84502, &(0x7f0000000040)=""/28) r4 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) r6 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r6) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r7, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r8}, &(0x7f00000002c0)=0x20) 17:52:32 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 3454.432172] BTRFS error (device loop5): superblock checksum mismatch [ 3454.490472] BTRFS error (device loop5): open_ctree failed 17:52:32 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 3454.749394] BTRFS error (device loop5): superblock checksum mismatch [ 3454.790352] BTRFS error (device loop5): open_ctree failed 17:52:32 executing program 5: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 17:52:32 executing program 2: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r2, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r4 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) r6 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r6) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r7, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r8}, &(0x7f00000002c0)=0x20) [ 3454.910503] BTRFS error (device loop5): superblock checksum mismatch 17:52:32 executing program 5: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 3454.960530] BTRFS error (device loop5): open_ctree failed [ 3455.038592] BTRFS error (device loop5): superblock checksum mismatch [ 3455.120166] BTRFS error (device loop5): open_ctree failed 17:52:33 executing program 5: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 17:52:33 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) getpid() r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r2, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r4 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) r6 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r6) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r7, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r8}, &(0x7f00000002c0)=0x20) 17:52:33 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @rand_addr="658d55843adcaae5a8d90f76a87bf065", @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f0000000440)=ANY=[@ANYBLOB="c1de638d0f762201000000b88b2fe3b29b94177fc7c19d5b2761259ee45d49a65974c7ec9f486e48be02d401749ab9e235d323d72ad45789dc84d546762c3459d1ec4caa56db0330db9919a5de3750009f8b9ce30f2bb4055e324637a00a5b4f59ed43b859d1b16fab56355e16448bc363eeda7b9fc733d1a550", @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xffffffffffffffcd) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) [ 3455.209618] BTRFS error (device loop5): superblock checksum mismatch [ 3455.240329] BTRFS error (device loop5): open_ctree failed 17:52:35 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r2 = open(&(0x7f0000000140)='./bus\x00', 0x8000000141142, 0x0) write$evdev(r2, &(0x7f0000000240)=[{{0x77359400}}], 0x389) ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000100)={0x0, 0x0, 0x1000d512, 0xe0b7}) r3 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) r4 = creat(&(0x7f0000000300)='./file0\x00', 0x0) write$P9_RREMOVE(r4, &(0x7f0000000280)={0x282}, 0x567d) ioctl$EXT4_IOC_MOVE_EXT(r3, 0xc028660f, &(0x7f0000000200)={0x0, r4, 0x7}) wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup2(r6, r5) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) flock(r6, 0x4) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) r8 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$DRM_IOCTL_SWITCH_CTX(0xffffffffffffffff, 0x40086424, &(0x7f0000000040)) ioctl$SIOCAX25ADDUID(r8, 0x89e1, 0x0) r9 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r9, 0x89e1, 0x0) ioctl$KVM_SET_CPUID2(r9, 0x4008ae90, &(0x7f0000000380)={0x9, 0x0, [{0x4, 0x7, 0x0, 0x3, 0x9b, 0x3, 0x3}, {0xa99cfba7f682a402, 0xd98, 0x8, 0x2, 0x5, 0x7ff, 0x9}, {0x1a0000004, 0xffffff38, 0xb, 0x1, 0x5ae, 0x1, 0x2}, {0x80000007, 0x8, 0x0, 0x80000001, 0x3, 0x81, 0x3}, {0x80000001, 0x8, 0x2, 0x8000, 0xc00, 0x7, 0x2}, {0x80000019, 0x100, 0x4, 0x200, 0x6, 0x9}, {0x1, 0x5, 0x0, 0x1000, 0xff, 0x5, 0x7}, {0x1, 0x80, 0x2, 0x200, 0x1, 0x20, 0x6b}, {0x2, 0x26614e8c, 0x1, 0xfffff927, 0x0, 0x7}]}) ioctl$SNDRV_TIMER_IOCTL_START(r8, 0x54a0) 17:52:35 executing program 2: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 17:52:35 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r1, 0x89e1, 0x0) ioctl$VIDIOC_OVERLAY(r1, 0x4004560e, &(0x7f0000000140)=0x81) pipe2(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) ioctl$PPPIOCGFLAGS1(r2, 0x8004745a, &(0x7f00000001c0)) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) r3 = getpgrp(r0) ptrace$cont(0x18, r3, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r4 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x4000) ioctl$KVM_IRQ_LINE_STATUS(r4, 0xc008ae67, &(0x7f0000000040)={0x0, 0x6}) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) getsockopt$CAN_RAW_RECV_OWN_MSGS(r4, 0x65, 0x4, &(0x7f0000000200), &(0x7f0000000240)=0x4) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r6, 0x84, 0x4, &(0x7f0000000280), 0x4) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r5, 0x84, 0x4, &(0x7f0000000080), &(0x7f0000000100)=0x4) ptrace$cont(0x9, r0, 0x0, 0x0) 17:52:35 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x80000) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x80000, 0x95) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r5, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r6, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) write(r5, &(0x7f0000000cc0)="d5258ed82f96196b4cb26b9a20111b966fcfd48d0b54a9c119465acb48b0c31300618b560d5012e972ec012f099935be59282c3ca6afeb0d2881f93e7175cdc150e32be7855197bedeb94049be600e49341e47a9d553c1229c24acc29a4bf8f88ebbe75a03e57784b737dd02605e9beced7b02ea39d2f8ea5e67dcfe99a2d310296ed57ab467543314ffe73d643be727502bf6f72d58e06c81ef23ae677d8fe1096347595c50c4bf5a63a85bd749f3e810a329ecea8dbde6fd0f3f48b7c9f4e34aef4278272d60159f540110e99bf6fcae9e6a239052270c5d7c39d8b308535f4db1b4af8a0a19e62085306ddf82c663ba00000000000000000000000000e275e2ac00ea253c41f5173def3859518f58aea064cdf23595a36383a3f4c98d08c19c24f7a0b027170d86c88d8ed05b8ec12834dfd2c25ff1f38c7a83322800b76139172d9b8448a49b4284c300a40b458db9833bfdf52dfe0633538dc2917f8faa9e14f17ab0c564199ab567ac57ef6131d2586a0251772da9c7122167fe081f2369782262d525a93b93cbe1428a1fb53c7e0130bc4f1e8bfa7aff3bb1da9cc063484dee105440d4b154336e8f6c1caf3b91b50bd7e2123f8598e3328e7cb2602578bd571a5520445faa33a8651a4ce7a48efdf0ce79c827ccecb183632dc4eeea2942e53f6aabb22557916cc5b69b7c3c10196c2fc16c07821f0c9cffefe89f2c56eb0a2b0b70fa99fb3fb704670a3dc713af7b2e180581eb1977f852e6694ed800e1a78a918c00"/566, 0xffffffffffffffd9) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r7 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r8 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r8, 0x89e1, 0x0) r9 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r9) r10 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r10, 0x84, 0x6e, &(0x7f0000000640)=[@in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x9, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x1f}, @in6={0xa, 0x4e21, 0x4, @dev={0xfe, 0x80, [], 0x14}, 0xfff}, @in6={0xa, 0x4e23, 0xed4, @dev={0xfe, 0x80, [], 0x1f}}, @in6={0xa, 0x4e21, 0xa7f, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x80}, @in6={0xa, 0x4e20, 0x7ff, @rand_addr="fa8cd31ccd35b6c50bd9572c2df6b3fb", 0x800}, @in6={0xa, 0x4e24, 0xbea, @dev={0xfe, 0x80, [], 0x1c}, 0x1}, @in6={0xa, 0x4e21, 0x6, @remote, 0x80}], 0xfffffffffffffefd) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r10, 0x84, 0x1d, &(0x7f0000000440)=ANY=[@ANYBLOB="c5a8e21cfe13d1b924a042", @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r9, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r8, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r11}, &(0x7f00000002c0)=0x20) 17:52:35 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) getpid() r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r2, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r4 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) r6 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r6) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r7, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r8}, &(0x7f00000002c0)=0x20) 17:52:35 executing program 5: socketpair$unix(0x1, 0x1, 0x0, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 17:52:35 executing program 2: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) getpid() r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r2, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r4 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) r6 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r6) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r7, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r8}, &(0x7f00000002c0)=0x20) 17:52:35 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x4, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$nl_generic(0x10, 0x3, 0x10) pipe2(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84800) write$rfkill(r3, &(0x7f0000000340)={0xfff, 0x8, 0x0, 0x0, 0x1}, 0x8) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r2, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="49443ee68c4b88d624ab3def438602613af27c7393961624e2dacd26283217b3851d0ae470fb47338d492e72b039e55a5a5a26bb57d730950592f008cdfd699c6dbc196973b139f10c87df38209fc403e4991eceb5f12fb8fa570473dae54a0a4a2aa2e170d0913a06d66ada3d3cb06681519a70e99734fb69facfd8a8599b01844ca5cad7ffec7cd5b197083b8e28f34e9ebb667b6a0f96e6467c926b6d1aa27795397eade55741098e0bf78f9e93425898", @ANYRES16=r4, @ANYBLOB="010700000000000000000d00ffff"], 0x14}}, 0x0) r5 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f0000000100)="82432ae2507ca0dbde18053078a68852551c873d21c8e5ffab1bd65c276af61dbca00c9f4f44d4889116e7dc82eae2e560a94c6f797dc055008ab913a38157deb3e316ffa1330aba3de5bb80c049f5d73f2c6aac7ff1ce0d73e7251629a27af50da0700fe3b2ffd56f2d0b63da3bbfc803d6ee83981419f32b9e62b9772ddb5159fa28eb1c259ba3d9d15e0755813421d085c993b87ed4b1e957b4dc049c12f56f77fca40bf52217ddcc0c18fc245bc662d2c7cfe7698d838bd5513420eb"}, {&(0x7f00000001c0)="e3c0e8d04ceb165ca87c52a29b8b3c18b7a141859fbb315b102d2b088997573dd8c04130addcb871175c09ebc5c4f968bde6295e28e4a3dee8205eb58867c7d7018493f012ac54b71c2f8430fd4101a04d3abc46572e772ce7b4759533dedadf8f4639db15688929584277d2b66d2f0cc8ff6830ae62456130bc78f5c8a6d38c11fcfb67b1e8b485918d797b2862a867032a3a78e8878a386ce1bb90a7c207f3e9c89df578775a34cf5b075fdcdf17369a"}, {&(0x7f0000000080)="574efa", 0xffffff50}], 0xe4, 0x1) ptrace$setopts(0x4206, r0, 0x1000000002, 0x8) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$SIOCAX25OPTRT(0xffffffffffffffff, 0x89e7, &(0x7f0000000040)={@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x2, 0x20}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x10, r0, 0x0, 0x0) rmdir(&(0x7f00000002c0)='./file0\x00') [ 3457.159020] BTRFS error (device loop5): superblock checksum mismatch 17:52:35 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) unshare(0x8020000) semget$private(0x0, 0x2, 0x0) r4 = syz_open_procfs$namespace(0x0, &(0x7f0000000140)='ns/ipc\x00') semtimedop(0x0, &(0x7f0000000040)=[{0x0, 0x4, 0x1800}], 0x1, 0x0) setns(r4, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) getsockopt$IP_VS_SO_GET_VERSION(r5, 0x0, 0x480, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r5, 0x40305828, 0x0) write$FUSE_NOTIFY_POLL(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') preadv(r6, &(0x7f0000000480), 0x10000000000002a1, 0x0) ioctl$FS_IOC_FIEMAP(r6, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="0300000000000000010101000000000001000000018000000200000000000000f789000000000000000000000000000000000000040800"/78]) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, 0x0, 0x0) getpid() openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) [ 3457.210182] BTRFS error (device loop5): open_ctree failed 17:52:35 executing program 5: socketpair$unix(0x1, 0x1, 0x0, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 17:52:35 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x10000000000000a2, 0x2) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 3457.308664] BTRFS error (device loop5): superblock checksum mismatch 17:52:35 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r4, 0x89e1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x2400, 0x8) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:52:35 executing program 5: socketpair$unix(0x1, 0x1, 0x0, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 3457.361496] BTRFS error (device loop5): open_ctree failed [ 3457.437733] BTRFS error (device loop5): superblock checksum mismatch 17:52:35 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 3457.480257] BTRFS error (device loop5): open_ctree failed [ 3457.555416] BTRFS error (device loop5): superblock checksum mismatch [ 3457.610340] BTRFS error (device loop5): open_ctree failed 17:52:38 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r1, 0x89e1, 0x0) ioctl$TCGETX(r1, 0x5432, &(0x7f0000000040)) tkill(0xffffffffffffffff, 0xa) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) truncate(&(0x7f0000000000)='./file0\x00', 0x900000000000000) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x1f, r0, 0x0, 0x4) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:52:38 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r2, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r4 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) r6 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r6) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r7, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r8}, &(0x7f00000002c0)=0x20) 17:52:38 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 17:52:38 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f00000001c0)={0x30, 0x1, 0x0, 0x5, 0x3, 0x0, 0xfffffffffffffffc, 0x1}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r6, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r7, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r8, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r9, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r10, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="14000000", @ANYRES16=r11, @ANYBLOB="010700000c000000d9000d00ffad84d96cab34b3668533340d8ffba56fb1956d99214fd241e509000000b1fefe461c69e1724e00095ee98d457fb758fdd0780ce38c47a0bc0244acd08dfcf1b20fab0f2f59f966202467e2246348aab182d6fc779cd88ff1e7a1b1df4b741a430587eac326934f8b7d7a021403edd82ffc38fd12bdb242314645b509b694f96282270992571e658209b9440f26ba31d0e070ef8f7f45c92dd9b2866b9532b9c8023396ce6c1730b88b50670644e85d62920b5114870b64e3334fa4af543bc020efedc96eacbfaa1c3bb83ff019f009262afb96467a4df9a1d52476d964f938afebca61e851426593108ff38ab5c54a9836eac11578ad7b44a36f16c93a3b84692973bf9f5cfc03de96d611c5669a0a3b835772536a38e9"], 0x14}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x10, 0x8031, r10, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r12 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r12, 0x89e1, 0x0) creat(&(0x7f0000000280)='./file0\x00', 0x0) 17:52:38 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 17:52:38 executing program 2: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='\x01\x04\x00\x00\x00\x00\x00\x00-sufdev#\x00', 0x0, 0x860101) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)=ANY=[@ANYBLOB, @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:52:38 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) tkill(r0, 0x23) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 17:52:38 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f289cea2443cfd34da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba010000001e689f7615baf78f08ea33bcb860d6a0b61193d4a1bd622431d42fee5e91539bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0xa400, 0x0) ioctl$EVIOCSABS3F(r1, 0x401845ff, &(0x7f0000000040)={0x6, 0xffff, 0x7, 0xebec, 0x1, 0xf1}) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 3460.177396] BTRFS error (device loop5): superblock checksum mismatch 17:52:38 executing program 4: prctl$PR_GET_TID_ADDRESS(0x28, &(0x7f0000000040)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x80, 0x0) ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000100)={0xd000, 0x100004, 0x7f, 0x7, 0x8000}) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r2 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2) ioctl$UI_SET_FFBIT(r2, 0x4004556b, 0x74) r3 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$EXT4_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000140)=0x80001) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 3460.230722] BTRFS error (device loop5): open_ctree failed 17:52:38 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x100000000000014b, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:52:38 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 17:52:38 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0xa5e484009542ee7b, 0x0) ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000100)={[], 0x81, 0x40, 0x8, 0x2, 0x8, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:52:38 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000440)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r4, 0x423}, 0x1c}}, 0x0) sendmsg$TIPC_CMD_SET_LINK_WINDOW(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x42000481}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)={0x68, r4, 0x0, 0x70bd26, 0x25dfdbff, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0x0, @media='eth\x00'}}}, ["", "", "", "", "", "", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x14}, 0x20000000) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 3460.537662] BTRFS error (device loop5): superblock checksum mismatch [ 3460.620339] BTRFS error (device loop5): open_ctree failed 17:52:38 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 17:52:38 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r2, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r4 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) r6 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r6) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r7, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r8}, &(0x7f00000002c0)=0x20) 17:52:38 executing program 2: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='\x01\x04\x00\x00\x00\x00\x00\x00-sufdev#\x00', 0x0, 0x860101) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)=ANY=[@ANYBLOB, @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:52:38 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(r5, 0x40086200, &(0x7f0000000440)=0x4) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r6 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r6, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r6, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r7 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r7, 0x89e1, 0x0) r8 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r8) r9 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r9, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r9, 0x84, 0x1d, &(0x7f0000000240)=ANY=[@ANYBLOB="010000148c4a573f24905191d22b9422fa", @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r8, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r7, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r10}, &(0x7f00000002c0)=0x20) [ 3461.038315] BTRFS error (device loop5): superblock checksum mismatch 17:52:39 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 3461.120333] BTRFS error (device loop5): open_ctree failed [ 3461.369014] BTRFS error (device loop5): superblock checksum mismatch [ 3461.470347] BTRFS error (device loop5): open_ctree failed 17:52:39 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 3461.583975] BTRFS error (device loop5): superblock checksum mismatch [ 3461.630723] BTRFS error (device loop5): open_ctree failed 17:52:39 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 3461.725790] BTRFS error (device loop5): superblock checksum mismatch [ 3461.770296] BTRFS error (device loop5): open_ctree failed 17:52:39 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) [ 3461.915663] BTRFS error (device loop5): superblock checksum mismatch [ 3461.960626] BTRFS error (device loop5): open_ctree failed 17:52:41 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r0, 0x89e1, 0x0) ioctl$SNDRV_TIMER_IOCTL_GINFO(r0, 0xc0f85403, &(0x7f0000000100)={{0x3, 0x0, 0x1, 0x0, 0x78}, 0x1, 0xffffff81, 'id0\x00', 'timer1\x00', 0x0, 0x6, 0x4, 0x0, 0xffffffff}) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x3c) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, 0x0, 0x0, 0x0) 17:52:41 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 17:52:41 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r2, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r4 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) r6 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r6) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r7, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r8}, &(0x7f00000002c0)=0x20) 17:52:41 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 17:52:41 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)=ANY=[@ANYBLOB="01002000", @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:52:41 executing program 4: openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/create\x00', 0x2, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socket$can_raw(0x1d, 0x3, 0x1) ptrace$cont(0x9, r0, 0x0, 0x0) [ 3463.521246] BTRFS error (device loop5): superblock checksum mismatch [ 3463.561090] BTRFS error (device loop5): open_ctree failed 17:52:41 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 17:52:41 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r4, 0x89e1, 0x0) ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) r5 = semget$private(0x0, 0x8, 0x0) semctl$GETPID(r5, 0x1, 0xb, &(0x7f0000000280)=""/109) semtimedop(r5, &(0x7f0000000040)=[{0x8, 0xe000, 0x800}, {0x4, 0x3, 0x1000}, {0x3, 0x8001, 0x1400}, {0x4, 0x1, 0x1000}, {0x3, 0x1, 0xd4bb083a8c3d966f}, {0x4, 0x3, 0x2000}, {0x3, 0xfff7, 0x2800}], 0x7, &(0x7f0000000080)={0x0, 0x989680}) ptrace$cont(0x18, r0, 0x0, 0x0) setsockopt$inet_sctp_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000100)={0x7, 0x7f, 0x4, 0x0, 0x8e, 0xcd, 0x7f, 0xca, 0x5, 0x4, 0xe}, 0xb) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) r6 = getpid() sched_setattr(r6, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) capget(&(0x7f0000000140)={0x20071026, r6}, &(0x7f0000000180)={0x81, 0x6, 0x4, 0x1, 0x8, 0x1}) 17:52:41 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 17:52:41 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) wait4(r1, 0x0, 0x8, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0x338}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x400000, 0x1) sendfile(r5, r2, &(0x7f0000000100)=0xe7b3, 0x8000) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) sched_getscheduler(r1) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:52:41 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 17:52:41 executing program 2: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 17:52:41 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000040)='/dev/md0\x00', 0x1, 0x0) fdatasync(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = inotify_add_watch(r4, &(0x7f0000000200)='./file0\x00', 0x4) inotify_rm_watch(r4, r5) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(r4, 0x0, 0x44000) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) rt_sigtimedwait(&(0x7f0000000080)={0x4}, &(0x7f0000000100), &(0x7f00000001c0)={r6, r7+10000000}, 