x0, 0x190, 0xcbffffff, 0x190, 0x77000000, 0x240, 0x240, 0x240, 0x240, 0x240, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x130, 0x190, 0x0, {}, [@common=@unspec=@string={{0xc0, 'string\x00'}, {0x0, 0x0, 'bm\x00', "bdc74c01369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa6ecab6b1d2cc05e3182f64694d7d05fb8b8c8f56627a54f905d564eeeb8334f650ca0f3c44f7fda4d20a55050342ea85ecc8838e7088de33582f36a0a375bb7008adc297a5ece1bb2df53d17bef26bb6f800", 0x7f}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@empty}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, 0x0, 0x0, 'veth0_to_batadv\x00', 'ip6gretap0\x00'}, 0x0, 0x70, 0xb0}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x338) getsockopt$IPT_SO_GET_INFO(r7, 0x0, 0x40, &(0x7f0000000080)={'nat\x00'}, &(0x7f0000000100)=0x54) 03:34:40 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e6"], 0x1}}, 0x0) [ 329.546723] block nbd5: NBD_DISCONNECT [ 329.552030] block nbd5: Send disconnect failed -32 [ 329.559014] xt_HMARK: hash modulus can't be zero [ 329.625683] block nbd5: shutting down sockets 03:34:41 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:41 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) 03:34:41 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e78010"], 0x1}}, 0x0) 03:34:41 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e78010"], 0x1}}, 0x0) [ 329.951126] block nbd5: NBD_DISCONNECT [ 329.955267] block nbd5: Send disconnect failed -32 [ 329.971454] block nbd5: shutting down sockets 03:34:41 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:41 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e78010"], 0x1}}, 0x0) 03:34:41 executing program 5: clone(0x20082204bfc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x400) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) fcntl$dupfd(0xffffffffffffffff, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x7) r4 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = gettid() ioprio_set$pid(0x2, r5, 0x0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0xffffffffffffff14) setuid(r7) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000140)={0x2, 0xfffffff9, {r5}, {r7}, 0x5, 0x9000}) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000180)={[], 0x5, 0x8000, 0x2, 0x5, 0xfffffffffffffffc, r8}) ioctl$NBD_DO_IT(r2, 0xab08) 03:34:41 executing program 0: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:41 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:41 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5"], 0x1}}, 0x0) 03:34:41 executing program 5: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x14c00, 0x0) ioctl$KVM_SET_FPU(r0, 0x41a0ae8d, &(0x7f0000000080)={[], 0x1, 0x0, 0x80, 0x0, 0x6, 0xd000, 0x0, [], 0x7}) exit_group(0x0) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x4, &(0x7f00000002c0)={0x7, &(0x7f0000000300)=[{0x4, 0x7f, 0x80, 0x3}, {0x2, 0x80, 0x5}, {0x7, 0x5, 0x9, 0x4}, {0xfffa, 0x72, 0x84, 0x80000000}, {0x2, 0x7, 0x20, 0x401}, {0xbbb, 0x86, 0x0, 0x5}, {0xfffa, 0x0, 0x1, 0x6ef7}]}) r1 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r2 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r1, 0xab00, r2) fremovexattr(0xffffffffffffffff, &(0x7f0000000240)=@known='trusted.overlay.metacopy\x00') r3 = gettid() r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000340)=ANY=[@ANYBLOB="0400000000000000c30b0000000000000800000000000000740100000000000005a9ca0000000000dd0200000000000000010000000000000000000000000000ef37000000000000"]) ioprio_set$pid(0x2, r3, 0x0) sched_getscheduler(r3) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = socket$inet_udplite(0x2, 0x2, 0x88) r8 = fcntl$dupfd(r7, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ioctl$NBD_DO_IT(0xffffffffffffffff, 0xab08) [ 330.341953] block nbd5: NBD_DISCONNECT [ 330.355850] block nbd5: Send disconnect failed -32 [ 330.362393] block nbd5: shutting down sockets [ 330.370320] block nbd5: shutting down sockets 03:34:41 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5"], 0x1}}, 0x0) 03:34:41 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:41 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x630401) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) 03:34:41 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5"], 0x1}}, 0x0) 03:34:42 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e"], 0x1}}, 0x0) [ 330.845570] block nbd5: shutting down sockets 03:34:42 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) 03:34:42 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e"], 0x1}}, 0x0) 03:34:42 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:42 executing program 0: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:42 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:42 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e"], 0x1}}, 0x0) 03:34:42 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000100)='NLBL_MGMT\x00') sendmsg$NLBL_MGMT_C_PROTOCOLS(r7, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x40, r8, 0x200, 0x70bd2a, 0x25dfdbfb, {}, [@NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x3}, @NLBL_MGMT_A_CV4DOI={0x8}, @NLBL_MGMT_A_DOMAIN={0x13, 0x1, '.GPL}security\'\x00'}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0xffffffffffffffff}]}, 0x40}, 0x1, 0x0, 0x0, 0x4}, 0x40000e1) r9 = socket$inet_udplite(0x2, 0x2, 0x88) r10 = fcntl$dupfd(r9, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) ioctl$VHOST_VSOCK_SET_GUEST_CID(r10, 0x4008af60, &(0x7f0000000080)={@hyper}) epoll_ctl$EPOLL_CTL_MOD(r5, 0x3, r2, &(0x7f0000000000)={0x2010}) ioctl$NBD_DO_IT(r2, 0xab08) [ 331.285658] block nbd5: NBD_DISCONNECT [ 331.289883] block nbd5: Send disconnect failed -32 [ 331.296231] block nbd5: shutting down sockets 03:34:42 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000080)={0x8, 0x6, 0x4, 0x0, 0x2, {}, {0x4, 0x1, 0x6, 0x5, 0x8, 0x3, "507dc647"}, 0x0, 0x4, @userptr=0x5, 0xe40, 0x0, 0xffffffffffffffff}) ioctl$PPPIOCSACTIVE(r1, 0x40107446, &(0x7f0000000100)={0x6, &(0x7f0000000000)=[{0xfc01, 0x8, 0x40, 0xfffffff9}, {0x7f, 0x3f, 0x7f, 0xff}, {0x20, 0x4, 0x0, 0x7}, {0x1f8, 0x0, 0xb0, 0x6}, {0x4, 0x7, 0x29, 0x81}, {0x3, 0x1, 0x5}]}) r2 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r2) r3 = syz_open_dev$ndb(0x0, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) r6 = fcntl$dupfd(r5, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$NBD_DO_IT(r3, 0xab08) [ 331.369871] block nbd5: NBD_DISCONNECT [ 331.374921] block nbd5: Send disconnect failed -32 [ 331.380721] block nbd5: shutting down sockets 03:34:42 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:42 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:42 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) r6 = fcntl$dupfd(r5, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) setsockopt$RDS_RECVERR(r6, 0x114, 0x5, &(0x7f0000000000)=0x1, 0x4) socket(0x22, 0x2, 0x7) r7 = socket$inet_udplite(0x2, 0x2, 0x88) r8 = fcntl$dupfd(r7, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) getsockopt$IP_SET_OP_GET_BYINDEX(r3, 0x1, 0x53, &(0x7f0000000080)={0x7, 0x7, 0x1}, &(0x7f00000000c0)=0x28) [ 331.696048] block nbd5: NBD_DISCONNECT [ 331.713406] block nbd5: Send disconnect failed -32 [ 331.732785] block nbd5: shutting down sockets 03:34:42 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x16, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)=0x0) timer_settime(r4, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) timer_delete(r4) r5 = socket$inet_udplite(0x2, 0x2, 0x88) r6 = fcntl$dupfd(r5, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) 03:34:43 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$DRM_IOCTL_WAIT_VBLANK(r5, 0xc018643a, &(0x7f0000000180)={0x4000000, 0xfffffeff, 0x20}) ioctl$VIDIOC_G_EXT_CTRLS(r5, 0xc0205647, &(0x7f0000000080)={0xfffffff, 0x1, 0xffffffff, r1, 0x0, &(0x7f0000000000)={0x9909d6, 0x8, [], @value=0x6}}) socket$inet_smc(0x2b, 0x1, 0x0) r7 = open(&(0x7f00000000c0)='./file0\x00', 0x2000, 0x1e5) ioctl$VIDIOC_QBUF(r6, 0xc058560f, &(0x7f0000000100)={0x9, 0x9, 0x4, 0x80000000, 0x4, {0x77359400}, {0x4, 0x8, 0xc2, 0x87, 0x5, 0x7, "489ca70b"}, 0x6, 0x2, @fd=r7, 0xfff, 0x0, r5}) ioctl$RTC_EPOCH_SET(r6, 0x4008700e, 0x2) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) r8 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/checkreqprot\x00', 0x8000, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r8, &(0x7f0000000200)={0x1, 0x8}, 0x2) [ 331.837010] block nbd5: NBD_DISCONNECT [ 331.846047] block nbd5: Send disconnect failed -32 [ 331.852978] block nbd5: shutting down sockets 03:34:43 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 331.913251] block nbd5: NBD_DISCONNECT [ 331.917535] block nbd5: Send disconnect failed -32 [ 331.933775] block nbd5: shutting down sockets 03:34:43 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:43 executing program 0: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:43 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) syz_open_dev$ndb(0x0, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = fcntl$dupfd(r3, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$NBD_DO_IT(r0, 0xab08) 03:34:43 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:43 executing program 5: clone(0x870b1c00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x401) ioctl$NBD_DO_IT(r2, 0xab08) [ 332.136887] block nbd5: NBD_DISCONNECT [ 332.142426] block nbd5: Send disconnect failed -32 [ 332.148057] block nbd5: shutting down sockets 03:34:43 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) getsockopt$CAN_RAW_JOIN_FILTERS(r5, 0x65, 0x6, &(0x7f0000000000), &(0x7f0000000080)=0x4) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = socket$inet_udplite(0x2, 0x2, 0x88) r8 = fcntl$dupfd(r7, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) [ 332.286617] block nbd5: NBD_DISCONNECT [ 332.291028] block nbd5: Send disconnect failed -32 [ 332.296693] block nbd5: shutting down sockets 03:34:43 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) [ 332.426238] block nbd5: NBD_DISCONNECT [ 332.438559] block nbd5: Send disconnect failed -32 [ 332.444669] block nbd5: shutting down sockets 03:34:43 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:43 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x448000) socket(0x2, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$NBD_SET_SOCK(r0, 0xab00, 0xffffffffffffffff) r1 = syz_open_dev$ndb(0x0, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = add_key(&(0x7f0000000200)='user\x00', &(0x7f0000000240)={'syz', 0x0}, &(0x7f00000002c0)="f6", 0x1, 0xfffffffffffffffe) keyctl$revoke(0x3, r4) r5 = add_key(&(0x7f0000000200)='user\x00', &(0x7f0000000240)={'syz', 0x0}, &(0x7f00000002c0)="f6", 0x1, 0xfffffffffffffffe) keyctl$revoke(0x3, r5) r6 = add_key$user(&(0x7f00000001c0)='user\x00', &(0x7f0000000200)={'syz', 0x2}, &(0x7f0000000240)="6c6b25fd8b2fabab01f9d569e023753e9c06c65b89d4547157ee33675061d1d778233b4895c286a716d6bf0fa296f7ef578a71e8fc646f420a7706f261fbd664a50d575826601f81349aa6e00be1d7ccfa8271d7558299afc7351c66957d0402a7186381bf6a987f560fef6dc75b643583e5c1dbcf849bd58063c1aec96ab4d37bfe4cdf89ec776649eb2394d3530994fb731d60b5deb35d587457bad412", 0x9e, r5) keyctl$instantiate_iov(0x14, r4, &(0x7f0000000180)=[{&(0x7f0000000080)="b425073b12524abab554d7acc4bc39", 0xf}, {&(0x7f00000000c0)="90060562331cd5ddb8705748d2e0f0db64049b314350ecfeaf1e75bc64fab6cd047b82ecc05b1a17371557e5d9ed4b0a1a491e49c4139822df019c6160c4cd495c40544bbae49e063f8b16e84cc86adfc1395589b5218105b171fd3a56c44cf049dd837249b35a57be24c3b86c1962f6f352e03f859d09513423eaa6b334c921f4558cfdf740861a23eef7ac5c4589e4859d2703aa6836129d5af3228a2cd5e42efba2750cd3161221dfd41b3ffae81e617720", 0xb3}], 0x2, r6) r7 = fcntl$dupfd(r3, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$NBD_DO_IT(r1, 0xab08) [ 332.659265] block nbd5: NBD_DISCONNECT 03:34:43 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) write$nbd(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="674566988a8d690b797301e6a0d35e088b2a13cba2de9ae6fdfaac17284f839a0273c805e0f0e409be6de58b96184d97f09aa3655b981c6fb4"], 0x23) syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) socket(0x2, 0x1, 0x0) r2 = syz_open_dev$ndb(0x0, 0x0, 0x34440) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) 03:34:43 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) ioctl$LOOP_SET_DIRECT_IO(0xffffffffffffffff, 0x4c08, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) 03:34:44 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:44 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 332.877994] block nbd5: NBD_DISCONNECT [ 332.904122] block nbd5: Send disconnect failed -32 [ 332.920404] block nbd5: shutting down sockets 03:34:44 executing program 0: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:44 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:44 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) ioctl(r6, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") r7 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000001ec0)='/dev/cachefiles\x00', 0x200000, 0x0) r8 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000001fc0)=ANY=[@ANYBLOB="72617700000000000000000000000000000000000000000000000000000000000200000003000000d80200000000000090010000ffffffcb9001000000000077400200004002000040020000400200004002000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000300190010000000000000000000000000000000000000000c000737472696e6700000000000000000000000000000000000000000000000100000000626d0000000000000000000000000000bdc74c01369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa6ecab6b1d2cc05e3182f64694d7d05fb8b8c8f56627a54f905d564eeeb8334f650ca0f3c44f7fda4d20a55050342ea85ecc8838e7088de33582f36a0a375bb7008adc297a5ece1bb2df53d17bef26bb6f800000000000000000000000000000000007f00000000000000000000006000484d41524b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ac1e0001e0000002000000000000000076657468305f746f5f6261746164760069703667726574617030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b0000000000000000000000000000000000000000000400052415445455354000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff000000003e1f3fb9cbe196f087473574ebb6254365129eec3cb39b959cc3862ee19bd038d6b73d45c3109314035f2085a60448a052e1c6a610746e012cfa53151e27497690fa7e6b09759a741c45c5cfb8854987d29f7e0a05e40b1f17681a53cbf96c38582264a7d35b268e334f095852c4ff515f28b5d6fc49c7c044c2babdb48888705d38e79819ba07e633ce125ee1020184a302bcb659c7099cad9953c46e7184a8ff8484b3a916279db9218135a3116810bcd6aea39539"], 0x338) r9 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r9, 0x4000000000000, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x2, 0x3, 0x2d8, 0x0, 0x190, 0xcbffffff, 0x190, 0x77000000, 0x240, 0x240, 0x240, 0x240, 0x240, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x130, 0x190, 0x0, {}, [@common=@unspec=@string={{0xc0, 'string\x00'}, {0x0, 0x0, 'bm\x00', "bdc74c01369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa6ecab6b1d2cc05e3182f64694d7d05fb8b8c8f56627a54f905d564eeeb8334f650ca0f3c44f7fda4d20a55050342ea85ecc8838e7088de33582f36a0a375bb7008adc297a5ece1bb2df53d17bef26bb6f800", 0x7f}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@empty}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, 0x0, 0x0, 'veth0_to_batadv\x00', 'ip6gretap0\x00'}, 0x0, 0x70, 0xb0}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x338) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001f80)={&(0x7f0000000000)=@proc={0x10, 0x0, 0x25dfdbfe, 0x4000000}, 0xc, &(0x7f0000001e40)=[{&(0x7f0000000140)={0x1404, 0x3f, 0x10, 0x70bd25, 0x25dfdbfe, "", [@nested={0x4, 0x6}, @generic="46d5d88c1b27f62b1403b733bab911605d476435c9e89dea6f935f2211f87bea0dfccea53cf06c7af93005e0c55bfffd7fff0ba721b5189cb523b592aa30f505ab106efee2081af77594e520e571a3caff32a489f8d445efe9d667b74994eaf5ae15709cf4d94980be10436ad41cef3a7fae6a46a025d8f233a4c3178b38378e0cdcb64c17e89b382aebf2a59b93a4fcbdb0d20e49db0c90daaf72b7ff9fa29c45d50921f9b258f2ba6f3b37c60a301aab8ef62ae5b82d2354382ab2fc31546e83faa75b3e02758f61", @typed={0x8, 0x2f, 0x0, 0x0, @uid}, @nested={0x45, 0x75, 0x0, 0x1, [@generic="745b261520d64dfc61348494352bbb9b7cf43aa70c2bd91cea65ba90e1d0e565952591ab2b6918cb03c05a933685250772320566387d9ee491ee7bd2fc4dcc4975"]}, @nested={0x1067, 0x96, 0x0, 0x1, [@typed={0x8, 0x4e, 0x0, 0x0, @ipv4=@rand_addr=0x9}, @typed={0x5, 0x1d, 0x0, 0x0, @str='\x00'}, @generic="112a6aabe0f766e738dc84646aa49684566ec910a9fd787e3ef70a1c6630376bdeafdbbe2f6f55b8810a4a38180340da81f814ac32761db967085bda892ffbf12331194604c869bcb12019", @typed={0x8, 0x27, 0x0, 0x0, @uid}, @generic="9c7ef986fb60e1d43510217108268db86332ee1307d2829c297cfcb1eb27cece3af12c0800878c55138545905f218e86497e3d9e36895f4fa8a5354dc83cdf3ce64e8e3a12b96736175aa5b10eae824a664021e890bb86bb6a935e195bd91de3f0103641b5084eb529f22df1e499da7d036409ff3bac878dda77f4ef254a6f9a1975687b690be2df39f7084f77606f921b1540386cdb3d520b94c12456bf7260b398447e8843db04532b516f292565e995f2cf1ac6128b7d773827016e7610ed810920357ba581050a88df702349ff7affdabc684dfa398a740664702f185a3b8a42472e170f98e4a42139db4d10c0cf3bddffd53b54f18ec514411c1673e17a066060ecfe4f8b0bc730f722bd0b1ce8214a10154f9de21251af2e5d6466373f8219e1e34527a5791e5f70326149b5b712949d14c5b6eaa6a03fe4c86c1ef6e34496d6df1ba051bb3380cf8ba1989c526813bc3750d17747bec9ca82411f596431a8a8a013394a0df25c798f961e2df293588ed44d1b6f8587be9078aa94ee118f74e93b50092d980bef9938a60e119d96acab1119eba765f3a0b1107233308873dafa970472d1bb7e53ab8853aa5c68e7f8b84a4ecba543ebdfeb686584691a6be072a6bb5e56547b303f8bdf3811379fe3f241e831dc9df190dadf9e6c912f901a55aa107691e683e5a3f5a4797b6e928997a18c1aa161ea07525ef5b08632d3cf7b775e8c10abb3623f59a1d20ba57f24ba3d445e9f6bf64a265b6bede0efcbb81efaeeac0a0aa29448cf24ce225d57b3c611cc9df0ebef8342c62f6e11d01c47a356f6bc1e270a84258b114b8745bba0ca376910d09d0ce3eebf658c0138d06299b89831a6ac57e03bd3a9cfd7bc971fbcaf7296d6748aee0d64b765ed67e3c0618e5cda70820bcc4ff09a381a388fcd1320c5b058d63e403d6174854bf7eb24e6bdca8121bebf9852bfbef47d96c994c28a528b2d3c4fdd6c0662708e4c791d396e539c81cf3519d1d0013f026c7e74dfae5342ec31cc701f65d64ed32bac075f5b4dcb111694f9df513f0effad44d053c2854ec89d7a4509fab517da2e06d6071fe4681ef58d3b767b835a9a1b25a3e94189ea0a88e3db63adcfb1bf8dafa05936e2c564a9f3d5bb49a56a67dfca88216bf527367e11070477e77f09ac9f9ee2de206481940c285f8fd7ef3d4dad1c1cdeaae84ae33c4ba03cfef2c58da51b8cc986f41c98cd0305accb82752382e177e9567a43f75c863e9f3ae10e59d6780202d71710f4d3fa206eae6d1cfffc80d42645478011c1ef95bb0f901c5ece66ac2fc0166b8c560ecbdefa10d7b30aa85c368e42c9e0878a1b94de1859ae3e7134d6c39d981f98c86c03258f6222a508f1878ac221088dc6927b64f05191e168af30b781dbf72165a8c673e8ec6ad758197947f43004b7450951846f9672883e685734570a47f026ce5ca51280c127bf2155eb89ac0ad578a3dc00ed7405fc974aa59fe03e86b8236743e6e1e95e70a1e24268bf62563aceb55ab6379af7fa203232e2870dba63b4fca9f163ed9b35363f6ff9c1c66c9c5e8654405d22111c28937b6bbb93fe457ba4420e0a9845b16058d127266012e2f45f7099ac7140dca0db65956085e68ba555636d5c3e650d9d89cf9fc703ff7715c150dcbf3d39479fd6cbe2646e8b95e77aa60796d6d7ff999d163f91b3786f45ce316bfb49a816a461f56834ef20c1c35dc563b6d5f0cefb21a76c9911220ea52c246813f746e207964e61fa442cd5dcb72cb47e29e05ff58874e00f5719375ec61d4bbee0d78ebd16e4fa68b3ef9d0905c84602065f064bc9bbe262935a245d2d30cc345ff9df602d75f26d59e224a649a51c025af379db469de88b120bf6d8883e92b90c9566cffc2f0d79d5f64f191ff568b5e5dfc84ee2b881aa2488ff6dafb2c0cc91f4723d5624d717b753a713da0aafda7847b4066a1c65754376d9a92974f3cd9747e50b973b968cd054e89e3d05db018b3cc8fe0cd18dccdf96ed901d3de37709de04f07ca934215c0f27d7a599401a0deb55637e81b32d47abd736237999cc247cf38c62240b5b29807c75f199b3e01fcb898e8db770ac2c4ba7006298a67210ab69d0fdf8be7c8ee51d2f14db918512f4c7b72ddc95e20b061c6a98c6bdd0ddf7470b24498a4c9bae28033cc12d2372eb7febf4a526c3493a7ab99ee4e09fb044d13b218d587a822c23916053c02f560402d0e8b7371375e6a8b622ad966d943b5b280cfd1ec48333709f9efc267e23e3ed804844233e7e8c3c596ba465ff276d1e30a5170f8cf215aececa54c4418eb8b4949342ae83218ccc4befdbf723df75dffeac0afda3fbfc9940ed0f55dc2c08e8c74dfffaf8e20a229ef9f43c75f9865cfa30ee589b86434bea3a0fa1d1133f14435f756bfa8ef86eae2be6f6622c2a14e9dee93d462b8d267c7832843111d6dd4b5d8a4a6b6e0c74dbe68b452520fb6c65f42318f592b7f0fd64d0f4e5d81d48f3a09dc0c27c05fbdf7ff19bcfbf5a949e821040046da1ee96119f5d93a8dd91e52263da3dc40bf3f634a8bc77cb898fe0e15cda15e40bfed87e019ab6907e40f2e28e276a9d90d150b6c966b875390b981f4ab27c404ac25fe3d72cbf4ef331e49ded0d75ddba9137bceabb0655b2a1046443add62e1c964122b2a66b5e2eb8e7eb877aa3e61672dcfe9688243b6d19e20985af0765453315f00bdd51175951259c95960faff1d4227e7fc9627293d8e5f65b78cfef3224419361a92155c1d43eb3b2997d2386b0fa9dfadb32c6857c6b68378c234e350c49b8dbc06faae1307e06445e80bd05374ff06c001c79f7e27487f4161abf57aab2e1c18dd161e9f9793681eff78c80470e3b4747fdc3dc0ec49cd4bf1cd1a3dda078bf0ca8ba14bd121f363d88af45d81110ab6c81109b6af3092dbf03be4181e48fe788db4255171d98510806618b0c60702573aa61fa4f3deba10ab54fbbbfe52b484f79ac3df13975b42cbe825cb55b25a0a80ab795ff552d2839a82305bdcef8ea0d2ef1d59e95a98a06f611a8d53425035257b0306ada754402fdcf09a8d32fbfc6df293d3e029a419924ed0efc56c38679728d72825d22ba5919422091721ea5fded45601320291a99f75c2c8b8fe6f861d18f73f27a56c33e8b92d2547a4e613c6aeb7a1910ad16bbaeb01b80fb24afffa0e48ae0dd8803e85a7d5745245f46492d2462be307381edf925e2f5a3a61e378658bde429678f1c763ad76a811ddc185b3cd8206e3a08cf4d15405109866e2238d2cefe9cfc5c7c6916d5c1514494dd7e58ede6c87e53982e0f321d6770d50da9d7afbb0b40b0479bbd52887031650a4bc8aaedf0daab6386bb4a9a3fd7c6170ed340db7449b5b99a6070f3c6fa833450e8487a21b90866feb416fcf276b561d9b781b67ff283a0eb020f805436c0b9e2d6f0224c689daea08da15a5e9c95773c1934d65d4c4cbdd96fb06edf2eef46c766be571f4a2f3036d3d4574d5cdaab52a0e7647863d6f1c713f36eae418c63bf00485bdd02d06625a205ae5311d78677d7055c23955d1d21f4e4317107020016f935af7c721f12974c5179c4a428a8bcc0fc47b58bec51dd2b492488054f408c482dfc97dc010c40fcebd2077cf80edfe0b94388a5c62b1e8221890ae447decc19034d04e05bdd3a6e4d25b1be44b156753a616ebc956e5886bae5fe28fda76e92d028f28d2fa7d31b0560c3b77962cd28d76f8ac49ac7352a98eb12ffe36ed2229153faaa873d68df38820471670444eb523c834e790c243f35fb8cdaff91a42fcf9e4ed1fa8901760e70f179a96b1adc252e0dee7352fd5b4d8785a6eb0e23790a6e4b12790b4036240b947fd7fafd5d6613854884d8543c91a250376a089d283e7d0e026acd0370e82894b194e413f06a22d02104cd362f4bd8de12d8b6afb41508f6642e820a2ff03af4f780748e897c93d237cb3855b7ddc49869a115ee1cd41d71cf25e3ae09b7d90a816621cfff3aa7525a1b8d9e1351662169b862fa59fac9f19e6174db39031dadb9e3e8c256fae0d608c8b55a91b47284f80771d5b8346ad5efa98e933a7b5e8b1c6083ff2c77fa9081aaa5e2ab86877d9fd0d49fa54845a99294e7dd757ca17181211b41a1202d4f5727f0543ea08ac6984ee55d32d21abbd7e7a71c575d9d6c61e7a86853eadbdeff18954754ff7fa25684f533c5ca1608b951fa0e48f58d5e4bbef9e164557eb800cb136cb12aeb0617b427e246d887cd8dae838d6b398419069943c01edebe6f91a355d012f13d5e546a76ba0413b68a6dd0a45bd889a975738a14cfe48a7354432108f1bb9dd069e43e48db4ce09bdd0267020c290f2a217215f4b5d5814c8148c0edf6a177651b97e42621175a17a923c14030a4c2a577f8ef2f3a00b51d5f4ebb8269bf6a7424afbaf9e1f8067653f51a6001ac0b7916aca0c432d200e9f6c14086badc5e0464db5deccb2c280fd6928deaa2cd7e8d0476aeafb559e9d1eb70beb26afffe8685b95fee3545ee250eaa35615fa16352480b4aa55b979440d750453f2ed63c5bc66908553b397cdd680ea7ecb14db4c2371bb9511d0a3454daa2808624a633088c41ba901c72b74f283f3e33f3a5342e5d6d1bf81334835cd64699d3c2c366c55e18983d738fbd2d8f6a1ba5ccdf83e2b707bf8553e03220a4fdc0cd00a95f0e506082ad8eda52d585ce4f613f16c6315040de3ba5416065e461dbbb3f9ecc5f628b7ab21cf4528f4fec16c45edfc90c17af7bf8168b392b39aef1f8707b7da0b750af9fe45008ac818ed0c6b159fa5f6ca52448825e8bd9ad1e2e7017de70a4e2b8c28ee006f072b91ba4ee9071b56985cafc2cec05d47b69f1202cfef4339ff7bcd8a909af22da6f4ce49aec6d1cab4069a122442f26c52dd7608ff31314e74a507c205d8f02693080dfd87aa935c87826ec0881b2330d5e13b4899737d4316208f059f76650dee76f8a5efba148a589ad5dfc313da006a74f309371942ffbc7ac53792be54f3e33beeeb62a2060d22645c101915d6a9b2ca70063f9cb5e26393bfdf34a1df63bdaf6f8ce15f536bd5a0e5a6312e3580ad651e2bb136901cd480468c1827ec92df392e469267822e566fbcf3bd1fbb2c221f342e6d64f1d2760812635fc2942c49909524dd0f925f21441657f836ec35defa396c2814f296443aaeeff9563fa68db15213a9926099117f8ac7864625372ba7a099b9008d7d0006af11e44471d7d9e2b3250d0c09aab98e7ec12a9bfcc82292bce4d5a56e2415bfb62831a4ba679bb4837613bff8c2b94ea14aef25e79f82a700799b5d9ae99a3d513b834aac10aa0ebfd575716c5d8a711b8a5b2e0373b4ea521f45df928ce5ee99b92412062afb1dcb18f35d5e677061151ae10bf26268e79fd1c8c677b273c2f9bfc3a0e3ad3aad493b1b1ad8e9541f38d1afd7f72d1de5a7c1c7549fdc3ff159e76d6c93381491584d56047975e3b64fd7bf505da9f748d65a72c8d3d80fefe3942ca8e29412c3d980ec55a32d42f1f0779162f4ae7c25ad753f72f08755296eff359d544492b3e05d5d8488079a422e69340f5c8decab7d161d866866b1d92abc86cb6f1a35ed03e677b5914ee807c6308aa7e73572b9023a2cc4d6051fc4786d063b16b4e10f9f280a755b54ee77f44e5e1a5245398e9b84e40aca36fe35779f5b5e3d03314cf5f970b6b423463a002ffbe08252bfbc018fc4c8bb5bc9580bac155d5bba78833400d6179a56937000be0c267e5"]}, @typed={0x8, 0x5b, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x33}}, @generic="28371daf6d1b99e65e5d2be885dff19d324c84814e5d594068b878bebeee87705c11cfb377d0dbd079a8f66a8f425e0a8edd286145430d5d624390c78d6064c6c000cba0352a56e92ca091da24", @nested={0x138, 0x49, 0x0, 0x1, [@generic="ed482ded6383adfa02d7b1e01b9a0df9183fd916c97d0ce368120a23bc70af20f8d9fa4cec67eccd", @generic="781396a0b715b698817470a6b16032ed420c617eddf39cf13f749361c709", @typed={0xc, 0x75, 0x0, 0x0, @u64=0x100000001}, @typed={0x41, 0x12, 0x0, 0x0, @binary="ba678fcfdd5708558bae1d6befa0e33c429f55bf4647dc86c4562e10e8bce6374da3829363802257e4d256819a6444bb01649a83252b69e0a0d8be73a8"}, @typed={0x5, 0x25, 0x0, 0x0, @str='\x00'}, @typed={0x14, 0x5a, 0x0, 0x0, @str='&-vboxnet0-em0:\x00'}, @generic="09ddcb5107496f5c3deee7876bd1865b7fcff743b59c9361bc3ad9db09d42a7dde513f69b9c25e9c4810d109de487f5bd79e3646f0ec782123d1cb0b322a311fe35a60d638512d7b87d96deca99749d5574d85177b4beba02f970bed60a5502eaf7c70e96cb1947720c88f7dd5056738d1d422a466920b835520df84703a99f67c93"]}, @generic="69c0cf11b9d9b73a1bfbb9fbb45a4c13583b9449acb35cec85e749b4d1bcbe025d69c5ba33b15479d1dc361d3733952a53f615eb7067dec5d728f01a93a281a98065cb50bc7989910cb454479e58a895d1e707deec20232646127393a9bf74cc609f75ed9c737c9de10240f76af407bc172dd5215f11df3f70be90184fc44d7becb2b9d5a7ad942426ab278982cfcca00c7c0210de123fd9d44691273702c5cb7e6ca8f574f03388a9c6d71f5a57f5ab21c95f2f631eb038d3955c24cd614989f1d7489ce603a4da154deaa33443e00ba3e91eb0f907fa8c651fdbe67c410b"]}, 0x1404}, {&(0x7f00000015c0)={0x2f4, 0x3d, 0x200, 0x70bd2b, 0x25dfdbff, "", [@typed={0x14, 0x89, 0x0, 0x0, @ipv6=@ipv4={[], [], @multicast1}}, @typed={0x9, 0x33, 0x0, 0x0, @str='eth1\x00'}, @nested={0x1c8, 0x36, 0x0, 0x1, [@generic="13023c7fcb29416270638f5707c69430326d6dcd7692cb945c33931d2446610e9a39a7faaa138c780083c941da502633ade482fd910106e7787328f05d699a3e8e16e6f5afd649143313a77bfbb1f3a28c869de8", @generic="769b20974f2c05326860dad5024b", @typed={0x8, 0x5e, 0x0, 0x0, @pid}, @generic="6b9cef2334c174ee15f82f264850db47219013beb1d7fa63b7d830368c0849455bc02af4b4282cec8f71455aab000b10fc29a485f71c856e43171329238f19f0059cd5fa7d3147cea0380a3a97a13ad099d4a656eb8c6490b5018d466e8ba444945454121c642112a5407d1da3e1257e0a8bdb8f695dd160813cf30769f9b94bc4ac78698d27", @generic="a80810b9c5d16fa7b95de5e83a59384b4fad058a40c7ce4a7803270979de942f5266612b3ce3934f2e2e51e608e59e41d3082019429af4cac7c0643206f43fcd22bccd9bab96fc04964a5de0dd3d67cbb594593d5e7194b1daa9e50dd341fe856766ab7ab9556bec794435f7ec0f8ba09ae5d1f58a1e55e8e95a786da7cdea5b25483b4f41cec3658bcf3ab7e58e244c33101692d74a8261a4568a1334cce1c304c9a644658091913eec4e21e9ab73d3be19005e90f7e267d8027f81dc0461e2976e8eb44854d1ec2a30dbce", @typed={0x8, 0x66, 0x0, 0x0, @u32=0x4}]}, @typed={0x8, 0x58, 0x0, 0x0, @fd=r1}, @typed={0xf3, 0x25, 0x0, 0x0, @binary="1aefba1bf60e701a2599e47a2d6e4443f139e23f33789fed2fb2543226e1161391a28a31255f35ceb20ae8aecc9a77607c5558dcda207747598aacbdca973ac7be6ba24c9838a365460bd11210330383d4f2418ae541703fc7321598b6e29dee59b41c805a5733618f912782d2674919def86535b474d60a1e8f84c83df818f710bf3b0adacf9a53b9c5c30f9f83446bece3200e733d7eb92ad1b22192deb118f18f386ad8f157000b0e07b0a0c1987e70203348cc8ee4bbd9d2aa1b94299685c895a0aec271b4e2a2b17cbdb5f979650bad4a633363ba98210f6c0fcfc06ddb4e649c427d778840f54162cf60d3d5"}]}, 0x2f4}, {&(0x7f0000001900)={0x40c, 0x35, 0x300, 0x70bd25, 0x25dfdbfc, "", [@typed={0x8, 0x28, 0x0, 0x0, @fd}, @nested={0xbd, 0xe, 0x0, 0x1, [@typed={0x8, 0x91, 0x0, 0x0, @fd}, @generic="eb91454079d6ee03c16f983b27da14d90122b9faae658f976d9a89549cee32c346bdcb5e981cf7c37f50c6662925f16ab910206380b85f665db975ae1cfe428bf9e6d4792197bd4b62220815e63d91c0a59d9c3a57db83d80c0ab9b60118c68488d95c140b1c693d1c55a3c6dd6eaa5432e3a6a4861fd0f1cfb34ef1a269", @generic="2486b95a30e64350296c9fa0392c1106eef6ffbddeab300ea4f754ffa21cb9ab19cb6116264498f69529e42b1efc079444c9be"]}, @nested={0x329, 0x35, 0x0, 0x1, [@generic="4d1165b156da3040b22bd28c249820701a8210d4715545e0a8fe628b4c27e0d97404fd6f2f3c31d224d6e6f6a1fdcc8809b861c002bc9e6255672f4ce00b34b6154aa823e39f4ee351770d89c0ad800593793adff9338d45216f38e4e4be16ceb1d7275f6daa7bf0556a9dc59bcbd3ad239765ad095992bc0e1489b3b7c3784df49fef872125418aa9619cc8ee32166b95be63503e6e805db822b705c6b5b7d093fdefd0074dfd9a157512be757a2e6842ccfbe63a049e77207f3a1ff248b5a03ddc0839d2114926f87c8fa141b80f2d48938e945a26", @typed={0xc, 0x8d, 0x0, 0x0, @u64=0x7}, @generic="7f71fa4502b3009d08abfa28698b0552d2afb21642dbe8137f144a137728c517207050b0211c9c29e08936e7b60f99c8955e28f6f73a36e859ff4d9523524344262f5a2ca4a64ba90f7e4b302a8013d0ede11da5eb1f03cd46630f214165a4e3c8f172b57de34c270d9c9c69be3c37dcd7a84ccd73d0a301daf2a6c35ffa9faf3d6f64bbf05b43188773a401aed3dc62fdee9d73303b43471ba230b5a7faf2f4ea0a590b3906568a64492ba7e5af3876a9c48e1d46dac35bab0e955154ffde1998e0fdcb", @typed={0x8, 0x40, 0x0, 0x0, @pid}, @typed={0x4, 0x5e}, @generic="9f30cabed4147ad22c3a9fe4a6692a4ce0bc48332f8ce98f3be6d0119f8c54f4af74a9637a8189c1ca8a8d5db113c8636686e0a818af1d5c6a75be8fb805341b0447dc1408c3da991c544022e23aba1c2b0739066735985407fd282ce717ddf8c632f73b9825d177", @generic="160a26a48fc921153cb518001aad7f64cd8c8b2c0b3b1c34c8ae354aa55e98ba9938724ef343ee7cea08a93570669441bd84ebc61719a4da47ad9ffab0e3d034b81d84e2d33ee0a50138e3e43f71fcc34d007d623371465d485c1a573a176ebc6bd40d6d0e4734938aeeb74d4ecac7df57d5e6ee8e85e145ff88d1c4e18af5958848f2a2d029e2643df08b76ff1054695b912c87f14c3c76637967fd5cef02f94c75f245b58ee1bb742071dd690443a635a30aba68ba611a0056e692af44f3", @typed={0xc, 0x3a, 0x0, 0x0, @u64=0x8000}, @typed={0x2c, 0x51, 0x0, 0x0, @binary="53cf10a42015fc6bc03e062c4e6dd49098641b512c8288b571cf15435621dfb266b0d9877c625ea5"}, @typed={0x14, 0x5e, 0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, [], 0x0, 0x0}}]}, @typed={0x8, 0x17, 0x0, 0x0, @uid}]}, 0x40c}, {&(0x7f0000001d40)={0xc4, 0x36, 0x100, 0x70bd26, 0x25dfdbfe, "", [@generic="264a4d43e84c988dff227d60d6635ca4bc2f136676216fd8f347619ce55c38eee504d66df1d36db3a15a984aaee8f5c4f9da4d4990e41f08fc872d728c9283e71852253b85c70729bd648fe55cc8b3801d9598df717e8b83968e622e7e83349eb00df3e1a19aac778a56a587f7b12006a2fb34bed97b45a3ce5ad7", @nested={0xc, 0x1b, 0x0, 0x1, [@typed={0x8, 0x48, 0x0, 0x0, @uid}]}, @nested={0x2c, 0x4f, 0x0, 0x1, [@typed={0x8, 0x26, 0x0, 0x0, @pid}, @typed={0x8, 0x8d, 0x0, 0x0, @u32=0x4}, @typed={0x4, 0x73}, @typed={0x8, 0x91, 0x0, 0x0, @ipv4=@multicast1}, @typed={0xc, 0x8a, 0x0, 0x0, @u64=0xb3f6}]}]}, 0xc4}], 0x4, &(0x7f0000001f00)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r2]}}, @rights={{0x28, 0x1, 0x1, [r4, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r5, r6]}}, @rights={{0x20, 0x1, 0x1, [r7, r8, 0xffffffffffffffff, r9]}}], 0x60, 0x24048800}, 0x80c0) ioctl$NBD_DO_IT(r2, 0xab08) [ 333.140298] xt_HMARK: hash modulus can't be zero [ 333.146478] block nbd5: NBD_DISCONNECT [ 333.151127] block nbd5: Send disconnect failed -32 [ 333.156679] block nbd5: shutting down sockets 03:34:44 executing program 5: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2b, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) mq_notify(0xffffffffffffffff, &(0x7f0000000380)) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0xc) fchown(0xffffffffffffffff, r6, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000000080)=0xc) setfsgid(r8) fchown(0xffffffffffffffff, r6, r8) write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0xa0, 0x0, 0x5, {{0x0, 0x0, 0x4, 0x0, 0x9, 0x9, {0x6, 0x2, 0x773, 0x7, 0x9, 0xe120, 0x20, 0x81, 0x2, 0x6, 0x1, 0x0, r8, 0x80000000, 0x9}}, {0x0, 0x10}}}, 0xa0) r9 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) 03:34:44 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$SIOCX25SCALLUSERDATA(r1, 0x89e5, &(0x7f0000000080)={0x17, "5633cf9947a8d66f88f4a4d327318e5986f0ba1e3760e8b4137423c16afbf96b8eaa83cc2f514e7f3ca6ba5f7bfab53f3e57eeb1a0a5da9c5d1cb81146bc59d7e02e3dd9412f9aa726273b6c889ec514cb5fa1a49bca51a0017a7cb0b4d2f0e4f3dfdbb91c4e81285f0120effbdffd636e6a1650cec9348ac20cfe025802c072"}) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) 03:34:44 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) r6 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ocfs2_control\x00', 0x2041, 0x0) accept4$nfc_llcp(r6, 0x0, &(0x7f0000000080), 0x180800) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) 03:34:44 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:44 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) r6 = fcntl$dupfd(r5, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) getpeername$netlink(r6, &(0x7f0000000000), &(0x7f0000000100)=0xc) r7 = socket$inet_udplite(0x2, 0x2, 0x88) r8 = fcntl$dupfd(r7, 0x605, r3) ioctl$VIDIOC_G_MODULATOR(r8, 0xc0445636, &(0x7f0000000080)={0x5e, "f2bd66cddf6822374d33e33762fcee89af75422e69471e0f64f471cd89bc4883", 0x20, 0x7, 0x80000000, 0x4, 0x3}) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x2, 0x3, 0x2d8, 0x0, 0x190, 0xcbffffff, 0x190, 0x77000000, 0x240, 0x240, 0x240, 0x240, 0x240, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x130, 0x190, 0x0, {}, [@common=@unspec=@string={{0xc0, 'string\x00'}, {0x0, 0x0, 'bm\x00', "bdc74c01369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa6ecab6b1d2cc05e3182f64694d7d05fb8b8c8f56627a54f905d564eeeb8334f650ca0f3c44f7fda4d20a55050342ea85ecc8838e7088de33582f36a0a375bb7008adc297a5ece1bb2df53d17bef26bb6f800", 0x7f}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@empty}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, 0x0, 0x0, 'veth0_to_batadv\x00', 'ip6gretap0\x00'}, 0x0, 0x70, 0xb0}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x338) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000180)={0x0, @remote, @multicast1}, &(0x7f00000001c0)=0xc) sendmsg$nl_route_sched(r6, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000380)={&(0x7f0000000200)=ANY=[@ANYBLOB="440100002400000425bd7000fcdbdf2500000000", @ANYRES32=r9, @ANYBLOB="04000000f3ff050010000900ec0008801c0001000306090000000000000000000200000000100000040000000c00d5bfac043f00050070081c00010068a44000feffffff02000000000800000300000002000000080002000000f1001c00010000ee09000002000002000000f8ffffff000000000200000008000200ff00fffe1c0001000304691407000000010000000400000005000000030000000a00020008000001040000001c000100008177050000000003000000ffff000007000000060000001000020003000700ff000200000005001c00010002c002003803000002000000010400000004000002000000080002000020020014000100706669666f5f686561645f64726f700008000200a3000000060005002000000008000d000700000008000e0003000000"], 0x144}, 0x1, 0x0, 0x0, 0x1}, 0x20000080) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) [ 333.389722] block nbd1: NBD_DISCONNECT [ 333.399955] block nbd1: Send disconnect failed -32 [ 333.414797] block nbd1: shutting down sockets 03:34:44 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$SIOCX25SCALLUSERDATA(r1, 0x89e5, &(0x7f0000000080)={0x17, "5633cf9947a8d66f88f4a4d327318e5986f0ba1e3760e8b4137423c16afbf96b8eaa83cc2f514e7f3ca6ba5f7bfab53f3e57eeb1a0a5da9c5d1cb81146bc59d7e02e3dd9412f9aa726273b6c889ec514cb5fa1a49bca51a0017a7cb0b4d2f0e4f3dfdbb91c4e81285f0120effbdffd636e6a1650cec9348ac20cfe025802c072"}) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) [ 333.535597] block nbd5: NBD_DISCONNECT [ 333.550311] block nbd5: Send disconnect failed -32 [ 333.555747] block nbd1: NBD_DISCONNECT [ 333.561478] block nbd1: Send disconnect failed -32 [ 333.564259] block nbd5: shutting down sockets 03:34:44 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x1c, 0x1, 0xffff) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) [ 333.587978] block nbd1: shutting down sockets 03:34:44 executing program 1: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000080601030000000000000000000000000500010006000000b644e794c2ba795ccf04b2bc2458d4773250b7cf4093838b10d4ab73cfbdfccca20c76c7db69512e730149c268ecf993186fa52d96136a432645c6e0f5168d7de3f5b2261721cf7665151d3753e8c44a575bd1280c2ac52dafdf723f375ccb9b6b4ce7f99ab80e11d49a58fb6d43fe40b2336f447dc20a2a1ca2a8cb57a52496fb7225facea0accbd907cc5fc18b22a580bb85ae2da1ee2ea25e6012818cadea2846f0e7a45846919a73cc8c40f6e33aa643496049d3ed8a82d7328173609e6fdc9c9d9776762332aac290549ee51a96eec83feafb6d68e0c2cd27f364d22d184393ae913bde37b1d595eff04b0be3059abd57880253c64027e38ea93084df2d8d2c60dffc3164aae245e35ad1d72e5268b1ca28a0a933e9f6e7891da290dcbbe4dbe0c19e32463b4c7558541fc0dcf5875211a467067d14aba74ddf2326232634c1bc1f33c0ee642a4475d588aa5a84914e5a13a929a0212484c31f623f0b37d3ad17c121dfed5ef435a73796287fe5fd797c5e6a5c154eb3c1b6e67347d0e2e780107f09b5554e00"], 0x1c}}, 0x0) 03:34:44 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 333.713830] block nbd5: NBD_DISCONNECT 03:34:45 executing program 0: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:45 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:45 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0xb, 0x4, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) 03:34:45 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 333.939939] block nbd5: NBD_DISCONNECT 03:34:45 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) r6 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r6, 0x4000000000000, 0x40, &(0x7f0000000400)=ANY=[@ANYBLOB="72617700000000000000000000000000000000000000000000000000000000000200000003000000d80200000000000090010000ffffffcb9001000000000077400200004002000040020000400200004002000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000030000000190010000000000000000000000000000000000000000c000737472696e670000000000000000000000000000000000000000000000feff000000626d0000000000000000000000000000bdc74c01369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa6ecab6b1d2cc05e3182f64694d7d05fb8b8c8f56627a54f905d564eeeb8334f650ca0f3c44f7fda4d20a55050342ea85ecc8838e7088de33582f36a0a375bb7008adc297a5ece1bb2df53d17bef26bb6f800000000000000000000000000000000007f00000000000000000000006000484d41524b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ac1e0001e0000002000000000000000076657468305f746f5f6261746164760069703667726574617030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b0000000000000000000000000000000000000000000400052415445455354000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x338) accept4(r6, 0x0, &(0x7f0000000000), 0x800) 03:34:45 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) pipe(&(0x7f0000000380)) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 334.130962] block nbd5: NBD_DISCONNECT [ 334.138775] block nbd5: Send disconnect failed -32 [ 334.157593] block nbd5: shutting down sockets 03:34:45 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, 0x0, 0x0, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:45 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0xa, 0x6, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$BLKALIGNOFF(r5, 0x127a, &(0x7f0000000000)) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000001280), 0x4) r7 = socket$inet_udplite(0x2, 0x2, 0x88) r8 = fcntl$dupfd(r7, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400202) ioctl$VIDIOC_DQBUF(r8, 0xc0585611, &(0x7f0000000080)={0x0, 0x9, 0x4, 0x2, 0x800001, {0x77359400}, {0x5, 0x1, 0xdd, 0x85, 0x6, 0x9, "6be385ea"}, 0x8, 0x2, @fd, 0x3, 0x0, r0}) read$FUSE(r9, &(0x7f0000000100), 0x1000) ioctl$NBD_DO_IT(r2, 0xab08) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendmsg$nfc_llcp(0xffffffffffffffff, &(0x7f0000001240)={&(0x7f0000001100)={0x27, 0x1, 0x0, 0x7, 0x81, 0x81, "99e7c4be6031274f633f589e15e5f57911581b6cd7581457b4c22493768a0d31601214939a38942f3ba1eaef3a2d02e321e3b8534328f65bd5aa8a985e9fda", 0x1d}, 0x60, &(0x7f0000001200)=[{&(0x7f0000001180)="ecaf6bbee9a14a3497e9b9f3046f7f6191f00725259a787b66b2542f1adf059895b2fffd450a807802b2060d3b611ace7930e841593eef0cdb472071f7a5fa216811a8845d5fd611298ee5d300db8671", 0x50}], 0x1, 0x0, 0x0, 0x4}, 0x4000000) 03:34:45 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 334.568625] block nbd5: NBD_DISCONNECT [ 334.580134] block nbd5: Send disconnect failed -32 [ 334.605554] block nbd5: shutting down sockets 03:34:45 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) getsockname$inet6(r3, &(0x7f0000000000), &(0x7f0000000080)=0x1c) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) [ 334.656414] block nbd5: NBD_DISCONNECT 03:34:45 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:45 executing program 0: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:46 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) sysinfo(&(0x7f0000000080)=""/113) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$sock_SIOCGSKNS(r4, 0x894c, &(0x7f0000000000)=0x5) ioctl$NBD_DO_IT(r2, 0xab08) [ 334.772698] block nbd5: NBD_DISCONNECT [ 334.789738] block nbd5: Send disconnect failed -32 [ 334.810616] block nbd5: shutting down sockets [ 334.916483] block nbd5: NBD_DISCONNECT [ 334.932830] block nbd5: Send disconnect failed -32 [ 334.951207] block nbd5: shutting down sockets 03:34:46 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) pipe(&(0x7f0000000380)) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:46 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x14000, 0x0) ioctl$KVM_GET_NR_MMU_PAGES(r2, 0xae45, 0x9) r3 = syz_open_dev$ndb(0x0, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) socket(0x8, 0x2, 0x5) r6 = fcntl$dupfd(r5, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x4) ioctl$NBD_DO_IT(r3, 0xab08) [ 335.097516] block nbd5: NBD_DISCONNECT [ 335.102553] block nbd5: Send disconnect failed -32 [ 335.122767] block nbd5: shutting down sockets [ 335.148707] block nbd5: shutting down sockets 03:34:46 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, 0x0, 0x0, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:46 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) prctl$PR_GET_SECCOMP(0x15) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = socket$inet_udplite(0x2, 0x2, 0x88) r8 = fcntl$dupfd(r7, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) getsockopt$CAN_RAW_RECV_OWN_MSGS(r8, 0x65, 0x4, &(0x7f0000000000), &(0x7f0000000080)=0x4) ioctl$NBD_DO_IT(r2, 0xab08) r9 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) write$UHID_INPUT2(r9, &(0x7f0000000180)=ANY=[@ANYBLOB="0c0000006500bd60c6112dfeea9864df4df6dda0d335e44762c218421bad36c1f448e111bc1f60b2854815da7a3eebf3fd4c0d6852b70482dbae7184e51a2a2236bfd868545926226f13a07077cac39c3ad913f601e4fcb30c681a150f720553ef797576c1f78a8d5ae7a5a3b076bd011eec2b7a24c44d04da506a3a68000dc6338569d980c3981e084235da"], 0x6b) 03:34:46 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 335.482956] block nbd5: NBD_DISCONNECT [ 335.501821] block nbd5: Send disconnect failed -32 03:34:46 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x10340) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) [ 335.524194] block nbd5: shutting down sockets 03:34:46 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:46 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 335.667563] block nbd5: NBD_DISCONNECT 03:34:46 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYRESOCT], 0x1}, 0x1, 0x0, 0x0, 0x20014}, 0x34040844) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140), &(0x7f0000000180)=0x4) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x3a2480) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r4 = syz_init_net_socket$ax25(0x3, 0x3, 0xcf) syz_open_dev$video4linux(&(0x7f0000000080)='/dev/v4l-subdev#\x00', 0x2, 0x2ce083) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r5, 0x1000008912, &(0x7f0000000380)="080db5e25e0bcfe800a071a13a63078559631f31e2b24d391df401230f87a7b1a9a42a5a6cc98c67f92706960c40604ea136619e80f850b99e63a7245202cd669b2cb06843a3901a44d8cb72dcb8638ff809465ee70600006129006809e7e7ab71c3e589bc15bf2ce6ae5e980000ff0700000000000000000000000041c84ffef35976fb34cf14f3e9c08be8789e284e204eba89fb72fcffb56e661888f4cc6a71a2565f12a8f8220072b095fd25d668646a0a4d9f6455fa7c7ed70df07553bdcbacb772ba0fa6a9b7bc6b94c85185d18312ecf806dfd182caa132b269ac7cd14d39d0586b257dc06b3d7b729589408bfc03129cd96d3932316f86fb6f5f0219b3d4") r6 = fcntl$dupfd(r4, 0x406, r3) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) [ 335.771155] block nbd5: shutting down sockets 03:34:47 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) r6 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) ioctl(r6, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") listen(r6, 0xda) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$NBD_DO_IT(r2, 0xab08) 03:34:47 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) pipe(&(0x7f0000000380)) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:47 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) getsockopt$bt_BT_SNDMTU(r1, 0x112, 0xc, &(0x7f0000000000)=0x1ff, &(0x7f0000000080)=0x2) ioctl$NBD_DO_IT(r2, 0xab08) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = socket$inet_udplite(0x2, 0x2, 0x88) r8 = fcntl$dupfd(r7, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) openat(r8, &(0x7f00000000c0)='./file0\x00', 0x10000, 0x43) 03:34:47 executing program 5: r0 = gettid() ioprio_set$pid(0x2, r0, 0x0) r1 = gettid() ioprio_set$pid(0x2, r1, 0x0) tgkill(r0, r1, 0x1b) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r2 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) r3 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r3) r4 = syz_open_dev$ndb(0x0, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) r7 = socket$inet_udplite(0x2, 0x2, 0x88) r8 = fcntl$dupfd(r7, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ioctl$SNDRV_PCM_IOCTL_START(r8, 0x4142, 0x0) r9 = fcntl$dupfd(r6, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) ioctl$NBD_DO_IT(r4, 0xab08) [ 336.079144] block nbd5: NBD_DISCONNECT [ 336.096098] block nbd5: Send disconnect failed -32 [ 336.104664] block nbd5: shutting down sockets 03:34:47 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, 0x0, 0x0, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 336.296731] block nbd5: NBD_DISCONNECT 03:34:47 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 336.384262] block nbd5: Send disconnect failed -32 03:34:47 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) pipe(&(0x7f0000000380)) pipe(&(0x7f0000000380)) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 336.418387] block nbd5: shutting down sockets 03:34:47 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:47 executing program 0: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:48 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:48 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:48 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700), 0x0, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:48 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:48 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:48 executing program 0: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:48 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:49 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:49 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700), 0x0, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:49 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:49 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:49 executing program 0: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:49 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:50 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700), 0x0, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:50 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:50 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:50 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:50 executing program 0: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:50 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:51 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:51 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:51 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) pipe(&(0x7f0000000380)) pipe(&(0x7f0000000380)) dup2(r1, 0xffffffffffffffff) stat(0x0, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:51 executing program 0: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:51 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:51 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:51 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:52 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:52 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:52 executing program 0: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:52 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) pipe(&(0x7f0000000380)) pipe(&(0x7f0000000380)) dup2(r1, 0xffffffffffffffff) stat(0x0, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:52 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:52 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:52 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:52 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:52 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) pipe(&(0x7f0000000380)) pipe(&(0x7f0000000380)) dup2(r1, 0xffffffffffffffff) stat(0x0, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:52 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:53 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:53 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:53 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:53 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:53 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:53 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) pipe(&(0x7f0000000380)) pipe(&(0x7f0000000380)) dup2(r1, 0xffffffffffffffff) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:54 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:54 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:54 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:54 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:54 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:54 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) pipe(&(0x7f0000000380)) pipe(&(0x7f0000000380)) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:55 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:55 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:55 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:55 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:55 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:55 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) pipe(&(0x7f0000000380)) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:55 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:56 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:56 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:56 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:56 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:56 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:56 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:57 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:57 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:57 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:57 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:57 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:57 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:57 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:58 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:58 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:58 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:58 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:58 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:58 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:59 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:59 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:59 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:59 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:59 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:59 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:34:59 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:00 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:00 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:00 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:00 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:00 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:00 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:00 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:00 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:00 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:01 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:01 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:01 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:01 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:01 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:01 executing program 2: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:01 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:02 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:02 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:02 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:02 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:02 executing program 2: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) pipe(&(0x7f0000000380)) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:02 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:02 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:03 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:03 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:03 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:03 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:03 executing program 2: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:03 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:03 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:03 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:04 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:04 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:04 executing program 2: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:04 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:04 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:04 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:04 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:05 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:05 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700), 0x0, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:05 executing program 2: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) pipe(&(0x7f0000000380)) pipe(&(0x7f0000000380)) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:05 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:05 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:05 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:05 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700), 0x0, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:06 executing program 3: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) pipe(&(0x7f0000000380)) pipe(&(0x7f0000000380)) dup2(r1, 0xffffffffffffffff) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:06 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:06 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:06 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700), 0x0, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:06 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:06 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:06 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:07 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:07 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:07 executing program 2 (fault-call:9 fault-nth:0): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 356.267362] FAULT_INJECTION: forcing a failure. [ 356.267362] name failslab, interval 1, probability 0, space 0, times 0 [ 356.279162] CPU: 0 PID: 13907 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 356.287060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 356.296416] Call Trace: [ 356.299012] dump_stack+0x13e/0x194 [ 356.302649] should_fail.cold+0x10a/0x14b [ 356.306810] should_failslab+0xd6/0x130 [ 356.310850] kmem_cache_alloc_node+0x288/0x7a0 [ 356.315471] ? find_held_lock+0x2d/0x110 [ 356.319602] ? get_pid_task+0x91/0x130 [ 356.323579] copy_process.part.0+0x17d5/0x6a70 [ 356.328361] ? get_pid_task+0xb8/0x130 [ 356.332321] ? proc_fail_nth_write+0x7b/0x180 [ 356.336831] ? save_trace+0x290/0x290 [ 356.340643] ? __lock_is_held+0xad/0x140 [ 356.344709] ? find_held_lock+0x2d/0x110 [ 356.348781] ? __cleanup_sighand+0x40/0x40 [ 356.353019] ? lock_downgrade+0x6e0/0x6e0 [ 356.357176] _do_fork+0x180/0xc80 [ 356.360637] ? fork_idle+0x270/0x270 [ 356.364351] ? fput+0xb/0x140 [ 356.367458] ? SyS_write+0x14d/0x210 [ 356.371175] ? SyS_read+0x210/0x210 [ 356.374805] ? SyS_clock_settime+0x1a0/0x1a0 [ 356.379224] ? do_syscall_64+0x4c/0x640 [ 356.383201] ? sys_vfork+0x20/0x20 [ 356.386752] do_syscall_64+0x1d5/0x640 [ 356.390649] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 356.395841] RIP: 0033:0x45c849 [ 356.399038] RSP: 002b:00007f6efb30fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 356.406754] RAX: ffffffffffffffda RBX: 00007f6efb3106d4 RCX: 000000000045c849 03:35:07 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 356.414046] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 356.421428] RBP: 000000000076bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 356.428961] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 356.436238] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000000 03:35:07 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:07 executing program 3 (fault-call:8 fault-nth:0): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 356.736050] FAULT_INJECTION: forcing a failure. [ 356.736050] name failslab, interval 1, probability 0, space 0, times 0 [ 356.747427] CPU: 1 PID: 13926 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 356.755315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 356.764675] Call Trace: [ 356.767286] dump_stack+0x13e/0x194 [ 356.770926] should_fail.cold+0x10a/0x14b [ 356.775096] should_failslab+0xd6/0x130 [ 356.779086] kmem_cache_alloc_node+0x288/0x7a0 [ 356.784023] ? find_held_lock+0x2d/0x110 [ 356.788093] ? get_pid_task+0x91/0x130 [ 356.791997] copy_process.part.0+0x17d5/0x6a70 [ 356.796604] ? get_pid_task+0xb8/0x130 [ 356.800504] ? proc_fail_nth_write+0x7b/0x180 [ 356.805010] ? save_trace+0x290/0x290 [ 356.808822] ? __lock_is_held+0xad/0x140 [ 356.812889] ? find_held_lock+0x2d/0x110 [ 356.816965] ? __cleanup_sighand+0x40/0x40 [ 356.821218] ? lock_downgrade+0x6e0/0x6e0 [ 356.825386] _do_fork+0x180/0xc80 [ 356.828854] ? fork_idle+0x270/0x270 [ 356.832585] ? fput+0xb/0x140 [ 356.835701] ? SyS_write+0x14d/0x210 [ 356.839417] ? SyS_read+0x210/0x210 [ 356.843060] ? SyS_clock_settime+0x1a0/0x1a0 [ 356.847485] ? do_syscall_64+0x4c/0x640 [ 356.851466] ? sys_vfork+0x20/0x20 [ 356.855018] do_syscall_64+0x1d5/0x640 [ 356.858922] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 356.864112] RIP: 0033:0x45c849 [ 