0x8) r8 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000240)='/dev/hwrng\x00', 0x2, 0x0) getsockopt$inet6_buf(r8, 0x29, 0x6, &(0x7f0000000380)=""/4096, &(0x7f0000000280)=0x1000) ptrace$cont(0x9, r0, 0x0, 0x0) 17:52:41 executing program 2: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r2, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r4 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) r6 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r6) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r7, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r8}, &(0x7f00000002c0)=0x20) 17:52:42 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 17:52:42 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:52:42 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', 0x0, 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 17:52:44 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', 0x0, 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 17:52:44 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f0000000580)=ANY=[@ANYBLOB="0100005900864023feffffff0100ffff07eec68b3e6bde327f6753e7a2ee287995757a091007a7289d43cf8e58a43d9a55a8b646b42919e3efda098e688eb66487658af5412bf450d9446c1df8cbc39c370da58d71d372ec7f7bcdd161eef354f789c5dd924abd4b435b86ce454ab6b24d49871466ed34a013eca2a0eba65e50bbd899d4bb30ad352ad9a97b6618ff711895250e875860c61c4646c333ff71c4dab3782d82c39a095e975500c979063e3e1ead70b7ec3e43f326f8625735d2322b7caf1e87845e3dc8629e70ddb3", @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:52:44 executing program 2: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r2, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r4 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) r6 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r6) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r7, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r8}, &(0x7f00000002c0)=0x20) 17:52:44 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:52:44 executing program 4: arch_prctl$ARCH_GET_GS(0x1004, &(0x7f0000000000)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) rt_tgsigqueueinfo(r0, r1, 0x1, &(0x7f0000000100)={0x3f, 0x466, 0xfffffffc}) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) ptrace$cont(0x9, r0, 0x6, 0x0) prctl$PR_GET_SECUREBITS(0x1b) 17:52:44 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', 0x0, 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x3, 0x0) 17:52:44 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x3, 0x0) 17:52:44 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x3, 0x0) 17:52:44 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = semget$private(0x0, 0x8, 0x0) semctl$GETPID(r4, 0x1, 0xb, &(0x7f0000000280)=""/109) semctl$GETNCNT(r4, 0x3, 0xe, &(0x7f0000000100)=""/133) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:52:44 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x3, 0x0) 17:52:45 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000040), 0x3, 0x0) 17:52:45 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000040), 0x3, 0x0) 17:52:45 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000040), 0x3, 0x0) 17:52:45 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x10000}], 0x3, 0x0) 17:52:45 executing program 2: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r2, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r4 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) r6 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r6) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r7, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r8}, &(0x7f00000002c0)=0x20) 17:52:45 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:52:47 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x10000}], 0x3, 0x0) 17:52:47 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000003c80)=[{{0x0, 0x0, &(0x7f0000000640), 0x0, &(0x7f0000000680)=""/107, 0x6b}, 0x5}, {{&(0x7f0000000700)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @dev}}, 0x80, &(0x7f0000000880)=[{&(0x7f0000000780)=""/195, 0xc3}], 0x1, &(0x7f00000008c0)=""/181, 0xfffffe90}, 0x6}, {{&(0x7f0000000980)=@ethernet={0x0, @random}, 0x80, &(0x7f0000003b40)=[{&(0x7f0000003d40)=""/4108, 0x1000}, {&(0x7f0000001a00)=""/4096, 0xfffffe64}, {&(0x7f0000002a00)=""/36, 0x24}, {&(0x7f0000002a40)=""/4096, 0xfffffe58}, {&(0x7f0000003a40)=""/210, 0xd2}], 0x5, &(0x7f0000000440)=""/173, 0x9f}, 0x4b49fe74}], 0x3, 0x10022, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @rand_addr="e7a5a68678abec5296e58f280d3f6682", @loopback, 0x0, 0x0, 0x0, 0x0, 0x7, 0x490060}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)={0x0, 0x0, {0x0, 0xfffffffd, 0x200, 0x5d4}}) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r9, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r10, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) r11 = socket$nl_generic(0x10, 0x3, 0x10) r12 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r11, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r12, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) r13 = socket$nl_generic(0x10, 0x3, 0x10) r14 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r13, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r14, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000b00)=ANY=[@ANYRESDEC, @ANYRES64=r10, @ANYRESDEC=r12, @ANYRESDEC, @ANYBLOB="34c1e7070f2a687c76352725f05a79ab37e564422f0b73a73822d48033461f410f4a7d25ee55cebedc11e0c195beea58c7a38f0090303cf008a1de0b668b63d0403a985869ce464fbef6b12b64a1611f135af2696ff7c6e5e1ca95d3a5dcdba69b1f10d70d14967bdfccd9e7242c6fa6962b7f28b27419c916120e42f99eead2bbdee90d88ef0c9f19daf0997e818ff827a863df212414d8686e829ef0f12397e0ab8160e45d530f2f8cdd690e8d", @ANYRES16, @ANYRESHEX=r13, @ANYRES32=r14], &(0x7f00000000c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f}, &(0x7f00000002c0)=0x20) 17:52:47 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:52:47 executing program 2: syz_mount_image$xfs(&(0x7f0000000040)='xfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x10, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000001500)={{{@in6=@dev, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in=@remote}}, &(0x7f0000001600)=0xe8) getsockopt$IP_VS_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x481, &(0x7f0000001740), &(0x7f0000001780)=0xc) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x6, &(0x7f0000001440)=[{&(0x7f0000000100)="3805b903f9c440756b4be46011ccefa770788b4571fd187e0aefd9fd051405d586c6a9df2c576339ec5d792105df72d6028afd5254689dbb70925a3e7cca6ed564c289cf8eb03fec6ea010a5daac34159ba78143d93e0fccd2589f603f9aca913261e1251b5bf9d34ab47d794ddf25161066b92673e6ed105d7e509c34dcdd16a602bdce1e895866f353d372b65dc65abec7158cdb16e371e61b701cc30b1f7e899d401800aadde2bf751290be280cc8ffde4202fe472cafce5c7521bfa044d22d3a345fcd2385118aad26ea205747eb04363a56bc2b42aa76446a4eb18344f6f5deef74fcc0b4c390341ba855683781aea65d0daeeb9cdef407ef50c15954fd7c5594fac4324715b6fa01d2c8fc59fd110b0219b8c398b7dee36621162a4f5389b7fbcf59c092193c19dd7b4c1cfcc1a6b1e05d833c675ca91a84405634b7991a45c3026568f768d3cd852671d3001b92136961228c51172be1d9cd445e3b3185812a3e225fad2db7a5c5a50b1494b386f6a000fb2885be4aa129a1c2726bc46067c2ff90fdd86c3a56f411d4e95bf7ba5bc7ed84182bd4c39f517e30d03b7d46c1c26d15168dd53085e33d75ce8778138ec29c4a462b6f2ff3e1b12eb0f5c3c1d7a234b205da84b0a84a8260645ee60d09feec4607419a93b3ccf4b9aae8e65115c6831abcfd12d82d5cca9ee2862486d0bfefb78927e10f41508ff9ecbe754ca0019624fc0e56f602fb2f88276fc95bf72437f9b410584da747cebac9b3a7157d7ba012970ba99057775c4f80fa4d540adf4d693848a43d948f8216f9439cb5ba94ff55848074cff640c42f42fbf47a60cc946e9d6b86283b886f5055f338204c1663256301bd620f41ea993406abaa10c69b3b3bddb71c91a3cbb910e91a7a30d6cc585f62711bc3c22e8135496e4f5dba17682db949fe949571db43bec0b9442b559dc3049a75d3452b2b65e6d725c7049cab25e35f2dcfe522d73f60badaf5b3ddf743197523ac6c2f9153c7052a7afe151ba015380301457e5e3d7a04e9cad81c759e6e34ee662582528005a6ad66a1a19afd2de42d48491fd6be6110c2c7e9bf9a946be65721d10fb705b4bd538fa3ffde51acddb36c23bbcfccf99c038f56f15a7fc59a067392682601b4b8de4fd338cc554281eefaa629df9477ef2c437fdb0e1dfcd9d9593ce4eb4d7af14212c742eaf262757bbf46011d843f78490f5b91c7b5b32281290d516baa5205432365cf26be1bdfa1c8315714e9878f63a6df205bcd5419d0fa0defe7b6d290cc5a8d5a09bfbc0b8ca004196238ce63b3125f207f5f968c1684bb0644db5e50d323a54ee1efda2f7b4ea18a8a66976b584f0527fb59529a05f374f1376bf3e6b17af6af067d0263174c4e2fa2fc17276ced7a8e13f30c508ff7121967b935345fb0b85c34a17332d43fe555538dfd4b6770d4b7b827d25d691186beee5d36749e84633305c5049ada39d300c0acc97595f5c45505b8d65c85fdee841f2db307a6027b9df99b19594ed3684c130ee806cda4d3edf4c9671bae4ac5450b66b8fdc0eb33366535fe0b1a2ae835d1a9c2c79244a8ec3ef949597777eece288d4d9b6f6e465546d80e00cac9f7c71b1f516882bfc378663168ab37192580d80e36dc9943f34959a37292ae5f7d23e82b52874a6059e2df89348c02cc64335b5e2d49c480a7cebdebe6bec79ff30c5b38147f9cea86cbb1e3ad3d3fbd383bbe9011417c1fea4162d9106f2ba8be2e0220856d1688474e0e68ee1d27da7bd064eb6b66842704e3bbcd3d0be52469ed5d2679ef788b065520393ce905196b10bb396422126c0d80dc9b87002d4f345dfe4e18116951625b771f3b27474669645387b1f4f0930bdff61af1d95dcb7c4dc299329cd17e1ef13b67d007c07356bacc18b4956d6f456deb21ae9564f86a9b036d767bc5aaabcecbd01c562dec39a03b856716563644873eebd6fcc59b32be9b222a512ac660a0d50c7315745c311ec9d0d730b856f88fcda9b356a5dd4205144ffe6320181e0166557c4bebea446871631c959912a244d542feb04b48ce82b79bd6775820126f83710d68e8d5f15fb6ae3d58a202b9ad89ccc34e0670154d24461f75e75c40460fb6f3e1693998a5e4d4b052c7a4e3500dcb747abe2bf4dd08334f1e79e44783425159548fa02aadc9bc774d121ed9e745fa69b737a6a4f57652a5bd71189309d92e368df3a2406bc9f134ca8c5f0168d87982537496760b616baf1ee16b221fd3036a80d16fe4e306f8ce924c8adb5393af99a447a5c9a948ca631c064126fd95be7f17a7eab758f93ae115ff28ddb194cf6bf68f00ecfa4d05fbfc0b1a8c493f14475cf9b41f51ec4e2ad153a664593cee65c1e9dca8442cb1d6a4d48b44ec5935c461a16a224e6bcd4dbe4f534f833765619775d4201611342bafda42ffe13d1e9b76273a17f610053646e59f7658479271d731e09c0c7e0816c017667a20def278fa672bf1ee5c5b22b8b8dba599ea8148a141e75c81d0375bfbb22186c2da42577647235f503c367c149f21b2056e291021f383ac86e6dd3b143799e98bcbf238a87570e26385889322dd5c5af5e2e99e6236b1d1428b4f5f4b52d3ad10d1c797aa2def66daf6ccd23446e54edeec100e4fa43a5d410a80e7471d53dffb8ccf989fbeb3b684e3aded768914c103991dbeac67db48b5a6114b4b67618455d0cff7b23cf8654081fff9ec9017fa826431eda5277601e2eb1eebfc507298a0c10cf625343f97755ce14743141af92f0e07cb295a0c0625bbe2481268fa221b5453bb8f83af755b9b784a81e51ec93dcc141b61115af8b3193b56610d463f4b65baa7e63462fe65dc5638cf1610f647c991491dd7aa30053e5bbe43d1d7dd0bef67cd348b8650cde4edccf50e54655c05d8f2a2bf15a617eb13aed534b19036767c91f8f6e5e262342335de16f04672588e403e198abe06a9a5fe7b7e1da269acd5cb079bce57b5163ca126ef3624bbdb464156d621cd6f0d45eb4c188d69912f46649eefcfe726fd81cdfa65f73a25f6f687d04662a82cd6896b5f8f1d1d9b32cfaab24fa84612a7dbdcd7ab68ca5cce53236b48b203c6ac311eda57b336cd85cfb1bf150c5907dab9b038862bc52b4f5bb03ecbfee9df3fc0fe4d843a188fee8e1f72131164ff5f9df7473b46abb6eabf494a9070a9c2609775569c726809521471141531ace401430ca90771a07b3acb7c90c2dca62b16b3fb0d5a5afd4f7d8ef3ea88f9f99cd38b1a0d96215b147051fe4209ab9c61010f9da6380e36a37ba04f1addd60cb61c21599474ab0ad7c8e853c2d993f2616a4be44d4591112564d088a86a0a791b61cc5eb75624b78ceaf5760ceff74f28ed7238544776f9fefe32bc897936710aa58a5a8a6dca93d8ba406758229c56ce03399605944e8206172e9efc4028c52eb56aab48bbe913ff85d031e06320ead26106262faa59789b2366fe515baf8dfa937e6564c0a59123de941f56f9724e6488c200cd8b662752fae7fb6ef18183cd8c2d368861463eb1acad3a874d5bc70b11aae85ea9bf9b7c86e2728643f5b02bc15983066d96f4cd3a3fb9988a16139702ed405c1b9f11618731f0b1d05952030c5ef60f27548a0b5748b74ef68e1fb57e1c9e8308b83caf672ce082f27e0738da4b9183c5024b02b896026075d58925f1728367dab4f6709270ce8725d7f8cfb7a31afa5d3bd9dab7adee60539a10b7761f0f2f8e3330a6f3b72a01923fc43416b96847a9add2fed7f0d57b9e204e5d1d535f8f3cfd000a544c395e3e05ff8bf23918acf6dbc1db94586db787ff2f6fd3b4e52a665d52bfd450d7ccafbad6010e032d1565cf1553e265bdd472291e9b407eca7df22937c16943330f26e1984ce656bc66c4c68b1d4882b742d19aae5956f78cc6a57fe17080565f8a2f936e6ee6ed8293c6731c6acfa94ebb3946bb5c5ce034dab9a4647a9cecfecfa5e41eee51b225c688e1cb60bd386fbcafba3992c30bac7b4a40e3799977bbcb5f5b8e7e527664d9c9b46f276fb07770f29b4167cf50a12df52e0b9d1729ab179121ba8b69fd1c8ad87a2f303b0e019164cc020f82b2b075545a8b5669ab98765a4d37e443902da651ea47a0f7f2fa33ad2fa1c644b360a055df504d9e260bb252aad66a7f76e7d33a47d5c9f3a80f12f1306769d7d6875e3e070026ab1d01d7c2001a903b316b3b4e1dea3db54b5dc7c3fee2c3744757758b5ecd13859eef360be433c3259a0938488501f101d09b56ab7daf9c867c5b51b447cca34ce77ef86a96c863c4014047afb87e6640b137c3ab1a65cf750c1c2dec3f0f40d1cefaaa6ac6414edbc144f5804ac7420ebb43f842f349a6b05280b02caf34c648b8a7603d3287c6bffa930ec188f19026d4fe082726679f293bd40d996530f509e236ba65a3c603c153570fc4eafb46ddd1c2352ea5b9bc78a95a382aeadcb7612cbfd1ebb6cf0f6e79c2d8cade66e29f21f98f057903b500e113355f8d9aaecdd774ecb2b4677c12d63726a2a0e208e3a1878088dcd0c8dd02ddc18730b76739c13034eaea001f0df2d0e49917e2b8d49a7d5472d2b790b04a61fa6f7ec3ddf4df4cf0068833f87ddc8e00225e5ca4045b1a8d565942501784294635498f563e3a2fda5baa08a1d69f29512c762260fbb99f06f89a059c18a92ba6a5017853b7187ee67d811b74d3a32281fc0192f1a68ea26dd3886181cda63f361eb70c308542ca6ad9db402ffd6db84476b8cd7d4800fa78fbeb8cddbd4bc0388da3f872e6865f2d9c95954e8dabcf9b80b6d0009e589d6f01210023e3f62d10b328649733dca0671a4c930a6f9e6fe219f64b99f0d1e86e8c2449931a1af40c18ae57005a5aec58eb93f7552b64bbddeaceb5095f44486788f31b36ccb3032d54ae3ef9328eb818a2426839c6f98db63cb761f3753a539400ecfa82d1be67253f256d4b636c10d7a2a9b6fa21ddf0b3e4b61fbbcfef12fa1fa84e78acde7de3e073abfbca0f0d6d382dc4c1c7fe58638d0a1382fe4d4d200bc214df775dfd67592c9cce7dfc906106122a41ce83e57ac38f3f2d9e14df41e5604590bb2b18aee0c915189095c5ad52074c871bd6de88bc20a90d01219876e78877c6ab58be6d8c425b1964c7f9650fc44f50dffe9270f10b0a38241e490a4702650b5ba9d8bbda8ff6a1ce98020836426fdbe527ebae5b7b6b735377d4e35b64f3435cef4e9c914ebc9352973225a113ea088ead28b6940a3e7ed45863137f52322191007154421ac3bfeb96fead0a4ff6dd8923c3c7174ff51ccaf4c4e7be5bffe1e32032b7a1186fc320350c3e4bd0fc68fc94963204a6080d6d5cfb1650a55eb6dc351350417e65ec9344dbc4ae8624604ee3041f84c27c8f9c5190964a08f5a1c3a5c0e09445724c442f82370a0be121d14841967e3be47069fa510234bea3da8b307e55f8876d330deb04e6ca1958c36c4a2c3a0c3c6d1973ab231c079458630b451c14d24b77e84830fcf320f02a4e65d4aaeae3afa356d204cdf1ff156067fa0aa437726a5ec150a205c78c637738ae7d2bd4bd6c809d2f7105d59198c33d82255e0a6667acf1b51ee1aebe9b93f0b01434c5545ecb05944d102d112df0a8534ee6b5598d7c25053386ffa815a0bfcc609bf10a121b61178906ffce0a72dad3b73477f07be728f96b5bdf3351656f7f53024baeecb1609508a3986394631682f0a0afe05ba6626759b5e7a948fb8a1b9712fd1ef688c530dbab63b8cabdf114521058", 0x1000, 0x8}, {&(0x7f0000001100)="32d8b242bb9b505cfd98f639e88697c38224048eb3df396d81bbec8748dc79d1f3abeab9c4b87ce3620b18423d231fe5248e199105a1e92d0caeb837382981185b49cb551f6264a8aa1fe5ce7635955107b635cfa2ab623b03177f7e20536365d4032a562febe08568c7", 0x6a, 0x1}, {&(0x7f0000001180)="27d1f33264c62b0b9ed2851132f41f57dddd1fdf1360ad1a2b1075ae134d94c93736623f496e82c008b07830cc8db21ff1607ed0a7e6bed8c064c5a0434f3ecd010d20fb69a51c768101b4eafa19923c423ee65702bf6690f25bef3aa0ce4eb7432795c25eceef939a6a7f04f7c72e45ab4e9cf1c4aaa634b91eda7bbaca6d3439dc698c8b8cec5518e1b5745b2f88b5b3aea84715d81928a8c2df87a2e23c298dd89325dbcd08fd1508b9591d93d60f53206c8a47766b7127c3f9f4a4d89022990aa195f9cbcc24e17104d581fee493abb37ae0e8a609b1cf2a47d48ab91763643f6d19c522443def91", 0xea, 0x100000001}, {&(0x7f0000001280)="a1eaedf9ba3efcefe71ba4669992a705e25f69357def34e4a4e8db16ae047f95607c900138480cecf9bc561026eb35402b2430758066a2f8bede0f41b5b96184c814f4596570ab064a349a7eb23452c879da4b1e30421f", 0x57, 0x4}, {&(0x7f0000001300)="7846ce79957adae2019ee35bffef23d5067c697d60c9cdf79f4ca458817c0d52d71846d7939344f2656f135107f540739c", 0x31, 0x42b}, {&(0x7f0000001340)="af41ca154ada9c35ed267ef6673343cdfe612f57c025897bff494f0aa48febd9f2fec2707af3471379de19b6e9c7684f62c12b3aa4b737ef7ae7254ccdce26604d59bf396a9495bc2c0cc9eb1a693635b02d629c5e68a48e32f9ffd7758bd96629f5ebf015a7fb086a2120dd33287ab8ab683af060a04b37da576eb5a6c644cc60ed9812844b6cbd5e42cc4196327208c4cdffa5c79685374aaa9db0f07f44157ad5b25af14154a38fcdda946535182e533016f8eb89042f2b4ff770e4eecc5aae9a6e82dd8a81b35a60b4e5e2da1cfc4727333d9c25abaa95a4a118ad6813d1", 0xe0, 0xfe}], 0x0, &(0x7f0000001640)={[{@journal_async_commit='journal_async_commit'}, {@test_dummy_encryption='test_dummy_encryption'}, {@data_journal='data=journal'}, {@data_err_abort='data_err=abort'}, {@acl='acl'}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1}}, {@mblk_io_submit='mblk_io_submit'}], [{@euid_lt={'euid<', r0}}, {@audit='audit'}, {@euid_gt={'euid>', r2}}, {@smackfsroot={'smackfsroot', 0x3d, 'userlo#@]vmnet1'}}]}) 17:52:47 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r0, 0x89e1, 0x0) r1 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r1) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000000)={r3}, 0xc) getsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000000)={r3, 0x5, 0x7, 0x7f}, &(0x7f0000000040)=0x10) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(r4, 0x3c) ptrace$cont(0x18, r4, 0x0, 0x0) ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r4, 0x0, 0x0) 17:52:47 executing program 2: syz_mount_image$xfs(&(0x7f0000000040)='xfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x10, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000001500)={{{@in6=@dev, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in=@remote}}, &(0x7f0000001600)=0xe8) getsockopt$IP_VS_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x481, &(0x7f0000001740), &(0x7f0000001780)=0xc) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x6, &(0x7f0000001440)=[{&(0x7f0000000100)="3805b903f9c440756b4be46011ccefa770788b4571fd187e0aefd9fd051405d586c6a9df2c576339ec5d792105df72d6028afd5254689dbb70925a3e7cca6ed564c289cf8eb03fec6ea010a5daac34159ba78143d93e0fccd2589f603f9aca913261e1251b5bf9d34ab47d794ddf25161066b92673e6ed105d7e509c34dcdd16a602bdce1e895866f353d372b65dc65abec7158cdb16e371e61b701cc30b1f7e899d401800aadde2bf751290be280cc8ffde4202fe472cafce5c7521bfa044d22d3a345fcd2385118aad26ea205747eb04363a56bc2b42aa76446a4eb18344f6f5deef74fcc0b4c390341ba855683781aea65d0daeeb9cdef407ef50c15954fd7c5594fac4324715b6fa01d2c8fc59fd110b0219b8c398b7dee36621162a4f5389b7fbcf59c092193c19dd7b4c1cfcc1a6b1e05d833c675ca91a84405634b7991a45c3026568f768d3cd852671d3001b92136961228c51172be1d9cd445e3b3185812a3e225fad2db7a5c5a50b1494b386f6a000fb2885be4aa129a1c2726bc46067c2ff90fdd86c3a56f411d4e95bf7ba5bc7ed84182bd4c39f517e30d03b7d46c1c26d15168dd53085e33d75ce8778138ec29c4a462b6f2ff3e1b12eb0f5c3c1d7a234b205da84b0a84a8260645ee60d09feec4607419a93b3ccf4b9aae8e65115c6831abcfd12d82d5cca9ee2862486d0bfefb78927e10f41508ff9ecbe754ca0019624fc0e56f602fb2f88276fc95bf72437f9b410584da747cebac9b3a7157d7ba012970ba99057775c4f80fa4d540adf4d693848a43d948f8216f9439cb5ba94ff55848074cff640c42f42fbf47a60cc946e9d6b86283b886f5055f338204c1663256301bd620f41ea993406abaa10c69b3b3bddb71c91a3cbb910e91a7a30d6cc585f62711bc3c22e8135496e4f5dba17682db949fe949571db43bec0b9442b559dc3049a75d3452b2b65e6d725c7049cab25e35f2dcfe522d73f60badaf5b3ddf743197523ac6c2f9153c7052a7afe151ba015380301457e5e3d7a04e9cad81c759e6e34ee662582528005a6ad66a1a19afd2de42d48491fd6be6110c2c7e9bf9a946be65721d10fb705b4bd538fa3ffde51acddb36c23bbcfccf99c038f56f15a7fc59a067392682601b4b8de4fd338cc554281eefaa629df9477ef2c437fdb0e1dfcd9d9593ce4eb4d7af14212c742eaf262757bbf46011d843f78490f5b91c7b5b32281290d516baa5205432365cf26be1bdfa1c8315714e9878f63a6df205bcd5419d0fa0defe7b6d290cc5a8d5a09bfbc0b8ca004196238ce63b3125f207f5f968c1684bb0644db5e50d323a54ee1efda2f7b4ea18a8a66976b584f0527fb59529a05f374f1376bf3e6b17af6af067d0263174c4e2fa2fc17276ced7a8e13f30c508ff7121967b935345fb0b85c34a17332d43fe555538dfd4b6770d4b7b827d25d691186beee5d36749e84633305c5049ada39d300c0acc97595f5c45505b8d65c85fdee841f2db307a6027b9df99b19594ed3684c130ee806cda4d3edf4c9671bae4ac5450b66b8fdc0eb33366535fe0b1a2ae835d1a9c2c79244a8ec3ef949597777eece288d4d9b6f6e465546d80e00cac9f7c71b1f516882bfc378663168ab37192580d80e36dc9943f34959a37292ae5f7d23e82b52874a6059e2df89348c02cc64335b5e2d49c480a7cebdebe6bec79ff30c5b38147f9cea86cbb1e3ad3d3fbd383bbe9011417c1fea4162d9106f2ba8be2e0220856d1688474e0e68ee1d27da7bd064eb6b66842704e3bbcd3d0be52469ed5d2679ef788b065520393ce905196b10bb396422126c0d80dc9b87002d4f345dfe4e18116951625b771f3b27474669645387b1f4f0930bdff61af1d95dcb7c4dc299329cd17e1ef13b67d007c07356bacc18b4956d6f456deb21ae9564f86a9b036d767bc5aaabcecbd01c562dec39a03b856716563644873eebd6fcc59b32be9b222a512ac660a0d50c7315745c311ec9d0d730b856f88fcda9b356a5dd4205144ffe6320181e0166557c4bebea446871631c959912a244d542feb04b48ce82b79bd6775820126f83710d68e8d5f15fb6ae3d58a202b9ad89ccc34e0670154d24461f75e75c40460fb6f3e1693998a5e4d4b052c7a4e3500dcb747abe2bf4dd08334f1e79e44783425159548fa02aadc9bc774d121ed9e745fa69b737a6a4f57652a5bd71189309d92e368df3a2406bc9f134ca8c5f0168d87982537496760b616baf1ee16b221fd3036a80d16fe4e306f8ce924c8adb5393af99a447a5c9a948ca631c064126fd95be7f17a7eab758f93ae115ff28ddb194cf6bf68f00ecfa4d05fbfc0b1a8c493f14475cf9b41f51ec4e2ad153a664593cee65c1e9dca8442cb1d6a4d48b44ec5935c461a16a224e6bcd4dbe4f534f833765619775d4201611342bafda42ffe13d1e9b76273a17f610053646e59f7658479271d731e09c0c7e0816c017667a20def278fa672bf1ee5c5b22b8b8dba599ea8148a141e75c81d0375bfbb22186c2da42577647235f503c367c149f21b2056e291021f383ac86e6dd3b143799e98bcbf238a87570e26385889322dd5c5af5e2e99e6236b1d1428b4f5f4b52d3ad10d1c797aa2def66daf6ccd23446e54edeec100e4fa43a5d410a80e7471d53dffb8ccf989fbeb3b684e3aded768914c103991dbeac67db48b5a6114b4b67618455d0cff7b23cf8654081fff9ec9017fa826431eda5277601e2eb1eebfc507298a0c10cf625343f97755ce14743141af92f0e07cb295a0c0625bbe2481268fa221b5453bb8f83af755b9b784a81e51ec93dcc141b61115af8b3193b56610d463f4b65baa7e63462fe65dc5638cf1610f647c991491dd7aa30053e5bbe43d1d7dd0bef67cd348b8650cde4edccf50e54655c05d8f2a2bf15a617eb13aed534b19036767c91f8f6e5e262342335de16f04672588e403e198abe06a9a5fe7b7e1da269acd5cb079bce57b5163ca126ef3624bbdb464156d621cd6f0d45eb4c188d69912f46649eefcfe726fd81cdfa65f73a25f6f687d04662a82cd6896b5f8f1d1d9b32cfaab24fa84612a7dbdcd7ab68ca5cce53236b48b203c6ac311eda57b336cd85cfb1bf150c5907dab9b038862bc52b4f5bb03ecbfee9df3fc0fe4d843a188fee8e1f72131164ff5f9df7473b46abb6eabf494a9070a9c2609775569c726809521471141531ace401430ca90771a07b3acb7c90c2dca62b16b3fb0d5a5afd4f7d8ef3ea88f9f99cd38b1a0d96215b147051fe4209ab9c61010f9da6380e36a37ba04f1addd60cb61c21599474ab0ad7c8e853c2d993f2616a4be44d4591112564d088a86a0a791b61cc5eb75624b78ceaf5760ceff74f28ed7238544776f9fefe32bc897936710aa58a5a8a6dca93d8ba406758229c56ce03399605944e8206172e9efc4028c52eb56aab48bbe913ff85d031e06320ead26106262faa59789b2366fe515baf8dfa937e6564c0a59123de941f56f9724e6488c200cd8b662752fae7fb6ef18183cd8c2d368861463eb1acad3a874d5bc70b11aae85ea9bf9b7c86e2728643f5b02bc15983066d96f4cd3a3fb9988a16139702ed405c1b9f11618731f0b1d05952030c5ef60f27548a0b5748b74ef68e1fb57e1c9e8308b83caf672ce082f27e0738da4b9183c5024b02b896026075d58925f1728367dab4f6709270ce8725d7f8cfb7a31afa5d3bd9dab7adee60539a10b7761f0f2f8e3330a6f3b72a01923fc43416b96847a9add2fed7f0d57b9e204e5d1d535f8f3cfd000a544c395e3e05ff8bf23918acf6dbc1db94586db787ff2f6fd3b4e52a665d52bfd450d7ccafbad6010e032d1565cf1553e265bdd472291e9b407eca7df22937c16943330f26e1984ce656bc66c4c68b1d4882b742d19aae5956f78cc6a57fe17080565f8a2f936e6ee6ed8293c6731c6acfa94ebb3946bb5c5ce034dab9a4647a9cecfecfa5e41eee51b225c688e1cb60bd386fbcafba3992c30bac7b4a40e3799977bbcb5f5b8e7e527664d9c9b46f276fb07770f29b4167cf50a12df52e0b9d1729ab179121ba8b69fd1c8ad87a2f303b0e019164cc020f82b2b075545a8b5669ab98765a4d37e443902da651ea47a0f7f2fa33ad2fa1c644b360a055df504d9e260bb252aad66a7f76e7d33a47d5c9f3a80f12f1306769d7d6875e3e070026ab1d01d7c2001a903b316b3b4e1dea3db54b5dc7c3fee2c3744757758b5ecd13859eef360be433c3259a0938488501f101d09b56ab7daf9c867c5b51b447cca34ce77ef86a96c863c4014047afb87e6640b137c3ab1a65cf750c1c2dec3f0f40d1cefaaa6ac6414edbc144f5804ac7420ebb43f842f349a6b05280b02caf34c648b8a7603d3287c6bffa930ec188f19026d4fe082726679f293bd40d996530f509e236ba65a3c603c153570fc4eafb46ddd1c2352ea5b9bc78a95a382aeadcb7612cbfd1ebb6cf0f6e79c2d8cade66e29f21f98f057903b500e113355f8d9aaecdd774ecb2b4677c12d63726a2a0e208e3a1878088dcd0c8dd02ddc18730b76739c13034eaea001f0df2d0e49917e2b8d49a7d5472d2b790b04a61fa6f7ec3ddf4df4cf0068833f87ddc8e00225e5ca4045b1a8d565942501784294635498f563e3a2fda5baa08a1d69f29512c762260fbb99f06f89a059c18a92ba6a5017853b7187ee67d811b74d3a32281fc0192f1a68ea26dd3886181cda63f361eb70c308542ca6ad9db402ffd6db84476b8cd7d4800fa78fbeb8cddbd4bc0388da3f872e6865f2d9c95954e8dabcf9b80b6d0009e589d6f01210023e3f62d10b328649733dca0671a4c930a6f9e6fe219f64b99f0d1e86e8c2449931a1af40c18ae57005a5aec58eb93f7552b64bbddeaceb5095f44486788f31b36ccb3032d54ae3ef9328eb818a2426839c6f98db63cb761f3753a539400ecfa82d1be67253f256d4b636c10d7a2a9b6fa21ddf0b3e4b61fbbcfef12fa1fa84e78acde7de3e073abfbca0f0d6d382dc4c1c7fe58638d0a1382fe4d4d200bc214df775dfd67592c9cce7dfc906106122a41ce83e57ac38f3f2d9e14df41e5604590bb2b18aee0c915189095c5ad52074c871bd6de88bc20a90d01219876e78877c6ab58be6d8c425b1964c7f9650fc44f50dffe9270f10b0a38241e490a4702650b5ba9d8bbda8ff6a1ce98020836426fdbe527ebae5b7b6b735377d4e35b64f3435cef4e9c914ebc9352973225a113ea088ead28b6940a3e7ed45863137f52322191007154421ac3bfeb96fead0a4ff6dd8923c3c7174ff51ccaf4c4e7be5bffe1e32032b7a1186fc320350c3e4bd0fc68fc94963204a6080d6d5cfb1650a55eb6dc351350417e65ec9344dbc4ae8624604ee3041f84c27c8f9c5190964a08f5a1c3a5c0e09445724c442f82370a0be121d14841967e3be47069fa510234bea3da8b307e55f8876d330deb04e6ca1958c36c4a2c3a0c3c6d1973ab231c079458630b451c14d24b77e84830fcf320f02a4e65d4aaeae3afa356d204cdf1ff156067fa0aa437726a5ec150a205c78c637738ae7d2bd4bd6c809d2f7105d59198c33d82255e0a6667acf1b51ee1aebe9b93f0b01434c5545ecb05944d102d112df0a8534ee6b5598d7c25053386ffa815a0bfcc609bf10a121b61178906ffce0a72dad3b73477f07be728f96b5bdf3351656f7f53024baeecb1609508a3986394631682f0a0afe05ba6626759b5e7a948fb8a1b9712fd1ef688c530dbab63b8cabdf114521058", 