356.867390] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 356.875103] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 03:35:08 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 356.882376] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 356.889651] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 356.896928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 356.904204] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000000 03:35:08 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:08 executing program 2 (fault-call:9 fault-nth:1): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 357.075962] FAULT_INJECTION: forcing a failure. [ 357.075962] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 357.087914] CPU: 1 PID: 13940 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 357.095900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 357.106416] Call Trace: [ 357.109024] dump_stack+0x13e/0x194 [ 357.112669] should_fail.cold+0x10a/0x14b [ 357.116881] __alloc_pages_nodemask+0x1bf/0x700 [ 357.121572] ? __alloc_pages_slowpath+0x26c0/0x26c0 [ 357.126600] ? copy_process.part.0+0x17d5/0x6a70 [ 357.131367] ? rcu_read_lock_sched_held+0x10a/0x130 [ 357.136402] copy_process.part.0+0x26a/0x6a70 [ 357.140915] ? get_pid_task+0xb8/0x130 [ 357.144964] ? proc_fail_nth_write+0x7b/0x180 [ 357.149581] ? save_trace+0x290/0x290 [ 357.153516] ? __lock_is_held+0xad/0x140 [ 357.157594] ? find_held_lock+0x2d/0x110 [ 357.161755] ? __cleanup_sighand+0x40/0x40 [ 357.166109] ? lock_downgrade+0x6e0/0x6e0 [ 357.170273] _do_fork+0x180/0xc80 [ 357.173743] ? fork_idle+0x270/0x270 [ 357.177465] ? fput+0xb/0x140 [ 357.180579] ? SyS_write+0x14d/0x210 [ 357.184301] ? SyS_read+0x210/0x210 [ 357.188034] ? SyS_clock_settime+0x1a0/0x1a0 [ 357.192450] ? do_syscall_64+0x4c/0x640 [ 357.196449] ? sys_vfork+0x20/0x20 [ 357.199998] do_syscall_64+0x1d5/0x640 [ 357.204246] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 357.209439] RIP: 0033:0x45c849 [ 357.212629] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 357.220345] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 357.227620] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 357.234894] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 357.242167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 357.249442] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000001 03:35:08 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:08 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:08 executing program 3 (fault-call:8 fault-nth:1): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:08 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 357.603067] FAULT_INJECTION: forcing a failure. [ 357.603067] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 357.615135] CPU: 1 PID: 13959 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 357.623027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 357.632474] Call Trace: [ 357.635077] dump_stack+0x13e/0x194 [ 357.638725] should_fail.cold+0x10a/0x14b [ 357.642891] __alloc_pages_nodemask+0x1bf/0x700 [ 357.647578] ? __alloc_pages_slowpath+0x26c0/0x26c0 [ 357.652604] ? copy_process.part.0+0x17d5/0x6a70 [ 357.657368] ? rcu_read_lock_sched_held+0x10a/0x130 [ 357.662404] copy_process.part.0+0x26a/0x6a70 [ 357.666917] ? get_pid_task+0xb8/0x130 [ 357.670811] ? proc_fail_nth_write+0x7b/0x180 [ 357.675315] ? save_trace+0x290/0x290 [ 357.679118] ? __lock_is_held+0xad/0x140 [ 357.683183] ? find_held_lock+0x2d/0x110 [ 357.687257] ? __cleanup_sighand+0x40/0x40 [ 357.691494] ? lock_downgrade+0x6e0/0x6e0 [ 357.695651] _do_fork+0x180/0xc80 [ 357.699116] ? fork_idle+0x270/0x270 [ 357.702832] ? fput+0xb/0x140 [ 357.705944] ? SyS_write+0x14d/0x210 [ 357.709660] ? SyS_read+0x210/0x210 [ 357.713295] ? SyS_clock_settime+0x1a0/0x1a0 [ 357.717709] ? do_syscall_64+0x4c/0x640 [ 357.721687] ? sys_vfork+0x20/0x20 [ 357.725236] do_syscall_64+0x1d5/0x640 [ 357.729129] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 357.734322] RIP: 0033:0x45c849 [ 357.737507] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 357.745223] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 03:35:08 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 357.752665] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 357.759939] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 357.767298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 357.774569] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000001 03:35:09 executing program 2 (fault-call:9 fault-nth:2): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:09 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:09 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 358.008631] FAULT_INJECTION: forcing a failure. [ 358.008631] name failslab, interval 1, probability 0, space 0, times 0 [ 358.020059] CPU: 0 PID: 13970 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 358.028034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 358.037602] Call Trace: [ 358.040200] dump_stack+0x13e/0x194 [ 358.043838] should_fail.cold+0x10a/0x14b [ 358.048698] should_failslab+0xd6/0x130 [ 358.052692] kmem_cache_alloc+0x2b5/0x770 [ 358.056910] ? selinux_is_enabled+0x5/0x50 [ 358.061198] ? creds_are_invalid+0x44/0x100 [ 358.065622] ? __validate_process_creds+0x19e/0x1f0 [ 358.070649] prepare_creds+0x37/0x380 [ 358.074633] copy_creds+0x72/0x4d0 [ 358.078191] copy_process.part.0+0x868/0x6a70 [ 358.082727] ? get_pid_task+0xb8/0x130 [ 358.086631] ? proc_fail_nth_write+0x7b/0x180 [ 358.091130] ? save_trace+0x290/0x290 [ 358.094937] ? __lock_is_held+0xad/0x140 [ 358.099009] ? find_held_lock+0x2d/0x110 [ 358.103083] ? __cleanup_sighand+0x40/0x40 [ 358.107320] ? lock_downgrade+0x6e0/0x6e0 [ 358.111475] _do_fork+0x180/0xc80 [ 358.114938] ? fork_idle+0x270/0x270 [ 358.118659] ? fput+0xb/0x140 [ 358.121764] ? SyS_write+0x14d/0x210 [ 358.125476] ? SyS_read+0x210/0x210 [ 358.129102] ? SyS_clock_settime+0x1a0/0x1a0 [ 358.133516] ? do_syscall_64+0x4c/0x640 [ 358.137489] ? sys_vfork+0x20/0x20 [ 358.141034] do_syscall_64+0x1d5/0x640 [ 358.144926] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 358.150116] RIP: 0033:0x45c849 03:35:09 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:09 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 358.153301] RSP: 002b:00007f6efb30fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 358.161012] RAX: ffffffffffffffda RBX: 00007f6efb3106d4 RCX: 000000000045c849 [ 358.168283] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 358.175557] RBP: 000000000076bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 358.182825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 358.190092] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000002 03:35:09 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:09 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:09 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:09 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:09 executing program 3 (fault-call:8 fault-nth:2): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:09 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 358.467938] FAULT_INJECTION: forcing a failure. [ 358.467938] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 358.479911] CPU: 1 PID: 14014 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 358.487806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 358.497166] Call Trace: [ 358.499766] dump_stack+0x13e/0x194 [ 358.503411] should_fail.cold+0x10a/0x14b [ 358.507569] __alloc_pages_nodemask+0x1bf/0x700 [ 358.512251] ? __alloc_pages_slowpath+0x26c0/0x26c0 [ 358.517274] ? copy_process.part.0+0x17d5/0x6a70 [ 358.522044] ? rcu_read_lock_sched_held+0x10a/0x130 [ 358.527079] copy_process.part.0+0x26a/0x6a70 [ 358.531589] ? get_pid_task+0xb8/0x130 [ 358.535493] ? proc_fail_nth_write+0x7b/0x180 [ 358.539997] ? save_trace+0x290/0x290 [ 358.543802] ? __lock_is_held+0xad/0x140 [ 358.547879] ? find_held_lock+0x2d/0x110 [ 358.551949] ? __cleanup_sighand+0x40/0x40 [ 358.556190] ? lock_downgrade+0x6e0/0x6e0 [ 358.561602] _do_fork+0x180/0xc80 [ 358.565071] ? fork_idle+0x270/0x270 [ 358.568794] ? fput+0xb/0x140 [ 358.571909] ? SyS_write+0x14d/0x210 [ 358.575633] ? SyS_read+0x210/0x210 [ 358.579270] ? SyS_clock_settime+0x1a0/0x1a0 [ 358.583683] ? do_syscall_64+0x4c/0x640 [ 358.587664] ? sys_vfork+0x20/0x20 [ 358.591217] do_syscall_64+0x1d5/0x640 [ 358.595122] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 358.600319] RIP: 0033:0x45c849 [ 358.603506] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 358.611220] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 358.618502] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 358.625895] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 358.633174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 358.640449] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000002 03:35:09 executing program 2 (fault-call:9 fault-nth:3): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 358.857984] FAULT_INJECTION: forcing a failure. [ 358.857984] name failslab, interval 1, probability 0, space 0, times 0 [ 358.869306] CPU: 1 PID: 14018 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 358.877199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 358.886562] Call Trace: [ 358.889165] dump_stack+0x13e/0x194 [ 358.892808] should_fail.cold+0x10a/0x14b [ 358.896970] should_failslab+0xd6/0x130 [ 358.900954] __kmalloc_track_caller+0x2e1/0x7b0 [ 358.905630] ? selinux_cred_prepare+0x44/0xa0 [ 358.910135] ? prepare_creds+0x37/0x380 [ 358.914121] kmemdup+0x23/0x50 [ 358.917325] selinux_cred_prepare+0x44/0xa0 [ 358.921651] security_prepare_creds+0x76/0xb0 [ 358.926152] prepare_creds+0x2cc/0x380 [ 358.930147] copy_creds+0x72/0x4d0 [ 358.933699] copy_process.part.0+0x868/0x6a70 [ 358.938208] ? get_pid_task+0xb8/0x130 [ 358.942103] ? proc_fail_nth_write+0x7b/0x180 [ 358.946609] ? save_trace+0x290/0x290 [ 358.950427] ? __lock_is_held+0xad/0x140 [ 358.954497] ? find_held_lock+0x2d/0x110 [ 358.958571] ? __cleanup_sighand+0x40/0x40 [ 358.962815] ? lock_downgrade+0x6e0/0x6e0 [ 358.967323] _do_fork+0x180/0xc80 [ 358.970787] ? fork_idle+0x270/0x270 [ 358.974510] ? fput+0xb/0x140 [ 358.977618] ? SyS_write+0x14d/0x210 [ 358.981337] ? SyS_read+0x210/0x210 [ 358.984965] ? SyS_clock_settime+0x1a0/0x1a0 [ 358.989376] ? do_syscall_64+0x4c/0x640 [ 358.993366] ? sys_vfork+0x20/0x20 [ 358.996919] do_syscall_64+0x1d5/0x640 [ 359.000823] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 359.006011] RIP: 0033:0x45c849 [ 359.009199] RSP: 002b:00007f6efb30fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 359.016910] RAX: ffffffffffffffda RBX: 00007f6efb3106d4 RCX: 000000000045c849 [ 359.024180] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 359.031452] RBP: 000000000076bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 359.038723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 359.045998] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000003 03:35:10 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:10 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:10 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:10 executing program 3 (fault-call:8 fault-nth:3): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:10 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 359.366113] FAULT_INJECTION: forcing a failure. [ 359.366113] name failslab, interval 1, probability 0, space 0, times 0 [ 359.377627] CPU: 0 PID: 14045 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 359.385522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 359.395002] Call Trace: [ 359.397611] dump_stack+0x13e/0x194 [ 359.401261] should_fail.cold+0x10a/0x14b [ 359.405428] should_failslab+0xd6/0x130 [ 359.409418] __kmalloc_track_caller+0x2e1/0x7b0 [ 359.414100] ? selinux_cred_prepare+0x44/0xa0 [ 359.418615] ? prepare_creds+0x37/0x380 [ 359.422609] kmemdup+0x23/0x50 [ 359.425818] selinux_cred_prepare+0x44/0xa0 [ 359.430151] security_prepare_creds+0x76/0xb0 [ 359.434659] prepare_creds+0x2cc/0x380 [ 359.438574] copy_creds+0x72/0x4d0 [ 359.442127] copy_process.part.0+0x868/0x6a70 [ 359.446731] ? get_pid_task+0xb8/0x130 [ 359.450633] ? proc_fail_nth_write+0x7b/0x180 [ 359.455138] ? save_trace+0x290/0x290 [ 359.459004] ? __lock_is_held+0xad/0x140 [ 359.463086] ? find_held_lock+0x2d/0x110 [ 359.467161] ? __cleanup_sighand+0x40/0x40 [ 359.471512] ? lock_downgrade+0x6e0/0x6e0 [ 359.475678] _do_fork+0x180/0xc80 [ 359.479140] ? fork_idle+0x270/0x270 [ 359.482860] ? fput+0xb/0x140 [ 359.486931] ? SyS_write+0x14d/0x210 [ 359.490663] ? SyS_read+0x210/0x210 [ 359.494296] ? SyS_clock_settime+0x1a0/0x1a0 [ 359.498710] ? do_syscall_64+0x4c/0x640 [ 359.502691] ? sys_vfork+0x20/0x20 [ 359.506242] do_syscall_64+0x1d5/0x640 [ 359.510306] entry_SYSCALL_64_after_hwframe+0x42/0xb7 03:35:10 executing program 2 (fault-call:9 fault-nth:4): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 359.515503] RIP: 0033:0x45c849 [ 359.518693] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 359.526406] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 359.533787] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 359.541061] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 359.548431] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 359.555706] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000003 [ 359.680338] FAULT_INJECTION: forcing a failure. [ 359.680338] name failslab, interval 1, probability 0, space 0, times 0 [ 359.691789] CPU: 0 PID: 14051 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 359.699680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 359.709037] Call Trace: [ 359.711641] dump_stack+0x13e/0x194 [ 359.715284] should_fail.cold+0x10a/0x14b [ 359.719446] should_failslab+0xd6/0x130 [ 359.723424] kmem_cache_alloc+0x2b5/0x770 [ 359.727579] ? retire_userns_sysctls+0x80/0x80 [ 359.732233] create_user_ns+0x3cb/0xca0 [ 359.736219] copy_creds+0x3c1/0x4d0 [ 359.739850] copy_process.part.0+0x868/0x6a70 [ 359.744359] ? get_pid_task+0xb8/0x130 [ 359.748256] ? proc_fail_nth_write+0x7b/0x180 [ 359.752845] ? save_trace+0x290/0x290 [ 359.756660] ? __lock_is_held+0xad/0x140 [ 359.760764] ? find_held_lock+0x2d/0x110 [ 359.764840] ? __cleanup_sighand+0x40/0x40 [ 359.769086] ? lock_downgrade+0x6e0/0x6e0 [ 359.773247] _do_fork+0x180/0xc80 [ 359.776721] ? fork_idle+0x270/0x270 [ 359.780444] ? fput+0xb/0x140 [ 359.783555] ? SyS_write+0x14d/0x210 [ 359.787270] ? SyS_read+0x210/0x210 [ 359.790897] ? SyS_clock_settime+0x1a0/0x1a0 [ 359.795306] ? do_syscall_64+0x4c/0x640 [ 359.799281] ? sys_vfork+0x20/0x20 [ 359.802824] do_syscall_64+0x1d5/0x640 [ 359.806721] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 359.811908] RIP: 0033:0x45c849 [ 359.815094] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 359.822804] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 359.830074] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 359.837348] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 359.844620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 359.851894] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000004 03:35:11 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:11 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:11 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:11 executing program 3 (fault-call:8 fault-nth:4): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:11 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 360.241051] FAULT_INJECTION: forcing a failure. [ 360.241051] name failslab, interval 1, probability 0, space 0, times 0 [ 360.252365] CPU: 1 PID: 14075 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 360.260252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 360.269606] Call Trace: [ 360.272205] dump_stack+0x13e/0x194 [ 360.275846] should_fail.cold+0x10a/0x14b [ 360.280007] should_failslab+0xd6/0x130 [ 360.283992] __kmalloc_track_caller+0x2e1/0x7b0 [ 360.288668] ? selinux_cred_prepare+0x44/0xa0 [ 360.293167] ? prepare_creds+0x37/0x380 [ 360.297144] kmemdup+0x23/0x50 [ 360.300340] selinux_cred_prepare+0x44/0xa0 [ 360.304662] security_prepare_creds+0x76/0xb0 [ 360.309162] prepare_creds+0x2cc/0x380 [ 360.313058] copy_creds+0x72/0x4d0 [ 360.316604] copy_process.part.0+0x868/0x6a70 [ 360.321113] ? get_pid_task+0xb8/0x130 [ 360.325013] ? proc_fail_nth_write+0x7b/0x180 [ 360.329512] ? save_trace+0x290/0x290 [ 360.333318] ? __lock_is_held+0xad/0x140 [ 360.337385] ? find_held_lock+0x2d/0x110 [ 360.341457] ? __cleanup_sighand+0x40/0x40 [ 360.345692] ? lock_downgrade+0x6e0/0x6e0 [ 360.349855] _do_fork+0x180/0xc80 [ 360.353314] ? fork_idle+0x270/0x270 [ 360.357031] ? fput+0xb/0x140 [ 360.360137] ? SyS_write+0x14d/0x210 [ 360.363848] ? SyS_read+0x210/0x210 [ 360.367475] ? SyS_clock_settime+0x1a0/0x1a0 [ 360.371891] ? do_syscall_64+0x4c/0x640 [ 360.375905] ? sys_vfork+0x20/0x20 [ 360.379447] do_syscall_64+0x1d5/0x640 [ 360.383342] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 360.388529] RIP: 0033:0x45c849 03:35:11 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:11 executing program 2 (fault-call:9 fault-nth:5): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:11 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 360.391719] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 360.399429] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 360.406700] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 360.413978] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 360.421249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 360.428517] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000004 03:35:11 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:11 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 360.594782] FAULT_INJECTION: forcing a failure. [ 360.594782] name failslab, interval 1, probability 0, space 0, times 0 [ 360.606206] CPU: 0 PID: 14084 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 360.614109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 360.623459] Call Trace: [ 360.626069] dump_stack+0x13e/0x194 [ 360.629713] should_fail.cold+0x10a/0x14b [ 360.633871] should_failslab+0xd6/0x130 [ 360.637860] __kmalloc_track_caller+0x2e1/0x7b0 [ 360.642543] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 360.647656] ? setup_userns_sysctls+0x4d/0x170 [ 360.652254] kmemdup+0x23/0x50 [ 360.655455] setup_userns_sysctls+0x4d/0x170 [ 360.659881] create_user_ns+0x76a/0xca0 [ 360.663866] copy_creds+0x3c1/0x4d0 [ 360.667492] copy_process.part.0+0x868/0x6a70 [ 360.672037] ? get_pid_task+0xb8/0x130 [ 360.675926] ? proc_fail_nth_write+0x7b/0x180 [ 360.680674] ? save_trace+0x290/0x290 [ 360.684466] ? __lock_is_held+0xad/0x140 [ 360.688524] ? find_held_lock+0x2d/0x110 [ 360.692588] ? __cleanup_sighand+0x40/0x40 [ 360.696831] ? lock_downgrade+0x6e0/0x6e0 [ 360.701100] _do_fork+0x180/0xc80 [ 360.704564] ? fork_idle+0x270/0x270 [ 360.708273] ? fput+0xb/0x140 [ 360.711373] ? SyS_write+0x14d/0x210 [ 360.715070] ? SyS_read+0x210/0x210 [ 360.718680] ? SyS_clock_settime+0x1a0/0x1a0 [ 360.723076] ? do_syscall_64+0x4c/0x640 [ 360.727043] ? sys_vfork+0x20/0x20 [ 360.730571] do_syscall_64+0x1d5/0x640 [ 360.734451] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 360.739633] RIP: 0033:0x45c849 03:35:11 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:11 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 360.743252] RSP: 002b:00007f6efb30fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 360.750957] RAX: ffffffffffffffda RBX: 00007f6efb3106d4 RCX: 000000000045c849 [ 360.758367] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 360.765624] RBP: 000000000076bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 360.772884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 360.780146] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000005 03:35:12 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:12 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:12 executing program 3 (fault-call:8 fault-nth:5): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:12 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 361.088865] FAULT_INJECTION: forcing a failure. [ 361.088865] name failslab, interval 1, probability 0, space 0, times 0 [ 361.100233] CPU: 0 PID: 14120 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 361.108135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 361.117499] Call Trace: [ 361.120097] dump_stack+0x13e/0x194 [ 361.123737] should_fail.cold+0x10a/0x14b [ 361.127892] should_failslab+0xd6/0x130 [ 361.131881] kmem_cache_alloc+0x2b5/0x770 [ 361.136053] ? retire_userns_sysctls+0x80/0x80 [ 361.140670] create_user_ns+0x3cb/0xca0 [ 361.144668] copy_creds+0x3c1/0x4d0 [ 361.148302] copy_process.part.0+0x868/0x6a70 [ 361.152820] ? get_pid_task+0xb8/0x130 [ 361.156717] ? proc_fail_nth_write+0x7b/0x180 [ 361.161234] ? save_trace+0x290/0x290 [ 361.165046] ? __lock_is_held+0xad/0x140 [ 361.169109] ? find_held_lock+0x2d/0x110 [ 361.173181] ? __cleanup_sighand+0x40/0x40 [ 361.177420] ? lock_downgrade+0x6e0/0x6e0 [ 361.181578] _do_fork+0x180/0xc80 [ 361.185047] ? fork_idle+0x270/0x270 [ 361.188762] ? fput+0xb/0x140 [ 361.191874] ? SyS_write+0x14d/0x210 [ 361.195597] ? SyS_read+0x210/0x210 [ 361.199227] ? SyS_clock_settime+0x1a0/0x1a0 [ 361.203638] ? do_syscall_64+0x4c/0x640 [ 361.207611] ? sys_vfork+0x20/0x20 [ 361.211155] do_syscall_64+0x1d5/0x640 [ 361.215053] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 361.220238] RIP: 0033:0x45c849 [ 361.223428] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 361.231137] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 03:35:12 executing program 2 (fault-call:9 fault-nth:6): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 361.238406] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 361.245679] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 361.252949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 361.260219] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000005 03:35:12 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 361.419087] FAULT_INJECTION: forcing a failure. [ 361.419087] name failslab, interval 1, probability 0, space 0, times 0 [ 361.430487] CPU: 0 PID: 14131 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 361.438375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 361.447736] Call Trace: [ 361.450338] dump_stack+0x13e/0x194 [ 361.453972] should_fail.cold+0x10a/0x14b [ 361.458126] should_failslab+0xd6/0x130 [ 361.462108] __kmalloc_track_caller+0x2e1/0x7b0 [ 361.466826] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 361.471943] ? setup_userns_sysctls+0x4d/0x170 [ 361.476540] kmemdup+0x23/0x50 [ 361.479737] setup_userns_sysctls+0x4d/0x170 [ 361.484155] create_user_ns+0x76a/0xca0 [ 361.488139] copy_creds+0x3c1/0x4d0 [ 361.491770] copy_process.part.0+0x868/0x6a70 [ 361.496276] ? get_pid_task+0xb8/0x130 [ 361.500173] ? proc_fail_nth_write+0x7b/0x180 [ 361.504666] ? save_trace+0x290/0x290 [ 361.508470] ? __lock_is_held+0xad/0x140 [ 361.512534] ? find_held_lock+0x2d/0x110 [ 361.516599] ? __cleanup_sighand+0x40/0x40 [ 361.520838] ? lock_downgrade+0x6e0/0x6e0 [ 361.524996] _do_fork+0x180/0xc80 [ 361.528450] ? fork_idle+0x270/0x270 [ 361.532160] ? fput+0xb/0x140 [ 361.535266] ? SyS_write+0x14d/0x210 [ 361.538983] ? SyS_read+0x210/0x210 [ 361.542612] ? SyS_clock_settime+0x1a0/0x1a0 [ 361.547029] ? do_syscall_64+0x4c/0x640 [ 361.551007] ? sys_vfork+0x20/0x20 [ 361.554554] do_syscall_64+0x1d5/0x640 [ 361.558452] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 361.563638] RIP: 0033:0x45c849 [ 361.566823] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 361.574542] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 361.581810] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 361.589085] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 361.596353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 361.603624] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000006 03:35:12 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:12 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:12 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:13 executing program 3 (fault-call:8 fault-nth:6): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 361.951991] FAULT_INJECTION: forcing a failure. [ 361.951991] name failslab, interval 1, probability 0, space 0, times 0 [ 361.963548] CPU: 0 PID: 14150 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 361.971446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 361.980787] Call Trace: [ 361.983367] dump_stack+0x13e/0x194 [ 361.986981] should_fail.cold+0x10a/0x14b [ 361.991128] should_failslab+0xd6/0x130 [ 361.995103] __kmalloc+0x2e9/0x7c0 [ 361.998681] ? __register_sysctl_table+0xc3/0xe60 [ 362.003508] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 362.008944] ? rcu_read_lock_sched_held+0x10a/0x130 [ 362.013951] ? __kmalloc_track_caller+0x366/0x7b0 [ 362.018796] __register_sysctl_table+0xc3/0xe60 [ 362.023455] ? memcpy+0x35/0x50 [ 362.026722] setup_userns_sysctls+0xb3/0x170 [ 362.031118] create_user_ns+0x76a/0xca0 [ 362.035075] copy_creds+0x3c1/0x4d0 [ 362.038696] copy_process.part.0+0x868/0x6a70 [ 362.043180] ? get_pid_task+0xb8/0x130 [ 362.047075] ? proc_fail_nth_write+0x7b/0x180 [ 362.051575] ? save_trace+0x290/0x290 [ 362.056586] ? __lock_is_held+0xad/0x140 [ 362.060758] ? find_held_lock+0x2d/0x110 [ 362.064956] ? __cleanup_sighand+0x40/0x40 [ 362.069187] ? lock_downgrade+0x6e0/0x6e0 [ 362.073327] _do_fork+0x180/0xc80 [ 362.076771] ? fork_idle+0x270/0x270 [ 362.080580] ? fput+0xb/0x140 [ 362.083723] ? SyS_write+0x14d/0x210 [ 362.087545] ? SyS_read+0x210/0x210 [ 362.091168] ? SyS_clock_settime+0x1a0/0x1a0 [ 362.095566] ? do_syscall_64+0x4c/0x640 [ 362.099536] ? sys_vfork+0x20/0x20 [ 362.103073] do_syscall_64+0x1d5/0x640 [ 362.106952] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 362.112126] RIP: 0033:0x45c849 [ 362.115298] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 362.122989] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 362.130287] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 362.137549] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 362.144828] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 03:35:13 executing program 2 (fault-call:9 fault-nth:7): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:13 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 362.152102] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000006 [ 362.275023] FAULT_INJECTION: forcing a failure. [ 362.275023] name failslab, interval 1, probability 0, space 0, times 0 [ 362.286394] CPU: 0 PID: 14162 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 362.294288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 362.303647] Call Trace: [ 362.306245] dump_stack+0x13e/0x194 [ 362.309884] should_fail.cold+0x10a/0x14b [ 362.314045] should_failslab+0xd6/0x130 [ 362.318029] __kmalloc+0x2e9/0x7c0 [ 362.321578] ? __register_sysctl_table+0x7cc/0xe60 [ 362.326513] ? lock_downgrade+0x6e0/0x6e0 [ 362.330668] ? find_entry.isra.0+0x1d0/0x1d0 [ 362.335095] __register_sysctl_table+0x7cc/0xe60 [ 362.339869] ? memcpy+0x35/0x50 [ 362.343162] setup_userns_sysctls+0xb3/0x170 [ 362.347587] create_user_ns+0x76a/0xca0 [ 362.351575] copy_creds+0x3c1/0x4d0 [ 362.355213] copy_process.part.0+0x868/0x6a70 [ 362.359720] ? get_pid_task+0xb8/0x130 [ 362.363617] ? proc_fail_nth_write+0x7b/0x180 [ 362.368115] ? save_trace+0x290/0x290 [ 362.371929] ? __lock_is_held+0xad/0x140 [ 362.375993] ? find_held_lock+0x2d/0x110 [ 362.380061] ? __cleanup_sighand+0x40/0x40 [ 362.384300] ? lock_downgrade+0x6e0/0x6e0 [ 362.388461] _do_fork+0x180/0xc80 [ 362.391918] ? fork_idle+0x270/0x270 [ 362.395636] ? fput+0xb/0x140 [ 362.398738] ? SyS_write+0x14d/0x210 [ 362.402452] ? SyS_read+0x210/0x210 [ 362.406103] ? SyS_clock_settime+0x1a0/0x1a0 [ 362.410513] ? do_syscall_64+0x4c/0x640 [ 362.414492] ? sys_vfork+0x20/0x20 [ 362.418041] do_syscall_64+0x1d5/0x640 [ 362.421933] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 362.427122] RIP: 0033:0x45c849 [ 362.430309] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 362.438018] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 362.445292] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 362.452566] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 362.459841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 362.467114] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000007 [ 362.474944] sysctl could not get directory: //user -12 [ 362.481205] CPU: 0 PID: 14162 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 362.489111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 362.498465] Call Trace: [ 362.501063] dump_stack+0x13e/0x194 [ 362.504701] __register_sysctl_table+0x78e/0xe60 [ 362.509465] ? memcpy+0x35/0x50 [ 362.512751] setup_userns_sysctls+0xb3/0x170 [ 362.517168] create_user_ns+0x76a/0xca0 [ 362.521152] copy_creds+0x3c1/0x4d0 [ 362.524783] copy_process.part.0+0x868/0x6a70 [ 362.529295] ? get_pid_task+0xb8/0x130 [ 362.533186] ? proc_fail_nth_write+0x7b/0x180 [ 362.537683] ? save_trace+0x290/0x290 [ 362.541481] ? __lock_is_held+0xad/0x140 [ 362.545567] ? find_held_lock+0x2d/0x110 [ 362.549672] ? __cleanup_sighand+0x40/0x40 [ 362.553906] ? lock_downgrade+0x6e0/0x6e0 [ 362.558058] _do_fork+0x180/0xc80 [ 362.561536] ? fork_idle+0x270/0x270 [ 362.565263] ? fput+0xb/0x140 [ 362.568367] ? SyS_write+0x14d/0x210 [ 362.572082] ? SyS_read+0x210/0x210 [ 362.575760] ? SyS_clock_settime+0x1a0/0x1a0 [ 362.580171] ? do_syscall_64+0x4c/0x640 [ 362.584153] ? sys_vfork+0x20/0x20 [ 362.587701] do_syscall_64+0x1d5/0x640 [ 362.591604] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 362.596787] RIP: 0033:0x45c849 [ 362.599978] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 362.607688] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 362.614962] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 03:35:13 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:13 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 362.622234] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 362.629510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 362.636786] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000007 03:35:13 executing program 3 (fault-call:8 fault-nth:7): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:13 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 362.831089] FAULT_INJECTION: forcing a failure. [ 362.831089] name failslab, interval 1, probability 0, space 0, times 0 [ 362.842417] CPU: 1 PID: 14181 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 362.850298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 362.859663] Call Trace: [ 362.862260] dump_stack+0x13e/0x194 [ 362.866022] should_fail.cold+0x10a/0x14b [ 362.870187] should_failslab+0xd6/0x130 [ 362.874170] __kmalloc+0x2e9/0x7c0 [ 362.877714] ? __register_sysctl_table+0xc3/0xe60 [ 362.882550] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 362.888038] ? rcu_read_lock_sched_held+0x10a/0x130 [ 362.893056] ? __kmalloc_track_caller+0x366/0x7b0 [ 362.897895] __register_sysctl_table+0xc3/0xe60 [ 362.902557] ? memcpy+0x35/0x50 [ 362.905877] setup_userns_sysctls+0xb3/0x170 [ 362.910287] create_user_ns+0x76a/0xca0 [ 362.914267] copy_creds+0x3c1/0x4d0 [ 362.917891] copy_process.part.0+0x868/0x6a70 [ 362.922388] ? get_pid_task+0xb8/0x130 [ 362.926281] ? proc_fail_nth_write+0x7b/0x180 [ 362.930778] ? save_trace+0x290/0x290 [ 362.934592] ? __lock_is_held+0xad/0x140 [ 362.938653] ? find_held_lock+0x2d/0x110 [ 362.942712] ? __cleanup_sighand+0x40/0x40 [ 362.946945] ? lock_downgrade+0x6e0/0x6e0 [ 362.951102] _do_fork+0x180/0xc80 [ 362.954574] ? fork_idle+0x270/0x270 [ 362.958294] ? fput+0xb/0x140 [ 362.961403] ? SyS_write+0x14d/0x210 [ 362.965115] ? SyS_read+0x210/0x210 [ 362.968755] ? SyS_clock_settime+0x1a0/0x1a0 [ 362.973176] ? do_syscall_64+0x4c/0x640 [ 362.977156] ? sys_vfork+0x20/0x20 03:35:14 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 362.980686] do_syscall_64+0x1d5/0x640 [ 362.984575] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 362.989772] RIP: 0033:0x45c849 [ 362.992962] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 363.000723] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 363.007998] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 363.015274] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 363.022548] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 03:35:14 executing program 2 (fault-call:9 fault-nth:8): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 363.029824] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000007 [ 363.158947] FAULT_INJECTION: forcing a failure. [ 363.158947] name failslab, interval 1, probability 0, space 0, times 0 [ 363.171032] CPU: 1 PID: 14191 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 363.178929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 363.188280] Call Trace: [ 363.190875] dump_stack+0x13e/0x194 [ 363.195461] should_fail.cold+0x10a/0x14b [ 363.201959] should_failslab+0xd6/0x130 [ 363.205937] __kmalloc+0x2e9/0x7c0 [ 363.209477] ? __register_sysctl_table+0x7cc/0xe60 [ 363.214407] ? lock_downgrade+0x6e0/0x6e0 [ 363.218688] ? find_entry.isra.0+0x1d0/0x1d0 [ 363.223101] __register_sysctl_table+0x7cc/0xe60 [ 363.227851] ? memcpy+0x35/0x50 [ 363.231125] setup_userns_sysctls+0xb3/0x170 [ 363.235535] create_user_ns+0x76a/0xca0 [ 363.239500] copy_creds+0x3c1/0x4d0 [ 363.243134] copy_process.part.0+0x868/0x6a70 [ 363.247674] ? get_pid_task+0xb8/0x130 [ 363.251558] ? proc_fail_nth_write+0x7b/0x180 [ 363.256045] ? save_trace+0x290/0x290 [ 363.259848] ? __lock_is_held+0xad/0x140 [ 363.263929] ? find_held_lock+0x2d/0x110 [ 363.268001] ? __cleanup_sighand+0x40/0x40 [ 363.272239] ? lock_downgrade+0x6e0/0x6e0 [ 363.276399] _do_fork+0x180/0xc80 [ 363.279858] ? fork_idle+0x270/0x270 [ 363.283566] ? fput+0xb/0x140 [ 363.286658] ? SyS_write+0x14d/0x210 [ 363.290361] ? SyS_read+0x210/0x210 [ 363.294005] ? SyS_clock_settime+0x1a0/0x1a0 [ 363.298412] ? do_syscall_64+0x4c/0x640 [ 363.302373] ? sys_vfork+0x20/0x20 [ 363.305943] do_syscall_64+0x1d5/0x640 [ 363.309818] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 363.315000] RIP: 0033:0x45c849 [ 363.318178] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 363.325919] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 363.333179] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 363.340452] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 363.347711] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 363.354993] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000008 [ 363.362784] sysctl could not get directory: //user -12 [ 363.368234] CPU: 1 PID: 14191 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 363.376119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 363.385467] Call Trace: [ 363.388098] dump_stack+0x13e/0x194 [ 363.391727] __register_sysctl_table+0x78e/0xe60 [ 363.396481] ? memcpy+0x35/0x50 [ 363.399899] setup_userns_sysctls+0xb3/0x170 [ 363.404299] create_user_ns+0x76a/0xca0 [ 363.408272] copy_creds+0x3c1/0x4d0 [ 363.411903] copy_process.part.0+0x868/0x6a70 [ 363.416403] ? get_pid_task+0xb8/0x130 [ 363.420285] ? proc_fail_nth_write+0x7b/0x180 [ 363.424839] ? save_trace+0x290/0x290 [ 363.428645] ? __lock_is_held+0xad/0x140 [ 363.432717] ? find_held_lock+0x2d/0x110 [ 363.436775] ? __cleanup_sighand+0x40/0x40 [ 363.440994] ? lock_downgrade+0x6e0/0x6e0 [ 363.445133] _do_fork+0x180/0xc80 [ 363.448581] ? fork_idle+0x270/0x270 [ 363.452288] ? fput+0xb/0x140 [ 363.455393] ? SyS_write+0x14d/0x210 [ 363.459159] ? SyS_read+0x210/0x210 [ 363.462784] ? SyS_clock_settime+0x1a0/0x1a0 [ 363.467193] ? do_syscall_64+0x4c/0x640 [ 363.471164] ? sys_vfork+0x20/0x20 [ 363.474723] do_syscall_64+0x1d5/0x640 [ 363.478618] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 363.483800] RIP: 0033:0x45c849 [ 363.486974] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 363.494680] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 363.501947] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 03:35:14 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:14 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 363.509261] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 363.516520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 363.523785] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000008 03:35:14 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:14 executing program 3 (fault-call:8 fault-nth:8): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 363.724961] FAULT_INJECTION: forcing a failure. [ 363.724961] name failslab, interval 1, probability 0, space 0, times 0 [ 363.736378] CPU: 1 PID: 14207 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 363.744275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 363.753658] Call Trace: [ 363.756261] dump_stack+0x13e/0x194 [ 363.759900] should_fail.cold+0x10a/0x14b [ 363.764064] should_failslab+0xd6/0x130 [ 363.768163] kmem_cache_alloc+0x2b5/0x770 [ 363.772319] ? selinux_is_enabled+0x5/0x50 [ 363.776557] ? creds_are_invalid+0x44/0x100 [ 363.780885] __delayacct_tsk_init+0x1b/0x80 [ 363.785219] copy_process.part.0+0x1a6c/0x6a70 [ 363.789816] ? get_pid_task+0xb8/0x130 [ 363.793718] ? proc_fail_nth_write+0x7b/0x180 [ 363.798215] ? save_trace+0x290/0x290 [ 363.802019] ? __lock_is_held+0xad/0x140 [ 363.806094] ? __cleanup_sighand+0x40/0x40 [ 363.810338] ? lock_downgrade+0x6e0/0x6e0 [ 363.814495] _do_fork+0x180/0xc80 [ 363.817953] ? fork_idle+0x270/0x270 [ 363.821681] ? fput+0xb/0x140 [ 363.824790] ? SyS_write+0x14d/0x210 [ 363.828511] ? SyS_read+0x210/0x210 [ 363.832138] ? SyS_clock_settime+0x1a0/0x1a0 [ 363.836552] ? do_syscall_64+0x4c/0x640 [ 363.840526] ? sys_vfork+0x20/0x20 [ 363.844067] do_syscall_64+0x1d5/0x640 [ 363.847962] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 363.853149] RIP: 0033:0x45c849 [ 363.856352] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 363.864061] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 03:35:15 executing program 2 (fault-call:9 fault-nth:9): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:15 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 363.871332] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 363.878604] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 363.885990] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 363.893261] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000008 [ 364.002372] NOHZ: local_softirq_pending 08 [ 364.010075] FAULT_INJECTION: forcing a failure. [ 364.010075] name failslab, interval 1, probability 0, space 0, times 0 [ 364.021451] CPU: 1 PID: 14221 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 364.029348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 364.039579] Call Trace: [ 364.042225] dump_stack+0x13e/0x194 [ 364.045883] should_fail.cold+0x10a/0x14b [ 364.050039] should_failslab+0xd6/0x130 [ 364.054021] kmem_cache_alloc+0x2b5/0x770 [ 364.058869] ? selinux_is_enabled+0x5/0x50 [ 364.063105] ? creds_are_invalid+0x44/0x100 [ 364.067430] __delayacct_tsk_init+0x1b/0x80 [ 364.071764] copy_process.part.0+0x1a6c/0x6a70 [ 364.076358] ? get_pid_task+0xb8/0x130 [ 364.080258] ? proc_fail_nth_write+0x7b/0x180 [ 364.084759] ? save_trace+0x290/0x290 [ 364.088593] ? __lock_is_held+0xad/0x140 [ 364.092673] ? __cleanup_sighand+0x40/0x40 [ 364.096915] ? lock_downgrade+0x6e0/0x6e0 [ 364.101074] _do_fork+0x180/0xc80 [ 364.104560] ? fork_idle+0x270/0x270 [ 364.108278] ? fput+0xb/0x140 [ 364.111387] ? SyS_write+0x14d/0x210 [ 364.115097] ? SyS_read+0x210/0x210 [ 364.118728] ? SyS_clock_settime+0x1a0/0x1a0 [ 364.123141] ? do_syscall_64+0x4c/0x640 [ 364.127115] ? sys_vfork+0x20/0x20 [ 364.130663] do_syscall_64+0x1d5/0x640 [ 364.134559] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 364.139745] RIP: 0033:0x45c849 [ 364.142930] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 364.150646] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 364.157919] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 364.165191] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 364.172461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 364.179730] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000009 03:35:15 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:15 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:15 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:15 executing program 3 (fault-call:8 fault-nth:9): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 364.598953] FAULT_INJECTION: forcing a failure. [ 364.598953] name failslab, interval 1, probability 0, space 0, times 0 [ 364.610317] CPU: 0 PID: 14238 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 364.618199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 364.627554] Call Trace: [ 364.630164] dump_stack+0x13e/0x194 [ 364.635419] should_fail.cold+0x10a/0x14b [ 364.639600] should_failslab+0xd6/0x130 [ 364.643587] kmem_cache_alloc+0x2b5/0x770 [ 364.647752] ? selinux_is_enabled+0x5/0x50 [ 364.651998] ? creds_are_invalid+0x44/0x100 [ 364.656337] __delayacct_tsk_init+0x1b/0x80 [ 364.660670] copy_process.part.0+0x1a6c/0x6a70 [ 364.665267] ? get_pid_task+0xb8/0x130 [ 364.669182] ? proc_fail_nth_write+0x7b/0x180 [ 364.673683] ? save_trace+0x290/0x290 [ 364.677495] ? __lock_is_held+0xad/0x140 [ 364.681574] ? __cleanup_sighand+0x40/0x40 [ 364.685858] ? lock_downgrade+0x6e0/0x6e0 [ 364.690018] _do_fork+0x180/0xc80 [ 364.693487] ? fork_idle+0x270/0x270 [ 364.697216] ? fput+0xb/0x140 [ 364.700331] ? SyS_write+0x14d/0x210 [ 364.704051] ? SyS_read+0x210/0x210 [ 364.707687] ? SyS_clock_settime+0x1a0/0x1a0 [ 364.712107] ? do_syscall_64+0x4c/0x640 [ 364.716092] ? sys_vfork+0x20/0x20 [ 364.719649] do_syscall_64+0x1d5/0x640 [ 364.723551] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 364.728737] RIP: 0033:0x45c849 [ 364.731931] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 364.739646] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 03:35:15 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r0, 0x407, 0x0) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:15 executing program 2 (fault-call:9 fault-nth:10): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 364.746921] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 364.754193] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 364.761494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 364.768763] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000009 03:35:15 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r0, 0x407, 0x0) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:16 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r0, 0x407, 0x0) write(r0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:16 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:16 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:16 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:16 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 364.921817] FAULT_INJECTION: forcing a failure. [ 364.921817] name failslab, interval 1, probability 0, space 0, times 0 [ 364.933384] CPU: 1 PID: 14260 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 364.941292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 364.950750] Call Trace: [ 364.953348] dump_stack+0x13e/0x194 [ 364.956995] should_fail.cold+0x10a/0x14b [ 364.961157] should_failslab+0xd6/0x130 [ 364.965145] kmem_cache_alloc+0x2b5/0x770 [ 364.969313] ? __lockdep_init_map+0x100/0x560 [ 364.973831] dup_fd+0x81/0xa40 [ 364.977032] ? perf_event_init_task+0xfa/0x790 [ 364.981617] ? audit_alloc+0x86/0x640 [ 364.985433] copy_process.part.0+0x1b5a/0x6a70 [ 364.990028] ? get_pid_task+0xb8/0x130 [ 364.993923] ? proc_fail_nth_write+0x7b/0x180 [ 364.998423] ? save_trace+0x290/0x290 [ 365.002407] ? __lock_is_held+0xad/0x140 [ 365.006492] ? __cleanup_sighand+0x40/0x40 [ 365.010735] ? lock_downgrade+0x6e0/0x6e0 [ 365.014891] _do_fork+0x180/0xc80 [ 365.018351] ? fork_idle+0x270/0x270 [ 365.022122] ? fput+0xb/0x140 [ 365.025215] ? SyS_write+0x14d/0x210 [ 365.028938] ? SyS_read+0x210/0x210 [ 365.032574] ? SyS_clock_settime+0x1a0/0x1a0 [ 365.036983] ? do_syscall_64+0x4c/0x640 [ 365.040957] ? sys_vfork+0x20/0x20 [ 365.044499] do_syscall_64+0x1d5/0x640 [ 365.048395] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 365.053583] RIP: 0033:0x45c849 [ 365.056774] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 365.064485] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 365.071761] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 365.079042] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 365.086836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 365.094175] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000000a 03:35:16 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:16 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:16 executing program 5: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:16 executing program 3 (fault-call:8 fault-nth:10): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:16 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 365.472120] FAULT_INJECTION: forcing a failure. [ 365.472120] name failslab, interval 1, probability 0, space 0, times 0 [ 365.483435] CPU: 0 PID: 14285 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 365.491463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 365.500844] Call Trace: [ 365.503450] dump_stack+0x13e/0x194 [ 365.507082] should_fail.cold+0x10a/0x14b [ 365.511377] should_failslab+0xd6/0x130 [ 365.515350] kmem_cache_alloc_trace+0x2db/0x7b0 [ 365.520026] ? lock_downgrade+0x6e0/0x6e0 [ 365.524223] alloc_fdtable+0x78/0x270 [ 365.528051] dup_fd+0x683/0xa40 [ 365.531380] copy_process.part.0+0x1b5a/0x6a70 [ 365.535968] ? get_pid_task+0xb8/0x130 [ 365.539851] ? proc_fail_nth_write+0x7b/0x180 [ 365.544349] ? save_trace+0x290/0x290 [ 365.548171] ? __lock_is_held+0xad/0x140 [ 365.552228] ? __cleanup_sighand+0x40/0x40 [ 365.556460] ? lock_downgrade+0x6e0/0x6e0 [ 365.560606] _do_fork+0x180/0xc80 [ 365.564096] ? fork_idle+0x270/0x270 [ 365.567803] ? fput+0xb/0x140 [ 365.571862] ? SyS_write+0x14d/0x210 [ 365.575560] ? SyS_read+0x210/0x210 [ 365.579179] ? SyS_clock_settime+0x1a0/0x1a0 [ 365.583587] ? do_syscall_64+0x4c/0x640 [ 365.587554] ? sys_vfork+0x20/0x20 [ 365.591086] do_syscall_64+0x1d5/0x640 [ 365.594966] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 365.600144] RIP: 0033:0x45c849 [ 365.603334] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 365.611055] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 03:35:16 executing program 2 (fault-call:9 fault-nth:11): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:16 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 365.618313] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 365.625568] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 365.632836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 365.640114] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000000a 03:35:16 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:16 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:16 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 365.762943] FAULT_INJECTION: forcing a failure. [ 365.762943] name failslab, interval 1, probability 0, space 0, times 0 [ 365.774408] CPU: 1 PID: 14307 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 365.782306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 365.791665] Call Trace: [ 365.794264] dump_stack+0x13e/0x194 [ 365.797905] should_fail.cold+0x10a/0x14b [ 365.802066] should_failslab+0xd6/0x130 [ 365.806046] kmem_cache_alloc_trace+0x2db/0x7b0 [ 365.810724] ? lock_downgrade+0x6e0/0x6e0 [ 365.814880] alloc_fdtable+0x78/0x270 [ 365.818684] dup_fd+0x683/0xa40 [ 365.821970] copy_process.part.0+0x1b5a/0x6a70 [ 365.826563] ? get_pid_task+0xb8/0x130 [ 365.830456] ? proc_fail_nth_write+0x7b/0x180 [ 365.834948] ? save_trace+0x290/0x290 [ 365.838748] ? __lock_is_held+0xad/0x140 [ 365.842824] ? __cleanup_sighand+0x40/0x40 [ 365.847064] ? lock_downgrade+0x6e0/0x6e0 [ 365.851225] _do_fork+0x180/0xc80 [ 365.854685] ? fork_idle+0x270/0x270 [ 365.858395] ? fput+0xb/0x140 [ 365.861527] ? SyS_write+0x14d/0x210 [ 365.865241] ? SyS_read+0x210/0x210 [ 365.868875] ? SyS_clock_settime+0x1a0/0x1a0 [ 365.873294] ? do_syscall_64+0x4c/0x640 [ 365.877273] ? sys_vfork+0x20/0x20 [ 365.880936] do_syscall_64+0x1d5/0x640 [ 365.884855] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 365.890071] RIP: 0033:0x45c849 [ 365.893266] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 365.900977] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 03:35:17 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 365.908252] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 365.915525] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 365.922795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 365.930071] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000000b 03:35:17 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:17 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:17 executing program 3 (fault-call:8 fault-nth:11): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:17 executing program 1: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 366.357421] FAULT_INJECTION: forcing a failure. [ 366.357421] name failslab, interval 1, probability 0, space 0, times 0 [ 366.368795] CPU: 1 PID: 14329 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 366.376687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 366.386048] Call Trace: [ 366.388652] dump_stack+0x13e/0x194 [ 366.392302] should_fail.cold+0x10a/0x14b [ 366.396462] should_failslab+0xd6/0x130 [ 366.400442] kmem_cache_alloc_trace+0x2db/0x7b0 [ 366.405123] ? lock_downgrade+0x6e0/0x6e0 [ 366.409278] alloc_fdtable+0x78/0x270 [ 366.413085] dup_fd+0x683/0xa40 [ 366.416377] copy_process.part.0+0x1b5a/0x6a70 [ 366.420965] ? get_pid_task+0xb8/0x130 [ 366.424855] ? proc_fail_nth_write+0x7b/0x180 [ 366.429350] ? save_trace+0x290/0x290 [ 366.433152] ? __lock_is_held+0xad/0x140 [ 366.437224] ? __cleanup_sighand+0x40/0x40 [ 366.441467] ? lock_downgrade+0x6e0/0x6e0 [ 366.445626] _do_fork+0x180/0xc80 [ 366.449088] ? fork_idle+0x270/0x270 [ 366.452803] ? fput+0xb/0x140 [ 366.455910] ? SyS_write+0x14d/0x210 [ 366.459623] ? SyS_read+0x210/0x210 [ 366.463252] ? SyS_clock_settime+0x1a0/0x1a0 [ 366.467666] ? do_syscall_64+0x4c/0x640 [ 366.471640] ? sys_vfork+0x20/0x20 [ 366.475183] do_syscall_64+0x1d5/0x640 [ 366.479080] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 366.484269] RIP: 0033:0x45c849 [ 366.487453] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 366.496063] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 03:35:17 executing program 2 (fault-call:9 fault-nth:12): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 366.503334] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 366.510603] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 366.517875] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 366.525142] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000000b [ 366.657933] FAULT_INJECTION: forcing a failure. [ 366.657933] name failslab, interval 1, probability 0, space 0, times 0 [ 366.669312] CPU: 1 PID: 14338 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 366.677206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 366.686565] Call Trace: [ 366.689161] dump_stack+0x13e/0x194 [ 366.692794] should_fail.cold+0x10a/0x14b [ 366.696947] should_failslab+0xd6/0x130 [ 366.700926] kmem_cache_alloc_node_trace+0x292/0x7b0 [ 366.706038] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 366.711496] ? alloc_fdtable+0x78/0x270 [ 366.715475] ? rcu_read_lock_sched_held+0x10a/0x130 [ 366.720496] __kmalloc_node+0x38/0x70 [ 366.724300] kvmalloc_node+0x46/0xd0 [ 366.728017] alloc_fdtable+0xc7/0x270 [ 366.731822] dup_fd+0x683/0xa40 [ 366.735115] copy_process.part.0+0x1b5a/0x6a70 [ 366.739710] ? get_pid_task+0xb8/0x130 [ 366.743599] ? proc_fail_nth_write+0x7b/0x180 [ 366.748095] ? save_trace+0x290/0x290 [ 366.751897] ? __lock_is_held+0xad/0x140 [ 366.755972] ? __cleanup_sighand+0x40/0x40 [ 366.760209] ? lock_downgrade+0x6e0/0x6e0 [ 366.764361] _do_fork+0x180/0xc80 [ 366.768515] ? fork_idle+0x270/0x270 [ 366.772227] ? fput+0xb/0x140 [ 366.775334] ? SyS_write+0x14d/0x210 [ 366.779043] ? SyS_read+0x210/0x210 [ 366.782696] ? SyS_clock_settime+0x1a0/0x1a0 [ 366.787108] ? do_syscall_64+0x4c/0x640 [ 366.791085] ? sys_vfork+0x20/0x20 [ 366.794628] do_syscall_64+0x1d5/0x640 [ 366.798528] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 366.803718] RIP: 0033:0x45c849 03:35:18 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 366.806903] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 366.814619] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 366.821893] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 366.829165] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 366.836436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 366.843707] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000000c 03:35:18 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:18 executing program 1: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:18 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:18 executing program 3 (fault-call:8 fault-nth:12): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 367.228076] FAULT_INJECTION: forcing a failure. [ 367.228076] name failslab, interval 1, probability 0, space 0, times 0 [ 367.239609] CPU: 1 PID: 14356 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 367.247504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 367.256871] Call Trace: [ 367.259477] dump_stack+0x13e/0x194 [ 367.263130] should_fail.cold+0x10a/0x14b [ 367.267290] should_failslab+0xd6/0x130 [ 367.271280] kmem_cache_alloc_node_trace+0x292/0x7b0 [ 367.276399] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 367.281854] ? alloc_fdtable+0x78/0x270 [ 367.285835] ? rcu_read_lock_sched_held+0x10a/0x130 [ 367.290857] __kmalloc_node+0x38/0x70 [ 367.294660] kvmalloc_node+0x46/0xd0 [ 367.298383] alloc_fdtable+0xc7/0x270 [ 367.302190] dup_fd+0x683/0xa40 [ 367.305515] copy_process.part.0+0x1b5a/0x6a70 [ 367.310107] ? get_pid_task+0xb8/0x130 [ 367.314000] ? proc_fail_nth_write+0x7b/0x180 [ 367.318497] ? save_trace+0x290/0x290 [ 367.322304] ? __lock_is_held+0xad/0x140 [ 367.326384] ? __cleanup_sighand+0x40/0x40 [ 367.330624] ? lock_downgrade+0x6e0/0x6e0 [ 367.334790] _do_fork+0x180/0xc80 [ 367.338247] ? fork_idle+0x270/0x270 [ 367.342656] ? fput+0xb/0x140 [ 367.345758] ? SyS_write+0x14d/0x210 [ 367.349471] ? SyS_read+0x210/0x210 [ 367.353102] ? SyS_clock_settime+0x1a0/0x1a0 [ 367.357514] ? do_syscall_64+0x4c/0x640 [ 367.361493] ? sys_vfork+0x20/0x20 [ 367.365032] do_syscall_64+0x1d5/0x640 [ 367.368928] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 367.374118] RIP: 0033:0x45c849 03:35:18 executing program 2 (fault-call:9 fault-nth:13): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 367.377305] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 367.385013] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 367.392284] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 367.399687] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 367.406965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 367.414254] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000000c [ 367.532296] FAULT_INJECTION: forcing a failure. [ 367.532296] name failslab, interval 1, probability 0, space 0, times 0 [ 367.543726] CPU: 0 PID: 14367 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 367.551657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 367.561055] Call Trace: [ 367.563691] dump_stack+0x13e/0x194 [ 367.567326] should_fail.cold+0x10a/0x14b [ 367.571470] should_failslab+0xd6/0x130 [ 367.575437] kmem_cache_alloc+0x2b5/0x770 [ 367.579580] ? dup_fd+0x516/0xa40 [ 367.583021] copy_fs_struct+0x43/0x2d0 [ 367.586897] copy_process.part.0+0x3974/0x6a70 [ 367.591482] ? get_pid_task+0xb8/0x130 [ 367.595372] ? proc_fail_nth_write+0x7b/0x180 [ 367.599870] ? save_trace+0x290/0x290 [ 367.603675] ? __lock_is_held+0xad/0x140 [ 367.607748] ? __cleanup_sighand+0x40/0x40 [ 367.611986] ? lock_downgrade+0x6e0/0x6e0 [ 367.616145] _do_fork+0x180/0xc80 [ 367.619606] ? fork_idle+0x270/0x270 [ 367.623321] ? fput+0xb/0x140 [ 367.626427] ? SyS_write+0x14d/0x210 [ 367.630144] ? SyS_read+0x210/0x210 [ 367.633772] ? SyS_clock_settime+0x1a0/0x1a0 [ 367.638181] ? do_syscall_64+0x4c/0x640 [ 367.642161] ? sys_vfork+0x20/0x20 [ 367.645711] do_syscall_64+0x1d5/0x640 [ 367.649614] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 367.654810] RIP: 0033:0x45c849 [ 367.658002] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 367.665714] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 367.672983] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 03:35:18 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 367.680254] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 367.687531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 367.694809] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000000d 03:35:19 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:19 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:19 executing program 3 (fault-call:8 fault-nth:13): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:19 executing program 1: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 368.128892] FAULT_INJECTION: forcing a failure. [ 368.128892] name failslab, interval 1, probability 0, space 0, times 0 [ 368.140283] CPU: 1 PID: 14388 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 368.148284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 368.157645] Call Trace: [ 368.160244] dump_stack+0x13e/0x194 [ 368.163882] should_fail.cold+0x10a/0x14b [ 368.168045] should_failslab+0xd6/0x130 [ 368.172033] kmem_cache_alloc_node_trace+0x292/0x7b0 [ 368.177138] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 368.182590] ? alloc_fdtable+0x78/0x270 [ 368.186574] ? rcu_read_lock_sched_held+0x10a/0x130 [ 368.191598] __kmalloc_node+0x38/0x70 [ 368.195407] kvmalloc_node+0x46/0xd0 [ 368.199127] alloc_fdtable+0xc7/0x270 [ 368.202930] dup_fd+0x683/0xa40 [ 368.206223] copy_process.part.0+0x1b5a/0x6a70 [ 368.210817] ? get_pid_task+0xb8/0x130 [ 368.214709] ? proc_fail_nth_write+0x7b/0x180 [ 368.219205] ? save_trace+0x290/0x290 [ 368.223011] ? __lock_is_held+0xad/0x140 [ 368.227085] ? __cleanup_sighand+0x40/0x40 [ 368.231323] ? lock_downgrade+0x6e0/0x6e0 [ 368.235479] _do_fork+0x180/0xc80 [ 368.238940] ? fork_idle+0x270/0x270 [ 368.242658] ? fput+0xb/0x140 [ 368.245762] ? SyS_write+0x14d/0x210 [ 368.249471] ? SyS_read+0x210/0x210 [ 368.253109] ? SyS_clock_settime+0x1a0/0x1a0 [ 368.257525] ? do_syscall_64+0x4c/0x640 [ 368.261506] ? sys_vfork+0x20/0x20 [ 368.265050] do_syscall_64+0x1d5/0x640 [ 368.268945] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 368.274397] RIP: 0033:0x45c849 03:35:19 executing program 2 (fault-call:9 fault-nth:14): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 368.277693] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 368.285411] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 368.292684] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 368.300081] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 368.307352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 368.314623] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000000d [ 368.454104] FAULT_INJECTION: forcing a failure. [ 368.454104] name failslab, interval 1, probability 0, space 0, times 0 [ 368.465438] CPU: 0 PID: 14396 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 