0x1000, 0x8}, {&(0x7f0000001100)="32d8b242bb9b505cfd98f639e88697c38224048eb3df396d81bbec8748dc79d1f3abeab9c4b87ce3620b18423d231fe5248e199105a1e92d0caeb837382981185b49cb551f6264a8aa1fe5ce7635955107b635cfa2ab623b03177f7e20536365d4032a562febe08568c7", 0x6a, 0x1}, {&(0x7f0000001180)="27d1f33264c62b0b9ed2851132f41f57dddd1fdf1360ad1a2b1075ae134d94c93736623f496e82c008b07830cc8db21ff1607ed0a7e6bed8c064c5a0434f3ecd010d20fb69a51c768101b4eafa19923c423ee65702bf6690f25bef3aa0ce4eb7432795c25eceef939a6a7f04f7c72e45ab4e9cf1c4aaa634b91eda7bbaca6d3439dc698c8b8cec5518e1b5745b2f88b5b3aea84715d81928a8c2df87a2e23c298dd89325dbcd08fd1508b9591d93d60f53206c8a47766b7127c3f9f4a4d89022990aa195f9cbcc24e17104d581fee493abb37ae0e8a609b1cf2a47d48ab91763643f6d19c522443def91", 0xea, 0x100000001}, {&(0x7f0000001280)="a1eaedf9ba3efcefe71ba4669992a705e25f69357def34e4a4e8db16ae047f95607c900138480cecf9bc561026eb35402b2430758066a2f8bede0f41b5b96184c814f4596570ab064a349a7eb23452c879da4b1e30421f", 0x57, 0x4}, {&(0x7f0000001300)="7846ce79957adae2019ee35bffef23d5067c697d60c9cdf79f4ca458817c0d52d71846d7939344f2656f135107f540739c", 0x31, 0x42b}, {&(0x7f0000001340)="af41ca154ada9c35ed267ef6673343cdfe612f57c025897bff494f0aa48febd9f2fec2707af3471379de19b6e9c7684f62c12b3aa4b737ef7ae7254ccdce26604d59bf396a9495bc2c0cc9eb1a693635b02d629c5e68a48e32f9ffd7758bd96629f5ebf015a7fb086a2120dd33287ab8ab683af060a04b37da576eb5a6c644cc60ed9812844b6cbd5e42cc4196327208c4cdffa5c79685374aaa9db0f07f44157ad5b25af14154a38fcdda946535182e533016f8eb89042f2b4ff770e4eecc5aae9a6e82dd8a81b35a60b4e5e2da1cfc4727333d9c25abaa95a4a118ad6813d1", 0xe0, 0xfe}], 0x0, &(0x7f0000001640)={[{@journal_async_commit='journal_async_commit'}, {@test_dummy_encryption='test_dummy_encryption'}, {@data_journal='data=journal'}, {@data_err_abort='data_err=abort'}, {@acl='acl'}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1}}, {@mblk_io_submit='mblk_io_submit'}], [{@euid_lt={'euid<', r0}}, {@audit='audit'}, {@euid_gt={'euid>', r2}}, {@smackfsroot={'smackfsroot', 0x3d, 'userlo#@]vmnet1'}}]}) 17:52:47 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x10000}], 0x3, 0x0) 17:52:47 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r1, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r2, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) r3 = fcntl$getown(r1, 0x9) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r3, 0x10, &(0x7f0000000040)={0x8}) wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup2(r5, r4) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:52:47 executing program 2: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = memfd_create(&(0x7f0000000200)='\x00', 0x0) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0) setsockopt$packet_int(r1, 0x107, 0x13, &(0x7f00000000c0)=0xffff, 0x4) write$binfmt_elf32(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="000022e2b492df54d20fd7ca6ef19eb53a1186"], 0x2) execveat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x1000) 17:52:47 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0), 0x0, 0x10000}], 0x3, 0x0) 17:52:48 executing program 2: socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000005000/0x3000)=nil, 0x3000, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000100)=0x6, 0x4) shmat(0x0, &(0x7f0000ffb000/0x3000)=nil, 0x1000004001) shmat(0x0, &(0x7f0000ffa000/0x3000)=nil, 0x4000) r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TCSETS(r2, 0x5402, &(0x7f0000000140)) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$EVIOCGEFFECTS(r0, 0x80044584, &(0x7f0000000000)=""/55) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=@newlink={0x28, 0x10, 0x801, 0x0, 0xfffffffe, {}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x40801}, 0x0) dup3(0xffffffffffffffff, r2, 0x0) 17:52:48 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0), 0x0, 0x10000}], 0x3, 0x0) [ 3470.188856] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 3470.206174] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 3470.218196] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 17:52:48 executing program 2: r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r0, 0x89e1, 0x0) getsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f00000000c0)=""/72, &(0x7f0000000140)=0x48) ioctl$LOOP_SET_CAPACITY(r0, 0x4c07) ioctl$LOOP_SET_BLOCK_SIZE(0xffffffffffffffff, 0x4c09, 0x2) getsockopt$bt_rfcomm_RFCOMM_LM(0xffffffffffffffff, 0x12, 0x3, &(0x7f0000000000), &(0x7f0000000040)=0x4) r1 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0) pwrite64(r0, &(0x7f000003bfff)="0f", 0xfffffdba, 0x40000000000000) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0x11, r1, 0xa0400000) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) sendmmsg$inet6(r2, &(0x7f0000003f40)=[{{&(0x7f00000002c0)={0xa, 0x4e22, 0x0, @ipv4={[], [], @local}, 0x20000}, 0x1c, 0x0}}, {{&(0x7f0000001540)={0xa, 0x0, 0x0, @remote}, 0xffffffffffffffc9, 0x0}}], 0x2, 0x4000000) 17:52:48 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0xfffffffffffffde6, 0x1, 0x0, 0x0, 0x5, 0x0, 0x0, 0x4}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)=ANY=[@ANYBLOB="01000000", @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:52:48 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0), 0x0, 0x10000}], 0x3, 0x0) 17:52:48 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000300)={0x0, 0x0, 0xffffffffffff3ffc}, 0x4) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) sendmmsg(r2, &(0x7f00000092c0), 0x0, 0x0) 17:52:48 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) vmsplice(r1, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed702000000ffb83f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74ec2ba80a0fa881e689f7615baf78f08ea33bcb860d6a0071193d4a1cb622431d42fee5ea7531bfdfe5cb1070000005ac0177d", 0xffffffffffffff4c}], 0x4, 0x4) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:52:48 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:52:48 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2", 0x24, 0x10000}], 0x3, 0x0) 17:52:50 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r1, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_DEL_SERVICE(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20400200}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r2, 0x200, 0x70bd2a, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1000}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xba}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xa4c}, @IPVS_CMD_ATTR_DEST={0x18, 0x2, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@loopback}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x24004021}, 0x7c9c4757c1aa77f6) r3 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup2(r5, r4) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r3, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r3, 0x3c) ptrace$cont(0x18, r3, 0x0, 0x0) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r3, 0x0, 0x0) 17:52:50 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$TIPC_MCAST_BROADCAST(r1, 0x10f, 0x85) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-monitor\x00', 0x0, 0x0) mkdir(&(0x7f0000000b40)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000080)='./bus/file0\x00', 0x0) setxattr$trusted_overlay_redirect(&(0x7f0000000240)='./bus/file0\x00', &(0x7f0000000280)='trusted.overlay.redirect\x00', &(0x7f00000002c0)='./file1\x00', 0x8, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000100), 0x0, &(0x7f0000000000)={[{@lowerdir={'\x00@\x00', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) statfs(&(0x7f0000000040)='./bus/file0\x00', &(0x7f0000000140)=""/57) clone(0x50003903, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000140)=0xffffffffffffffff) r2 = socket$inet6(0xa, 0x3, 0x3a) ftruncate(0xffffffffffffffff, 0x0) sendfile(r2, 0xffffffffffffffff, 0x0, 0x8482) r3 = socket$inet6(0xa, 0x801, 0x0) bind$inet6(r3, &(0x7f0000000380)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x5, 0x0, "913fa7c292d3d3841feaa73b24735180b4fadafbd0ae8fdf06dc1c0fffaedf7b3cf0239733e29abbc5d501554cc12846eb3ebd34bab758954fc222777a53c4c0a8e473b6e9bb9bd5b5f2ee63c9774539"}, 0xd8) r4 = dup(r3) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ftruncate(r5, 0x2007fff) r6 = syz_open_dev$amidi(&(0x7f0000000300)='/dev/amidi#\x00', 0xffffffff, 0x10200) ioctl$PPPIOCSMRRU(r6, 0x4004743b, &(0x7f0000000340)=0x1000) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x38e00, 0x0) sendfile(r4, r5, 0x0, 0x87ff7) socket$inet6_sctp(0xa, 0x10000000005, 0x84) 17:52:50 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2", 0x24, 0x10000}], 0x3, 0x0) 17:52:50 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000480)='/dev/mixer\x00', 0x2, 0x0) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r6, 0xc0a85322, &(0x7f00000007c0)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r7 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r8 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r8, 0x89e1, 0x0) r9 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r9) r10 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r10, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r10, 0x84, 0x1d, &(0x7f0000000400)=ANY=[@ANYBLOB="8d0d29221511036d1746307b2a4a640324ee4ec1ff03000000000000543102d266338270b366afd2e759ebefc302e0660c63fb42cefdcc78d53bb7c7bb7080ccdc9b0000000032d09eb829743e66d75b", @ANYRES32=0x0], &(0x7f00000000c0)=0x2) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r9, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r8, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r11}, &(0x7f00000002c0)=0x20) 17:52:50 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x40800) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) timer_create(0x6, &(0x7f0000000080)={0x0, 0x5, 0x6, @tid=r1}, &(0x7f0000000100)=0x0) timer_delete(r2) wait4(0x0, 0x0, 0x80000002, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/current\x00', 0x2, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x28f}, {0x0}, {0x0}, {&(0x7f0000000140)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)={0x7, 0x4, 0x8}, 0x2c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r3, 0x28, &(0x7f0000000240)={0x0, 0x0}}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000040)={r4, 0x48, 0x8}, 0xc) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000200)={r4, 0x5, 0x8}, 0xc) ptrace$cont(0x9, r0, 0x0, 0x0) 17:52:50 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:52:51 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:52:51 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2", 0x24, 0x10000}], 0x3, 0x0) [ 3473.357888] IPVS: ftp: loaded support on port[0] = 21 17:52:51 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000", 0x36, 0x10000}], 0x3, 0x0) 17:52:51 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000", 0x36, 0x10000}], 0x3, 0x0) 17:52:51 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000", 0x36, 0x10000}], 0x3, 0x0) 17:52:51 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000", 0x3f, 0x10000}], 0x3, 0x0) 17:52:51 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000", 0x3f, 0x10000}], 0x3, 0x0) 17:52:51 executing program 2: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000480)='/dev/mixer\x00', 0x2, 0x0) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r6, 0xc0a85322, &(0x7f00000007c0)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r7 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r8 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r8, 0x89e1, 0x0) r9 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r9) r10 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r10, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r10, 0x84, 0x1d, &(0x7f0000000400)=ANY=[@ANYBLOB="8d0d29221511036d1746307b2a4a640324ee4ec1ff03000000000000543102d266338270b366afd2e759ebefc302e0660c63fb42cefdcc78d53bb7c7bb7080ccdc9b0000000032d09eb829743e66d75b", @ANYRES32=0x0], &(0x7f00000000c0)=0x2) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r9, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r8, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r11}, &(0x7f00000002c0)=0x20) 17:52:51 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000", 0x3f, 0x10000}], 0x3, 0x0) 17:52:51 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:52:53 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x250782, 0x0) ioctl$LOOP_CLR_FD(r1, 0x4c01) wait4(0x0, 0x0, 0x1, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x0) ioctl$MON_IOCQ_URB_LEN(0xffffffffffffffff, 0x9201) r2 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x1, 0x482702) ioctl$EVIOCRMFF(r2, 0x40044581, &(0x7f0000000080)=0x6e) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:52:53 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz', 0x3}, &(0x7f0000000440)="70d4258570c435f0b72069def71c60ae", 0x10, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r7, 0x89e1, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r7, 0xc0a85322, &(0x7f0000000680)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r8 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r8, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r8, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r9 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r9, 0x89e1, 0x0) r10 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r10) r11 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r11, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r11, 0x84, 0x1d, &(0x7f0000000580)=ANY=[@ANYBLOB="00000000fd353ba9fc2c8539c6a7ef57a93621b627857b09f8bb1a29eaf2dabe9f0ddf041327371bd0c76ace14bdf6a35f96de49326a100aab4fd5b50f3863659d0759873343fda3b03ef35c2ae259d03f3ca22a66b5788c6c259150183599e30a35c2f696a0c3c21dac01009ad23dd3a195e8581df33f10db78c8fcce4a5deb734db1c49ae228b37c373bcaccdc0b7db6cda10ea2c377898d315d25e923605e4e170aa499aa1d0bcecd5bd6f73ccedd4b70044293bf0958469f6b012851f7b5393cbe7d1d46e1a1a4422fa14ea9422c3e1a9953", @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r10, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r9, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r12}, &(0x7f00000002c0)=0x20) 17:52:54 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x7a, 0x0) 17:52:54 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f424852", 0x44, 0x10000}], 0x3, 0x0) 17:52:54 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:52:54 executing program 2: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/ignore_tunneled\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0xff, 0x0, 0x0, 0x0, 0x0, 0x7f, 0xb0000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, r0, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) symlink(0x0, &(0x7f0000000000)='.//ile0\x00') mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) socket$inet_udplite(0x2, 0x2, 0x88) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getpid() sendmsg$unix(r1, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)}, 0x0) getpid() sendmsg$unix(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)}, 0x0) lchown(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) 17:52:54 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4200, r0, 0xfffffffffffffffd, 0x0) tkill(r0, 0x3c) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x2, 0x0) write$P9_RSTAT(r1, &(0x7f0000000100)={0x61, 0x7d, 0x1, {0x0, 0x5a, 0x8000, 0x8, {0x80, 0x0, 0x1}, 0x10000000, 0x4, 0x6, 0x34, 0xc, '/dev/audio#\x00', 0xc, '/dev/audio#\x00', 0xc, '/dev/audio#\x00', 0x3, 'em1'}}, 0x61) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r2 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x81, 0x80000) ioctl$DRM_IOCTL_RM_MAP(r2, 0x4028641b, &(0x7f0000000040)={&(0x7f0000ffc000/0x3000)=nil, 0x93, 0x1, 0x80, &(0x7f0000ffb000/0x3000)=nil, 0x4dd}) ptrace$cont(0x9, r0, 0x0, 0x0) 17:52:54 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) ptrace$setopts(0x4200, r1, 0x9, 0x100000) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:52:54 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r2, 0x89e1, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0xfefd, 0x0, 0x0, 0xfffffffffffffffc) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000080)="0fc731fff10f01c3fc670f32f00fb338baf80c66b824e0188266efbafc0c66ed0f01c8f26ef6b92700", 0x29}], 0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, &(0x7f0000000000)={'syz_tun\x00', {0x2, 0x0, @empty}}) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 3476.354457] overlayfs: filesystem on './file0' not supported as upperdir 17:52:54 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f424852", 0x44, 0x10000}], 0x3, 0x0) 17:52:54 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f424852", 0x44, 0x10000}], 0x3, 0x0) 17:52:54 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) listen(r0, 0x6) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r1) ioctl$SG_GET_TIMEOUT(0xffffffffffffffff, 0x2202, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="56f563761508000000000000100000f90c2d000900dca311833f47c703ab1c39ad5ca9d7c0d7cc34e0841e5a54351eabcd3e7996ca2ca6f8e37eedaf39b37acf8e00dda54aaa802edb707a060f1f367c89dc980fe88484290ce3b52856df88cf0ce5b88e74cdc71dd51c97200e8abbab88ad975bd0967584747ba98898db6cbae6cff3c6e2103c47fd1cf74f88da72c87e796a06fb3f910a85f67a0000000000000000899cc9325fa2af02abb7df909629e7627d645e79e81abee3311666ba7f0af0fff3a6475a"], 0xc7) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000400)={0x8, 0x1, 0x4, {0xa, @pix_mp={0x5, 0x3, 0x32314d54, 0x5, 0x2, [{0x3, 0x3}, {0x8531, 0x1}, {0x2, 0x1}, {0x2, 0x4}, {0x8000, 0x2}, {0x4, 0x8}, {0x4, 0x1}, {0x20, 0x5}], 0x8, 0x0, 0x3, 0x0, 0x3}}}) unlink(&(0x7f0000001e00)='./bus\x00') sendfile(r2, r2, &(0x7f00000001c0), 0x8080fffffffe) creat(&(0x7f0000000280)='./file0\x00', 0x0) 17:52:54 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f4248526653", 0x46, 0x10000}], 0x3, 0x0) 17:52:54 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f4248526653", 0x46, 0x10000}], 0x3, 0x0) [ 3477.380329] audit: type=1804 audit(1574013175.257:4428): pid=25757 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir746674277/syzkaller.aS8bVU/50/file0" dev="sda1" ino=16641 res=1 17:52:57 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x4, 0x40) ioctl$KVM_ENABLE_CAP_CPU(r1, 0x4068aea3, &(0x7f0000000100)={0x0, 0x0, [0x3851, 0x7, 0x1b07]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:52:57 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000440)={0x1, 0x0, {0xffffffff, 0x3, 0x1}}) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f0000000480)=ANY=[@ANYBLOB="01000000b7240aba1f9505a0955015", @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:52:57 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:52:57 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f4248526653", 0x46, 0x10000}], 0x3, 0x0) 17:52:57 executing program 2: socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) r1 = socket$inet6(0xa, 0x2, 0x0) close(r1) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x800000141042, 0x0) ftruncate(r2, 0x200006) sendfile(r1, r2, 0x0, 0x8000fffffffe) ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000000240)) r3 = getpid() sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) prlimit64(r3, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r4 = getpid() sched_setattr(r4, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r5, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r7, 0x407, 0x0) pipe2$9p(&(0x7f0000000100), 0x4800) write(r7, &(0x7f0000000340), 0x41395527) vmsplice(r6, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x2}, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) close(0xffffffffffffffff) io_setup(0x3d8, &(0x7f00000004c0)=0x0) io_submit(r8, 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x400c6615, &(0x7f0000000140)) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000200)='net/igmp\x00') write$P9_RREADLINK(0xffffffffffffffff, &(0x7f00000011c0)=ANY=[], 0x0) syz_open_procfs(0x0, 0x0) r9 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x40000000806, 0x0) ioctl$int_in(r9, 0x800000c0045006, &(0x7f0000000000)=0x7b) r10 = socket$inet6(0xa, 0x2, 0x0) close(r10) r11 = open(&(0x7f00000000c0)='./bus\x00', 0x800000141042, 0x0) ftruncate(r11, 0x200006) sendfile(r10, r11, 0x0, 0x8000fffffffe) openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000500)='/selinux/avc/hash_stats\x00', 0x0, 0x0) ioctl$TCGETX(r7, 0x5432, &(0x7f0000000340)) r12 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r12, &(0x7f0000002740)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) r13 = socket$inet(0xa, 0x801, 0x84) connect$inet(r13, &(0x7f0000000080)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x50) listen(r13, 0x8) r14 = socket$inet(0xa, 0x801, 0x84) connect$inet(r14, &(0x7f0000000080)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x50) listen(r14, 0x8) r15 = accept4(r14, 0x0, 0x0, 0x0) close(r15) setsockopt$inet6_opts(r15, 0x29, 0x3b, &(0x7f0000000540)=ANY=[@ANYBLOB="00000000000000001bbaba7eeb26f8cf4600000000ce3d45535db62d6800f5000430507b8b30c4792fe443c46706c3cbe774c16f49e9ad1196a94709cab0ed1632734753ed4a451153384b1a250d5abbfed6dac47be88dea55ac33677a325453c03800000000000000000000c405da307369e15bd3dcc2218a0416a7689c5b8d2b3a8bb18bd719333a3d2260af38a9e035521deb960a6d7c6682a54da2d4a6f717828bd179e0d3252b55577dfeb88aa7726ceeef598b558ec306730799e4a9e51e0002000000000000d2ab2e6a084db4160d3c23a15b46c8ebe7ae5c703bc4a415ef48e9da716e978882d7f9f814c048bf49aaf2a349c682ac0000b3fc31b0623b00"/268], 0x8) sendmsg$unix(r15, &(0x7f0000000880)={&(0x7f00000001c0)=@abs, 0x6e, 0x0}, 0x0) r16 = accept4(r12, 0x0, 0x0, 0x800) close(r16) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000380)=ANY=[@ANYBLOB="00000000000000001bbaba7eeb26f8cf46eb4e19b3ce3d45535db62d6800f5000430507b8b30c4792fe443c46706c3cbe774c16f49e9ad1196a94709cab0ed1632734753876067eeb2f4f9ccde5d20f68899ed4a454653384b1a250d5abbfed6dac47be88dea55ac33677a325453c03800000000000000000000c405da307369e15bc1a9c2218a0416c6689c5b8d2b3a8bb18bd719333a3d2260af38a9e035521debd60a6d7c6682a54da2d4a6f717828bd179e0d3252b55577dfeb88aa7726ceeef598b558ec3067307992978b2a779a1c0666a8c45e4a9e51e6424660bfae52955d2ab2e6a084db4160d3c23a15b46c8ebe7ae5c703bc4a415ef48e9da71c048bf4faa"], 0x8) setsockopt$inet6_opts(r16, 0x29, 0x37, &(0x7f0000001280)=ANY=[], 0x0) sendmmsg(r12, &(0x7f0000007e00), 0x136a88c8311572c, 0x11) 17:52:57 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) mincore(&(0x7f0000ffc000/0x3000)=nil, 0x3000, &(0x7f0000000000)=""/85) 17:52:57 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f", 0x47, 0x10000}], 0x3, 0x0) 17:52:57 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f", 0x47, 0x10000}], 0x3, 0x0) 17:52:57 executing program 2: timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x1c9c380}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) preadv(0xffffffffffffffff, 0x0, 0x1d, 0x0) socket$netlink(0x10, 0x3, 0x0) symlink(&(0x7f0000000040)='./file1\x00', &(0x7f0000000000)='.//ile0\x00') r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x1, 0x0) pipe2(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84000) getsockopt$CAN_RAW_RECV_OWN_MSGS(r2, 0x65, 0x4, &(0x7f0000000240), &(0x7f0000000380)=0x4) fcntl$setlease(r0, 0x400, 0x0) syz_open_dev$amidi(0x0, 0x0, 0x101002) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff}) ioctl$VIDIOC_TRY_FMT(r3, 0xc0d05640, &(0x7f0000000480)={0x0, @vbi={0x3, 0x0, 0x101, 0x0, [0x0, 0x4000], [0xfffff800, 0x3]}}) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000280)='/dev/null\x00', 0x10000, 0x0) ioctl$PERF_EVENT_IOC_REFRESH(r4, 0x2402, 0x4e7) r5 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) ftruncate(0xffffffffffffffff, 0x2081fc) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000000c0)={0x6, 0x1d, 0x0, 0x0, 0x100, 0x6, 0x6, 0x4, 0x80, 0xb4, 0xfb, 0x81, 0x0, 0x10001, 0x4, 0x7, 0x1f, 0x92, 0xfd}) socket(0x10, 0x0, 0x0) ioctl$VHOST_GET_FEATURES(r1, 0x8008af00, &(0x7f00000003c0)) renameat(r5, &(0x7f0000000180)='.//ile0\x00', r5, &(0x7f00000007c0)='./file0/f.le.\x00') 17:52:57 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f", 0x47, 0x10000}], 0x3, 0x0) 17:52:57 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48}], 0x3, 0x0) 17:52:57 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) preadv(0xffffffffffffffff, 0x0, 0x1d, 0x0) socket$netlink(0x10, 0x3, 0x0) symlink(&(0x7f0000000040)='./file1\x00', &(0x7f0000000000)='.//ile0\x00') r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x1, 0x0) fcntl$setlease(r0, 0x400, 0x0) r1 = syz_open_dev$amidi(0x0, 0x0, 0x101002) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) pipe(&(0x7f0000000140)) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000280)='/dev/null\x00', 0x10000, 0x0) ioctl$PERF_EVENT_IOC_REFRESH(r2, 0x2402, 0x4e7) r3 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) ftruncate(0xffffffffffffffff, 0x2081fc) socket(0x10, 0x0, 0x0) r4 = getpid() sched_setattr(r4, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_aout(r5, &(0x7f0000000e40)=ANY=[@ANYBLOB="c903de04010300000a00000002000000cc030000010000000000000000000000739f23e52007da77eecbdb75c18d71edc3c64c823854f6a67395fd64ff99fe1a0b60e451425e36d62099b03d8319e0b18ba15d1edeaf0eae5ca5131af248e95914460c9a0dc547466a57bafe5b8a9dc6566175c987ace0300ff11a696abeaffd7d3e6ceb518629fb87f787301bf8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e04995470000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f13007468a481f95d7977bd089f1e03ff4d2be0bac629f8a1878124d6dda7ea52925e38f5d7605b08267dc54fb64edb5b7915c2f90ed2df144e19225700a5d84ff2618175c851a0449ccf24c589357bec80e6337548c60f1aa7a631d0491c7b78ae987d65c8e55b14a92776e1f3bb96e57cfb43dd06ff51167d554b818d65131987b6e381ec176bc41b5f0694be844c09b32ed93b3760a11bbf351b0346f18aa39c180a57963ea5a7d"], 0xa37) ioctl$TIOCGPGRP(r5, 0x540f, &(0x7f0000000000)=0x0) r7 = creat(&(0x7f0000000180)='./file0\x00', 0x0) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f0000000040)={0x0, r7, 0x0, 0x0, 0x2}) r8 = getpid() sched_setattr(r8, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r9 = syz_open_dev$cec(0x0, 0x2, 0x2) write$selinux_load(r9, &(0x7f0000000a80)=ANY=[@ANYBLOB], 0x0) r10 = socket$inet6_tcp(0xa, 0x1, 0x0) r11 = fcntl$dupfd(r10, 0x0, r10) setsockopt$EBT_SO_SET_ENTRIES(r11, 0x0, 0x80, &(0x7f0000000180)=@broute={'broute\x00', 0x20, 0x2, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000c0], 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000002000000000000000000000000000000000ffffffff0000000046e73920333a7bd8c5738a45a3cfe941b409bf568c7379439b000000000000000021ebc1a4687f00079f86192c92cb8a9f9061f0e309c5dd2be43915414d947098483757eb60bf3d4bfe1b8cf58595f8b394f7755553811a3479700a566ea09fce3cf82e81bc4a80e81def9713492031ed5c2a12f19942b1"]}, 0x180) r12 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0) r13 = getpgrp(0x0) waitid(0x0, r13, 0x0, 0x0, 0x0) ptrace$getregs(0xe, r13, 0x0, &(0x7f00000001c0)=""/68) r14 = getpgid(r13) r15 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats_percpu\x00') ioctl$sock_SIOCGPGRP(r15, 0x8904, &(0x7f0000000000)=0x0) r17 = getpid() r18 = socket(0xa, 0x3, 0x8) ioctl$sock_inet_SIOCSIFFLAGS(r18, 0x89a2, &(0x7f0000000180)={'bridge0\x00\x00\x01\x00', 0x4}) sendmsg$key(r18, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[], 0x1de}}, 0x0) r19 = gettid() waitid(0x2c7c96e4f825ad55, r19, &(0x7f00000008c0), 0x80000000, &(0x7f0000000940)) r20 = socket$netlink(0x10, 0x3, 0x8000000004) r21 = socket$netlink(0x10, 0x3, 0x8000000004) sendmsg$key(r18, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000540)=ANY=[@ANYPTR64=&(0x7f0000000640)=ANY=[@ANYRES64, @ANYPTR64=&(0x7f0000000380)=ANY=[@ANYPTR=&(0x7f0000000140)=ANY=[@ANYRESOCT=r14, @ANYRES16, @ANYRES16=r14, @ANYRESDEC, @ANYRES32, @ANYRES64], @ANYRESOCT=r20, @ANYRES64=r21, @ANYRES64], @ANYRESDEC=r19]], 0x8}}, 0x20004850) r22 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r22) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, @tid=r22}, 0x0) kcmp(r22, r22, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) ptrace$setopts(0x4206, r22, 0x0, 0x0) r23 = syz_open_dev$dmmidi(&(0x7f00000000c0)='/dev/dmmidi#\x00', 0x5, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0xc0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0xf432}, &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={r22, r23, 0x0, 0xc, &(0x7f0000000180)='/dev/amidi#\x00', r24}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000018c0)={r19, 0xffffffffffffffff, 0x0, 0x0, 0x0, r24}, 0x30) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000)={r24}, 0xc) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000100)={r24}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r17, 0xffffffffffffffff, 0x0, 0x5, &(0x7f0000000000)='comm\x00', r24}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0xffffffffffffffff, r23, 0x0, 0xd, &(0x7f0000000080)='trusted\\#&>#\x00', r24}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r16, r15, 0x0, 0x17, &(0x7f0000000040)='net/ip_vs_stats_percpu\x00', r24}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r14, r12, 0x0, 0x24, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', r24}, 0x30) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0)={r24}, 0xc) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000080)={r24}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, r11, 0x0, 0x5, &(0x7f0000000080)='em0-\x00', r24}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000000)='/loproc(\x00', r24}, 0x30) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000)={r24}, 0xc) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000700)={r24}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000140)='\x00', r24}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r8, 0xffffffffffffffff, 0x0, 0x6, &(0x7f0000000000)='msdos\x00', r24}, 0x30) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000100)={r24}, 0xfffffffffffffd9f) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={r6, r7, 0x0, 0xe, &(0x7f00000000c0)='\'(\'GPL!$proc^\x00', r24}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r4, r1, 0x0, 0xa, &(0x7f0000000240)='/dev/null\x00', r24}, 0x30) renameat(r3, &(0x7f0000000180)='.//ile0\x00', r3, &(0x7f00000007c0)='./file0/f.le.\x00') [ 3479.885798] overlayfs: filesystem on './file0' not supported as upperdir [ 3480.055609] bridge0: port 3(gretap0) entered blocking state [ 3480.062019] bridge0: port 3(gretap0) entered disabled state [ 3480.075169] device gretap0 entered promiscuous mode [ 3480.089584] bridge0: port 3(gretap0) entered blocking state [ 3480.095631] bridge0: port 3(gretap0) entered forwarding state [ 3480.113001] overlayfs: filesystem on './file0' not supported as upperdir 17:53:00 executing program 2: pipe(&(0x7f0000000200)) setsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) delete_module(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffeffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000200)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000000)={{}, 'syz0\x00\x00\x00\x00\x00\x80\xa017\b\xec\xd6#\x00\x00\x00\x00\x00\x00\x00\b\x00\xb2\xaf\x00\x00\x94%\x00\x00\xff\xff\xff\xff\xff\xff\xff\xe7\x00'}) ioctl$UI_DEV_CREATE(r0, 0x5501) 17:53:00 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48}], 0x3, 0x0) 17:53:00 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f00000004c0)=[@in6={0xa, 0x4e22, 0x5, @mcast2, 0x18}], 0x16) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f0000000440)=ANY=[@ANYBLOB="01000000c9a157c7b7f7691ba8ce738a4b779982fae1b71b4f40a54d4ec852d6b1e71845d75e3cd465dcc79ab82fa0996b526b0a3fb59c175ca8c8c33afadeaf6e257a1f69f8246e3c579897872281b983890d570cdfada3ee4c435cc82e0efe19dedf2396864d5729cceef12c", @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:00 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r2, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r4 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(0xffffffffffffffff, 0xc038563b, &(0x7f0000000000)) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) r6 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r6) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r7, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r8}, &(0x7f00000002c0)=0x20) 17:53:00 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x181, 0x80) ioctl$sock_bt_hci(r1, 0x60066cad, &(0x7f0000000100)="eb50fa8f72df23e35bda05069034c3ade7182307cd38299e05e5dbb9b65c77961808a06964e292d65519f4d772bf95da29d74d0100aff63672483b8ced1291967b") ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r4, 0x89e1, 0x0) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) openat$cgroup_subtree(r5, &(0x7f0000000380)='cgroup.subtree_control\x00', 0x2, 0x0) ioctl$UFFDIO_ZEROPAGE(r4, 0xc020aa04, &(0x7f0000000280)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) ptrace$setopts(0x4206, r0, 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r6, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r7, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) ioctl$FS_IOC_GETFSMAP(r6, 0xc0c0583b, &(0x7f0000000180)={0x0, 0x0, 0x1, 0x0, [], [{0xffff, 0x3ff, 0x2, 0x3, 0x4, 0x4}, {0xfd, 0xfff, 0x200, 0x40, 0x644, 0x7}], [[]]}) r8 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) mount(&(0x7f00000003c0)=ANY=[@ANYBLOB="2e2f66696c6538009952abe66a7da0904f80110a9eea95bef2f80118832600740eb7f4613315de"], &(0x7f0000000340)='./file0\x00', 0x0, 0x41000, 0x0) write$cgroup_type(r8, &(0x7f00000009c0)='threaded\x00', 0xd4b9c12) unlink(&(0x7f0000000140)='./file0\x00') setxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@random={'os2.', 'threaded\x00'}, 0x0, 0x0, 0x0) tkill(r0, 0x3c) syz_open_dev$sndmidi(&(0x7f0000000040)='/dev/snd/midiC#D#\x00', 0x3ff, 0x2000) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x51, 0x0) 17:53:00 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x2a7) connect$inet6(r0, &(0x7f0000000040), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = gettid() setsockopt$inet6_int(r0, 0x29, 0x43, 0x0, 0x0) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x20) wait4(0x0, 0x0, 0x0, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(r4, 0x3c) ptrace$cont(0x18, r4, 0x0, 0x0) ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r4, 0x0, 0x0) 17:53:00 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48}], 0x3, 0x0) [ 3482.449227] input: syz0 as /devices/virtual/input/input36 [ 3482.647288] input: syz0 as /devices/virtual/input/input37 17:53:00 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:00 executing program 2: pipe(&(0x7f0000000200)) setsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) delete_module(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffeffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000200)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000000)={{}, 'syz0\x00\x00\x00\x00\x00\x80\xa017\b\xec\xd6#\x00\x00\x00\x00\x00\x00\x00\b\x00\xb2\xaf\x00\x00\x94%\x00\x00\xff\xff\xff\xff\xff\xff\xff\xe7\x00'}) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3482.829609] input: syz0 as /devices/virtual/input/input38 17:53:00 executing program 2: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:00 executing program 5: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000440)={0x1, 0x0, {0xffffffff, 0x3, 0x1}}) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f0000000480)=ANY=[@ANYBLOB="01000000b7240aba1f9505a0955015", @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:01 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r2, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r4 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(0xffffffffffffffff, 0xc038563b, &(0x7f0000000000)) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) r6 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r6) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r7, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r8}, &(0x7f00000002c0)=0x20) 17:53:01 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x40}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f0000000440)=ANY=[@ANYBLOB="9c72feb09c2392b266bafa90921e7763bb1385fbf7e123cd634c09cb6379a1b4bed1a02b4a63c128bef97864a3b537770d57e272b2473c211b69ea58eac72a0df96b91ec14296c63dbed38ae07a62c44a2c2cd141ea797e7d74b32795263aa22787fb18ec254239b47f8f2a41af654006c1b3261d08924576f0ca5f376162517314aba87d8c5d393a9f88803cda11413cea8170df355a6ad1ab9afedb62d31eb60391d39a70d9e56d877ae6a47cb04eee17a", @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:01 executing program 5 (fault-call:3 fault-nth:0): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:01 executing program 2: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) [ 3483.832972] FAULT_INJECTION: forcing a failure. [ 3483.832972] name failslab, interval 1, probability 0, space 0, times 0 [ 3483.848178] CPU: 0 PID: 25900 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3483.855216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3483.864567] Call Trace: [ 3483.867148] dump_stack+0x142/0x197 [ 3483.870856] should_fail.cold+0x10f/0x159 [ 3483.875006] should_failslab+0xdb/0x130 [ 3483.878988] __kmalloc+0x2f0/0x7a0 [ 3483.882528] ? rcu_read_lock_sched_held+0x110/0x130 [ 3483.887534] ? syscall_trace_enter+0x4c8/0xd40 [ 3483.892109] ? strnlen_user+0x12f/0x1a0 [ 3483.896065] ? SyS_memfd_create+0xba/0x3a0 [ 3483.900282] SyS_memfd_create+0xba/0x3a0 [ 3483.905024] ? shmem_fcntl+0x130/0x130 [ 3483.908901] ? do_syscall_64+0x53/0x640 [ 3483.912865] ? shmem_fcntl+0x130/0x130 [ 3483.916782] do_syscall_64+0x1e8/0x640 [ 3483.920843] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3483.925681] entry_SYSCALL_64_after_hwframe+0x42/0xb7 17:53:01 executing program 5 (fault-call:3 fault-nth:1): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3483.930872] RIP: 0033:0x45a639 [ 3483.934043] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 3483.941740] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 000000000045a639 [ 3483.941745] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004bf6d2 [ 3483.941750] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 3483.941755] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f1d3bb846d4 [ 3483.941760] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 3484.022876] FAULT_INJECTION: forcing a failure. [ 3484.022876] name failslab, interval 1, probability 0, space 0, times 0 [ 3484.034825] CPU: 1 PID: 25908 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3484.041862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3484.051322] Call Trace: [ 3484.053917] dump_stack+0x142/0x197 [ 3484.057554] should_fail.cold+0x10f/0x159 [ 3484.061710] should_failslab+0xdb/0x130 [ 3484.065698] kmem_cache_alloc+0x2d7/0x780 [ 3484.069842] ? __alloc_fd+0x1d4/0x4a0 [ 3484.073644] __d_alloc+0x2d/0x9f0 [ 3484.077092] ? lock_downgrade+0x740/0x740 [ 3484.081235] d_alloc_pseudo+0x1e/0x30 [ 3484.085051] __shmem_file_setup.part.0+0xd8/0x400 [ 3484.089925] ? __alloc_fd+0x1d4/0x4a0 [ 3484.093724] ? shmem_fill_super+0x8c0/0x8c0 [ 3484.098163] SyS_memfd_create+0x1f9/0x3a0 [ 3484.102310] ? shmem_fcntl+0x130/0x130 [ 3484.106234] ? do_syscall_64+0x53/0x640 [ 3484.110201] ? shmem_fcntl+0x130/0x130 [ 3484.114080] do_syscall_64+0x1e8/0x640 [ 3484.117953] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3484.122783] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3484.127957] RIP: 0033:0x45a639 [ 3484.131137] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 3484.138859] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 000000000045a639 [ 3484.146133] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004bf6d2 [ 3484.153398] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 3484.160672] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f1d3bb846d4 [ 3484.167944] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:03 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r4 = syz_open_dev$vbi(&(0x7f0000000780)='/dev/vbi#\x00', 0x1, 0x2) bind$rxrpc(r4, &(0x7f00000007c0)=@in4={0x21, 0x2, 0x2, 0x10, {0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x24) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:53:03 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r2, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r4 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(0xffffffffffffffff, 0xc038563b, &(0x7f0000000000)) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) r6 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r6) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r7, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r8}, &(0x7f00000002c0)=0x20) 17:53:03 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz', 0x0}, &(0x7f0000000580)="8389942c83d04755d1e7fa184dab9a4063bb00706a06f518911bf05fb3bf69dfe1f10e138de2f49a5e459340b54ebf67ad10484ad574eb366928b8f076030419f5d7f5ca86315c59b7410948c8247bd3683b4d66e916a7e626ab516d3499552e7ddd96e9caa5927b7afd8e8a9bf4ac0f1d", 0x29, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f0000000440)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:03 executing program 5 (fault-call:3 fault-nth:2): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:03 executing program 2: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x40}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f0000000440)=ANY=[@ANYBLOB="9c72feb09c2392b266bafa90921e7763bb1385fbf7e123cd634c09cb6379a1b4bed1a02b4a63c128bef97864a3b537770d57e272b2473c211b69ea58eac72a0df96b91ec14296c63dbed38ae07a62c44a2c2cd141ea797e7d74b32795263aa22787fb18ec254239b47f8f2a41af654006c1b3261d08924576f0ca5f376162517314aba87d8c5d393a9f88803cda11413cea8170df355a6ad1ab9afedb62d31eb60391d39a70d9e56d877ae6a47cb04eee17a", @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:03 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/cheeqprot\x00', 0x8000, 0x0) ioctl$VHOST_SET_LOG_BASE(r1, 0x4008af04, &(0x7f0000000080)=&(0x7f0000000040)) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r2 = msgget$private(0x0, 0x0) msgsnd(r2, &(0x7f0000000a00)=ANY=[@ANYRESHEX], 0x1, 0x0) r3 = geteuid() stat(&(0x7f0000000180)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = getgid() getresgid(&(0x7f00000001c0)=0x0, &(0x7f0000000400), &(0x7f0000000540)) setresgid(r4, r5, r6) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0, 0x0}, &(0x7f0000000140)=0xc) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000180)={0x0, 0x0}) msgctl$IPC_SET(r2, 0x1, &(0x7f0000000200)={{0x400, r3, r4, 0x0, r7, 0x4, 0x6f}, 0xe4, 0xfdee, 0x37, 0x6, 0x9, 0x0, r8}) ptrace$cont(0x9, r0, 0x0, 0x0) r9 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r9, 0x89e1, 0x0) ioctl$TIOCGSID(r9, 0x5429, &(0x7f0000000280)) 17:53:03 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0x351}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x1, 0x0) write$nbd(r1, &(0x7f0000000380)={0x67446698, 0x0, 0x3, 0x3, 