368.473318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 368.482667] Call Trace: [ 368.485260] dump_stack+0x13e/0x194 [ 368.488897] should_fail.cold+0x10a/0x14b [ 368.493091] should_failslab+0xd6/0x130 [ 368.497161] kmem_cache_alloc+0x2b5/0x770 [ 368.501305] ? dup_fd+0x516/0xa40 [ 368.504886] copy_fs_struct+0x43/0x2d0 [ 368.508788] copy_process.part.0+0x3974/0x6a70 [ 368.513372] ? get_pid_task+0xb8/0x130 [ 368.517246] ? proc_fail_nth_write+0x7b/0x180 [ 368.521727] ? save_trace+0x290/0x290 [ 368.525549] ? __lock_is_held+0xad/0x140 [ 368.529702] ? __cleanup_sighand+0x40/0x40 [ 368.533993] ? lock_downgrade+0x6e0/0x6e0 [ 368.538133] _do_fork+0x180/0xc80 [ 368.541576] ? fork_idle+0x270/0x270 [ 368.545282] ? fput+0xb/0x140 [ 368.548404] ? SyS_write+0x14d/0x210 [ 368.552188] ? SyS_read+0x210/0x210 [ 368.555813] ? SyS_clock_settime+0x1a0/0x1a0 [ 368.560345] ? do_syscall_64+0x4c/0x640 [ 368.564336] ? sys_vfork+0x20/0x20 [ 368.567864] do_syscall_64+0x1d5/0x640 [ 368.571744] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 368.576926] RIP: 0033:0x45c849 [ 368.580101] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 368.587797] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 368.595060] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 03:35:19 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 368.602317] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 368.609579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 368.616935] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000000e 03:35:19 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:20 executing program 3 (fault-call:8 fault-nth:14): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:20 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:20 executing program 4 (fault-call:9 fault-nth:0): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 369.014164] FAULT_INJECTION: forcing a failure. [ 369.014164] name failslab, interval 1, probability 0, space 0, times 0 [ 369.025535] CPU: 1 PID: 14416 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 369.033427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 369.042785] Call Trace: [ 369.045393] dump_stack+0x13e/0x194 [ 369.049031] should_fail.cold+0x10a/0x14b [ 369.053187] should_failslab+0xd6/0x130 [ 369.057167] kmem_cache_alloc+0x2b5/0x770 [ 369.061327] ? dup_fd+0x516/0xa40 [ 369.064792] copy_fs_struct+0x43/0x2d0 [ 369.068694] copy_process.part.0+0x3974/0x6a70 [ 369.074260] ? get_pid_task+0xb8/0x130 [ 369.078155] ? proc_fail_nth_write+0x7b/0x180 [ 369.082654] ? save_trace+0x290/0x290 [ 369.086461] ? __lock_is_held+0xad/0x140 [ 369.090539] ? __cleanup_sighand+0x40/0x40 [ 369.094778] ? lock_downgrade+0x6e0/0x6e0 [ 369.099037] _do_fork+0x180/0xc80 [ 369.102508] ? fork_idle+0x270/0x270 [ 369.106229] ? fput+0xb/0x140 [ 369.109337] ? SyS_write+0x14d/0x210 [ 369.113052] ? SyS_read+0x210/0x210 [ 369.116678] ? SyS_clock_settime+0x1a0/0x1a0 [ 369.121093] ? do_syscall_64+0x4c/0x640 [ 369.125075] ? sys_vfork+0x20/0x20 [ 369.128617] do_syscall_64+0x1d5/0x640 [ 369.132508] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 369.137693] RIP: 0033:0x45c849 [ 369.140876] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 369.148602] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 369.150934] FAULT_INJECTION: forcing a failure. [ 369.150934] name failslab, interval 1, probability 0, space 0, times 0 [ 369.155896] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 369.155903] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 369.155908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 369.155912] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000000e [ 369.196613] CPU: 1 PID: 14415 Comm: syz-executor.4 Not tainted 4.14.174-syzkaller #0 [ 369.204511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 369.213872] Call Trace: [ 369.216466] dump_stack+0x13e/0x194 [ 369.220110] should_fail.cold+0x10a/0x14b [ 369.224268] should_failslab+0xd6/0x130 [ 369.228244] kmem_cache_alloc_node+0x288/0x7a0 [ 369.232838] ? find_held_lock+0x2d/0x110 [ 369.236901] ? get_pid_task+0x91/0x130 [ 369.240799] copy_process.part.0+0x17d5/0x6a70 [ 369.245391] ? get_pid_task+0xb8/0x130 [ 369.249286] ? proc_fail_nth_write+0x7b/0x180 [ 369.253786] ? save_trace+0x290/0x290 [ 369.257599] ? __lock_is_held+0xad/0x140 [ 369.261667] ? find_held_lock+0x2d/0x110 [ 369.265735] ? __cleanup_sighand+0x40/0x40 [ 369.269975] ? lock_downgrade+0x6e0/0x6e0 [ 369.274132] _do_fork+0x180/0xc80 [ 369.277591] ? fork_idle+0x270/0x270 [ 369.281314] ? fput+0xb/0x140 [ 369.284418] ? SyS_write+0x14d/0x210 [ 369.288133] ? SyS_read+0x210/0x210 [ 369.291762] ? SyS_clock_settime+0x1a0/0x1a0 [ 369.296183] ? do_syscall_64+0x4c/0x640 [ 369.300160] ? sys_vfork+0x20/0x20 [ 369.303704] do_syscall_64+0x1d5/0x640 [ 369.307598] entry_SYSCALL_64_after_hwframe+0x42/0xb7 03:35:20 executing program 2 (fault-call:9 fault-nth:15): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 369.312789] RIP: 0033:0x45c849 [ 369.315974] RSP: 002b:00007f95b9945c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 369.323690] RAX: ffffffffffffffda RBX: 00007f95b99466d4 RCX: 000000000045c849 [ 369.330968] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 369.338247] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 369.345617] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 369.352893] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000000 03:35:20 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 369.478088] FAULT_INJECTION: forcing a failure. [ 369.478088] name failslab, interval 1, probability 0, space 0, times 0 [ 369.489575] CPU: 0 PID: 14426 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 369.497470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 369.506827] Call Trace: [ 369.509431] dump_stack+0x13e/0x194 [ 369.513069] should_fail.cold+0x10a/0x14b [ 369.517234] should_failslab+0xd6/0x130 [ 369.521220] kmem_cache_alloc+0x2b5/0x770 [ 369.525376] ? lock_downgrade+0x6e0/0x6e0 [ 369.529529] ? _raw_spin_unlock_irq+0x24/0x80 [ 369.534033] copy_process.part.0+0x1cd5/0x6a70 [ 369.538632] ? get_pid_task+0xb8/0x130 [ 369.542523] ? proc_fail_nth_write+0x7b/0x180 [ 369.547023] ? save_trace+0x290/0x290 [ 369.550831] ? __lock_is_held+0xad/0x140 [ 369.554913] ? __cleanup_sighand+0x40/0x40 [ 369.559152] ? lock_downgrade+0x6e0/0x6e0 [ 369.563306] _do_fork+0x180/0xc80 [ 369.566775] ? fork_idle+0x270/0x270 [ 369.570497] ? fput+0xb/0x140 [ 369.573606] ? SyS_write+0x14d/0x210 [ 369.577328] ? SyS_read+0x210/0x210 [ 369.580957] ? SyS_clock_settime+0x1a0/0x1a0 [ 369.585368] ? do_syscall_64+0x4c/0x640 [ 369.589346] ? sys_vfork+0x20/0x20 [ 369.592884] do_syscall_64+0x1d5/0x640 [ 369.596780] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 369.602054] RIP: 0033:0x45c849 [ 369.605241] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 369.612963] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 369.620230] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 03:35:20 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 369.627619] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 369.634895] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 369.642175] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000000f 03:35:20 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:20 executing program 4 (fault-call:9 fault-nth:1): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:20 executing program 3 (fault-call:8 fault-nth:15): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 369.894114] FAULT_INJECTION: forcing a failure. [ 369.894114] name failslab, interval 1, probability 0, space 0, times 0 [ 369.905522] CPU: 1 PID: 14443 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 369.913425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 369.922915] Call Trace: [ 369.925510] dump_stack+0x13e/0x194 [ 369.929127] should_fail.cold+0x10a/0x14b [ 369.933272] should_failslab+0xd6/0x130 [ 369.937349] kmem_cache_alloc+0x2b5/0x770 [ 369.941506] ? lock_downgrade+0x6e0/0x6e0 [ 369.942010] FAULT_INJECTION: forcing a failure. [ 369.942010] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 369.945657] ? _raw_spin_unlock_irq+0x24/0x80 [ 369.961959] copy_process.part.0+0x1cd5/0x6a70 [ 369.966659] ? get_pid_task+0xb8/0x130 [ 369.970552] ? proc_fail_nth_write+0x7b/0x180 [ 369.975044] ? save_trace+0x290/0x290 [ 369.978832] ? __lock_is_held+0xad/0x140 [ 369.982898] ? __cleanup_sighand+0x40/0x40 [ 369.987122] ? lock_downgrade+0x6e0/0x6e0 [ 369.991272] _do_fork+0x180/0xc80 [ 369.994718] ? fork_idle+0x270/0x270 [ 369.998419] ? fput+0xb/0x140 [ 370.001528] ? SyS_write+0x14d/0x210 [ 370.005244] ? SyS_read+0x210/0x210 [ 370.008874] ? SyS_clock_settime+0x1a0/0x1a0 [ 370.013273] ? do_syscall_64+0x4c/0x640 [ 370.017360] ? sys_vfork+0x20/0x20 [ 370.020899] do_syscall_64+0x1d5/0x640 [ 370.024792] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 370.030692] RIP: 0033:0x45c849 [ 370.038830] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 370.046548] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 370.053805] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 370.061060] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 370.068314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 370.075566] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000000f [ 370.082854] CPU: 0 PID: 14444 Comm: syz-executor.4 Not tainted 4.14.174-syzkaller #0 [ 370.090747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 370.100110] Call Trace: [ 370.102712] dump_stack+0x13e/0x194 [ 370.106349] should_fail.cold+0x10a/0x14b [ 370.110500] __alloc_pages_nodemask+0x1bf/0x700 [ 370.115234] ? _parse_integer+0xe5/0x130 [ 370.119307] ? __alloc_pages_slowpath+0x26c0/0x26c0 [ 370.124326] ? find_held_lock+0x2d/0x110 [ 370.128399] cache_grow_begin+0x7b/0x410 [ 370.132471] kmem_cache_alloc_node+0x6c8/0x7a0 [ 370.137157] ? find_held_lock+0x2d/0x110 [ 370.141224] ? get_pid_task+0x91/0x130 [ 370.145121] copy_process.part.0+0x17d5/0x6a70 [ 370.149708] ? get_pid_task+0xb8/0x130 [ 370.153603] ? proc_fail_nth_write+0x7b/0x180 [ 370.158097] ? save_trace+0x290/0x290 [ 370.161899] ? __lock_is_held+0xad/0x140 [ 370.165971] ? find_held_lock+0x2d/0x110 [ 370.170053] ? __cleanup_sighand+0x40/0x40 [ 370.174399] ? lock_downgrade+0x6e0/0x6e0 [ 370.178730] _do_fork+0x180/0xc80 [ 370.182196] ? fork_idle+0x270/0x270 [ 370.185908] ? fput+0xb/0x140 [ 370.189015] ? SyS_write+0x14d/0x210 [ 370.192741] ? SyS_read+0x210/0x210 [ 370.196367] ? SyS_clock_settime+0x1a0/0x1a0 [ 370.200778] ? do_syscall_64+0x4c/0x640 [ 370.204772] ? sys_vfork+0x20/0x20 [ 370.208312] do_syscall_64+0x1d5/0x640 [ 370.212209] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 370.217394] RIP: 0033:0x45c849 [ 370.220586] RSP: 002b:00007f95b9945c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 370.228382] RAX: ffffffffffffffda RBX: 00007f95b99466d4 RCX: 000000000045c849 [ 370.235651] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 03:35:21 executing program 2 (fault-call:9 fault-nth:16): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:21 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 370.242917] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 370.250187] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 370.257454] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000001 [ 370.361214] FAULT_INJECTION: forcing a failure. [ 370.361214] name failslab, interval 1, probability 0, space 0, times 0 [ 370.372675] CPU: 0 PID: 14455 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 370.380571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 370.389932] Call Trace: [ 370.392527] dump_stack+0x13e/0x194 [ 370.396164] should_fail.cold+0x10a/0x14b [ 370.400325] should_failslab+0xd6/0x130 [ 370.404314] kmem_cache_alloc+0x2b5/0x770 [ 370.408469] ? find_held_lock+0x2d/0x110 [ 370.412535] ? copy_namespaces+0x112/0x310 [ 370.416773] ? cap_capable+0x1c4/0x230 [ 370.420672] create_new_namespaces+0x30/0x730 [ 370.425173] ? security_capable+0x88/0xb0 [ 370.429333] copy_namespaces+0x27b/0x310 [ 370.433400] copy_process.part.0+0x2603/0x6a70 [ 370.437988] ? get_pid_task+0xb8/0x130 [ 370.441878] ? save_trace+0x290/0x290 [ 370.445689] ? __lock_is_held+0xad/0x140 [ 370.449762] ? __cleanup_sighand+0x40/0x40 [ 370.454003] ? lock_downgrade+0x6e0/0x6e0 [ 370.458157] _do_fork+0x180/0xc80 [ 370.461619] ? fork_idle+0x270/0x270 [ 370.465334] ? fput+0xb/0x140 [ 370.468438] ? SyS_write+0x14d/0x210 [ 370.472158] ? SyS_read+0x210/0x210 [ 370.475789] ? SyS_clock_settime+0x1a0/0x1a0 [ 370.480202] ? do_syscall_64+0x4c/0x640 [ 370.484187] ? sys_vfork+0x20/0x20 [ 370.487727] do_syscall_64+0x1d5/0x640 [ 370.491625] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 370.496811] RIP: 0033:0x45c849 [ 370.500014] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 03:35:21 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 370.507745] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 370.515019] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 370.522286] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 370.529553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 370.536824] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000010 03:35:21 executing program 3 (fault-call:8 fault-nth:16): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:21 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:21 executing program 4 (fault-call:9 fault-nth:2): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 370.792129] FAULT_INJECTION: forcing a failure. [ 370.792129] name failslab, interval 1, probability 0, space 0, times 0 [ 370.792624] FAULT_INJECTION: forcing a failure. [ 370.792624] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 370.803595] CPU: 0 PID: 14471 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 370.823205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 370.832546] Call Trace: [ 370.835129] dump_stack+0x13e/0x194 [ 370.838756] should_fail.cold+0x10a/0x14b [ 370.842914] should_failslab+0xd6/0x130 [ 370.846903] kmem_cache_alloc+0x2b5/0x770 [ 370.851043] ? lock_downgrade+0x6e0/0x6e0 [ 370.855185] ? _raw_spin_unlock_irq+0x24/0x80 [ 370.859673] copy_process.part.0+0x1cd5/0x6a70 [ 370.864246] ? get_pid_task+0xb8/0x130 [ 370.868123] ? proc_fail_nth_write+0x7b/0x180 [ 370.872614] ? save_trace+0x290/0x290 [ 370.876397] ? __lock_is_held+0xad/0x140 [ 370.880450] ? __cleanup_sighand+0x40/0x40 [ 370.884690] ? lock_downgrade+0x6e0/0x6e0 [ 370.888825] _do_fork+0x180/0xc80 [ 370.892268] ? fork_idle+0x270/0x270 [ 370.895966] ? fput+0xb/0x140 [ 370.899059] ? SyS_write+0x14d/0x210 [ 370.902776] ? SyS_read+0x210/0x210 [ 370.906395] ? SyS_clock_settime+0x1a0/0x1a0 [ 370.910795] ? do_syscall_64+0x4c/0x640 [ 370.914760] ? sys_vfork+0x20/0x20 [ 370.918300] do_syscall_64+0x1d5/0x640 [ 370.922288] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 370.927475] RIP: 0033:0x45c849 [ 370.930653] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 370.938347] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 370.945603] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 370.952863] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 370.960126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 370.967385] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000010 [ 370.974659] CPU: 1 PID: 14472 Comm: syz-executor.4 Not tainted 4.14.174-syzkaller #0 [ 370.982553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 370.991910] Call Trace: [ 370.994506] dump_stack+0x13e/0x194 [ 370.998142] should_fail.cold+0x10a/0x14b [ 371.003248] __alloc_pages_nodemask+0x1bf/0x700 [ 371.007926] ? __alloc_pages_slowpath+0x26c0/0x26c0 [ 371.013039] ? copy_process.part.0+0x17d5/0x6a70 [ 371.017795] ? rcu_read_lock_sched_held+0x10a/0x130 [ 371.022827] copy_process.part.0+0x26a/0x6a70 [ 371.027329] ? get_pid_task+0xb8/0x130 [ 371.032175] ? proc_fail_nth_write+0x7b/0x180 [ 371.036673] ? save_trace+0x290/0x290 [ 371.040479] ? __lock_is_held+0xad/0x140 [ 371.044544] ? find_held_lock+0x2d/0x110 [ 371.048612] ? __cleanup_sighand+0x40/0x40 [ 371.052850] ? lock_downgrade+0x6e0/0x6e0 [ 371.057013] _do_fork+0x180/0xc80 [ 371.060471] ? fork_idle+0x270/0x270 [ 371.064186] ? fput+0xb/0x140 [ 371.067288] ? SyS_write+0x14d/0x210 [ 371.070999] ? SyS_read+0x210/0x210 [ 371.074627] ? SyS_clock_settime+0x1a0/0x1a0 [ 371.079043] ? do_syscall_64+0x4c/0x640 [ 371.083019] ? sys_vfork+0x20/0x20 [ 371.086562] do_syscall_64+0x1d5/0x640 03:35:22 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:22 executing program 2 (fault-call:9 fault-nth:17): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 371.090453] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 371.095647] RIP: 0033:0x45c849 [ 371.098834] RSP: 002b:00007f95b9945c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 371.106548] RAX: ffffffffffffffda RBX: 00007f95b99466d4 RCX: 000000000045c849 [ 371.113819] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 371.121091] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 371.128361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 371.135634] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000002 [ 371.268144] FAULT_INJECTION: forcing a failure. [ 371.268144] name failslab, interval 1, probability 0, space 0, times 0 [ 371.279508] CPU: 0 PID: 14485 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 371.287397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 371.296745] Call Trace: [ 371.299325] dump_stack+0x13e/0x194 [ 371.302958] should_fail.cold+0x10a/0x14b [ 371.307101] should_failslab+0xd6/0x130 [ 371.311066] kmem_cache_alloc+0x2b5/0x770 [ 371.315206] ? find_held_lock+0x2d/0x110 [ 371.319259] ? copy_namespaces+0x112/0x310 [ 371.323487] ? cap_capable+0x1c4/0x230 [ 371.327493] create_new_namespaces+0x30/0x730 [ 371.331989] ? security_capable+0x88/0xb0 [ 371.336143] copy_namespaces+0x27b/0x310 [ 371.340204] copy_process.part.0+0x2603/0x6a70 [ 371.344799] ? get_pid_task+0xb8/0x130 [ 371.348706] ? save_trace+0x290/0x290 [ 371.352502] ? __lock_is_held+0xad/0x140 [ 371.356562] ? __cleanup_sighand+0x40/0x40 [ 371.360779] ? lock_downgrade+0x6e0/0x6e0 [ 371.364927] _do_fork+0x180/0xc80 [ 371.368427] ? fork_idle+0x270/0x270 [ 371.372126] ? fput+0xb/0x140 [ 371.375215] ? SyS_write+0x14d/0x210 [ 371.378931] ? SyS_read+0x210/0x210 [ 371.382587] ? SyS_clock_settime+0x1a0/0x1a0 [ 371.387049] ? do_syscall_64+0x4c/0x640 [ 371.391024] ? sys_vfork+0x20/0x20 [ 371.394560] do_syscall_64+0x1d5/0x640 [ 371.398507] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 371.403703] RIP: 0033:0x45c849 [ 371.406907] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 03:35:22 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 371.414618] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 371.421877] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 371.429134] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 371.436412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 371.443932] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000011 03:35:22 executing program 3 (fault-call:8 fault-nth:17): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:22 executing program 4 (fault-call:9 fault-nth:3): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:22 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 371.690394] FAULT_INJECTION: forcing a failure. [ 371.690394] name failslab, interval 1, probability 0, space 0, times 0 [ 371.701743] CPU: 1 PID: 14501 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 371.709628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 371.718993] Call Trace: [ 371.721591] dump_stack+0x13e/0x194 [ 371.725230] should_fail.cold+0x10a/0x14b [ 371.729386] should_failslab+0xd6/0x130 [ 371.733370] kmem_cache_alloc_trace+0x2db/0x7b0 [ 371.738071] ? lock_downgrade+0x6e0/0x6e0 [ 371.742221] ? _raw_spin_unlock_irq+0x24/0x80 [ 371.746729] inc_ucount+0x3bd/0x6f0 [ 371.750359] ? fs_reclaim_acquire+0x10/0x10 [ 371.754687] ? retire_userns_sysctls+0x80/0x80 [ 371.759558] alloc_mnt_ns+0x8e/0x440 [ 371.763281] copy_mnt_ns+0x8e/0x8a0 [ 371.766914] ? find_held_lock+0x2d/0x110 [ 371.770978] ? copy_namespaces+0x112/0x310 [ 371.775216] ? cap_capable+0x1c4/0x230 [ 371.779118] create_new_namespaces+0xc9/0x730 [ 371.783621] ? security_capable+0x88/0xb0 [ 371.787785] copy_namespaces+0x27b/0x310 [ 371.791857] copy_process.part.0+0x2603/0x6a70 [ 371.796443] ? get_pid_task+0xb8/0x130 [ 371.800333] ? save_trace+0x290/0x290 [ 371.804139] ? __lock_is_held+0xad/0x140 [ 371.808211] ? __cleanup_sighand+0x40/0x40 [ 371.812448] ? lock_downgrade+0x6e0/0x6e0 [ 371.816602] _do_fork+0x180/0xc80 [ 371.820060] ? fork_idle+0x270/0x270 [ 371.823773] ? fput+0xb/0x140 [ 371.826878] ? SyS_write+0x14d/0x210 [ 371.830587] ? SyS_read+0x210/0x210 [ 371.834218] ? SyS_clock_settime+0x1a0/0x1a0 [ 371.838626] ? do_syscall_64+0x4c/0x640 [ 371.842606] ? sys_vfork+0x20/0x20 [ 371.846147] do_syscall_64+0x1d5/0x640 [ 371.850038] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 371.855224] RIP: 0033:0x45c849 [ 371.858409] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 371.866123] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 371.873393] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 371.880673] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 371.887949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 371.895227] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000011 [ 371.907287] FAULT_INJECTION: forcing a failure. [ 371.907287] name failslab, interval 1, probability 0, space 0, times 0 [ 371.918846] CPU: 1 PID: 14500 Comm: syz-executor.4 Not tainted 4.14.174-syzkaller #0 [ 371.926739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 371.936100] Call Trace: [ 371.938702] dump_stack+0x13e/0x194 [ 371.942338] should_fail.cold+0x10a/0x14b [ 371.946496] should_failslab+0xd6/0x130 [ 371.950475] kmem_cache_alloc+0x2b5/0x770 [ 371.954628] ? selinux_is_enabled+0x5/0x50 [ 371.958865] ? creds_are_invalid+0x44/0x100 [ 371.963189] ? __validate_process_creds+0x19e/0x1f0 [ 371.968207] prepare_creds+0x37/0x380 [ 371.972022] copy_creds+0x72/0x4d0 [ 371.975573] copy_process.part.0+0x868/0x6a70 [ 371.980083] ? get_pid_task+0xb8/0x130 [ 371.983974] ? proc_fail_nth_write+0x7b/0x180 [ 371.988470] ? save_trace+0x290/0x290 [ 371.992274] ? __lock_is_held+0xad/0x140 [ 371.996338] ? find_held_lock+0x2d/0x110 [ 372.000405] ? __cleanup_sighand+0x40/0x40 [ 372.004645] ? lock_downgrade+0x6e0/0x6e0 [ 372.008818] _do_fork+0x180/0xc80 [ 372.012362] ? fork_idle+0x270/0x270 [ 372.016255] ? fput+0xb/0x140 [ 372.019365] ? SyS_write+0x14d/0x210 [ 372.023087] ? SyS_read+0x210/0x210 [ 372.027066] ? SyS_clock_settime+0x1a0/0x1a0 [ 372.031475] ? do_syscall_64+0x4c/0x640 [ 372.035455] ? sys_vfork+0x20/0x20 [ 372.038998] do_syscall_64+0x1d5/0x640 [ 372.042891] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 372.048081] RIP: 0033:0x45c849 [ 372.052222] RSP: 002b:00007f95b9945c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 372.059932] RAX: ffffffffffffffda RBX: 00007f95b99466d4 RCX: 000000000045c849 [ 372.067199] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 372.074468] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 372.081734] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 03:35:23 executing program 2 (fault-call:9 fault-nth:18): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:23 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 372.089003] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000003 [ 372.231280] FAULT_INJECTION: forcing a failure. [ 372.231280] name failslab, interval 1, probability 0, space 0, times 0 [ 372.242690] CPU: 1 PID: 14514 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 372.250576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 372.260146] Call Trace: [ 372.262747] dump_stack+0x13e/0x194 [ 372.266389] should_fail.cold+0x10a/0x14b [ 372.270548] should_failslab+0xd6/0x130 [ 372.274524] kmem_cache_alloc+0x2b5/0x770 [ 372.278681] ? find_held_lock+0x2d/0x110 [ 372.282743] ? copy_namespaces+0x112/0x310 [ 372.287065] ? cap_capable+0x1c4/0x230 [ 372.290964] create_new_namespaces+0x30/0x730 [ 372.295466] ? security_capable+0x88/0xb0 [ 372.299908] copy_namespaces+0x27b/0x310 [ 372.303985] copy_process.part.0+0x2603/0x6a70 [ 372.308578] ? get_pid_task+0xb8/0x130 [ 372.312465] ? save_trace+0x290/0x290 [ 372.316269] ? __lock_is_held+0xad/0x140 [ 372.320348] ? __cleanup_sighand+0x40/0x40 [ 372.324593] ? lock_downgrade+0x6e0/0x6e0 [ 372.328759] _do_fork+0x180/0xc80 [ 372.332230] ? fork_idle+0x270/0x270 [ 372.335954] ? fput+0xb/0x140 [ 372.339061] ? SyS_write+0x14d/0x210 [ 372.342777] ? SyS_read+0x210/0x210 [ 372.346406] ? SyS_clock_settime+0x1a0/0x1a0 [ 372.350816] ? do_syscall_64+0x4c/0x640 [ 372.354791] ? sys_vfork+0x20/0x20 [ 372.358333] do_syscall_64+0x1d5/0x640 [ 372.362227] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 372.367418] RIP: 0033:0x45c849 [ 372.370600] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 03:35:23 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:23 executing program 3 (fault-call:8 fault-nth:18): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 372.378313] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 372.385590] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 372.392865] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 372.400143] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 372.407529] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000012 03:35:23 executing program 4 (fault-call:9 fault-nth:4): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:23 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 372.561136] FAULT_INJECTION: forcing a failure. [ 372.561136] name failslab, interval 1, probability 0, space 0, times 0 [ 372.572668] CPU: 0 PID: 14530 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 372.578474] FAULT_INJECTION: forcing a failure. [ 372.578474] name failslab, interval 1, probability 0, space 0, times 0 [ 372.580552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 372.580556] Call Trace: [ 372.580574] dump_stack+0x13e/0x194 [ 372.580606] should_fail.cold+0x10a/0x14b [ 372.580623] should_failslab+0xd6/0x130 [ 372.580632] kmem_cache_alloc_trace+0x2db/0x7b0 [ 372.580643] ? lock_downgrade+0x6e0/0x6e0 [ 372.580654] ? _raw_spin_unlock_irq+0x24/0x80 [ 372.580671] inc_ucount+0x3bd/0x6f0 [ 372.632926] ? fs_reclaim_acquire+0x10/0x10 [ 372.637233] ? retire_userns_sysctls+0x80/0x80 [ 372.641802] alloc_mnt_ns+0x8e/0x440 [ 372.645502] copy_mnt_ns+0x8e/0x8a0 [ 372.649112] ? find_held_lock+0x2d/0x110 [ 372.653157] ? copy_namespaces+0x112/0x310 [ 372.657382] ? cap_capable+0x1c4/0x230 [ 372.661255] create_new_namespaces+0xc9/0x730 [ 372.665732] ? security_capable+0x88/0xb0 [ 372.669866] copy_namespaces+0x27b/0x310 [ 372.673997] copy_process.part.0+0x2603/0x6a70 [ 372.678565] ? get_pid_task+0xb8/0x130 [ 372.682439] ? save_trace+0x290/0x290 [ 372.686237] ? __lock_is_held+0xad/0x140 [ 372.690289] ? __cleanup_sighand+0x40/0x40 [ 372.694507] ? lock_downgrade+0x6e0/0x6e0 [ 372.698643] _do_fork+0x180/0xc80 [ 372.702082] ? fork_idle+0x270/0x270 [ 372.705782] ? fput+0xb/0x140 [ 372.708872] ? SyS_write+0x14d/0x210 [ 372.712567] ? SyS_read+0x210/0x210 [ 372.716181] ? SyS_clock_settime+0x1a0/0x1a0 [ 372.720595] ? do_syscall_64+0x4c/0x640 [ 372.724570] ? sys_vfork+0x20/0x20 [ 372.728110] do_syscall_64+0x1d5/0x640 [ 372.731995] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 372.737171] RIP: 0033:0x45c849 [ 372.740367] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 372.748068] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 372.755326] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 372.762593] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 372.769865] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 372.777125] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000012 [ 372.784405] CPU: 1 PID: 14528 Comm: syz-executor.4 Not tainted 4.14.174-syzkaller #0 [ 372.792295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 372.801656] Call Trace: [ 372.804252] dump_stack+0x13e/0x194 [ 372.807886] should_fail.cold+0x10a/0x14b [ 372.812039] should_failslab+0xd6/0x130 [ 372.816136] __kmalloc_track_caller+0x2e1/0x7b0 [ 372.820813] ? selinux_cred_prepare+0x44/0xa0 [ 372.825339] ? prepare_creds+0x37/0x380 [ 372.829321] kmemdup+0x23/0x50 [ 372.832525] selinux_cred_prepare+0x44/0xa0 [ 372.836860] security_prepare_creds+0x76/0xb0 [ 372.842324] prepare_creds+0x2cc/0x380 [ 372.846217] copy_creds+0x72/0x4d0 [ 372.849759] copy_process.part.0+0x868/0x6a70 [ 372.854261] ? get_pid_task+0xb8/0x130 [ 372.858153] ? proc_fail_nth_write+0x7b/0x180 [ 372.862649] ? save_trace+0x290/0x290 [ 372.866536] ? __lock_is_held+0xad/0x140 [ 372.870600] ? find_held_lock+0x2d/0x110 [ 372.874673] ? __cleanup_sighand+0x40/0x40 [ 372.878914] ? lock_downgrade+0x6e0/0x6e0 [ 372.883070] _do_fork+0x180/0xc80 [ 372.886533] ? fork_idle+0x270/0x270 [ 372.890249] ? fput+0xb/0x140 [ 372.893352] ? SyS_write+0x14d/0x210 [ 372.897065] ? SyS_read+0x210/0x210 [ 372.900702] ? SyS_clock_settime+0x1a0/0x1a0 [ 372.905111] ? do_syscall_64+0x4c/0x640 [ 372.909215] ? sys_vfork+0x20/0x20 [ 372.912763] do_syscall_64+0x1d5/0x640 [ 372.916660] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 372.921856] RIP: 0033:0x45c849 [ 372.925049] RSP: 002b:00007f95b9945c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 372.932789] RAX: ffffffffffffffda RBX: 00007f95b99466d4 RCX: 000000000045c849 [ 372.940061] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 372.947431] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 372.954704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 03:35:24 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:24 executing program 2 (fault-call:9 fault-nth:19): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 372.961980] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000004 [ 373.075400] FAULT_INJECTION: forcing a failure. [ 373.075400] name failslab, interval 1, probability 0, space 0, times 0 [ 373.086833] CPU: 1 PID: 14543 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 373.094745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 373.104211] Call Trace: [ 373.106809] dump_stack+0x13e/0x194 [ 373.110461] should_fail.cold+0x10a/0x14b [ 373.114772] should_failslab+0xd6/0x130 [ 373.118759] kmem_cache_alloc_trace+0x2db/0x7b0 [ 373.123440] ? retire_userns_sysctls+0x80/0x80 [ 373.128034] alloc_mnt_ns+0xd4/0x440 [ 373.131752] copy_mnt_ns+0x8e/0x8a0 [ 373.135378] ? find_held_lock+0x2d/0x110 [ 373.139437] ? copy_namespaces+0x112/0x310 [ 373.143673] ? cap_capable+0x1c4/0x230 [ 373.147573] create_new_namespaces+0xc9/0x730 [ 373.152071] ? security_capable+0x88/0xb0 [ 373.156224] copy_namespaces+0x27b/0x310 [ 373.160294] copy_process.part.0+0x2603/0x6a70 [ 373.164889] ? get_pid_task+0xb8/0x130 [ 373.168785] ? save_trace+0x290/0x290 [ 373.172586] ? __lock_is_held+0xad/0x140 [ 373.176665] ? __cleanup_sighand+0x40/0x40 [ 373.180907] ? lock_downgrade+0x6e0/0x6e0 [ 373.185064] _do_fork+0x180/0xc80 [ 373.188522] ? fork_idle+0x270/0x270 [ 373.192237] ? fput+0xb/0x140 [ 373.195344] ? SyS_write+0x14d/0x210 [ 373.199056] ? SyS_read+0x210/0x210 [ 373.202690] ? SyS_clock_settime+0x1a0/0x1a0 [ 373.207104] ? do_syscall_64+0x4c/0x640 [ 373.211082] ? sys_vfork+0x20/0x20 [ 373.214623] do_syscall_64+0x1d5/0x640 [ 373.218520] entry_SYSCALL_64_after_hwframe+0x42/0xb7 03:35:24 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 373.223714] RIP: 0033:0x45c849 [ 373.226902] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 373.234613] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 373.241891] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 373.249163] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 373.256432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 373.263701] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000013 03:35:24 executing program 3 (fault-call:8 fault-nth:19): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:24 executing program 4 (fault-call:9 fault-nth:5): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:24 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 373.429080] FAULT_INJECTION: forcing a failure. [ 373.429080] name failslab, interval 1, probability 0, space 0, times 0 [ 373.440477] CPU: 0 PID: 14557 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 373.448477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 373.457930] Call Trace: [ 373.460540] dump_stack+0x13e/0x194 [ 373.460947] FAULT_INJECTION: forcing a failure. [ 373.460947] name failslab, interval 1, probability 0, space 0, times 0 [ 373.464180] should_fail.cold+0x10a/0x14b [ 373.464198] should_failslab+0xd6/0x130 [ 373.483461] kmem_cache_alloc_trace+0x2db/0x7b0 [ 373.488120] ? retire_userns_sysctls+0x80/0x80 [ 373.492692] alloc_mnt_ns+0xd4/0x440 [ 373.496405] copy_mnt_ns+0x8e/0x8a0 [ 373.500020] ? find_held_lock+0x2d/0x110 [ 373.504068] ? copy_namespaces+0x112/0x310 [ 373.508404] ? cap_capable+0x1c4/0x230 [ 373.512293] create_new_namespaces+0xc9/0x730 [ 373.516791] ? security_capable+0x88/0xb0 [ 373.520941] copy_namespaces+0x27b/0x310 [ 373.524992] copy_process.part.0+0x2603/0x6a70 [ 373.529579] ? get_pid_task+0xb8/0x130 [ 373.533462] ? save_trace+0x290/0x290 [ 373.537249] ? __lock_is_held+0xad/0x140 [ 373.541303] ? __cleanup_sighand+0x40/0x40 [ 373.545550] ? lock_downgrade+0x6e0/0x6e0 [ 373.553966] _do_fork+0x180/0xc80 [ 373.557408] ? fork_idle+0x270/0x270 [ 373.561105] ? fput+0xb/0x140 [ 373.564192] ? SyS_write+0x14d/0x210 [ 373.567900] ? SyS_read+0x210/0x210 [ 373.571515] ? SyS_clock_settime+0x1a0/0x1a0 [ 373.575910] ? do_syscall_64+0x4c/0x640 [ 373.579904] ? sys_vfork+0x20/0x20 [ 373.583453] do_syscall_64+0x1d5/0x640 [ 373.587343] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 373.592525] RIP: 0033:0x45c849 [ 373.595703] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 373.604359] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 373.611626] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 373.618891] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 373.626165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 373.633432] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000013 [ 373.640722] CPU: 1 PID: 14558 Comm: syz-executor.4 Not tainted 4.14.174-syzkaller #0 [ 373.649569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 373.658930] Call Trace: [ 373.661537] dump_stack+0x13e/0x194 [ 373.665179] should_fail.cold+0x10a/0x14b [ 373.669426] should_failslab+0xd6/0x130 [ 373.673406] kmem_cache_alloc+0x2b5/0x770 [ 373.677562] ? retire_userns_sysctls+0x80/0x80 [ 373.682151] create_user_ns+0x3cb/0xca0 [ 373.686136] copy_creds+0x3c1/0x4d0 [ 373.689772] copy_process.part.0+0x868/0x6a70 [ 373.694285] ? get_pid_task+0xb8/0x130 [ 373.698177] ? proc_fail_nth_write+0x7b/0x180 [ 373.702679] ? save_trace+0x290/0x290 [ 373.706482] ? __lock_is_held+0xad/0x140 [ 373.710556] ? find_held_lock+0x2d/0x110 [ 373.714628] ? __cleanup_sighand+0x40/0x40 [ 373.718871] ? lock_downgrade+0x6e0/0x6e0 [ 373.723031] _do_fork+0x180/0xc80 [ 373.726493] ? fork_idle+0x270/0x270 [ 373.730206] ? fput+0xb/0x140 [ 373.733308] ? SyS_write+0x14d/0x210 [ 373.737027] ? SyS_read+0x210/0x210 [ 373.740655] ? SyS_clock_settime+0x1a0/0x1a0 [ 373.745060] ? do_syscall_64+0x4c/0x640 [ 373.749032] ? sys_vfork+0x20/0x20 [ 373.752579] do_syscall_64+0x1d5/0x640 [ 373.756477] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 373.761666] RIP: 0033:0x45c849 [ 373.764851] RSP: 002b:00007f95b9945c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 373.772562] RAX: ffffffffffffffda RBX: 00007f95b99466d4 RCX: 000000000045c849 03:35:24 executing program 2 (fault-call:9 fault-nth:20): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:24 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 373.779831] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 373.787113] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 373.794387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 373.801660] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000005 [ 373.929051] FAULT_INJECTION: forcing a failure. [ 373.929051] name failslab, interval 1, probability 0, space 0, times 0 [ 373.940556] CPU: 1 PID: 14572 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 373.948474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 373.957826] Call Trace: [ 373.960526] dump_stack+0x13e/0x194 [ 373.964164] should_fail.cold+0x10a/0x14b [ 373.968332] should_failslab+0xd6/0x130 [ 373.972304] kmem_cache_alloc_trace+0x2db/0x7b0 [ 373.976975] ? retire_userns_sysctls+0x80/0x80 [ 373.981567] alloc_mnt_ns+0xd4/0x440 [ 373.985320] copy_mnt_ns+0x8e/0x8a0 [ 373.988932] ? find_held_lock+0x2d/0x110 [ 373.992981] ? copy_namespaces+0x112/0x310 [ 373.997215] ? cap_capable+0x1c4/0x230 [ 374.001099] create_new_namespaces+0xc9/0x730 [ 374.005592] ? security_capable+0x88/0xb0 [ 374.009746] copy_namespaces+0x27b/0x310 [ 374.013802] copy_process.part.0+0x2603/0x6a70 [ 374.018413] ? get_pid_task+0xb8/0x130 [ 374.022315] ? save_trace+0x290/0x290 [ 374.026104] ? __lock_is_held+0xad/0x140 [ 374.030163] ? __cleanup_sighand+0x40/0x40 [ 374.034431] ? lock_downgrade+0x6e0/0x6e0 [ 374.038591] _do_fork+0x180/0xc80 [ 374.042060] ? fork_idle+0x270/0x270 [ 374.045766] ? fput+0xb/0x140 [ 374.048876] ? SyS_write+0x14d/0x210 [ 374.053022] ? SyS_read+0x210/0x210 [ 374.056653] ? SyS_clock_settime+0x1a0/0x1a0 [ 374.061285] ? do_syscall_64+0x4c/0x640 [ 374.065266] ? sys_vfork+0x20/0x20 [ 374.068799] do_syscall_64+0x1d5/0x640 [ 374.072688] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 374.077873] RIP: 0033:0x45c849 [ 374.081051] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 374.088814] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 374.096166] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 374.103430] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 374.110692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 374.117954] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000014 03:35:25 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:25 executing program 3 (fault-call:8 fault-nth:20): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:25 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:25 executing program 4 (fault-call:9 fault-nth:6): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 374.307191] FAULT_INJECTION: forcing a failure. [ 374.307191] name failslab, interval 1, probability 0, space 0, times 0 [ 374.319149] CPU: 1 PID: 14587 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 374.327051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 374.336494] Call Trace: [ 374.339089] dump_stack+0x13e/0x194 [ 374.342734] should_fail.cold+0x10a/0x14b [ 374.346899] should_failslab+0xd6/0x130 [ 374.350879] kmem_cache_alloc+0x2b5/0x770 [ 374.355042] ? lock_downgrade+0x6e0/0x6e0 [ 374.359193] alloc_vfsmnt+0x23/0x7c0 [ 374.362910] clone_mnt+0x6c/0xf20 [ 374.366386] ? is_subdir+0x223/0x38a [ 374.370102] copy_tree+0x33a/0x860 [ 374.373678] copy_mnt_ns+0x112/0x8a0 [ 374.377394] ? copy_namespaces+0x112/0x310 [ 374.381639] ? cap_capable+0x1c4/0x230 [ 374.385538] create_new_namespaces+0xc9/0x730 [ 374.390038] ? security_capable+0x88/0xb0 [ 374.394631] copy_namespaces+0x27b/0x310 [ 374.398701] copy_process.part.0+0x2603/0x6a70 [ 374.403298] ? get_pid_task+0xb8/0x130 [ 374.407196] ? save_trace+0x290/0x290 [ 374.410995] ? __lock_is_held+0xad/0x140 [ 374.415069] ? __cleanup_sighand+0x40/0x40 [ 374.419310] ? lock_downgrade+0x6e0/0x6e0 [ 374.423469] _do_fork+0x180/0xc80 [ 374.426931] ? fork_idle+0x270/0x270 [ 374.430646] ? fput+0xb/0x140 [ 374.433753] ? SyS_write+0x14d/0x210 [ 374.437640] ? SyS_read+0x210/0x210 [ 374.441265] ? SyS_clock_settime+0x1a0/0x1a0 [ 374.445694] ? do_syscall_64+0x4c/0x640 [ 374.449672] ? sys_vfork+0x20/0x20 [ 374.453218] do_syscall_64+0x1d5/0x640 [ 374.457113] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 374.462302] RIP: 0033:0x45c849 [ 374.465485] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 374.473188] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 374.480459] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 374.487729] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 374.495002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 374.502272] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000014 [ 374.511603] FAULT_INJECTION: forcing a failure. [ 374.511603] name failslab, interval 1, probability 0, space 0, times 0 [ 374.523112] CPU: 1 PID: 14588 Comm: syz-executor.4 Not tainted 4.14.174-syzkaller #0 [ 374.531023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 374.540377] Call Trace: [ 374.542990] dump_stack+0x13e/0x194 [ 374.546625] should_fail.cold+0x10a/0x14b [ 374.550779] should_failslab+0xd6/0x130 [ 374.554761] __kmalloc+0x2e9/0x7c0 [ 374.558304] ? __register_sysctl_table+0xc3/0xe60 [ 374.563150] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 374.568610] ? rcu_read_lock_sched_held+0x10a/0x130 [ 374.573636] ? __kmalloc_track_caller+0x366/0x7b0 [ 374.578485] __register_sysctl_table+0xc3/0xe60 [ 374.583159] ? memcpy+0x35/0x50 [ 374.586445] setup_userns_sysctls+0xb3/0x170 [ 374.590859] create_user_ns+0x76a/0xca0 [ 374.594843] copy_creds+0x3c1/0x4d0 [ 374.598476] copy_process.part.0+0x868/0x6a70 [ 374.602982] ? get_pid_task+0xb8/0x130 [ 374.606890] ? proc_fail_nth_write+0x7b/0x180 [ 374.611385] ? save_trace+0x290/0x290 [ 374.615188] ? __lock_is_held+0xad/0x140 [ 374.619252] ? find_held_lock+0x2d/0x110 [ 374.623320] ? __cleanup_sighand+0x40/0x40 [ 374.627558] ? lock_downgrade+0x6e0/0x6e0 [ 374.631720] _do_fork+0x180/0xc80 [ 374.635178] ? fork_idle+0x270/0x270 [ 374.638890] ? fput+0xb/0x140 [ 374.641998] ? SyS_write+0x14d/0x210 [ 374.645717] ? SyS_read+0x210/0x210 [ 374.649357] ? SyS_clock_settime+0x1a0/0x1a0 [ 374.653773] ? do_syscall_64+0x4c/0x640 [ 374.657752] ? sys_vfork+0x20/0x20 [ 374.661302] do_syscall_64+0x1d5/0x640 [ 374.665283] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 374.670469] RIP: 0033:0x45c849 [ 374.673651] RSP: 002b:00007f95b9945c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 374.681364] RAX: ffffffffffffffda RBX: 00007f95b99466d4 RCX: 000000000045c849 [ 374.688652] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 374.695924] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 03:35:25 executing program 2 (fault-call:9 fault-nth:21): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:25 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 374.703197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 374.710464] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000006 [ 374.829032] FAULT_INJECTION: forcing a failure. [ 374.829032] name failslab, interval 1, probability 0, space 0, times 0 [ 374.840344] CPU: 0 PID: 14599 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 374.848243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 374.858630] Call Trace: [ 374.861229] dump_stack+0x13e/0x194 [ 374.864858] should_fail.cold+0x10a/0x14b [ 374.869009] should_failslab+0xd6/0x130 [ 374.872968] kmem_cache_alloc+0x2b5/0x770 [ 374.877103] ? lock_downgrade+0x6e0/0x6e0 [ 374.881237] alloc_vfsmnt+0x23/0x7c0 [ 374.884946] clone_mnt+0x6c/0xf20 [ 374.888390] ? is_subdir+0x223/0x38a [ 374.892097] copy_tree+0x33a/0x860 [ 374.895641] copy_mnt_ns+0x112/0x8a0 [ 374.899363] ? copy_namespaces+0x112/0x310 [ 374.903593] ? cap_capable+0x1c4/0x230 [ 374.907474] create_new_namespaces+0xc9/0x730 [ 374.911955] ? security_capable+0x88/0xb0 [ 374.916264] copy_namespaces+0x27b/0x310 [ 374.920312] copy_process.part.0+0x2603/0x6a70 [ 374.924881] ? get_pid_task+0xb8/0x130 [ 374.928754] ? save_trace+0x290/0x290 [ 374.932537] ? __lock_is_held+0xad/0x140 [ 374.936598] ? __cleanup_sighand+0x40/0x40 [ 374.940880] ? lock_downgrade+0x6e0/0x6e0 [ 374.945018] _do_fork+0x180/0xc80 [ 374.948466] ? fork_idle+0x270/0x270 [ 374.952185] ? fput+0xb/0x140 [ 374.955285] ? SyS_write+0x14d/0x210 [ 374.958980] ? SyS_read+0x210/0x210 [ 374.962590] ? SyS_clock_settime+0x1a0/0x1a0 [ 374.966983] ? do_syscall_64+0x4c/0x640 [ 374.970955] ? sys_vfork+0x20/0x20 [ 374.974504] do_syscall_64+0x1d5/0x640 [ 374.978386] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 374.983562] RIP: 0033:0x45c849 [ 374.986736] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 374.994433] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 375.001684] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 375.008954] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 375.016221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 03:35:26 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:26 executing program 4 (fault-call:9 fault-nth:7): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 375.023478] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000015 03:35:26 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:26 executing program 3 (fault-call:8 fault-nth:21): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 375.198117] FAULT_INJECTION: forcing a failure. [ 375.198117] name failslab, interval 1, probability 0, space 0, times 0 [ 375.209642] CPU: 0 PID: 14614 Comm: syz-executor.4 Not tainted 4.14.174-syzkaller #0 [ 375.217538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 375.226900] Call Trace: [ 375.229491] dump_stack+0x13e/0x194 [ 375.233123] should_fail.cold+0x10a/0x14b [ 375.237273] should_failslab+0xd6/0x130 [ 375.241510] __kmalloc+0x2e9/0x7c0 [ 375.245053] ? __register_sysctl_table+0xc3/0xe60 [ 375.249893] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 375.256020] FAULT_INJECTION: forcing a failure. [ 375.256020] name failslab, interval 1, probability 0, space 0, times 0 [ 375.256386] ? rcu_read_lock_sched_held+0x10a/0x130 [ 375.272562] ? __kmalloc_track_caller+0x366/0x7b0 [ 375.277493] __register_sysctl_table+0xc3/0xe60 [ 375.282147] ? memcpy+0x35/0x50 [ 375.285412] setup_userns_sysctls+0xb3/0x170 [ 375.289804] create_user_ns+0x76a/0xca0 [ 375.293770] copy_creds+0x3c1/0x4d0 [ 375.297382] copy_process.part.0+0x868/0x6a70 [ 375.301865] ? get_pid_task+0xb8/0x130 [ 375.305737] ? proc_fail_nth_write+0x7b/0x180 [ 375.310225] ? save_trace+0x290/0x290 [ 375.314009] ? __lock_is_held+0xad/0x140 [ 375.318055] ? find_held_lock+0x2d/0x110 [ 375.322721] ? __cleanup_sighand+0x40/0x40 [ 375.326938] ? lock_downgrade+0x6e0/0x6e0 [ 375.331072] _do_fork+0x180/0xc80 [ 375.334510] ? fork_idle+0x270/0x270 [ 375.338209] ? fput+0xb/0x140 [ 375.341295] ? SyS_write+0x14d/0x210 [ 375.344993] ? SyS_read+0x210/0x210 [ 375.348604] ? SyS_clock_settime+0x1a0/0x1a0 [ 375.353000] ? do_syscall_64+0x4c/0x640 [ 375.356957] ? sys_vfork+0x20/0x20 [ 375.360479] do_syscall_64+0x1d5/0x640 [ 375.364353] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 375.369524] RIP: 0033:0x45c849 [ 375.372694] RSP: 002b:00007f95b9945c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 375.380395] RAX: ffffffffffffffda RBX: 00007f95b99466d4 RCX: 000000000045c849 [ 375.387657] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 375.394909] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 375.402160] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 375.409413] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000007 [ 375.416676] CPU: 1 PID: 14617 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 375.424563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 375.433930] Call Trace: [ 375.436532] dump_stack+0x13e/0x194 [ 375.440172] should_fail.cold+0x10a/0x14b [ 375.444344] should_failslab+0xd6/0x130 [ 375.448310] kmem_cache_alloc+0x2b5/0x770 [ 375.456187] ? lock_downgrade+0x6e0/0x6e0 [ 375.460340] alloc_vfsmnt+0x23/0x7c0 [ 375.464049] clone_mnt+0x6c/0xf20 [ 375.467504] ? is_subdir+0x223/0x38a [ 375.471223] copy_tree+0x33a/0x860 [ 375.474758] copy_mnt_ns+0x112/0x8a0 [ 375.478470] ? copy_namespaces+0x112/0x310 [ 375.482710] ? cap_capable+0x1c4/0x230 [ 375.486609] create_new_namespaces+0xc9/0x730 [ 375.491103] ? security_capable+0x88/0xb0 [ 375.495255] copy_namespaces+0x27b/0x310 [ 375.499320] copy_process.part.0+0x2603/0x6a70 [ 375.503914] ? get_pid_task+0xb8/0x130 [ 375.507800] ? save_trace+0x290/0x290 [ 375.511609] ? __lock_is_held+0xad/0x140 [ 375.515681] ? __cleanup_sighand+0x40/0x40 [ 375.519913] ? lock_downgrade+0x6e0/0x6e0 [ 375.524065] _do_fork+0x180/0xc80 [ 375.527518] ? fork_idle+0x270/0x270 [ 375.531229] ? fput+0xb/0x140 [ 375.534341] ? SyS_write+0x14d/0x210 [ 375.538172] ? SyS_read+0x210/0x210 [ 375.541803] ? SyS_clock_settime+0x1a0/0x1a0 [ 375.546216] ? do_syscall_64+0x4c/0x640 [ 375.550192] ? sys_vfork+0x20/0x20 [ 375.553737] do_syscall_64+0x1d5/0x640 [ 375.557638] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 375.562831] RIP: 0033:0x45c849 [ 375.566018] RSP: 002b:00007f0a435abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 375.573730] RAX: ffffffffffffffda RBX: 00007f0a435ac6d4 RCX: 000000000045c849 [ 375.581120] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 375.588399] RBP: 000000000076c040 R08: ffffffffffffffff R09: 0000000000000000 03:35:26 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:26 executing program 2 (fault-call:9 fault-nth:22): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 375.595673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 375.602946] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000015 [ 375.733378] FAULT_INJECTION: forcing a failure. [ 375.733378] name failslab, interval 1, probability 0, space 0, times 0 [ 375.744708] CPU: 1 PID: 14629 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 375.752599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 375.761959] Call Trace: [ 375.764558] dump_stack+0x13e/0x194 [ 375.768201] should_fail.cold+0x10a/0x14b [ 375.772360] should_failslab+0xd6/0x130 [ 375.776349] __kmalloc_track_caller+0x2e1/0x7b0 [ 375.781024] ? kstrdup_const+0x35/0x60 [ 375.784924] ? lock_acquire+0x170/0x3f0 [ 375.788899] ? lock_downgrade+0x6e0/0x6e0 [ 375.793054] kstrdup+0x36/0x70 [ 375.796253] kstrdup_const+0x35/0x60 [ 375.799965] alloc_vfsmnt+0xe0/0x7c0 [ 375.803678] clone_mnt+0x6c/0xf20 [ 375.807131] ? is_subdir+0x223/0x38a [ 375.810850] copy_tree+0x33a/0x860 [ 375.814400] copy_mnt_ns+0x112/0x8a0 [ 375.818116] ? copy_namespaces+0x112/0x310 [ 375.822357] ? cap_capable+0x1c4/0x230 [ 375.826249] create_new_namespaces+0xc9/0x730 [ 375.830742] ? security_capable+0x88/0xb0 [ 375.834897] copy_namespaces+0x27b/0x310 [ 375.838966] copy_process.part.0+0x2603/0x6a70 [ 375.843559] ? get_pid_task+0xb8/0x130 [ 375.847453] ? save_trace+0x290/0x290 [ 375.851256] ? __lock_is_held+0xad/0x140 [ 375.855332] ? __cleanup_sighand+0x40/0x40 [ 375.859572] ? lock_downgrade+0x6e0/0x6e0 [ 375.863726] _do_fork+0x180/0xc80 [ 375.867188] ? fork_idle+0x270/0x270 [ 375.870904] ? fput+0xb/0x140 [ 375.874008] ? SyS_write+0x14d/0x210 [ 375.877722] ? SyS_read+0x210/0x210 [ 375.881351] ? SyS_clock_settime+0x1a0/0x1a0 [ 375.885763] ? do_syscall_64+0x4c/0x640 [ 375.889736] ? sys_vfork+0x20/0x20 [ 375.893281] do_syscall_64+0x1d5/0x640 [ 375.897174] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 375.902364] RIP: 0033:0x45c849 [ 375.905555] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 375.913278] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 375.920580] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 03:35:27 executing program 3 (fault-call:8 fault-nth:22): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:27 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 375.927859] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 375.935132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 375.942405] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000016 03:35:27 executing program 4 (fault-call:9 fault-nth:8): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:27 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 376.080355] FAULT_INJECTION: forcing a failure. [ 376.080355] name failslab, interval 1, probability 0, space 0, times 0 [ 376.091679] CPU: 1 PID: 14643 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 376.099582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 376.108942] Call Trace: [ 376.111542] dump_stack+0x13e/0x194 [ 376.115205] should_fail.cold+0x10a/0x14b [ 376.119361] should_failslab+0xd6/0x130 [ 376.123346] kmem_cache_alloc+0x2b5/0x770 [ 376.127502] ? find_held_lock+0x2d/0x110 [ 376.131569] ? copy_tree+0x4a0/0x860 [ 376.135289] alloc_vfsmnt+0x23/0x7c0 [ 376.139005] clone_mnt+0x6c/0xf20 [ 376.141855] FAULT_INJECTION: forcing a failure. [ 376.141855] name failslab, interval 1, probability 0, space 0, times 0 [ 376.142461] copy_tree+0x33a/0x860 [ 376.142477] copy_mnt_ns+0x112/0x8a0 [ 376.165158] ? copy_namespaces+0x112/0x310 [ 376.169393] ? cap_capable+0x1c4/0x230 [ 376.173273] create_new_namespaces+0xc9/0x730 [ 376.177765] ? security_capable+0x88/0xb0 [ 376.181904] copy_namespaces+0x27b/0x310 [ 376.185975] copy_process.part.0+0x2603/0x6a70 [ 376.190571] ? get_pid_task+0xb8/0x130 [ 376.194462] ? save_trace+0x290/0x290 [ 376.198262] ? __lock_is_held+0xad/0x140 [ 376.202313] ? __cleanup_sighand+0x40/0x40 [ 376.206544] ? lock_downgrade+0x6e0/0x6e0 [ 376.210690] _do_fork+0x180/0xc80 [ 376.214134] ? fork_idle+0x270/0x270 [ 376.217831] ? fput+0xb/0x140 [ 376.220920] ? SyS_write+0x14d/0x210 [ 376.224616] ? SyS_read+0x210/0x210 [ 376.228228] ? SyS_clock_settime+0x1a0/0x1a0 [ 376.232623] ? do_syscall_64+0x4c/0x640 [ 376.236580] ? sys_vfork+0x20/0x20 [ 376.240106] do_syscall_64+0x1d5/0x640 [ 376.243995] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 376.249180] RIP: 0033:0x45c849 [ 376.252362] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 376.260064] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 376.267472] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 376.274739] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 376.282022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 376.289292] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000016 [ 376.296617] CPU: 0 PID: 14646 Comm: syz-executor.4 Not tainted 4.14.174-syzkaller #0 [ 376.304517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 376.313875] Call Trace: [ 376.316488] dump_stack+0x13e/0x194 [ 376.320808] should_fail.cold+0x10a/0x14b [ 376.325062] should_failslab+0xd6/0x130 [ 376.329057] __kmalloc+0x2e9/0x7c0 [ 376.332599] ? __register_sysctl_table+0x7cc/0xe60 [ 376.337557] ? lock_downgrade+0x6e0/0x6e0 [ 376.341759] ? find_entry.isra.0+0x1d0/0x1d0 [ 376.346162] __register_sysctl_table+0x7cc/0xe60 [ 376.350975] ? memcpy+0x35/0x50 [ 376.354269] setup_userns_sysctls+0xb3/0x170 [ 376.358692] create_user_ns+0x76a/0xca0 [ 376.362674] copy_creds+0x3c1/0x4d0 [ 376.366295] copy_process.part.0+0x868/0x6a70 [ 376.370789] ? get_pid_task+0xb8/0x130 [ 376.374684] ? proc_fail_nth_write+0x7b/0x180 [ 376.379184] ? save_trace+0x290/0x290 [ 376.382993] ? __lock_is_held+0xad/0x140 [ 376.387057] ? find_held_lock+0x2d/0x110 [ 376.391206] ? __cleanup_sighand+0x40/0x40 [ 376.395450] ? lock_downgrade+0x6e0/0x6e0 [ 376.399611] _do_fork+0x180/0xc80 [ 376.403074] ? fork_idle+0x270/0x270 [ 376.406786] ? fput+0xb/0x140 [ 376.409880] ? SyS_write+0x14d/0x210 [ 376.413599] ? SyS_read+0x210/0x210 [ 376.417329] ? SyS_clock_settime+0x1a0/0x1a0 [ 376.421730] ? do_syscall_64+0x4c/0x640 [ 376.425700] ? sys_vfork+0x20/0x20 [ 376.429247] do_syscall_64+0x1d5/0x640 [ 376.433149] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 376.438352] RIP: 0033:0x45c849 [ 376.441546] RSP: 002b:00007f95b9924c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 376.449272] RAX: ffffffffffffffda RBX: 00007f95b99256d4 RCX: 000000000045c849 [ 376.456567] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 376.463840] RBP: 000000000076c040 R08: ffffffffffffffff R09: 0000000000000000 [ 376.471103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 03:35:27 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 376.478368] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000008 [ 376.486065] sysctl could not get directory: //user -12 [ 376.491659] CPU: 0 PID: 14646 Comm: syz-executor.4 Not tainted 4.14.174-syzkaller #0 [ 376.499557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 376.508913] Call Trace: [ 376.511516] dump_stack+0x13e/0x194 [ 376.515169] __register_sysctl_table+0x78e/0xe60 [ 376.519933] ? memcpy+0x35/0x50 [ 376.523225] setup_userns_sysctls+0xb3/0x170 [ 376.527643] create_user_ns+0x76a/0xca0 [ 376.531630] copy_creds+0x3c1/0x4d0 [ 376.535266] copy_process.part.0+0x868/0x6a70 [ 376.539759] ? get_pid_task+0xb8/0x130 [ 376.543638] ? proc_fail_nth_write+0x7b/0x180 [ 376.548128] ? save_trace+0x290/0x290 [ 376.551916] ? __lock_is_held+0xad/0x140 [ 376.555962] ? find_held_lock+0x2d/0x110 [ 376.560014] ? __cleanup_sighand+0x40/0x40 [ 376.564247] ? lock_downgrade+0x6e0/0x6e0 [ 376.568402] _do_fork+0x180/0xc80 [ 376.571858] ? fork_idle+0x270/0x270 [ 376.575567] ? fput+0xb/0x140 [ 376.578677] ? SyS_write+0x14d/0x210 [ 376.582419] ? SyS_read+0x210/0x210 [ 376.586048] ? SyS_clock_settime+0x1a0/0x1a0 [ 376.590515] ? do_syscall_64+0x4c/0x640 [ 376.594475] ? sys_vfork+0x20/0x20 [ 376.597997] do_syscall_64+0x1d5/0x640 [ 376.601873] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 376.607044] RIP: 0033:0x45c849 [ 376.610218] RSP: 002b:00007f95b9924c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 376.617954] RAX: ffffffffffffffda RBX: 00007f95b99256d4 RCX: 000000000045c849 [ 376.625215] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 03:35:27 executing program 2 (fault-call:9 fault-nth:23): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 376.632469] RBP: 000000000076c040 R08: ffffffffffffffff R09: 0000000000000000 [ 376.639909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 376.647179] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000008 [ 376.771290] FAULT_INJECTION: forcing a failure. [ 376.771290] name failslab, interval 1, probability 0, space 0, times 0 [ 376.782702] CPU: 0 PID: 14658 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 376.790595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 376.799956] Call Trace: [ 376.802560] dump_stack+0x13e/0x194 [ 376.806208] should_fail.cold+0x10a/0x14b [ 376.810372] should_failslab+0xd6/0x130 [ 376.814359] __kmalloc_track_caller+0x2e1/0x7b0 [ 376.819034] ? kstrdup_const+0x35/0x60 [ 376.822938] ? lock_acquire+0x170/0x3f0 [ 376.826928] ? lock_downgrade+0x6e0/0x6e0 [ 376.831087] kstrdup+0x36/0x70 [ 376.834292] kstrdup_const+0x35/0x60 [ 376.838012] alloc_vfsmnt+0xe0/0x7c0 [ 376.841732] clone_mnt+0x6c/0xf20 [ 376.845193] copy_tree+0x33a/0x860 [ 376.848748] copy_mnt_ns+0x112/0x8a0 [ 376.852471] ? copy_namespaces+0x112/0x310 [ 376.856713] ? cap_capable+0x1c4/0x230 [ 376.860606] create_new_namespaces+0xc9/0x730 [ 376.865105] ? security_capable+0x88/0xb0 [ 376.869270] copy_namespaces+0x27b/0x310 [ 376.873344] copy_process.part.0+0x2603/0x6a70 [ 376.877935] ? get_pid_task+0xb8/0x130 [ 376.881841] ? save_trace+0x290/0x290 [ 376.885651] ? __lock_is_held+0xad/0x140 [ 376.889728] ? __cleanup_sighand+0x40/0x40 [ 376.893977] ? lock_downgrade+0x6e0/0x6e0 [ 376.898134] _do_fork+0x180/0xc80 [ 376.901594] ? fork_idle+0x270/0x270 [ 376.905317] ? fput+0xb/0x140 [ 376.908427] ? SyS_write+0x14d/0x210 [ 376.912144] ? SyS_read+0x210/0x210 [ 376.915775] ? SyS_clock_settime+0x1a0/0x1a0 [ 376.920186] ? do_syscall_64+0x4c/0x640 [ 376.924184] ? sys_vfork+0x20/0x20 [ 376.927743] do_syscall_64+0x1d5/0x640 [ 376.931643] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 376.936839] RIP: 0033:0x45c849 [ 376.940027] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 376.947738] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 376.955011] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 376.962280] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 03:35:28 executing program 4 (fault-call:9 fault-nth:9): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:28 executing program 3 (fault-call:8 fault-nth:23): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:28 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:28 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 376.970248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 376.977519] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000017 [ 377.083270] FAULT_INJECTION: forcing a failure. [ 377.083270] name failslab, interval 1, probability 0, space 0, times 0 [ 377.094637] CPU: 0 PID: 14672 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 377.102542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 377.111902] Call Trace: [ 377.114501] dump_stack+0x13e/0x194 [ 377.118146] should_fail.cold+0x10a/0x14b [ 377.122307] should_failslab+0xd6/0x130 [ 377.126290] __kmalloc_track_caller+0x2e1/0x7b0 [ 377.130980] ? kstrdup_const+0x35/0x60 [ 377.134868] ? lock_acquire+0x170/0x3f0 [ 377.138842] ? lock_downgrade+0x6e0/0x6e0 [ 377.142396] FAULT_INJECTION: forcing a failure. [ 377.142396] name failslab, interval 1, probability 0, space 0, times 0 [ 377.142989] kstrdup+0x36/0x70 [ 377.143003] kstrdup_const+0x35/0x60 [ 377.161062] alloc_vfsmnt+0xe0/0x7c0 [ 377.164767] clone_mnt+0x6c/0xf20 [ 377.168213] copy_tree+0x33a/0x860 [ 377.171747] copy_mnt_ns+0x112/0x8a0 [ 377.175454] ? copy_namespaces+0x112/0x310 [ 377.179675] ? cap_capable+0x1c4/0x230 [ 377.183548] create_new_namespaces+0xc9/0x730 [ 377.188033] ? security_capable+0x88/0xb0 [ 377.192178] copy_namespaces+0x27b/0x310 [ 377.196224] copy_process.part.0+0x2603/0x6a70 [ 377.200795] ? get_pid_task+0xb8/0x130 [ 377.204666] ? save_trace+0x290/0x290 [ 377.208449] ? __lock_is_held+0xad/0x140 [ 377.212528] ? __cleanup_sighand+0x40/0x40 [ 377.216772] ? lock_downgrade+0x6e0/0x6e0 [ 377.221006] _do_fork+0x180/0xc80 [ 377.224457] ? fork_idle+0x270/0x270 [ 377.228180] ? fput+0xb/0x140 [ 377.231292] ? SyS_write+0x14d/0x210 [ 377.234997] ? SyS_read+0x210/0x210 [ 377.238613] ? SyS_clock_settime+0x1a0/0x1a0 [ 377.243012] ? do_syscall_64+0x4c/0x640 [ 377.246981] ? sys_vfork+0x20/0x20 [ 377.250509] do_syscall_64+0x1d5/0x640 [ 377.254391] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 377.259565] RIP: 0033:0x45c849 [ 377.263695] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 377.271385] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 377.278639] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 377.285891] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 377.293161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 377.300415] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000017 [ 377.307688] CPU: 1 PID: 14674 Comm: syz-executor.4 Not tainted 4.14.174-syzkaller #0 [ 377.315579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 377.325539] Call Trace: [ 377.328142] dump_stack+0x13e/0x194 [ 377.331962] should_fail.cold+0x10a/0x14b [ 377.336116] should_failslab+0xd6/0x130 [ 377.340084] kmem_cache_alloc+0x2b5/0x770 [ 377.344228] ? selinux_is_enabled+0x5/0x50 [ 377.348455] ? creds_are_invalid+0x44/0x100 [ 377.352781] __delayacct_tsk_init+0x1b/0x80 [ 377.357101] copy_process.part.0+0x1a6c/0x6a70 [ 377.361688] ? get_pid_task+0xb8/0x130 [ 377.365691] ? proc_fail_nth_write+0x7b/0x180 [ 377.370194] ? save_trace+0x290/0x290 [ 377.373999] ? __lock_is_held+0xad/0x140 [ 377.378064] ? __cleanup_sighand+0x40/0x40 [ 377.382286] ? lock_downgrade+0x6e0/0x6e0 [ 377.386423] _do_fork+0x180/0xc80 [ 377.389865] ? fork_idle+0x270/0x270 [ 377.393581] ? fput+0xb/0x140 [ 377.396685] ? SyS_write+0x14d/0x210 [ 377.400415] ? SyS_read+0x210/0x210 [ 377.404052] ? SyS_clock_settime+0x1a0/0x1a0 [ 377.408468] ? do_syscall_64+0x4c/0x640 [ 377.412450] ? sys_vfork+0x20/0x20 [ 377.415985] do_syscall_64+0x1d5/0x640 [ 377.419863] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 377.425047] RIP: 0033:0x45c849 03:35:28 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:28 executing program 2 (fault-call:9 fault-nth:24): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 377.428221] RSP: 002b:00007f95b9924c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 377.435915] RAX: ffffffffffffffda RBX: 00007f95b99256d4 RCX: 000000000045c849 [ 377.443192] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 377.450456] RBP: 000000000076c040 R08: ffffffffffffffff R09: 0000000000000000 [ 377.457723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 377.464985] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000009 03:35:28 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x2, 0x3, 0x2d8, 0x0, 0x190, 0xcbffffff, 0x190, 0x77000000, 0x240, 0x240, 0x240, 0x240, 0x240, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x130, 0x190, 0x0, {}, [@common=@unspec=@string={{0xc0, 'string\x00'}, {0x0, 0x0, 'bm\x00', "bdc74c01369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa6ecab6b1d2cc05e3182f64694d7d05fb8b8c8f56627a54f905d564eeeb8334f650ca0f3c44f7fda4d20a55050342ea85ecc8838e7088de33582f36a0a375bb7008adc297a5ece1bb2df53d17bef26bb6f800", 0x7f}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@empty}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, 0x0, 0x0, 'veth0_to_batadv\x00', 'ip6gretap0\x00'}, 0x0, 0x70, 0xb0}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x338) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) syz_extract_tcp_res$synack(&(0x7f0000000040), 0x1, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f00000000c0)="8e10809dd0ed0e947b8e3d7391be6a628e4ac52c5b8709979bcaa274d785227e1e76f608ed393335afc0b60274006fca9e4af8b9bcf9a591994d8402e7642ffafe07ac846239f23dd8d21548a4d6d68d06cba45a0822d96f2797a813e83b6ec69248459a2c8c16b276cef92559e75be167dde20640016ff76704bd9be959e15f1607bab38fbe2dfb985e1bab1718e37a98853381cf7da7f8d8e3c42f10999ecd7061653e3495e548ddb9d2f021757c434dfa9fa5e7847135679b489e7dd429a2b1bb3f6396785b9e", 0xc8}, {&(0x7f0000000480)="3fe06a163fb43661b0dcee8028f950b172ed655300863605287fe27e864fc6d88a541d563fc38f3895437ed50d176ae7c2eff9eb44f71e024caf8b9268bd2f6316d9d1b8f646042c1f214ce6ead3ce4618e82d9ebeb645f56d50a6bfe0861d7c6f1561bcca9dc9a82ed22847ab57d71148be549ea9e450fc91185cd610059523b48b6ff287c7f9f6682ecbf38d002284771a127c767cff9c377206ea3d562b85a6eba7aebfc4bfb3ab2b5dcf39e5e3394394e9664d34ffedb060904a28196f1e7e2c66d6e7de2ff91aba4cb5187fc8d815f0ba9dbe8cbc12bdfd67ee05d9af3619073ad9d5441e281e8d013d5cfca9dff1efd0c83863cce29eb1df9ece7cb6e888ed66fca4c4b9d86f1f6737e29c90dbcf05daede67a9f1861c8e5b3f678ce39bef4b7a6da0a26852cdf603ce00df36768871a6aead16b527502705baac0ab68a83c1822e9250577948acee63eadbfdbef3ca990fb1a203e75120e4dc6aff0c8809bcf098916dbe4b2682274bd766aaeb3318310cf01af8a974a6ec8993d1cc4cf6d4a29571abe4dd511e846c00bb7e53bcf993781974896c7563d606e1b3d95153584750bc1422cf8be7c9d8608f89f5c2c0e25cd35bbc8a0e55e937ffa9ce6ae4304b305982db9a9aa0522e4769d7205e35b60d4ee8ab45b54ad8a8dea94107decc647a38a31161bdfd7d7159d81c31f5476006b1e8ab854aaa3b4b42bf6cf39d84bb12f1645d2229f21d605d23951d2e2cec612ab7e6d682e4c63cf41b73cf2e8e954856cae21e8de70dd8cd93cfe49589385163b6f64b9c2c4a9199ae0e389dd045db7e5711139f973a6c345084ae57c66bbd4a465690e0ce56cadf376febb5a52e945317cd01a64923646166062b5e5efd090c01c046395e7a8c3844ff502d187c3d45e3a45ce15207bdf0325dfb4c8588f21761d0afc60a35103ef6ecebe0c88907e86c467b8143c28343d61567d43d4422b51b6af7c9e7e5c23a48467b5bde8d9c397ddea9ac92c09eb570ce5a403e2ad985695bfd106801527799952fe75d6e228cde5f3e327473a8aaf6f0c2a8f683cc4a326688921ca142d412228afc70335c52ad135e4b27add9a97653a63223f98e62f03f633b3ea4aef74f1b87d39b8b6a442a59828b5e365e29819cd2cac85a7e0417e6b1f4fcd76b63c105605843169c935648df1bb0021a6c37ad1d359a63dc084c70fc218974122792e91374c790a7f8e7dd5887544c8093dce450495473864e449dd99ff1789ae154f1f576c8ccadab64548e3c4d1c8b6b6ebb77c1c3b729440b1af473f70ca3c8b6bcd1ccceb41b427edb195ca46e2fec2cb5e0a689c83ab9fc43a79c66102d72405e1f14d4c5e59063569179e133bd38e52389939ceb8db732274350991c647071cdb52ef2d39c856a36ad0ba4c4020de5fd42298ad577a7064ad492188b656c8458442af0474fe06cf1f2605be511c25e17f55beedd16a81f3721a4246fad8377e147e68d5443113e8aca039d5cec08de7f69bd99a8da52ff700edd53f715077a897b9f2f4293111589a4af626e31338ff2faa7b859d8754eeb938956fb44d9d92b3a91e0ad6530656eaafe4ee9d145bcb007405138bb6fdfce503d5d91409c179c02eede9cca4120632bc09dda463eb139978eaf2a306491afe0ba86eeb62969a74958079f3570551eaa9bbe5330f45d5514a8287c0e61990fcbe7a37f4d674c186b85c52e1b5276fdf9e0cfca8183887bac7e11ddd1e750b99feff47d6c02283550921fca21715b8f18a558471c96de6d0a4ab7e4eb0e5619fcb740c4f308fac1de0ab282bdd3fd71cc18649bcf3b71ec2c716f12fc5b4b54cbda561e2f5a18d963d3e97b068486b8d3c474c3152e41c221760156e9ac6d3bab2214efc4859e0e56c72bcc25a8a23db28350fc921bf83d326222fb8cd587ae1bc150b53243561aff7aeb14bc85989d26bb2730a4cb2d7f6d5e8b7f10556fc8a9e992ede12051349392cbbb7ce5b96249ae73abbac238ea66db495ca0e237d26818a7f94e07341191ea953bbd86ad70cb90bc915aedc676dce3bbd3a771f15140341fd08ad3dd70d9ec48d064e64ee197203434032a4bac61cff95b6c6ff0409dfb695abbd6857de2754abf89363beef5ed0c7fd8dacdaff71449391e3c8c40030fa1fc1fc353b039d8fec33759d97f66a12560b12fbedb7867d2fd3caa27a51e3228821e1f899100f14754b36fa1ecdebd1e1347048da26d00bf672238bbca097cd0d94396ec06f12449addc43d31a375fe616fdba72e037e19c93632bf386dfcb0eb65926643c5822a972dbf9d78a1e67a66287905b5b66de47f1bccbbcca415b1ad4b41cac6565eab2ce805ed039dc37368ee6cf9fcaf22d3b960e7c55c83f9da588b3255ba489962ddc7dc66bec81da86d92ccdfa3ec95a347db10c6230fa229bf16b2418f118bd9111040ce0ac4f8f2de1163783e4b12b14f43044a4af2ee4b174d02ab65e9b405cb3ac8cd31c112bc5af997d102cfc919f7b141ae62ca97ccbc299327217080eb37eb9734b36dbc162e2f06d2878585254fd34c069a5571a1062c7fd482a513d85ee4fb3a81185de0cba15968b361f12df193c041941dcc33a7a157f39de347cdae0e87dc7c46f61c3ed701203f641a90934ac325ddfc18814e92fe88c50faea644a7760adcf9f3466dde1db0290bdc745a5ce275ea3646485d5cca079cf2f50494e863374908ec61e300305eeddeb67419c7afd8a8b5be1270b1484ddf6821de9614eb0aa184b809a3794ab628e16bc81bab2056487add28fc92c82e8f9a9a46ee10359a988fc215330bc9893865f943ca17673d58a85e26d1f01777c27877ce691e9f9a6fe4d92907c3709052d39d49d0da5e46f3b34b92503a6dd9eb20791dd5cf1c18ba1cd561e16b05fb94efab3d25af0aad48b6aeb91edb6ddddf2549132c9e383b200c59b4e238d13a9b9ea4a98e25e4ff4460cff38c880ab047dbb59c2585f77e30f2ed9330344e31f30f28db5f91d64bdcad4115dd3b0d3c23dcf407c309e85a1c470f6e8c618eec3f4b8cdd7a0f49f05bbf1c7b674ed7b7c0382051bf90570042d507287ccda4a42d6dfeeb77b77320d8e0d5f9f61c6ff0cdff235152de05e17c1db420814c5876505d82eb15c9d323779e35a46f35e08e7bab0c02f6da4898f72ef5445175987de5fc7f1a62bbcb013ead416f6075d690df9611262ccf056ada1c1cc7153eea1326e44c312e50e3fb1e69bf31b43a182bd9eb357a11ad401c0e115bb9251d1a10c680c4c1f8e5963f285d45957893ac950c20c8bd4e667d147140a98cca8254ac29f2d7995630e9822e0e577001e4e437234fa470e357f215c1561c2aec245a0c8010f5ad4e67335948c8beaabcc45b6fa273fb60c6f6c68ab999c36f45e40e94c2a90144db101082b08de9159b0c3510915324ebc2754acb09b99fe71dc0b78b18b16612e580d2eb1e0e08aecad4c14288753bacfafe94f067cefc14d1f83cae55e890b69c1503e2de949f03b280d41e86ff04c7938bd3b01d6ae4a2828de609995720665fd84f32ce3e7652a11b7d356fda011302c5f3150a2a0f247091d3c36e960a2beedba7ad20992e8d785d8bc97c48c3e2451a5b8580d77263abfff0410c45b3502531048997ec3a584bed4ba9ab61c7b3d12e7f2ecfea7279a1411de4fb066393d4b6a3d6bdd0677a7de1f91624a0c040b7f6ca596707385e337275360bc099754a419de6c90de96d645afd452df92dca7c6a7fee751e29a015c2c0f05e4db1200fd1a30e416752e14bb2c2edba0cbc2ee3134c308f0942cc4e6d47d0af35fcb310a6758e2bd8ad2c702771fe66ce4e8b97dcff03dd0ba239e31806b451b0509a3ed14a719da9e4da4fde345f8b49f053c0856f1f2aed032b64416c146a12dd7ed6dc7c2f6f3ae64cf15a44a642baa8e0f7b6d99208d566f32046bfaaa26ec678cb75e6cbf6e0240641df81a1c392e85d09f3bd23cad5b9b0d9d1d4dc27ff33d8ab193dd323b67be2988b8d6bec1847aa2b6ecafbb88c318bcee36b30a62a7b296e9d30bedc105ad3ee78d2fd7b0c2d9062d9207ef2d9977db867f520fb71d1ef919bf2e9c22639ed984c9e4f22403baa228b5eacf724c60e8a7f6ac4c6f1bb26b013aaa74bbbb4a234c158cd11270b00878de5154feaf41c64a05febe091a5135ecc957a3fe67944b032a46b2053a6df0a02bc36e548039a50cb34f20f5b7b9cf2cb3647cb9cb65ffe3e87a8284c111791045b030a60192abe5e72f7098d8dcb64d0081fad14029e389a51fe678efd9ff421a885e90f22040da8e55d58a8cc8e60c9a2f7a0108430c7e2884720dd1ac0775f664d9af2f4f5fe7d8dd689534984720dd69bb869d86c30aef05bdc2bc6c6647fc95b3e0858fe6f7f9527c30d7fa6827aa0993a2fdfd2a64b18db0ba83e7dee61b23ae9ec34ca64c23b419486371b6c0a874117216610da44317268be531709ec2072c03589e4ec898dab94d59161dc2614f599317c11fcd62916258da48c5530417992be3556e352a653d375bbe0b62b64a3e6b76571fe5db7838ca0d15d092925fc817845acb62669af2bb9c8f021a8e98543ceb668f44e1062eb3c26f80772baac66f53dcb22be2fe6f5da6d21e834139c6b5c4264dd814c2c03c5bb70dfb0019728efe0510b7f6b003363410e4669afd45e963c932b7fa74b2ba734636a5fcc8003434a6748cd96d9f870785991c2d003f67fcc44d433dd191f79a70909e12d0088bb953dad9dc25a6db9aa9da3e0af399524544a58b426d8e16ced765d5c0ca96fa122ff1866f5bb49d12109f3d42ca81a0ef375a9e563fed37ce3400f292e5216d1d140e2af2159719b96ff3047bf43283b17227079f479c3db80bdcfa722cc81cbbc4bf46807d041a0b6122985ef1e89ec9123ceb650225f01051ebad7a9577c7d341ed9f47db2f45d9062f9fb12e822bb65def855758bf06764eb7c7f55e0aa0add40e75f12d753a763d60bb11a06671b97718d7a8b400d01daf4aece4a62876079a6053c6c2cbda9d8193d742b407da1339183b0ea8b54da434c1103a0951c61308c5e6071b6a7a743262fa1a7981db9a248a6d076bf260988095dedc6da640fa98ba2462ae6a6ad450bda1101da148b5aced8fe9b29e86b599ebe4b659849b72862f33d117f80aefa4d40ff53adbaf3d2eae1a1ae1598649199695922c79b0f04f1f337bced521c01554ee5c4e7bcef3d02eed20afd843861fb7ffaa2fd4b813987a106a1b8864382033870405cfb609e63960d4312787f1da574dcbfd80bbeb6f5e60af7e4a8971d71284118c078e38e0f630a67e5704875994f196ed21dac9f526786000a6182c841119074ef11271bda1611753864f833b8074d2bacc49c717bc334cd5fb6c9e1911f1371301aedd27704bcbff8cd8f06e1436371adb8c34eeab8ed5f16451dca64f5fa88e464d2c925db6fc25df3cd9f4b99e94d0e8e5a84c406d5b66c99932a703d718a3137a674860cee732dab621e24bcdba829c9f5dc664e43ffcf8c2a7aa0086e1fc32e854a54e19a893d26b51165ac0d7f57f1045b1ab8787aa68611bd235b3a5d19466853d824d151dc66f9250b377be54da2522cea9fb12c78b72fd505db2e343722a0cc923bc8de832474b9df5f4519affe1e60b6ca8bc88de39989117aa085dae7fe3460db4908ca618bd82c9a57942f91492470bf8463d9810748a6e00f5d960e34ce10cb5bffc4e5e13f98e8335df6bace7210421de1b7d81a0b5d3df66cb49855c0403113562d60bb", 0x1000}], 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 377.569649] xt_HMARK: hash modulus can't be zero [ 377.651839] FAULT_INJECTION: forcing a failure. [ 377.651839] name failslab, interval 1, probability 0, space 0, times 0 [ 377.663240] CPU: 1 PID: 14692 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 377.671126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 377.680494] Call Trace: [ 377.683096] dump_stack+0x13e/0x194 [ 377.686734] should_fail.cold+0x10a/0x14b [ 377.690907] should_failslab+0xd6/0x130 [ 377.694890] kmem_cache_alloc+0x2b5/0x770 [ 377.699053] ? find_held_lock+0x2d/0x110 [ 377.703115] ? copy_tree+0x4a0/0x860 [ 377.706838] alloc_vfsmnt+0x23/0x7c0 [ 377.710565] clone_mnt+0x6c/0xf20 [ 377.714063] copy_tree+0x33a/0x860 [ 377.717596] copy_mnt_ns+0x112/0x8a0 [ 377.721308] ? copy_namespaces+0x112/0x310 [ 377.725538] ? cap_capable+0x1c4/0x230 [ 377.729498] create_new_namespaces+0xc9/0x730 [ 377.733989] ? security_capable+0x88/0xb0 [ 377.738142] copy_namespaces+0x27b/0x310 [ 377.742203] copy_process.part.0+0x2603/0x6a70 [ 377.746781] ? get_pid_task+0xb8/0x130 [ 377.750663] ? save_trace+0x290/0x290 [ 377.754455] ? __lock_is_held+0xad/0x140 [ 377.758518] ? __cleanup_sighand+0x40/0x40 [ 377.762771] ? lock_downgrade+0x6e0/0x6e0 [ 377.767064] _do_fork+0x180/0xc80 [ 377.770652] ? fork_idle+0x270/0x270 [ 377.774370] ? fput+0xb/0x140 [ 377.777466] ? SyS_write+0x14d/0x210 [ 377.781181] ? SyS_read+0x210/0x210 [ 377.784814] ? SyS_clock_settime+0x1a0/0x1a0 [ 377.789229] ? do_syscall_64+0x4c/0x640 [ 377.793204] ? sys_vfork+0x20/0x20 [ 377.797076] do_syscall_64+0x1d5/0x640 [ 377.800963] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 377.806144] RIP: 0033:0x45c849 [ 377.809373] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 377.817070] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 377.824334] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 377.831602] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 377.838869] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 03:35:29 executing program 3 (fault-call:8 fault-nth:24): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:29 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:29 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 377.846144] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000018 [ 377.980494] FAULT_INJECTION: forcing a failure. [ 377.980494] name failslab, interval 1, probability 0, space 0, times 0 [ 377.991814] CPU: 0 PID: 14704 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 377.999688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 378.009039] Call Trace: [ 378.011637] dump_stack+0x13e/0x194 [ 378.015276] should_fail.cold+0x10a/0x14b [ 378.019467] should_failslab+0xd6/0x130 [ 378.023447] __kmalloc_track_caller+0x2e1/0x7b0 [ 378.028122] ? kstrdup_const+0x35/0x60 [ 378.032014] ? lock_acquire+0x170/0x3f0 [ 378.035989] ? lock_downgrade+0x6e0/0x6e0 [ 378.040144] kstrdup+0x36/0x70 [ 378.043345] kstrdup_const+0x35/0x60 [ 378.047064] alloc_vfsmnt+0xe0/0x7c0 [ 378.050782] clone_mnt+0x6c/0xf20 [ 378.054246] copy_tree+0x33a/0x860 [ 378.057798] copy_mnt_ns+0x112/0x8a0 [ 378.061517] ? copy_namespaces+0x112/0x310 [ 378.065760] ? cap_capable+0x1c4/0x230 [ 378.069651] create_new_namespaces+0xc9/0x730 [ 378.074153] ? security_capable+0x88/0xb0 [ 378.078315] copy_namespaces+0x27b/0x310 [ 378.082384] copy_process.part.0+0x2603/0x6a70 [ 378.086978] ? get_pid_task+0xb8/0x130 [ 378.090877] ? save_trace+0x290/0x290 [ 378.094681] ? __lock_is_held+0xad/0x140 [ 378.098758] ? __cleanup_sighand+0x40/0x40 [ 378.103133] ? lock_downgrade+0x6e0/0x6e0 [ 378.107294] _do_fork+0x180/0xc80 [ 378.110760] ? fork_idle+0x270/0x270 [ 378.114475] ? fput+0xb/0x140 [ 378.117578] ? SyS_write+0x14d/0x210 [ 378.121295] ? SyS_read+0x210/0x210 [ 378.124930] ? SyS_clock_settime+0x1a0/0x1a0 [ 378.129339] ? do_syscall_64+0x4c/0x640 [ 378.133326] ? sys_vfork+0x20/0x20 [ 378.136884] do_syscall_64+0x1d5/0x640 [ 378.140792] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 378.146941] RIP: 0033:0x45c849 [ 378.150134] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 378.157841] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 378.165120] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 378.172406] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 378.179678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 378.186952] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000018 03:35:29 executing program 2 (fault-call:9 fault-nth:25): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:29 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:29 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NFT_MSG_GETRULE(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x48, 0x7, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x2}, @NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x1}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz1\x00'}]}, 0x48}}, 0x800) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 378.504043] FAULT_INJECTION: forcing a failure. [ 378.504043] name failslab, interval 1, probability 0, space 0, times 0 [ 378.515409] CPU: 1 PID: 14713 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 378.523298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 378.532659] Call Trace: [ 378.535261] dump_stack+0x13e/0x194 [ 378.538899] should_fail.cold+0x10a/0x14b [ 378.543059] should_failslab+0xd6/0x130 [ 378.547201] __kmalloc_track_caller+0x2e1/0x7b0 [ 378.551876] ? kstrdup_const+0x35/0x60 [ 378.555771] ? lock_acquire+0x170/0x3f0 [ 378.559748] ? lock_downgrade+0x6e0/0x6e0 [ 378.563905] kstrdup+0x36/0x70 [ 378.567106] kstrdup_const+0x35/0x60 [ 378.570819] alloc_vfsmnt+0xe0/0x7c0 [ 378.574541] clone_mnt+0x6c/0xf20 [ 378.578006] copy_tree+0x33a/0x860 [ 378.581558] copy_mnt_ns+0x112/0x8a0 [ 378.585273] ? copy_namespaces+0x112/0x310 [ 378.589512] ? cap_capable+0x1c4/0x230 [ 378.593406] create_new_namespaces+0xc9/0x730 [ 378.597915] ? security_capable+0x88/0xb0 [ 378.602075] copy_namespaces+0x27b/0x310 [ 378.606145] copy_process.part.0+0x2603/0x6a70 [ 378.610735] ? get_pid_task+0xb8/0x130 [ 378.614629] ? save_trace+0x290/0x290 [ 378.618437] ? __lock_is_held+0xad/0x140 [ 378.622516] ? __cleanup_sighand+0x40/0x40 [ 378.626756] ? lock_downgrade+0x6e0/0x6e0 [ 378.630931] _do_fork+0x180/0xc80 [ 378.634394] ? fork_idle+0x270/0x270 [ 378.638114] ? fput+0xb/0x140 [ 378.641224] ? SyS_write+0x14d/0x210 [ 378.644939] ? SyS_read+0x210/0x210 [ 378.648568] ? SyS_clock_settime+0x1a0/0x1a0 [ 378.652978] ? do_syscall_64+0x4c/0x640 [ 378.656951] ? sys_vfork+0x20/0x20 [ 378.660499] do_syscall_64+0x1d5/0x640 [ 378.664395] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 378.670550] RIP: 0033:0x45c849 [ 378.673736] RSP: 002b:00007f6efb30fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 378.681452] RAX: ffffffffffffffda RBX: 00007f6efb3106d4 RCX: 000000000045c849 [ 378.688725] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 378.695995] RBP: 000000000076bf00 R08: ffffffffffffffff R09: 0000000000000000 03:35:29 executing program 3 (fault-call:8 fault-nth:25): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:29 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 378.703269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 378.710541] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000019 03:35:29 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 378.842675] FAULT_INJECTION: forcing a failure. [ 378.842675] name failslab, interval 1, probability 0, space 0, times 0 [ 378.854079] CPU: 0 PID: 14737 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 378.861964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 378.871323] Call Trace: [ 378.873914] dump_stack+0x13e/0x194 [ 378.877534] should_fail.cold+0x10a/0x14b [ 378.881676] should_failslab+0xd6/0x130 [ 378.885642] __kmalloc_track_caller+0x2e1/0x7b0 [ 378.890311] ? kstrdup_const+0x35/0x60 [ 378.894190] ? lock_acquire+0x170/0x3f0 [ 378.898163] ? lock_downgrade+0x6e0/0x6e0 [ 378.902315] kstrdup+0x36/0x70 [ 378.905505] kstrdup_const+0x35/0x60 [ 378.909229] alloc_vfsmnt+0xe0/0x7c0 [ 378.912956] clone_mnt+0x6c/0xf20 [ 378.916422] copy_tree+0x33a/0x860 [ 378.919961] copy_mnt_ns+0x112/0x8a0 [ 378.923669] ? copy_namespaces+0x112/0x310 [ 378.927902] ? cap_capable+0x1c4/0x230 [ 378.931805] create_new_namespaces+0xc9/0x730 [ 378.937006] ? security_capable+0x88/0xb0 [ 378.941237] copy_namespaces+0x27b/0x310 [ 378.945327] copy_process.part.0+0x2603/0x6a70 [ 378.949914] ? get_pid_task+0xb8/0x130 [ 378.953805] ? save_trace+0x290/0x290 [ 378.957607] ? __lock_is_held+0xad/0x140 [ 378.961670] ? __cleanup_sighand+0x40/0x40 [ 378.966259] ? lock_downgrade+0x6e0/0x6e0 [ 378.970472] _do_fork+0x180/0xc80 [ 378.973936] ? fork_idle+0x270/0x270 [ 378.977655] ? fput+0xb/0x140 [ 378.980763] ? SyS_write+0x14d/0x210 [ 378.984464] ? SyS_read+0x210/0x210 [ 378.988076] ? SyS_clock_settime+0x1a0/0x1a0 [ 378.992473] ? do_syscall_64+0x4c/0x640 [ 378.996432] ? sys_vfork+0x20/0x20 [ 378.999958] do_syscall_64+0x1d5/0x640 [ 379.003849] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 379.009057] RIP: 0033:0x45c849 [ 379.012237] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 379.019934] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 379.027188] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 379.034494] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 379.041751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 379.049014] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000019 03:35:30 executing program 2 (fault-call:9 fault-nth:26): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:30 executing program 0 (fault-call:10 fault-nth:0): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:30 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) setsockopt$nfc_llcp_NFC_LLCP_RW(r5, 0x118, 0x0, &(0x7f0000000000)=0x4, 0x4) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 379.323983] FAULT_INJECTION: forcing a failure. [ 379.323983] name failslab, interval 1, probability 0, space 0, times 0 [ 379.335545] CPU: 0 PID: 14753 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 379.343451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 379.352815] Call Trace: [ 379.355436] dump_stack+0x13e/0x194 [ 379.359202] should_fail.cold+0x10a/0x14b [ 379.363370] should_failslab+0xd6/0x130 [ 379.367364] kmem_cache_alloc_node+0x288/0x7a0 [ 379.371957] ? find_held_lock+0x2d/0x110 [ 379.376030] ? get_pid_task+0x91/0x130 [ 379.379934] copy_process.part.0+0x17d5/0x6a70 [ 379.384619] ? get_pid_task+0xb8/0x130 [ 379.388515] ? proc_fail_nth_write+0x7b/0x180 [ 379.393016] ? save_trace+0x290/0x290 [ 379.396821] ? __lock_is_held+0xad/0x140 [ 379.400897] ? find_held_lock+0x2d/0x110 [ 379.404973] ? __cleanup_sighand+0x40/0x40 [ 379.409220] ? lock_downgrade+0x6e0/0x6e0 [ 379.413385] _do_fork+0x180/0xc80 [ 379.416855] ? fork_idle+0x270/0x270 [ 379.420570] ? fput+0xb/0x140 [ 379.423674] ? SyS_write+0x14d/0x210 [ 379.427390] ? SyS_read+0x210/0x210 [ 379.431018] ? SyS_clock_settime+0x1a0/0x1a0 [ 379.435436] ? do_syscall_64+0x4c/0x640 [ 379.439413] ? sys_vfork+0x20/0x20 [ 379.442963] do_syscall_64+0x1d5/0x640 [ 379.446861] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 379.452054] RIP: 0033:0x45c849 [ 379.455243] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 379.462961] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 379.470231] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 379.477504] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 379.484772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 379.492045] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000000 [ 379.546008] FAULT_INJECTION: forcing a failure. [ 379.546008] name failslab, interval 1, probability 0, space 0, times 0 [ 379.557328] CPU: 0 PID: 14754 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 379.565208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 379.574551] Call Trace: [ 379.577142] dump_stack+0x13e/0x194 [ 379.580769] should_fail.cold+0x10a/0x14b [ 379.584919] should_failslab+0xd6/0x130 [ 379.588899] kmem_cache_alloc+0x2b5/0x770 [ 379.593052] ? find_held_lock+0x2d/0x110 [ 379.597113] ? copy_tree+0x4a0/0x860 [ 379.600832] alloc_vfsmnt+0x23/0x7c0 [ 379.604551] clone_mnt+0x6c/0xf20 [ 379.608019] copy_tree+0x33a/0x860 [ 379.611570] copy_mnt_ns+0x112/0x8a0 [ 379.615307] ? copy_namespaces+0x112/0x310 [ 379.619546] ? cap_capable+0x1c4/0x230 [ 379.623441] create_new_namespaces+0xc9/0x730 [ 379.627938] ? security_capable+0x88/0xb0 [ 379.632090] copy_namespaces+0x27b/0x310 [ 379.636160] copy_process.part.0+0x2603/0x6a70 [ 379.640743] ? get_pid_task+0xb8/0x130 03:35:30 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:30 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:30 executing program 3 (fault-call:8 fault-nth:26): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 379.644627] ? save_trace+0x290/0x290 [ 379.648435] ? __lock_is_held+0xad/0x140 [ 379.652513] ? __cleanup_sighand+0x40/0x40 [ 379.656760] ? lock_downgrade+0x6e0/0x6e0 [ 379.660923] _do_fork+0x180/0xc80 [ 379.664411] ? fork_idle+0x270/0x270 [ 379.668136] ? fput+0xb/0x140 [ 379.671245] ? SyS_write+0x14d/0x210 [ 379.674959] ? SyS_read+0x210/0x210 [ 379.678588] ? SyS_clock_settime+0x1a0/0x1a0 [ 379.683003] ? do_syscall_64+0x4c/0x640 [ 379.686992] ? sys_vfork+0x20/0x20 [ 379.690551] do_syscall_64+0x1d5/0x640 [ 379.694564] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 379.699759] RIP: 0033:0x45c849 [ 379.702949] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 379.710663] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 379.717933] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 379.725289] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 379.732561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 379.739834] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000001a [ 379.748473] FAULT_INJECTION: forcing a failure. [ 379.748473] name failslab, interval 1, probability 0, space 0, times 0 [ 379.759727] CPU: 0 PID: 14767 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 379.767610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 379.776972] Call Trace: [ 379.779572] dump_stack+0x13e/0x194 [ 379.783214] should_fail.cold+0x10a/0x14b [ 379.787377] should_failslab+0xd6/0x130 [ 379.791354] kmem_cache_alloc+0x2b5/0x770 [ 379.795511] ? find_held_lock+0x2d/0x110 [ 379.799577] ? copy_tree+0x4a0/0x860 [ 379.803296] alloc_vfsmnt+0x23/0x7c0 [ 379.807184] clone_mnt+0x6c/0xf20 [ 379.810641] copy_tree+0x33a/0x860 [ 379.814186] copy_mnt_ns+0x112/0x8a0 [ 379.817898] ? copy_namespaces+0x112/0x310 [ 379.822133] ? cap_capable+0x1c4/0x230 [ 379.826018] create_new_namespaces+0xc9/0x730 [ 379.830512] ? security_capable+0x88/0xb0 [ 379.834668] copy_namespaces+0x27b/0x310 [ 379.838736] copy_process.part.0+0x2603/0x6a70 [ 379.843366] ? get_pid_task+0xb8/0x130 [ 379.847262] ? save_trace+0x290/0x290 [ 379.851068] ? __lock_is_held+0xad/0x140 [ 379.855141] ? __cleanup_sighand+0x40/0x40 [ 379.859378] ? lock_downgrade+0x6e0/0x6e0 [ 379.863534] _do_fork+0x180/0xc80 [ 379.867075] ? fork_idle+0x270/0x270 [ 379.870791] ? fput+0xb/0x140 [ 379.873895] ? SyS_write+0x14d/0x210 [ 379.877606] ? SyS_read+0x210/0x210 [ 379.881233] ? SyS_clock_settime+0x1a0/0x1a0 [ 379.886011] ? do_syscall_64+0x4c/0x640 [ 379.889995] ? sys_vfork+0x20/0x20 [ 379.893537] do_syscall_64+0x1d5/0x640 [ 379.897439] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 379.902631] RIP: 0033:0x45c849 [ 379.906081] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 379.913899] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 379.921185] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 379.928458] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 379.935735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 379.943007] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000001a 03:35:31 executing program 2 (fault-call:9 fault-nth:27): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:31 executing program 0 (fault-call:10 fault-nth:1): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:31 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f00000001c0)=[{&(0x7f00000000c0)="680f7325392c6bc9c9953b8390c94cd40db7b9086cff6505e4768af8d6dc59ec3d713b400630d19b28b3e67ad626f598291fd01ebf7e9f1486f7869ecea8f5e7a927bebdd1fffffeff8e151022e3e34222d3506cf1a202d7f80d711cf42790b671e00dca24a33efd47116e8a5517d59e13e353493e2bdd40b846c9f78a95e60dd2c5699d8db18f3c1973ce548b5e9da32f8c4eb6eaa1dfabc86ee30afe0dbc417511da2b83bb9675f0d736fa55b1aa4eac867bd35ef4b92f138820737542d08f7f2f", 0xc2}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) ioctl$TIOCSISO7816(r2, 0xc0285443, &(0x7f0000000040)={0xff, 0x83f8, 0xec1, 0x5, 0x200}) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$IOC_PR_CLEAR(r1, 0x401070cd, &(0x7f0000000000)={0x1}) [ 380.177101] FAULT_INJECTION: forcing a failure. [ 380.177101] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 380.189370] CPU: 0 PID: 14785 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 380.197257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 380.206620] Call Trace: [ 380.209366] dump_stack+0x13e/0x194 [ 380.213011] should_fail.cold+0x10a/0x14b [ 380.217166] __alloc_pages_nodemask+0x1bf/0x700 [ 380.221844] ? _parse_integer+0xe5/0x130 [ 380.225910] ? __alloc_pages_slowpath+0x26c0/0x26c0 [ 380.230926] ? find_held_lock+0x2d/0x110 [ 380.234999] cache_grow_begin+0x7b/0x410 [ 380.239149] kmem_cache_alloc_node+0x6c8/0x7a0 [ 380.243729] ? find_held_lock+0x2d/0x110 [ 380.248053] ? get_pid_task+0x91/0x130 [ 380.251970] copy_process.part.0+0x17d5/0x6a70 [ 380.256558] ? get_pid_task+0xb8/0x130 [ 380.260446] ? proc_fail_nth_write+0x7b/0x180 [ 380.264960] ? save_trace+0x290/0x290 [ 380.268767] ? __lock_is_held+0xad/0x140 [ 380.272840] ? find_held_lock+0x2d/0x110 [ 380.276909] ? __cleanup_sighand+0x40/0x40 [ 380.281145] ? lock_downgrade+0x6e0/0x6e0 [ 380.285300] _do_fork+0x180/0xc80 [ 380.288756] ? fork_idle+0x270/0x270 [ 380.292467] ? fput+0xb/0x140 [ 380.295570] ? SyS_write+0x14d/0x210 [ 380.299285] ? SyS_read+0x210/0x210 [ 380.302910] ? SyS_clock_settime+0x1a0/0x1a0 [ 380.307322] ? do_syscall_64+0x4c/0x640 [ 380.311295] ? sys_vfork+0x20/0x20 [ 380.314839] do_syscall_64+0x1d5/0x640 [ 380.318730] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 380.323921] RIP: 0033:0x45c849 [ 380.327122] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 380.334844] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 380.342303] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 380.349573] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 380.356855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 380.364127] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000001 [ 380.374355] FAULT_INJECTION: forcing a failure. [ 380.374355] name failslab, interval 1, probability 0, space 0, times 0 [ 380.386154] CPU: 0 PID: 14776 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 380.394045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 380.403401] Call Trace: [ 380.405998] dump_stack+0x13e/0x194 [ 380.409634] should_fail.cold+0x10a/0x14b [ 380.413788] should_failslab+0xd6/0x130 [ 380.417785] kmem_cache_alloc+0x2b5/0x770 [ 380.421936] ? find_held_lock+0x2d/0x110 [ 380.426002] ? copy_tree+0x4a0/0x860 [ 380.429723] alloc_vfsmnt+0x23/0x7c0 [ 380.433442] clone_mnt+0x6c/0xf20 [ 380.437075] copy_tree+0x33a/0x860 [ 380.440648] copy_mnt_ns+0x112/0x8a0 [ 380.444363] ? copy_namespaces+0x112/0x310 [ 380.448599] ? cap_capable+0x1c4/0x230 [ 380.452489] create_new_namespaces+0xc9/0x730 [ 380.456986] ? security_capable+0x88/0xb0 [ 380.461146] copy_namespaces+0x27b/0x310 [ 380.465215] copy_process.part.0+0x2603/0x6a70 [ 380.469802] ? get_pid_task+0xb8/0x130 [ 380.473693] ? save_trace+0x290/0x290 [ 380.477488] ? __lock_is_held+0xad/0x140 [ 380.481558] ? __cleanup_sighand+0x40/0x40 [ 380.485793] ? lock_downgrade+0x6e0/0x6e0 [ 380.490558] _do_fork+0x180/0xc80 [ 380.494018] ? fork_idle+0x270/0x270 [ 380.497733] ? fput+0xb/0x140 [ 380.500841] ? SyS_write+0x14d/0x210 [ 380.504567] ? SyS_read+0x210/0x210 [ 380.508192] ? SyS_clock_settime+0x1a0/0x1a0 [ 380.512605] ? do_syscall_64+0x4c/0x640 [ 380.516588] ? sys_vfork+0x20/0x20 [ 380.520240] do_syscall_64+0x1d5/0x640 03:35:31 executing program 3 (fault-call:8 fault-nth:27): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:31 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:31 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 380.524146] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 380.529338] RIP: 0033:0x45c849 [ 380.532526] RSP: 002b:00007f6efb30fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 380.540237] RAX: ffffffffffffffda RBX: 00007f6efb3106d4 RCX: 000000000045c849 [ 380.547507] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 380.554777] RBP: 000000000076bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 380.562048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 380.569320] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000001b [ 380.698127] FAULT_INJECTION: forcing a failure. [ 380.698127] name failslab, interval 1, probability 0, space 0, times 0 [ 380.709504] CPU: 0 PID: 14802 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 380.717417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 380.726774] Call Trace: [ 380.729370] dump_stack+0x13e/0x194 [ 380.733007] should_fail.cold+0x10a/0x14b [ 380.737163] should_failslab+0xd6/0x130 [ 380.741151] kmem_cache_alloc+0x2b5/0x770 [ 380.745307] ? find_held_lock+0x2d/0x110 [ 380.749364] ? copy_tree+0x4a0/0x860 [ 380.753090] alloc_vfsmnt+0x23/0x7c0 [ 380.756814] clone_mnt+0x6c/0xf20 [ 380.760280] copy_tree+0x33a/0x860 [ 380.763829] copy_mnt_ns+0x112/0x8a0 [ 380.767547] ? copy_namespaces+0x112/0x310 [ 380.771787] ? cap_capable+0x1c4/0x230 [ 380.775717] create_new_namespaces+0xc9/0x730 [ 380.780215] ? security_capable+0x88/0xb0 [ 380.784365] copy_namespaces+0x27b/0x310 [ 380.788428] copy_process.part.0+0x2603/0x6a70 [ 380.793013] ? get_pid_task+0xb8/0x130 [ 380.796906] ? save_trace+0x290/0x290 [ 380.800715] ? __lock_is_held+0xad/0x140 [ 380.804790] ? __cleanup_sighand+0x40/0x40 [ 380.809027] ? lock_downgrade+0x6e0/0x6e0 [ 380.813192] _do_fork+0x180/0xc80 [ 380.816652] ? fork_idle+0x270/0x270 [ 380.820364] ? fput+0xb/0x140 [ 380.823482] ? SyS_write+0x14d/0x210 [ 380.827192] ? SyS_read+0x210/0x210 [ 380.830817] ? SyS_clock_settime+0x1a0/0x1a0 [ 380.835223] ? do_syscall_64+0x4c/0x640 [ 380.839194] ? sys_vfork+0x20/0x20 [ 380.842740] do_syscall_64+0x1d5/0x640 [ 380.846631] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 380.851815] RIP: 0033:0x45c849 [ 380.855002] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 380.862710] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 380.869979] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 380.877251] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 380.884521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 380.891813] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000001b 03:35:32 executing program 2 (fault-call:9 fault-nth:28): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:32 executing program 0 (fault-call:10 fault-nth:2): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:32 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r4) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r6) r7 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r8) setresuid(r4, r6, r8) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 381.014288] FAULT_INJECTION: forcing a failure. [ 381.014288] name failslab, interval 1, probability 0, space 0, times 0 [ 381.025863] CPU: 0 PID: 14817 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 381.033753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 381.043116] Call Trace: [ 381.045718] dump_stack+0x13e/0x194 [ 381.049359] should_fail.cold+0x10a/0x14b [ 381.053523] should_failslab+0xd6/0x130 [ 381.053788] FAULT_INJECTION: forcing a failure. [ 381.053788] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 381.057512] __kmalloc_track_caller+0x2e1/0x7b0 [ 381.057525] ? kstrdup_const+0x35/0x60 [ 381.057537] ? lock_acquire+0x170/0x3f0 [ 381.057546] ? lock_downgrade+0x6e0/0x6e0 [ 381.057559] kstrdup+0x36/0x70 [ 381.089189] kstrdup_const+0x35/0x60 [ 381.092907] alloc_vfsmnt+0xe0/0x7c0 [ 381.096615] clone_mnt+0x6c/0xf20 [ 381.100069] copy_tree+0x33a/0x860 [ 381.103614] copy_mnt_ns+0x112/0x8a0 [ 381.107320] ? copy_namespaces+0x112/0x310 [ 381.111540] ? cap_capable+0x1c4/0x230 [ 381.115417] create_new_namespaces+0xc9/0x730 [ 381.119898] ? security_capable+0x88/0xb0 [ 381.124040] copy_namespaces+0x27b/0x310 [ 381.128092] copy_process.part.0+0x2603/0x6a70 [ 381.132663] ? get_pid_task+0xb8/0x130 [ 381.136531] ? save_trace+0x290/0x290 [ 381.140318] ? __lock_is_held+0xad/0x140 [ 381.144366] ? __cleanup_sighand+0x40/0x40 [ 381.149028] ? lock_downgrade+0x6e0/0x6e0 [ 381.153163] _do_fork+0x180/0xc80 [ 381.156602] ? fork_idle+0x270/0x270 [ 381.160296] ? fput+0xb/0x140 [ 381.163384] ? SyS_write+0x14d/0x210 [ 381.167081] ? SyS_read+0x210/0x210 [ 381.170693] ? SyS_clock_settime+0x1a0/0x1a0 [ 381.175085] ? do_syscall_64+0x4c/0x640 [ 381.179043] ? sys_vfork+0x20/0x20 [ 381.182566] do_syscall_64+0x1d5/0x640 [ 381.186444] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 381.191625] RIP: 0033:0x45c849 [ 381.194807] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 381.202497] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 381.209750] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 381.217003] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 381.224254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 381.231508] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000001c [ 381.238783] CPU: 1 PID: 14818 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 381.246674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 381.256739] Call Trace: [ 381.259317] dump_stack+0x13e/0x194 [ 381.262946] should_fail.cold+0x10a/0x14b [ 381.267180] __alloc_pages_nodemask+0x1bf/0x700 [ 381.271852] ? __alloc_pages_slowpath+0x26c0/0x26c0 [ 381.276896] ? copy_process.part.0+0x17d5/0x6a70 [ 381.281661] ? rcu_read_lock_sched_held+0x10a/0x130 [ 381.286684] copy_process.part.0+0x26a/0x6a70 [ 381.291288] ? get_pid_task+0xb8/0x130 [ 381.295181] ? proc_fail_nth_write+0x7b/0x180 [ 381.299709] ? save_trace+0x290/0x290 [ 381.303504] ? __lock_is_held+0xad/0x140 [ 381.307571] ? find_held_lock+0x2d/0x110 [ 381.311619] ? __cleanup_sighand+0x40/0x40 [ 381.315870] ? lock_downgrade+0x6e0/0x6e0 [ 381.320008] _do_fork+0x180/0xc80 [ 381.323473] ? fork_idle+0x270/0x270 [ 381.327186] ? fput+0xb/0x140 [ 381.330290] ? SyS_write+0x14d/0x210 [ 381.334018] ? SyS_read+0x210/0x210 [ 381.337650] ? SyS_clock_settime+0x1a0/0x1a0 [ 381.342061] ? do_syscall_64+0x4c/0x640 [ 381.346036] ? sys_vfork+0x20/0x20 [ 381.349582] do_syscall_64+0x1d5/0x640 [ 381.353482] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 381.358669] RIP: 0033:0x45c849 03:35:32 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) getrandom(&(0x7f0000000180)=""/109, 0x6d, 0x1) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x59, &(0x7f00000000c0)=""/186, 0xad}, 0x6}], 0x1, 0x40000001, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x800) getsockopt$rose(r1, 0x104, 0x2, &(0x7f0000000040), 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:32 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) sendmsg$key(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x2, 0xe, 0x3, 0x7, 0x11, 0x0, 0x70bd25, 0x25dfdbfd, [@sadb_x_sa2={0x2, 0x13, 0xc0, 0x0, 0x0, 0x70bd2d, 0x34ff}, @sadb_x_nat_t_port={0x1, 0x16, 0x4e20}, @sadb_x_policy={0x8, 0x12, 0xffff, 0x1, 0x0, 0x6e6bb5, 0x10001, {0x6, 0x32, 0x80, 0xbf, 0x0, 0x3, 0x0, @in6=@remote, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}}, @sadb_lifetime={0x4, 0x3, 0xfffffff9, 0x4, 0xffff, 0x4}]}, 0x88}}, 0x40000) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$SIOCRSSCAUSE(r1, 0x89e1, &(0x7f0000000000)=0x9) [ 381.361859] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 381.369575] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 381.376843] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 381.384107] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 381.391381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 381.398649] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000002 03:35:32 executing program 3 (fault-call:8 fault-nth:28): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:32 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:32 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 381.564340] FAULT_INJECTION: forcing a failure. [ 381.564340] name failslab, interval 1, probability 0, space 0, times 0 [ 381.575728] CPU: 0 PID: 14837 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 381.583621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 381.592985] Call Trace: [ 381.595583] dump_stack+0x13e/0x194 [ 381.599392] should_fail.cold+0x10a/0x14b [ 381.603549] should_failslab+0xd6/0x130 [ 381.607530] kmem_cache_alloc+0x2b5/0x770 [ 381.611683] ? find_held_lock+0x2d/0x110 [ 381.615833] ? copy_tree+0x4a0/0x860 [ 381.619551] alloc_vfsmnt+0x23/0x7c0 [ 381.623265] clone_mnt+0x6c/0xf20 [ 381.626991] copy_tree+0x33a/0x860 [ 381.630533] copy_mnt_ns+0x112/0x8a0 [ 381.634246] ? copy_namespaces+0x112/0x310 [ 381.638483] ? cap_capable+0x1c4/0x230 [ 381.642375] create_new_namespaces+0xc9/0x730 [ 381.647040] ? security_capable+0x88/0xb0 [ 381.651199] copy_namespaces+0x27b/0x310 [ 381.655263] copy_process.part.0+0x2603/0x6a70 [ 381.659848] ? get_pid_task+0xb8/0x130 [ 381.663738] ? save_trace+0x290/0x290 [ 381.667543] ? __lock_is_held+0xad/0x140 [ 381.671612] ? __cleanup_sighand+0x40/0x40 [ 381.675843] ? lock_downgrade+0x6e0/0x6e0 [ 381.680371] _do_fork+0x180/0xc80 [ 381.683829] ? fork_idle+0x270/0x270 [ 381.687545] ? fput+0xb/0x140 [ 381.690647] ? SyS_write+0x14d/0x210 [ 381.694362] ? SyS_read+0x210/0x210 [ 381.697987] ? SyS_clock_settime+0x1a0/0x1a0 [ 381.702393] ? do_syscall_64+0x4c/0x640 [ 381.706367] ? sys_vfork+0x20/0x20 [ 381.709909] do_syscall_64+0x1d5/0x640 [ 381.713802] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 381.718989] RIP: 0033:0x45c849 [ 381.722181] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 381.729888] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 381.737176] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 381.744446] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 381.751727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 03:35:32 executing program 2 (fault-call:9 fault-nth:29): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 381.758994] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000001c 03:35:32 executing program 0 (fault-call:10 fault-nth:3): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 381.868175] FAULT_INJECTION: forcing a failure. [ 381.868175] name failslab, interval 1, probability 0, space 0, times 0 [ 381.879827] CPU: 0 PID: 14854 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 381.881973] FAULT_INJECTION: forcing a failure. [ 381.881973] name failslab, interval 1, probability 0, space 0, times 0 [ 381.887724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 381.887729] Call Trace: [ 381.887747] dump_stack+0x13e/0x194 [ 381.887766] should_fail.cold+0x10a/0x14b [ 381.918590] should_failslab+0xd6/0x130 [ 381.922569] __kmalloc_track_caller+0x2e1/0x7b0 [ 381.927237] ? kstrdup_const+0x35/0x60 [ 381.931113] ? lock_acquire+0x170/0x3f0 [ 381.935085] ? lock_downgrade+0x6e0/0x6e0 [ 381.939223] kstrdup+0x36/0x70 [ 381.942404] kstrdup_const+0x35/0x60 [ 381.946115] alloc_vfsmnt+0xe0/0x7c0 [ 381.949827] clone_mnt+0x6c/0xf20 [ 381.953297] copy_tree+0x33a/0x860 [ 381.956858] copy_mnt_ns+0x112/0x8a0 [ 381.960563] ? copy_namespaces+0x112/0x310 [ 381.964801] ? cap_capable+0x1c4/0x230 [ 381.968679] create_new_namespaces+0xc9/0x730 [ 381.973188] ? security_capable+0x88/0xb0 [ 381.977347] copy_namespaces+0x27b/0x310 [ 381.981407] copy_process.part.0+0x2603/0x6a70 [ 381.985992] ? get_pid_task+0xb8/0x130 [ 381.989874] ? save_trace+0x290/0x290 [ 381.993669] ? __lock_is_held+0xad/0x140 [ 381.997727] ? __cleanup_sighand+0x40/0x40 [ 382.001954] ? lock_downgrade+0x6e0/0x6e0 [ 382.006092] _do_fork+0x180/0xc80 [ 382.009620] ? fork_idle+0x270/0x270 [ 382.013348] ? fput+0xb/0x140 [ 382.016440] ? SyS_write+0x14d/0x210 [ 382.020150] ? SyS_read+0x210/0x210 [ 382.023767] ? SyS_clock_settime+0x1a0/0x1a0 [ 382.028174] ? do_syscall_64+0x4c/0x640 [ 382.032137] ? sys_vfork+0x20/0x20 [ 382.035662] do_syscall_64+0x1d5/0x640 [ 382.039539] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 382.044712] RIP: 0033:0x45c849 [ 382.047885] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 382.055577] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 382.062859] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 382.070109] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 382.077361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 382.084612] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000001d [ 382.091883] CPU: 1 PID: 14855 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 382.100050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 382.109507] Call Trace: [ 382.112104] dump_stack+0x13e/0x194 [ 382.115747] should_fail.cold+0x10a/0x14b [ 382.119906] should_failslab+0xd6/0x130 [ 382.123888] __kmalloc_track_caller+0x2e1/0x7b0 [ 382.128568] ? selinux_cred_prepare+0x44/0xa0 [ 382.133080] ? prepare_creds+0x37/0x380 [ 382.137066] kmemdup+0x23/0x50 [ 382.140268] selinux_cred_prepare+0x44/0xa0 [ 382.144602] security_prepare_creds+0x76/0xb0 [ 382.149110] prepare_creds+0x2cc/0x380 [ 382.153009] copy_creds+0x72/0x4d0 [ 382.156562] copy_process.part.0+0x868/0x6a70 [ 382.161074] ? get_pid_task+0xb8/0x130 [ 382.164965] ? proc_fail_nth_write+0x7b/0x180 [ 382.169471] ? save_trace+0x290/0x290 [ 382.173290] ? __lock_is_held+0xad/0x140 [ 382.177365] ? find_held_lock+0x2d/0x110 [ 382.181437] ? __cleanup_sighand+0x40/0x40 [ 382.185678] ? lock_downgrade+0x6e0/0x6e0 [ 382.189840] _do_fork+0x180/0xc80 [ 382.193301] ? fork_idle+0x270/0x270 [ 382.197016] ? fput+0xb/0x140 [ 382.200132] ? SyS_write+0x14d/0x210 [ 382.203843] ? SyS_read+0x210/0x210 [ 382.207471] ? SyS_clock_settime+0x1a0/0x1a0 [ 382.211889] ? do_syscall_64+0x4c/0x640 [ 382.215870] ? sys_vfork+0x20/0x20 [ 382.219417] do_syscall_64+0x1d5/0x640 [ 382.223318] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 382.228505] RIP: 0033:0x45c849 [ 382.231730] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 382.239440] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 382.246710] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 382.253984] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 382.261255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 03:35:33 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 382.268526] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000003 03:35:33 executing program 3 (fault-call:8 fault-nth:29): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:33 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 382.466413] FAULT_INJECTION: forcing a failure. [ 382.466413] name failslab, interval 1, probability 0, space 0, times 0 [ 382.477811] CPU: 1 PID: 14870 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 382.485706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 382.495067] Call Trace: [ 382.497666] dump_stack+0x13e/0x194 [ 382.501314] should_fail.cold+0x10a/0x14b [ 382.505481] should_failslab+0xd6/0x130 [ 382.509463] kmem_cache_alloc+0x2b5/0x770 [ 382.513625] ? find_held_lock+0x2d/0x110 [ 382.517779] ? copy_tree+0x4a0/0x860 [ 382.521510] alloc_vfsmnt+0x23/0x7c0 [ 382.525230] clone_mnt+0x6c/0xf20 [ 382.528696] copy_tree+0x33a/0x860 [ 382.532247] copy_mnt_ns+0x112/0x8a0 [ 382.535968] ? copy_namespaces+0x112/0x310 [ 382.540205] ? cap_capable+0x1c4/0x230 [ 382.544185] create_new_namespaces+0xc9/0x730 [ 382.548771] ? security_capable+0x88/0xb0 [ 382.552927] copy_namespaces+0x27b/0x310 [ 382.556997] copy_process.part.0+0x2603/0x6a70 [ 382.561622] ? get_pid_task+0xb8/0x130 [ 382.565520] ? save_trace+0x290/0x290 [ 382.569398] ? __lock_is_held+0xad/0x140 [ 382.573476] ? __cleanup_sighand+0x40/0x40 [ 382.577713] ? lock_downgrade+0x6e0/0x6e0 [ 382.581871] _do_fork+0x180/0xc80 [ 382.585328] ? fork_idle+0x270/0x270 [ 382.589047] ? fput+0xb/0x140 [ 382.592154] ? SyS_write+0x14d/0x210 [ 382.595870] ? SyS_read+0x210/0x210 [ 382.599503] ? SyS_clock_settime+0x1a0/0x1a0 [ 382.603916] ? do_syscall_64+0x4c/0x640 [ 382.607891] ? sys_vfork+0x20/0x20 [ 382.611435] do_syscall_64+0x1d5/0x640 [ 382.615338] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 382.620525] RIP: 0033:0x45c849 [ 382.623716] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 382.631425] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 382.638698] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 382.646092] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 382.653467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 03:35:33 executing program 0 (fault-call:10 fault-nth:4): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:33 executing program 2 (fault-call:9 fault-nth:30): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:33 executing program 4: r0 = add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, r0) getpid() r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x8, 0x10200) setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f00000006c0)=ANY=[@ANYBLOB="72617700000000000000000000000000000000000000000000000000000000000200000003000000180200000000000090010000ffffffcb00000000000000778001000040020000400200008001000040020000030000000000000000000000e000170100000000ffffffff000000ff6d6163766c616e3100000000000000007866726d300000000000000000000000ff0000000000000000000000000000000000000000000000000000000000000000000186000000007000d00000000000000000000000000000000000000000006000484d41524b00000000000000000000000000000000000000000000000000ff0105000000000100000000000000010000000000000000000000000000000000000000000000000000000000000000fcffffff000000000000000000000000ac1e0001e0000002000000000000000076657468305f746f5f6261746164760073697430000000000000000000000000000000000000000000000000000000000000000000000000000000000000000032000020000000007000b00000000000000000000000000000000000000000004000524154454553540000000000000000000000000000000000000000000000737974af68f64e43f351f97a31000000000000000000000000fded000000000000000000000000000000000000e00a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b1000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x278) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000080), 0x20) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r5, 0x84, 0xf, &(0x7f0000000100)={0x0, @in={{0x2, 0x4e20, @empty}}, 0x0, 0x1000, 0x7, 0x6}, &(0x7f0000000200)=0x98) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000240)={0x5, 0x5, 0x4, 0x1800000, 0x2, 0x9, 0x7, 0x3, r6}, 0x20) r7 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) ioctl(r7, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") dup2(r4, r7) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 382.661092] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000001d [ 382.774085] FAULT_INJECTION: forcing a failure. [ 382.774085] name failslab, interval 1, probability 0, space 0, times 0 [ 382.785526] CPU: 0 PID: 14881 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 382.793426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 382.802788] Call Trace: [ 382.805387] dump_stack+0x13e/0x194 [ 382.809027] should_fail.cold+0x10a/0x14b [ 382.813181] should_failslab+0xd6/0x130 [ 382.817174] kmem_cache_alloc+0x2b5/0x770 [ 382.821325] ? retire_userns_sysctls+0x80/0x80 [ 382.825911] create_user_ns+0x3cb/0xca0 [ 382.829891] copy_creds+0x3c1/0x4d0 [ 382.833525] copy_process.part.0+0x868/0x6a70 [ 382.838024] ? get_pid_task+0xb8/0x130 [ 382.841913] ? proc_fail_nth_write+0x7b/0x180 [ 382.846409] ? save_trace+0x290/0x290 [ 382.850209] ? __lock_is_held+0xad/0x140 [ 382.854271] ? find_held_lock+0x2d/0x110 [ 382.858342] ? __cleanup_sighand+0x40/0x40 [ 382.862573] ? lock_downgrade+0x6e0/0x6e0 [ 382.866727] _do_fork+0x180/0xc80 [ 382.870184] ? fork_idle+0x270/0x270 [ 382.873899] ? fput+0xb/0x140 [ 382.877001] ? SyS_write+0x14d/0x210 [ 382.880713] ? SyS_read+0x210/0x210 [ 382.884343] ? SyS_clock_settime+0x1a0/0x1a0 [ 382.888848] ? do_syscall_64+0x4c/0x640 [ 382.892831] ? sys_vfork+0x20/0x20 [ 382.896377] do_syscall_64+0x1d5/0x640 [ 382.900278] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 382.905472] RIP: 0033:0x45c849 [ 382.908661] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 382.916373] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 382.923660] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 382.930933] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 382.938303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 382.945590] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000004 [ 383.000470] FAULT_INJECTION: forcing a failure. [ 383.000470] name failslab, interval 1, probability 0, space 0, times 0 [ 383.011762] CPU: 0 PID: 14879 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 383.019644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 383.029014] Call Trace: [ 383.031615] dump_stack+0x13e/0x194 [ 383.035258] should_fail.cold+0x10a/0x14b [ 383.039432] should_failslab+0xd6/0x130 [ 383.043526] kmem_cache_alloc+0x2b5/0x770 [ 383.047685] ? find_held_lock+0x2d/0x110 [ 383.051750] ? copy_tree+0x4a0/0x860 [ 383.055472] alloc_vfsmnt+0x23/0x7c0 [ 383.059193] clone_mnt+0x6c/0xf20 [ 383.062655] copy_tree+0x33a/0x860 [ 383.066204] copy_mnt_ns+0x112/0x8a0 [ 383.069922] ? copy_namespaces+0x112/0x310 [ 383.074163] ? cap_capable+0x1c4/0x230 [ 383.078176] create_new_namespaces+0xc9/0x730 [ 383.082686] ? security_capable+0x88/0xb0 [ 383.086850] copy_namespaces+0x27b/0x310 [ 383.090922] copy_process.part.0+0x2603/0x6a70 [ 383.095521] ? get_pid_task+0xb8/0x130 [ 383.099415] ? save_trace+0x290/0x290 [ 383.103222] ? __lock_is_held+0xad/0x140 [ 383.107301] ? __cleanup_sighand+0x40/0x40 [ 383.111542] ? lock_downgrade+0x6e0/0x6e0 [ 383.115700] _do_fork+0x180/0xc80 [ 383.119158] ? fork_idle+0x270/0x270 [ 383.122870] ? fput+0xb/0x140 [ 383.125977] ? SyS_write+0x14d/0x210 [ 383.129693] ? SyS_read+0x210/0x210 [ 383.133321] ? SyS_clock_settime+0x1a0/0x1a0 [ 383.137730] ? do_syscall_64+0x4c/0x640 [ 383.141702] ? sys_vfork+0x20/0x20 [ 383.145242] do_syscall_64+0x1d5/0x640 [ 383.149137] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 383.154324] RIP: 0033:0x45c849 [ 383.157537] RSP: 002b:00007f6efb30fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 383.165248] RAX: ffffffffffffffda RBX: 00007f6efb3106d4 RCX: 000000000045c849 [ 383.172525] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 383.179799] RBP: 000000000076bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 383.187067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 383.194338] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000001e 03:35:34 executing program 3 (fault-call:8 fault-nth:30): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:34 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:34 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 383.341457] FAULT_INJECTION: forcing a failure. [ 383.341457] name failslab, interval 1, probability 0, space 0, times 0 [ 383.352790] CPU: 1 PID: 14896 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 383.360693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 383.370053] Call Trace: [ 383.372658] dump_stack+0x13e/0x194 [ 383.376299] should_fail.cold+0x10a/0x14b [ 383.380460] should_failslab+0xd6/0x130 [ 383.384446] __kmalloc_track_caller+0x2e1/0x7b0 [ 383.389120] ? kstrdup_const+0x35/0x60 [ 383.393018] ? lock_acquire+0x170/0x3f0 [ 383.396999] ? lock_downgrade+0x6e0/0x6e0 [ 383.401153] kstrdup+0x36/0x70 [ 383.404353] kstrdup_const+0x35/0x60 [ 383.408181] alloc_vfsmnt+0xe0/0x7c0 [ 383.411908] clone_mnt+0x6c/0xf20 [ 383.415371] copy_tree+0x33a/0x860 [ 383.419017] copy_mnt_ns+0x112/0x8a0 [ 383.422744] ? copy_namespaces+0x112/0x310 [ 383.426977] ? cap_capable+0x1c4/0x230 [ 383.430871] create_new_namespaces+0xc9/0x730 [ 383.435366] ? security_capable+0x88/0xb0 [ 383.439517] copy_namespaces+0x27b/0x310 [ 383.443582] copy_process.part.0+0x2603/0x6a70 [ 383.448173] ? get_pid_task+0xb8/0x130 [ 383.452089] ? save_trace+0x290/0x290 [ 383.455893] ? __lock_is_held+0xad/0x140 [ 383.460066] ? __cleanup_sighand+0x40/0x40 [ 383.464396] ? lock_downgrade+0x6e0/0x6e0 [ 383.468556] _do_fork+0x180/0xc80 [ 383.472020] ? fork_idle+0x270/0x270 [ 383.475747] ? fput+0xb/0x140 [ 383.478856] ? SyS_write+0x14d/0x210 [ 383.482572] ? SyS_read+0x210/0x210 [ 383.486197] ? SyS_clock_settime+0x1a0/0x1a0 03:35:34 executing program 0 (fault-call:10 fault-nth:5): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 383.490608] ? do_syscall_64+0x4c/0x640 [ 383.494584] ? sys_vfork+0x20/0x20 [ 383.498138] do_syscall_64+0x1d5/0x640 [ 383.502033] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 383.507225] RIP: 0033:0x45c849 [ 383.510411] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 383.518131] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 383.525404] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 383.532681] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 03:35:34 executing program 2 (fault-call:9 fault-nth:31): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 383.539963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 383.547232] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000001e 03:35:34 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 383.659132] FAULT_INJECTION: forcing