0x3, "aee3ddd6cd14487d94df4a46e8306a5f251b62105dd7be400aa5b89fb74a9b08231e076d0935f69057db53734926668188036da0ac40aa410e82d678f78d6bd6e50cb683640e1618ab0c586ba1694e8ab55f6793021f181c9fb080dea987c431b509d91a134bee07c49a03babfa57dd75e9d84a927d65694e4c2dfce4f16e0d1f2cdcc886e61be1928d6e5771200fa7944d9dc965550ccccb3a1a425307fb3a00868706da7f63aa0d675a90115afbdd425e7eb9313bc93f5da2ad288b66e9e2471080bdfc59110e1b9280d954c1b3afd40fb89853a2fe73b0b5170144c3cbfc6234ae41eb731183b0affbb78d3bb9d8f12a9e890c110e09e908a9a0d328eb408ab106ef982e0d34c434a1776d99029301290e1f56c3af9f8ec12b459f29b96acb691d55eb87aa00949bdb3085a8b6ef93ac24c52e471954018f1cc333e642f1cc3af7ad1ee5b59f12f52ae54815d0e1a0c04c80049ed199b00e2b49e59ced00991fd1c6d0e811994ba729225876ee3997fb1b86414fac5fd996e82a147a8a14be8e6c1514d304245a2b55fdf4ed8ec0ffb0440fe7f7b336b357a512c61dc16d840ae2e2ad744fe33220bf1fe64ffcfad0e3e618ee7fe6a74abbb1825d56f89582b879e74af2f45f61f6a6a9afba845e25f4076445509e293836ec93e5c462dd1a2164a9244642f3868263b2f4146d1070e2a2c24dc79b6c326878e90ad9d19016980d425feb60ceef35c5570bc452f05941ca2ad55974daa43af16348515274cb3912623a3859fef6cc8331738f11e9f4a81a9b0232c1fa5555f15473f821c79d0db226e008e56c803006effea232c1a4ed3a1d09d8315e4df6d03f0ff00bbbcfeeada9615926bae7b4a299dcfc42ef524f30d7a45cdc2233973124a6f237607b8861ec29a0b8a1cd8ece2ccc8ad292a4f55876d92f77250c8782d576cbaafd21cb188a50d9593df788ee6f296b066cb38a8423149ef619ee3a2e99b86293184b7e85974d9d5052e0eaf76d8ca5247e7f6b031c64a06c429b9fe38bab0dc7938b02cc8e5a513230a6a69e6db3e56bf71ab7fac9fe31031e3d90d4b6caff5e7d9707f97d31b161a8d38cf89a4406a723fe95414e7e191ace619c6e40cde5a6aa00e9ffc683f667806d35144634fbf1367483c1760528ac1aa40dcdc8054f7b741e92ea061e13b682aa511d7e903dc122f22b96be37fe02ce7529e0da18e9e2cd82bbdcc23b070cf592ff6e4dd802930cd4de0df47d00f8a57c02fa41c396570e586fa52c6f5e6d70be0ec7b6cd6de1db1c905d903332f4ba30da41f2031f7caedd9c92775c9ebe8a2a376cdafb57bd4bbd6e4b2d192273194c22d2c40c166b9f7c8551651b363831c1176c8710969c3b035704d6e6f9fd29e9d9151bd806c9e2fceb7027ef78c4c67df19de87929dec743cf02a4760d97f5885bb9547b8542f0020d9a983e4e24453efcb0cb06c7ea3f618d10e7ed1858bc64950f45e14cac39dc687c8c4172688cb518460e0b5243dc9e084e4517221fafc759d8fa1aa7d91b57e92ce5bc581c229d17c0b1ec725ffc66b15537cda98fe8eb234a185861ddd7baff7de69998bcf2044a80ec9e6bda4c0f4cd6b22bbfe1b1308452a69f2a876e35f730383cc70fef61ff447dc0d5704bb6630aa75f3148c2c6af634baeff357ee8ceb73d99189f84fa37ca40a445d1218c07a99c5f8ded0c70fa766cdb07038d3a5b17bc863fed5acdfeccafb05ef5cdeebd5cf5c1e7586bc8f24c1389580707b375332e779fabbab8a7f5e196baa96ee855525947669dd15df0d704a41426f0826c59538ddf4b9f7e66cae2bf71e1f68a9620af373468128f6d96692d99e035ade7145e854d7b39a75bf28bfb15bb1b94ef84e13cadc5041ca893e11bc2e5cedf5a9698a65952c64655b78cdf76aee3c352a32b26bf7659c371ce8bb13aeff6f4603e96e93f526365d3bd9e2eff95cc6cfc3dfc0fa4571e9e628b5ed24505eb25ff036ab883404ef644da97a290510be2076d4550d8d1b3ed2fc759bd4c599eeea06918cb05b3f323d42df389601227aa7f7cef2babe714beeb01d32a970353dd58d9e4a35c837ffbef384e7f6e03e85b385f84bd7ee5695dc8308046176d4e2d83d9cc443f68066a90a909716b2323a8011576517c59dc950aaa08f11359770b7accbee805e0b818badbc26c616fe46ecd996285f0f897c2513ac6f92b116e8bec0b4bd56f662939fbf4a70fc9c4f38ca2ce0b5872776502bc77da92c4f8b80715077459f17432f5aa811d1afa8a399de20f1ca63e5eeb21ffba33121276a0f15deae1795b04b546743cd553ab7a517415482bbf31ebb6f875299edacb297234e9887f6e78311c26d47096a1162193f374442a9cd83307a8cf3ee53f7babb8e50efd19ad7d0b7ecbade1a3cc1d38b05033e836c24afeaf166dfc76655747dd1718660687e8adeb5f4fc7a04f04d312a0b41af5a4851db4045e95c778f6cc49df8b608c4bbd5e5768a2360165b65313b1382b28fd9cf22eb5dddc4808a6ea1be25f4ebe8ef10144045f5b5e4ec234e58eb5171c4cd50261a28f27a6c96feeaa3f768a1fa2634bb6968f00fb15fee8f01be8e1cd332dcb3f1b760f7e0f16c18878cfd1459af42d300d08ae0e854c33d10d697e4edae7d2c233ccbf353131fb0ca5e7358cebf1dddd51ecd279b4f4190147120d2215d16d9422dced6a7f33d128388873dd792a7b8312fb0124a495e6ce51c9cab52d237c4dc4cac59c5996e4f0fe8a0cea83ff9e796d505c1e6bde6f6f1b983a13d913c6cef09a39a2eebc042d209ecac17614ae6482d3fc1b75fb23b4d9550475baef073c5dea9ea9e544e00911b41ec388e4d413f8def63857da02be413cd0c1652d614b872ffbf34dbf5541c42a40e63ea1901602e3c165b82ace849b6f4e7a5a6605b03f063275e55226024e58a9ba78c0550e50eadd9714dd5839d29efb379e97cca97ed71f4702733d1673f5a535fc9b3435dfb48f80e9223a79998e3622c1e4c0b24ab7019f11eeb33f5bda185654cb9feb8d0f9f1ba6911659da3f59bb7dd489902e9ca3db94c65294ed426de2818bfa97801773ed2444275dcb0693cc4ff08f8e4f8ac5a3f9ad4dede3593e14b6a16671e845e7d086e3d082d2fd96b328e2dac07927836e20d28f50ccf679a36eddc90d432d6f9d4e590d784278ca7a0351cba6d9bc62d6e6af6d689e51d472edebfb3e10ce714fc006e8e37d55deab9bbbfc7ce337c425b3f392f7bd4e567e3e70ac3cf978d3b800767fa575ac5113313d50b683ff6a26ccfff7e5acf165c652f84164f006a6718ac864c6b6595e4e4f9684696ce6b2469de12727c5432b46f4ecef254bb4d8750d6596fe4eaf2e92d2feb9fa03bc0c8837c34e1cc8e83cc513c338c5119605506146d431f462e6653b673d427aa4b6688b854b55d0545f0c2ec99b202f2f97c9ca7dc67e7dcf0f91105cbb160d9f9582f3f5cc901dac5c2eb06d209c86ed995ae02d7e5b4751a818fc89739a4ea78b190271e0767a188a82a4f6b03cad4b91486249d3c672ca288f74dc71fbda2097ded11f714600b64633a48ee4ee91ead1176ccd6dbf22691701a66a39c008d66acad6a507e76d8a3062ab3a3569dd4f4620041362ae8fe7522f91f53f9cc7331bb27414a39044406dc727ef91d38a801ad011e0b4c14ab16720a56a34af4f9ea09bc67ad1767ad51cd73323ba8d38532f0a10a09f7864a61490745628765537a8263452a75b189f856d446314bcddc511b4a2f657d97c0762972b298377db441bfaa28759128a9e1d6f2580658e2d484bcb45d3cf1df4cb9bed93fb6309f74e669a4cf7844a6422f50c2c44928ada8d107eb53e6f662e53cf1e13712f6b43988cab39936cca256fb7fcd49c74f099ddb321ba28dbcab5d3c3f8673e96eed95117260ec4eec118d0acaa0b7f63f2035e1dbc22f86d4c4c94728624240d3469678ecab4baab4118507ddda30cdc2215e0a6e1beb737eae5044d594575faae8160bd770293642fa4f99ac10d6b0282ca36c05a1b718ce6090eca7128f3867b8ffd56f17f7f5953231f24551ca098456db0de60a2bf5e5ecc5980b8933fa09db4fc88d30db3985cb6bb244301208321ef28efb89ca4082d0779a2b69a951998bc47fbdeb49aebf4cae1ddc59f7c8e837e81c596b3175e0f7be8ec6cf5b9f9d274ef8ee9bc6d0b9461101280da7310aececfc3740fd3f5d2e992c5c7fad64ea646d7154841f34b384e6b18e2e15c46310158e8edf20dd5513d1bc4e35401eeefa540464eb6f57eac2f14dff2c2025ec60e612ad1a3d5336c801861bd06c695718198d111a1ef988ae898c332f354c09421f2b26ef83305f2a2b0697a6726a71ac99109b9539f2da1f36f96e24005b2a7ea12a92fc0e669e6f9cd890f9d7f56dcb3621591698cb79d9c5f326ef01de228666104c3ceed3e7bbc3a10dabf4660911bd88bb505aaa6cbe90cbc2be2c8997ded0b2c9ce67052184418eab64840cd5a54faeb53dd40344c6d7540daa63c68a428c7180dcf796c26a63212832fd41bde121f1d9c11848dc8d488b02f80b037222593e9af8a4be5603a75b096e702f975e676e5f7c6b73f0e627ef00a3b0f931c6b588bc84e99ccc73fa102341c64c411851d438b755b206fff4a8afa73c9901c37f11b8c2276137377baf263ee251c4614750b67d9381fa78f85248e019951600ea21786401155c6eeb7b6d6b422c0142cbeadfc02550d3b525abd4e16dc1730f88cc2b3d22f69e375c767fe10e6e48c090148b7e4afa772b79677848ef1616a3ac11e3899d6d904221ee566930d524b8fe52bc97e7a3e46cc3a07c3e78b687681b2ba3a6c4d958bc026560191dd672aeeaa822f205a9ff711ded9e8214ac397811554f6d56a264d4b37e669de2ca7f8917fc8977d18cc8f45ca973f33b819898ef07fb05b6fd35a225531535f215dfc2ebe76f75322a8ac2b5ec8b1b77a24d89ed63f829bded4367805358aaf54a84f64573740633a8e97b91d6691b0aae832934ab406a2c35a9c48ebb780a46d9c04fbc6dac7f92e0a74838a3bdce70ed3db15d7e90b3bcf1af93a455d1f64403f983713fa59899b49a421f79a9832fa53c16d059ca009e7b63a47273e015ff5cbcc813ecb79b950db88f845ba2a007fbcf2ed23e2fc8d280c379b19537e4b1472f2f31be2c0283261b1acf541d8cb6391744e325423fc846cd0f735a46eea8ea632178b7c1dd999ef98eb5708a6175485514d87ca43058a3189c49aee6767782776f996b6ce739cf7c29c8da6e687b0550e59a6338784ab9478c956a54675a45935520aa5856af22bbc66ee71242bf8af3af74b4b5d77b54aecb5060500f274c479d37a3a0cd2d01b41abb8efdbb717f8c1167c6506b9cf6124d9cb909675dc790a41b0d6c58b309c3f25090b3830db9fc1a8e5666513de9e34fa441112dfd074ba420bcfbfb27add7d783a5f882ef76caae0c2ec38e346528945243ba70cf71bd8eeb09111fb2a47b584c211b1dae001f3bdaccaedffccc44333fab9a84f1cb5c177e88bcc349cdf9bbcbfa75517ac7471a51aa222d17df9407963cbf5fb8b77be22fc3e568909bfcf2ba473bb4b01bfaebeda4f4e4d338d65604355299cfbd08e62863faee2ad0cf9203c2f6d68d8d2624807df40955ca129e171f439e3da0bd4f3857fb1f1b2e260a2c12a8cd1ee1adaf81c4511c3007debe2bcf0130183238dd5797a7bb807ac5cbb8efe265bb60c558f28710f66f91d66898222bdf86f009a40df13e22f765ea6f"}, 0x1010) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 3485.555091] FAULT_INJECTION: forcing a failure. [ 3485.555091] name failslab, interval 1, probability 0, space 0, times 0 [ 3485.574205] CPU: 1 PID: 25923 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3485.582324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3485.592273] Call Trace: [ 3485.594868] dump_stack+0x142/0x197 [ 3485.598612] should_fail.cold+0x10f/0x159 [ 3485.602777] should_failslab+0xdb/0x130 [ 3485.606870] kmem_cache_alloc+0x2d7/0x780 [ 3485.611018] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 3485.616586] ? rcu_read_lock_sched_held+0x110/0x130 [ 3485.621627] ? shmem_destroy_callback+0xa0/0xa0 [ 3485.626314] shmem_alloc_inode+0x1c/0x50 [ 3485.630397] alloc_inode+0x64/0x180 [ 3485.634052] new_inode_pseudo+0x19/0xf0 [ 3485.638482] new_inode+0x1f/0x40 [ 3485.641883] shmem_get_inode+0x75/0x750 [ 3485.645869] __shmem_file_setup.part.0+0x111/0x400 [ 3485.650802] ? __alloc_fd+0x1d4/0x4a0 [ 3485.654592] ? shmem_fill_super+0x8c0/0x8c0 [ 3485.658932] SyS_memfd_create+0x1f9/0x3a0 [ 3485.663089] ? shmem_fcntl+0x130/0x130 [ 3485.666974] ? do_syscall_64+0x53/0x640 [ 3485.670940] ? shmem_fcntl+0x130/0x130 [ 3485.674834] do_syscall_64+0x1e8/0x640 [ 3485.678731] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3485.683643] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3485.688842] RIP: 0033:0x45a639 [ 3485.692022] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f 17:53:03 executing program 5 (fault-call:3 fault-nth:3): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3485.699738] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 000000000045a639 [ 3485.707104] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004bf6d2 [ 3485.714379] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 3485.721659] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f1d3bb846d4 [ 3485.729077] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 3485.777414] FAULT_INJECTION: forcing a failure. [ 3485.777414] name failslab, interval 1, probability 0, space 0, times 0 [ 3485.937222] CPU: 0 PID: 25943 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3485.944345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3485.953734] Call Trace: [ 3485.956471] dump_stack+0x142/0x197 [ 3485.960134] should_fail.cold+0x10f/0x159 [ 3485.964293] should_failslab+0xdb/0x130 [ 3485.968263] kmem_cache_alloc+0x2d7/0x780 [ 3485.972413] ? shmem_alloc_inode+0x1c/0x50 [ 3485.976657] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 3485.982121] selinux_inode_alloc_security+0xb6/0x2a0 [ 3485.987219] security_inode_alloc+0x94/0xd0 [ 3485.991561] inode_init_always+0x552/0xaf0 [ 3485.995793] alloc_inode+0x81/0x180 [ 3485.999409] new_inode_pseudo+0x19/0xf0 [ 3486.003371] new_inode+0x1f/0x40 [ 3486.006731] shmem_get_inode+0x75/0x750 [ 3486.010750] __shmem_file_setup.part.0+0x111/0x400 [ 3486.015681] ? __alloc_fd+0x1d4/0x4a0 [ 3486.019476] ? shmem_fill_super+0x8c0/0x8c0 [ 3486.023789] SyS_memfd_create+0x1f9/0x3a0 [ 3486.027924] ? shmem_fcntl+0x130/0x130 [ 3486.031813] ? do_syscall_64+0x53/0x640 [ 3486.035781] ? shmem_fcntl+0x130/0x130 [ 3486.039663] do_syscall_64+0x1e8/0x640 [ 3486.043533] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3486.048380] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3486.053571] RIP: 0033:0x45a639 [ 3486.056757] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 3486.064474] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 000000000045a639 [ 3486.071739] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004bf6d2 [ 3486.079015] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 17:53:04 executing program 5 (fault-call:3 fault-nth:4): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3486.086390] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f1d3bb846d4 [ 3486.093658] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 3486.146783] FAULT_INJECTION: forcing a failure. [ 3486.146783] name failslab, interval 1, probability 0, space 0, times 0 [ 3486.158698] CPU: 0 PID: 25957 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3486.165725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3486.175110] Call Trace: [ 3486.177689] dump_stack+0x142/0x197 [ 3486.181317] should_fail.cold+0x10f/0x159 [ 3486.185463] should_failslab+0xdb/0x130 [ 3486.189426] kmem_cache_alloc+0x2d7/0x780 [ 3486.193564] ? shmem_alloc_inode+0x1c/0x50 [ 3486.197787] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 3486.203334] selinux_inode_alloc_security+0xb6/0x2a0 [ 3486.208445] security_inode_alloc+0x94/0xd0 [ 3486.212862] inode_init_always+0x552/0xaf0 [ 3486.217096] alloc_inode+0x81/0x180 [ 3486.220716] new_inode_pseudo+0x19/0xf0 [ 3486.224685] new_inode+0x1f/0x40 [ 3486.228035] shmem_get_inode+0x75/0x750 [ 3486.231997] __shmem_file_setup.part.0+0x111/0x400 [ 3486.236971] ? __alloc_fd+0x1d4/0x4a0 [ 3486.240767] ? shmem_fill_super+0x8c0/0x8c0 [ 3486.245088] SyS_memfd_create+0x1f9/0x3a0 [ 3486.249234] ? shmem_fcntl+0x130/0x130 [ 3486.253116] ? do_syscall_64+0x53/0x640 [ 3486.257092] ? shmem_fcntl+0x130/0x130 [ 3486.260982] do_syscall_64+0x1e8/0x640 [ 3486.264868] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3486.269714] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3486.274901] RIP: 0033:0x45a639 [ 3486.278072] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 3486.285779] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 000000000045a639 17:53:04 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r2, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r4 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(0xffffffffffffffff, 0xc038563b, &(0x7f0000000000)) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) r6 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r6) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r7, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r8}, &(0x7f00000002c0)=0x20) 17:53:04 executing program 3: r0 = syz_open_dev$video4linux(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) [ 3486.293036] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004bf6d2 [ 3486.300303] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 3486.307571] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f1d3bb846d4 [ 3486.314835] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:04 executing program 5 (fault-call:3 fault-nth:5): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:04 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)=ANY=[@ANYBLOB, @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) [ 3486.395395] FAULT_INJECTION: forcing a failure. [ 3486.395395] name failslab, interval 1, probability 0, space 0, times 0 [ 3486.414873] CPU: 0 PID: 25963 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3486.421931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3486.431291] Call Trace: [ 3486.433897] dump_stack+0x142/0x197 [ 3486.437528] should_fail.cold+0x10f/0x159 [ 3486.441677] should_failslab+0xdb/0x130 [ 3486.445649] kmem_cache_alloc+0x2d7/0x780 [ 3486.449789] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 3486.455227] ? check_preemption_disabled+0x3c/0x250 [ 3486.460240] selinux_file_alloc_security+0xb4/0x190 [ 3486.465251] security_file_alloc+0x6d/0xa0 [ 3486.469470] get_empty_filp+0x162/0x3f0 [ 3486.473441] alloc_file+0x23/0x440 [ 3486.476974] __shmem_file_setup.part.0+0x1b1/0x400 [ 3486.481891] ? __alloc_fd+0x1d4/0x4a0 [ 3486.485684] ? shmem_fill_super+0x8c0/0x8c0 [ 3486.489989] SyS_memfd_create+0x1f9/0x3a0 [ 3486.494143] ? shmem_fcntl+0x130/0x130 [ 3486.498014] ? do_syscall_64+0x53/0x640 [ 3486.501983] ? shmem_fcntl+0x130/0x130 [ 3486.501996] do_syscall_64+0x1e8/0x640 [ 3486.509742] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3486.514583] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3486.514591] RIP: 0033:0x45a639 [ 3486.514596] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 3486.514605] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 000000000045a639 [ 3486.514610] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004bf6d2 17:53:04 executing program 5 (fault-call:3 fault-nth:6): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3486.514614] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 3486.514619] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f1d3bb846d4 [ 3486.514624] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 3486.602761] FAULT_INJECTION: forcing a failure. [ 3486.602761] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3486.615617] CPU: 1 PID: 25975 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3486.622644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3486.631994] Call Trace: [ 3486.634571] dump_stack+0x142/0x197 [ 3486.638197] should_fail.cold+0x10f/0x159 [ 3486.642341] ? __might_sleep+0x93/0xb0 [ 3486.646218] __alloc_pages_nodemask+0x1d6/0x7a0 [ 3486.650870] ? __alloc_pages_slowpath+0x2930/0x2930 [ 3486.655873] ? lock_downgrade+0x740/0x740 [ 3486.660027] alloc_pages_vma+0xc9/0x4c0 [ 3486.663995] shmem_alloc_page+0xf6/0x1a0 [ 3486.668053] ? shmem_swapin+0x1a0/0x1a0 [ 3486.672015] ? cred_has_capability+0x142/0x290 [ 3486.676584] ? check_preemption_disabled+0x3c/0x250 [ 3486.681593] ? __this_cpu_preempt_check+0x1d/0x30 [ 3486.686428] ? percpu_counter_add_batch+0x112/0x160 [ 3486.691427] ? __vm_enough_memory+0x26a/0x490 [ 3486.695916] shmem_alloc_and_acct_page+0x12a/0x680 [ 3486.700835] shmem_getpage_gfp+0x3e7/0x25d0 [ 3486.705143] ? shmem_add_to_page_cache+0x860/0x860 [ 3486.710056] ? iov_iter_fault_in_readable+0x1da/0x3c0 [ 3486.715227] shmem_write_begin+0xfd/0x1b0 [ 3486.719361] ? trace_hardirqs_on_caller+0x400/0x590 [ 3486.724467] generic_perform_write+0x1f8/0x480 [ 3486.729032] ? page_endio+0x530/0x530 [ 3486.732827] ? current_time+0xb0/0xb0 [ 3486.736617] ? generic_file_write_iter+0x9a/0x660 [ 3486.741452] __generic_file_write_iter+0x239/0x5b0 [ 3486.746373] generic_file_write_iter+0x303/0x660 [ 3486.751113] __vfs_write+0x4a7/0x6b0 [ 3486.754809] ? selinux_file_open+0x420/0x420 [ 3486.759209] ? kernel_read+0x120/0x120 [ 3486.763087] ? check_preemption_disabled+0x3c/0x250 [ 3486.768099] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 3486.773544] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 3486.778288] ? __sb_start_write+0x153/0x2f0 [ 3486.782599] vfs_write+0x198/0x500 [ 3486.786136] SyS_pwrite64+0x115/0x140 [ 3486.789936] ? SyS_pread64+0x140/0x140 [ 3486.793802] ? do_syscall_64+0x53/0x640 [ 3486.797769] ? SyS_pread64+0x140/0x140 [ 3486.801637] do_syscall_64+0x1e8/0x640 [ 3486.805515] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3486.810431] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3486.815621] RIP: 0033:0x414437 [ 3486.818795] RSP: 002b:00007f1d3bb83a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 3486.826514] RAX: ffffffffffffffda RBX: 0000000020000050 RCX: 0000000000414437 [ 3486.833775] RDX: 0000000000000048 RSI: 00000000200002c0 RDI: 0000000000000007 [ 3486.841023] RBP: 0000000000000000 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 3486.848272] R10: 0000000000010000 R11: 0000000000000293 R12: 0000000000000007 [ 3486.855528] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:04 executing program 5 (fault-call:3 fault-nth:7): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3486.956107] FAULT_INJECTION: forcing a failure. [ 3486.956107] name failslab, interval 1, probability 0, space 0, times 0 [ 3486.967722] CPU: 1 PID: 25988 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3486.967777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3486.967785] Call Trace: [ 3486.986727] dump_stack+0x142/0x197 [ 3486.990345] should_fail.cold+0x10f/0x159 [ 3486.994477] should_failslab+0xdb/0x130 [ 3486.998438] kmem_cache_alloc+0x47/0x780 [ 3487.002481] ? __alloc_pages_slowpath+0x2930/0x2930 [ 3487.007478] ? lock_downgrade+0x740/0x740 [ 3487.011711] radix_tree_node_alloc.constprop.0+0x1c7/0x310 [ 3487.017323] __radix_tree_create+0x337/0x4d0 [ 3487.021735] __radix_tree_insert+0xab/0x570 [ 3487.026055] ? __radix_tree_create+0x4d0/0x4d0 [ 3487.030734] shmem_add_to_page_cache+0x5a4/0x860 [ 3487.035479] ? shmem_writepage+0xbb0/0xbb0 [ 3487.039788] ? __radix_tree_preload+0x1d2/0x260 [ 3487.044457] shmem_getpage_gfp+0x1757/0x25d0 [ 3487.048877] ? shmem_add_to_page_cache+0x860/0x860 [ 3487.053815] ? iov_iter_fault_in_readable+0x1da/0x3c0 [ 3487.058994] shmem_write_begin+0xfd/0x1b0 [ 3487.063134] ? trace_hardirqs_on_caller+0x400/0x590 [ 3487.068155] generic_perform_write+0x1f8/0x480 [ 3487.072722] ? page_endio+0x530/0x530 [ 3487.076514] ? current_time+0xb0/0xb0 [ 3487.080296] ? generic_file_write_iter+0x9a/0x660 [ 3487.085131] __generic_file_write_iter+0x239/0x5b0 [ 3487.090065] generic_file_write_iter+0x303/0x660 [ 3487.094827] __vfs_write+0x4a7/0x6b0 [ 3487.098529] ? selinux_file_open+0x420/0x420 [ 3487.102929] ? kernel_read+0x120/0x120 [ 3487.106813] ? check_preemption_disabled+0x3c/0x250 [ 3487.111816] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 3487.117247] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 3487.121987] ? __sb_start_write+0x153/0x2f0 [ 3487.126310] vfs_write+0x198/0x500 [ 3487.129853] SyS_pwrite64+0x115/0x140 [ 3487.133639] ? SyS_pread64+0x140/0x140 [ 3487.137527] ? do_syscall_64+0x53/0x640 [ 3487.141485] ? SyS_pread64+0x140/0x140 [ 3487.145355] do_syscall_64+0x1e8/0x640 [ 3487.149227] ? trace_hardirqs_off_thunk+0x1a/0x1c 17:53:05 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) r6 = accept4$inet6(r2, &(0x7f0000000440)={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000000480)=0x1c, 0x80800) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000000, 0x8031, r6, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r7 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r7, 0x89e1, 0x0) r8 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r8) r9 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r9, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r9, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r8, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r7, 0x84, 0xa, &(0x7f0000000500)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8e, 0x0, 0x8f, r10}, &(0x7f00000002c0)=0x20) [ 3487.154053] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3487.159223] RIP: 0033:0x414437 [ 3487.162397] RSP: 002b:00007f1d3bb83a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 3487.170125] RAX: ffffffffffffffda RBX: 0000000020000050 RCX: 0000000000414437 [ 3487.177380] RDX: 0000000000000048 RSI: 00000000200002c0 RDI: 0000000000000007 [ 3487.184642] RBP: 0000000000000000 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 3487.191916] R10: 0000000000010000 R11: 0000000000000293 R12: 0000000000000007 [ 3487.199190] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:05 executing program 3: r0 = syz_open_dev$video4linux(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:06 executing program 5 (fault-call:3 fault-nth:8): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:06 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r4 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r4, 0x40045532, &(0x7f0000000080)=0x7) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) ioctl$USBDEVFS_CLAIM_PORT(r5, 0x80045518, &(0x7f0000000100)=0xfffffffb) 17:53:06 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x6}, 0x0) r2 = syz_open_dev$midi(&(0x7f0000000200)='/dev/midi#\x00', 0x0, 0x18403) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x8, 0xfa, 0x4, 0x3f, 0x0, 0x20, 0x0, 0x9, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0xe7c4, 0x0, @perf_config_ext={0x101, 0x7}, 0x8000, 0x26c1c59, 0xac3, 0x5, 0x9, 0x92f}, 0x0, 0x7, r2, 0xa) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r7, 0xc008ae88, &(0x7f00000000c0)={0x7a, 0x0, [0x4b564d04]}) r8 = syz_open_dev$vivid(&(0x7f0000000080)='/dev/video#\x00', 0x1, 0x2) ioctl$VIDIOC_S_CROP(r8, 0x4014563c, &(0x7f00000000c0)={0x2, {0x1000}}) tkill(r1, 0x9) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) r9 = getpid() sched_setattr(r9, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) sched_setparam(r9, &(0x7f0000000240)=0x5) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) r10 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffab, 0x10}, 0xc) sync_file_range(r10, 0x7, 0x7, 0x4) socket$inet6(0xa, 0x1, 0xd7) 17:53:06 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r2, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r4 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(0xffffffffffffffff, 0xc038563b, &(0x7f0000000000)) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) r6 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r6) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r7, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r8}, &(0x7f00000002c0)=0x20) 17:53:06 executing program 3: r0 = syz_open_dev$video4linux(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) [ 3488.571480] FAULT_INJECTION: forcing a failure. [ 3488.571480] name failslab, interval 1, probability 0, space 0, times 0 [ 3488.583497] CPU: 1 PID: 26009 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3488.590612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3488.600531] Call Trace: [ 3488.603134] dump_stack+0x142/0x197 [ 3488.606788] should_fail.cold+0x10f/0x159 [ 3488.610953] should_failslab+0xdb/0x130 [ 3488.614945] kmem_cache_alloc+0x2d7/0x780 [ 3488.619108] ? debug_smp_processor_id+0x1c/0x20 [ 3488.623798] ? perf_trace_sys_enter+0x44b/0x8f0 [ 3488.628471] getname_flags+0xcb/0x580 [ 3488.632486] getname+0x1a/0x20 [ 3488.635686] do_sys_open+0x1e7/0x430 [ 3488.639499] ? filp_open+0x70/0x70 [ 3488.643049] ? syscall_get_arguments.part.0+0x10/0x10 [ 3488.648228] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 3488.653663] SyS_open+0x2d/0x40 [ 3488.656936] ? do_sys_open+0x430/0x430 [ 3488.660804] do_syscall_64+0x1e8/0x640 [ 3488.664672] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3488.669522] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3488.674690] RIP: 0033:0x4143d1 [ 3488.677861] RSP: 002b:00007f1d3bb83a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 3488.685555] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004143d1 [ 3488.692844] RDX: 00007f1d3bb83b0a RSI: 0000000000000002 RDI: 00007f1d3bb83b00 [ 3488.701080] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3488.708338] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000007 17:53:06 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) syz_open_dev$cec(&(0x7f0000000440)='/dev/cec#\x00', 0x2, 0x2) r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r4, 0x89e1, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000480)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback, 0xffffffff, 0x0, 0x0, 0x0, 0x4, 0x76ee9fcf5b9a4d25}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) ioctl$TIOCGSID(r6, 0x5429, &(0x7f0000000640)) fcntl$getown(r2, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000000, 0xcd0b568453fbcdd9, 0xffffffffffffffff, 0x1331d000) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r7 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r7, 0x89e1, 0x0) r8 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r8) r9 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r9, 0x84, 0x6e, &(0x7f0000000380)=[@in6={0xa, 0x4e21, 0x101, @rand_addr="dc0f967702bb1deb448bde2b9714a42d", 0xe9}], 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r9, 0x84, 0x1d, &(0x7f0000000540)=ANY=[@ANYBLOB="07ffffe6038640070b0df06233d8224404eecc83a1d5ef6dc049cf96fbc176a92b04b7cddcc78a5be42645783d29d2af75e3a762cc145bf4a81c2a30844b8bcd0b641d2c79377404ff2cd37f128a3505ab6e7229c712322c82496a4d6549e011c8072de8077fd1eb9a403526a5ac5119293c077a1cdb781077b9271749f2c2168a799e04d007000000cd7b96b6996fda4999ae24d6e270bc9e62dcabce01ec706d8f9a8ce88b39d4a748c9d7a8df5bf9bc8219390498c71917a53791fad79d041ac57d3d345b9ce47af90d7d60269bfcfdb1d3d05f6eaf0db53400"/228, @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r8, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r7, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r10}, &(0x7f00000002c0)=0x20) 17:53:06 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) gettid() r1 = syz_open_dev$video4linux(&(0x7f0000000000)='/dev/v4l-subdev#\x00', 0xa69, 0x20000) vmsplice(r1, &(0x7f00000000c0), 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:53:06 executing program 5 (fault-call:3 fault-nth:9): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:06 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) wait4(r1, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$SCSI_IOCTL_DOORLOCK(r4, 0x5380) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 3488.715595] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 3488.728376] ptrace attach of "/root/syz-executor.1"[26017] was attempted by "/root/syz-executor.1"[26018] [ 3488.794224] FAULT_INJECTION: forcing a failure. [ 3488.794224] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3488.806662] CPU: 0 PID: 26030 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3488.813791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3488.824232] Call Trace: [ 3488.827294] dump_stack+0x142/0x197 [ 3488.833280] should_fail.cold+0x10f/0x159 [ 3488.833299] __alloc_pages_nodemask+0x1d6/0x7a0 [ 3488.843803] ? fs_reclaim_acquire+0x20/0x20 [ 3488.843816] ? __alloc_pages_slowpath+0x2930/0x2930 [ 3488.843832] cache_grow_begin+0x80/0x400 [ 3488.843842] kmem_cache_alloc+0x6a6/0x780 [ 3488.843851] ? debug_smp_processor_id+0x1c/0x20 [ 3488.843861] ? perf_trace_sys_enter+0x44b/0x8f0 [ 3488.843874] getname_flags+0xcb/0x580 [ 3488.843884] getname+0x1a/0x20 [ 3488.843894] do_sys_open+0x1e7/0x430 [ 3488.843904] ? filp_open+0x70/0x70 [ 3488.843912] ? syscall_get_arguments.part.0+0x10/0x10 [ 3488.843923] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 3488.843934] SyS_open+0x2d/0x40 [ 3488.843945] ? do_sys_open+0x430/0x430 [ 3488.854200] do_syscall_64+0x1e8/0x640 [ 3488.854209] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3488.854223] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3488.854231] RIP: 0033:0x4143d1 [ 3488.854236] RSP: 002b:00007f1d3bb83a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 17:53:06 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socket$tipc(0x1e, 0x4, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 3488.854245] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004143d1 [ 3488.854249] RDX: 00007f1d3bb83b0a RSI: 0000000000000002 RDI: 00007f1d3bb83b00 [ 3488.854254] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3488.854259] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000007 [ 3488.854263] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:06 executing program 5 (fault-call:3 fault-nth:10): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3489.168268] FAULT_INJECTION: forcing a failure. [ 3489.168268] name failslab, interval 1, probability 0, space 0, times 0 [ 3489.180244] CPU: 1 PID: 26059 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3489.187472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3489.197675] Call Trace: [ 3489.200287] dump_stack+0x142/0x197 [ 3489.204111] should_fail.cold+0x10f/0x159 [ 3489.208302] should_failslab+0xdb/0x130 [ 3489.212381] kmem_cache_alloc+0x2d7/0x780 [ 3489.216742] ? save_stack+0xa9/0xd0 [ 3489.220454] get_empty_filp+0x8c/0x3f0 [ 3489.224430] path_openat+0x8f/0x3f70 [ 3489.228312] ? trace_hardirqs_on+0x10/0x10 [ 3489.233070] ? check_preemption_disabled+0x3c/0x250 [ 3489.238339] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 3489.243074] ? find_held_lock+0x35/0x130 [ 3489.247133] ? save_trace+0x290/0x290 [ 3489.251304] ? __alloc_fd+0x1d4/0x4a0 [ 3489.255281] do_filp_open+0x18e/0x250 [ 3489.259256] ? may_open_dev+0xe0/0xe0 [ 3489.263150] ? lock_downgrade+0x740/0x740 [ 3489.267552] ? do_raw_spin_unlock+0x16b/0x260 [ 3489.272059] ? _raw_spin_unlock+0x2d/0x50 [ 3489.276304] ? __alloc_fd+0x1d4/0x4a0 [ 3489.280109] do_sys_open+0x2c5/0x430 [ 3489.283839] ? filp_open+0x70/0x70 [ 3489.287387] ? syscall_get_arguments.part.0+0x10/0x10 [ 3489.292571] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 3489.298721] SyS_open+0x2d/0x40 [ 3489.302310] ? do_sys_open+0x430/0x430 [ 3489.306376] do_syscall_64+0x1e8/0x640 [ 3489.310283] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3489.315731] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3489.321533] RIP: 0033:0x4143d1 [ 3489.324726] RSP: 002b:00007f1d3bb83a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 3489.332418] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004143d1 [ 3489.339690] RDX: 00007f1d3bb83b0a RSI: 0000000000000002 RDI: 00007f1d3bb83b00 [ 3489.346951] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3489.354240] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000007 17:53:07 executing program 5 (fault-call:3 fault-nth:11): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3489.361991] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 3489.410647] FAULT_INJECTION: forcing a failure. [ 3489.410647] name failslab, interval 1, probability 0, space 0, times 0 [ 3489.422961] CPU: 1 PID: 26063 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3489.430734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3489.440452] Call Trace: [ 3489.443057] dump_stack+0x142/0x197 [ 3489.446684] should_fail.cold+0x10f/0x159 [ 3489.451221] should_failslab+0xdb/0x130 [ 3489.455413] kmem_cache_alloc+0x2d7/0x780 [ 3489.459647] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 3489.465209] ? check_preemption_disabled+0x3c/0x250 [ 3489.470681] selinux_file_alloc_security+0xb4/0x190 [ 3489.475720] security_file_alloc+0x6d/0xa0 [ 3489.480059] get_empty_filp+0x162/0x3f0 [ 3489.484033] path_openat+0x8f/0x3f70 [ 3489.487756] ? trace_hardirqs_on+0x10/0x10 [ 3489.491994] ? check_preemption_disabled+0x3c/0x250 [ 3489.497218] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 3489.502091] ? find_held_lock+0x35/0x130 [ 3489.506147] ? save_trace+0x290/0x290 [ 3489.510123] ? __alloc_fd+0x1d4/0x4a0 [ 3489.513914] do_filp_open+0x18e/0x250 [ 3489.517807] ? may_open_dev+0xe0/0xe0 [ 3489.522070] ? lock_downgrade+0x740/0x740 [ 3489.526206] ? do_raw_spin_unlock+0x16b/0x260 [ 3489.530700] ? _raw_spin_unlock+0x2d/0x50 [ 3489.534965] ? __alloc_fd+0x1d4/0x4a0 [ 3489.538779] do_sys_open+0x2c5/0x430 [ 3489.542492] ? filp_open+0x70/0x70 [ 3489.546020] ? syscall_get_arguments.part.0+0x10/0x10 [ 3489.551385] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 3489.556833] SyS_open+0x2d/0x40 [ 3489.560106] ? do_sys_open+0x430/0x430 [ 3489.564078] do_syscall_64+0x1e8/0x640 [ 3489.567985] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3489.573035] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3489.578307] RIP: 0033:0x4143d1 [ 3489.585477] RSP: 002b:00007f1d3bb83a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 3489.594179] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004143d1 [ 3489.601819] RDX: 00007f1d3bb83b0a RSI: 0000000000000002 RDI: 00007f1d3bb83b00 17:53:07 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:07 executing program 2: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) r6 = accept4$inet6(r2, &(0x7f0000000440)={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000000480)=0x1c, 0x80800) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000000, 0x8031, r6, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r7 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r7, 0x89e1, 0x0) r8 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r8) r9 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r9, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r9, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r8, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r7, 0x84, 0xa, &(0x7f0000000500)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8e, 0x0, 0x8f, r10}, &(0x7f00000002c0)=0x20) [ 3489.609510] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3489.617516] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000007 [ 3489.626873] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:07 executing program 5 (fault-call:3 fault-nth:12): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3489.696875] FAULT_INJECTION: forcing a failure. [ 3489.696875] name failslab, interval 1, probability 0, space 0, times 0 [ 3489.714964] CPU: 1 PID: 26070 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3489.722858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3489.736962] Call Trace: [ 3489.739761] dump_stack+0x142/0x197 [ 3489.743417] should_fail.cold+0x10f/0x159 [ 3489.748048] should_failslab+0xdb/0x130 [ 3489.753265] kmem_cache_alloc_trace+0x2e9/0x790 [ 3489.759291] ? __lockdep_init_map+0x10c/0x570 [ 3489.766298] ? loop_get_status64+0x120/0x120 [ 3489.772916] __kthread_create_on_node+0xe3/0x3e0 [ 3489.777792] ? kthread_park+0x140/0x140 [ 3489.782066] ? __fget+0x210/0x370 [ 3489.785528] ? loop_get_status64+0x120/0x120 [ 3489.790320] kthread_create_on_node+0xa8/0xd0 [ 3489.795149] ? __kthread_create_on_node+0x3e0/0x3e0 [ 3489.800413] ? __lockdep_init_map+0x10c/0x570 [ 3489.805060] lo_ioctl+0xcf7/0x1ce0 [ 3489.808673] ? debug_check_no_obj_freed+0x2aa/0x7b7 [ 3489.813775] ? loop_probe+0x160/0x160 [ 3489.817582] blkdev_ioctl+0x96b/0x1860 [ 3489.821462] ? blkpg_ioctl+0x980/0x980 [ 3489.825349] ? __might_sleep+0x93/0xb0 [ 3489.829757] ? __fget+0x210/0x370 [ 3489.833199] block_ioctl+0xde/0x120 [ 3489.836821] ? blkdev_fallocate+0x3b0/0x3b0 [ 3489.841329] do_vfs_ioctl+0x7ae/0x1060 [ 3489.845219] ? selinux_file_mprotect+0x5d0/0x5d0 [ 3489.849958] ? lock_downgrade+0x740/0x740 [ 3489.854088] ? ioctl_preallocate+0x1c0/0x1c0 [ 3489.858479] ? __fget+0x237/0x370 [ 3489.861953] ? security_file_ioctl+0x89/0xb0 [ 3489.866546] SyS_ioctl+0x8f/0xc0 [ 3489.870353] ? do_vfs_ioctl+0x1060/0x1060 [ 3489.874600] do_syscall_64+0x1e8/0x640 [ 3489.878744] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3489.883678] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3489.889122] RIP: 0033:0x45a4a7 17:53:07 executing program 5 (fault-call:3 fault-nth:13): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3489.892397] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3489.900216] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 3489.908227] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 3489.916156] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3489.924017] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3489.932149] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 3489.967866] FAULT_INJECTION: forcing a failure. [ 3489.967866] name failslab, interval 1, probability 0, space 0, times 0 [ 3489.981207] CPU: 1 PID: 26075 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3489.988680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3489.999180] Call Trace: [ 3490.002003] dump_stack+0x142/0x197 [ 3490.006028] should_fail.cold+0x10f/0x159 [ 3490.011227] should_failslab+0xdb/0x130 [ 3490.015876] kmem_cache_alloc+0x2d7/0x780 [ 3490.020037] ? trace_hardirqs_on+0x10/0x10 [ 3490.024479] ? save_trace+0x290/0x290 [ 3490.028468] __kernfs_new_node+0x70/0x420 [ 3490.032617] kernfs_new_node+0x80/0xf0 [ 3490.036641] kernfs_create_dir_ns+0x41/0x140 [ 3490.041247] internal_create_group+0xea/0x7b0 [ 3490.045949] sysfs_create_group+0x20/0x30 [ 3490.050366] lo_ioctl+0x1176/0x1ce0 [ 3490.054152] ? loop_probe+0x160/0x160 [ 3490.057951] blkdev_ioctl+0x96b/0x1860 [ 3490.061950] ? blkpg_ioctl+0x980/0x980 [ 3490.066732] ? __might_sleep+0x93/0xb0 [ 3490.070805] ? __fget+0x210/0x370 [ 3490.074348] block_ioctl+0xde/0x120 [ 3490.079477] ? blkdev_fallocate+0x3b0/0x3b0 [ 3490.084230] do_vfs_ioctl+0x7ae/0x1060 [ 3490.088140] ? selinux_file_mprotect+0x5d0/0x5d0 [ 3490.093768] ? lock_downgrade+0x740/0x740 [ 3490.099577] ? ioctl_preallocate+0x1c0/0x1c0 [ 3490.104076] ? __fget+0x237/0x370 [ 3490.107730] ? security_file_ioctl+0x89/0xb0 [ 3490.112502] SyS_ioctl+0x8f/0xc0 [ 3490.115946] ? do_vfs_ioctl+0x1060/0x1060 [ 3490.120995] do_syscall_64+0x1e8/0x640 [ 3490.125307] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3490.130249] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3490.135422] RIP: 0033:0x45a4a7 [ 3490.138856] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3490.146924] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 3490.155740] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 3490.163270] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3490.170634] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3490.178863] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:08 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f0000000440)=ANY=[@ANYBLOB="6700873b1bd7fe1c41a2e4210828a800", @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:08 executing program 5 (fault-call:3 fault-nth:14): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3490.489317] FAULT_INJECTION: forcing a failure. [ 3490.489317] name failslab, interval 1, probability 0, space 0, times 0 [ 3490.501531] CPU: 1 PID: 26089 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3490.508954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3490.518587] Call Trace: [ 3490.521190] dump_stack+0x142/0x197 [ 3490.526264] should_fail.cold+0x10f/0x159 [ 3490.530727] should_failslab+0xdb/0x130 [ 3490.535415] kmem_cache_alloc+0x2d7/0x780 [ 3490.539946] ? __mutex_unlock_slowpath+0x71/0x800 [ 3490.544784] ? __lock_is_held+0xb6/0x140 [ 3490.549184] __kernfs_new_node+0x70/0x420 [ 3490.553346] kernfs_new_node+0x80/0xf0 [ 3490.557228] __kernfs_create_file+0x46/0x323 [ 3490.566943] sysfs_add_file_mode_ns+0x1e4/0x450 [ 3490.572080] internal_create_group+0x232/0x7b0 [ 3490.577215] sysfs_create_group+0x20/0x30 [ 3490.585212] lo_ioctl+0x1176/0x1ce0 [ 3490.588842] ? loop_probe+0x160/0x160 [ 3490.597234] blkdev_ioctl+0x96b/0x1860 [ 3490.601109] ? blkpg_ioctl+0x980/0x980 [ 3490.605467] ? __might_sleep+0x93/0xb0 [ 3490.622246] ? __fget+0x210/0x370 [ 3490.625802] block_ioctl+0xde/0x120 [ 3490.629587] ? blkdev_fallocate+0x3b0/0x3b0 [ 3490.635469] do_vfs_ioctl+0x7ae/0x1060 [ 3490.640247] ? selinux_file_mprotect+0x5d0/0x5d0 [ 3490.645010] ? lock_downgrade+0x740/0x740 [ 3490.650248] ? ioctl_preallocate+0x1c0/0x1c0 [ 3490.674461] ? __fget+0x237/0x370 [ 3490.694859] ? security_file_ioctl+0x89/0xb0 [ 3490.699267] SyS_ioctl+0x8f/0xc0 [ 3490.702631] ? do_vfs_ioctl+0x1060/0x1060 [ 3490.706853] do_syscall_64+0x1e8/0x640 [ 3490.710909] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3490.717250] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3490.726767] RIP: 0033:0x45a4a7 [ 3490.729945] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3490.741944] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 3490.751253] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 3490.760968] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3490.768607] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3490.775899] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:09 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x1ffefffffffc, &(0x7f0000000000)="212c01947d2f71") 17:53:09 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_vs_stats_percpu\x00') sendfile(r0, r0, 0x0, 0x3f) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) openat$rtc(0xffffffffffffff9c, &(0x7f0000000340)='/dev/rtc\x00', 0x0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x12120, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_REFRESH(r2, 0x2402, 0xf17) unshare(0x40040400) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYRES16, @ANYBLOB="0f6c0d4c64a0e134b1997ea4c632dbcafa3fc274c31de955a6e04320a144b3923ea457887f2efd7d4c44e7e928a252f98a9d695b7990155533044904cefecf1edf2512875e065839dbc194b5900967fe"], 0x2}}, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000180)=0x804, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xc) vmsplice(0xffffffffffffffff, &(0x7f0000000300), 0x0, 0x0) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0) openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r3, 0x89e1, 0x0) ioctl$TIOCOUTQ(r3, 0x5411, &(0x7f0000000080)) socket$inet6_sctp(0xa, 0x10000000005, 0x84) creat(0x0, 0x0) open(&(0x7f0000000480)='./bus\x00', 0x0, 0x0) setsockopt$ALG_SET_AEAD_AUTHSIZE(0xffffffffffffffff, 0x117, 0x5, 0x0, 0x9) syz_genetlink_get_family_id$SEG6(&(0x7f0000000280)='SEG6\x00') accept(r1, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)) 17:53:09 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) [ 3491.939427] IPVS: ftp: loaded support on port[0] = 21 17:53:09 executing program 5 (fault-call:3 fault-nth:15): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:09 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)=ANY=[@ANYBLOB='\x00', @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:09 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$EVIOCGABS20(r3, 0x80184560, &(0x7f0000000380)=""/25) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r4, 0x89e1, 0x0) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) r6 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r6) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r7, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000000)={r8}, 0xc) getsockopt$inet_sctp_SCTP_STATUS(r5, 0x84, 0xe, &(0x7f0000000100)={r8, 0x80000000, 0x1, 0x0, 0x8, 0x0, 0x4, 0x10001, {0x0, @in6={{0xa, 0x4e24, 0x4, @rand_addr="f835076ae31cef150b1a60cdd823a7dd", 0xef5}}, 0x9eca, 0x1, 0x3f, 0x0, 0x10001}}, &(0x7f0000000040)=0xb0) setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r4, 0x84, 0x5, &(0x7f00000001c0)={r9, @in={{0x2, 0x4e21, @loopback}}}, 0x84) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 3492.029388] FAULT_INJECTION: forcing a failure. [ 3492.029388] name failslab, interval 1, probability 0, space 0, times 0 [ 3492.042894] CPU: 0 PID: 26114 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3492.050528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3492.061458] Call Trace: [ 3492.064317] dump_stack+0x142/0x197 [ 3492.067965] should_fail.cold+0x10f/0x159 [ 3492.072323] should_failslab+0xdb/0x130 [ 3492.076553] kmem_cache_alloc+0x2d7/0x780 [ 3492.080702] ? wait_for_completion+0x420/0x420 [ 3492.085287] __kernfs_new_node+0x70/0x420 [ 3492.089783] kernfs_new_node+0x80/0xf0 [ 3492.097164] __kernfs_create_file+0x46/0x323 [ 3492.101597] sysfs_add_file_mode_ns+0x1e4/0x450 [ 3492.106359] internal_create_group+0x232/0x7b0 [ 3492.111118] sysfs_create_group+0x20/0x30 [ 3492.116164] lo_ioctl+0x1176/0x1ce0 [ 3492.119836] ? loop_probe+0x160/0x160 [ 3492.119849] blkdev_ioctl+0x96b/0x1860 [ 3492.127632] ? blkpg_ioctl+0x980/0x980 [ 3492.127649] ? __might_sleep+0x93/0xb0 [ 3492.135505] ? __fget+0x210/0x370 [ 3492.139419] block_ioctl+0xde/0x120 [ 3492.143177] ? blkdev_fallocate+0x3b0/0x3b0 [ 3492.147663] do_vfs_ioctl+0x7ae/0x1060 [ 3492.152349] ? selinux_file_mprotect+0x5d0/0x5d0 [ 3492.157193] ? lock_downgrade+0x740/0x740 [ 3492.161539] ? ioctl_preallocate+0x1c0/0x1c0 [ 3492.166480] ? __fget+0x237/0x370 [ 3492.170023] ? security_file_ioctl+0x89/0xb0 [ 3492.174618] SyS_ioctl+0x8f/0xc0 [ 3492.178429] ? do_vfs_ioctl+0x1060/0x1060 [ 3492.183382] do_syscall_64+0x1e8/0x640 [ 3492.187284] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3492.193008] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3492.198383] RIP: 0033:0x45a4a7 [ 3492.201757] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3492.210607] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 3492.218325] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 3492.226249] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3492.234575] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3492.242251] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:10 executing program 5 (fault-call:3 fault-nth:16): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3492.374663] FAULT_INJECTION: forcing a failure. [ 3492.374663] name failslab, interval 1, probability 0, space 0, times 0 [ 3492.388415] CPU: 1 PID: 26128 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3492.395608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3492.405300] Call Trace: [ 3492.407891] dump_stack+0x142/0x197 [ 3492.411642] should_fail.cold+0x10f/0x159 [ 3492.416285] should_failslab+0xdb/0x130 [ 3492.420423] kmem_cache_alloc+0x2d7/0x780 [ 3492.424758] ? wait_for_completion+0x420/0x420 [ 3492.429353] __kernfs_new_node+0x70/0x420 [ 3492.433707] kernfs_new_node+0x80/0xf0 [ 3492.438143] __kernfs_create_file+0x46/0x323 [ 3492.442810] sysfs_add_file_mode_ns+0x1e4/0x450 [ 3492.447563] internal_create_group+0x232/0x7b0 [ 3492.452655] sysfs_create_group+0x20/0x30 [ 3492.456916] lo_ioctl+0x1176/0x1ce0 [ 3492.460547] ? loop_probe+0x160/0x160 [ 3492.465298] blkdev_ioctl+0x96b/0x1860 [ 3492.469615] ? blkpg_ioctl+0x980/0x980 [ 3492.474410] ? __might_sleep+0x93/0xb0 [ 3492.479293] ? __fget+0x210/0x370 [ 3492.483886] block_ioctl+0xde/0x120 [ 3492.488217] ? blkdev_fallocate+0x3b0/0x3b0 [ 3492.492763] do_vfs_ioctl+0x7ae/0x1060 [ 3492.499023] ? selinux_file_mprotect+0x5d0/0x5d0 [ 3492.504038] ? lock_downgrade+0x740/0x740 [ 3492.508266] ? ioctl_preallocate+0x1c0/0x1c0 [ 3492.513158] ? __fget+0x237/0x370 [ 3492.516601] ? security_file_ioctl+0x89/0xb0 [ 3492.520993] SyS_ioctl+0x8f/0xc0 [ 3492.524357] ? do_vfs_ioctl+0x1060/0x1060 [ 3492.528693] do_syscall_64+0x1e8/0x640 [ 3492.532585] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3492.538155] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3492.543502] RIP: 0033:0x45a4a7 [ 3492.546680] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3492.554391] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 3492.562786] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 17:53:10 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) [ 3492.570572] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3492.577913] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3492.585372] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:10 executing program 5 (fault-call:3 fault-nth:17): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3492.718414] FAULT_INJECTION: forcing a failure. [ 3492.718414] name failslab, interval 1, probability 0, space 0, times 0 [ 3492.732720] CPU: 1 PID: 26139 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3492.740593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3492.751956] Call Trace: [ 3492.756369] dump_stack+0x142/0x197 [ 3492.760702] should_fail.cold+0x10f/0x159 [ 3492.764939] should_failslab+0xdb/0x130 [ 3492.769004] kmem_cache_alloc+0x2d7/0x780 [ 3492.773143] ? wait_for_completion+0x420/0x420 [ 3492.777723] __kernfs_new_node+0x70/0x420 [ 3492.781872] kernfs_new_node+0x80/0xf0 [ 3492.785773] __kernfs_create_file+0x46/0x323 [ 3492.790169] sysfs_add_file_mode_ns+0x1e4/0x450 [ 3492.794825] internal_create_group+0x232/0x7b0 [ 3492.799397] sysfs_create_group+0x20/0x30 [ 3492.803581] lo_ioctl+0x1176/0x1ce0 [ 3492.807733] ? loop_probe+0x160/0x160 [ 3492.811542] blkdev_ioctl+0x96b/0x1860 [ 3492.815412] ? blkpg_ioctl+0x980/0x980 [ 3492.819300] ? __might_sleep+0x93/0xb0 [ 3492.823456] ? __fget+0x210/0x370 [ 3492.827866] block_ioctl+0xde/0x120 [ 3492.832220] ? blkdev_fallocate+0x3b0/0x3b0 [ 3492.837222] do_vfs_ioctl+0x7ae/0x1060 [ 3492.841908] ? selinux_file_mprotect+0x5d0/0x5d0 [ 3492.847329] ? lock_downgrade+0x740/0x740 [ 3492.852340] ? ioctl_preallocate+0x1c0/0x1c0 [ 3492.856733] ? __fget+0x237/0x370 [ 3492.860185] ? security_file_ioctl+0x89/0xb0 [ 3492.864596] SyS_ioctl+0x8f/0xc0 [ 3492.867960] ? do_vfs_ioctl+0x1060/0x1060 [ 3492.872283] do_syscall_64+0x1e8/0x640 [ 3492.876850] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3492.881950] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3492.887131] RIP: 0033:0x45a4a7 [ 3492.890419] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3492.898123] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 3492.905862] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 17:53:10 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) r6 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r6) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r7, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r8}, &(0x7f00000002c0)=0x20) [ 3492.913400] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3492.921799] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3492.930275] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:10 executing program 5 (fault-call:3 fault-nth:18): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3493.067244] FAULT_INJECTION: forcing a failure. [ 3493.067244] name failslab, interval 1, probability 0, space 0, times 0 [ 3493.083744] CPU: 0 PID: 26154 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3493.091125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3493.091131] Call Trace: [ 3493.091148] dump_stack+0x142/0x197 [ 3493.091165] should_fail.cold+0x10f/0x159 [ 3493.091182] should_failslab+0xdb/0x130 [ 3493.091191] kmem_cache_alloc+0x2d7/0x780 [ 3493.091200] ? wait_for_completion+0x420/0x420 [ 3493.091217] __kernfs_new_node+0x70/0x420 [ 3493.091232] kernfs_new_node+0x80/0xf0 [ 3493.091244] __kernfs_create_file+0x46/0x323 [ 3493.091257] sysfs_add_file_mode_ns+0x1e4/0x450 [ 3493.091271] internal_create_group+0x232/0x7b0 [ 3493.091289] sysfs_create_group+0x20/0x30 [ 3493.091299] lo_ioctl+0x1176/0x1ce0 [ 3493.091312] ? loop_probe+0x160/0x160 [ 3493.091324] blkdev_ioctl+0x96b/0x1860 [ 3493.107838] ? blkpg_ioctl+0x980/0x980 [ 3493.107857] ? __might_sleep+0x93/0xb0 [ 3493.107866] ? __fget+0x210/0x370 [ 3493.107879] block_ioctl+0xde/0x120 [ 3493.107889] ? blkdev_fallocate+0x3b0/0x3b0 [ 3493.116650] do_vfs_ioctl+0x7ae/0x1060 [ 3493.116664] ? selinux_file_mprotect+0x5d0/0x5d0 [ 3493.116675] ? lock_downgrade+0x740/0x740 [ 3493.116686] ? ioctl_preallocate+0x1c0/0x1c0 [ 3493.116699] ? __fget+0x237/0x370 [ 3493.130197] ? security_file_ioctl+0x89/0xb0 [ 3493.130212] SyS_ioctl+0x8f/0xc0 [ 3493.130221] ? do_vfs_ioctl+0x1060/0x1060 [ 3493.130235] do_syscall_64+0x1e8/0x640 [ 3493.130244] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3493.130261] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3493.130268] RIP: 0033:0x45a4a7 [ 3493.130273] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3493.130282] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 3493.130290] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 17:53:11 executing program 2: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) [ 3493.139503] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3493.139509] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3493.139515] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:12 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x3, 0x260402) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x80, 0x0) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r1, 0x89e1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x1b7) 17:53:12 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:12 executing program 5 (fault-call:3 fault-nth:19): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:12 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0xfffffffffffffda0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x1}, 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:12 executing program 2: openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0xff4a) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x20032600) open(0x0, 0x0, 0x0) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r2, 0x89e1, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_DROP(r2, 0x40045730, &(0x7f0000000000)=0x7) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r3, 0x89e1, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r3, 0x29, 0x1, &(0x7f0000000040), 0x4) sync() write$selinux_context(0xffffffffffffffff, 0x0, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) [ 3494.867011] FAULT_INJECTION: forcing a failure. [ 3494.867011] name failslab, interval 1, probability 0, space 0, times 0 [ 3494.879435] CPU: 1 PID: 26176 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3494.886473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3494.896469] Call Trace: [ 3494.899087] dump_stack+0x142/0x197 [ 3494.903874] should_fail.cold+0x10f/0x159 [ 3494.908309] should_failslab+0xdb/0x130 [ 3494.912524] kmem_cache_alloc+0x2d7/0x780 [ 3494.917490] ? wait_for_completion+0x420/0x420 [ 3494.922372] __kernfs_new_node+0x70/0x420 [ 3494.926821] kernfs_new_node+0x80/0xf0 [ 3494.931419] __kernfs_create_file+0x46/0x323 [ 3494.936189] sysfs_add_file_mode_ns+0x1e4/0x450 [ 3494.941032] internal_create_group+0x232/0x7b0 [ 3494.945798] sysfs_create_group+0x20/0x30 [ 3494.950106] lo_ioctl+0x1176/0x1ce0 [ 3494.953833] ? loop_probe+0x160/0x160 [ 3494.957678] blkdev_ioctl+0x96b/0x1860 [ 3494.961552] ? blkpg_ioctl+0x980/0x980 [ 3494.965538] ? __might_sleep+0x93/0xb0 [ 3494.969608] ? __fget+0x210/0x370 [ 3494.974160] block_ioctl+0xde/0x120 [ 3494.977886] ? blkdev_fallocate+0x3b0/0x3b0 [ 3494.982192] do_vfs_ioctl+0x7ae/0x1060 [ 3494.986075] ? selinux_file_mprotect+0x5d0/0x5d0 [ 3494.991013] ? lock_downgrade+0x740/0x740 [ 3494.996131] ? ioctl_preallocate+0x1c0/0x1c0 [ 3495.000887] ? __fget+0x237/0x370 [ 3495.004544] ? security_file_ioctl+0x89/0xb0 [ 3495.010177] SyS_ioctl+0x8f/0xc0 [ 3495.013527] ? do_vfs_ioctl+0x1060/0x1060 [ 3495.017858] do_syscall_64+0x1e8/0x640 [ 3495.022447] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3495.027569] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3495.033822] RIP: 0033:0x45a4a7 [ 3495.037285] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3495.045001] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 3495.052272] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 3495.059754] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 17:53:13 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000080)={0x100, 0x4}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r4 = getpid() sched_setattr(r4, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) tkill(r4, 0x19) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) [ 3495.067033] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3495.075698] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:13 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000040)={&(0x7f0000ffb000/0x2000)=nil, 0x2000}, &(0x7f0000000080)=0x10) wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1d0786c41b7414a136277756a1eac01471139e7af7927552c00d9f001722c26f249e6be1731ba8a9015c601025d03bf562d5e6734af2f62cb6c", 0xe0}], 0x10000000000003a7, 0x7) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x1645, 0x100000) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x7, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:53:13 executing program 5 (fault-call:3 fault-nth:20): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3495.226979] FAULT_INJECTION: forcing a failure. [ 3495.226979] name failslab, interval 1, probability 0, space 0, times 0 [ 3495.242441] CPU: 0 PID: 26203 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3495.249604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3495.259075] Call Trace: [ 3495.261698] dump_stack+0x142/0x197 [ 3495.265343] should_fail.cold+0x10f/0x159 [ 3495.269664] should_failslab+0xdb/0x130 [ 3495.273713] kmem_cache_alloc_trace+0x2e9/0x790 [ 3495.278774] ? kernfs_put+0x35e/0x490 [ 3495.282775] ? sysfs_add_file_mode_ns+0x1e4/0x450 [ 3495.287647] ? devm_device_remove_groups+0x50/0x50 [ 3495.292660] kobject_uevent_env+0x378/0xc23 [ 3495.297092] ? internal_create_group+0x49a/0x7b0 [ 3495.302025] kobject_uevent+0x20/0x26 [ 3495.305844] lo_ioctl+0x11e7/0x1ce0 [ 3495.309485] ? loop_probe+0x160/0x160 [ 3495.313276] blkdev_ioctl+0x96b/0x1860 [ 3495.317169] ? blkpg_ioctl+0x980/0x980 [ 3495.321249] ? __might_sleep+0x93/0xb0 [ 3495.325761] ? __fget+0x210/0x370 [ 3495.330030] block_ioctl+0xde/0x120 [ 3495.333912] ? blkdev_fallocate+0x3b0/0x3b0 [ 3495.340175] do_vfs_ioctl+0x7ae/0x1060 [ 3495.344172] ? selinux_file_mprotect+0x5d0/0x5d0 [ 3495.348937] ? lock_downgrade+0x740/0x740 [ 3495.353083] ? ioctl_preallocate+0x1c0/0x1c0 [ 3495.357476] ? __fget+0x237/0x370 [ 3495.360928] ? security_file_ioctl+0x89/0xb0 [ 3495.365330] SyS_ioctl+0x8f/0xc0 [ 3495.369155] ? do_vfs_ioctl+0x1060/0x1060 [ 3495.374241] do_syscall_64+0x1e8/0x640 [ 3495.379505] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3495.384351] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3495.389552] RIP: 0033:0x45a4a7 [ 3495.392727] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3495.400539] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 3495.407804] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 3495.415080] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 17:53:13 executing program 2: r0 = syz_open_dev$midi(0x0, 0x0, 0x0) ioctl$EVIOCSFF(r0, 0x40304580, &(0x7f0000000040)={0x57, 0x4, 0x2, {0x0, 0x9}, {0x0, 0x7}, @rumble={0x1, 0x8}}) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) write$P9_RVERSION(r2, &(0x7f0000000980)=ANY=[@ANYBLOB="1500000065ffff0010000008003950323030300900fc9cd866b42938ab0142624904b40d651a9b3672476a814ac42843aa88e1db60ba47b6bb30407402000000349f062e4624400100000000000000e03a80b9374275d0f7b100237209ffe467ab1296c3c5085a515cf18151210b8615d54f1c7f3e9ef2ec1577c935216a586171a0aca46a1b561565ffefd7652e6c949d9a7f95f42d36d892d4b30cc1fc50434686595553e6f3381cf655df317fe9ca3533e7afb1ced5c006e691b4999cf6c0aae1178e256baacb07e6f80b9f8e6bc4f3b57d528930399f5c7903c06e4298f2d6774ba4d327c8c4c783340d84b8252dc0961fdc1816a67772058c027c491d1761cd867b446e1d09fc35834cb3e8e0ed7bde47964dc091ec1ce2dd7bfa8c430600000000000000ce550d9645db0c58453350fa101f5aae17559fcfd2bd00000000c2621a68b48ccc39235cdf20d22060d3c8f352e3416380e4aab0aad9d953e0a7dd37de2bfc4fc5d81bfa4264c89a612bf74868309f840cc82f1cb4a4eaa8728c3425a50c9ffb680f44aff1e913a7f5b3158696196345a4caebc08e692861bbd2304b31f7c58fe55f668b9420ea754930458873cec2e3869c70cc78c2a06f70c33a4c09e6195262ae96eec759aae838435429bd039f8ffde4c529d7dc83c298a16cd17d01d46e41ebfeef9fc6f935e8f745bd1208d4d5b226eff700"/528], 0x15) write$P9_RAUTH(r2, &(0x7f0000000040)={0x14, 0x67, 0x1, {0x0, 0x5}}, 0x14) write$P9_RGETATTR(r2, &(0x7f0000000500)={0xa0, 0x19, 0x1}, 0xa0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r3, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r4, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) getsockopt$IP_VS_SO_GET_SERVICE(r3, 0x0, 0x483, &(0x7f00000001c0), &(0x7f00000000c0)=0x68) umount2(&(0x7f0000000140)='./file0\x00', 0x0) [ 3495.422344] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3495.429623] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:13 executing program 5 (fault-call:3 fault-nth:21): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:13 executing program 2: r0 = syz_open_dev$midi(0x0, 0x0, 0x0) ioctl$EVIOCSFF(r0, 0x40304580, &(0x7f0000000040)={0x57, 0x4, 0x2, {0x0, 0x9}, {0x0, 0x7}, @rumble={0x1, 0x8}}) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) write$P9_RVERSION(r2, &(0x7f0000000980)=ANY=[@ANYBLOB="1500000065ffff0010000008003950323030300900fc9cd866b42938ab0142624904b40d651a9b3672476a814ac42843aa88e1db60ba47b6bb30407402000000349f062e4624400100000000000000e03a80b9374275d0f7b100237209ffe467ab1296c3c5085a515cf18151210b8615d54f1c7f3e9ef2ec1577c935216a586171a0aca46a1b561565ffefd7652e6c949d9a7f95f42d36d892d4b30cc1fc50434686595553e6f3381cf655df317fe9ca3533e7afb1ced5c006e691b4999cf6c0aae1178e256baacb07e6f80b9f8e6bc4f3b57d528930399f5c7903c06e4298f2d6774ba4d327c8c4c783340d84b8252dc0961fdc1816a67772058c027c491d1761cd867b446e1d09fc35834cb3e8e0ed7bde47964dc091ec1ce2dd7bfa8c430600000000000000ce550d9645db0c58453350fa101f5aae17559fcfd2bd00000000c2621a68b48ccc39235cdf20d22060d3c8f352e3416380e4aab0aad9d953e0a7dd37de2bfc4fc5d81bfa4264c89a612bf74868309f840cc82f1cb4a4eaa8728c3425a50c9ffb680f44aff1e913a7f5b3158696196345a4caebc08e692861bbd2304b31f7c58fe55f668b9420ea754930458873cec2e3869c70cc78c2a06f70c33a4c09e6195262ae96eec759aae838435429bd039f8ffde4c529d7dc83c298a16cd17d01d46e41ebfeef9fc6f935e8f745bd1208d4d5b226eff700"/528], 0x15) write$P9_RAUTH(r2, &(0x7f0000000040)={0x14, 0x67, 0x1, {0x0, 0x5}}, 0x14) write$P9_RGETATTR(r2, &(0x7f0000000500)={0xa0, 0x19, 0x1}, 0xa0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r3, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r4, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) getsockopt$IP_VS_SO_GET_SERVICE(r3, 0x0, 0x483, &(0x7f00000001c0), &(0x7f00000000c0)=0x68) umount2(&(0x7f0000000140)='./file0\x00', 0x0) [ 3495.595086] FAULT_INJECTION: forcing a failure. [ 3495.595086] name failslab, interval 1, probability 0, space 0, times 0 [ 3495.613388] CPU: 1 PID: 26211 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3495.620737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3495.630784] Call Trace: [ 3495.633370] dump_stack+0x142/0x197 17:53:13 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) [ 3495.637104] should_fail.cold+0x10f/0x159 [ 3495.650907] should_failslab+0xdb/0x130 [ 3495.655157] kmem_cache_alloc_node+0x287/0x780 [ 3495.660464] __alloc_skb+0x9c/0x500 [ 3495.664201] ? skb_scrub_packet+0x4b0/0x4b0 [ 3495.668545] ? netlink_has_listeners+0x20a/0x330 [ 3495.694864] kobject_uevent_env+0x781/0xc23 [ 3495.699184] ? internal_create_group+0x49a/0x7b0 [ 3495.703947] kobject_uevent+0x20/0x26 [ 3495.707766] lo_ioctl+0x11e7/0x1ce0 [ 3495.711391] ? loop_probe+0x160/0x160 [ 3495.715379] blkdev_ioctl+0x96b/0x1860 [ 3495.720395] ? blkpg_ioctl+0x980/0x980 [ 3495.724284] ? __might_sleep+0x93/0xb0 [ 3495.728160] ? __fget+0x210/0x370 [ 3495.734295] block_ioctl+0xde/0x120 [ 3495.738025] ? blkdev_fallocate+0x3b0/0x3b0 [ 3495.743127] do_vfs_ioctl+0x7ae/0x1060 [ 3495.747086] ? selinux_file_mprotect+0x5d0/0x5d0 [ 3495.751998] ? lock_downgrade+0x740/0x740 [ 3495.756147] ? ioctl_preallocate+0x1c0/0x1c0 [ 3495.760541] ? __fget+0x237/0x370 [ 3495.764331] ? security_file_ioctl+0x89/0xb0 [ 3495.768841] SyS_ioctl+0x8f/0xc0 [ 3495.772383] ? do_vfs_ioctl+0x1060/0x1060 [ 3495.776690] do_syscall_64+0x1e8/0x640 [ 3495.780589] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3495.780607] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3495.780616] RIP: 0033:0x45a4a7 [ 3495.780621] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3495.780632] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 3495.780637] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 3495.780641] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3495.780646] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3495.780650] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:13 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x05', 0x10000, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:15 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, &(0x7f0000000000)={0xb0}, 0x1) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) syslog(0x9, &(0x7f0000000080)=""/61, 0x3d) 17:53:15 executing program 5 (fault-call:3 fault-nth:22): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:15 executing program 2: r0 = syz_open_dev$midi(0x0, 0x0, 0x0) ioctl$EVIOCSFF(r0, 0x40304580, &(0x7f0000000040)={0x57, 0x4, 0x2, {0x0, 0x9}, {0x0, 0x7}, @rumble={0x1, 0x8}}) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) write$P9_RVERSION(r2, &(0x7f0000000980)=ANY=[@ANYBLOB="1500000065ffff0010000008003950323030300900fc9cd866b42938ab0142624904b40d651a9b3672476a814ac42843aa88e1db60ba47b6bb30407402000000349f062e4624400100000000000000e03a80b9374275d0f7b100237209ffe467ab1296c3c5085a515cf18151210b8615d54f1c7f3e9ef2ec1577c935216a586171a0aca46a1b561565ffefd7652e6c949d9a7f95f42d36d892d4b30cc1fc50434686595553e6f3381cf655df317fe9ca3533e7afb1ced5c006e691b4999cf6c0aae1178e256baacb07e6f80b9f8e6bc4f3b57d528930399f5c7903c06e4298f2d6774ba4d327c8c4c783340d84b8252dc0961fdc1816a67772058c027c491d1761cd867b446e1d09fc35834cb3e8e0ed7bde47964dc091ec1ce2dd7bfa8c430600000000000000ce550d9645db0c58453350fa101f5aae17559fcfd2bd00000000c2621a68b48ccc39235cdf20d22060d3c8f352e3416380e4aab0aad9d953e0a7dd37de2bfc4fc5d81bfa4264c89a612bf74868309f840cc82f1cb4a4eaa8728c3425a50c9ffb680f44aff1e913a7f5b3158696196345a4caebc08e692861bbd2304b31f7c58fe55f668b9420ea754930458873cec2e3869c70cc78c2a06f70c33a4c09e6195262ae96eec759aae838435429bd039f8ffde4c529d7dc83c298a16cd17d01d46e41ebfeef9fc6f935e8f745bd1208d4d5b226eff700"/528], 0x15) write$P9_RAUTH(r2, &(0x7f0000000040)={0x14, 0x67, 0x1, {0x0, 0x5}}, 0x14) write$P9_RGETATTR(r2, &(0x7f0000000500)={0xa0, 0x19, 0x1}, 0xa0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r3, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r4, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) getsockopt$IP_VS_SO_GET_SERVICE(r3, 0x0, 0x483, &(0x7f00000001c0), &(0x7f00000000c0)=0x68) umount2(&(0x7f0000000140)='./file0\x00', 0x0) 17:53:15 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:15 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x6, 0x0, 0x0, 0x5}, 0x66dbe923493ddccf) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) [ 3497.874862] FAULT_INJECTION: forcing a failure. [ 3497.874862] name failslab, interval 1, probability 0, space 0, times 0 [ 3497.891220] CPU: 1 PID: 26239 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3497.898294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3497.908045] Call Trace: [ 3497.910679] dump_stack+0x142/0x197 [ 3497.914373] should_fail.cold+0x10f/0x159 [ 3497.918654] should_failslab+0xdb/0x130 [ 3497.922650] kmem_cache_alloc_node+0x287/0x780 [ 3497.927264] __alloc_skb+0x9c/0x500 [ 3497.930906] ? skb_scrub_packet+0x4b0/0x4b0 [ 3497.935249] ? netlink_has_listeners+0x20a/0x330 [ 3497.935267] kobject_uevent_env+0x781/0xc23 [ 3497.935279] ? internal_create_group+0x49a/0x7b0 [ 3497.935297] kobject_uevent+0x20/0x26 [ 3497.935309] lo_ioctl+0x11e7/0x1ce0 [ 3497.935322] ? loop_probe+0x160/0x160 [ 3497.935335] blkdev_ioctl+0x96b/0x1860 [ 3497.935346] ? blkpg_ioctl+0x980/0x980 [ 3497.935360] ? __might_sleep+0x93/0xb0 [ 3497.935368] ? __fget+0x210/0x370 [ 3497.935378] block_ioctl+0xde/0x120 [ 3497.935385] ? blkdev_fallocate+0x3b0/0x3b0 [ 3497.944294] ptrace attach of "/root/syz-executor.4"[26243] was attempted by "/root/syz-executor.4"[26245] [ 3497.945241] do_vfs_ioctl+0x7ae/0x1060 [ 3497.945258] ? selinux_file_mprotect+0x5d0/0x5d0 [ 3497.945270] ? lock_downgrade+0x740/0x740 [ 3497.945281] ? ioctl_preallocate+0x1c0/0x1c0 [ 3497.961802] ? __fget+0x237/0x370 [ 3497.961820] ? security_file_ioctl+0x89/0xb0 [ 3497.961832] SyS_ioctl+0x8f/0xc0 [ 3497.961843] ? do_vfs_ioctl+0x1060/0x1060 [ 3497.961857] do_syscall_64+0x1e8/0x640 [ 3497.961865] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3497.961882] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3497.961891] RIP: 0033:0x45a4a7 [ 3497.961895] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3497.961904] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 3497.961909] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 3497.961913] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3497.961917] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3497.961921] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:16 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0xff, 0x200) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r0, 0x12, 0x2, &(0x7f0000000040)=""/46, &(0x7f0000000080)=0x2e) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$cont(0x18, r1, 0x4, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) r2 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000340)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce003d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308bd73f4772539", 0x2b2, 0xfffffffffffffffe) r3 = add_key$user(0x0, &(0x7f00000005c0)={'syz'}, &(0x7f0000000000)="1d", 0x1, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r3, r2, r3}, &(0x7f0000000440)=""/243, 0xf3, &(0x7f0000000240)={&(0x7f0000000600)={'rmd320\x00'}}) keyctl$KEYCTL_PKEY_DECRYPT(0x1a, &(0x7f0000000100)={r3, 0xef, 0xe3}, 0x0, &(0x7f0000000140)="ec9eac3067387cd78a0066cfb1629c2287a1e848caae4800725c610b9e65cc47141275da052ff21a428dda0e4a3512b8fdd0990f419e50fc8cbacb9585da497f262784da1854eeaa6705dae5f211b07e8c63c47e1fd824b2d277406d4ec59d7298e0dd9a09a305c52e57fd9e8c7afed956b51f22abcb7ecb2cf19474d9635c2baf479206dd08893a3a29e304a56dd75af8f1424272c6da5f53d15f1b6353e5b00cb4db38992aeb662b8253a97d4f63295de8561d0b610042f9a0a4c3f15338908caed6a06de8f5fa7543e51eed8cca0d7f398989363574ca677734f4fda2e2f96c328436487862ea83ef5f0fd7b636", &(0x7f0000000380)=""/227) ptrace$cont(0x9, r1, 0x0, 0x0) 17:53:16 executing program 2: r0 = syz_open_dev$midi(0x0, 0x0, 0x0) ioctl$EVIOCSFF(r0, 0x40304580, &(0x7f0000000040)={0x57, 0x4, 0x2, {0x0, 0x9}, {0x0, 0x7}, @rumble={0x1, 