a failure. [ 383.659132] name failslab, interval 1, probability 0, space 0, times 0 [ 383.670795] CPU: 1 PID: 14907 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 383.678695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 383.688053] Call Trace: [ 383.690661] dump_stack+0x13e/0x194 [ 383.694307] should_fail.cold+0x10a/0x14b [ 383.698469] should_failslab+0xd6/0x130 [ 383.702455] __kmalloc_track_caller+0x2e1/0x7b0 [ 383.707236] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 383.712347] ? setup_userns_sysctls+0x4d/0x170 [ 383.716944] kmemdup+0x23/0x50 [ 383.720156] setup_userns_sysctls+0x4d/0x170 [ 383.724574] create_user_ns+0x76a/0xca0 [ 383.728560] copy_creds+0x3c1/0x4d0 [ 383.732192] copy_process.part.0+0x868/0x6a70 [ 383.736698] ? get_pid_task+0xb8/0x130 [ 383.740594] ? proc_fail_nth_write+0x7b/0x180 [ 383.745096] ? save_trace+0x290/0x290 [ 383.748902] ? __lock_is_held+0xad/0x140 [ 383.752971] ? find_held_lock+0x2d/0x110 [ 383.757046] ? __cleanup_sighand+0x40/0x40 [ 383.761286] ? lock_downgrade+0x6e0/0x6e0 [ 383.765446] _do_fork+0x180/0xc80 [ 383.768910] ? fork_idle+0x270/0x270 [ 383.772634] ? fput+0xb/0x140 [ 383.775748] ? SyS_write+0x14d/0x210 [ 383.779465] ? SyS_read+0x210/0x210 [ 383.783104] ? SyS_clock_settime+0x1a0/0x1a0 [ 383.787516] ? do_syscall_64+0x4c/0x640 [ 383.791491] ? sys_vfork+0x20/0x20 [ 383.795035] do_syscall_64+0x1d5/0x640 [ 383.798935] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 383.804125] RIP: 0033:0x45c849 [ 383.807199] FAULT_INJECTION: forcing a failure. [ 383.807199] name failslab, interval 1, probability 0, space 0, times 0 [ 383.807317] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 383.826198] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 383.833459] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 383.840713] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 383.847975] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 383.855227] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000005 [ 383.862506] CPU: 0 PID: 14910 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 383.870395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 383.880010] Call Trace: [ 383.882609] dump_stack+0x13e/0x194 [ 383.886244] should_fail.cold+0x10a/0x14b [ 383.890399] should_failslab+0xd6/0x130 [ 383.894379] __kmalloc_track_caller+0x2e1/0x7b0 [ 383.899051] ? kstrdup_const+0x35/0x60 [ 383.902946] ? lock_acquire+0x170/0x3f0 [ 383.906925] ? lock_downgrade+0x6e0/0x6e0 [ 383.911090] kstrdup+0x36/0x70 [ 383.914270] kstrdup_const+0x35/0x60 [ 383.917965] alloc_vfsmnt+0xe0/0x7c0 [ 383.921663] clone_mnt+0x6c/0xf20 [ 383.925099] copy_tree+0x33a/0x860 [ 383.928640] copy_mnt_ns+0x112/0x8a0 [ 383.932347] ? copy_namespaces+0x112/0x310 [ 383.936569] ? cap_capable+0x1c4/0x230 [ 383.940448] create_new_namespaces+0xc9/0x730 [ 383.945027] ? security_capable+0x88/0xb0 [ 383.949287] copy_namespaces+0x27b/0x310 [ 383.953354] copy_process.part.0+0x2603/0x6a70 [ 383.957938] ? get_pid_task+0xb8/0x130 [ 383.961816] ? save_trace+0x290/0x290 [ 383.965610] ? __lock_is_held+0xad/0x140 [ 383.969665] ? __cleanup_sighand+0x40/0x40 [ 383.973898] ? lock_downgrade+0x6e0/0x6e0 [ 383.978052] _do_fork+0x180/0xc80 [ 383.981507] ? fork_idle+0x270/0x270 [ 383.985292] ? fput+0xb/0x140 [ 383.988381] ? SyS_write+0x14d/0x210 [ 383.992087] ? SyS_read+0x210/0x210 [ 383.995718] ? SyS_clock_settime+0x1a0/0x1a0 [ 384.000130] ? do_syscall_64+0x4c/0x640 [ 384.004156] ? sys_vfork+0x20/0x20 [ 384.007701] do_syscall_64+0x1d5/0x640 [ 384.011589] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 384.016765] RIP: 0033:0x45c849 [ 384.019960] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 384.031221] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 384.038474] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 384.045778] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 384.053041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 03:35:35 executing program 3 (fault-call:8 fault-nth:31): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:35 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:35 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 384.060302] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000001f [ 384.214546] FAULT_INJECTION: forcing a failure. [ 384.214546] name failslab, interval 1, probability 0, space 0, times 0 [ 384.225845] CPU: 1 PID: 14927 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 384.233733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 384.243101] Call Trace: [ 384.245714] dump_stack+0x13e/0x194 [ 384.249358] should_fail.cold+0x10a/0x14b [ 384.253518] should_failslab+0xd6/0x130 [ 384.257508] __kmalloc_track_caller+0x2e1/0x7b0 [ 384.262187] ? kstrdup_const+0x35/0x60 [ 384.266087] ? lock_acquire+0x170/0x3f0 [ 384.270069] ? lock_downgrade+0x6e0/0x6e0 [ 384.274242] kstrdup+0x36/0x70 [ 384.277445] kstrdup_const+0x35/0x60 [ 384.281169] alloc_vfsmnt+0xe0/0x7c0 [ 384.284890] clone_mnt+0x6c/0xf20 [ 384.288354] copy_tree+0x33a/0x860 [ 384.291908] copy_mnt_ns+0x112/0x8a0 [ 384.295628] ? copy_namespaces+0x112/0x310 [ 384.300228] ? cap_capable+0x1c4/0x230 [ 384.304132] create_new_namespaces+0xc9/0x730 [ 384.308637] ? security_capable+0x88/0xb0 [ 384.312803] copy_namespaces+0x27b/0x310 [ 384.316879] copy_process.part.0+0x2603/0x6a70 [ 384.321478] ? get_pid_task+0xb8/0x130 [ 384.325375] ? save_trace+0x290/0x290 [ 384.329182] ? __lock_is_held+0xad/0x140 [ 384.333355] ? __cleanup_sighand+0x40/0x40 [ 384.337603] ? lock_downgrade+0x6e0/0x6e0 [ 384.341765] _do_fork+0x180/0xc80 [ 384.345230] ? fork_idle+0x270/0x270 [ 384.348950] ? fput+0xb/0x140 [ 384.352060] ? SyS_write+0x14d/0x210 [ 384.355778] ? SyS_read+0x210/0x210 [ 384.359410] ? SyS_clock_settime+0x1a0/0x1a0 [ 384.368259] ? do_syscall_64+0x4c/0x640 [ 384.372252] ? sys_vfork+0x20/0x20 [ 384.375803] do_syscall_64+0x1d5/0x640 [ 384.379706] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 384.384901] RIP: 0033:0x45c849 [ 384.388091] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 384.395806] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 384.403085] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 03:35:35 executing program 0 (fault-call:10 fault-nth:6): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:35 executing program 2 (fault-call:9 fault-nth:32): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 384.410370] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 384.417644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 384.424920] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000001f 03:35:35 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) openat$cgroup_subtree(r5, &(0x7f0000000000)='cgroup.subtree_control\x00', 0x2, 0x0) [ 384.560771] FAULT_INJECTION: forcing a failure. [ 384.560771] name failslab, interval 1, probability 0, space 0, times 0 [ 384.572095] CPU: 1 PID: 14940 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 384.579989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 384.589431] Call Trace: [ 384.592058] dump_stack+0x13e/0x194 [ 384.595699] should_fail.cold+0x10a/0x14b [ 384.599865] should_failslab+0xd6/0x130 [ 384.603843] __kmalloc+0x2e9/0x7c0 [ 384.607399] ? __register_sysctl_table+0xc3/0xe60 [ 384.612242] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 384.617702] ? rcu_read_lock_sched_held+0x10a/0x130 [ 384.622728] ? __kmalloc_track_caller+0x366/0x7b0 [ 384.627582] __register_sysctl_table+0xc3/0xe60 [ 384.632281] ? memcpy+0x35/0x50 [ 384.635570] setup_userns_sysctls+0xb3/0x170 [ 384.639989] create_user_ns+0x76a/0xca0 [ 384.643974] copy_creds+0x3c1/0x4d0 [ 384.647613] copy_process.part.0+0x868/0x6a70 [ 384.652122] ? get_pid_task+0xb8/0x130 [ 384.656011] ? proc_fail_nth_write+0x7b/0x180 [ 384.660509] ? save_trace+0x290/0x290 [ 384.664313] ? __lock_is_held+0xad/0x140 [ 384.665164] FAULT_INJECTION: forcing a failure. [ 384.665164] name failslab, interval 1, probability 0, space 0, times 0 [ 384.668376] ? find_held_lock+0x2d/0x110 [ 384.683599] ? __cleanup_sighand+0x40/0x40 [ 384.687833] ? lock_downgrade+0x6e0/0x6e0 [ 384.692069] _do_fork+0x180/0xc80 [ 384.695523] ? fork_idle+0x270/0x270 [ 384.699239] ? fput+0xb/0x140 [ 384.702334] ? SyS_write+0x14d/0x210 [ 384.706046] ? SyS_read+0x210/0x210 [ 384.709681] ? SyS_clock_settime+0x1a0/0x1a0 [ 384.714098] ? do_syscall_64+0x4c/0x640 [ 384.718060] ? sys_vfork+0x20/0x20 [ 384.721589] do_syscall_64+0x1d5/0x640 [ 384.725464] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 384.730644] RIP: 0033:0x45c849 [ 384.733992] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 384.741685] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 384.748935] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 384.756275] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 384.763529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 384.770801] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000006 [ 384.778080] CPU: 0 PID: 14943 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 384.785971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 384.795331] Call Trace: [ 384.797907] dump_stack+0x13e/0x194 [ 384.801525] should_fail.cold+0x10a/0x14b [ 384.805662] should_failslab+0xd6/0x130 [ 384.809628] kmem_cache_alloc+0x2b5/0x770 [ 384.813792] ? find_held_lock+0x2d/0x110 [ 384.817840] ? copy_tree+0x4a0/0x860 [ 384.821541] alloc_vfsmnt+0x23/0x7c0 [ 384.825240] clone_mnt+0x6c/0xf20 [ 384.828680] copy_tree+0x33a/0x860 [ 384.832208] copy_mnt_ns+0x112/0x8a0 [ 384.835916] ? copy_namespaces+0x112/0x310 [ 384.840137] ? cap_capable+0x1c4/0x230 [ 384.844012] create_new_namespaces+0xc9/0x730 [ 384.848489] ? security_capable+0x88/0xb0 [ 384.852622] copy_namespaces+0x27b/0x310 [ 384.856670] copy_process.part.0+0x2603/0x6a70 [ 384.861239] ? get_pid_task+0xb8/0x130 [ 384.865112] ? save_trace+0x290/0x290 [ 384.869513] ? __lock_is_held+0xad/0x140 [ 384.873563] ? __cleanup_sighand+0x40/0x40 [ 384.877778] ? lock_downgrade+0x6e0/0x6e0 [ 384.881913] _do_fork+0x180/0xc80 [ 384.885350] ? fork_idle+0x270/0x270 [ 384.889054] ? fput+0xb/0x140 [ 384.892142] ? SyS_write+0x14d/0x210 [ 384.895837] ? SyS_read+0x210/0x210 [ 384.899449] ? SyS_clock_settime+0x1a0/0x1a0 [ 384.903840] ? do_syscall_64+0x4c/0x640 [ 384.907794] ? sys_vfork+0x20/0x20 [ 384.911320] do_syscall_64+0x1d5/0x640 [ 384.915194] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 384.920452] RIP: 0033:0x45c849 [ 384.923634] RSP: 002b:00007f6efb2cdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 384.931339] RAX: ffffffffffffffda RBX: 00007f6efb2ce6d4 RCX: 000000000045c849 [ 384.938609] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 384.945869] RBP: 000000000076c040 R08: ffffffffffffffff R09: 0000000000000000 [ 384.953136] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 03:35:36 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 384.961347] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000020 03:35:36 executing program 3 (fault-call:8 fault-nth:32): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:36 executing program 2 (fault-call:9 fault-nth:33): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:36 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 385.139372] FAULT_INJECTION: forcing a failure. [ 385.139372] name failslab, interval 1, probability 0, space 0, times 0 [ 385.150829] CPU: 1 PID: 14961 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 385.158722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 385.168076] Call Trace: [ 385.170673] dump_stack+0x13e/0x194 [ 385.174402] should_fail.cold+0x10a/0x14b [ 385.178559] should_failslab+0xd6/0x130 [ 385.182528] kmem_cache_alloc+0x2b5/0x770 [ 385.186684] ? find_held_lock+0x2d/0x110 [ 385.190738] ? copy_tree+0x4a0/0x860 [ 385.194456] alloc_vfsmnt+0x23/0x7c0 [ 385.198172] clone_mnt+0x6c/0xf20 [ 385.201658] copy_tree+0x33a/0x860 [ 385.205216] copy_mnt_ns+0x112/0x8a0 [ 385.208937] ? copy_namespaces+0x112/0x310 [ 385.213291] ? cap_capable+0x1c4/0x230 [ 385.217243] create_new_namespaces+0xc9/0x730 [ 385.221741] ? security_capable+0x88/0xb0 [ 385.225902] copy_namespaces+0x27b/0x310 [ 385.229965] copy_process.part.0+0x2603/0x6a70 [ 385.234558] ? get_pid_task+0xb8/0x130 [ 385.238451] ? save_trace+0x290/0x290 [ 385.242260] ? __lock_is_held+0xad/0x140 [ 385.246327] ? __cleanup_sighand+0x40/0x40 [ 385.250553] ? lock_downgrade+0x6e0/0x6e0 [ 385.254695] _do_fork+0x180/0xc80 [ 385.258158] ? fork_idle+0x270/0x270 [ 385.261868] ? fput+0xb/0x140 [ 385.264955] ? SyS_write+0x14d/0x210 [ 385.268651] ? SyS_read+0x210/0x210 [ 385.272272] ? SyS_clock_settime+0x1a0/0x1a0 [ 385.276685] ? do_syscall_64+0x4c/0x640 [ 385.280654] ? sys_vfork+0x20/0x20 [ 385.284178] do_syscall_64+0x1d5/0x640 [ 385.288076] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 385.293277] RIP: 0033:0x45c849 [ 385.296477] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 385.304192] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 385.311570] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 385.319008] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 385.326289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 03:35:36 executing program 0 (fault-call:10 fault-nth:7): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 385.333566] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000020 [ 385.342528] FAULT_INJECTION: forcing a failure. [ 385.342528] name failslab, interval 1, probability 0, space 0, times 0 [ 385.353854] CPU: 0 PID: 14965 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 385.361740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 385.371098] Call Trace: [ 385.373704] dump_stack+0x13e/0x194 [ 385.377348] should_fail.cold+0x10a/0x14b [ 385.381504] should_failslab+0xd6/0x130 [ 385.385467] __kmalloc_track_caller+0x2e1/0x7b0 [ 385.390121] ? kstrdup_const+0x35/0x60 [ 385.394002] ? lock_acquire+0x170/0x3f0 [ 385.397968] ? lock_downgrade+0x6e0/0x6e0 [ 385.402110] kstrdup+0x36/0x70 [ 385.405298] kstrdup_const+0x35/0x60 [ 385.409001] alloc_vfsmnt+0xe0/0x7c0 [ 385.412714] clone_mnt+0x6c/0xf20 [ 385.416353] copy_tree+0x33a/0x860 [ 385.419892] copy_mnt_ns+0x112/0x8a0 [ 385.421123] FAULT_INJECTION: forcing a failure. [ 385.421123] name failslab, interval 1, probability 0, space 0, times 0 [ 385.423611] ? copy_namespaces+0x112/0x310 [ 385.423623] ? cap_capable+0x1c4/0x230 [ 385.423634] create_new_namespaces+0xc9/0x730 [ 385.423648] ? security_capable+0x88/0xb0 [ 385.451533] copy_namespaces+0x27b/0x310 [ 385.455587] copy_process.part.0+0x2603/0x6a70 [ 385.460156] ? get_pid_task+0xb8/0x130 [ 385.464028] ? save_trace+0x290/0x290 [ 385.467829] ? __lock_is_held+0xad/0x140 [ 385.471883] ? __cleanup_sighand+0x40/0x40 [ 385.476101] ? lock_downgrade+0x6e0/0x6e0 [ 385.480233] _do_fork+0x180/0xc80 [ 385.483672] ? fork_idle+0x270/0x270 [ 385.487385] ? fput+0xb/0x140 [ 385.490490] ? SyS_write+0x14d/0x210 [ 385.494227] ? SyS_read+0x210/0x210 [ 385.497845] ? SyS_clock_settime+0x1a0/0x1a0 [ 385.502242] ? do_syscall_64+0x4c/0x640 [ 385.506204] ? sys_vfork+0x20/0x20 [ 385.510099] do_syscall_64+0x1d5/0x640 [ 385.513985] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 385.519159] RIP: 0033:0x45c849 [ 385.522333] RSP: 002b:00007f6efb2cdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 385.530027] RAX: ffffffffffffffda RBX: 00007f6efb2ce6d4 RCX: 000000000045c849 [ 385.537287] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 385.544552] RBP: 000000000076c040 R08: ffffffffffffffff R09: 0000000000000000 [ 385.551897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 385.559153] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000021 [ 385.566422] CPU: 1 PID: 14970 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 385.574313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 385.583667] Call Trace: [ 385.586265] dump_stack+0x13e/0x194 [ 385.589902] should_fail.cold+0x10a/0x14b [ 385.594212] should_failslab+0xd6/0x130 [ 385.598193] __kmalloc+0x2e9/0x7c0 [ 385.601743] ? __register_sysctl_table+0xc3/0xe60 [ 385.606588] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 385.612308] ? rcu_read_lock_sched_held+0x10a/0x130 [ 385.617336] ? __kmalloc_track_caller+0x366/0x7b0 [ 385.622186] __register_sysctl_table+0xc3/0xe60 [ 385.626867] ? memcpy+0x35/0x50 [ 385.632691] setup_userns_sysctls+0xb3/0x170 [ 385.637107] create_user_ns+0x76a/0xca0 [ 385.641090] copy_creds+0x3c1/0x4d0 [ 385.644724] copy_process.part.0+0x868/0x6a70 [ 385.649317] ? get_pid_task+0xb8/0x130 [ 385.653214] ? proc_fail_nth_write+0x7b/0x180 [ 385.657737] ? save_trace+0x290/0x290 [ 385.661551] ? proc_cwd_link+0x1b0/0x1b0 [ 385.665623] ? find_held_lock+0x2d/0x110 [ 385.669703] ? __cleanup_sighand+0x40/0x40 [ 385.674031] ? lock_downgrade+0x6e0/0x6e0 [ 385.678194] _do_fork+0x180/0xc80 [ 385.681660] ? fork_idle+0x270/0x270 [ 385.685901] ? fput+0xb/0x140 [ 385.689152] ? SyS_write+0x14d/0x210 [ 385.692867] ? SyS_read+0x210/0x210 [ 385.696501] ? SyS_clock_settime+0x1a0/0x1a0 [ 385.701033] ? do_syscall_64+0x4c/0x640 [ 385.705013] ? sys_vfork+0x20/0x20 [ 385.708562] do_syscall_64+0x1d5/0x640 [ 385.712464] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 385.717666] RIP: 0033:0x45c849 [ 385.720860] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 385.728570] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 03:35:36 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) sendmsg$IPCTNL_MSG_EXP_GET(r2, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000480)={0x20c, 0x1, 0x2, 0x201, 0x0, 0x0, {0xc, 0x0, 0x1}, [@CTA_EXPECT_NAT={0x1f8, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_TUPLE={0x9c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @empty}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @local}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @rand_addr=0x4}}}]}, @CTA_EXPECT_NAT_TUPLE={0x94, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @rand_addr="5b41e0a6d2888b50155e56f088217f15"}, {0x14, 0x4, @rand_addr="8479198e4a3360e02b036ef4a239564a"}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}, @CTA_EXPECT_NAT_TUPLE={0x40, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}]}, @CTA_EXPECT_NAT_TUPLE={0x7c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @empty}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0xb3c}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @remote}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @empty}}}]}]}]}, 0x20c}, 0x1, 0x0, 0x0, 0x1d267a10b5512bd9}, 0x10) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 385.735872] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 385.743145] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 385.750424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 385.757701] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000007 [ 385.779512] NOHZ: local_softirq_pending 08 03:35:37 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:37 executing program 2 (fault-call:9 fault-nth:34): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:37 executing program 3 (fault-call:8 fault-nth:33): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:37 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 386.016233] FAULT_INJECTION: forcing a failure. [ 386.016233] name failslab, interval 1, probability 0, space 0, times 0 [ 386.027608] CPU: 0 PID: 14996 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 386.035500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 386.044862] Call Trace: [ 386.047464] dump_stack+0x13e/0x194 [ 386.051103] should_fail.cold+0x10a/0x14b [ 386.055269] should_failslab+0xd6/0x130 [ 386.059256] __kmalloc_track_caller+0x2e1/0x7b0 [ 386.063931] ? kstrdup_const+0x35/0x60 [ 386.067821] ? lock_acquire+0x170/0x3f0 [ 386.071813] ? lock_downgrade+0x6e0/0x6e0 [ 386.077246] kstrdup+0x36/0x70 [ 386.080454] kstrdup_const+0x35/0x60 [ 386.084181] alloc_vfsmnt+0xe0/0x7c0 [ 386.087897] clone_mnt+0x6c/0xf20 [ 386.091359] copy_tree+0x33a/0x860 [ 386.094905] copy_mnt_ns+0x112/0x8a0 [ 386.098624] ? copy_namespaces+0x112/0x310 [ 386.102859] ? cap_capable+0x1c4/0x230 [ 386.106753] create_new_namespaces+0xc9/0x730 [ 386.111248] ? security_capable+0x88/0xb0 [ 386.115435] copy_namespaces+0x27b/0x310 [ 386.119737] copy_process.part.0+0x2603/0x6a70 [ 386.124337] ? get_pid_task+0xb8/0x130 [ 386.128232] ? save_trace+0x290/0x290 [ 386.132034] ? __lock_is_held+0xad/0x140 [ 386.136105] ? __cleanup_sighand+0x40/0x40 [ 386.140339] ? lock_downgrade+0x6e0/0x6e0 [ 386.144506] _do_fork+0x180/0xc80 [ 386.147967] ? fork_idle+0x270/0x270 [ 386.151679] ? fput+0xb/0x140 [ 386.154780] ? SyS_write+0x14d/0x210 [ 386.158496] ? SyS_read+0x210/0x210 [ 386.162124] ? SyS_clock_settime+0x1a0/0x1a0 [ 386.166534] ? do_syscall_64+0x4c/0x640 [ 386.170512] ? sys_vfork+0x20/0x20 [ 386.174054] do_syscall_64+0x1d5/0x640 [ 386.177946] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 386.183132] RIP: 0033:0x45c849 [ 386.186315] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 386.194052] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 386.201318] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 386.208583] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 03:35:37 executing program 0 (fault-call:10 fault-nth:8): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 386.216377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 386.223647] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000021 [ 386.232702] FAULT_INJECTION: forcing a failure. [ 386.232702] name failslab, interval 1, probability 0, space 0, times 0 [ 386.243963] CPU: 0 PID: 14997 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 386.251854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 386.261211] Call Trace: [ 386.263816] dump_stack+0x13e/0x194 [ 386.267461] should_fail.cold+0x10a/0x14b [ 386.271628] should_failslab+0xd6/0x130 [ 386.275709] __kmalloc_track_caller+0x2e1/0x7b0 [ 386.280388] ? kstrdup_const+0x35/0x60 [ 386.284278] ? lock_acquire+0x170/0x3f0 [ 386.288256] ? lock_downgrade+0x6e0/0x6e0 [ 386.292405] kstrdup+0x36/0x70 [ 386.295597] kstrdup_const+0x35/0x60 [ 386.299575] alloc_vfsmnt+0xe0/0x7c0 [ 386.303293] clone_mnt+0x6c/0xf20 [ 386.306756] copy_tree+0x33a/0x860 [ 386.310303] copy_mnt_ns+0x112/0x8a0 [ 386.314018] ? copy_namespaces+0x112/0x310 [ 386.318249] ? cap_capable+0x1c4/0x230 [ 386.322141] create_new_namespaces+0xc9/0x730 [ 386.326641] ? security_capable+0x88/0xb0 [ 386.330791] copy_namespaces+0x27b/0x310 [ 386.336071] copy_process.part.0+0x2603/0x6a70 [ 386.340680] ? get_pid_task+0xb8/0x130 [ 386.345093] ? save_trace+0x290/0x290 [ 386.348895] ? __lock_is_held+0xad/0x140 [ 386.352970] ? __cleanup_sighand+0x40/0x40 [ 386.357211] ? lock_downgrade+0x6e0/0x6e0 [ 386.361372] _do_fork+0x180/0xc80 [ 386.364832] ? fork_idle+0x270/0x270 [ 386.368550] ? fput+0xb/0x140 [ 386.371663] ? SyS_write+0x14d/0x210 [ 386.375817] ? SyS_read+0x210/0x210 [ 386.379447] ? SyS_clock_settime+0x1a0/0x1a0 [ 386.383853] ? do_syscall_64+0x4c/0x640 [ 386.387954] ? sys_vfork+0x20/0x20 [ 386.391507] do_syscall_64+0x1d5/0x640 [ 386.395412] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 386.400633] RIP: 0033:0x45c849 [ 386.403821] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 386.411536] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 386.418808] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 386.426080] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 386.433785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 386.441058] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000022 [ 386.516077] FAULT_INJECTION: forcing a failure. [ 386.516077] name failslab, interval 1, probability 0, space 0, times 0 [ 386.527472] CPU: 1 PID: 15002 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 386.535372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 386.544724] Call Trace: [ 386.547337] dump_stack+0x13e/0x194 [ 386.550979] should_fail.cold+0x10a/0x14b [ 386.555147] should_failslab+0xd6/0x130 [ 386.559126] __kmalloc+0x2e9/0x7c0 [ 386.562703] ? __register_sysctl_table+0x7cc/0xe60 [ 386.567633] ? lock_downgrade+0x6e0/0x6e0 [ 386.571787] ? find_entry.isra.0+0x1d0/0x1d0 [ 386.576212] __register_sysctl_table+0x7cc/0xe60 [ 386.580957] ? memcpy+0x35/0x50 [ 386.584236] setup_userns_sysctls+0xb3/0x170 [ 386.588642] create_user_ns+0x76a/0xca0 [ 386.592620] copy_creds+0x3c1/0x4d0 [ 386.596252] copy_process.part.0+0x868/0x6a70 [ 386.600765] ? get_pid_task+0xb8/0x130 [ 386.604741] ? proc_fail_nth_write+0x7b/0x180 [ 386.609223] ? save_trace+0x290/0x290 [ 386.613018] ? __lock_is_held+0xad/0x140 [ 386.617075] ? find_held_lock+0x2d/0x110 [ 386.621850] ? __cleanup_sighand+0x40/0x40 [ 386.626079] ? lock_downgrade+0x6e0/0x6e0 [ 386.630340] _do_fork+0x180/0xc80 [ 386.633805] ? fork_idle+0x270/0x270 [ 386.637531] ? fput+0xb/0x140 [ 386.640633] ? SyS_write+0x14d/0x210 [ 386.644332] ? SyS_read+0x210/0x210 [ 386.647945] ? SyS_clock_settime+0x1a0/0x1a0 [ 386.652353] ? do_syscall_64+0x4c/0x640 [ 386.656338] ? sys_vfork+0x20/0x20 [ 386.659880] do_syscall_64+0x1d5/0x640 [ 386.663759] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 386.668930] RIP: 0033:0x45c849 [ 386.672107] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 386.679900] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 386.687162] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 386.694421] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 386.701691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 386.709119] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000008 [ 386.716909] sysctl could not get directory: //user -12 [ 386.722351] CPU: 0 PID: 15002 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 386.730273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 386.739628] Call Trace: [ 386.742230] dump_stack+0x13e/0x194 [ 386.745866] __register_sysctl_table+0x78e/0xe60 [ 386.750622] ? memcpy+0x35/0x50 [ 386.753904] setup_userns_sysctls+0xb3/0x170 [ 386.758315] create_user_ns+0x76a/0xca0 [ 386.762302] copy_creds+0x3c1/0x4d0 [ 386.765931] copy_process.part.0+0x868/0x6a70 [ 386.770437] ? get_pid_task+0xb8/0x130 [ 386.774358] ? proc_fail_nth_write+0x7b/0x180 [ 386.778876] ? save_trace+0x290/0x290 [ 386.782682] ? __lock_is_held+0xad/0x140 [ 386.789786] ? find_held_lock+0x2d/0x110 [ 386.793850] ? __cleanup_sighand+0x40/0x40 [ 386.798087] ? lock_downgrade+0x6e0/0x6e0 [ 386.802241] _do_fork+0x180/0xc80 [ 386.805704] ? fork_idle+0x270/0x270 [ 386.809417] ? fput+0xb/0x140 [ 386.812516] ? SyS_write+0x14d/0x210 [ 386.816234] ? SyS_read+0x210/0x210 [ 386.819869] ? SyS_clock_settime+0x1a0/0x1a0 [ 386.824283] ? do_syscall_64+0x4c/0x640 [ 386.828258] ? sys_vfork+0x20/0x20 [ 386.831801] do_syscall_64+0x1d5/0x640 [ 386.835701] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 386.840891] RIP: 0033:0x45c849 [ 386.844080] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 386.851788] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 386.859059] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 03:35:38 executing program 3 (fault-call:8 fault-nth:34): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 386.866330] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 386.873604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 386.880876] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000008 03:35:38 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:38 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:38 executing program 2 (fault-call:9 fault-nth:35): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:38 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) r0 = gettid() ioprio_set$pid(0x2, r0, 0x0) r1 = gettid() ioprio_set$pid(0x2, r1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x2, 0x3, 0x2d8, 0x0, 0x190, 0xcbffffff, 0x190, 0x77000000, 0x240, 0x240, 0x240, 0x240, 0x240, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x130, 0x190, 0x0, {}, [@common=@unspec=@string={{0xc0, 'string\x00'}, {0x0, 0x0, 'bm\x00', "bdc74c01369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa6ecab6b1d2cc05e3182f64694d7d05fb8b8c8f56627a54f905d564eeeb8334f650ca0f3c44f7fda4d20a55050342ea85ecc8838e7088de33582f36a0a375bb7008adc297a5ece1bb2df53d17bef26bb6f800", 0x7f}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@empty}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, 0x0, 0x0, 'veth0_to_batadv\x00', 'ip6gretap0\x00'}, 0x0, 0x70, 0xb0}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x338) setsockopt$sock_void(r2, 0x1, 0x1b, 0x0, 0x0) prlimit64(r1, 0x5, &(0x7f0000000280)={0x5, 0x8d}, 0x0) getpid() r3 = gettid() ioprio_set$pid(0x2, r3, 0x0) ptrace$setregset(0x4205, r3, 0x202, &(0x7f0000000000)={&(0x7f00000000c0)="2b6317cc6a981fd92bd1b7d5e637e76be973d809dd9e8fa0773de76e5e4b6b43dc2d6d0c817de9e1ec02cc825cbc9adafbd682edbcbdc4a3294e38143f21d0f1604f0d82cbed67dca18de3152f707f2ee765e1528160c2aae1f2e249fbfe936d5734c7fa16a30ef591253dfcb152707d69ef9abbf2ee630401a880bd0ca36cf8d31a", 0x82}) r4 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r4, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r6, 0x407, 0x0) vmsplice(r5, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x6, 0x10000000, 0x0, 0x2}, 0x0) clone(0x2002c100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 387.004291] xt_HMARK: hash modulus can't be zero [ 387.052699] FAULT_INJECTION: forcing a failure. [ 387.052699] name failslab, interval 1, probability 0, space 0, times 0 [ 387.063959] CPU: 1 PID: 15024 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 387.071851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 387.081207] Call Trace: [ 387.083806] dump_stack+0x13e/0x194 [ 387.087451] should_fail.cold+0x10a/0x14b [ 387.091619] should_failslab+0xd6/0x130 [ 387.095620] __kmalloc_track_caller+0x2e1/0x7b0 [ 387.100382] ? kstrdup_const+0x35/0x60 [ 387.104278] ? lock_acquire+0x170/0x3f0 [ 387.108262] ? lock_downgrade+0x6e0/0x6e0 [ 387.112425] kstrdup+0x36/0x70 [ 387.115626] kstrdup_const+0x35/0x60 [ 387.119450] alloc_vfsmnt+0xe0/0x7c0 [ 387.123273] clone_mnt+0x6c/0xf20 [ 387.126800] copy_tree+0x33a/0x860 [ 387.130362] copy_mnt_ns+0x112/0x8a0 [ 387.134180] ? copy_namespaces+0x112/0x310 [ 387.138421] ? cap_capable+0x1c4/0x230 [ 387.142319] create_new_namespaces+0xc9/0x730 [ 387.146921] ? security_capable+0x88/0xb0 [ 387.151186] copy_namespaces+0x27b/0x310 [ 387.155271] copy_process.part.0+0x2603/0x6a70 [ 387.159866] ? get_pid_task+0xb8/0x130 [ 387.163772] ? save_trace+0x290/0x290 [ 387.167592] ? __lock_is_held+0xad/0x140 [ 387.171771] ? __cleanup_sighand+0x40/0x40 [ 387.176020] ? lock_downgrade+0x6e0/0x6e0 [ 387.180441] _do_fork+0x180/0xc80 [ 387.184000] ? fork_idle+0x270/0x270 [ 387.187720] ? fput+0xb/0x140 [ 387.190932] ? SyS_write+0x14d/0x210 [ 387.194797] ? SyS_read+0x210/0x210 [ 387.198432] ? SyS_clock_settime+0x1a0/0x1a0 [ 387.202845] ? do_syscall_64+0x4c/0x640 [ 387.206825] ? sys_vfork+0x20/0x20 [ 387.210383] do_syscall_64+0x1d5/0x640 [ 387.214284] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 387.219590] RIP: 0033:0x45c849 [ 387.222799] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 387.230515] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 387.237785] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 387.245058] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 03:35:38 executing program 0 (fault-call:10 fault-nth:9): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 387.252418] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 387.259690] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000022 [ 387.268703] FAULT_INJECTION: forcing a failure. [ 387.268703] name failslab, interval 1, probability 0, space 0, times 0 [ 387.279941] CPU: 1 PID: 15027 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 387.287831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 387.297191] Call Trace: [ 387.299797] dump_stack+0x13e/0x194 [ 387.303451] should_fail.cold+0x10a/0x14b [ 387.307612] should_failslab+0xd6/0x130 [ 387.311627] kmem_cache_alloc+0x2b5/0x770 [ 387.315788] ? find_held_lock+0x2d/0x110 [ 387.319856] ? copy_tree+0x4a0/0x860 [ 387.323585] alloc_vfsmnt+0x23/0x7c0 [ 387.327304] clone_mnt+0x6c/0xf20 [ 387.330769] copy_tree+0x33a/0x860 [ 387.334324] copy_mnt_ns+0x112/0x8a0 [ 387.338046] ? copy_namespaces+0x112/0x310 [ 387.342286] ? cap_capable+0x1c4/0x230 [ 387.346185] create_new_namespaces+0xc9/0x730 [ 387.350750] ? security_capable+0x88/0xb0 [ 387.354913] copy_namespaces+0x27b/0x310 [ 387.359596] copy_process.part.0+0x2603/0x6a70 [ 387.364188] ? get_pid_task+0xb8/0x130 [ 387.368117] ? save_trace+0x290/0x290 [ 387.371925] ? __lock_is_held+0xad/0x140 [ 387.375999] ? __cleanup_sighand+0x40/0x40 [ 387.380267] ? lock_downgrade+0x6e0/0x6e0 [ 387.384441] _do_fork+0x180/0xc80 [ 387.387901] ? fork_idle+0x270/0x270 [ 387.391616] ? fput+0xb/0x140 [ 387.394722] ? SyS_write+0x14d/0x210 [ 387.397215] FAULT_INJECTION: forcing a failure. [ 387.397215] name failslab, interval 1, probability 0, space 0, times 0 [ 387.398464] ? SyS_read+0x210/0x210 [ 387.398477] ? SyS_clock_settime+0x1a0/0x1a0 [ 387.398489] ? do_syscall_64+0x4c/0x640 [ 387.398499] ? sys_vfork+0x20/0x20 [ 387.398511] do_syscall_64+0x1d5/0x640 [ 387.398526] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 387.398538] RIP: 0033:0x45c849 [ 387.437437] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 387.445132] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 387.452392] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 387.459656] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 387.466926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 387.474190] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000023 [ 387.481467] CPU: 0 PID: 15033 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 387.489358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 387.498712] Call Trace: [ 387.501301] dump_stack+0x13e/0x194 [ 387.504919] should_fail.cold+0x10a/0x14b [ 387.509054] should_failslab+0xd6/0x130 [ 387.513023] kmem_cache_alloc+0x2b5/0x770 [ 387.517160] ? __lockdep_init_map+0x100/0x560 [ 387.521644] dup_fd+0x81/0xa40 [ 387.524831] ? perf_event_init_task+0xfa/0x790 [ 387.529402] ? audit_alloc+0x86/0x640 [ 387.533216] copy_process.part.0+0x1b5a/0x6a70 [ 387.537787] ? get_pid_task+0xb8/0x130 [ 387.541761] ? proc_fail_nth_write+0x7b/0x180 [ 387.546255] ? save_trace+0x290/0x290 [ 387.550047] ? __lock_is_held+0xad/0x140 [ 387.554108] ? __cleanup_sighand+0x40/0x40 [ 387.558332] ? lock_downgrade+0x6e0/0x6e0 [ 387.562478] _do_fork+0x180/0xc80 [ 387.565916] ? fork_idle+0x270/0x270 [ 387.569615] ? fput+0xb/0x140 [ 387.572706] ? SyS_write+0x14d/0x210 [ 387.576409] ? SyS_read+0x210/0x210 [ 387.580023] ? SyS_clock_settime+0x1a0/0x1a0 [ 387.584428] ? do_syscall_64+0x4c/0x640 [ 387.588438] ? sys_vfork+0x20/0x20 [ 387.591968] do_syscall_64+0x1d5/0x640 [ 387.595853] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 387.601040] RIP: 0033:0x45c849 [ 387.604217] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 387.611948] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 387.619300] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 387.626558] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 387.633818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 387.641074] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000009 03:35:38 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:38 executing program 2 (fault-call:9 fault-nth:36): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:38 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:39 executing program 3 (fault-call:8 fault-nth:35): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 387.808856] xt_HMARK: hash modulus can't be zero 03:35:39 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x100000000, 0x3}, 0x0) getpid() r0 = socket$inet6(0xa, 0x5, 0xfffffffe) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$VIDIOC_QUERYCAP(r5, 0x80685600, &(0x7f0000000000)) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x5, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rename(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file0\x00') r6 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r6, 0x4000000000000, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x2, 0x3, 0x2d8, 0x0, 0x190, 0xcbffffff, 0x190, 0x77000000, 0x240, 0x240, 0x240, 0x240, 0x240, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x130, 0x190, 0x0, {}, [@common=@unspec=@string={{0xc0, 'string\x00'}, {0x0, 0x0, 'bm\x00', "bdc74c01369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa6ecab6b1d2cc05e3182f64694d7d05fb8b8c8f56627a54f905d564eeeb8334f650ca0f3c44f7fda4d20a55050342ea85ecc8838e7088de33582f36a0a375bb7008adc297a5ece1bb2df53d17bef26bb6f800", 0x7f}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@empty}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, 0x0, 0x0, 'veth0_to_batadv\x00', 'ip6gretap0\x00'}, 0x0, 0x70, 0xb0}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x338) write$binfmt_script(r6, &(0x7f00000000c0)=ANY=[@ANYBLOB="2321202e2f66696c65302076626f786e6574312073797a2073797a0af58b4df6f69b95aa3c2d573acf8ec8fcb82bad66d9ca6e357c19eec1910f04213833a3223ed40750cbfe397111001378091c360550b54673fdf14bc2a8eb78e3a26d14b53bbed857d2fb4b7efb23399ab7e4265493da840c1ed63fe324778ae359"], 0x58) [ 387.931010] FAULT_INJECTION: forcing a failure. [ 387.931010] name failslab, interval 1, probability 0, space 0, times 0 [ 387.942306] CPU: 0 PID: 15054 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 387.950205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 387.960466] Call Trace: [ 387.963069] dump_stack+0x13e/0x194 [ 387.966717] should_fail.cold+0x10a/0x14b [ 387.970881] should_failslab+0xd6/0x130 [ 387.974867] __kmalloc_track_caller+0x2e1/0x7b0 [ 387.979545] ? kstrdup_const+0x35/0x60 [ 387.983442] ? lock_acquire+0x170/0x3f0 [ 387.987509] ? lock_downgrade+0x6e0/0x6e0 [ 387.991667] kstrdup+0x36/0x70 [ 387.994871] kstrdup_const+0x35/0x60 [ 387.998595] alloc_vfsmnt+0xe0/0x7c0 [ 388.002318] clone_mnt+0x6c/0xf20 [ 388.005779] copy_tree+0x33a/0x860 [ 388.009323] copy_mnt_ns+0x112/0x8a0 [ 388.013075] ? copy_namespaces+0x112/0x310 [ 388.017313] ? cap_capable+0x1c4/0x230 [ 388.021209] create_new_namespaces+0xc9/0x730 [ 388.025709] ? security_capable+0x88/0xb0 [ 388.029870] copy_namespaces+0x27b/0x310 [ 388.033942] copy_process.part.0+0x2603/0x6a70 [ 388.038535] ? get_pid_task+0xb8/0x130 [ 388.042427] ? save_trace+0x290/0x290 [ 388.046229] ? __lock_is_held+0xad/0x140 [ 388.048820] xt_HMARK: hash modulus can't be zero [ 388.050301] ? __cleanup_sighand+0x40/0x40 [ 388.050314] ? lock_downgrade+0x6e0/0x6e0 [ 388.050331] _do_fork+0x180/0xc80 [ 388.050346] ? fork_idle+0x270/0x270 [ 388.050355] ? fput+0xb/0x140 [ 388.050363] ? SyS_write+0x14d/0x210 [ 388.050371] ? SyS_read+0x210/0x210 [ 388.050383] ? SyS_clock_settime+0x1a0/0x1a0 [ 388.085457] ? do_syscall_64+0x4c/0x640 [ 388.089481] ? sys_vfork+0x20/0x20 [ 388.093033] do_syscall_64+0x1d5/0x640 [ 388.096934] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 388.102134] RIP: 0033:0x45c849 [ 388.105325] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 388.114168] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 388.121445] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 388.128728] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 388.136003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 388.143283] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000023 [ 388.151986] FAULT_INJECTION: forcing a failure. [ 388.151986] name failslab, interval 1, probability 0, space 0, times 0 [ 388.163789] CPU: 0 PID: 15060 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 388.171688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 388.181044] Call Trace: [ 388.183645] dump_stack+0x13e/0x194 [ 388.187290] should_fail.cold+0x10a/0x14b [ 388.191453] should_failslab+0xd6/0x130 [ 388.195442] kmem_cache_alloc+0x2b5/0x770 [ 388.199603] ? find_held_lock+0x2d/0x110 [ 388.203673] ? copy_tree+0x4a0/0x860 [ 388.207397] alloc_vfsmnt+0x23/0x7c0 [ 388.211119] clone_mnt+0x6c/0xf20 [ 388.214697] copy_tree+0x33a/0x860 [ 388.218252] copy_mnt_ns+0x112/0x8a0 [ 388.221971] ? copy_namespaces+0x112/0x310 [ 388.226209] ? cap_capable+0x1c4/0x230 [ 388.230104] create_new_namespaces+0xc9/0x730 [ 388.234612] ? security_capable+0x88/0xb0 [ 388.238769] copy_namespaces+0x27b/0x310 [ 388.242838] copy_process.part.0+0x2603/0x6a70 [ 388.247518] ? get_pid_task+0xb8/0x130 [ 388.251413] ? save_trace+0x290/0x290 [ 388.255224] ? __lock_is_held+0xad/0x140 [ 388.259301] ? __cleanup_sighand+0x40/0x40 [ 388.263546] ? lock_downgrade+0x6e0/0x6e0 [ 388.267795] _do_fork+0x180/0xc80 [ 388.271347] ? fork_idle+0x270/0x270 [ 388.275151] ? fput+0xb/0x140 [ 388.278349] ? SyS_write+0x14d/0x210 [ 388.282068] ? SyS_read+0x210/0x210 [ 388.285705] ? SyS_clock_settime+0x1a0/0x1a0 [ 388.290119] ? do_syscall_64+0x4c/0x640 [ 388.294097] ? sys_vfork+0x20/0x20 [ 388.297645] do_syscall_64+0x1d5/0x640 [ 388.301543] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 388.306735] RIP: 0033:0x45c849 [ 388.309923] RSP: 002b:00007f6efb2cdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 388.321197] RAX: ffffffffffffffda RBX: 00007f6efb2ce6d4 RCX: 000000000045c849 03:35:39 executing program 0 (fault-call:10 fault-nth:10): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 388.328905] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 388.336269] RBP: 000000000076c040 R08: ffffffffffffffff R09: 0000000000000000 [ 388.344008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 388.351282] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000024 [ 388.420761] FAULT_INJECTION: forcing a failure. [ 388.420761] name failslab, interval 1, probability 0, space 0, times 0 [ 388.432221] CPU: 0 PID: 15067 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 388.440392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 388.450363] Call Trace: [ 388.452963] dump_stack+0x13e/0x194 [ 388.456607] should_fail.cold+0x10a/0x14b [ 388.460778] should_failslab+0xd6/0x130 [ 388.464779] kmem_cache_alloc_trace+0x2db/0x7b0 [ 388.469586] ? lock_downgrade+0x6e0/0x6e0 [ 388.473752] alloc_fdtable+0x78/0x270 [ 388.477570] dup_fd+0x683/0xa40 [ 388.480870] copy_process.part.0+0x1b5a/0x6a70 [ 388.485563] ? get_pid_task+0xb8/0x130 [ 388.489718] ? proc_fail_nth_write+0x7b/0x180 [ 388.494221] ? save_trace+0x290/0x290 [ 388.498039] ? __lock_is_held+0xad/0x140 [ 388.502119] ? __cleanup_sighand+0x40/0x40 [ 388.506478] ? lock_downgrade+0x6e0/0x6e0 [ 388.510725] _do_fork+0x180/0xc80 [ 388.514191] ? fork_idle+0x270/0x270 [ 388.517914] ? fput+0xb/0x140 [ 388.521027] ? SyS_write+0x14d/0x210 [ 388.524745] ? SyS_read+0x210/0x210 [ 388.528377] ? SyS_clock_settime+0x1a0/0x1a0 [ 388.532897] ? do_syscall_64+0x4c/0x640 [ 388.536885] ? sys_vfork+0x20/0x20 [ 388.540434] do_syscall_64+0x1d5/0x640 [ 388.544338] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 388.549534] RIP: 0033:0x45c849 [ 388.552798] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 388.560510] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 03:35:39 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) faccessat(r3, &(0x7f0000000040)='./file0\x00', 0x84, 0x80) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) r6 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) ioctl(r6, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") ioctl$EXT4_IOC_GROUP_EXTEND(r6, 0x40086607, &(0x7f0000000000)=0x10001) vmsplice(r4, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 388.567787] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 388.575173] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 388.582445] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 388.589721] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000000a 03:35:39 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:39 executing program 2 (fault-call:9 fault-nth:37): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:39 executing program 3 (fault-call:8 fault-nth:36): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:39 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 388.830519] FAULT_INJECTION: forcing a failure. [ 388.830519] name failslab, interval 1, probability 0, space 0, times 0 [ 388.842438] CPU: 0 PID: 15090 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 388.850312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 388.859658] Call Trace: [ 388.862245] dump_stack+0x13e/0x194 [ 388.866003] should_fail.cold+0x10a/0x14b [ 388.870167] should_failslab+0xd6/0x130 [ 388.874751] __kmalloc_track_caller+0x2e1/0x7b0 [ 388.879537] ? kstrdup_const+0x35/0x60 [ 388.883444] ? lock_acquire+0x170/0x3f0 [ 388.887602] ? lock_downgrade+0x6e0/0x6e0 [ 388.891965] kstrdup+0x36/0x70 [ 388.895175] kstrdup_const+0x35/0x60 [ 388.899003] alloc_vfsmnt+0xe0/0x7c0 [ 388.902912] clone_mnt+0x6c/0xf20 [ 388.906384] copy_tree+0x33a/0x860 [ 388.909952] copy_mnt_ns+0x112/0x8a0 [ 388.913687] ? copy_namespaces+0x112/0x310 [ 388.917929] ? cap_capable+0x1c4/0x230 [ 388.921828] create_new_namespaces+0xc9/0x730 [ 388.926335] ? security_capable+0x88/0xb0 [ 388.930502] copy_namespaces+0x27b/0x310 [ 388.934575] copy_process.part.0+0x2603/0x6a70 [ 388.939183] ? get_pid_task+0xb8/0x130 [ 388.943257] ? save_trace+0x290/0x290 [ 388.947074] ? __lock_is_held+0xad/0x140 [ 388.951155] ? __cleanup_sighand+0x40/0x40 [ 388.955401] ? lock_downgrade+0x6e0/0x6e0 [ 388.959567] _do_fork+0x180/0xc80 [ 388.963035] ? fork_idle+0x270/0x270 [ 388.966759] ? fput+0xb/0x140 [ 388.969870] ? SyS_write+0x14d/0x210 [ 388.979932] ? SyS_read+0x210/0x210 [ 388.983570] ? SyS_clock_settime+0x1a0/0x1a0 [ 388.987989] ? do_syscall_64+0x4c/0x640 [ 388.992667] ? sys_vfork+0x20/0x20 [ 388.996226] do_syscall_64+0x1d5/0x640 [ 389.000128] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 389.005322] RIP: 0033:0x45c849 [ 389.008514] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 389.017186] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 389.024464] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 389.031740] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 389.039018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 389.046300] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000024 [ 389.054635] FAULT_INJECTION: forcing a failure. [ 389.054635] name failslab, interval 1, probability 0, space 0, times 0 [ 389.065954] CPU: 1 PID: 15089 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 389.073856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 389.083214] Call Trace: [ 389.085816] dump_stack+0x13e/0x194 [ 389.089460] should_fail.cold+0x10a/0x14b [ 389.093623] should_failslab+0xd6/0x130 [ 389.097609] __kmalloc_track_caller+0x2e1/0x7b0 [ 389.102289] ? kstrdup_const+0x35/0x60 [ 389.106184] ? lock_acquire+0x170/0x3f0 [ 389.110199] ? lock_downgrade+0x6e0/0x6e0 [ 389.114351] kstrdup+0x36/0x70 [ 389.117559] kstrdup_const+0x35/0x60 [ 389.121281] alloc_vfsmnt+0xe0/0x7c0 [ 389.124998] clone_mnt+0x6c/0xf20 [ 389.128465] copy_tree+0x33a/0x860 [ 389.132015] copy_mnt_ns+0x112/0x8a0 [ 389.135734] ? copy_namespaces+0x112/0x310 [ 389.139974] ? cap_capable+0x1c4/0x230 [ 389.143870] create_new_namespaces+0xc9/0x730 [ 389.148369] ? security_capable+0x88/0xb0 [ 389.152530] copy_namespaces+0x27b/0x310 [ 389.156600] copy_process.part.0+0x2603/0x6a70 [ 389.161193] ? get_pid_task+0xb8/0x130 [ 389.165092] ? save_trace+0x290/0x290 [ 389.168906] ? __lock_is_held+0xad/0x140 [ 389.172979] ? __cleanup_sighand+0x40/0x40 [ 389.177222] ? lock_downgrade+0x6e0/0x6e0 [ 389.181388] _do_fork+0x180/0xc80 [ 389.184850] ? fork_idle+0x270/0x270 [ 389.188567] ? fput+0xb/0x140 [ 389.191677] ? SyS_write+0x14d/0x210 [ 389.195395] ? SyS_read+0x210/0x210 [ 389.199024] ? SyS_clock_settime+0x1a0/0x1a0 [ 389.203434] ? do_syscall_64+0x4c/0x640 [ 389.207414] ? sys_vfork+0x20/0x20 [ 389.210959] do_syscall_64+0x1d5/0x640 [ 389.214857] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 389.220055] RIP: 0033:0x45c849 [ 389.223246] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 03:35:40 executing program 0 (fault-call:10 fault-nth:11): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 389.230956] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 389.238226] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 389.245496] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 389.252767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 389.260041] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000025 [ 389.373900] FAULT_INJECTION: forcing a failure. [ 389.373900] name failslab, interval 1, probability 0, space 0, times 0 [ 389.385292] CPU: 1 PID: 15095 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 389.393185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 389.402549] Call Trace: [ 389.405143] dump_stack+0x13e/0x194 [ 389.408791] should_fail.cold+0x10a/0x14b [ 389.412960] should_failslab+0xd6/0x130 [ 389.416935] kmem_cache_alloc_node_trace+0x292/0x7b0 [ 389.422055] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 389.427526] ? alloc_fdtable+0x78/0x270 [ 389.431504] ? rcu_read_lock_sched_held+0x10a/0x130 [ 389.436607] __kmalloc_node+0x38/0x70 [ 389.440412] kvmalloc_node+0x46/0xd0 [ 389.444183] alloc_fdtable+0xc7/0x270 [ 389.447998] dup_fd+0x683/0xa40 [ 389.451301] copy_process.part.0+0x1b5a/0x6a70 [ 389.455907] ? get_pid_task+0xb8/0x130 [ 389.459793] ? proc_fail_nth_write+0x7b/0x180 [ 389.464297] ? save_trace+0x290/0x290 [ 389.468104] ? __lock_is_held+0xad/0x140 [ 389.472172] ? __cleanup_sighand+0x40/0x40 [ 389.476419] ? lock_downgrade+0x6e0/0x6e0 [ 389.480585] _do_fork+0x180/0xc80 [ 389.484049] ? fork_idle+0x270/0x270 [ 389.487768] ? fput+0xb/0x140 [ 389.490910] ? SyS_write+0x14d/0x210 [ 389.494642] ? SyS_read+0x210/0x210 [ 389.498275] ? SyS_clock_settime+0x1a0/0x1a0 [ 389.502688] ? do_syscall_64+0x4c/0x640 [ 389.506670] ? sys_vfork+0x20/0x20 [ 389.510219] do_syscall_64+0x1d5/0x640 [ 389.514121] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 389.519312] RIP: 0033:0x45c849 03:35:40 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:40 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000780)=ANY=[@ANYBLOB="72617700000000000000000000000000000000000008000000000000000000000200000003000000d80200000000000090010000ffffffcb9001000000000077400200004002000040020000400200004002000043000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000300190010000000000000000000000000000000000000000c000737472696e6700000000000000000000000000000000000000000000000100000000626d0000000000000000000000000000bdc74c01369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa6ecab6b1d2cc05e3182f64694d7d05fb8b8c8f56627a54f905d564eeeb8334f650ca0f3c44f7fda4d20a55050342ea85ecc8838e7088de33582f36a0a375bb7008adc297a5ece1bb2df53d17bef26bb6f800000000000000000000000000000000007f00000000000000000000006000484d41524b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ac1e0001e0000002000000000000000076657468305f746f5f6261746164760069703667726574617030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b00000000000000000000000000000000000000000004000524154454553540000bd6dfccc58a8456d0000000000000000000000000073797a31000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003b95000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000828009170c5947c1639a83e61c73b7793c93630e02b9504527dcff629f52bb224f2ecff8d3f0c486a96498182396cb7aaadbbabfb"], 0x338) getsockopt$inet_mreqsrc(r0, 0x0, 0x25, &(0x7f0000000000)={@multicast1, @broadcast, @dev}, &(0x7f0000000040)=0xc) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r2, 0xc0045520, &(0x7f00000000c0)=0x2) vmsplice(r2, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 389.522489] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 389.530191] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 389.537571] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 389.544831] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 389.552094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 389.559370] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000000b 03:35:40 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:40 executing program 2 (fault-call:9 fault-nth:38): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:40 executing program 3 (fault-call:8 fault-nth:37): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 389.724211] FAULT_INJECTION: forcing a failure. [ 389.724211] name failslab, interval 1, probability 0, space 0, times 0 [ 389.735612] CPU: 0 PID: 15118 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 389.743678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 389.753042] Call Trace: [ 389.755647] dump_stack+0x13e/0x194 [ 389.759406] should_fail.cold+0x10a/0x14b [ 389.763572] should_failslab+0xd6/0x130 [ 389.767564] __kmalloc_track_caller+0x2e1/0x7b0 [ 389.772240] ? kstrdup_const+0x35/0x60 [ 389.776139] ? lock_acquire+0x170/0x3f0 [ 389.780120] ? lock_downgrade+0x6e0/0x6e0 [ 389.784275] kstrdup+0x36/0x70 [ 389.787468] kstrdup_const+0x35/0x60 [ 389.791185] alloc_vfsmnt+0xe0/0x7c0 [ 389.794908] clone_mnt+0x6c/0xf20 [ 389.798384] copy_tree+0x33a/0x860 [ 389.801937] copy_mnt_ns+0x112/0x8a0 [ 389.805658] ? copy_namespaces+0x112/0x310 [ 389.809901] ? cap_capable+0x1c4/0x230 [ 389.813795] create_new_namespaces+0xc9/0x730 [ 389.818312] ? security_capable+0x88/0xb0 [ 389.822472] copy_namespaces+0x27b/0x310 [ 389.826543] copy_process.part.0+0x2603/0x6a70 [ 389.831140] ? get_pid_task+0xb8/0x130 [ 389.835036] ? save_trace+0x290/0x290 [ 389.838848] ? __lock_is_held+0xad/0x140 [ 389.842932] ? __cleanup_sighand+0x40/0x40 [ 389.847176] ? lock_downgrade+0x6e0/0x6e0 [ 389.851338] _do_fork+0x180/0xc80 [ 389.854808] ? fork_idle+0x270/0x270 [ 389.858532] ? fput+0xb/0x140 [ 389.861644] ? SyS_write+0x14d/0x210 [ 389.865361] ? SyS_read+0x210/0x210 [ 389.868993] ? SyS_clock_settime+0x1a0/0x1a0 [ 389.873405] ? do_syscall_64+0x4c/0x640 [ 389.877386] ? sys_vfork+0x20/0x20 [ 389.880932] do_syscall_64+0x1d5/0x640 [ 389.884835] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 389.890029] RIP: 0033:0x45c849 [ 389.893218] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 389.900936] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 389.908215] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 389.915492] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 389.922769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 389.930048] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000025 [ 389.938143] FAULT_INJECTION: forcing a failure. [ 389.938143] name failslab, interval 1, probability 0, space 0, times 0 [ 389.949429] CPU: 1 PID: 15121 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 389.957391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 389.966737] Call Trace: [ 389.969336] dump_stack+0x13e/0x194 [ 389.972974] should_fail.cold+0x10a/0x14b [ 389.977130] should_failslab+0xd6/0x130 [ 389.981113] kmem_cache_alloc+0x2b5/0x770 [ 389.985272] alloc_vfsmnt+0x23/0x7c0 [ 389.989000] ? clone_mnt+0x67/0xf20 [ 389.992636] clone_mnt+0x6c/0xf20 [ 389.996101] copy_tree+0x33a/0x860 [ 389.999652] copy_mnt_ns+0x112/0x8a0 [ 390.003375] ? copy_namespaces+0x112/0x310 [ 390.007615] ? cap_capable+0x1c4/0x230 [ 390.011509] create_new_namespaces+0xc9/0x730 [ 390.016008] ? security_capable+0x88/0xb0 [ 390.020167] copy_namespaces+0x27b/0x310 [ 390.024243] copy_process.part.0+0x2603/0x6a70 [ 390.028838] ? get_pid_task+0xb8/0x130 [ 390.032735] ? save_trace+0x290/0x290 [ 390.036542] ? __lock_is_held+0xad/0x140 [ 390.040617] ? __cleanup_sighand+0x40/0x40 [ 390.044856] ? lock_downgrade+0x6e0/0x6e0 [ 390.049018] _do_fork+0x180/0xc80 [ 390.052478] ? fork_idle+0x270/0x270 [ 390.056197] ? fput+0xb/0x140 [ 390.059304] ? SyS_write+0x14d/0x210 [ 390.063027] ? SyS_read+0x210/0x210 [ 390.066660] ? SyS_clock_settime+0x1a0/0x1a0 [ 390.071072] ? do_syscall_64+0x4c/0x640 [ 390.075051] ? sys_vfork+0x20/0x20 [ 390.078604] do_syscall_64+0x1d5/0x640 [ 390.082501] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 390.087694] RIP: 0033:0x45c849 [ 390.091838] RSP: 002b:00007f6efb2cdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 390.099550] RAX: ffffffffffffffda RBX: 00007f6efb2ce6d4 RCX: 000000000045c849 [ 390.107000] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 390.114280] RBP: 000000000076c040 R08: ffffffffffffffff R09: 0000000000000000 03:35:41 executing program 0 (fault-call:10 fault-nth:12): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 390.121560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 390.128836] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000026 [ 390.250337] FAULT_INJECTION: forcing a failure. [ 390.250337] name failslab, interval 1, probability 0, space 0, times 0 [ 390.261789] CPU: 0 PID: 15126 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 390.269685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 390.279048] Call Trace: [ 390.281649] dump_stack+0x13e/0x194 [ 390.285295] should_fail.cold+0x10a/0x14b [ 390.289459] should_failslab+0xd6/0x130 [ 390.293446] kmem_cache_alloc_node_trace+0x292/0x7b0 [ 390.298567] ? kasan_kmalloc+0xbf/0xe0 [ 390.302465] __kmalloc_node+0x38/0x70 [ 390.306273] kvmalloc_node+0x46/0xd0 [ 390.309993] alloc_fdtable+0x133/0x270 [ 390.313890] dup_fd+0x683/0xa40 [ 390.317181] copy_process.part.0+0x1b5a/0x6a70 [ 390.321771] ? get_pid_task+0xb8/0x130 [ 390.325776] ? proc_fail_nth_write+0x7b/0x180 [ 390.330282] ? save_trace+0x290/0x290 [ 390.334095] ? __lock_is_held+0xad/0x140 [ 390.338171] ? __cleanup_sighand+0x40/0x40 [ 390.342410] ? lock_downgrade+0x6e0/0x6e0 [ 390.346570] _do_fork+0x180/0xc80 [ 390.350039] ? fork_idle+0x270/0x270 [ 390.353758] ? fput+0xb/0x140 [ 390.356885] ? SyS_write+0x14d/0x210 [ 390.360600] ? SyS_read+0x210/0x210 [ 390.364234] ? SyS_clock_settime+0x1a0/0x1a0 [ 390.368647] ? do_syscall_64+0x4c/0x640 [ 390.372634] ? sys_vfork+0x20/0x20 [ 390.377139] do_syscall_64+0x1d5/0x640 [ 390.381043] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 390.386236] RIP: 0033:0x45c849 [ 390.389429] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 03:35:41 executing program 2 (fault-call:9 fault-nth:39): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:41 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 390.397140] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 390.404413] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 390.411691] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 390.418966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 390.426259] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000000c 03:35:41 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = socket$inet_udplite(0x2, 0x2, 0x88) socket$inet6(0xa, 0x1, 0x1000) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r4) syz_mount_image$reiserfs(&(0x7f0000000000)='reiserfs\x00', &(0x7f0000000040)='./file0\x00', 0x1, 0x1, &(0x7f0000000180)=[{&(0x7f00000000c0)="9be7a3c0670102d48e34128226b9b548fd00c84805914655b64907807193c6276d743795e4dbc6dd0c2a428c23541d6d6acb4e0069188d93caca787a5fbbfead987396c93c8805fe6aaff586330562697d96de9de05f4aa17445a27bbb9871110a8db701da3265ce462f87230859c095ffe17cb7384a7548b003a63763f8fbce2a52c9002b7a957d6d9a05c8888e9ea3ed850c8ce97133faf03b7a74e47cdc9be83c379e696613db737afec5feeb33d28db172ba4042ca62a1b7ae1b72", 0xbd, 0x4}], 0x2310005, &(0x7f00000001c0)={[{@acl='acl'}], [{@dont_appraise='dont_appraise'}, {@permit_directio='permit_directio'}, {@audit='audit'}, {@euid_eq={'euid', 0x3d, r4}}, {@pcr={'pcr', 0x3d, 0xe}}]}) 03:35:41 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:41 executing program 3 (fault-call:8 fault-nth:38): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 390.631004] FAULT_INJECTION: forcing a failure. [ 390.631004] name failslab, interval 1, probability 0, space 0, times 0 [ 390.642433] CPU: 0 PID: 15152 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 390.650331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 390.659687] Call Trace: [ 390.662296] dump_stack+0x13e/0x194 [ 390.665942] should_fail.cold+0x10a/0x14b [ 390.670103] should_failslab+0xd6/0x130 [ 390.674090] __kmalloc_track_caller+0x2e1/0x7b0 [ 390.678765] ? kstrdup_const+0x35/0x60 [ 390.682661] ? lock_acquire+0x170/0x3f0 [ 390.686648] ? lock_downgrade+0x6e0/0x6e0 [ 390.690797] kstrdup+0x36/0x70 [ 390.693992] kstrdup_const+0x35/0x60 [ 390.697698] alloc_vfsmnt+0xe0/0x7c0 [ 390.701402] clone_mnt+0x6c/0xf20 [ 390.704849] copy_tree+0x33a/0x860 [ 390.708383] copy_mnt_ns+0x112/0x8a0 [ 390.712091] ? copy_namespaces+0x112/0x310 [ 390.716312] ? cap_capable+0x1c4/0x230 [ 390.720189] create_new_namespaces+0xc9/0x730 [ 390.724685] ? security_capable+0x88/0xb0 [ 390.728833] copy_namespaces+0x27b/0x310 [ 390.732890] copy_process.part.0+0x2603/0x6a70 [ 390.737472] ? get_pid_task+0xb8/0x130 [ 390.741347] ? save_trace+0x290/0x290 [ 390.745136] ? __lock_is_held+0xad/0x140 [ 390.749185] ? __cleanup_sighand+0x40/0x40 [ 390.753406] ? lock_downgrade+0x6e0/0x6e0 [ 390.757539] _do_fork+0x180/0xc80 [ 390.760979] ? fork_idle+0x270/0x270 [ 390.764676] ? fput+0xb/0x140 [ 390.767771] ? SyS_write+0x14d/0x210 [ 390.771465] ? SyS_read+0x210/0x210 [ 390.775081] ? SyS_clock_settime+0x1a0/0x1a0 [ 390.779475] ? do_syscall_64+0x4c/0x640 [ 390.783447] ? sys_vfork+0x20/0x20 [ 390.786996] do_syscall_64+0x1d5/0x640 [ 390.790889] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 390.796078] RIP: 0033:0x45c849 [ 390.799273] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 390.806982] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 390.814262] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 390.821633] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 390.828910] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 390.836184] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000027 [ 390.844111] FAULT_INJECTION: forcing a failure. [ 390.844111] name failslab, interval 1, probability 0, space 0, times 0 [ 390.855834] CPU: 1 PID: 15153 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 390.863722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 390.873117] Call Trace: [ 390.875699] dump_stack+0x13e/0x194 [ 390.879330] should_fail.cold+0x10a/0x14b [ 390.883480] should_failslab+0xd6/0x130 [ 390.887456] kmem_cache_alloc+0x2b5/0x770 [ 390.891612] ? find_held_lock+0x2d/0x110 [ 390.895675] ? copy_tree+0x4a0/0x860 [ 390.899392] alloc_vfsmnt+0x23/0x7c0 [ 390.903106] clone_mnt+0x6c/0xf20 [ 390.906572] copy_tree+0x33a/0x860 [ 390.910130] copy_mnt_ns+0x112/0x8a0 [ 390.914367] ? copy_namespaces+0x112/0x310 [ 390.918611] ? cap_capable+0x1c4/0x230 [ 390.922511] create_new_namespaces+0xc9/0x730 [ 390.927018] ? security_capable+0x88/0xb0 [ 390.931171] copy_namespaces+0x27b/0x310 [ 390.935240] copy_process.part.0+0x2603/0x6a70 [ 390.939838] ? get_pid_task+0xb8/0x130 [ 390.943753] ? save_trace+0x290/0x290 [ 390.947557] ? __lock_is_held+0xad/0x140 [ 390.951636] ? __cleanup_sighand+0x40/0x40 [ 390.955875] ? lock_downgrade+0x6e0/0x6e0 [ 390.960031] _do_fork+0x180/0xc80 [ 390.963596] ? fork_idle+0x270/0x270 [ 390.967312] ? fput+0xb/0x140 [ 390.970415] ? SyS_write+0x14d/0x210 [ 390.974127] ? SyS_read+0x210/0x210 [ 390.977754] ? SyS_clock_settime+0x1a0/0x1a0 [ 390.982165] ? do_syscall_64+0x4c/0x640 [ 390.986140] ? sys_vfork+0x20/0x20 [ 390.989692] do_syscall_64+0x1d5/0x640 [ 390.993588] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 390.998775] RIP: 0033:0x45c849 [ 391.001963] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 391.009673] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 391.016945] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 391.024217] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 03:35:42 executing program 0 (fault-call:10 fault-nth:13): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 391.031490] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 391.038761] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000026 [ 391.123679] FAULT_INJECTION: forcing a failure. [ 391.123679] name failslab, interval 1, probability 0, space 0, times 0 [ 391.135204] CPU: 1 PID: 15159 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 391.143117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 391.152478] Call Trace: [ 391.155081] dump_stack+0x13e/0x194 [ 391.158734] should_fail.cold+0x10a/0x14b [ 391.162893] should_failslab+0xd6/0x130 [ 391.166879] kmem_cache_alloc+0x2b5/0x770 [ 391.171042] ? dup_fd+0x516/0xa40 [ 391.174506] copy_fs_struct+0x43/0x2d0 [ 391.178402] copy_process.part.0+0x3974/0x6a70 [ 391.183005] ? get_pid_task+0xb8/0x130 [ 391.186905] ? proc_fail_nth_write+0x7b/0x180 [ 391.191409] ? save_trace+0x290/0x290 [ 391.195216] ? __lock_is_held+0xad/0x140 [ 391.199293] ? __cleanup_sighand+0x40/0x40 [ 391.203531] ? lock_downgrade+0x6e0/0x6e0 [ 391.207699] _do_fork+0x180/0xc80 [ 391.211165] ? fork_idle+0x270/0x270 [ 391.214888] ? fput+0xb/0x140 [ 391.217997] ? SyS_write+0x14d/0x210 [ 391.221713] ? SyS_read+0x210/0x210 [ 391.225481] ? SyS_clock_settime+0x1a0/0x1a0 [ 391.229898] ? do_syscall_64+0x4c/0x640 [ 391.233874] ? sys_vfork+0x20/0x20 [ 391.237420] do_syscall_64+0x1d5/0x640 [ 391.241319] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 391.246506] RIP: 0033:0x45c849 [ 391.249697] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 391.257417] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 391.264691] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 391.271964] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 391.279252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 391.286522] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000000d 03:35:42 executing program 2 (fault-call:9 fault-nth:40): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:42 executing program 3 (fault-call:8 fault-nth:39): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:42 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:42 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 391.473294] FAULT_INJECTION: forcing a failure. [ 391.473294] name failslab, interval 1, probability 0, space 0, times 0 [ 391.484615] CPU: 1 PID: 15174 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 391.492500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 391.501854] Call Trace: [ 391.504447] dump_stack+0x13e/0x194 [ 391.508084] should_fail.cold+0x10a/0x14b [ 391.512248] should_failslab+0xd6/0x130 [ 391.516228] __kmalloc_track_caller+0x2e1/0x7b0 [ 391.520900] ? kstrdup_const+0x35/0x60 [ 391.524831] ? lock_acquire+0x170/0x3f0 [ 391.528806] ? lock_downgrade+0x6e0/0x6e0 [ 391.532963] kstrdup+0x36/0x70 [ 391.536168] kstrdup_const+0x35/0x60 [ 391.539884] alloc_vfsmnt+0xe0/0x7c0 [ 391.543690] clone_mnt+0x6c/0xf20 [ 391.547157] copy_tree+0x33a/0x860 [ 391.550836] copy_mnt_ns+0x112/0x8a0 [ 391.554581] ? copy_namespaces+0x112/0x310 [ 391.558862] ? cap_capable+0x1c4/0x230 [ 391.562769] create_new_namespaces+0xc9/0x730 [ 391.567276] ? security_capable+0x88/0xb0 [ 391.571610] copy_namespaces+0x27b/0x310 [ 391.575683] copy_process.part.0+0x2603/0x6a70 [ 391.580278] ? get_pid_task+0xb8/0x130 [ 391.584173] ? save_trace+0x290/0x290 [ 391.587984] ? __lock_is_held+0xad/0x140 [ 391.592059] ? __cleanup_sighand+0x40/0x40 [ 391.596297] ? lock_downgrade+0x6e0/0x6e0 [ 391.600454] _do_fork+0x180/0xc80 [ 391.603916] ? fork_idle+0x270/0x270 [ 391.607633] ? fput+0xb/0x140 [ 391.610747] ? SyS_write+0x14d/0x210 [ 391.614469] ? SyS_read+0x210/0x210 [ 391.618107] ? SyS_clock_settime+0x1a0/0x1a0 [ 391.622516] ? do_syscall_64+0x4c/0x640 [ 391.626493] ? sys_vfork+0x20/0x20 [ 391.630039] do_syscall_64+0x1d5/0x640 [ 391.633935] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 391.639122] RIP: 0033:0x45c849 [ 391.642309] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 391.650014] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 391.657283] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 391.664553] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 03:35:42 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) ioctl(r4, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") setsockopt$inet_udp_encap(r2, 0x11, 0x64, &(0x7f0000000040)=0x4, 0x4) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$EVIOCSFF(r5, 0x40304580, &(0x7f0000000000)={0x55, 0x5e3, 0x4, {0xece, 0x1}, {0x6545, 0x2}, @cond=[{0x3, 0x2, 0x9, 0x1, 0x1e, 0x8}, {0xfff, 0x7f, 0x800, 0x1f, 0x800, 0x94}]}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001180)={0x50, 0x0, 0x917, 0x0, 0x25dfdbfb, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @ipv4={[], [], @multicast2}}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}]}, 0x50}}, 0x4) sendmsg$L2TP_CMD_SESSION_GET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, 0x0, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e21}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x4) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 391.671827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 391.679102] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000027 [ 391.687019] FAULT_INJECTION: forcing a failure. [ 391.687019] name failslab, interval 1, probability 0, space 0, times 0 [ 391.698470] CPU: 0 PID: 15183 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 391.706353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 391.715694] Call Trace: [ 391.718285] dump_stack+0x13e/0x194 [ 391.721910] should_fail.cold+0x10a/0x14b [ 391.726051] should_failslab+0xd6/0x130 [ 391.730017] __kmalloc_track_caller+0x2e1/0x7b0 [ 391.734686] ? kstrdup_const+0x35/0x60 [ 391.738571] ? lock_acquire+0x170/0x3f0 [ 391.742526] ? lock_downgrade+0x6e0/0x6e0 [ 391.746661] kstrdup+0x36/0x70 [ 391.749941] kstrdup_const+0x35/0x60 [ 391.753652] alloc_vfsmnt+0xe0/0x7c0 [ 391.757375] clone_mnt+0x6c/0xf20 [ 391.760844] copy_tree+0x33a/0x860 [ 391.764402] copy_mnt_ns+0x112/0x8a0 [ 391.768120] ? copy_namespaces+0x112/0x310 [ 391.772339] ? cap_capable+0x1c4/0x230 [ 391.776215] create_new_namespaces+0xc9/0x730 [ 391.780723] ? security_capable+0x88/0xb0 [ 391.784866] copy_namespaces+0x27b/0x310 [ 391.788914] copy_process.part.0+0x2603/0x6a70 [ 391.793490] ? get_pid_task+0xb8/0x130 [ 391.797373] ? save_trace+0x290/0x290 [ 391.801164] ? __lock_is_held+0xad/0x140 [ 391.805262] ? __cleanup_sighand+0x40/0x40 [ 391.809479] ? lock_downgrade+0x6e0/0x6e0 [ 391.813621] _do_fork+0x180/0xc80 [ 391.817069] ? fork_idle+0x270/0x270 [ 391.820770] ? fput+0xb/0x140 [ 391.823874] ? SyS_write+0x14d/0x210 [ 391.827578] ? SyS_read+0x210/0x210 [ 391.831193] ? SyS_clock_settime+0x1a0/0x1a0 [ 391.835593] ? do_syscall_64+0x4c/0x640 [ 391.839570] ? sys_vfork+0x20/0x20 [ 391.843323] do_syscall_64+0x1d5/0x640 [ 391.847206] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 391.852392] RIP: 0033:0x45c849 [ 391.855562] RSP: 002b:00007f6efb2acc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 391.863309] RAX: ffffffffffffffda RBX: 00007f6efb2ad6d4 RCX: 000000000045c849 03:35:43 executing program 0 (fault-call:10 fault-nth:14): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 391.870562] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 391.877828] RBP: 000000000076c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 391.885101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 391.892381] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000028 [ 391.955277] FAULT_INJECTION: forcing a failure. [ 391.955277] name failslab, interval 1, probability 0, space 0, times 0 [ 391.967216] CPU: 1 PID: 15194 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 391.975104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 391.984465] Call Trace: [ 391.987062] dump_stack+0x13e/0x194 [ 391.990784] should_fail.cold+0x10a/0x14b [ 391.994937] should_failslab+0xd6/0x130 [ 391.998912] kmem_cache_alloc+0x2b5/0x770 [ 392.003061] ? dup_fd+0x516/0xa40 [ 392.006519] copy_fs_struct+0x43/0x2d0 [ 392.010413] copy_process.part.0+0x3974/0x6a70 [ 392.015003] ? get_pid_task+0xb8/0x130 [ 392.019102] ? proc_fail_nth_write+0x7b/0x180 [ 392.023603] ? save_trace+0x290/0x290 [ 392.027414] ? __lock_is_held+0xad/0x140 [ 392.031485] ? __cleanup_sighand+0x40/0x40 [ 392.035724] ? lock_downgrade+0x6e0/0x6e0 [ 392.039879] _do_fork+0x180/0xc80 [ 392.043365] ? fork_idle+0x270/0x270 [ 392.047077] ? fput+0xb/0x140 [ 392.050180] ? SyS_write+0x14d/0x210 [ 392.053892] ? SyS_read+0x210/0x210 [ 392.057515] ? SyS_clock_settime+0x1a0/0x1a0 [ 392.061926] ? do_syscall_64+0x4c/0x640 [ 392.065904] ? sys_vfork+0x20/0x20 [ 392.069444] do_syscall_64+0x1d5/0x640 [ 392.073337] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 392.078520] RIP: 0033:0x45c849 [ 392.082085] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 392.089801] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 392.097073] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 392.104352] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 392.111628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 392.119424] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000000e 03:35:43 executing program 3 (fault-call:8 fault-nth:40): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:43 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:43 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:43 executing program 2 (fault-call:9 fault-nth:41): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 392.340524] FAULT_INJECTION: forcing a failure. [ 392.340524] name failslab, interval 1, probability 0, space 0, times 0 [ 392.351926] CPU: 0 PID: 15203 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 392.359819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 392.369173] Call Trace: [ 392.371774] dump_stack+0x13e/0x194 [ 392.375412] should_fail.cold+0x10a/0x14b [ 392.379572] should_failslab+0xd6/0x130 [ 392.383560] __kmalloc_track_caller+0x2e1/0x7b0 [ 392.388230] ? kstrdup_const+0x35/0x60 [ 392.392123] ? lock_acquire+0x170/0x3f0 [ 392.397056] ? lock_downgrade+0x6e0/0x6e0 [ 392.401209] kstrdup+0x36/0x70 [ 392.404408] kstrdup_const+0x35/0x60 [ 392.408127] alloc_vfsmnt+0xe0/0x7c0 [ 392.412280] clone_mnt+0x6c/0xf20 [ 392.415753] copy_tree+0x33a/0x860 [ 392.419303] copy_mnt_ns+0x112/0x8a0 [ 392.423020] ? copy_namespaces+0x112/0x310 [ 392.427258] ? cap_capable+0x1c4/0x230 [ 392.431150] create_new_namespaces+0xc9/0x730 [ 392.435640] ? security_capable+0x88/0xb0 [ 392.439775] copy_namespaces+0x27b/0x310 [ 392.443936] copy_process.part.0+0x2603/0x6a70 [ 392.448562] ? get_pid_task+0xb8/0x130 [ 392.452455] ? save_trace+0x290/0x290 [ 392.456247] ? __lock_is_held+0xad/0x140 [ 392.460414] ? __cleanup_sighand+0x40/0x40 [ 392.464637] ? lock_downgrade+0x6e0/0x6e0 [ 392.468779] _do_fork+0x180/0xc80 [ 392.472221] ? fork_idle+0x270/0x270 [ 392.475926] ? fput+0xb/0x140 [ 392.479065] ? SyS_write+0x14d/0x210 [ 392.482784] ? SyS_read+0x210/0x210 [ 392.486415] ? SyS_clock_settime+0x1a0/0x1a0 [ 392.490829] ? do_syscall_64+0x4c/0x640 [ 392.494919] ? sys_vfork+0x20/0x20 [ 392.498569] do_syscall_64+0x1d5/0x640 [ 392.502466] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 392.507658] RIP: 0033:0x45c849 [ 392.510853] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 392.518568] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 392.525837] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 392.533114] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 392.540388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 392.547752] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000028 [ 392.555886] FAULT_INJECTION: forcing a failure. [ 392.555886] name failslab, interval 1, probability 0, space 0, times 0 [ 392.567336] CPU: 0 PID: 15207 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 392.575232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 392.584587] Call Trace: [ 392.587187] dump_stack+0x13e/0x194 03:35:43 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000002c0)=[{&(0x7f0000000340)="11e261c6822c4f40c471c14c1bc5676ba58c7ef81a7827ecad46c266591c213a871afb5305b9ef18a1c21b6fb3b76b8dc943f633360268f6be643daa50739c89878069e1564f5b70a5b8471ecba39c2f17a8ec7e7323652b84e8fe224f2b57551638e4d1544ddf3d0d1b2260a14f58cfd516b659b00d35c2f5e8a47c0f7e", 0x7e}], 0x1, 0x2) r1 = gettid() ioprio_set$pid(0x0, r1, 0x2) r2 = gettid() ioprio_set$pid(0x2, r2, 0x0) ioprio_set$pid(0x3, r2, 0x78ee40ee) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x26da6d05}, 0x0) ioctl$SCSI_IOCTL_TEST_UNIT_READY(0xffffffffffffffff, 0x2) r3 = socket(0x6, 0xa, 0x1ff) setsockopt$sock_linger(r3, 0x1, 0xd, &(0x7f0000000040)={0x0, 0x39}, 0x8) ioctl$SNDRV_PCM_IOCTL_INFO(0xffffffffffffffff, 0x81204101, &(0x7f00000000c0)) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_dev$dri(&(0x7f0000000200)='/dev/dri/card#\x00', 0x3ff, 0x400) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) [ 392.590828] should_fail.cold+0x10a/0x14b [ 392.594990] should_failslab+0xd6/0x130 [ 392.598975] __kmalloc_track_caller+0x2e1/0x7b0 [ 392.603649] ? kstrdup_const+0x35/0x60 [ 392.607549] ? lock_acquire+0x170/0x3f0 [ 392.611532] ? lock_downgrade+0x6e0/0x6e0 [ 392.615691] kstrdup+0x36/0x70 [ 392.619246] kstrdup_const+0x35/0x60 [ 392.622968] alloc_vfsmnt+0xe0/0x7c0 [ 392.627325] clone_mnt+0x6c/0xf20 [ 392.630790] copy_tree+0x33a/0x860 [ 392.634405] copy_mnt_ns+0x112/0x8a0 [ 392.638132] ? copy_namespaces+0x112/0x310 [ 392.642373] ? cap_capable+0x1c4/0x230 [ 392.646269] create_new_namespaces+0xc9/0x730 [ 392.650770] ? security_capable+0x88/0xb0 [ 392.654928] copy_namespaces+0x27b/0x310 [ 392.658996] copy_process.part.0+0x2603/0x6a70 [ 392.666715] ? get_pid_task+0xb8/0x130 [ 392.670614] ? save_trace+0x290/0x290 [ 392.674425] ? __lock_is_held+0xad/0x140 [ 392.678503] ? __cleanup_sighand+0x40/0x40 [ 392.682745] ? lock_downgrade+0x6e0/0x6e0 [ 392.686907] _do_fork+0x180/0xc80 03:35:43 executing program 0 (fault-call:10 fault-nth:15): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 392.690373] ? fork_idle+0x270/0x270 [ 392.694102] ? fput+0xb/0x140 [ 392.697209] ? SyS_write+0x14d/0x210 [ 392.700921] ? SyS_read+0x210/0x210 [ 392.704542] ? SyS_clock_settime+0x1a0/0x1a0 [ 392.708952] ? do_syscall_64+0x4c/0x640 [ 392.712927] ? sys_vfork+0x20/0x20 [ 392.716477] do_syscall_64+0x1d5/0x640 [ 392.720378] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 392.725566] RIP: 0033:0x45c849 [ 392.728758] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 392.736469] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 392.743740] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 392.751015] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 392.758290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 392.765561] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000029 [ 392.811572] FAULT_INJECTION: forcing a failure. [ 392.811572] name failslab, interval 1, probability 0, space 0, times 0 [ 392.823095] CPU: 1 PID: 15219 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 392.830997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 392.840345] Call Trace: [ 392.842943] dump_stack+0x13e/0x194 [ 392.846580] should_fail.cold+0x10a/0x14b [ 392.850745] should_failslab+0xd6/0x130 [ 392.854727] kmem_cache_alloc+0x2b5/0x770 [ 392.858953] ? do_raw_spin_unlock+0x164/0x250 [ 392.863455] ? _raw_spin_unlock+0x29/0x40 [ 392.867616] copy_process.part.0+0x39d7/0x6a70 [ 392.872215] ? get_pid_task+0xb8/0x130 [ 392.876108] ? proc_fail_nth_write+0x7b/0x180 [ 392.880616] ? save_trace+0x290/0x290 [ 392.884426] ? __lock_is_held+0xad/0x140 [ 392.888501] ? __cleanup_sighand+0x40/0x40 [ 392.892740] ? lock_downgrade+0x6e0/0x6e0 [ 392.896903] _do_fork+0x180/0xc80 [ 392.900799] ? fork_idle+0x270/0x270 [ 392.904518] ? fput+0xb/0x140 [ 392.907710] ? SyS_write+0x14d/0x210 [ 392.911434] ? SyS_read+0x210/0x210 [ 392.915070] ? SyS_clock_settime+0x1a0/0x1a0 [ 392.919487] ? do_syscall_64+0x4c/0x640 [ 392.923464] ? sys_vfork+0x20/0x20 [ 392.927013] do_syscall_64+0x1d5/0x640 [ 392.931001] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 392.936191] RIP: 0033:0x45c849 [ 392.939395] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 392.947124] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 392.954408] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 392.961680] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 392.968952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 392.976223] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000000f 03:35:44 executing program 3 (fault-call:8 fault-nth:41): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 393.163684] FAULT_INJECTION: forcing a failure. [ 393.163684] name failslab, interval 1, probability 0, space 0, times 0 [ 393.175055] CPU: 1 PID: 15229 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 393.182947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 393.192308] Call Trace: [ 393.194906] dump_stack+0x13e/0x194 [ 393.202553] should_fail.cold+0x10a/0x14b [ 393.206717] should_failslab+0xd6/0x130 [ 393.210702] __kmalloc_track_caller+0x2e1/0x7b0 [ 393.215380] ? kstrdup_const+0x35/0x60 [ 393.219276] ? lock_acquire+0x170/0x3f0 [ 393.223259] ? lock_downgrade+0x6e0/0x6e0 [ 393.227418] kstrdup+0x36/0x70 [ 393.230623] kstrdup_const+0x35/0x60 [ 393.234346] alloc_vfsmnt+0xe0/0x7c0 [ 393.238070] clone_mnt+0x6c/0xf20 [ 393.241533] copy_tree+0x33a/0x860 [ 393.245091] copy_mnt_ns+0x112/0x8a0 [ 393.248817] ? copy_namespaces+0x112/0x310 [ 393.253056] ? cap_capable+0x1c4/0x230 [ 393.256954] create_new_namespaces+0xc9/0x730 [ 393.261460] ? security_capable+0x88/0xb0 [ 393.265617] copy_namespaces+0x27b/0x310 [ 393.269687] copy_process.part.0+0x2603/0x6a70 [ 393.274281] ? get_pid_task+0xb8/0x130 [ 393.278181] ? save_trace+0x290/0x290 [ 393.281997] ? __lock_is_held+0xad/0x140 [ 393.286078] ? __cleanup_sighand+0x40/0x40 [ 393.290340] ? lock_downgrade+0x6e0/0x6e0 [ 393.294506] _do_fork+0x180/0xc80 [ 393.297976] ? fork_idle+0x270/0x270 [ 393.301702] ? fput+0xb/0x140 [ 393.304808] ? SyS_write+0x14d/0x210 [ 393.308527] ? SyS_read+0x210/0x210 [ 393.312157] ? SyS_clock_settime+0x1a0/0x1a0 [ 393.316568] ? do_syscall_64+0x4c/0x640 [ 393.320545] ? sys_vfork+0x20/0x20 [ 393.324092] do_syscall_64+0x1d5/0x640 [ 393.327990] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 393.333182] RIP: 0033:0x45c849 [ 393.336370] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 393.344079] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 393.351352] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 03:35:44 executing program 2 (fault-call:9 fault-nth:42): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:44 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:44 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 393.358624] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 393.366070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 393.373343] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000029 03:35:44 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r5, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r6, 0x2, 0x70bd25, 0x25dfdbfc, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40040) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x4, 0x2, 0x0, 0x0, 0x0, 0x5, 0x3aaf}, 0x0) r7 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$PPPOEIOCDFWD(r7, 0xb101, 0x0) getsockopt$inet_dccp_int(r1, 0x21, 0x4, &(0x7f0000000180), &(0x7f00000001c0)=0x4) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:44 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 393.551715] FAULT_INJECTION: forcing a failure. [ 393.551715] name failslab, interval 1, probability 0, space 0, times 0 [ 393.563201] CPU: 0 PID: 15232 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 393.571087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 393.580441] Call Trace: [ 393.583038] dump_stack+0x13e/0x194 [ 393.586678] should_fail.cold+0x10a/0x14b [ 393.590837] should_failslab+0xd6/0x130 [ 393.594823] kmem_cache_alloc+0x2b5/0x770 [ 393.598978] ? find_held_lock+0x2d/0x110 [ 393.603215] ? copy_tree+0x4a0/0x860 [ 393.606933] alloc_vfsmnt+0x23/0x7c0 [ 393.610650] clone_mnt+0x6c/0xf20 [ 393.614113] copy_tree+0x33a/0x860 [ 393.617663] copy_mnt_ns+0x112/0x8a0 [ 393.621379] ? copy_namespaces+0x112/0x310 [ 393.625619] ? cap_capable+0x1c4/0x230 [ 393.629511] create_new_namespaces+0xc9/0x730 [ 393.634021] ? security_capable+0x88/0xb0 [ 393.638175] copy_namespaces+0x27b/0x310 [ 393.642333] copy_process.part.0+0x2603/0x6a70 [ 393.646929] ? get_pid_task+0xb8/0x130 [ 393.650826] ? save_trace+0x290/0x290 [ 393.654634] ? __lock_is_held+0xad/0x140 [ 393.658726] ? __cleanup_sighand+0x40/0x40 [ 393.662967] ? lock_downgrade+0x6e0/0x6e0 [ 393.667123] _do_fork+0x180/0xc80 [ 393.671019] ? fork_idle+0x270/0x270 [ 393.674735] ? fput+0xb/0x140 [ 393.677844] ? SyS_write+0x14d/0x210 [ 393.681564] ? SyS_read+0x210/0x210 [ 393.685218] ? SyS_clock_settime+0x1a0/0x1a0 [ 393.689637] ? do_syscall_64+0x4c/0x640 [ 393.693639] ? sys_vfork+0x20/0x20 [ 393.697189] do_syscall_64+0x1d5/0x640 [ 393.701088] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 393.706885] RIP: 0033:0x45c849 [ 393.710075] RSP: 002b:00007f6efb30fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 393.717784] RAX: ffffffffffffffda RBX: 00007f6efb3106d4 RCX: 000000000045c849 [ 393.725053] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 393.732329] RBP: 000000000076bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 393.739613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 03:35:44 executing program 0 (fault-call:10 fault-nth:16): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 393.746885] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000002a 03:35:44 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 393.847555] FAULT_INJECTION: forcing a failure. [ 393.847555] name failslab, interval 1, probability 0, space 0, times 0 [ 393.858961] CPU: 1 PID: 15265 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 393.866863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 393.876218] Call Trace: [ 393.878926] dump_stack+0x13e/0x194 [ 393.882568] should_fail.cold+0x10a/0x14b [ 393.886722] should_failslab+0xd6/0x130 [ 393.890694] kmem_cache_alloc+0x2b5/0x770 [ 393.894843] ? find_held_lock+0x2d/0x110 [ 393.898909] ? copy_namespaces+0x112/0x310 [ 393.903148] ? cap_capable+0x1c4/0x230 [ 393.907049] create_new_namespaces+0x30/0x730 [ 393.911545] ? security_capable+0x88/0xb0 [ 393.915701] copy_namespaces+0x27b/0x310 [ 393.919858] copy_process.part.0+0x2603/0x6a70 [ 393.924450] ? get_pid_task+0xb8/0x130 [ 393.928351] ? save_trace+0x290/0x290 [ 393.932191] ? __lock_is_held+0xad/0x140 [ 393.936265] ? __cleanup_sighand+0x40/0x40 [ 393.940508] ? lock_downgrade+0x6e0/0x6e0 [ 393.944662] _do_fork+0x180/0xc80 03:35:45 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:45 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:45 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:45 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 393.948121] ? fork_idle+0x270/0x270 [ 393.951841] ? fput+0xb/0x140 [ 393.954946] ? SyS_write+0x14d/0x210 [ 393.958660] ? SyS_read+0x210/0x210 [ 393.962302] ? SyS_clock_settime+0x1a0/0x1a0 [ 393.966713] ? do_syscall_64+0x4c/0x640 [ 393.970688] ? sys_vfork+0x20/0x20 [ 393.974231] do_syscall_64+0x1d5/0x640 [ 393.978122] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 393.983305] RIP: 0033:0x45c849 [ 393.986487] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 03:35:45 executing program 3 (fault-call:8 fault-nth:42): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 393.994201] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 394.001473] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 394.008758] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 394.016140] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 394.023413] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000010 [ 394.106483] FAULT_INJECTION: forcing a failure. [ 394.106483] name failslab, interval 1, probability 0, space 0, times 0 [ 394.117822] CPU: 1 PID: 15284 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 394.125722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 394.135096] Call Trace: [ 394.137696] dump_stack+0x13e/0x194 [ 394.141344] should_fail.cold+0x10a/0x14b [ 394.145505] should_failslab+0xd6/0x130 [ 394.149487] kmem_cache_alloc+0x2b5/0x770 [ 394.153644] ? find_held_lock+0x2d/0x110 [ 394.157711] ? copy_tree+0x4a0/0x860 [ 394.162821] alloc_vfsmnt+0x23/0x7c0 [ 394.166541] clone_mnt+0x6c/0xf20 [ 394.170008] copy_tree+0x33a/0x860 [ 394.173574] copy_mnt_ns+0x112/0x8a0 [ 394.177297] ? copy_namespaces+0x112/0x310 [ 394.181538] ? cap_capable+0x1c4/0x230 [ 394.185439] create_new_namespaces+0xc9/0x730 [ 394.189942] ? security_capable+0x88/0xb0 [ 394.194102] copy_namespaces+0x27b/0x310 [ 394.198172] copy_process.part.0+0x2603/0x6a70 [ 394.203261] ? get_pid_task+0xb8/0x130 [ 394.207187] ? save_trace+0x290/0x290 [ 394.211008] ? __lock_is_held+0xad/0x140 [ 394.215088] ? __cleanup_sighand+0x40/0x40 [ 394.219437] ? lock_downgrade+0x6e0/0x6e0 [ 394.223600] _do_fork+0x180/0xc80 [ 394.227059] ? fork_idle+0x270/0x270 [ 394.230778] ? fput+0xb/0x140 [ 394.233885] ? SyS_write+0x14d/0x210 [ 394.237602] ? SyS_read+0x210/0x210 [ 394.241264] ? SyS_clock_settime+0x1a0/0x1a0 [ 394.245681] ? do_syscall_64+0x4c/0x640 [ 394.249665] ? sys_vfork+0x20/0x20 [ 394.253214] do_syscall_64+0x1d5/0x640 [ 394.257115] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 394.262308] RIP: 0033:0x45c849 [ 394.265505] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 394.273328] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 394.280604] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 394.287876] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 394.295265] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 03:35:45 executing program 2 (fault-call:9 fault-nth:43): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:45 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:45 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 394.302537] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000002a 03:35:45 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:45 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000)='nl80211\x00') sendmsg$NL80211_CMD_SET_MPATH(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, r4, 0x624cd7acf817ef2b, 0x0, 0x0, {0x5}, [@NL80211_ATTR_WIPHY={0x8}]}, 0x1c}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="1ca6e90f6c00000015517f70d14cd4b5b9bf10000507000000000022000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062726964676500000400028008000a00", @ANYRES32=r7, @ANYBLOB], 0x3c}}, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x2, 0x3, 0x2d8, 0x0, 0x190, 0xcbffffff, 0x190, 0x77000000, 0x240, 0x240, 0x240, 0x240, 0x240, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x130, 0x190, 0x0, {}, [@common=@unspec=@string={{0xc0, 'string\x00'}, {0x0, 0x0, 'bm\x00', "bdc74c01369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa6ecab6b1d2cc05e3182f64694d7d05fb8b8c8f56627a54f905d564eeeb8334f650ca0f3c44f7fda4d20a55050342ea85ecc8838e7088de33582f36a0a375bb7008adc297a5ece1bb2df53d17bef26bb6f800", 0x7f}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@empty}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, 0x0, 0x0, 'veth0_to_batadv\x00', 'ip6gretap0\x00'}, 0x0, 0x70, 0xb0}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x338) ioctl$sock_SIOCSIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000240)) sendmsg$NL80211_CMD_SET_MPATH(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x14020080}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x58, r4, 0x0, 0x70bd2d, 0x25dfdbff, {}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x4}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x40, 0x1}}, @NL80211_ATTR_MAC={0xa, 0x6, @link_local}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r7}, @NL80211_ATTR_WIPHY={0x8}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x4}]}, 0x58}, 0x1, 0x0, 0x0, 0x4008000}, 0x4008005) [ 394.447366] FAULT_INJECTION: forcing a failure. [ 394.447366] name failslab, interval 1, probability 0, space 0, times 0 [ 394.459325] CPU: 1 PID: 15302 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 394.467234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 394.476595] Call Trace: [ 394.479193] dump_stack+0x13e/0x194 [ 394.482834] should_fail.cold+0x10a/0x14b [ 394.486995] should_failslab+0xd6/0x130 [ 394.490978] __kmalloc_track_caller+0x2e1/0x7b0 [ 394.495666] ? kstrdup_const+0x35/0x60 [ 394.499733] ? lock_acquire+0x170/0x3f0 [ 394.503717] ? lock_downgrade+0x6e0/0x6e0 [ 394.507872] kstrdup+0x36/0x70 [ 394.511074] kstrdup_const+0x35/0x60 [ 394.514793] alloc_vfsmnt+0xe0/0x7c0 [ 394.518510] clone_mnt+0x6c/0xf20 [ 394.521972] copy_tree+0x33a/0x860 [ 394.525524] copy_mnt_ns+0x112/0x8a0 [ 394.529244] ? copy_namespaces+0x112/0x310 [ 394.533482] ? cap_capable+0x1c4/0x230 [ 394.537380] create_new_namespaces+0xc9/0x730 [ 394.541884] ? security_capable+0x88/0xb0 [ 394.546050] copy_namespaces+0x27b/0x310 [ 394.550124] copy_process.part.0+0x2603/0x6a70 [ 394.554779] ? get_pid_task+0xb8/0x130 [ 394.558687] ? save_trace+0x290/0x290 [ 394.562495] ? __lock_is_held+0xad/0x140 [ 394.566586] ? __cleanup_sighand+0x40/0x40 [ 394.570832] ? lock_downgrade+0x6e0/0x6e0 [ 394.574996] _do_fork+0x180/0xc80 [ 394.578461] ? fork_idle+0x270/0x270 [ 394.582188] ? fput+0xb/0x140 [ 394.585303] ? SyS_write+0x14d/0x210 [ 394.589092] ? SyS_read+0x210/0x210 [ 394.592743] ? SyS_clock_settime+0x1a0/0x1a0 03:35:45 executing program 0 (fault-call:10 fault-nth:17): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 394.597167] ? do_syscall_64+0x4c/0x640 [ 394.601141] ? sys_vfork+0x20/0x20 [ 394.604688] do_syscall_64+0x1d5/0x640 [ 394.608584] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 394.613776] RIP: 0033:0x45c849 [ 394.616969] RSP: 002b:00007f6efb2cdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 394.624684] RAX: ffffffffffffffda RBX: 00007f6efb2ce6d4 RCX: 000000000045c849 [ 394.631959] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 394.639435] RBP: 000000000076c040 R08: ffffffffffffffff R09: 0000000000000000 03:35:45 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700), 0x0, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 394.646713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 394.649325] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=108 sclass=netlink_route_socket pig=15310 comm=syz-executor.4 [ 394.653985] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000002b [ 394.728427] FAULT_INJECTION: forcing a failure. [ 394.728427] name failslab, interval 1, probability 0, space 0, times 0 [ 394.739939] CPU: 0 PID: 15316 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 394.747840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 394.757193] Call Trace: [ 394.759777] dump_stack+0x13e/0x194 [ 394.763398] should_fail.cold+0x10a/0x14b [ 394.767554] should_failslab+0xd6/0x130 [ 394.771527] kmem_cache_alloc_trace+0x2db/0x7b0 [ 394.776213] ? lock_downgrade+0x6e0/0x6e0 [ 394.780363] ? _raw_spin_unlock_irq+0x24/0x80 [ 394.784844] inc_ucount+0x3bd/0x6f0 [ 394.788723] ? fs_reclaim_acquire+0x10/0x10 [ 394.793039] ? retire_userns_sysctls+0x80/0x80 [ 394.797637] alloc_mnt_ns+0x8e/0x440 [ 394.801353] copy_mnt_ns+0x8e/0x8a0 [ 394.804973] ? find_held_lock+0x2d/0x110 [ 394.809127] ? copy_namespaces+0x112/0x310 [ 394.813359] ? cap_capable+0x1c4/0x230 [ 394.817232] create_new_namespaces+0xc9/0x730 [ 394.821716] ? security_capable+0x88/0xb0 [ 394.825873] copy_namespaces+0x27b/0x310 [ 394.829943] copy_process.part.0+0x2603/0x6a70 [ 394.834528] ? get_pid_task+0xb8/0x130 [ 394.838408] ? save_trace+0x290/0x290 [ 394.842202] ? __lock_is_held+0xad/0x140 [ 394.846268] ? __cleanup_sighand+0x40/0x40 [ 394.850496] ? lock_downgrade+0x6e0/0x6e0 [ 394.854644] _do_fork+0x180/0xc80 [ 394.858110] ? fork_idle+0x270/0x270 [ 394.861835] ? fput+0xb/0x140 [ 394.864938] ? SyS_write+0x14d/0x210 [ 394.868655] ? SyS_read+0x210/0x210 [ 394.872287] ? SyS_clock_settime+0x1a0/0x1a0 [ 394.876704] ? do_syscall_64+0x4c/0x640 [ 394.880684] ? sys_vfork+0x20/0x20 [ 394.884234] do_syscall_64+0x1d5/0x640 [ 394.888134] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 394.893676] RIP: 0033:0x45c849 [ 394.896866] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 394.904590] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 394.911864] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 394.919135] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 03:35:46 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700), 0x0, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:46 executing program 3 (fault-call:8 fault-nth:43): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 394.926413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 394.933691] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000011 03:35:46 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700), 0x0, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:46 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 395.055548] FAULT_INJECTION: forcing a failure. [ 395.055548] name failslab, interval 1, probability 0, space 0, times 0 [ 395.067168] CPU: 0 PID: 15330 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 395.075068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 395.084429] Call Trace: [ 395.087035] dump_stack+0x13e/0x194 [ 395.090675] should_fail.cold+0x10a/0x14b [ 395.094834] should_failslab+0xd6/0x130 [ 395.098821] __kmalloc_track_caller+0x2e1/0x7b0 [ 395.103495] ? kstrdup_const+0x35/0x60 [ 395.107399] ? lock_acquire+0x170/0x3f0 [ 395.111387] ? lock_downgrade+0x6e0/0x6e0 [ 395.115544] kstrdup+0x36/0x70 [ 395.118745] kstrdup_const+0x35/0x60 [ 395.122478] alloc_vfsmnt+0xe0/0x7c0 [ 395.126197] clone_mnt+0x6c/0xf20 [ 395.129661] copy_tree+0x33a/0x860 [ 395.133211] copy_mnt_ns+0x112/0x8a0 [ 395.136940] ? copy_namespaces+0x112/0x310 [ 395.141180] ? cap_capable+0x1c4/0x230 [ 395.145074] create_new_namespaces+0xc9/0x730 [ 395.149570] ? security_capable+0x88/0xb0 [ 395.153726] copy_namespaces+0x27b/0x310 [ 395.157797] copy_process.part.0+0x2603/0x6a70 [ 395.162396] ? get_pid_task+0xb8/0x130 [ 395.166295] ? save_trace+0x290/0x290 [ 395.170279] ? __lock_is_held+0xad/0x140 [ 395.174358] ? __cleanup_sighand+0x40/0x40 [ 395.178614] ? lock_downgrade+0x6e0/0x6e0 [ 395.182777] _do_fork+0x180/0xc80 [ 395.186249] ? fork_idle+0x270/0x270 [ 395.189973] ? fput+0xb/0x140 [ 395.193080] ? SyS_write+0x14d/0x210 [ 395.196798] ? SyS_read+0x210/0x210 [ 395.200440] ? SyS_clock_settime+0x1a0/0x1a0 [ 395.204852] ? do_syscall_64+0x4c/0x640 [ 395.208839] ? sys_vfork+0x20/0x20 [ 395.212476] do_syscall_64+0x1d5/0x640 [ 395.216375] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 395.221572] RIP: 0033:0x45c849 [ 395.224759] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 395.232472] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 395.239749] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 395.247109] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 03:35:46 executing program 2 (fault-call:9 fault-nth:44): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 395.254386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 395.261662] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000002b 03:35:46 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 395.376715] FAULT_INJECTION: forcing a failure. [ 395.376715] name failslab, interval 1, probability 0, space 0, times 0 [ 395.388145] CPU: 0 PID: 15342 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 395.396070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 395.405427] Call Trace: [ 395.408033] dump_stack+0x13e/0x194 [ 395.411679] should_fail.cold+0x10a/0x14b [ 395.415842] should_failslab+0xd6/0x130 [ 395.419824] kmem_cache_alloc+0x2b5/0x770 [ 395.424092] ? find_held_lock+0x2d/0x110 [ 395.428162] ? copy_tree+0x4a0/0x860 [ 395.431889] alloc_vfsmnt+0x23/0x7c0 [ 395.435603] clone_mnt+0x6c/0xf20 [ 395.439049] copy_tree+0x33a/0x860 [ 395.442585] copy_mnt_ns+0x112/0x8a0 [ 395.446296] ? copy_namespaces+0x112/0x310 [ 395.450530] ? cap_capable+0x1c4/0x230 [ 395.454405] create_new_namespaces+0xc9/0x730 [ 395.458882] ? security_capable+0x88/0xb0 [ 395.463019] copy_namespaces+0x27b/0x310 [ 395.467067] copy_process.part.0+0x2603/0x6a70 [ 395.471636] ? get_pid_task+0xb8/0x130 [ 395.475508] ? save_trace+0x290/0x290 [ 395.479291] ? __lock_is_held+0xad/0x140 [ 395.483343] ? __cleanup_sighand+0x40/0x40 [ 395.487562] ? lock_downgrade+0x6e0/0x6e0 [ 395.491710] _do_fork+0x180/0xc80 [ 395.495150] ? fork_idle+0x270/0x270 [ 395.498851] ? fput+0xb/0x140 [ 395.501938] ? SyS_write+0x14d/0x210 [ 395.505633] ? SyS_read+0x210/0x210 [ 395.509242] ? SyS_clock_settime+0x1a0/0x1a0 [ 395.513646] ? do_syscall_64+0x4c/0x640 [ 395.517604] ? sys_vfork+0x20/0x20 [ 395.521131] do_syscall_64+0x1d5/0x640 [ 395.525004] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 395.530182] RIP: 0033:0x45c849 [ 395.533368] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 395.541341] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 395.548614] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 395.555891] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 395.563166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 395.570437] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000002c 03:35:46 executing program 0 (fault-call:10 fault-nth:18): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 395.591117] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=108 sclass=netlink_route_socket pig=15343 comm=syz-executor.4 03:35:46 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010000d0700000000ff03000000000010", @ANYRES32=r5, @ANYBLOB="004e7c7c5b8a00001c0012000c000100626f6e64000000060c0002000800010006000000"], 0x3c}}, 0x0) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, &(0x7f0000000000)={@loopback, 0x2b, r5}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 395.688311] FAULT_INJECTION: forcing a failure. [ 395.688311] name failslab, interval 1, probability 0, space 0, times 0 [ 395.699996] CPU: 0 PID: 15352 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 395.707915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 395.717272] Call Trace: [ 395.719872] dump_stack+0x13e/0x194 [ 395.723513] should_fail.cold+0x10a/0x14b [ 395.727677] should_failslab+0xd6/0x130 [ 395.731662] kmem_cache_alloc_trace+0x2db/0x7b0 [ 395.736338] ? retire_userns_sysctls+0x80/0x80 [ 395.740932] alloc_mnt_ns+0xd4/0x440 [ 395.744651] copy_mnt_ns+0x8e/0x8a0 [ 395.748279] ? find_held_lock+0x2d/0x110 [ 395.752348] ? copy_namespaces+0x112/0x310 [ 395.756587] ? cap_capable+0x1c4/0x230 [ 395.760479] create_new_namespaces+0xc9/0x730 [ 395.764977] ? security_capable+0x88/0xb0 [ 395.769132] copy_namespaces+0x27b/0x310 [ 395.773204] copy_process.part.0+0x2603/0x6a70 [ 395.777806] ? get_pid_task+0xb8/0x130 [ 395.781703] ? save_trace+0x290/0x290 [ 395.785508] ? __lock_is_held+0xad/0x140 [ 395.789584] ? __cleanup_sighand+0x40/0x40 [ 395.793831] ? lock_downgrade+0x6e0/0x6e0 [ 395.797994] _do_fork+0x180/0xc80 [ 395.801457] ? fork_idle+0x270/0x270 [ 395.805175] ? fput+0xb/0x140 [ 395.808909] ? SyS_write+0x14d/0x210 [ 395.812623] ? SyS_read+0x210/0x210 [ 395.816252] ? SyS_clock_settime+0x1a0/0x1a0 [ 395.820670] ? do_syscall_64+0x4c/0x640 [ 395.824653] ? sys_vfork+0x20/0x20 [ 395.828387] do_syscall_64+0x1d5/0x640 [ 395.832291] entry_SYSCALL_64_after_hwframe+0x42/0xb7 03:35:47 executing program 3 (fault-call:8 fault-nth:44): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:47 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 395.837480] RIP: 0033:0x45c849 [ 395.840669] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 395.848379] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 395.855663] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 395.862945] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 395.870371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 395.877743] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000012 [ 396.019681] FAULT_INJECTION: forcing a failure. [ 396.019681] name failslab, interval 1, probability 0, space 0, times 0 [ 396.031125] CPU: 1 PID: 15365 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 396.039009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 396.048363] Call Trace: [ 396.050969] dump_stack+0x13e/0x194 [ 396.054612] should_fail.cold+0x10a/0x14b [ 396.058774] should_failslab+0xd6/0x130 [ 396.062752] kmem_cache_alloc+0x2b5/0x770 [ 396.067074] ? lock_release+0x41e/0x7f0 [ 396.071044] alloc_vfsmnt+0x23/0x7c0 [ 396.074760] clone_mnt+0x6c/0xf20 [ 396.078211] copy_tree+0x33a/0x860 [ 396.081764] copy_mnt_ns+0x112/0x8a0 [ 396.085484] ? copy_namespaces+0x112/0x310 [ 396.089725] ? cap_capable+0x1c4/0x230 [ 396.093620] create_new_namespaces+0xc9/0x730 [ 396.098236] ? security_capable+0x88/0xb0 [ 396.102406] copy_namespaces+0x27b/0x310 [ 396.106478] copy_process.part.0+0x2603/0x6a70 [ 396.111072] ? get_pid_task+0xb8/0x130 [ 396.115052] ? save_trace+0x290/0x290 [ 396.118858] ? __lock_is_held+0xad/0x140 [ 396.122946] ? __cleanup_sighand+0x40/0x40 [ 396.127185] ? lock_downgrade+0x6e0/0x6e0 [ 396.131343] _do_fork+0x180/0xc80 [ 396.134800] ? fork_idle+0x270/0x270 [ 396.138522] ? fput+0xb/0x140 [ 396.141629] ? SyS_write+0x14d/0x210 [ 396.145350] ? SyS_read+0x210/0x210 [ 396.148988] ? SyS_clock_settime+0x1a0/0x1a0 [ 396.153475] ? do_syscall_64+0x4c/0x640 [ 396.157461] ? sys_vfork+0x20/0x20 [ 396.161015] do_syscall_64+0x1d5/0x640 [ 396.164915] entry_SYSCALL_64_after_hwframe+0x42/0xb7 03:35:47 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:47 executing program 2 (fault-call:9 fault-nth:45): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 396.170107] RIP: 0033:0x45c849 [ 396.173297] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 396.181009] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 396.188289] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 396.195562] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 396.202831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 396.210104] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000002c [ 396.392672] FAULT_INJECTION: forcing a failure. [ 396.392672] name failslab, interval 1, probability 0, space 0, times 0 [ 396.404177] CPU: 0 PID: 15377 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 396.412169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 396.421620] Call Trace: [ 396.424218] dump_stack+0x13e/0x194 [ 396.427861] should_fail.cold+0x10a/0x14b [ 396.432024] should_failslab+0xd6/0x130 [ 396.436009] __kmalloc_track_caller+0x2e1/0x7b0 [ 396.440774] ? kstrdup_const+0x35/0x60 [ 396.444669] ? lock_acquire+0x170/0x3f0 [ 396.448646] ? lock_downgrade+0x6e0/0x6e0 [ 396.452797] kstrdup+0x36/0x70 [ 396.455995] kstrdup_const+0x35/0x60 [ 396.459714] alloc_vfsmnt+0xe0/0x7c0 [ 396.463430] clone_mnt+0x6c/0xf20 [ 396.466892] copy_tree+0x33a/0x860 [ 396.470530] copy_mnt_ns+0x112/0x8a0 [ 396.474252] ? copy_namespaces+0x112/0x310 [ 396.478492] ? cap_capable+0x1c4/0x230 [ 396.482503] create_new_namespaces+0xc9/0x730 [ 396.487006] ? security_capable+0x88/0xb0 [ 396.491168] copy_namespaces+0x27b/0x310 [ 396.495239] copy_process.part.0+0x2603/0x6a70 [ 396.499831] ? get_pid_task+0xb8/0x130 [ 396.503899] ? save_trace+0x290/0x290 [ 396.507710] ? __lock_is_held+0xad/0x140 [ 396.511789] ? __cleanup_sighand+0x40/0x40 [ 396.516029] ? lock_downgrade+0x6e0/0x6e0 [ 396.520194] _do_fork+0x180/0xc80 [ 396.523651] ? fork_idle+0x270/0x270 [ 396.527485] ? fput+0xb/0x140 [ 396.530592] ? SyS_write+0x14d/0x210 [ 396.534322] ? SyS_read+0x210/0x210 [ 396.537949] ? SyS_clock_settime+0x1a0/0x1a0 [ 396.542368] ? do_syscall_64+0x4c/0x640 [ 396.546344] ? sys_vfork+0x20/0x20 [ 396.549891] do_syscall_64+0x1d5/0x640 [ 396.553789] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 396.558979] RIP: 0033:0x45c849 [ 396.562170] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 396.570056] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 396.577848] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 396.585117] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 03:35:47 executing program 0 (fault-call:10 fault-nth:19): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 396.592399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 396.599680] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000002d [ 396.683620] FAULT_INJECTION: forcing a failure. [ 396.683620] name failslab, interval 1, probability 0, space 0, times 0 [ 396.695102] CPU: 1 PID: 15380 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 396.703073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 396.712493] Call Trace: [ 396.715270] dump_stack+0x13e/0x194 [ 396.718898] should_fail.cold+0x10a/0x14b [ 396.723052] should_failslab+0xd6/0x130 [ 396.727033] kmem_cache_alloc+0x2b5/0x770 [ 396.731182] ? lock_acquire+0x170/0x3f0 [ 396.735156] ? lock_downgrade+0x6e0/0x6e0 [ 396.739357] alloc_vfsmnt+0x23/0x7c0 [ 396.743074] clone_mnt+0x6c/0xf20 [ 396.746523] ? ida_simple_get+0x112/0x190 [ 396.750665] copy_tree+0xd3/0x860 [ 396.754129] copy_mnt_ns+0x112/0x8a0 [ 396.757855] ? copy_namespaces+0x112/0x310 [ 396.762090] ? cap_capable+0x1c4/0x230 [ 396.766065] create_new_namespaces+0xc9/0x730 [ 396.770568] ? security_capable+0x88/0xb0 [ 396.774896] copy_namespaces+0x27b/0x310 [ 396.778958] copy_process.part.0+0x2603/0x6a70 [ 396.783531] ? get_pid_task+0xb8/0x130 [ 396.787407] ? save_trace+0x290/0x290 [ 396.791200] ? __lock_is_held+0xad/0x140 [ 396.795262] ? __cleanup_sighand+0x40/0x40 [ 396.799496] ? lock_downgrade+0x6e0/0x6e0 [ 396.803644] _do_fork+0x180/0xc80 [ 396.807084] ? fork_idle+0x270/0x270 [ 396.810797] ? fput+0xb/0x140 [ 396.813901] ? SyS_write+0x14d/0x210 [ 396.817618] ? SyS_read+0x210/0x210 [ 396.821245] ? SyS_clock_settime+0x1a0/0x1a0 [ 396.825757] ? do_syscall_64+0x4c/0x640 [ 396.829726] ? sys_vfork+0x20/0x20 [ 396.833262] do_syscall_64+0x1d5/0x640 [ 396.837205] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 396.842402] RIP: 0033:0x45c849 [ 396.845590] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 396.853284] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 396.860638] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 396.867905] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 396.875196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 03:35:48 executing program 3 (fault-call:8 fault-nth:45): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 396.882512] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000013 03:35:48 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:48 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=""/178, 0xb2}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) r2 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) ioctl(r2, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") vmsplice(r1, &(0x7f0000000480)=[{&(0x7f0000000000)="8ae8d5f98d42b7b83fdb5705468d9e9602edc9759788c90e5f2c99bf18c1f6bd5b6b9efb39e1658f30ba99dbd713b740f2a234e30785d3309df04c8028e70776feb9a52b7c70f0f92bae6ccd42fc310bd18d6e4df5a3ace8fd07d2094b6f62145c"}, {&(0x7f0000000180)="e7d71f7812f2c5378347c403d2253160747c02cab90871eaa2b187c5d5865868e83851a3928908a6c6a79ec930bd70862e0a47593a9c7440874ac5072e3e17f745aa73d53734392a94048f0cbd8d5924edead5cce97372eb47b4721849c9ace446f48cb73fb790d4d9e18734f61b5d17fc6648d39acaecf9d2a8be77d19588fc5e43685ff1ba8de878731706bc75b18f822469bcf76e92873b781c89f18e74ab0d5d34c281eeafb907922850947c7a"}, {&(0x7f0000000500)="2eac338f21268c93e8a2cf15ba655fd93ba75c57d1ba7f8e7f3f0263ef7c624018fdb8598b169adfd4f86b859b38767c2c6ac4af4aee1cadcc8488a9d75d81062032c9c33100ca51a184247e5cec7fd16bbc4cd5f4d494e8c5c32a8dc89e16c7639b6ec9f171c43b595699b4734d1680914aa0946ff72508190f496219e78359ef7f7b05a57a82954deba3b579dd1f49469beffcbf07d11497866d6d2f8c1cfe14d757e480a8af4bac7cdb75178caf7b559d3f9730d03293003213966021f95ef63233704b48bd89d1856373087828fe42159843b1831df93a30b590979253fd49cabd58a5f3d1c266902d529ddf22078800"/253}, {&(0x7f0000000240)="029de1dcb2"}, {&(0x7f0000000600)="3c4144e31439026dfff560acfce826b2da221092f2b43e2bb5a08941b2516b0f6f009fb2708cb4280f566c5da3649f39be5f96d6b40cc4132be7fc4e285cbd727191f65df1188c085fe08f1d57256136faec006fd0aca79f05b5624763ccc1aca69b9a93385e157299ac42d055525a9fc986718a7569beade2c2f78b18d99b59929e90019801de9160556a4b61d3725162cd7f75e8ccf930c9a0d796d932c963d006e75004a54f6cd0"}], 0x10e2, 0xa) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x2, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 397.052621] FAULT_INJECTION: forcing a failure. [ 397.052621] name failslab, interval 1, probability 0, space 0, times 0 [ 397.064016] CPU: 0 PID: 15394 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 397.071963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 397.081310] Call Trace: [ 397.083911] dump_stack+0x13e/0x194 [ 397.087542] should_fail.cold+0x10a/0x14b [ 397.091698] should_failslab+0xd6/0x130 [ 397.095674] kmem_cache_alloc+0x2b5/0x770 03:35:48 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 397.099837] ? find_held_lock+0x2d/0x110 [ 397.103900] ? copy_tree+0x4a0/0x860 [ 397.107619] alloc_vfsmnt+0x23/0x7c0 [ 397.111333] clone_mnt+0x6c/0xf20 [ 397.114792] copy_tree+0x33a/0x860 [ 397.118327] copy_mnt_ns+0x112/0x8a0 [ 397.122039] ? copy_namespaces+0x112/0x310 [ 397.126284] ? cap_capable+0x1c4/0x230 [ 397.130188] create_new_namespaces+0xc9/0x730 [ 397.134679] ? security_capable+0x88/0xb0 [ 397.138822] copy_namespaces+0x27b/0x310 [ 397.142875] copy_process.part.0+0x2603/0x6a70 [ 397.147445] ? get_pid_task+0xb8/0x130 [ 397.151363] ? save_trace+0x290/0x290 [ 397.155145] ? __lock_is_held+0xad/0x140 [ 397.159283] ? __cleanup_sighand+0x40/0x40 [ 397.163501] ? lock_downgrade+0x6e0/0x6e0 [ 397.167644] _do_fork+0x180/0xc80 [ 397.171082] ? fork_idle+0x270/0x270 [ 397.174848] ? fput+0xb/0x140 [ 397.177944] ? SyS_write+0x14d/0x210 [ 397.181663] ? SyS_read+0x210/0x210 [ 397.185386] ? SyS_clock_settime+0x1a0/0x1a0 [ 397.189814] ? do_syscall_64+0x4c/0x640 [ 397.193784] ? sys_vfork+0x20/0x20 [ 397.197319] do_syscall_64+0x1d5/0x640 [ 397.201202] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 397.206376] RIP: 0033:0x45c849 [ 397.209553] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 397.217260] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 397.224523] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 397.231800] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 397.239065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 397.246380] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000002d 03:35:48 executing program 2 (fault-call:9 fault-nth:46): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 397.401809] FAULT_INJECTION: forcing a failure. [ 397.401809] name failslab, interval 1, probability 0, space 0, times 0 [ 397.413256] CPU: 0 PID: 15407 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 397.421165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 397.430528] Call Trace: [ 397.433135] dump_stack+0x13e/0x194 [ 397.436776] should_fail.cold+0x10a/0x14b [ 397.440941] should_failslab+0xd6/0x130 [ 397.444923] kmem_cache_alloc+0x2b5/0x770 [ 397.449081] ? find_held_lock+0x2d/0x110 [ 397.453151] ? copy_tree+0x4a0/0x860 [ 397.456878] alloc_vfsmnt+0x23/0x7c0 [ 397.460603] clone_mnt+0x6c/0xf20 [ 397.464071] copy_tree+0x33a/0x860 [ 397.467621] copy_mnt_ns+0x112/0x8a0 [ 397.471338] ? copy_namespaces+0x112/0x310 [ 397.475585] ? cap_capable+0x1c4/0x230 [ 397.479594] create_new_namespaces+0xc9/0x730 [ 397.484093] ? security_capable+0x88/0xb0 [ 397.488347] copy_namespaces+0x27b/0x310 [ 397.492420] copy_process.part.0+0x2603/0x6a70 [ 397.497013] ? get_pid_task+0xb8/0x130 [ 397.500912] ? save_trace+0x290/0x290 [ 397.504720] ? __lock_is_held+0xad/0x140 [ 397.508797] ? __cleanup_sighand+0x40/0x40 [ 397.513039] ? lock_downgrade+0x6e0/0x6e0 [ 397.517194] _do_fork+0x180/0xc80 [ 397.520664] ? fork_idle+0x270/0x270 [ 397.524382] ? fput+0xb/0x140 [ 397.527491] ? SyS_write+0x14d/0x210 [ 397.531205] ? SyS_read+0x210/0x210 [ 397.534835] ? SyS_clock_settime+0x1a0/0x1a0 [ 397.539246] ? do_syscall_64+0x4c/0x640 [ 397.543231] ? sys_vfork+0x20/0x20 [ 397.546783] do_syscall_64+0x1d5/0x640 [ 397.550684] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 397.555875] RIP: 0033:0x45c849 [ 397.559078] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 397.566793] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 397.574073] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 397.581344] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 397.588618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 03:35:48 executing program 0 (fault-call:10 fault-nth:20): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 397.597456] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000002e [ 397.691380] FAULT_INJECTION: forcing a failure. [ 397.691380] name failslab, interval 1, probability 0, space 0, times 0 [ 397.702860] CPU: 0 PID: 15410 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 397.710758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 397.720879] Call Trace: [ 397.723513] dump_stack+0x13e/0x194 [ 397.727145] should_fail.cold+0x10a/0x14b [ 397.731305] should_failslab+0xd6/0x130 [ 397.735266] kmem_cache_alloc+0x2b5/0x770 [ 397.739408] ? lock_downgrade+0x6e0/0x6e0 [ 397.743552] alloc_vfsmnt+0x23/0x7c0 [ 397.747256] clone_mnt+0x6c/0xf20 [ 397.750737] ? is_subdir+0x223/0x38a [ 397.754489] copy_tree+0x33a/0x860 [ 397.758038] copy_mnt_ns+0x112/0x8a0 [ 397.761769] ? copy_namespaces+0x112/0x310 [ 397.765999] ? cap_capable+0x1c4/0x230 [ 397.769890] create_new_namespaces+0xc9/0x730 [ 397.774386] ? security_capable+0x88/0xb0 [ 397.778537] copy_namespaces+0x27b/0x310 [ 397.782596] copy_process.part.0+0x2603/0x6a70 [ 397.787176] ? get_pid_task+0xb8/0x130 [ 397.791060] ? save_trace+0x290/0x290 [ 397.794861] ? __lock_is_held+0xad/0x140 [ 397.798933] ? __cleanup_sighand+0x40/0x40 [ 397.803160] ? lock_downgrade+0x6e0/0x6e0 [ 397.807295] _do_fork+0x180/0xc80 [ 397.810738] ? fork_idle+0x270/0x270 [ 397.814433] ? fput+0xb/0x140 [ 397.817579] ? SyS_write+0x14d/0x210 [ 397.821273] ? SyS_read+0x210/0x210 [ 397.824886] ? SyS_clock_settime+0x1a0/0x1a0 [ 397.829563] ? do_syscall_64+0x4c/0x640 [ 397.833544] ? sys_vfork+0x20/0x20 [ 397.837346] do_syscall_64+0x1d5/0x640 [ 397.841262] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 397.846455] RIP: 0033:0x45c849 [ 397.849634] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 397.857327] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 397.864582] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 397.871834] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 397.879084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 03:35:49 executing program 3 (fault-call:8 fault-nth:46): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 397.886335] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000014 03:35:49 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:49 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:49 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) sendmsg$NFT_MSG_GETGEN(r5, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x14, 0x10, 0xa, 0x801, 0x0, 0x0, {0x0, 0x0, 0x8}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x10) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 398.045681] FAULT_INJECTION: forcing a failure. [ 398.045681] name failslab, interval 1, probability 0, space 0, times 0 [ 398.057024] CPU: 0 PID: 15424 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 398.065203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 398.074570] Call Trace: [ 398.077176] dump_stack+0x13e/0x194 [ 398.080822] should_fail.cold+0x10a/0x14b [ 398.084996] should_failslab+0xd6/0x130 [ 398.088991] __kmalloc_track_caller+0x2e1/0x7b0 [ 398.093672] ? kstrdup_const+0x35/0x60 [ 398.097574] ? lock_acquire+0x170/0x3f0 [ 398.102043] ? lock_downgrade+0x6e0/0x6e0 [ 398.106203] kstrdup+0x36/0x70 [ 398.109406] kstrdup_const+0x35/0x60 [ 398.113129] alloc_vfsmnt+0xe0/0x7c0 [ 398.116855] clone_mnt+0x6c/0xf20 [ 398.120328] copy_tree+0x33a/0x860 [ 398.123882] copy_mnt_ns+0x112/0x8a0 [ 398.127607] ? copy_namespaces+0x112/0x310 [ 398.131932] ? cap_capable+0x1c4/0x230 [ 398.135829] create_new_namespaces+0xc9/0x730 [ 398.140329] ? security_capable+0x88/0xb0 [ 398.144487] copy_namespaces+0x27b/0x310 [ 398.148561] copy_process.part.0+0x2603/0x6a70 [ 398.153212] ? get_pid_task+0xb8/0x130 [ 398.157116] ? save_trace+0x290/0x290 [ 398.160924] ? __lock_is_held+0xad/0x140 [ 398.165003] ? __cleanup_sighand+0x40/0x40 [ 398.169244] ? lock_downgrade+0x6e0/0x6e0 [ 398.173400] _do_fork+0x180/0xc80 [ 398.176860] ? fork_idle+0x270/0x270 [ 398.180592] ? fput+0xb/0x140 [ 398.183702] ? SyS_write+0x14d/0x210 [ 398.187417] ? SyS_read+0x210/0x210 [ 398.191812] ? SyS_clock_settime+0x1a0/0x1a0 [ 398.196227] ? do_syscall_64+0x4c/0x640 [ 398.200208] ? sys_vfork+0x20/0x20 [ 398.203755] do_syscall_64+0x1d5/0x640 [ 398.207664] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 398.212862] RIP: 0033:0x45c849 [ 398.216051] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 398.223760] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 398.231029] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 398.238617] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 03:35:49 executing program 2 (fault-call:9 fault-nth:47): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 398.245885] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 398.253155] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000002e [ 398.395633] FAULT_INJECTION: forcing a failure. [ 398.395633] name failslab, interval 1, probability 0, space 0, times 0 [ 398.407125] CPU: 0 PID: 15431 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 398.415029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 398.424382] Call Trace: [ 398.426963] dump_stack+0x13e/0x194 [ 398.430594] should_fail.cold+0x10a/0x14b [ 398.434741] should_failslab+0xd6/0x130 [ 398.438697] kmem_cache_alloc+0x2b5/0x770 [ 398.442934] ? find_held_lock+0x2d/0x110 [ 398.446996] ? copy_tree+0x4a0/0x860 [ 398.450712] alloc_vfsmnt+0x23/0x7c0 [ 398.454430] clone_mnt+0x6c/0xf20 [ 398.457890] copy_tree+0x33a/0x860 [ 398.461444] copy_mnt_ns+0x112/0x8a0 [ 398.465147] ? copy_namespaces+0x112/0x310 [ 398.469367] ? cap_capable+0x1c4/0x230 [ 398.473247] create_new_namespaces+0xc9/0x730 [ 398.477734] ? security_capable+0x88/0xb0 [ 398.481868] copy_namespaces+0x27b/0x310 [ 398.485972] copy_process.part.0+0x2603/0x6a70 [ 398.490585] ? get_pid_task+0xb8/0x130 [ 398.494466] ? save_trace+0x290/0x290 [ 398.498289] ? __lock_is_held+0xad/0x140 [ 398.502362] ? __cleanup_sighand+0x40/0x40 [ 398.506608] ? lock_downgrade+0x6e0/0x6e0 [ 398.510751] _do_fork+0x180/0xc80 [ 398.514190] ? fork_idle+0x270/0x270 [ 398.517890] ? fput+0xb/0x140 [ 398.520991] ? SyS_write+0x14d/0x210 [ 398.524695] ? SyS_read+0x210/0x210 [ 398.528346] ? SyS_clock_settime+0x1a0/0x1a0 [ 398.532750] ? do_syscall_64+0x4c/0x640 [ 398.536710] ? sys_vfork+0x20/0x20 [ 398.540237] do_syscall_64+0x1d5/0x640 [ 398.544247] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 398.549439] RIP: 0033:0x45c849 [ 398.552620] RSP: 002b:00007f6efb30fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 398.560414] RAX: ffffffffffffffda RBX: 00007f6efb3106d4 RCX: 000000000045c849 [ 398.567670] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 398.574926] RBP: 000000000076bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 398.582195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 398.589473] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000002f 03:35:49 executing program 0 (fault-call:10 fault-nth:21): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 398.668050] FAULT_INJECTION: forcing a failure. [ 398.668050] name failslab, interval 1, probability 0, space 0, times 0 [ 398.679457] CPU: 1 PID: 15437 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 398.687355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 398.696718] Call Trace: [ 398.699323] dump_stack+0x13e/0x194 [ 398.702969] should_fail.cold+0x10a/0x14b [ 398.707134] should_failslab+0xd6/0x130 [ 398.711121] __kmalloc_track_caller+0x2e1/0x7b0 [ 398.715800] ? kstrdup_const+0x35/0x60 [ 398.719698] ? lock_acquire+0x170/0x3f0 [ 398.723690] ? lock_downgrade+0x6e0/0x6e0 [ 398.727852] kstrdup+0x36/0x70 [ 398.731055] kstrdup_const+0x35/0x60 [ 398.734776] alloc_vfsmnt+0xe0/0x7c0 [ 398.738520] clone_mnt+0x6c/0xf20 [ 398.741985] ? is_subdir+0x223/0x38a [ 398.745705] copy_tree+0x33a/0x860 [ 398.749256] copy_mnt_ns+0x112/0x8a0 [ 398.752976] ? copy_namespaces+0x112/0x310 [ 398.757217] ? cap_capable+0x1c4/0x230 [ 398.761120] create_new_namespaces+0xc9/0x730 [ 398.765619] ? security_capable+0x88/0xb0 [ 398.769774] copy_namespaces+0x27b/0x310 [ 398.773846] copy_process.part.0+0x2603/0x6a70 [ 398.778458] ? get_pid_task+0xb8/0x130 [ 398.782357] ? save_trace+0x290/0x290 [ 398.786171] ? __lock_is_held+0xad/0x140 [ 398.790249] ? __cleanup_sighand+0x40/0x40 [ 398.794494] ? lock_downgrade+0x6e0/0x6e0 [ 398.798660] _do_fork+0x180/0xc80 [ 398.802121] ? fork_idle+0x270/0x270 [ 398.805839] ? fput+0xb/0x140 [ 398.808948] ? SyS_write+0x14d/0x210 [ 398.812661] ? SyS_read+0x210/0x210 [ 398.816291] ? SyS_clock_settime+0x1a0/0x1a0 [ 398.820702] ? do_syscall_64+0x4c/0x640 [ 398.824694] ? sys_vfork+0x20/0x20 [ 398.828244] do_syscall_64+0x1d5/0x640 [ 398.832142] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 398.837364] RIP: 0033:0x45c849 [ 398.840567] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 398.848289] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 398.855566] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 03:35:50 executing program 3 (fault-call:8 fault-nth:47): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:50 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700), 0x0, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:50 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 398.862872] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 398.870148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 398.877427] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000015 03:35:50 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xc21e88fc2f9ad073, &(0x7f00000000c0)={0x9}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/commit_pending_bools\x00', 0x1, 0x0) sendmsg$NFNL_MSG_COMPAT_GET(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="8c000000000b05000000000000000000000000000000000000007a000800034000000001080002400000000208000340000000004cf407f838d2080002400000005f61636c5f6163636573736d696d655f747970657573657270707030cb7b6574683173656c696e75783a73656c6670707030000100000d0001008c626f786e6568347c9c66802fd26fa399b73e32468231d2dce6d25e767b329efca7a866d442a8547869b60f0053849e9b5003087ec32465f381e9adca7ea0d53c119000536855cf0e3b5c84fbdc42bbf0fba3e51d757915ef0ff462ddc5b18511e47095394f985f1550c2d61886cc0c8108d23bcd88a1a89b9bc1e01d4935430f"], 0x8c}, 0x1, 0x0, 0x0, 0x20004004}, 0xe34f89a893a71585) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 398.983609] FAULT_INJECTION: forcing a failure. [ 398.983609] name failslab, interval 1, probability 0, space 0, times 0 [ 398.994947] CPU: 0 PID: 15449 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 399.002848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 399.012212] Call Trace: [ 399.014819] dump_stack+0x13e/0x194 [ 399.018462] should_fail.cold+0x10a/0x14b [ 399.022631] should_failslab+0xd6/0x130 [ 399.026617] kmem_cache_alloc+0x2b5/0x770 [ 399.030778] ? find_held_lock+0x2d/0x110 [ 399.034848] ? copy_tree+0x4a0/0x860 [ 399.038603] alloc_vfsmnt+0x23/0x7c0 [ 399.042331] clone_mnt+0x6c/0xf20 [ 399.045795] copy_tree+0x33a/0x860 [ 399.049351] copy_mnt_ns+0x112/0x8a0 [ 399.053075] ? copy_namespaces+0x112/0x310 [ 399.057316] ? cap_capable+0x1c4/0x230 [ 399.061217] create_new_namespaces+0xc9/0x730 [ 399.065719] ? security_capable+0x88/0xb0 [ 399.069883] copy_namespaces+0x27b/0x310 [ 399.073960] copy_process.part.0+0x2603/0x6a70 [ 399.078560] ? get_pid_task+0xb8/0x130 [ 399.082459] ? save_trace+0x290/0x290 [ 399.086376] ? __lock_is_held+0xad/0x140 [ 399.090456] ? __cleanup_sighand+0x40/0x40 [ 399.094702] ? lock_downgrade+0x6e0/0x6e0 [ 399.098869] _do_fork+0x180/0xc80 [ 399.102336] ? fork_idle+0x270/0x270 [ 399.106055] ? fput+0xb/0x140 [ 399.109165] ? SyS_write+0x14d/0x210 [ 399.112886] ? SyS_read+0x210/0x210 [ 399.116518] ? SyS_clock_settime+0x1a0/0x1a0 [ 399.120935] ? do_syscall_64+0x4c/0x640 [ 399.125055] ? sys_vfork+0x20/0x20 [ 399.128613] do_syscall_64+0x1d5/0x640 [ 399.132521] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 399.137713] RIP: 0033:0x45c849 [ 399.140905] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 399.148622] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 399.155900] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 399.163181] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 399.170467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 03:35:50 executing program 2 (fault-call:9 fault-nth:48): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 399.178529] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000002f [ 399.352908] FAULT_INJECTION: forcing a failure. [ 399.352908] name failslab, interval 1, probability 0, space 0, times 0 [ 399.364446] CPU: 0 PID: 15464 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 399.372348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 399.381708] Call Trace: [ 399.384413] dump_stack+0x13e/0x194 [ 399.388062] should_fail.cold+0x10a/0x14b [ 399.392224] should_failslab+0xd6/0x130 [ 399.396214] __kmalloc_track_caller+0x2e1/0x7b0 [ 399.400891] ? kstrdup_const+0x35/0x60 [ 399.404788] ? lock_acquire+0x170/0x3f0 [ 399.408768] ? lock_downgrade+0x6e0/0x6e0 [ 399.412923] kstrdup+0x36/0x70 [ 399.416132] kstrdup_const+0x35/0x60 [ 399.419858] alloc_vfsmnt+0xe0/0x7c0 [ 399.423578] clone_mnt+0x6c/0xf20 [ 399.427045] copy_tree+0x33a/0x860 [ 399.430599] copy_mnt_ns+0x112/0x8a0 [ 399.434319] ? copy_namespaces+0x112/0x310 [ 399.438559] ? cap_capable+0x1c4/0x230 [ 399.442452] create_new_namespaces+0xc9/0x730 [ 399.446951] ? security_capable+0x88/0xb0 [ 399.451115] copy_namespaces+0x27b/0x310 [ 399.455186] copy_process.part.0+0x2603/0x6a70 [ 399.459776] ? get_pid_task+0xb8/0x130 [ 399.463668] ? save_trace+0x290/0x290 [ 399.467475] ? __lock_is_held+0xad/0x140 [ 399.471551] ? __cleanup_sighand+0x40/0x40 [ 399.475791] ? lock_downgrade+0x6e0/0x6e0 [ 399.479949] _do_fork+0x180/0xc80 [ 399.483417] ? fork_idle+0x270/0x270 [ 399.487136] ? fput+0xb/0x140 [ 399.490245] ? SyS_write+0x14d/0x210 [ 399.493958] ? SyS_read+0x210/0x210 [ 399.497593] ? SyS_clock_settime+0x1a0/0x1a0 [ 399.502007] ? do_syscall_64+0x4c/0x640 [ 399.505990] ? sys_vfork+0x20/0x20 [ 399.509539] do_syscall_64+0x1d5/0x640 [ 399.513437] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 399.518625] RIP: 0033:0x45c849 [ 399.521813] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 399.529532] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 399.536804] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 399.544079] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 03:35:50 executing program 0 (fault-call:10 fault-nth:22): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 399.551354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 399.558626] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000030 [ 399.674606] FAULT_INJECTION: forcing a failure. [ 399.674606] name failslab, interval 1, probability 0, space 0, times 0 [ 399.685959] CPU: 1 PID: 15467 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 399.693856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 399.703223] Call Trace: [ 399.705828] dump_stack+0x13e/0x194 [ 399.709474] should_fail.cold+0x10a/0x14b [ 399.713640] should_failslab+0xd6/0x130 [ 399.717626] __kmalloc_track_caller+0x2e1/0x7b0 [ 399.722304] ? kstrdup_const+0x35/0x60 [ 399.726205] ? lock_acquire+0x170/0x3f0 [ 399.730192] ? lock_downgrade+0x6e0/0x6e0 [ 399.734349] kstrdup+0x36/0x70 [ 399.737552] kstrdup_const+0x35/0x60 [ 399.741271] alloc_vfsmnt+0xe0/0x7c0 [ 399.744990] clone_mnt+0x6c/0xf20 [ 399.748447] ? is_subdir+0x223/0x38a [ 399.752167] copy_tree+0x33a/0x860 [ 399.755717] copy_mnt_ns+0x112/0x8a0 [ 399.759436] ? copy_namespaces+0x112/0x310 [ 399.763676] ? cap_capable+0x1c4/0x230 [ 399.767572] create_new_namespaces+0xc9/0x730 [ 399.772073] ? security_capable+0x88/0xb0 [ 399.776231] copy_namespaces+0x27b/0x310 [ 399.780300] copy_process.part.0+0x2603/0x6a70 [ 399.784891] ? get_pid_task+0xb8/0x130 [ 399.788789] ? save_trace+0x290/0x290 [ 399.792600] ? __lock_is_held+0xad/0x140 [ 399.796675] ? __cleanup_sighand+0x40/0x40 [ 399.800916] ? lock_downgrade+0x6e0/0x6e0 [ 399.805080] _do_fork+0x180/0xc80 [ 399.808552] ? fork_idle+0x270/0x270 [ 399.812272] ? fput+0xb/0x140 [ 399.815379] ? SyS_write+0x14d/0x210 [ 399.819097] ? SyS_read+0x210/0x210 [ 399.822733] ? SyS_clock_settime+0x1a0/0x1a0 [ 399.827143] ? do_syscall_64+0x4c/0x640 [ 399.831122] ? sys_vfork+0x20/0x20 [ 399.834669] do_syscall_64+0x1d5/0x640 [ 399.838571] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 399.843760] RIP: 0033:0x45c849 [ 399.846948] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 399.854659] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 399.861934] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 03:35:51 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700), 0x0, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:51 executing program 3 (fault-call:8 fault-nth:48): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:51 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 399.869208] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 399.876481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 399.883763] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000016 [ 400.031870] FAULT_INJECTION: forcing a failure. [ 400.031870] name failslab, interval 1, probability 0, space 0, times 0 [ 400.043285] CPU: 0 PID: 15478 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 400.051194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 400.060553] Call Trace: [ 400.063154] dump_stack+0x13e/0x194 [ 400.066799] should_fail.cold+0x10a/0x14b [ 400.071653] should_failslab+0xd6/0x130 [ 400.075637] __kmalloc_track_caller+0x2e1/0x7b0 [ 400.080332] ? kstrdup_const+0x35/0x60 [ 400.084362] ? lock_acquire+0x170/0x3f0 [ 400.088344] ? lock_downgrade+0x6e0/0x6e0 [ 400.092502] kstrdup+0x36/0x70 [ 400.095701] kstrdup_const+0x35/0x60 [ 400.099424] alloc_vfsmnt+0xe0/0x7c0 [ 400.103140] clone_mnt+0x6c/0xf20 [ 400.106603] copy_tree+0x33a/0x860 [ 400.110156] copy_mnt_ns+0x112/0x8a0 [ 400.113887] ? copy_namespaces+0x112/0x310 [ 400.118140] ? cap_capable+0x1c4/0x230 [ 400.122036] create_new_namespaces+0xc9/0x730 [ 400.126650] ? security_capable+0x88/0xb0 [ 400.130911] copy_namespaces+0x27b/0x310 [ 400.134986] copy_process.part.0+0x2603/0x6a70 [ 400.139580] ? get_pid_task+0xb8/0x130 [ 400.143474] ? save_trace+0x290/0x290 [ 400.147278] ? __lock_is_held+0xad/0x140 [ 400.151354] ? __cleanup_sighand+0x40/0x40 [ 400.155591] ? lock_downgrade+0x6e0/0x6e0 [ 400.160444] _do_fork+0x180/0xc80 [ 400.163900] ? fork_idle+0x270/0x270 [ 400.167617] ? fput+0xb/0x140 [ 400.170725] ? SyS_write+0x14d/0x210 [ 400.174444] ? SyS_read+0x210/0x210 [ 400.178078] ? SyS_clock_settime+0x1a0/0x1a0 [ 400.182515] ? do_syscall_64+0x4c/0x640 [ 400.186496] ? sys_vfork+0x20/0x20 [ 400.190039] do_syscall_64+0x1d5/0x640 [ 400.194060] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 400.199253] RIP: 0033:0x45c849 [ 400.202444] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 400.210165] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 400.217437] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 400.224720] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 03:35:51 executing program 2 (fault-call:9 fault-nth:49): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 400.231995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 400.239273] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000030 03:35:51 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x20, 0x3, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:51 executing program 0 (fault-call:10 fault-nth:23): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 400.402614] FAULT_INJECTION: forcing a failure. [ 400.402614] name failslab, interval 1, probability 0, space 0, times 0 [ 400.414144] CPU: 1 PID: 15485 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 400.422061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 400.431420] Call Trace: [ 400.434020] dump_stack+0x13e/0x194 [ 400.437666] should_fail.cold+0x10a/0x14b [ 400.441830] should_failslab+0xd6/0x130 [ 400.445813] kmem_cache_alloc+0x2b5/0x770 [ 400.449970] ? find_held_lock+0x2d/0x110 [ 400.454167] ? copy_tree+0x4a0/0x860 [ 400.457883] alloc_vfsmnt+0x23/0x7c0 [ 400.461595] clone_mnt+0x6c/0xf20 [ 400.465052] copy_tree+0x33a/0x860 [ 400.468602] copy_mnt_ns+0x112/0x8a0 [ 400.472326] ? copy_namespaces+0x112/0x310 [ 400.476567] ? cap_capable+0x1c4/0x230 [ 400.480462] create_new_namespaces+0xc9/0x730 [ 400.484959] ? security_capable+0x88/0xb0 [ 400.489116] copy_namespaces+0x27b/0x310 [ 400.493192] copy_process.part.0+0x2603/0x6a70 [ 400.497794] ? get_pid_task+0xb8/0x130 [ 400.501688] ? save_trace+0x290/0x290 [ 400.505492] ? __lock_is_held+0xad/0x140 [ 400.509657] ? __cleanup_sighand+0x40/0x40 [ 400.513902] ? lock_downgrade+0x6e0/0x6e0 [ 400.518065] _do_fork+0x180/0xc80 [ 400.521545] ? fork_idle+0x270/0x270 [ 400.525349] ? fput+0xb/0x140 [ 400.529412] ? SyS_write+0x14d/0x210 [ 400.533128] ? SyS_read+0x210/0x210 [ 400.536759] ? SyS_clock_settime+0x1a0/0x1a0 [ 400.541177] ? do_syscall_64+0x4c/0x640 [ 400.545157] ? sys_vfork+0x20/0x20 [ 400.548701] do_syscall_64+0x1d5/0x640 [ 400.552598] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 400.557788] RIP: 0033:0x45c849 [ 400.560979] RSP: 002b:00007f6efb30fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 400.568691] RAX: ffffffffffffffda RBX: 00007f6efb3106d4 RCX: 000000000045c849 [ 400.575963] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 400.583235] RBP: 000000000076bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 400.590507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 400.598738] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000031 [ 400.607097] FAULT_INJECTION: forcing a failure. [ 400.607097] name failslab, interval 1, probability 0, space 0, times 0 [ 400.618543] CPU: 1 PID: 15495 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 400.626434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 400.635792] Call Trace: [ 400.638385] dump_stack+0x13e/0x194 [ 400.642032] should_fail.cold+0x10a/0x14b [ 400.646188] should_failslab+0xd6/0x130 [ 400.650171] __kmalloc_track_caller+0x2e1/0x7b0 [ 400.654847] ? kstrdup_const+0x35/0x60 [ 400.658744] ? lock_acquire+0x170/0x3f0 [ 400.662722] ? lock_downgrade+0x6e0/0x6e0 [ 400.666876] kstrdup+0x36/0x70 [ 400.670068] kstrdup_const+0x35/0x60 [ 400.673791] alloc_vfsmnt+0xe0/0x7c0 [ 400.677520] clone_mnt+0x6c/0xf20 [ 400.680986] copy_tree+0x33a/0x860 [ 400.684539] copy_mnt_ns+0x112/0x8a0 [ 400.688256] ? copy_namespaces+0x112/0x310 [ 400.692495] ? cap_capable+0x1c4/0x230 [ 400.696384] create_new_namespaces+0xc9/0x730 [ 400.700882] ? security_capable+0x88/0xb0 [ 400.705044] copy_namespaces+0x27b/0x310 [ 400.709114] copy_process.part.0+0x2603/0x6a70 [ 400.713707] ? get_pid_task+0xb8/0x130 [ 400.717599] ? save_trace+0x290/0x290 [ 400.721415] ? __lock_is_held+0xad/0x140 [ 400.730205] ? __cleanup_sighand+0x40/0x40 [ 400.734553] ? lock_downgrade+0x6e0/0x6e0 [ 400.738717] _do_fork+0x180/0xc80 [ 400.742284] ? fork_idle+0x270/0x270 [ 400.746004] ? fput+0xb/0x140 [ 400.749121] ? SyS_write+0x14d/0x210 [ 400.752839] ? SyS_read+0x210/0x210 [ 400.756468] ? SyS_clock_settime+0x1a0/0x1a0 [ 400.760883] ? do_syscall_64+0x4c/0x640 [ 400.764860] ? sys_vfork+0x20/0x20 [ 400.768407] do_syscall_64+0x1d5/0x640 [ 400.772318] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 400.777510] RIP: 0033:0x45c849 [ 400.780696] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 400.788412] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 400.795684] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 03:35:51 executing program 3 (fault-call:8 fault-nth:49): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:52 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:52 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700), 0x0, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 400.802959] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 400.810234] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 400.817513] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000017 [ 400.957191] FAULT_INJECTION: forcing a failure. [ 400.957191] name failslab, interval 1, probability 0, space 0, times 0 [ 400.969101] CPU: 0 PID: 15509 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 400.976987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 400.986338] Call Trace: [ 400.988935] dump_stack+0x13e/0x194 [ 400.992559] should_fail.cold+0x10a/0x14b [ 400.996700] should_failslab+0xd6/0x130 [ 401.000674] __kmalloc_track_caller+0x2e1/0x7b0 [ 401.005365] ? kstrdup_const+0x35/0x60 [ 401.009256] ? lock_acquire+0x170/0x3f0 [ 401.013279] ? lock_downgrade+0x6e0/0x6e0 [ 401.017411] kstrdup+0x36/0x70 [ 401.020590] kstrdup_const+0x35/0x60 [ 401.024312] alloc_vfsmnt+0xe0/0x7c0 [ 401.028034] clone_mnt+0x6c/0xf20 [ 401.031498] copy_tree+0x33a/0x860 [ 401.035041] copy_mnt_ns+0x112/0x8a0 [ 401.038861] ? copy_namespaces+0x112/0x310 [ 401.043241] ? cap_capable+0x1c4/0x230 [ 401.047127] create_new_namespaces+0xc9/0x730 [ 401.051647] ? security_capable+0x88/0xb0 [ 401.055800] copy_namespaces+0x27b/0x310 [ 401.059857] copy_process.part.0+0x2603/0x6a70 [ 401.064437] ? get_pid_task+0xb8/0x130 [ 401.068326] ? save_trace+0x290/0x290 [ 401.072121] ? __lock_is_held+0xad/0x140 [ 401.076189] ? __cleanup_sighand+0x40/0x40 [ 401.080413] ? lock_downgrade+0x6e0/0x6e0 [ 401.084553] _do_fork+0x180/0xc80 [ 401.087994] ? fork_idle+0x270/0x270 [ 401.091699] ? fput+0xb/0x140 [ 401.094801] ? SyS_write+0x14d/0x210 [ 401.098501] ? SyS_read+0x210/0x210 [ 401.102121] ? SyS_clock_settime+0x1a0/0x1a0 [ 401.106829] ? do_syscall_64+0x4c/0x640 [ 401.110807] ? sys_vfork+0x20/0x20 [ 401.114357] do_syscall_64+0x1d5/0x640 [ 401.118262] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 401.123450] RIP: 0033:0x45c849 [ 401.126648] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 401.134359] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 401.141627] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 401.148980] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 03:35:52 executing program 2 (fault-call:9 fault-nth:50): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 401.156243] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 401.163641] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000031 [ 401.223985] FAULT_INJECTION: forcing a failure. [ 401.223985] name failslab, interval 1, probability 0, space 0, times 0 [ 401.235635] CPU: 1 PID: 15512 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 401.243533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 401.252914] Call Trace: [ 401.255625] dump_stack+0x13e/0x194 [ 401.259270] should_fail.cold+0x10a/0x14b [ 401.263431] should_failslab+0xd6/0x130 [ 401.267416] __kmalloc_track_caller+0x2e1/0x7b0 [ 401.272092] ? kstrdup_const+0x35/0x60 [ 401.275989] ? lock_acquire+0x170/0x3f0 [ 401.279968] ? lock_downgrade+0x6e0/0x6e0 [ 401.284120] kstrdup+0x36/0x70 [ 401.287323] kstrdup_const+0x35/0x60 [ 401.291044] alloc_vfsmnt+0xe0/0x7c0 [ 401.294764] clone_mnt+0x6c/0xf20 [ 401.298229] copy_tree+0x33a/0x860 [ 401.301780] copy_mnt_ns+0x112/0x8a0 [ 401.305500] ? copy_namespaces+0x112/0x310 [ 401.309737] ? cap_capable+0x1c4/0x230 [ 401.313628] create_new_namespaces+0xc9/0x730 [ 401.318126] ? security_capable+0x88/0xb0 03:35:52 executing program 0 (fault-call:10 fault-nth:24): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 401.322285] copy_namespaces+0x27b/0x310 [ 401.326356] copy_process.part.0+0x2603/0x6a70 [ 401.331081] ? get_pid_task+0xb8/0x130 [ 401.334983] ? save_trace+0x290/0x290 [ 401.338799] ? __lock_is_held+0xad/0x140 [ 401.344362] ? __cleanup_sighand+0x40/0x40 [ 401.348715] ? lock_downgrade+0x6e0/0x6e0 [ 401.352878] _do_fork+0x180/0xc80 [ 401.356339] ? fork_idle+0x270/0x270 [ 401.360056] ? fput+0xb/0x140 [ 401.363160] ? SyS_write+0x14d/0x210 [ 401.366872] ? SyS_read+0x210/0x210 03:35:52 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$IMGETDEVINFO(r2, 0x80044944, &(0x7f0000000000)={0x6}) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) vmsplice(r4, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 401.370497] ? SyS_clock_settime+0x1a0/0x1a0 [ 401.374903] ? do_syscall_64+0x4c/0x640 [ 401.378878] ? sys_vfork+0x20/0x20 [ 401.382426] do_syscall_64+0x1d5/0x640 [ 401.386324] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 401.391515] RIP: 0033:0x45c849 [ 401.394705] RSP: 002b:00007f6efb30fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 401.402416] RAX: ffffffffffffffda RBX: 00007f6efb3106d4 RCX: 000000000045c849 [ 401.409684] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 401.417668] RBP: 000000000076bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 401.424945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 401.432213] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000032 [ 401.511240] FAULT_INJECTION: forcing a failure. [ 401.511240] name failslab, interval 1, probability 0, space 0, times 0 [ 401.522723] CPU: 1 PID: 15525 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 401.530613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 401.541362] Call Trace: [ 401.543959] dump_stack+0x13e/0x194 [ 401.547603] should_fail.cold+0x10a/0x14b [ 401.551864] should_failslab+0xd6/0x130 [ 401.555848] kmem_cache_alloc+0x2b5/0x770 [ 401.560106] ? find_held_lock+0x2d/0x110 [ 401.564171] ? copy_tree+0x4a0/0x860 [ 401.567899] alloc_vfsmnt+0x23/0x7c0 [ 401.571815] clone_mnt+0x6c/0xf20 [ 401.579110] copy_tree+0x33a/0x860 [ 401.582666] copy_mnt_ns+0x112/0x8a0 [ 401.586385] ? copy_namespaces+0x112/0x310 [ 401.590618] ? cap_capable+0x1c4/0x230 [ 401.594512] create_new_namespaces+0xc9/0x730 [ 401.599010] ? security_capable+0x88/0xb0 [ 401.603164] copy_namespaces+0x27b/0x310 [ 401.607234] copy_process.part.0+0x2603/0x6a70 [ 401.611843] ? get_pid_task+0xb8/0x130 [ 401.615734] ? save_trace+0x290/0x290 [ 401.619537] ? __lock_is_held+0xad/0x140 [ 401.623606] ? __cleanup_sighand+0x40/0x40 [ 401.627846] ? lock_downgrade+0x6e0/0x6e0 [ 401.632003] _do_fork+0x180/0xc80 [ 401.635466] ? fork_idle+0x270/0x270 [ 401.639182] ? fput+0xb/0x140 [ 401.642297] ? SyS_write+0x14d/0x210 [ 401.646012] ? SyS_read+0x210/0x210 [ 401.649643] ? SyS_clock_settime+0x1a0/0x1a0 [ 401.654052] ? do_syscall_64+0x4c/0x640 [ 401.658038] ? sys_vfork+0x20/0x20 [ 401.661583] do_syscall_64+0x1d5/0x640 [ 401.665505] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 401.670743] RIP: 0033:0x45c849 [ 401.674016] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 401.681731] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 401.689002] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 401.696275] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 401.704070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 03:35:52 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:52 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:52 executing program 3 (fault-call:8 fault-nth:50): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 401.711340] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000018 [ 401.849546] FAULT_INJECTION: forcing a failure. [ 401.849546] name failslab, interval 1, probability 0, space 0, times 0 [ 401.861050] CPU: 0 PID: 15537 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 401.868944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 401.878288] Call Trace: [ 401.880866] dump_stack+0x13e/0x194 [ 401.884534] should_fail.cold+0x10a/0x14b [ 401.888679] should_failslab+0xd6/0x130 [ 401.892649] __kmalloc_track_caller+0x2e1/0x7b0 [ 401.897301] ? kstrdup_const+0x35/0x60 [ 401.901176] ? lock_acquire+0x170/0x3f0 [ 401.905130] ? lock_downgrade+0x6e0/0x6e0 [ 401.909325] kstrdup+0x36/0x70 [ 401.912641] kstrdup_const+0x35/0x60 [ 401.916382] alloc_vfsmnt+0xe0/0x7c0 [ 401.920094] clone_mnt+0x6c/0xf20 [ 401.923535] copy_tree+0x33a/0x860 [ 401.927082] copy_mnt_ns+0x112/0x8a0 [ 401.931845] ? copy_namespaces+0x112/0x310 [ 401.936115] ? cap_capable+0x1c4/0x230 [ 401.939991] create_new_namespaces+0xc9/0x730 [ 401.944848] ? security_capable+0x88/0xb0 [ 401.948995] copy_namespaces+0x27b/0x310 [ 401.953069] copy_process.part.0+0x2603/0x6a70 [ 401.957996] ? get_pid_task+0xb8/0x130 [ 401.961876] ? save_trace+0x290/0x290 [ 401.965672] ? __lock_is_held+0xad/0x140 [ 401.969791] ? __cleanup_sighand+0x40/0x40 [ 401.974026] ? lock_downgrade+0x6e0/0x6e0 [ 401.978160] _do_fork+0x180/0xc80 [ 401.981617] ? fork_idle+0x270/0x270 [ 401.985364] ? fput+0xb/0x140 [ 401.988471] ? SyS_write+0x14d/0x210 [ 401.992179] ? SyS_read+0x210/0x210 [ 401.995799] ? SyS_clock_settime+0x1a0/0x1a0 [ 402.000196] ? do_syscall_64+0x4c/0x640 [ 402.004158] ? sys_vfork+0x20/0x20 [ 402.007686] do_syscall_64+0x1d5/0x640 [ 402.011572] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 402.016764] RIP: 0033:0x45c849 [ 402.019946] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 402.027639] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 402.034897] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 402.042339] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 03:35:53 executing program 2 (fault-call:9 fault-nth:51): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 402.049720] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 402.056989] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000032 [ 402.197474] FAULT_INJECTION: forcing a failure. [ 402.197474] name failslab, interval 1, probability 0, space 0, times 0 [ 402.208964] CPU: 1 PID: 15545 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 402.216928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 402.226286] Call Trace: [ 402.228884] dump_stack+0x13e/0x194 [ 402.232526] should_fail.cold+0x10a/0x14b [ 402.236688] should_failslab+0xd6/0x130 [ 402.240671] kmem_cache_alloc+0x2b5/0x770 [ 402.244910] ? retire_userns_sysctls+0x80/0x80 [ 402.249502] copy_pid_ns+0x1b2/0xa70 [ 402.253351] ? copy_ipcs+0x2c4/0x3e0 [ 402.257101] create_new_namespaces+0x25f/0x730 [ 402.261703] copy_namespaces+0x27b/0x310 [ 402.265779] copy_process.part.0+0x2603/0x6a70 [ 402.270372] ? get_pid_task+0xb8/0x130 [ 402.274266] ? save_trace+0x290/0x290 [ 402.278071] ? __lock_is_held+0xad/0x140 [ 402.282140] ? __cleanup_sighand+0x40/0x40 [ 402.286376] ? lock_downgrade+0x6e0/0x6e0 [ 402.290532] _do_fork+0x180/0xc80 [ 402.294182] ? fork_idle+0x270/0x270 03:35:53 executing program 0 (fault-call:10 fault-nth:25): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 402.297901] ? fput+0xb/0x140 [ 402.301019] ? SyS_write+0x14d/0x210 [ 402.304730] ? SyS_read+0x210/0x210 [ 402.308355] ? SyS_clock_settime+0x1a0/0x1a0 [ 402.312764] ? do_syscall_64+0x4c/0x640 [ 402.318308] ? sys_vfork+0x20/0x20 [ 402.321853] do_syscall_64+0x1d5/0x640 [ 402.325753] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 402.330942] RIP: 0033:0x45c849 [ 402.334127] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 402.341832] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 402.349101] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 402.356371] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 402.363642] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 402.370915] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000033 03:35:53 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) r0 = add_key(&(0x7f0000000200)='user\x00', &(0x7f0000000240)={'syz', 0x0}, &(0x7f00000002c0)="f6", 0x1, 0xfffffffffffffffe) keyctl$revoke(0x3, r0) r1 = add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x0}, 0x0, 0x0, r0) add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, r1) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) vmsplice(r3, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 402.482449] FAULT_INJECTION: forcing a failure. [ 402.482449] name failslab, interval 1, probability 0, space 0, times 0 [ 402.493911] CPU: 0 PID: 15555 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 402.501805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 402.511161] Call Trace: [ 402.513765] dump_stack+0x13e/0x194 [ 402.517409] should_fail.cold+0x10a/0x14b [ 402.524085] should_failslab+0xd6/0x130 [ 402.528071] __kmalloc_track_caller+0x2e1/0x7b0 [ 402.532772] ? kstrdup_const+0x35/0x60 [ 402.536680] ? lock_acquire+0x170/0x3f0 [ 402.540840] ? lock_downgrade+0x6e0/0x6e0 [ 402.545021] kstrdup+0x36/0x70 [ 402.548222] kstrdup_const+0x35/0x60 [ 402.551944] alloc_vfsmnt+0xe0/0x7c0 [ 402.555667] clone_mnt+0x6c/0xf20 [ 402.559216] copy_tree+0x33a/0x860 [ 402.562773] copy_mnt_ns+0x112/0x8a0 [ 402.566494] ? copy_namespaces+0x112/0x310 [ 402.570738] ? cap_capable+0x1c4/0x230 [ 402.574722] create_new_namespaces+0xc9/0x730 [ 402.579224] ? security_capable+0x88/0xb0 [ 402.583386] copy_namespaces+0x27b/0x310 [ 402.587458] copy_process.part.0+0x2603/0x6a70 [ 402.592055] ? get_pid_task+0xb8/0x130 [ 402.595947] ? save_trace+0x290/0x290 [ 402.599752] ? __lock_is_held+0xad/0x140 [ 402.603829] ? __cleanup_sighand+0x40/0x40 [ 402.608071] ? lock_downgrade+0x6e0/0x6e0 [ 402.612231] _do_fork+0x180/0xc80 [ 402.615694] ? fork_idle+0x270/0x270 [ 402.619416] ? fput+0xb/0x140 [ 402.622875] ? SyS_write+0x14d/0x210 [ 402.626596] ? SyS_read+0x210/0x210 [ 402.630228] ? SyS_clock_settime+0x1a0/0x1a0 [ 402.634649] ? do_syscall_64+0x4c/0x640 [ 402.639417] ? sys_vfork+0x20/0x20 [ 402.642967] do_syscall_64+0x1d5/0x640 [ 402.646870] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 402.652059] RIP: 0033:0x45c849 [ 402.655249] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 402.663225] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 402.670498] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 03:35:53 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:53 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 402.677773] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 402.685044] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 402.692317] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000019 03:35:53 executing program 3 (fault-call:8 fault-nth:51): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 402.847890] FAULT_INJECTION: forcing a failure. [ 402.847890] name failslab, interval 1, probability 0, space 0, times 0 [ 402.859361] CPU: 0 PID: 15569 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 402.867446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 402.876806] Call Trace: [ 402.879411] dump_stack+0x13e/0x194 [ 402.883052] should_fail.cold+0x10a/0x14b [ 402.887217] should_failslab+0xd6/0x130 [ 402.891201] kmem_cache_alloc+0x2b5/0x770 [ 402.895367] ? retire_userns_sysctls+0x80/0x80 [ 402.899962] copy_pid_ns+0x1b2/0xa70 [ 402.903686] ? copy_ipcs+0x2c4/0x3e0 [ 402.907411] create_new_namespaces+0x25f/0x730 [ 402.912002] copy_namespaces+0x27b/0x310 [ 402.916075] copy_process.part.0+0x2603/0x6a70 [ 402.920670] ? get_pid_task+0xb8/0x130 [ 402.924567] ? save_trace+0x290/0x290 [ 402.928381] ? __lock_is_held+0xad/0x140 [ 402.932458] ? __cleanup_sighand+0x40/0x40 [ 402.936701] ? lock_downgrade+0x6e0/0x6e0 [ 402.940862] _do_fork+0x180/0xc80 [ 402.944324] ? fork_idle+0x270/0x270 [ 402.948051] ? fput+0xb/0x140 [ 402.951158] ? SyS_write+0x14d/0x210 [ 402.955226] ? SyS_read+0x210/0x210 [ 402.958859] ? SyS_clock_settime+0x1a0/0x1a0 [ 402.963276] ? do_syscall_64+0x4c/0x640 [ 402.967255] ? sys_vfork+0x20/0x20 [ 402.970802] do_syscall_64+0x1d5/0x640 [ 402.974704] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 402.979912] RIP: 0033:0x45c849 [ 402.983103] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 402.990815] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 03:35:54 executing program 2 (fault-call:9 fault-nth:52): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 402.998085] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 403.005361] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 403.012635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 403.019909] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000033 03:35:54 executing program 0 (fault-call:10 fault-nth:26): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 403.181940] FAULT_INJECTION: forcing a failure. [ 403.181940] name failslab, interval 1, probability 0, space 0, times 0 [ 403.193828] CPU: 1 PID: 15577 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 403.202248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 403.211609] Call Trace: [ 403.214208] dump_stack+0x13e/0x194 [ 403.217864] should_fail.cold+0x10a/0x14b [ 403.222021] should_failslab+0xd6/0x130 [ 403.225997] kmem_cache_alloc_trace+0x2db/0x7b0 [ 403.230665] ? kmem_cache_alloc+0x604/0x770 [ 403.235042] ? retire_userns_sysctls+0x80/0x80 [ 403.239818] copy_pid_ns+0x1f8/0xa70 [ 403.243531] ? copy_ipcs+0x2c4/0x3e0 [ 403.247243] create_new_namespaces+0x25f/0x730 [ 403.251833] copy_namespaces+0x27b/0x310 [ 403.255902] copy_process.part.0+0x2603/0x6a70 [ 403.260493] ? get_pid_task+0xb8/0x130 [ 403.264384] ? save_trace+0x290/0x290 [ 403.268201] ? __lock_is_held+0xad/0x140 [ 403.272277] ? __cleanup_sighand+0x40/0x40 [ 403.276523] ? lock_downgrade+0x6e0/0x6e0 [ 403.280690] _do_fork+0x180/0xc80 [ 403.284155] ? fork_idle+0x270/0x270 [ 403.287872] ? fput+0xb/0x140 [ 403.291070] ? SyS_write+0x14d/0x210 [ 403.294785] ? SyS_read+0x210/0x210 [ 403.298419] ? SyS_clock_settime+0x1a0/0x1a0 [ 403.299374] FAULT_INJECTION: forcing a failure. [ 403.299374] name failslab, interval 1, probability 0, space 0, times 0 [ 403.302829] ? do_syscall_64+0x4c/0x640 [ 403.302840] ? sys_vfork+0x20/0x20 [ 403.302850] do_syscall_64+0x1d5/0x640 [ 403.302866] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 403.302873] RIP: 0033:0x45c849 [ 403.302878] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 403.302888] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 403.302894] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 403.302899] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 403.302910] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 403.370561] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000034 [ 403.377850] CPU: 0 PID: 15582 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 403.385737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 403.395094] Call Trace: [ 403.397676] dump_stack+0x13e/0x194 [ 403.401298] should_fail.cold+0x10a/0x14b [ 403.405443] should_failslab+0xd6/0x130 [ 403.409404] kmem_cache_alloc+0x2b5/0x770 [ 403.413538] ? find_held_lock+0x2d/0x110 [ 403.417588] ? copy_tree+0x4a0/0x860 [ 403.421284] alloc_vfsmnt+0x23/0x7c0 [ 403.424982] clone_mnt+0x6c/0xf20 [ 403.428538] copy_tree+0x33a/0x860 03:35:54 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) r3 = openat$cgroup_ro(r2, &(0x7f0000000000)='cpu.stat\x00', 0x0, 0x0) sendto$x25(r3, &(0x7f0000000040)="205907c4fe5a122ae8228b8e8733f8", 0xf, 0x4080, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) socket$can_raw(0x1d, 0x3, 0x1) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 403.432174] copy_mnt_ns+0x112/0x8a0 [ 403.436668] ? copy_namespaces+0x112/0x310 [ 403.440906] ? cap_capable+0x1c4/0x230 [ 403.444811] create_new_namespaces+0xc9/0x730 [ 403.449317] ? security_capable+0x88/0xb0 [ 403.453477] copy_namespaces+0x27b/0x310 [ 403.457545] copy_process.part.0+0x2603/0x6a70 [ 403.462138] ? get_pid_task+0xb8/0x130 [ 403.466029] ? save_trace+0x290/0x290 [ 403.469835] ? __lock_is_held+0xad/0x140 [ 403.473910] ? __cleanup_sighand+0x40/0x40 [ 403.478148] ? lock_downgrade+0x6e0/0x6e0 [ 403.482296] _do_fork+0x180/0xc80 [ 403.485733] ? fork_idle+0x270/0x270 [ 403.489427] ? fput+0xb/0x140 [ 403.492517] ? SyS_write+0x14d/0x210 [ 403.496213] ? SyS_read+0x210/0x210 [ 403.499839] ? SyS_clock_settime+0x1a0/0x1a0 [ 403.504231] ? do_syscall_64+0x4c/0x640 [ 403.508246] ? sys_vfork+0x20/0x20 [ 403.511773] do_syscall_64+0x1d5/0x640 [ 403.515657] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 403.520844] RIP: 0033:0x45c849 [ 403.524018] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 03:35:54 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:54 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 403.531716] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 403.538983] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 403.546240] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 403.553521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 403.560788] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000001a 03:35:54 executing program 3 (fault-call:8 fault-nth:52): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 403.682466] NOHZ: local_softirq_pending 08 [ 403.713117] FAULT_INJECTION: forcing a failure. [ 403.713117] name failslab, interval 1, probability 0, space 0, times 0 [ 403.724702] CPU: 1 PID: 15601 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 403.732606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 403.742053] Call Trace: [ 403.744648] dump_stack+0x13e/0x194 [ 403.748268] should_fail.cold+0x10a/0x14b [ 403.752407] should_failslab+0xd6/0x130 [ 403.756372] kmem_cache_alloc_trace+0x2db/0x7b0 [ 403.761035] ? kmem_cache_alloc+0x604/0x770 [ 403.765350] ? retire_userns_sysctls+0x80/0x80 [ 403.769915] copy_pid_ns+0x1f8/0xa70 [ 403.773612] ? copy_ipcs+0x2c4/0x3e0 [ 403.777323] create_new_namespaces+0x25f/0x730 [ 403.781910] copy_namespaces+0x27b/0x310 [ 403.785964] copy_process.part.0+0x2603/0x6a70 [ 403.790543] ? get_pid_task+0xb8/0x130 [ 403.794433] ? save_trace+0x290/0x290 [ 403.798228] ? __lock_is_held+0xad/0x140 [ 403.802300] ? __cleanup_sighand+0x40/0x40 [ 403.806532] ? lock_downgrade+0x6e0/0x6e0 [ 403.810680] _do_fork+0x180/0xc80 [ 403.814123] ? fork_idle+0x270/0x270 [ 403.817820] ? fput+0xb/0x140 [ 403.821002] ? SyS_write+0x14d/0x210 [ 403.824714] ? SyS_read+0x210/0x210 [ 403.828335] ? SyS_clock_settime+0x1a0/0x1a0 [ 403.832729] ? do_syscall_64+0x4c/0x640 [ 403.836698] ? sys_vfork+0x20/0x20 [ 403.840229] do_syscall_64+0x1d5/0x640 [ 403.844120] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 403.849297] RIP: 0033:0x45c849 [ 403.852473] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 03:35:55 executing program 2 (fault-call:9 fault-nth:53): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 403.860173] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 403.867436] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 403.874918] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 403.882702] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 403.889967] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000034 03:35:55 executing program 0 (fault-call:10 fault-nth:27): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 404.047155] FAULT_INJECTION: forcing a failure. [ 404.047155] name failslab, interval 1, probability 0, space 0, times 0 [ 404.058687] CPU: 0 PID: 15610 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 404.066580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 404.075941] Call Trace: [ 404.078547] dump_stack+0x13e/0x194 [ 404.082194] should_fail.cold+0x10a/0x14b [ 404.086359] should_failslab+0xd6/0x130 [ 404.090340] kmem_cache_alloc+0x2b5/0x770 [ 404.094497] ? __lockdep_init_map+0x100/0x560 [ 404.099005] ? copy_pid_ns+0x4c/0xa70 [ 404.102815] alloc_pid+0x5a/0xc40 [ 404.106277] ? create_new_namespaces+0x3ab/0x730 [ 404.111037] ? memcpy+0x35/0x50 [ 404.114327] ? copy_thread_tls+0x3c2/0x7a0 [ 404.118572] copy_process.part.0+0x272f/0x6a70 [ 404.123169] ? get_pid_task+0xb8/0x130 [ 404.127066] ? save_trace+0x290/0x290 [ 404.131304] ? __lock_is_held+0xad/0x140 [ 404.135379] ? __cleanup_sighand+0x40/0x40 [ 404.139618] ? lock_downgrade+0x6e0/0x6e0 [ 404.143776] _do_fork+0x180/0xc80 [ 404.151868] ? fork_idle+0x270/0x270 [ 404.155587] ? fput+0xb/0x140 [ 404.158697] ? SyS_write+0x14d/0x210 [ 404.162414] ? SyS_read+0x210/0x210 [ 404.166051] ? SyS_clock_settime+0x1a0/0x1a0 [ 404.170465] ? do_syscall_64+0x4c/0x640 [ 404.174441] ? sys_vfork+0x20/0x20 [ 404.177990] do_syscall_64+0x1d5/0x640 [ 404.181889] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 404.187078] RIP: 0033:0x45c849 [ 404.190277] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 404.197986] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 404.205259] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 404.212532] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 404.219825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 404.227794] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000035 [ 404.304597] FAULT_INJECTION: forcing a failure. [ 404.304597] name failslab, interval 1, probability 0, space 0, times 0 [ 404.315979] CPU: 0 PID: 15614 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 404.323868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 404.333832] Call Trace: [ 404.336428] dump_stack+0x13e/0x194 [ 404.340072] should_fail.cold+0x10a/0x14b [ 404.344236] should_failslab+0xd6/0x130 [ 404.348223] __kmalloc_track_caller+0x2e1/0x7b0 [ 404.352906] ? kstrdup_const+0x35/0x60 [ 404.356808] ? lock_acquire+0x170/0x3f0 [ 404.360793] ? lock_downgrade+0x6e0/0x6e0 [ 404.364953] kstrdup+0x36/0x70 [ 404.368168] kstrdup_const+0x35/0x60 [ 404.371889] alloc_vfsmnt+0xe0/0x7c0 [ 404.375608] clone_mnt+0x6c/0xf20 [ 404.379068] copy_tree+0x33a/0x860 [ 404.382621] copy_mnt_ns+0x112/0x8a0 [ 404.386430] ? copy_namespaces+0x112/0x310 [ 404.390671] ? cap_capable+0x1c4/0x230 [ 404.394570] create_new_namespaces+0xc9/0x730 [ 404.399069] ? security_capable+0x88/0xb0 [ 404.403227] copy_namespaces+0x27b/0x310 [ 404.407294] copy_process.part.0+0x2603/0x6a70 [ 404.411886] ? get_pid_task+0xb8/0x130 [ 404.415869] ? save_trace+0x290/0x290 [ 404.419677] ? __lock_is_held+0xad/0x140 [ 404.423759] ? __cleanup_sighand+0x40/0x40 [ 404.427998] ? lock_downgrade+0x6e0/0x6e0 [ 404.432165] _do_fork+0x180/0xc80 [ 404.435628] ? fork_idle+0x270/0x270 [ 404.439347] ? fput+0xb/0x140 [ 404.442457] ? SyS_write+0x14d/0x210 [ 404.446174] ? SyS_read+0x210/0x210 [ 404.449804] ? SyS_clock_settime+0x1a0/0x1a0 [ 404.454216] ? do_syscall_64+0x4c/0x640 [ 404.458195] ? sys_vfork+0x20/0x20 [ 404.461738] do_syscall_64+0x1d5/0x640 [ 404.465632] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 404.470824] RIP: 0033:0x45c849 [ 404.474025] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 404.481737] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 404.489432] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 404.496711] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 03:35:55 executing program 4: r0 = add_key(&(0x7f0000000200)='user\x00', &(0x7f0000000240)={'syz', 0x0}, &(0x7f00000002c0)="f6", 0x1, 0xfffffffffffffffe) keyctl$revoke(0x3, r0) add_key(&(0x7f0000000000)='rxrpc\x00', &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, r0) r1 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) add_key$keyring(0x0, &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, r1) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000003d00)=[{{&(0x7f0000000180)=@l2tp={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000000740)=[{&(0x7f0000000340)=""/104, 0x68}, {&(0x7f00000003c0)=""/42, 0x2a}, {&(0x7f0000000400)=""/7, 0x7}, {&(0x7f0000000440)=""/85, 0x55}, {&(0x7f00000004c0)=""/190, 0xbe}, {&(0x7f0000000580)=""/63, 0x3f}, {&(0x7f00000005c0)=""/33, 0x21}, {&(0x7f0000000600)=""/205, 0xcd}, {&(0x7f0000000700)=""/44, 0x2c}], 0x9, &(0x7f0000000800)=""/205, 0xcd}, 0x1}, {{&(0x7f0000000900)=@hci, 0x80, &(0x7f0000000a40)=[{&(0x7f0000000980)=""/183, 0xb7}], 0x1, &(0x7f00000024c0)=""/101, 0x65}, 0x4}, {{&(0x7f0000000b00)=@l2, 0x80, &(0x7f0000001e80)=[{&(0x7f0000000b80)=""/23, 0x17}, {&(0x7f0000000bc0)=""/4096, 0x1000}, {&(0x7f0000001bc0)=""/9, 0x9}, {&(0x7f0000001c00)=""/106, 0x6a}, {&(0x7f0000001c80)=""/140, 0x8c}, {&(0x7f0000001d40)=""/8, 0x8}, {&(0x7f0000001d80)=""/159, 0x9f}, {&(0x7f0000001e40)}], 0x8}, 0x925}, {{&(0x7f0000001f00)=@generic, 0x80, &(0x7f0000001f80), 0x0, &(0x7f0000001fc0)=""/39, 0x27}, 0x8}, {{&(0x7f0000002000)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, &(0x7f00000021c0)=[{&(0x7f0000002080)=""/190, 0xbe}, {&(0x7f0000002140)=""/115, 0x73}], 0x2, &(0x7f0000002200)=""/139, 0x8b}, 0x5}, {{&(0x7f00000022c0)=@ax25={{0x3, @null}, [@rose, @null, @rose, @netrom, @remote, @netrom, @remote, @bcast]}, 0x80, &(0x7f0000002340), 0x0, &(0x7f0000002380)=""/165, 0xa5}, 0x8}, {{&(0x7f0000002440)=@un=@abs, 0x80, &(0x7f0000003880), 0x0, &(0x7f0000003900)=""/250, 0xfa}, 0xc12}, {{&(0x7f0000003a00), 0x80, &(0x7f0000003c40)=[{&(0x7f0000003a80)=""/193, 0xc1}, {&(0x7f0000003b80)=""/139, 0x8b}], 0x2, &(0x7f0000003c80)=""/66, 0x42}, 0x4}], 0x8, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) keyctl$join(0x1, 0x0) fcntl$setpipe(r4, 0x407, 0x0) vmsplice(r3, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:55 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:55 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:55 executing program 3 (fault-call:8 fault-nth:53): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 404.503988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 404.511266] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000001b [ 404.637835] FAULT_INJECTION: forcing a failure. [ 404.637835] name failslab, interval 1, probability 0, space 0, times 0 [ 404.652405] CPU: 0 PID: 15629 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 404.660500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 404.669854] Call Trace: [ 404.672448] dump_stack+0x13e/0x194 [ 404.676151] should_fail.cold+0x10a/0x14b [ 404.680297] should_failslab+0xd6/0x130 [ 404.684262] kmem_cache_alloc+0x2b5/0x770 [ 404.688395] ? __lockdep_init_map+0x100/0x560 [ 404.692965] ? copy_pid_ns+0x4c/0xa70 [ 404.696779] alloc_pid+0x5a/0xc40 [ 404.700245] ? create_new_namespaces+0x3ab/0x730 [ 404.704999] ? memcpy+0x35/0x50 [ 404.708276] ? copy_thread_tls+0x3c2/0x7a0 [ 404.712506] copy_process.part.0+0x272f/0x6a70 [ 404.717076] ? get_pid_task+0xb8/0x130 [ 404.720953] ? save_trace+0x290/0x290 [ 404.724797] ? __lock_is_held+0xad/0x140 [ 404.728851] ? __cleanup_sighand+0x40/0x40 [ 404.733071] ? lock_downgrade+0x6e0/0x6e0 [ 404.737213] _do_fork+0x180/0xc80 [ 404.740654] ? fork_idle+0x270/0x270 [ 404.744365] ? fput+0xb/0x140 [ 404.747469] ? SyS_write+0x14d/0x210 [ 404.751280] ? SyS_read+0x210/0x210 [ 404.754906] ? SyS_clock_settime+0x1a0/0x1a0 [ 404.759314] ? do_syscall_64+0x4c/0x640 [ 404.763283] ? sys_vfork+0x20/0x20 [ 404.766834] do_syscall_64+0x1d5/0x640 [ 404.770722] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 404.775896] RIP: 0033:0x45c849 [ 404.779068] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 03:35:55 executing program 2 (fault-call:9 fault-nth:54): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 404.786773] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 404.794026] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 404.801280] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 404.808531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 404.815787] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000035 [ 404.952494] FAULT_INJECTION: forcing a failure. [ 404.952494] name failslab, interval 1, probability 0, space 0, times 0 [ 404.964498] CPU: 1 PID: 15639 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 404.972394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 404.980449] NOHZ: local_softirq_pending 08 [ 404.981746] Call Trace: [ 404.988563] dump_stack+0x13e/0x194 [ 404.992212] should_fail.cold+0x10a/0x14b [ 404.996368] should_failslab+0xd6/0x130 [ 405.000522] kmem_cache_alloc+0x2b5/0x770 [ 405.004684] alloc_vfsmnt+0x23/0x7c0 [ 405.008408] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 405.013864] vfs_kern_mount.part.0+0x27/0x3c0 [ 405.018360] ? kmem_cache_alloc+0x604/0x770 [ 405.022690] kern_mount_data+0x51/0xb0 [ 405.026587] pid_ns_prepare_proc+0x1a/0x80 [ 405.030825] alloc_pid+0x9be/0xc40 [ 405.034378] copy_process.part.0+0x272f/0x6a70 [ 405.038965] ? get_pid_task+0xb8/0x130 [ 405.042858] ? save_trace+0x290/0x290 [ 405.046671] ? __lock_is_held+0xad/0x140 03:35:56 executing program 0 (fault-call:10 fault-nth:28): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 405.050746] ? __cleanup_sighand+0x40/0x40 [ 405.054986] ? lock_downgrade+0x6e0/0x6e0 [ 405.059156] _do_fork+0x180/0xc80 [ 405.062756] ? fork_idle+0x270/0x270 [ 405.066506] ? fput+0xb/0x140 [ 405.074395] ? SyS_write+0x14d/0x210 [ 405.078208] ? SyS_read+0x210/0x210 [ 405.081842] ? SyS_clock_settime+0x1a0/0x1a0 [ 405.086255] ? do_syscall_64+0x4c/0x640 [ 405.090233] ? sys_vfork+0x20/0x20 [ 405.093776] do_syscall_64+0x1d5/0x640 [ 405.097671] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 405.102891] RIP: 0033:0x45c849 [ 405.106082] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 405.113805] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 405.121081] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 405.128786] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 405.136055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 405.143328] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000036 [ 405.212350] FAULT_INJECTION: forcing a failure. [ 405.212350] name failslab, interval 1, probability 0, space 0, times 0 [ 405.223809] CPU: 1 PID: 15643 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 405.231701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 405.241062] Call Trace: [ 405.243663] dump_stack+0x13e/0x194 [ 405.247305] should_fail.cold+0x10a/0x14b [ 405.251477] should_failslab+0xd6/0x130 [ 405.255458] kmem_cache_alloc+0x2b5/0x770 [ 405.259616] ? find_held_lock+0x2d/0x110 [ 405.263685] ? copy_tree+0x4a0/0x860 [ 405.267407] alloc_vfsmnt+0x23/0x7c0 [ 405.271125] clone_mnt+0x6c/0xf20 [ 405.274623] copy_tree+0x33a/0x860 [ 405.278202] copy_mnt_ns+0x112/0x8a0 [ 405.281950] ? copy_namespaces+0x112/0x310 [ 405.286189] ? cap_capable+0x1c4/0x230 [ 405.290088] create_new_namespaces+0xc9/0x730 [ 405.294588] ? security_capable+0x88/0xb0 [ 405.298744] copy_namespaces+0x27b/0x310 [ 405.302820] copy_process.part.0+0x2603/0x6a70 [ 405.307417] ? get_pid_task+0xb8/0x130 [ 405.311314] ? save_trace+0x290/0x290 [ 405.315121] ? __lock_is_held+0xad/0x140 [ 405.319198] ? __cleanup_sighand+0x40/0x40 [ 405.323449] ? lock_downgrade+0x6e0/0x6e0 [ 405.327611] _do_fork+0x180/0xc80 [ 405.331072] ? fork_idle+0x270/0x270 [ 405.334830] ? fput+0xb/0x140 [ 405.337940] ? SyS_write+0x14d/0x210 [ 405.341659] ? SyS_read+0x210/0x210 [ 405.345296] ? SyS_clock_settime+0x1a0/0x1a0 [ 405.349718] ? do_syscall_64+0x4c/0x640 [ 405.353706] ? sys_vfork+0x20/0x20 [ 405.357254] do_syscall_64+0x1d5/0x640 [ 405.361158] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 405.366352] RIP: 0033:0x45c849 [ 405.369552] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 405.377274] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 405.384551] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 405.391831] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 405.399107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 03:35:56 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:56 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 405.406379] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000001c 03:35:56 executing program 3 (fault-call:8 fault-nth:54): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:56 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_AUDOUT(r1, 0x80345631, &(0x7f0000000000)) [ 405.579510] FAULT_INJECTION: forcing a failure. [ 405.579510] name failslab, interval 1, probability 0, space 0, times 0 [ 405.590843] CPU: 1 PID: 15664 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 405.598739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 405.608099] Call Trace: [ 405.610701] dump_stack+0x13e/0x194 [ 405.614351] should_fail.cold+0x10a/0x14b [ 405.618511] should_failslab+0xd6/0x130 [ 405.622522] kmem_cache_alloc+0x2b5/0x770 [ 405.626678] ? __lockdep_init_map+0x100/0x560 [ 405.631177] ? copy_pid_ns+0x4c/0xa70 [ 405.634991] alloc_pid+0x5a/0xc40 [ 405.638449] ? create_new_namespaces+0x3ab/0x730 [ 405.643207] ? memcpy+0x35/0x50 [ 405.646492] ? copy_thread_tls+0x3c2/0x7a0 [ 405.650742] copy_process.part.0+0x272f/0x6a70 [ 405.655336] ? get_pid_task+0xb8/0x130 [ 405.659227] ? save_trace+0x290/0x290 [ 405.663036] ? __lock_is_held+0xad/0x140 [ 405.667108] ? __cleanup_sighand+0x40/0x40 [ 405.671346] ? lock_downgrade+0x6e0/0x6e0 [ 405.675505] _do_fork+0x180/0xc80 [ 405.678963] ? fork_idle+0x270/0x270 [ 405.682681] ? fput+0xb/0x140 [ 405.685792] ? SyS_write+0x14d/0x210 [ 405.689512] ? SyS_read+0x210/0x210 [ 405.693228] ? SyS_clock_settime+0x1a0/0x1a0 [ 405.697655] ? do_syscall_64+0x4c/0x640 [ 405.701634] ? sys_vfork+0x20/0x20 [ 405.705180] do_syscall_64+0x1d5/0x640 [ 405.709080] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 405.714452] RIP: 0033:0x45c849 [ 405.717748] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 03:35:56 executing program 2 (fault-call:9 fault-nth:55): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 405.725462] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 405.732749] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 405.740023] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 405.747301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 405.754575] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000036 [ 405.904855] FAULT_INJECTION: forcing a failure. [ 405.904855] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 405.916800] CPU: 1 PID: 15673 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 405.924786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 405.934144] Call Trace: [ 405.936745] dump_stack+0x13e/0x194 [ 405.940408] should_fail.cold+0x10a/0x14b [ 405.944570] __alloc_pages_nodemask+0x1bf/0x700 [ 405.949251] ? rcu_read_lock_sched_held+0x10a/0x130 [ 405.954289] ? __alloc_pages_slowpath+0x26c0/0x26c0 [ 405.959325] alloc_pages_current+0xe7/0x1e0 [ 405.963657] ? __lockdep_init_map+0x100/0x560 [ 405.968164] __get_free_pages+0xb/0x40 [ 405.972146] mount_fs+0x1c7/0x2a0 [ 405.975606] vfs_kern_mount.part.0+0x5b/0x3c0 [ 405.980103] ? kmem_cache_alloc+0x604/0x770 [ 405.984430] kern_mount_data+0x51/0xb0 [ 405.988322] pid_ns_prepare_proc+0x1a/0x80 [ 405.992671] alloc_pid+0x9be/0xc40 [ 405.996228] copy_process.part.0+0x272f/0x6a70 [ 406.000931] ? get_pid_task+0xb8/0x130 [ 406.004825] ? save_trace+0x290/0x290 [ 406.008631] ? __lock_is_held+0xad/0x140 [ 406.012705] ? __cleanup_sighand+0x40/0x40 [ 406.016949] ? lock_downgrade+0x6e0/0x6e0 [ 406.021108] _do_fork+0x180/0xc80 [ 406.024570] ? fork_idle+0x270/0x270 [ 406.028289] ? fput+0xb/0x140 [ 406.031400] ? SyS_write+0x14d/0x210 [ 406.035117] ? SyS_read+0x210/0x210 [ 406.038749] ? SyS_clock_settime+0x1a0/0x1a0 [ 406.043165] ? do_syscall_64+0x4c/0x640 [ 406.047146] ? sys_vfork+0x20/0x20 [ 406.050694] do_syscall_64+0x1d5/0x640 [ 406.054591] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 406.059781] RIP: 0033:0x45c849 [ 406.062968] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 406.070692] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 406.077967] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 406.085237] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 406.092510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 03:35:57 executing program 0 (fault-call:10 fault-nth:29): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 406.099789] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000037 [ 406.201410] FAULT_INJECTION: forcing a failure. [ 406.201410] name failslab, interval 1, probability 0, space 0, times 0 [ 406.212927] CPU: 0 PID: 15677 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 406.220820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 406.230269] Call Trace: [ 406.232869] dump_stack+0x13e/0x194 [ 406.236512] should_fail.cold+0x10a/0x14b [ 406.240676] should_failslab+0xd6/0x130 [ 406.244665] __kmalloc_track_caller+0x2e1/0x7b0 [ 406.249354] ? kstrdup_const+0x35/0x60 [ 406.253254] ? lock_acquire+0x170/0x3f0 [ 406.257245] ? lock_downgrade+0x6e0/0x6e0 [ 406.261406] kstrdup+0x36/0x70 [ 406.264608] kstrdup_const+0x35/0x60 [ 406.268334] alloc_vfsmnt+0xe0/0x7c0 [ 406.272055] clone_mnt+0x6c/0xf20 [ 406.275555] copy_tree+0x33a/0x860 [ 406.279127] copy_mnt_ns+0x112/0x8a0 [ 406.282855] ? copy_namespaces+0x112/0x310 [ 406.287206] ? cap_capable+0x1c4/0x230 [ 406.291103] create_new_namespaces+0xc9/0x730 [ 406.295608] ? security_capable+0x88/0xb0 [ 406.299766] copy_namespaces+0x27b/0x310 [ 406.303838] copy_process.part.0+0x2603/0x6a70 [ 406.308439] ? get_pid_task+0xb8/0x130 [ 406.312338] ? save_trace+0x290/0x290 [ 406.316152] ? __lock_is_held+0xad/0x140 [ 406.320359] ? __cleanup_sighand+0x40/0x40 [ 406.324617] ? lock_downgrade+0x6e0/0x6e0 [ 406.328792] _do_fork+0x180/0xc80 [ 406.332260] ? fork_idle+0x270/0x270 [ 406.335983] ? fput+0xb/0x140 [ 406.339098] ? SyS_write+0x14d/0x210 [ 406.342819] ? SyS_read+0x210/0x210 [ 406.346453] ? SyS_clock_settime+0x1a0/0x1a0 [ 406.350978] ? do_syscall_64+0x4c/0x640 [ 406.355071] ? sys_vfork+0x20/0x20 [ 406.358622] do_syscall_64+0x1d5/0x640 [ 406.362523] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 406.367715] RIP: 0033:0x45c849 [ 406.370903] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 406.378728] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 406.386118] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 406.393399] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 03:35:57 executing program 3 (fault-call:8 fault-nth:55): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:57 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, 0x0, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:57 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 406.400675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 406.407975] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000001d 03:35:57 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r5, 0xc4c85512, &(0x7f0000000480)={{0x1, 0x3, 0x827, 0x0, '\x00', 0x5}, 0x1, [0x1, 0x4190, 0x3b9, 0x0, 0x5, 0xdee, 0x100000001, 0x2, 0x2, 0x9, 0x0, 0x7f, 0x8000, 0x1f, 0x8, 0x1, 0xce38, 0x5, 0x0, 0x5, 0x3cbb, 0x2, 0x3, 0x7, 0x0, 0x10000, 0x3, 0xd285, 0xfc, 0x0, 0xef34, 0x642, 0x7, 0x80000000, 0x101, 0x7, 0x0, 0x42bb, 0x400, 0x401, 0x4, 0x5, 0x4, 0xcff, 0x7, 0x62, 0x7, 0x3, 0x6, 0x7fffffff, 0x7fffffff, 0x8, 0x1d, 0x101, 0xfffffffffffff0c6, 0x9, 0xfffffffffffeffff, 0x80000001, 0x3, 0x100, 0xff, 0x7fffffff, 0x8, 0x8000, 0xce, 0x3, 0x89d, 0x7, 0x8, 0x7, 0x349f1a3, 0x8, 0xfffffffffffffffb, 0x2, 0x2, 0x5, 0x0, 0xb50, 0x2, 0x9, 0x4, 0x5, 0x6, 0x7, 0xff, 0x100000001, 0x6, 0x1, 0x800, 0xedb, 0x3e89a502, 0x8ea7, 0x0, 0x9, 0x10001, 0xce, 0x3, 0x1, 0x0, 0x200, 0x2, 0x401, 0x4000000000000000, 0x74, 0x1, 0x40, 0x7, 0x2, 0x5, 0x401, 0xe0, 0x5, 0x80, 0x3, 0x5, 0x4, 0x100000001, 0x1f, 0x3, 0x6, 0x6c, 0x2, 0x0, 0x4, 0xa1, 0xe5e, 0xeb, 0x8]}) [ 406.589623] FAULT_INJECTION: forcing a failure. [ 406.589623] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 406.602368] CPU: 0 PID: 15698 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 406.610262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 406.619631] Call Trace: [ 406.622317] dump_stack+0x13e/0x194 [ 406.625960] should_fail.cold+0x10a/0x14b [ 406.630127] __alloc_pages_nodemask+0x1bf/0x700 [ 406.634816] ? rcu_read_lock_sched_held+0x10a/0x130 [ 406.639846] ? __alloc_pages_slowpath+0x26c0/0x26c0 [ 406.644874] alloc_pages_current+0xe7/0x1e0 [ 406.649238] ? __lockdep_init_map+0x100/0x560 [ 406.653742] __get_free_pages+0xb/0x40 [ 406.657716] mount_fs+0x1c7/0x2a0 [ 406.661166] vfs_kern_mount.part.0+0x5b/0x3c0 [ 406.665649] ? kmem_cache_alloc+0x604/0x770 [ 406.669957] kern_mount_data+0x51/0xb0 [ 406.673844] pid_ns_prepare_proc+0x1a/0x80 [ 406.678075] alloc_pid+0x9be/0xc40 [ 406.681630] copy_process.part.0+0x272f/0x6a70 [ 406.686225] ? get_pid_task+0xb8/0x130 03:35:57 executing program 2 (fault-call:9 fault-nth:56): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 406.690122] ? save_trace+0x290/0x290 [ 406.694186] ? __lock_is_held+0xad/0x140 [ 406.698273] ? __cleanup_sighand+0x40/0x40 [ 406.702514] ? lock_downgrade+0x6e0/0x6e0 [ 406.706677] _do_fork+0x180/0xc80 [ 406.710140] ? fork_idle+0x270/0x270 [ 406.713859] ? fput+0xb/0x140 [ 406.716965] ? SyS_write+0x14d/0x210 [ 406.720681] ? SyS_read+0x210/0x210 [ 406.724315] ? SyS_clock_settime+0x1a0/0x1a0 [ 406.728724] ? do_syscall_64+0x4c/0x640 [ 406.732700] ? sys_vfork+0x20/0x20 [ 406.736243] do_syscall_64+0x1d5/0x640 [ 406.738693] FAULT_INJECTION: forcing a failure. [ 406.738693] name failslab, interval 1, probability 0, space 0, times 0 [ 406.740135] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 406.740144] RIP: 0033:0x45c849 [ 406.740148] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 406.767374] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 406.774639] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 406.781903] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 406.789164] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 406.796423] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000037 [ 406.803698] CPU: 1 PID: 15706 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 406.811587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 406.820942] Call Trace: [ 406.823547] dump_stack+0x13e/0x194 [ 406.827194] should_fail.cold+0x10a/0x14b [ 406.831354] should_failslab+0xd6/0x130 [ 406.835337] kmem_cache_alloc+0x2b5/0x770 [ 406.839500] alloc_vfsmnt+0x23/0x7c0 [ 406.843224] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 406.848684] vfs_kern_mount.part.0+0x27/0x3c0 [ 406.853183] ? kmem_cache_alloc+0x604/0x770 [ 406.857530] kern_mount_data+0x51/0xb0 [ 406.861424] pid_ns_prepare_proc+0x1a/0x80 [ 406.865661] alloc_pid+0x9be/0xc40 [ 406.869313] copy_process.part.0+0x272f/0x6a70 [ 406.873902] ? get_pid_task+0xb8/0x130 [ 406.877797] ? save_trace+0x290/0x290 [ 406.881604] ? __lock_is_held+0xad/0x140 [ 406.885685] ? __cleanup_sighand+0x40/0x40 [ 406.890042] ? lock_downgrade+0x6e0/0x6e0 [ 406.894195] ? retint_kernel+0x2d/0x2d [ 406.898097] _do_fork+0x180/0xc80 [ 406.901596] ? fork_idle+0x270/0x270 [ 406.905329] ? retint_kernel+0x2d/0x2d [ 406.909362] ? do_syscall_64+0x4c/0x640 [ 406.913343] ? sys_vfork+0x20/0x20 [ 406.916900] do_syscall_64+0x1d5/0x640 [ 406.920847] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 406.926070] RIP: 0033:0x45c849 [ 406.929262] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 03:35:58 executing program 0 (fault-call:10 fault-nth:30): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 406.936978] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 406.944246] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 406.951519] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 406.958791] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 406.966063] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000038 [ 407.053095] FAULT_INJECTION: forcing a failure. [ 407.053095] name failslab, interval 1, probability 0, space 0, times 0 [ 407.065359] CPU: 1 PID: 15712 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 407.073252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 407.082787] Call Trace: [ 407.085387] dump_stack+0x13e/0x194 [ 407.089040] should_fail.cold+0x10a/0x14b [ 407.093197] should_failslab+0xd6/0x130 [ 407.097174] kmem_cache_alloc+0x2b5/0x770 [ 407.101340] ? find_held_lock+0x2d/0x110 [ 407.105405] ? copy_tree+0x4a0/0x860 [ 407.109126] alloc_vfsmnt+0x23/0x7c0 [ 407.112846] clone_mnt+0x6c/0xf20 [ 407.116305] copy_tree+0x33a/0x860 [ 407.119857] copy_mnt_ns+0x112/0x8a0 [ 407.123576] ? copy_namespaces+0x112/0x310 [ 407.127811] ? cap_capable+0x1c4/0x230 [ 407.131859] create_new_namespaces+0xc9/0x730 [ 407.136361] ? security_capable+0x88/0xb0 [ 407.140521] copy_namespaces+0x27b/0x310 [ 407.144587] copy_process.part.0+0x2603/0x6a70 [ 407.149180] ? get_pid_task+0xb8/0x130 [ 407.153070] ? save_trace+0x290/0x290 [ 407.156880] ? __lock_is_held+0xad/0x140 [ 407.160956] ? __cleanup_sighand+0x40/0x40 [ 407.165190] ? lock_downgrade+0x6e0/0x6e0 [ 407.169343] _do_fork+0x180/0xc80 [ 407.172803] ? fork_idle+0x270/0x270 [ 407.176517] ? fput+0xb/0x140 [ 407.179619] ? SyS_write+0x14d/0x210 [ 407.183332] ? SyS_read+0x210/0x210 [ 407.186962] ? SyS_clock_settime+0x1a0/0x1a0 [ 407.191374] ? do_syscall_64+0x4c/0x640 [ 407.195353] ? sys_vfork+0x20/0x20 [ 407.198895] do_syscall_64+0x1d5/0x640 [ 407.202791] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 407.208126] RIP: 0033:0x45c849 [ 407.211324] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 407.219031] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 407.226300] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 407.233570] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 407.240835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 407.248106] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000001e 03:35:58 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, 0x0, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:58 executing program 3 (fault-call:8 fault-nth:56): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:58 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:58 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) r2 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) ioctl(r2, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") fcntl$setpipe(r2, 0x407, 0xfffffffffffffffd) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:58 executing program 2 (fault-call:9 fault-nth:57): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 407.478704] FAULT_INJECTION: forcing a failure. [ 407.478704] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 407.491447] CPU: 1 PID: 15730 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 407.499339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 407.508690] Call Trace: [ 407.511287] dump_stack+0x13e/0x194 [ 407.514919] should_fail.cold+0x10a/0x14b [ 407.519072] __alloc_pages_nodemask+0x1bf/0x700 [ 407.523746] ? rcu_read_lock_sched_held+0x10a/0x130 [ 407.528774] ? __alloc_pages_slowpath+0x26c0/0x26c0 [ 407.533808] alloc_pages_current+0xe7/0x1e0 [ 407.538136] ? __lockdep_init_map+0x100/0x560 [ 407.542643] __get_free_pages+0xb/0x40 [ 407.546535] mount_fs+0x1c7/0x2a0 [ 407.550001] vfs_kern_mount.part.0+0x5b/0x3c0 [ 407.554501] ? kmem_cache_alloc+0x604/0x770 [ 407.558832] kern_mount_data+0x51/0xb0 [ 407.562819] pid_ns_prepare_proc+0x1a/0x80 [ 407.567059] alloc_pid+0x9be/0xc40 [ 407.570620] copy_process.part.0+0x272f/0x6a70 [ 407.575229] ? get_pid_task+0xb8/0x130 [ 407.579212] ? save_trace+0x290/0x290 [ 407.583021] ? __lock_is_held+0xad/0x140 [ 407.587096] ? __cleanup_sighand+0x40/0x40 [ 407.591331] ? lock_downgrade+0x6e0/0x6e0 [ 407.595491] _do_fork+0x180/0xc80 [ 407.598957] ? fork_idle+0x270/0x270 [ 407.602680] ? fput+0xb/0x140 [ 407.605789] ? SyS_write+0x14d/0x210 [ 407.609596] ? SyS_read+0x210/0x210 [ 407.613229] ? SyS_clock_settime+0x1a0/0x1a0 [ 407.617638] ? do_syscall_64+0x4c/0x640 [ 407.621619] ? sys_vfork+0x20/0x20 [ 407.625167] do_syscall_64+0x1d5/0x640 [ 407.629070] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 407.634262] RIP: 0033:0x45c849 [ 407.637473] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 407.645187] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 407.652458] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 407.659736] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 407.667008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 407.674279] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000038 03:35:58 executing program 0 (fault-call:10 fault-nth:31): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 407.794068] FAULT_INJECTION: forcing a failure. [ 407.794068] name failslab, interval 1, probability 0, space 0, times 0 [ 407.805522] CPU: 0 PID: 15740 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 407.813426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 407.822788] Call Trace: [ 407.825379] dump_stack+0x13e/0x194 [ 407.829008] should_fail.cold+0x10a/0x14b [ 407.833191] ? proc_get_inode+0x620/0x620 [ 407.837337] should_failslab+0xd6/0x130 [ 407.841322] kmem_cache_alloc_trace+0x2db/0x7b0 [ 407.846110] ? lock_downgrade+0x6e0/0x6e0 [ 407.850273] ? proc_get_inode+0x620/0x620 [ 407.854428] sget_userns+0x102/0xc30 [ 407.858151] ? get_empty_filp.cold+0x47/0x47 [ 407.862568] ? set_anon_super+0x20/0x20 [ 407.866550] ? proc_get_inode+0x620/0x620 [ 407.870701] mount_ns+0x65/0x180 [ 407.874072] mount_fs+0x92/0x2a0 [ 407.877458] vfs_kern_mount.part.0+0x5b/0x3c0 [ 407.881956] ? kmem_cache_alloc+0x604/0x770 [ 407.886289] kern_mount_data+0x51/0xb0 [ 407.890295] pid_ns_prepare_proc+0x1a/0x80 [ 407.894540] alloc_pid+0x9be/0xc40 [ 407.898102] copy_process.part.0+0x272f/0x6a70 [ 407.902700] ? get_pid_task+0xb8/0x130 [ 407.906597] ? save_trace+0x290/0x290 [ 407.910404] ? __lock_is_held+0xad/0x140 [ 407.914484] ? __cleanup_sighand+0x40/0x40 [ 407.918986] ? lock_downgrade+0x6e0/0x6e0 [ 407.923146] _do_fork+0x180/0xc80 [ 407.926612] ? fork_idle+0x270/0x270 [ 407.930339] ? fput+0xb/0x140 [ 407.933447] ? SyS_write+0x14d/0x210 [ 407.937176] ? SyS_read+0x210/0x210 [ 407.940806] ? SyS_clock_settime+0x1a0/0x1a0 [ 407.945304] ? do_syscall_64+0x4c/0x640 [ 407.949288] ? sys_vfork+0x20/0x20 [ 407.952837] do_syscall_64+0x1d5/0x640 [ 407.956738] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 407.961933] RIP: 0033:0x45c849 [ 407.965128] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 407.972838] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 407.980112] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 407.987385] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 407.994660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 408.001936] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000039 [ 408.012011] FAULT_INJECTION: forcing a failure. [ 408.012011] name failslab, interval 1, probability 0, space 0, times 0 [ 408.024284] CPU: 0 PID: 15745 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 408.032180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 408.041538] Call Trace: [ 408.044134] dump_stack+0x13e/0x194 [ 408.047777] should_fail.cold+0x10a/0x14b [ 408.052027] should_failslab+0xd6/0x130 [ 408.056010] __kmalloc_track_caller+0x2e1/0x7b0 [ 408.060698] ? kstrdup_const+0x35/0x60 [ 408.064592] ? lock_acquire+0x170/0x3f0 [ 408.068572] ? lock_downgrade+0x6e0/0x6e0 [ 408.072726] kstrdup+0x36/0x70 [ 408.075928] kstrdup_const+0x35/0x60 [ 408.079673] alloc_vfsmnt+0xe0/0x7c0 [ 408.083394] clone_mnt+0x6c/0xf20 [ 408.086861] copy_tree+0x33a/0x860 [ 408.090414] copy_mnt_ns+0x112/0x8a0 [ 408.094137] ? copy_namespaces+0x112/0x310 [ 408.098378] ? cap_capable+0x1c4/0x230 [ 408.102277] create_new_namespaces+0xc9/0x730 [ 408.106774] ? security_capable+0x88/0xb0 [ 408.110930] copy_namespaces+0x27b/0x310 [ 408.115002] copy_process.part.0+0x2603/0x6a70 [ 408.119598] ? get_pid_task+0xb8/0x130 [ 408.123499] ? save_trace+0x290/0x290 [ 408.127307] ? __lock_is_held+0xad/0x140 [ 408.131506] ? __cleanup_sighand+0x40/0x40 [ 408.135754] ? lock_downgrade+0x6e0/0x6e0 [ 408.139921] _do_fork+0x180/0xc80 [ 408.143387] ? fork_idle+0x270/0x270 [ 408.147118] ? fput+0xb/0x140 [ 408.150236] ? SyS_write+0x14d/0x210 [ 408.153960] ? SyS_read+0x210/0x210 [ 408.157593] ? SyS_clock_settime+0x1a0/0x1a0 [ 408.162009] ? do_syscall_64+0x4c/0x640 [ 408.165988] ? sys_vfork+0x20/0x20 [ 408.169532] do_syscall_64+0x1d5/0x640 [ 408.173427] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 408.178616] RIP: 0033:0x45c849 [ 408.181806] RSP: 002b:00007f0ab658ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 03:35:59 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, 0x0, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 408.189517] RAX: ffffffffffffffda RBX: 00007f0ab658b6d4 RCX: 000000000045c849 [ 408.196792] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 408.204075] RBP: 000000000076c040 R08: ffffffffffffffff R09: 0000000000000000 [ 408.211464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 408.218737] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000001f 03:35:59 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:59 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) sendmsg$NFULNL_MSG_CONFIG(r5, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="24000000010403000000000000000000050000c6e100010001000000fffffeffffffffffa329fb73416e69f3e412514cfafda567ea3b01906f804666f48ff756cc6b425e310e3c8506d8e515f12b10e38244d3b0342dbfd237f4b5fb85218b5638e336e7081b9e8a59a5c23e8ca6c9456a52525ea5e6ec84"], 0x24}, 0x1, 0x0, 0x0, 0x48000}, 0x0) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0xffffffffffffffff, &(0x7f0000000000)={0x38, 0x6, 0x0, 0x3, 0x2, 0xffffffffffffffff, 0x0, 0x0, 0x9}, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = socket$inet_udplite(0x2, 0x2, 0x88) r8 = fcntl$dupfd(r7, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION_VM(r8, 0xae03, 0xbd) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:59 executing program 3 (fault-call:8 fault-nth:57): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 408.403627] FAULT_INJECTION: forcing a failure. [ 408.403627] name failslab, interval 1, probability 0, space 0, times 0 [ 408.415014] CPU: 1 PID: 15763 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 408.422912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 408.432273] Call Trace: [ 408.434875] dump_stack+0x13e/0x194 [ 408.438518] should_fail.cold+0x10a/0x14b [ 408.442674] ? proc_get_inode+0x620/0x620 [ 408.446833] should_failslab+0xd6/0x130 [ 408.450817] kmem_cache_alloc_trace+0x2db/0x7b0 [ 408.455495] ? lock_downgrade+0x6e0/0x6e0 [ 408.459652] ? proc_get_inode+0x620/0x620 [ 408.463806] sget_userns+0x102/0xc30 [ 408.467525] ? get_empty_filp.cold+0x47/0x47 [ 408.472042] ? set_anon_super+0x20/0x20 [ 408.476030] ? proc_get_inode+0x620/0x620 [ 408.480186] mount_ns+0x65/0x180 [ 408.483562] mount_fs+0x92/0x2a0 [ 408.486940] vfs_kern_mount.part.0+0x5b/0x3c0 [ 408.491444] ? kmem_cache_alloc+0x604/0x770 [ 408.495773] kern_mount_data+0x51/0xb0 [ 408.499669] pid_ns_prepare_proc+0x1a/0x80 [ 408.503908] alloc_pid+0x9be/0xc40 [ 408.507464] copy_process.part.0+0x272f/0x6a70 [ 408.512056] ? get_pid_task+0xb8/0x130 [ 408.515949] ? save_trace+0x290/0x290 [ 408.519757] ? __lock_is_held+0xad/0x140 [ 408.523832] ? __cleanup_sighand+0x40/0x40 [ 408.528077] ? lock_downgrade+0x6e0/0x6e0 [ 408.532235] _do_fork+0x180/0xc80 [ 408.535698] ? fork_idle+0x270/0x270 [ 408.539421] ? fput+0xb/0x140 [ 408.542531] ? SyS_write+0x14d/0x210 [ 408.546248] ? SyS_read+0x210/0x210 [ 408.549878] ? SyS_clock_settime+0x1a0/0x1a0 [ 408.554298] ? do_syscall_64+0x4c/0x640 [ 408.558281] ? sys_vfork+0x20/0x20 [ 408.561836] do_syscall_64+0x1d5/0x640 [ 408.565736] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 408.570931] RIP: 0033:0x45c849 [ 408.574564] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 408.582278] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 408.589641] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 408.596933] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 03:35:59 executing program 2 (fault-call:9 fault-nth:58): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:35:59 executing program 0 (fault-call:10 fault-nth:32): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 408.604206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 408.612439] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000039 [ 408.749791] FAULT_INJECTION: forcing a failure. [ 408.749791] name failslab, interval 1, probability 0, space 0, times 0 [ 408.761234] CPU: 0 PID: 15772 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 408.769128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 408.778574] Call Trace: [ 408.781195] dump_stack+0x13e/0x194 [ 408.784837] should_fail.cold+0x10a/0x14b [ 408.788989] ? proc_get_inode+0x620/0x620 [ 408.793142] should_failslab+0xd6/0x130 [ 408.797136] kmem_cache_alloc_trace+0x2db/0x7b0 [ 408.801799] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 408.807232] ? sget_userns+0x102/0xc30 [ 408.811105] ? rcu_read_lock_sched_held+0x10a/0x130 [ 408.816113] ? kmem_cache_alloc_trace+0x63e/0x7b0 [ 408.820943] ? proc_get_inode+0x620/0x620 [ 408.825075] selinux_sb_alloc_security+0x41/0x210 [ 408.829906] security_sb_alloc+0x66/0xa0 [ 408.833956] sget_userns+0x194/0xc30 [ 408.837663] ? get_empty_filp.cold+0x47/0x47 [ 408.842068] ? set_anon_super+0x20/0x20 [ 408.846050] ? proc_get_inode+0x620/0x620 [ 408.850196] mount_ns+0x65/0x180 [ 408.853546] mount_fs+0x92/0x2a0 [ 408.856899] vfs_kern_mount.part.0+0x5b/0x3c0 [ 408.861377] ? kmem_cache_alloc+0x604/0x770 [ 408.865696] kern_mount_data+0x51/0xb0 [ 408.869598] pid_ns_prepare_proc+0x1a/0x80 [ 408.873840] alloc_pid+0x9be/0xc40 [ 408.877393] copy_process.part.0+0x272f/0x6a70 [ 408.881965] ? get_pid_task+0xb8/0x130 [ 408.885861] ? save_trace+0x290/0x290 [ 408.889758] ? __lock_is_held+0xad/0x140 [ 408.893843] ? __cleanup_sighand+0x40/0x40 [ 408.898079] ? lock_downgrade+0x6e0/0x6e0 [ 408.902241] _do_fork+0x180/0xc80 [ 408.905726] ? fork_idle+0x270/0x270 [ 408.909449] ? fput+0xb/0x140 [ 408.912558] ? SyS_write+0x14d/0x210 [ 408.916270] ? SyS_read+0x210/0x210 [ 408.919892] ? SyS_clock_settime+0x1a0/0x1a0 [ 408.924297] ? do_syscall_64+0x4c/0x640 [ 408.928267] ? sys_vfork+0x20/0x20 [ 408.931808] do_syscall_64+0x1d5/0x640 [ 408.935785] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 408.940978] RIP: 0033:0x45c849 [ 408.944166] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 408.951873] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 408.959133] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 408.966400] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 408.973667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 408.980923] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000003a [ 409.001180] FAULT_INJECTION: forcing a failure. [ 409.001180] name failslab, interval 1, probability 0, space 0, times 0 [ 409.012552] CPU: 1 PID: 15774 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 409.020488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 409.029838] Call Trace: [ 409.032427] dump_stack+0x13e/0x194 [ 409.036053] should_fail.cold+0x10a/0x14b [ 409.040195] should_failslab+0xd6/0x130 [ 409.044403] kmem_cache_alloc+0x2b5/0x770 [ 409.048591] ? find_held_lock+0x2d/0x110 [ 409.052655] ? copy_tree+0x4a0/0x860 [ 409.056363] alloc_vfsmnt+0x23/0x7c0 [ 409.060071] clone_mnt+0x6c/0xf20 [ 409.063523] copy_tree+0x33a/0x860 [ 409.067053] copy_mnt_ns+0x112/0x8a0 [ 409.070763] ? copy_namespaces+0x112/0x310 [ 409.074999] ? cap_capable+0x1c4/0x230 [ 409.078888] create_new_namespaces+0xc9/0x730 [ 409.083377] ? security_capable+0x88/0xb0 [ 409.087519] copy_namespaces+0x27b/0x310 [ 409.091575] copy_process.part.0+0x2603/0x6a70 [ 409.096170] ? get_pid_task+0xb8/0x130 [ 409.100049] ? save_trace+0x290/0x290 [ 409.103841] ? __lock_is_held+0xad/0x140 [ 409.107889] ? __cleanup_sighand+0x40/0x40 [ 409.112113] ? lock_downgrade+0x6e0/0x6e0 [ 409.116260] _do_fork+0x180/0xc80 [ 409.119701] ? fork_idle+0x270/0x270 [ 409.123402] ? fput+0xb/0x140 [ 409.126490] ? SyS_write+0x14d/0x210 [ 409.130195] ? SyS_read+0x210/0x210 [ 409.133821] ? SyS_clock_settime+0x1a0/0x1a0 [ 409.138220] ? do_syscall_64+0x4c/0x640 [ 409.142177] ? sys_vfork+0x20/0x20 [ 409.145706] do_syscall_64+0x1d5/0x640 03:36:00 executing program 3 (fault-call:8 fault-nth:58): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:36:00 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:36:00 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 409.149677] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 409.154857] RIP: 0033:0x45c849 [ 409.158052] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 409.165787] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 409.173060] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 409.180417] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 409.187690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 409.194961] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000020 [ 409.302917] FAULT_INJECTION: forcing a failure. [ 409.302917] name failslab, interval 1, probability 0, space 0, times 0 [ 409.314293] CPU: 0 PID: 15787 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 409.322192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 409.331556] Call Trace: [ 409.334267] dump_stack+0x13e/0x194 [ 409.337912] should_fail.cold+0x10a/0x14b [ 409.342072] ? proc_get_inode+0x620/0x620 [ 409.346236] should_failslab+0xd6/0x130 03:36:00 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) r0 = getpid() r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=""/186, 0xba}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) llistxattr(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=""/8, 0x8) vmsplice(r2, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) ioctl$VIDIOC_TRY_EXT_CTRLS(r3, 0xc0205649, &(0x7f0000000100)={0x9f0000, 0x3, 0x5, r3, 0x0, &(0x7f00000000c0)={0x9909ce, 0xbe35, [], @p_u32=&(0x7f0000000040)=0x82}}) r5 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x0, 0x0) sendmsg$IPVS_CMD_NEW_SERVICE(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000480)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01000000000000000000010000000c00018006000100000000001cd89336eeccb0b8a6b5b072e2504dc79f03a40bd4e1d1a60b67a44070a6c477137993b550a0fcf8a2deb12cd831392cb57931f424a40ff82c6c4e2c9f5cba5f4e1c9076741d3e5f071a2441b516e1"], 0x20}, 0x1, 0xa00000000000000}, 0x0) sendmsg$IPVS_CMD_FLUSH(r5, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010029bd7000ffdbdf2511000008000500070000000c0001800800050002000000080005007d0a00000800060002000000"], 0x38}, 0x1, 0x0, 0x0, 0x40}, 0x4004091) r6 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000400)=[@in={0x2, 0x4e21, @local}, @in={0x2, 0x4e24, @loopback}, @in6={0xa, 0x4e20, 0xbbe3, @ipv4={[], [], @rand_addr=0x2607}, 0x9}], 0x3c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7}, 0x20) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r4, 0x84, 0x78, &(0x7f0000000140)=r7, 0x4) sched_setattr(r0, &(0x7f0000000000)={0x38, 0x0, 0xd, 0x5, 0x8, 0x0, 0x5, 0x6, 0x5, 0x5}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 409.350216] kmem_cache_alloc_trace+0x2db/0x7b0 [ 409.354889] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 409.360341] ? sget_userns+0x102/0xc30 [ 409.364232] ? rcu_read_lock_sched_held+0x10a/0x130 [ 409.369250] ? kmem_cache_alloc_trace+0x63e/0x7b0 [ 409.374107] ? proc_get_inode+0x620/0x620 [ 409.379248] selinux_sb_alloc_security+0x41/0x210 [ 409.384139] security_sb_alloc+0x66/0xa0 [ 409.388198] sget_userns+0x194/0xc30 [ 409.391942] ? get_empty_filp.cold+0x47/0x47 [ 409.396336] ? set_anon_super+0x20/0x20 [ 409.400298] ? proc_get_inode+0x620/0x620 [ 409.404429] mount_ns+0x65/0x180 [ 409.407782] mount_fs+0x92/0x2a0 [ 409.411145] vfs_kern_mount.part.0+0x5b/0x3c0 [ 409.415635] ? kmem_cache_alloc+0x604/0x770 [ 409.420040] kern_mount_data+0x51/0xb0 [ 409.423935] pid_ns_prepare_proc+0x1a/0x80 [ 409.428177] alloc_pid+0x9be/0xc40 [ 409.431711] copy_process.part.0+0x272f/0x6a70 [ 409.436288] ? get_pid_task+0xb8/0x130 [ 409.440214] ? save_trace+0x290/0x290 [ 409.444006] ? __lock_is_held+0xad/0x140 [ 409.448076] ? __cleanup_sighand+0x40/0x40 [ 409.452303] ? lock_downgrade+0x6e0/0x6e0 [ 409.456439] _do_fork+0x180/0xc80 [ 409.459883] ? fork_idle+0x270/0x270 [ 409.463585] ? fput+0xb/0x140 [ 409.466690] ? SyS_write+0x14d/0x210 [ 409.470418] ? SyS_read+0x210/0x210 [ 409.474049] ? SyS_clock_settime+0x1a0/0x1a0 [ 409.478444] ? do_syscall_64+0x4c/0x640 [ 409.482414] ? sys_vfork+0x20/0x20 [ 409.485956] do_syscall_64+0x1d5/0x640 [ 409.489843] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 409.495017] RIP: 0033:0x45c849 03:36:00 executing program 0 (fault-call:10 fault-nth:33): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:36:00 executing program 2 (fault-call:9 fault-nth:59): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 409.498195] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 409.505903] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 409.513180] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 409.520451] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 409.527721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 409.534987] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000003a [ 409.582588] FAULT_INJECTION: forcing a failure. [ 409.582588] name failslab, interval 1, probability 0, space 0, times 0 [ 409.594044] CPU: 1 PID: 15798 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 409.601942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 409.611396] Call Trace: [ 409.613998] dump_stack+0x13e/0x194 [ 409.617653] should_fail.cold+0x10a/0x14b [ 409.621824] should_failslab+0xd6/0x130 [ 409.625815] __kmalloc_track_caller+0x2e1/0x7b0 [ 409.630493] ? kstrdup_const+0x35/0x60 [ 409.634394] ? lock_acquire+0x170/0x3f0 [ 409.638383] ? lock_downgrade+0x6e0/0x6e0 [ 409.642548] kstrdup+0x36/0x70 [ 409.645750] kstrdup_const+0x35/0x60 [ 409.649472] alloc_vfsmnt+0xe0/0x7c0 [ 409.653396] clone_mnt+0x6c/0xf20 [ 409.656914] copy_tree+0x33a/0x860 [ 409.660471] copy_mnt_ns+0x112/0x8a0 [ 409.664197] ? copy_namespaces+0x112/0x310 [ 409.668440] ? cap_capable+0x1c4/0x230 [ 409.672334] create_new_namespaces+0xc9/0x730 [ 409.676838] ? security_capable+0x88/0xb0 [ 409.680997] copy_namespaces+0x27b/0x310 [ 409.685066] copy_process.part.0+0x2603/0x6a70 [ 409.689669] ? get_pid_task+0xb8/0x130 [ 409.693562] ? save_trace+0x290/0x290 [ 409.697366] ? __lock_is_held+0xad/0x140 [ 409.701442] ? __cleanup_sighand+0x40/0x40 [ 409.705683] ? lock_downgrade+0x6e0/0x6e0 [ 409.709848] _do_fork+0x180/0xc80 [ 409.713311] ? fork_idle+0x270/0x270 [ 409.717029] ? fput+0xb/0x140 [ 409.720137] ? SyS_write+0x14d/0x210 [ 409.723856] ? SyS_read+0x210/0x210 [ 409.727485] ? SyS_clock_settime+0x1a0/0x1a0 [ 409.731900] ? do_syscall_64+0x4c/0x640 [ 409.736139] ? sys_vfork+0x20/0x20 [ 409.739687] do_syscall_64+0x1d5/0x640 [ 409.743761] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 409.748959] RIP: 0033:0x45c849 [ 409.752147] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 409.759865] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 409.767142] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 409.774414] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 409.781684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 409.788967] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000021 [ 409.912079] FAULT_INJECTION: forcing a failure. [ 409.912079] name failslab, interval 1, probability 0, space 0, times 0 [ 409.923852] CPU: 0 PID: 15804 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 409.931757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 409.941671] Call Trace: [ 409.944269] dump_stack+0x13e/0x194 [ 409.947913] should_fail.cold+0x10a/0x14b [ 409.952160] should_failslab+0xd6/0x130 [ 409.956141] __kmalloc+0x2e9/0x7c0 [ 409.959750] ? __list_lru_init+0x56/0x650 [ 409.963908] ? __list_lru_init+0x67/0x650 [ 409.968070] __list_lru_init+0x67/0x650 [ 409.972060] sget_userns+0x4e4/0xc30 [ 409.975781] ? get_empty_filp.cold+0x47/0x47 [ 409.980201] ? set_anon_super+0x20/0x20 [ 409.984184] ? proc_get_inode+0x620/0x620 [ 409.988341] mount_ns+0x65/0x180 [ 409.991738] mount_fs+0x92/0x2a0 [ 409.995110] vfs_kern_mount.part.0+0x5b/0x3c0 [ 409.999695] ? kmem_cache_alloc+0x604/0x770 [ 410.004024] kern_mount_data+0x51/0xb0 [ 410.007923] pid_ns_prepare_proc+0x1a/0x80 03:36:01 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 410.012163] alloc_pid+0x9be/0xc40 [ 410.015815] copy_process.part.0+0x272f/0x6a70 [ 410.020409] ? get_pid_task+0xb8/0x130 [ 410.024308] ? save_trace+0x290/0x290 [ 410.028118] ? __lock_is_held+0xad/0x140 [ 410.032198] ? __cleanup_sighand+0x40/0x40 [ 410.036463] ? lock_downgrade+0x6e0/0x6e0 [ 410.040728] _do_fork+0x180/0xc80 [ 410.044187] ? fork_idle+0x270/0x270 [ 410.047901] ? fput+0xb/0x140 [ 410.051010] ? SyS_write+0x14d/0x210 [ 410.054724] ? SyS_read+0x210/0x210 [ 410.058356] ? SyS_clock_settime+0x1a0/0x1a0 [ 410.062768] ? do_syscall_64+0x4c/0x640 [ 410.066745] ? sys_vfork+0x20/0x20 [ 410.070292] do_syscall_64+0x1d5/0x640 [ 410.074194] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 410.079384] RIP: 0033:0x45c849 [ 410.082579] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 410.090393] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 410.097671] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 410.104947] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 03:36:01 executing program 3 (fault-call:8 fault-nth:59): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:36:01 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 410.112222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 410.119511] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000003b 03:36:01 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) r3 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) ioctl(r3, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") recvmmsg(r3, &(0x7f0000004ac0)=[{{&(0x7f0000000000)=@can, 0x80, &(0x7f0000000580)=[{&(0x7f00000000c0)=""/219, 0xdb}, {&(0x7f00000001c0)=""/27, 0x1b}, {&(0x7f0000000200)=""/9, 0x9}, {&(0x7f0000000340)=""/153, 0x99}, {&(0x7f0000000240)=""/51, 0x33}, {&(0x7f0000000480)=""/101, 0x65}, {&(0x7f00000002c0)}, {&(0x7f0000000500)=""/78, 0x4e}], 0x8, &(0x7f0000000600)=""/185, 0xb9}}, {{0x0, 0x0, &(0x7f0000001a00)=[{&(0x7f00000006c0)=""/4096, 0x1000}, {&(0x7f00000016c0)=""/237, 0xed}, {&(0x7f0000000400)=""/57, 0x39}, {&(0x7f00000017c0)=""/123, 0x7b}, {&(0x7f0000001840)=""/216, 0xd8}, {&(0x7f0000001940)=""/174, 0xae}, {&(0x7f0000002740)=""/4096, 0x1000}], 0x7, &(0x7f0000001a80)=""/135, 0x87}, 0x200}, {{0x0, 0x0, &(0x7f0000001e80)=[{&(0x7f0000001b40)=""/106, 0x6a}, {&(0x7f0000001bc0)=""/201, 0xc9}, {&(0x7f0000001cc0)=""/190, 0xbe}, {&(0x7f0000001d80)=""/236, 0xec}], 0x4}, 0x200}, {{&(0x7f0000001ec0)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, 0x80, &(0x7f0000002400)=[{&(0x7f0000001f40)=""/231, 0xe7}, {&(0x7f0000002040)=""/198, 0xc6}, {&(0x7f0000002140)=""/182, 0xb6}, {&(0x7f0000003740)=""/4096, 0x1000}, {&(0x7f0000002200)=""/231, 0xe7}, {&(0x7f0000002300)=""/212, 0xd4}], 0x6, &(0x7f0000002540)=""/102, 0x66}, 0xffff}, {{0x0, 0x0, &(0x7f00000025c0), 0x0, &(0x7f0000002600)=""/243, 0xf3}, 0x1000}, {{&(0x7f0000004740)=@generic, 0x80, &(0x7f0000004a40)=[{&(0x7f00000047c0)=""/88, 0x58}, {&(0x7f0000004840)=""/147, 0x93}, {&(0x7f0000004900)=""/200, 0xc8}, {&(0x7f0000004a00)=""/40, 0x28}], 0x4, &(0x7f0000004a80)=""/33, 0x21}, 0x7ff}], 0x6, 0x10000, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 410.261396] FAULT_INJECTION: forcing a failure. [ 410.261396] name failslab, interval 1, probability 0, space 0, times 0 [ 410.272994] CPU: 0 PID: 15821 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 410.281151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 410.290514] Call Trace: [ 410.293122] dump_stack+0x13e/0x194 [ 410.296769] should_fail.cold+0x10a/0x14b [ 410.300938] should_failslab+0xd6/0x130 [ 410.304922] __kmalloc+0x2e9/0x7c0 [ 410.308487] ? __list_lru_init+0x56/0x650 [ 410.312642] ? __list_lru_init+0x67/0x650 [ 410.316808] __list_lru_init+0x67/0x650 [ 410.320835] sget_userns+0x4e4/0xc30 [ 410.324558] ? get_empty_filp.cold+0x47/0x47 [ 410.329242] ? set_anon_super+0x20/0x20 [ 410.333344] ? proc_get_inode+0x620/0x620 [ 410.337506] mount_ns+0x65/0x180 [ 410.341500] mount_fs+0x92/0x2a0 [ 410.344881] vfs_kern_mount.part.0+0x5b/0x3c0 [ 410.349383] ? kmem_cache_alloc+0x604/0x770 [ 410.353727] kern_mount_data+0x51/0xb0 [ 410.357634] pid_ns_prepare_proc+0x1a/0x80 [ 410.361911] alloc_pid+0x9be/0xc40 [ 410.365518] copy_process.part.0+0x272f/0x6a70 [ 410.370119] ? get_pid_task+0xb8/0x130 [ 410.374023] ? save_trace+0x290/0x290 [ 410.377843] ? __lock_is_held+0xad/0x140 [ 410.381928] ? __cleanup_sighand+0x40/0x40 [ 410.386178] ? lock_downgrade+0x6e0/0x6e0 [ 410.390346] _do_fork+0x180/0xc80 [ 410.393820] ? fork_idle+0x270/0x270 [ 410.397542] ? fput+0xb/0x140 [ 410.400653] ? SyS_write+0x14d/0x210 [ 410.404372] ? SyS_read+0x210/0x210 [ 410.408013] ? SyS_clock_settime+0x1a0/0x1a0 [ 410.412431] ? do_syscall_64+0x4c/0x640 [ 410.416417] ? sys_vfork+0x20/0x20 [ 410.419976] do_syscall_64+0x1d5/0x640 [ 410.423874] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 410.429153] RIP: 0033:0x45c849 [ 410.432345] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 410.440062] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 410.447333] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 410.454606] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 03:36:01 executing program 0 (fault-call:10 fault-nth:34): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 410.461882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 410.469154] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000003b 03:36:01 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) fcntl$notify(r0, 0x402, 0x3) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$IPCTNL_MSG_CT_GET(r2, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x15c, 0x1, 0x1, 0x201, 0x0, 0x0, {0x5, 0x0, 0x8}, [@CTA_SEQ_ADJ_ORIG={0x34, 0xf, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x6}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7fffffff}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0xffffffff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x4}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x2}]}, @CTA_PROTOINFO={0x30, 0x4, 0x0, 0x1, @CTA_PROTOINFO_SCTP={0x2c, 0x3, 0x0, 0x1, [@CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x40}, @CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0x79d}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x89}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0xff}, @CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8}]}}, @CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x1}, @CTA_LABELS_MASK={0x14, 0x17, [0x0, 0x1, 0x800, 0x8]}, @CTA_LABELS_MASK={0x24, 0x17, [0x5, 0x2, 0x3, 0x4, 0x1f, 0x1ff, 0x401, 0x0]}, @CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x4}, @CTA_NAT_DST={0x2c, 0xd, 0x0, 0x1, [@CTA_NAT_V6_MAXIP={0x14, 0x5, @mcast1}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @empty}]}, @CTA_TUPLE_ORIG={0x70, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @rand_addr="334b693e4a1d5069d4f5a6435ea06eb1"}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @initdev={0xfe, 0x88, [], 0x1, 0x0}}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x91}}]}]}, 0x15c}, 0x1, 0x0, 0x0, 0x4000010}, 0x4000890) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) vmsplice(r4, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 410.583575] FAULT_INJECTION: forcing a failure. [ 410.583575] name failslab, interval 1, probability 0, space 0, times 0 [ 410.594974] CPU: 0 PID: 15829 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 410.602868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 410.612228] Call Trace: [ 410.614830] dump_stack+0x13e/0x194 [ 410.618472] should_fail.cold+0x10a/0x14b [ 410.622631] should_failslab+0xd6/0x130 [ 410.626624] kmem_cache_alloc+0x2b5/0x770 [ 410.630779] ? find_held_lock+0x2d/0x110 [ 410.634839] ? copy_tree+0x4a0/0x860 [ 410.638558] alloc_vfsmnt+0x23/0x7c0 [ 410.642276] clone_mnt+0x6c/0xf20 [ 410.645828] copy_tree+0x33a/0x860 [ 410.649382] copy_mnt_ns+0x112/0x8a0 [ 410.653103] ? copy_namespaces+0x112/0x310 [ 410.657347] ? cap_capable+0x1c4/0x230 [ 410.661244] create_new_namespaces+0xc9/0x730 [ 410.665740] ? security_capable+0x88/0xb0 [ 410.669900] copy_namespaces+0x27b/0x310 [ 410.673970] copy_process.part.0+0x2603/0x6a70 [ 410.678565] ? get_pid_task+0xb8/0x130 [ 410.682457] ? save_trace+0x290/0x290 [ 410.686439] ? __lock_is_held+0xad/0x140 [ 410.690518] ? __cleanup_sighand+0x40/0x40 [ 410.694771] ? lock_downgrade+0x6e0/0x6e0 [ 410.698927] _do_fork+0x180/0xc80 [ 410.702388] ? fork_idle+0x270/0x270 [ 410.706121] ? fput+0xb/0x140 [ 410.709231] ? SyS_write+0x14d/0x210 [ 410.712950] ? SyS_read+0x210/0x210 [ 410.716587] ? SyS_clock_settime+0x1a0/0x1a0 [ 410.721000] ? do_syscall_64+0x4c/0x640 [ 410.725071] ? sys_vfork+0x20/0x20 [ 410.728619] do_syscall_64+0x1d5/0x640 [ 410.732517] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 410.737707] RIP: 0033:0x45c849 [ 410.740892] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 410.748602] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 410.755871] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 410.763232] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 410.770645] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 03:36:01 executing program 2 (fault-call:9 fault-nth:60): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 410.778007] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000022 [ 410.905790] FAULT_INJECTION: forcing a failure. [ 410.905790] name failslab, interval 1, probability 0, space 0, times 0 [ 410.918643] CPU: 1 PID: 15840 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 410.926539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 410.935956] Call Trace: [ 410.938552] dump_stack+0x13e/0x194 [ 410.942182] should_fail.cold+0x10a/0x14b [ 410.946320] ? proc_get_inode+0x620/0x620 [ 410.950454] should_failslab+0xd6/0x130 [ 410.954429] kmem_cache_alloc_trace+0x2db/0x7b0 [ 410.959107] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 410.964563] ? sget_userns+0x102/0xc30 [ 410.968451] ? rcu_read_lock_sched_held+0x10a/0x130 [ 410.973462] ? kmem_cache_alloc_trace+0x63e/0x7b0 [ 410.978297] ? proc_get_inode+0x620/0x620 [ 410.982435] selinux_sb_alloc_security+0x41/0x210 [ 410.987262] security_sb_alloc+0x66/0xa0 [ 410.991310] sget_userns+0x194/0xc30 [ 410.995004] ? get_empty_filp.cold+0x47/0x47 [ 410.999430] ? set_anon_super+0x20/0x20 [ 411.003398] ? proc_get_inode+0x620/0x620 [ 411.007528] mount_ns+0x65/0x180 [ 411.010876] mount_fs+0x92/0x2a0 [ 411.014284] vfs_kern_mount.part.0+0x5b/0x3c0 [ 411.018778] ? kmem_cache_alloc+0x604/0x770 [ 411.023088] kern_mount_data+0x51/0xb0 [ 411.026962] pid_ns_prepare_proc+0x1a/0x80 [ 411.031189] alloc_pid+0x9be/0xc40 [ 411.034731] copy_process.part.0+0x272f/0x6a70 [ 411.039311] ? get_pid_task+0xb8/0x130 [ 411.043196] ? save_trace+0x290/0x290 [ 411.047002] ? __lock_is_held+0xad/0x140 [ 411.051082] ? __cleanup_sighand+0x40/0x40 [ 411.055322] ? lock_downgrade+0x6e0/0x6e0 [ 411.059489] _do_fork+0x180/0xc80 [ 411.062962] ? fork_idle+0x270/0x270 [ 411.066682] ? fput+0xb/0x140 [ 411.069791] ? SyS_write+0x14d/0x210 [ 411.073509] ? SyS_read+0x210/0x210 [ 411.077159] ? SyS_clock_settime+0x1a0/0x1a0 [ 411.081579] ? do_syscall_64+0x4c/0x640 [ 411.085559] ? sys_vfork+0x20/0x20 [ 411.089116] do_syscall_64+0x1d5/0x640 [ 411.093019] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 411.098213] RIP: 0033:0x45c849 03:36:02 executing program 3 (fault-call:8 fault-nth:60): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:36:02 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:36:02 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 411.101415] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 411.109129] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 411.116401] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 411.123677] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 411.130947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 411.138222] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000003c [ 411.261124] FAULT_INJECTION: forcing a failure. [ 411.261124] name failslab, interval 1, probability 0, space 0, times 0 [ 411.272453] CPU: 1 PID: 15850 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 411.280342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 411.289700] Call Trace: [ 411.292303] dump_stack+0x13e/0x194 [ 411.295947] should_fail.cold+0x10a/0x14b [ 411.300110] should_failslab+0xd6/0x130 [ 411.304093] __kmalloc+0x2e9/0x7c0 [ 411.307730] ? __list_lru_init+0x56/0x650 [ 411.311916] ? __list_lru_init+0x67/0x650 [ 411.316076] __list_lru_init+0x67/0x650 [ 411.320073] sget_userns+0x504/0xc30 [ 411.323795] ? get_empty_filp.cold+0x47/0x47 [ 411.328210] ? set_anon_super+0x20/0x20 [ 411.332193] ? proc_get_inode+0x620/0x620 [ 411.336344] mount_ns+0x65/0x180 [ 411.339716] mount_fs+0x92/0x2a0 [ 411.343092] vfs_kern_mount.part.0+0x5b/0x3c0 [ 411.347588] ? kmem_cache_alloc+0x604/0x770 [ 411.351916] kern_mount_data+0x51/0xb0 [ 411.355810] pid_ns_prepare_proc+0x1a/0x80 [ 411.360076] alloc_pid+0x9be/0xc40 [ 411.363639] copy_process.part.0+0x272f/0x6a70 [ 411.368236] ? get_pid_task+0xb8/0x130 [ 411.372129] ? save_trace+0x290/0x290 [ 411.375935] ? __lock_is_held+0xad/0x140 [ 411.380010] ? __cleanup_sighand+0x40/0x40 [ 411.384254] ? lock_downgrade+0x6e0/0x6e0 [ 411.388424] _do_fork+0x180/0xc80 [ 411.391891] ? fork_idle+0x270/0x270 [ 411.395608] ? fput+0xb/0x140 [ 411.398718] ? SyS_write+0x14d/0x210 [ 411.402445] ? SyS_read+0x210/0x210 [ 411.406075] ? SyS_clock_settime+0x1a0/0x1a0 [ 411.410487] ? do_syscall_64+0x4c/0x640 [ 411.414470] ? sys_vfork+0x20/0x20 [ 411.418017] do_syscall_64+0x1d5/0x640 [ 411.421919] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 411.427111] RIP: 0033:0x45c849 [ 411.430301] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 411.438015] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 411.445291] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 411.452569] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 03:36:02 executing program 0 (fault-call:10 fault-nth:35): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 411.459844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 411.467117] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000003c [ 411.577465] FAULT_INJECTION: forcing a failure. [ 411.577465] name failslab, interval 1, probability 0, space 0, times 0 [ 411.588891] CPU: 0 PID: 15858 Comm: syz-executor.0 Not tainted 4.14.174-syzkaller #0 [ 411.596787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 411.606154] Call Trace: [ 411.608752] dump_stack+0x13e/0x194 [ 411.612394] should_fail.cold+0x10a/0x14b [ 411.616553] should_failslab+0xd6/0x130 [ 411.620538] __kmalloc_track_caller+0x2e1/0x7b0 03:36:02 executing program 2 (fault-call:9 fault-nth:61): add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 411.625214] ? kstrdup_const+0x35/0x60 [ 411.629115] ? lock_acquire+0x170/0x3f0 [ 411.633116] ? lock_downgrade+0x6e0/0x6e0 [ 411.637271] kstrdup+0x36/0x70 [ 411.640469] kstrdup_const+0x35/0x60 [ 411.644192] alloc_vfsmnt+0xe0/0x7c0 [ 411.647913] clone_mnt+0x6c/0xf20 [ 411.651414] copy_tree+0x33a/0x860 [ 411.654969] copy_mnt_ns+0x112/0x8a0 [ 411.658689] ? copy_namespaces+0x112/0x310 [ 411.662930] ? cap_capable+0x1c4/0x230 [ 411.666836] create_new_namespaces+0xc9/0x730 [ 411.671332] ? security_capable+0x88/0xb0 [ 411.675491] copy_namespaces+0x27b/0x310 [ 411.679562] copy_process.part.0+0x2603/0x6a70 [ 411.684156] ? get_pid_task+0xb8/0x130 [ 411.688049] ? save_trace+0x290/0x290 [ 411.691858] ? __lock_is_held+0xad/0x140 [ 411.695940] ? __cleanup_sighand+0x40/0x40 [ 411.700198] ? lock_downgrade+0x6e0/0x6e0 [ 411.704363] _do_fork+0x180/0xc80 [ 411.707826] ? fork_idle+0x270/0x270 [ 411.711543] ? fput+0xb/0x140 [ 411.714654] ? SyS_write+0x14d/0x210 [ 411.718372] ? SyS_read+0x210/0x210 [ 411.722002] ? SyS_clock_settime+0x1a0/0x1a0 [ 411.726416] ? do_syscall_64+0x4c/0x640 [ 411.730405] ? sys_vfork+0x20/0x20 [ 411.733951] do_syscall_64+0x1d5/0x640 [ 411.737850] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 411.743073] RIP: 0033:0x45c849 [ 411.746265] RSP: 002b:00007f0ab65abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 411.753977] RAX: ffffffffffffffda RBX: 00007f0ab65ac6d4 RCX: 000000000045c849 [ 411.761250] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 411.768525] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 03:36:02 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x7}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 411.775801] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 411.783072] R13: 0000000000000074 R14: 00000000004c3103 R15: 0000000000000023 [ 411.931789] FAULT_INJECTION: forcing a failure. [ 411.931789] name failslab, interval 1, probability 0, space 0, times 0 [ 411.943887] CPU: 1 PID: 15870 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 411.951788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 411.961163] Call Trace: [ 411.963767] dump_stack+0x13e/0x194 [ 411.967555] should_fail.cold+0x10a/0x14b [ 411.971718] should_failslab+0xd6/0x130 [ 411.975707] __kmalloc+0x2e9/0x7c0 [ 411.979290] ? register_shrinker+0xb8/0x210 [ 411.984329] ? lock_downgrade+0x6e0/0x6e0 [ 411.988494] register_shrinker+0xb8/0x210 [ 411.993605] sget_userns+0x9c5/0xc30 [ 411.997326] ? get_empty_filp.cold+0x47/0x47 [ 412.001743] ? set_anon_super+0x20/0x20 [ 412.005725] ? proc_get_inode+0x620/0x620 [ 412.009876] mount_ns+0x65/0x180 [ 412.013249] mount_fs+0x92/0x2a0 [ 412.016625] vfs_kern_mount.part.0+0x5b/0x3c0 [ 412.021122] ? kmem_cache_alloc+0x604/0x770 [ 412.025449] kern_mount_data+0x51/0xb0 [ 412.029341] pid_ns_prepare_proc+0x1a/0x80 [ 412.033586] alloc_pid+0x9be/0xc40 [ 412.037144] copy_process.part.0+0x272f/0x6a70 [ 412.041740] ? get_pid_task+0xb8/0x130 [ 412.045632] ? save_trace+0x290/0x290 [ 412.049435] ? __lock_is_held+0xad/0x140 [ 412.053510] ? __cleanup_sighand+0x40/0x40 [ 412.057752] ? lock_downgrade+0x6e0/0x6e0 [ 412.061915] _do_fork+0x180/0xc80 [ 412.065384] ? fork_idle+0x270/0x270 [ 412.069106] ? fput+0xb/0x140 [ 412.072221] ? SyS_write+0x14d/0x210 [ 412.075937] ? SyS_read+0x210/0x210 [ 412.079566] ? SyS_clock_settime+0x1a0/0x1a0 [ 412.083977] ? do_syscall_64+0x4c/0x640 [ 412.087956] ? sys_vfork+0x20/0x20 [ 412.091505] do_syscall_64+0x1d5/0x640 [ 412.095408] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 412.100601] RIP: 0033:0x45c849 [ 412.103790] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 412.111503] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 412.118872] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 03:36:03 executing program 5: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:36:03 executing program 1: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:36:03 executing program 3 (fault-call:8 fault-nth:61): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 412.126143] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 412.133416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 412.140689] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000003d [ 412.210584] ================================================================== [ 412.218873] BUG: KASAN: use-after-free in put_pid_ns+0x75/0x80 [ 412.224855] Read of size 8 at addr ffff888092c5aa38 by task syz-executor.2/15870 [ 412.232389] [ 412.234026] CPU: 0 PID: 15870 Comm: syz-executor.2 Not tainted 4.14.174-syzkaller #0 [ 412.241905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 412.251262] Call Trace: [ 412.253865] dump_stack+0x13e/0x194 [ 412.257505] ? put_pid_ns+0x75/0x80 [ 412.261153] print_address_description.cold+0x7c/0x1e2 [ 412.266438] ? put_pid_ns+0x75/0x80 [ 412.270077] kasan_report.cold+0xa9/0x2ae [ 412.273826] FAULT_INJECTION: forcing a failure. [ 412.273826] name failslab, interval 1, probability 0, space 0, times 0 [ 412.274232] put_pid_ns+0x75/0x80 [ 412.288871] free_nsproxy+0xf7/0x1f0 [ 412.292585] switch_task_namespaces+0x8f/0xb0 [ 412.297080] copy_process.part.0+0x3c67/0x6a70 [ 412.301670] ? get_pid_task+0xb8/0x130 [ 412.305545] ? save_trace+0x290/0x290 [ 412.309336] ? __lock_is_held+0xad/0x140 [ 412.313389] ? __cleanup_sighand+0x40/0x40 [ 412.317610] ? lock_downgrade+0x6e0/0x6e0 [ 412.321762] _do_fork+0x180/0xc80 [ 412.325205] ? fork_idle+0x270/0x270 [ 412.328905] ? fput+0xb/0x140 [ 412.331994] ? SyS_write+0x14d/0x210 [ 412.335696] ? SyS_read+0x210/0x210 [ 412.339310] ? SyS_clock_settime+0x1a0/0x1a0 [ 412.343706] ? do_syscall_64+0x4c/0x640 [ 412.347665] ? sys_vfork+0x20/0x20 [ 412.351193] do_syscall_64+0x1d5/0x640 [ 412.355075] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 412.360252] RIP: 0033:0x45c849 [ 412.363425] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 412.371116] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 412.378371] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 412.385638] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 412.392896] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 412.400150] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000003d [ 412.407505] [ 412.407528] CPU: 1 PID: 15882 Comm: syz-executor.3 Not tainted 4.14.174-syzkaller #0 [ 412.409124] Allocated by task 15870: [ 412.417007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 412.420719] save_stack+0x32/0xa0 [ 412.430056] Call Trace: [ 412.433495] kasan_kmalloc+0xbf/0xe0 [ 412.436063] dump_stack+0x13e/0x194 [ 412.439760] kmem_cache_alloc+0x127/0x770 [ 412.439771] copy_pid_ns+0x1b2/0xa70 [ 412.443398] should_fail.cold+0x10a/0x14b [ 412.447516] create_new_namespaces+0x25f/0x730 [ 412.447525] copy_namespaces+0x27b/0x310 [ 412.451222] should_failslab+0xd6/0x130 [ 412.455342] copy_process.part.0+0x2603/0x6a70 [ 412.455352] _do_fork+0x180/0xc80 [ 412.460023] __kmalloc+0x2e9/0x7c0 [ 412.464074] do_syscall_64+0x1d5/0x640 [ 412.464087] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 412.468052] ? register_shrinker+0xb8/0x210 [ 412.472614] [ 412.476063] ? lock_downgrade+0x6e0/0x6e0 [ 412.479573] Freed by task 0: [ 412.483448] register_shrinker+0xb8/0x210 [ 412.488619] save_stack+0x32/0xa0 [ 412.492928] sget_userns+0x9c5/0xc30 [ 412.494536] kasan_slab_free+0x75/0xc0 [ 412.498664] ? get_empty_filp.cold+0x47/0x47 [ 412.501660] kmem_cache_free+0x7c/0x2b0 [ 412.505792] ? set_anon_super+0x20/0x20 [ 412.509220] rcu_process_callbacks+0x792/0x1190 [ 412.512915] ? proc_get_inode+0x620/0x620 [ 412.516781] __do_softirq+0x254/0x9bf [ 412.521185] mount_ns+0x65/0x180 [ 412.525135] [ 412.529091] mount_fs+0x92/0x2a0 [ 412.533738] The buggy address belongs to the object at ffff888092c5a200 [ 412.533738] which belongs to the cache pid_namespace of size 2264 [ 412.537869] vfs_kern_mount.part.0+0x5b/0x3c0 [ 412.541644] The buggy address is located 2104 bytes inside of [ 412.541644] 2264-byte region [ffff888092c5a200, ffff888092c5aad8) [ 412.544989] ? kmem_cache_alloc+0x604/0x770 [ 412.546591] The buggy address belongs to the page: [ 412.549944] kern_mount_data+0x51/0xb0 [ 412.562846] page:ffffea00024b1680 count:1 mapcount:0 mapping:ffff888092c5a200 index:0xffff888092c5ab58 [ 412.567339] pid_ns_prepare_proc+0x1a/0x80 [ 412.579371] compound_mapcount: 0 [ 412.583688] alloc_pid+0x9be/0xc40 [ 412.588587] flags: 0xfffe0000008100(slab|head) [ 412.592464] copy_process.part.0+0x272f/0x6a70 [ 412.601898] raw: 00fffe0000008100 ffff888092c5a200 ffff888092c5ab58 0000000100000002 [ 412.606124] ? get_pid_task+0xb8/0x130 [ 412.609550] raw: ffffea000153c320 ffffea0001663b20 ffff8880a6466680 0000000000000000 [ 412.613073] ? save_trace+0x290/0x290 [ 412.617628] page dumped because: kasan: bad access detected [ 412.622224] ? __lock_is_held+0xad/0x140 [ 412.630079] [ 412.633970] ? __cleanup_sighand+0x40/0x40 [ 412.641816] Memory state around the buggy address: [ 412.641824] ffff888092c5a900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 412.645604] ? lock_downgrade+0x6e0/0x6e0 [ 412.651361] ffff888092c5a980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 412.655429] _do_fork+0x180/0xc80 [ 412.657040] >ffff888092c5aa00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 412.661270] ? fork_idle+0x270/0x270 [ 412.666167] ^ [ 412.673515] ? fput+0xb/0x140 [ 412.677639] ffff888092c5aa80: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc [ 412.684984] ? SyS_write+0x14d/0x210 [ 412.688412] ffff888092c5ab00: fc fc fc fc fc fc fc fc fc fc fc fb fb fb fb fb [ 412.695775] ? SyS_read+0x210/0x210 [ 412.699567] ================================================================== [ 412.704756] ? SyS_clock_settime+0x1a0/0x1a0 [ 412.707834] Disabling lock debugging due to kernel taint [ 412.715195] ? do_syscall_64+0x4c/0x640 [ 412.719118] Kernel panic - not syncing: panic_on_warn set ... [ 412.719118] [ 412.726247] ? sys_vfork+0x20/0x20 [ 412.761794] do_syscall_64+0x1d5/0x640 [ 412.765682] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 412.770851] RIP: 0033:0x45c849 [ 412.774020] RSP: 002b:00007f0a435ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 412.781707] RAX: ffffffffffffffda RBX: 00007f0a435cd6d4 RCX: 000000000045c849 [ 412.788962] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 412.796224] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 412.803473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 412.810724] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000003d [ 412.817997] CPU: 0 PID: 15870 Comm: syz-executor.2 Tainted: G B 4.14.174-syzkaller #0 [ 412.827091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 412.836447] Call Trace: [ 412.839041] dump_stack+0x13e/0x194 [ 412.842669] panic+0x1f9/0x42d [ 412.845868] ? add_taint.cold+0x16/0x16 [ 412.849856] ? preempt_schedule_common+0x4a/0xc0 [ 412.854617] ? put_pid_ns+0x75/0x80 [ 412.858246] ? ___preempt_schedule+0x16/0x18 [ 412.862660] ? put_pid_ns+0x75/0x80 [ 412.866290] kasan_end_report+0x43/0x49 [ 412.870268] kasan_report.cold+0x12f/0x2ae [ 412.874507] put_pid_ns+0x75/0x80 [ 412.877966] free_nsproxy+0xf7/0x1f0 [ 412.881684] switch_task_namespaces+0x8f/0xb0 [ 412.886188] copy_process.part.0+0x3c67/0x6a70 [ 412.890783] ? get_pid_task+0xb8/0x130 [ 412.894681] ? save_trace+0x290/0x290 [ 412.898489] ? __lock_is_held+0xad/0x140 [ 412.902564] ? __cleanup_sighand+0x40/0x40 [ 412.906809] ? lock_downgrade+0x6e0/0x6e0 03:36:04 executing program 0 (fault-call:10 fault-nth:36): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 412.910979] _do_fork+0x180/0xc80 [ 412.914439] ? fork_idle+0x270/0x270 [ 412.918160] ? fput+0xb/0x140 [ 412.921268] ? SyS_write+0x14d/0x210 [ 412.924988] ? SyS_read+0x210/0x210 [ 412.928620] ? SyS_clock_settime+0x1a0/0x1a0 [ 412.933032] ? do_syscall_64+0x4c/0x640 [ 412.937017] ? sys_vfork+0x20/0x20 [ 412.940565] do_syscall_64+0x1d5/0x640 [ 412.944461] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 412.949652] RIP: 0033:0x45c849 [ 412.952844] RSP: 002b:00007f6efb2eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 03:36:04 executing program 4: add_key$keyring(0x0, &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/173, 0xad}}], 0x1, 0x40000001, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x2}, 0x0) clone(0x30120100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 412.960560] RAX: ffffffffffffffda RBX: 00007f6efb2ef6d4 RCX: 000000000045c849 [ 412.967830] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000030120100 [ 412.975102] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 412.982377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 412.989646] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000000003d [ 412.998224] Kernel Offset: disabled [ 413.001990] Rebooting in 86400 seconds..