0x8}}) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) write$P9_RVERSION(r2, &(0x7f0000000980)=ANY=[@ANYBLOB="1500000065ffff0010000008003950323030300900fc9cd866b42938ab0142624904b40d651a9b3672476a814ac42843aa88e1db60ba47b6bb30407402000000349f062e4624400100000000000000e03a80b9374275d0f7b100237209ffe467ab1296c3c5085a515cf18151210b8615d54f1c7f3e9ef2ec1577c935216a586171a0aca46a1b561565ffefd7652e6c949d9a7f95f42d36d892d4b30cc1fc50434686595553e6f3381cf655df317fe9ca3533e7afb1ced5c006e691b4999cf6c0aae1178e256baacb07e6f80b9f8e6bc4f3b57d528930399f5c7903c06e4298f2d6774ba4d327c8c4c783340d84b8252dc0961fdc1816a67772058c027c491d1761cd867b446e1d09fc35834cb3e8e0ed7bde47964dc091ec1ce2dd7bfa8c430600000000000000ce550d9645db0c58453350fa101f5aae17559fcfd2bd00000000c2621a68b48ccc39235cdf20d22060d3c8f352e3416380e4aab0aad9d953e0a7dd37de2bfc4fc5d81bfa4264c89a612bf74868309f840cc82f1cb4a4eaa8728c3425a50c9ffb680f44aff1e913a7f5b3158696196345a4caebc08e692861bbd2304b31f7c58fe55f668b9420ea754930458873cec2e3869c70cc78c2a06f70c33a4c09e6195262ae96eec759aae838435429bd039f8ffde4c529d7dc83c298a16cd17d01d46e41ebfeef9fc6f935e8f745bd1208d4d5b226eff700"/528], 0x15) write$P9_RAUTH(r2, &(0x7f0000000040)={0x14, 0x67, 0x1, {0x0, 0x5}}, 0x14) write$P9_RGETATTR(r2, &(0x7f0000000500)={0xa0, 0x19, 0x1}, 0xa0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r3, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r4, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) getsockopt$IP_VS_SO_GET_SERVICE(r3, 0x0, 0x483, &(0x7f00000001c0), &(0x7f00000000c0)=0x68) umount2(&(0x7f0000000140)='./file0\x00', 0x0) 17:53:16 executing program 5 (fault-call:3 fault-nth:23): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:16 executing program 1: r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r0, 0x89e1, 0x0) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r1, 0x89e1, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000040)={0x0, 0x29}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000100)={r2, @in6={{0xa, 0x4e22, 0x5, @dev={0xfe, 0x80, [], 0x1a}, 0xff}}, 0x3, 0x7, 0x8000, 0x1f85, 0x80}, 0x98) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup2(r5, r4) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r3, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r3, 0x3c) ptrace$cont(0x18, r3, 0x0, 0x0) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r3, 0x0, 0x0) [ 3498.247794] FAULT_INJECTION: forcing a failure. [ 3498.247794] name failslab, interval 1, probability 0, space 0, times 0 [ 3498.262053] CPU: 1 PID: 26261 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3498.269093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3498.278543] Call Trace: [ 3498.281493] dump_stack+0x142/0x197 [ 3498.285327] should_fail.cold+0x10f/0x159 [ 3498.289801] should_failslab+0xdb/0x130 [ 3498.293955] __kmalloc+0x2f0/0x7a0 [ 3498.293968] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 3498.293983] ? kobject_uevent_env+0x378/0xc23 [ 3498.293994] ? rcu_read_lock_sched_held+0x110/0x130 [ 3498.294004] ? kobject_get_path+0xbb/0x1a0 [ 3498.294016] kobject_get_path+0xbb/0x1a0 [ 3498.294027] ? devm_device_remove_groups+0x50/0x50 [ 3498.294041] kobject_uevent_env+0x39c/0xc23 [ 3498.303301] ? internal_create_group+0x49a/0x7b0 [ 3498.303320] kobject_uevent+0x20/0x26 [ 3498.312903] lo_ioctl+0x11e7/0x1ce0 [ 3498.312918] ? loop_probe+0x160/0x160 [ 3498.312932] blkdev_ioctl+0x96b/0x1860 [ 3498.312942] ? blkpg_ioctl+0x980/0x980 [ 3498.312958] ? __might_sleep+0x93/0xb0 [ 3498.312968] ? __fget+0x210/0x370 [ 3498.312982] block_ioctl+0xde/0x120 [ 3498.312992] ? blkdev_fallocate+0x3b0/0x3b0 [ 3498.313002] do_vfs_ioctl+0x7ae/0x1060 [ 3498.313018] ? selinux_file_mprotect+0x5d0/0x5d0 [ 3498.380353] ? lock_downgrade+0x740/0x740 [ 3498.384517] ? ioctl_preallocate+0x1c0/0x1c0 [ 3498.389010] ? __fget+0x237/0x370 [ 3498.392465] ? security_file_ioctl+0x89/0xb0 [ 3498.396859] SyS_ioctl+0x8f/0xc0 [ 3498.400299] ? do_vfs_ioctl+0x1060/0x1060 [ 3498.404583] do_syscall_64+0x1e8/0x640 [ 3498.408477] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3498.413332] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3498.418509] RIP: 0033:0x45a4a7 [ 3498.421692] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3498.429386] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 3498.436681] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 17:53:16 executing program 2: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x05', 0x10000, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) [ 3498.444110] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3498.451367] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3498.458752] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:16 executing program 5 (fault-call:3 fault-nth:24): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3498.576677] FAULT_INJECTION: forcing a failure. [ 3498.576677] name failslab, interval 1, probability 0, space 0, times 0 [ 3498.588728] CPU: 1 PID: 26279 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3498.601506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3498.613886] Call Trace: [ 3498.616466] dump_stack+0x142/0x197 [ 3498.620089] should_fail.cold+0x10f/0x159 [ 3498.629605] should_failslab+0xdb/0x130 [ 3498.633567] kmem_cache_alloc_node_trace+0x280/0x770 [ 3498.638671] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 3498.644136] __kmalloc_node_track_caller+0x3d/0x80 [ 3498.649071] __kmalloc_reserve.isra.0+0x40/0xe0 [ 3498.649082] __alloc_skb+0xcf/0x500 [ 3498.674132] ? skb_scrub_packet+0x4b0/0x4b0 [ 3498.674146] ? netlink_has_listeners+0x20a/0x330 [ 3498.683180] kobject_uevent_env+0x781/0xc23 [ 3498.683190] ? internal_create_group+0x49a/0x7b0 [ 3498.683207] kobject_uevent+0x20/0x26 [ 3498.702945] lo_ioctl+0x11e7/0x1ce0 [ 3498.707178] ? loop_probe+0x160/0x160 [ 3498.712037] blkdev_ioctl+0x96b/0x1860 [ 3498.718100] ? blkpg_ioctl+0x980/0x980 [ 3498.723310] ? __might_sleep+0x93/0xb0 17:53:16 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) [ 3498.727453] ? __fget+0x210/0x370 [ 3498.730907] block_ioctl+0xde/0x120 [ 3498.734631] ? blkdev_fallocate+0x3b0/0x3b0 [ 3498.739136] do_vfs_ioctl+0x7ae/0x1060 [ 3498.743021] ? selinux_file_mprotect+0x5d0/0x5d0 [ 3498.748679] ? lock_downgrade+0x740/0x740 [ 3498.753000] ? ioctl_preallocate+0x1c0/0x1c0 [ 3498.757577] ? __fget+0x237/0x370 [ 3498.761039] ? security_file_ioctl+0x89/0xb0 [ 3498.765725] SyS_ioctl+0x8f/0xc0 [ 3498.769139] ? do_vfs_ioctl+0x1060/0x1060 [ 3498.773424] do_syscall_64+0x1e8/0x640 [ 3498.777629] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3498.782477] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3498.787675] RIP: 0033:0x45a4a7 [ 3498.790860] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3498.798925] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 3498.806180] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 3498.813721] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3498.820989] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3498.828372] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:16 executing program 5 (fault-call:3 fault-nth:25): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:16 executing program 0: syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) getpgrp(r0) r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r4, 0x89e1, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r4, 0xc0a85322, &(0x7f0000000440)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) r6 = getpid() sched_setattr(r6, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_open_procfs(r6, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r2, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r1, 0xc038563b, &(0x7f0000000000)={0x0, 0x0, {0x0, 0x0, 0xffffffff}}) r7 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r7, 0x89e1, 0x0) r8 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r8) r9 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r9, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r9, 0x84, 0x1d, &(0x7f0000000380)=ANY=[@ANYBLOB="a78c57c9658f552ecd1a75b657d4625727b94ecd734ef3430ca786cdadc487714c15a0c707033db886e53992a17bc9ab7b90fcae4e4f3d19", @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r8, 0x84, 0x72, &(0x7f0000000000), 0x3) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r7, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r10}, &(0x7f00000002c0)=0x20) [ 3498.987477] FAULT_INJECTION: forcing a failure. [ 3498.987477] name failslab, interval 1, probability 0, space 0, times 0 [ 3499.000775] CPU: 1 PID: 26291 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3499.007967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3499.017590] Call Trace: [ 3499.020579] dump_stack+0x142/0x197 [ 3499.024212] should_fail.cold+0x10f/0x159 [ 3499.028364] should_failslab+0xdb/0x130 [ 3499.032338] kmem_cache_alloc_node+0x287/0x780 [ 3499.037540] __alloc_skb+0x9c/0x500 [ 3499.041163] ? skb_scrub_packet+0x4b0/0x4b0 [ 3499.045486] ? netlink_has_listeners+0x20a/0x330 [ 3499.050330] kobject_uevent_env+0x781/0xc23 [ 3499.054646] kobject_uevent+0x20/0x26 [ 3499.058450] lo_ioctl+0x11e7/0x1ce0 [ 3499.062125] ? loop_probe+0x160/0x160 [ 3499.066056] blkdev_ioctl+0x96b/0x1860 [ 3499.069939] ? blkpg_ioctl+0x980/0x980 [ 3499.073843] ? __might_sleep+0x93/0xb0 [ 3499.077759] ? __fget+0x210/0x370 [ 3499.081208] block_ioctl+0xde/0x120 [ 3499.084860] ? blkdev_fallocate+0x3b0/0x3b0 [ 3499.089189] do_vfs_ioctl+0x7ae/0x1060 [ 3499.093086] ? selinux_file_mprotect+0x5d0/0x5d0 [ 3499.097840] ? lock_downgrade+0x740/0x740 [ 3499.101986] ? ioctl_preallocate+0x1c0/0x1c0 [ 3499.106398] ? __fget+0x237/0x370 [ 3499.109969] ? security_file_ioctl+0x89/0xb0 [ 3499.114554] SyS_ioctl+0x8f/0xc0 [ 3499.117919] ? do_vfs_ioctl+0x1060/0x1060 [ 3499.122079] do_syscall_64+0x1e8/0x640 [ 3499.125975] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3499.130817] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3499.135999] RIP: 0033:0x45a4a7 [ 3499.139177] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3499.146879] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 3499.154150] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 3499.161416] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3499.168952] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3499.176220] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:17 executing program 5 (fault-call:3 fault-nth:26): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:17 executing program 2: ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) chdir(&(0x7f0000000280)='./file0\x00') mkdirat(0xffffffffffffffff, 0x0, 0x22) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x0, 0x2) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, 0xffffffffffffffff) r1 = creat(&(0x7f0000000480)='./bus\x00', 0x0) r2 = open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r2, 0x0) ftruncate(r1, 0x208200) r3 = open(&(0x7f0000000400)='./bus\x00', 0x0, 0x0) read(r3, &(0x7f0000000180)=""/19, 0xfffffe47) [ 3499.329914] FAULT_INJECTION: forcing a failure. [ 3499.329914] name failslab, interval 1, probability 0, space 0, times 0 [ 3499.342489] CPU: 1 PID: 26306 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3499.349766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3499.359129] Call Trace: [ 3499.361762] dump_stack+0x142/0x197 [ 3499.365405] should_fail.cold+0x10f/0x159 [ 3499.369661] should_failslab+0xdb/0x130 [ 3499.373655] kmem_cache_alloc_node_trace+0x280/0x770 [ 3499.378852] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 3499.384467] __kmalloc_node_track_caller+0x3d/0x80 [ 3499.386978] audit: type=1804 audit(1574013197.227:4429): pid=26309 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir746674277/syzkaller.aS8bVU/70/bus" dev="sda1" ino=17153 res=1 [ 3499.389404] __kmalloc_reserve.isra.0+0x40/0xe0 [ 3499.389417] __alloc_skb+0xcf/0x500 [ 3499.389427] ? skb_scrub_packet+0x4b0/0x4b0 [ 3499.389440] ? netlink_has_listeners+0x20a/0x330 [ 3499.389453] kobject_uevent_env+0x781/0xc23 [ 3499.389469] kobject_uevent+0x20/0x26 [ 3499.442815] lo_ioctl+0x11e7/0x1ce0 [ 3499.446707] ? loop_probe+0x160/0x160 [ 3499.450531] blkdev_ioctl+0x96b/0x1860 [ 3499.454419] ? blkpg_ioctl+0x980/0x980 [ 3499.458320] ? __might_sleep+0x93/0xb0 [ 3499.462207] ? __fget+0x210/0x370 [ 3499.465663] block_ioctl+0xde/0x120 [ 3499.469349] ? blkdev_fallocate+0x3b0/0x3b0 [ 3499.473868] do_vfs_ioctl+0x7ae/0x1060 [ 3499.477758] ? selinux_file_mprotect+0x5d0/0x5d0 [ 3499.482523] ? lock_downgrade+0x740/0x740 [ 3499.486691] ? ioctl_preallocate+0x1c0/0x1c0 [ 3499.491118] ? __fget+0x237/0x370 [ 3499.494581] ? security_file_ioctl+0x89/0xb0 [ 3499.498991] SyS_ioctl+0x8f/0xc0 [ 3499.502358] ? do_vfs_ioctl+0x1060/0x1060 [ 3499.506545] do_syscall_64+0x1e8/0x640 [ 3499.510519] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3499.515370] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3499.520568] RIP: 0033:0x45a4a7 [ 3499.523757] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3499.531637] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 3499.538902] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 3499.546167] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3499.553441] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3499.560707] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:17 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:19 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:19 executing program 5 (fault-call:3 fault-nth:27): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:19 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x400, 0x0) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r2, 0x89e1, 0x0) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f0000000100)={0x0, @in={{0x2, 0x4e21, @remote}}}, &(0x7f00000001c0)=0x84) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000200)={r3, 0x7b5b}, &(0x7f0000000240)=0x8) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20}, 0x1c) listen(r0, 0xfffffffffffffffd) syz_emit_ethernet(0x56, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd60d8651000200600fe800000830c376637c1cb6d63560b35b10000000000000d00000000aafe8000000000000000000000000000aa00004e20", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="8002000090780000fe0af989a343d268c11d0000"], 0x0) 17:53:19 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) syz_genetlink_get_family_id$SEG6(&(0x7f0000000080)='SEG6\x00') clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) getresuid(&(0x7f0000000280), &(0x7f0000000380)=0x0, &(0x7f00000003c0)) mount$9p_rdma(&(0x7f00000001c0)='127.0.0.1\x00', &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='9p\x00', 0x8000, &(0x7f0000000400)={'trans=rdma,', {'port', 0x3d, 0x4e24}, 0x2c, {[{@common=@debug={'debug', 0x3d, 0x9}}, {@rq={'rq', 0x3d, 0x20}}, {@timeout={'timeout', 0x3d, 0x89}}, {@sq={'sq', 0x3d, 0xffff}}, {@timeout={'timeout', 0x3d, 0x1}}, {@rq={'rq', 0x3d, 0x3}}], [{@fowner_lt={'fowner<', r4}}, {@dont_measure='dont_measure'}, {@dont_appraise='dont_appraise'}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@subj_user={'subj_user', 0x3d, 'y\x00'}}]}}) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r5 = getpid() sched_setattr(r5, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='trusted.overlay.opaque\x00', &(0x7f0000000180)='y\x00', 0x2, 0x1) ptrace$cont(0x9, r5, 0x31, 0x4e) 17:53:19 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f0000000440)=ANY=[@ANYBLOB="59dd4ae6116082380dd032c45865da", @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:19 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, 0x0, 0x180) r2 = getpgid(0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000000)=0x0) r4 = gettid() bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0x6d, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40), &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000018c0)={r4, 0xffffffffffffffff, 0x0, 0x0, 0x0, r5}, 0x30) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000)={r5}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x5, &(0x7f0000000000)='comm\x00', r5}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r3, 0xffffffffffffffff, 0x0, 0x17, &(0x7f0000000040)='net/ip_vs_stats_percpu\x00', r5}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r2, 0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', r5}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, r1, 0x0, 0x0, 0x0, r5}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000000)='/loproc(\x00', r5}, 0x30) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000700)={r5}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000140)='\x00', r5}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xd, &(0x7f00000001c0)='\'.wlan1/GPLI\x00', r5}, 0x30) rt_tgsigqueueinfo(r6, r0, 0x2d, &(0x7f0000000240)={0x11, 0x3f, 0x9}) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="39fad6568f0069c3d70d1eabb1f1995b190e2e2aaf328b338ec4e00413946646ccb5e568506f904d711459d7fc714be0209f2383eee2d09c580fc177962ec52ad845e272953555810d49fd9edeade60c4b8c24f9e489d8f005f2af5b7d967366bcb6c72c789a12ab326de991e011f0c3c17644ded31ad3ac9e2b16c4ef499cc9ff900024b2ee60c22bdb8e5a15", 0x8d}, {&(0x7f0000000380)="890de8ae436e8c83bf2f9bfd2a82eb9c7b327aaef97a4e74987746c1f4d92faf4dc7d5899fa722855eaac27420807efc656725f2337143584f06e1c3ca138fd20ff6b19f442e1688103e7565e95167b0fcceda47238adf598462a9e2e68fc257fdf4397546e2770fdb4b6acacd95ee9c3a3238d419eedc2ee4a67feef31f963e7548edbdff49a93e07145a70bad7e22de534f27f5b84695fc0e5493f44c5414f64623bd4e254ce1b1f760e6a733eee13e5cb588d504eaf50eeb4623545ad2ff8a899bc6fc39f942b6efd359b4a0e151f892316245fb33a3b8c28795143c66022aebd29248e833877777982fb07bb161fb5dcb9d2b9e16509be5629e65eff8b3a1afc1cbbef47743a0bab02b5dff09353113474ed8928619d333ebbfec2a9a2c3c02d05f2ee67c914120a10269e8fe3d3b513f52d873d339d8338007794422b4a7a30931686a84ba6b57bb62955d1f0975c4a31db8249d3845f6a3767a72cc32d8b5b21aba63fee333e356f5dbe1e28ec42631fbcc9ef60c77305a95221eaa1509c7d2cd979dddf2f6675332dc4948d7f3470be31a31e363608159494f9440e18a1af9b6ab350820c41ba517cc37a0eb9b14fe52a33f22b8552df31f269d39d3251c7d348950fc6447f4275f2c11b3a68f27fef4b702d636c388da8e78de46a2e2db74ec657ebe6c9ff6d2d8de5aa0d2dd893257a931fd0a98cd1507e6d529c36bfd95fa7b4897ebd1880cdbf152329647ffc6fb2f044c982830849e063c6fcdedf362d59776218678fe399399435105e7a885a7d8c0012fb81fb9cf1378f52a449faf2c9485aead1c899fcefc1310c2bda7a544505e66a768243d5cca454f47aa545f9744a0fcc93b3fb6862ea92c83f6006091b26f5b486ab85f76337edce76b318edbf63eb75bf713579c9d39fe607b7c26f5f4bbc352f364838fd4054679d75e60f025fbaa647747d7a7ee561f50ae67cf6bff593a9076fea9c380b86d10baeebc42b0dab0207d0bca9ff88576fd8658a9bec36713dabeaff3169125859b0b1e03cee95196b6b8193fd62be6f114f632037aa4bc14aa7ae49ac715227f9728f136808ce623bf0209a3cc4bc5b6681021866aff664da6d717ab6136d441bd2fd3c6b33528570387fb8a494ef79e58602f65a8d0cb19da58f0934dd00f557be1ba4ace900c4788a7503f7a3ac4eaf088003ccababad63a828f1805aef4c6b2627f736448d7a20752185f9b5bc37a705ae1a33829cabad00d16ef92a0c8c56886c65f8f882ef09c691bbab95f31ac1838aa94575fc9788f9f771ad0e0cfeea60374bd9f5089663ebaaed718ece31ecc4e8a7c2924c323f06b2ace522aaa88f806608289dfee4c7e83cde485a563473146fcea78d1b6d72750c7a0fcae929a70b55916314c916a1a4211e2cf5fe9fd78e206f12e00dcb4f74801527f7a7cd87b3ffff8bebfacdce8b6100c570eb61e1abc2743d9bfafae78dcf528ca5975a8eb748d560fbbfbda859afe76c782ea7ad0e51ec88db60b5f2a9c5279f317859a7133d50bcb278f37b9d12bc961a880d222f52411e4008d16e045bc68265f649856fe1e0aa81352a6b7c29f6b1957e19b0eb2296aa268957fca47e6a665d7bb916873cdc73aae5b5133de46aa88d601cebd010c7e384f995eb8bc22dade32545be0b7d7c738dd0e6695192f4616e3f1829c5db8c91dedc720de62f80b916e3c2ac9109e11b0ca119c5f2011a0fcfb472e7f08670234e92b26a726d33427f4825ab272d5d8d0a79902de3ab8543e26ad0315fcec4f1aed1ff46d7ed591b6d4a663d4d743072719bb313c4f2fb930c589cd86e2ff6be807fa4d53d76fe38d1f7bd6c909686a04a46fc01b84a795114fc0632f341e4c2976cfd689359e1507ed088585eef8edb1df5cc21733dc28a5ea18aa90b3375fa0773c29b2ae7bf2ee9428280b243ba49eda244c28f9f978a3ec05cca8787488fa1e50f97ddf7df091eda9aebad278dc9fcacf98f7c5d23ff55d6613f187d9769805c835aa2461848a883b8db0774bdb0e449711f608ebad15a31d54e3f0e4a281e3b348f9143134f50bbab3e51bc11d11f59fde82f6b2936764d8bc85bac3c64b7b84e199661fb451b5b0bfb54567e68a63d9b78fc2d19c935990aa835d072d28aa20289255559944fe1543169aaa7baf94434eaf0c55fe8ea9f362a25f437c2bea4dabac571d71d3db5e81d3e775893bc64468c111cbf598f066ad2dc5f3d14bbb8b9720e325a433a3ea4128885a4f88bae0ea189b285d64e1ea81779cd016fe8e94440a18964ba322b293ea80bbf61f5d5424efc2aad2f1a4b232d4226805643e78ad291e12c3c21994e14135de8434f5e8e6947c4635738c687a83d9ab0692ab29ea355a4fc5577af7e747d693949e173d7206c5fdd33d0b6a5e82e4893fdb9b6b7767b26111fc7a3b6452f1fb9cb5d48a7b0b887f4a8cd6a6b9660e867385a7655a16799d186b22f631204371fe6496dcb8cfd010989a63746db0c1c3903623b29263b2adafdef7b581526b24300a2710b531c19b7c7d3670b190cf53b86966c511b1a717f75cbad4cc83306104464d76accbbe080a6d2b09dd8a3af9aa6256fcfb8fa455f3ea2b4b191ff39ec488e4ce59c1d93763dae0a7003e14d7653ca8af4e58ee3cef321b45bf68ba93f730a9cfc09329d1d7112cf03976e9fc940e099aa80c5fb627e27d7b8b4c3c9c7ca9d40e9431c0b32413928cb4255f71f80b04cc722c22815e228c01fe598cc76cd5ff6d412e0182f5bf6025889a8f26441bda40e01072b8dc7755336572be99180a0fe78471612b14fdf246d3ecd77af5ab06de084a798901382675619beeeb264e55406d2fe8a99275c136e7c8f9ba09f42ccc76ed2164ab10c5f124d50c9cd1d4cd45a8ab5f5fb352fc5ca982370da623cd7009c97306808827ea65cd61ec75bdf9354808643a7f5c25776a774706ac8fcb3f1012eb7269b02ddabf22e221840e4c0e8cbe6130f95d8ac5de762720c77ea90d60bf27628c51e023cd9ad88077097fe75e5abeeccb89358df80eac26bfe17e456c27a0aba5b27faec420ec63286a52625bc9c8454f28591a9941301de828356b2f776774e6d80dd3a54c7faf0ab2fbeed51d448ff6401d1d798b3993c5fb6a437769c45d261871f40019567535917fff30b2bb45ba7129980797eab3fd5682ad00a28424fd2e92e38819cb6bbfeb93fd628490bf0c8da0a1094b36e58dc1784f85b76fbdf10d6db88ece5c9e582131aed33ceb0491b68b2474196e3c686d3044ad5b1c614c3d8e50af9b8dc3b38abe388b9248bd83672ee1506453d5721d13535bb1a58c9592426697ade9457b435c83fef023740cdd349b9b70e67257a7b0de723f6c110fe1131c18399a672afe8f5e4f324aa3efb2d291c49cfe90f9edce91a8f572a639866df201387fb07d0d681b112a3fab18d0bc4d390f1a96c58f674de1f02fcc3f6a63723a8ce00496ccf69f3d08becb4fd77f0e01ba13e4dba3623a47c35a23c21185cc76341f30d46fbb3ad6a13b9b7e5308bb6afa05ea834f2c27fb8068e33827fca4d43434576dc16526eed155b8389fab4718e78bb366b4b816299505eee1889f9efa861293cb7d3eb96d874a557d5132f6530df490ba227211bf55f5b77bf6e9f0a732a276466844c4b60e86216f4e84624d7716736eca58b672f51b59e5b9ec807d4f5f7a13d76d7073346b380266d93a2f9167f339a81fc3712064de94c2ce6960981db85714ed6989c18f1f63fc4dbc9e5f37408af86e8927b238db2c179d386f3689644ef32306aa0d2fe1f25efdc879583f2c30383c883dfc9c996b36ab7b601b209ea5119de40c53311919ba3041e851bda7734fda574e646b3b2d200b4c98ea4a8aee5b9ac09506a025bcf79f7ddb226adf1242b52752774ce15dee01dcdc575d3e54d5a187f1c3c5b81b914295e604421c8f933c849e46464c80467350938896967652a39d236e150c2efe96191a2429d89f25b0b61331e4606def55430fa9833a323a21a2d47a9bb038958ee18881e69fdcc91555674a33734ff2321c7c08d2c66f02b7cb4b13b417e7865ae5dbb424dd4b8c16e337e2f25c45601f57f88c2fb0247b46e3005c24f6851fe73272ded4762587599ab49622db5ce25ced581c12eacb4920ea2b607fcc425af8fdacc30bfb8162467ec84f99c58444c58576629dba6f8ccc2b785170a9669fc236fc568d784665f000136864410a3cd6487b72b8d895f2ae299999085afe0fc1cfd9878b4478aced33b607ace9ac2af9a0a64ad2d7dc8a6dc651822265b21a2b3adbf6ee22bdbc239388119ff5228f037d12c608e8d98622699d5d0186140f44751aa76d7239d89cfb508d91d71db4bb1c5d3954fe484a5087574edd52b3769ac03d159406795e522d333d6dd3d8353a6325cce9546131e00426bcf27c12fb494b03f7cc498b1718d15050f295a07725556bee57e04a7a45847a72386fbd88567265fd2ce9e2a68d06390613a0fd7f008e7515452aee7a4c1f993ab79229d144aa546e9f81a5240fa3ef36ba65762eeb763cfc3d2fd2eed2c9b323879c3c5d7ef516de65d7528f403d4bdd30056c34f932df0a0ed49d23cf79c1a287c84d47e96497a2c343c0f48bc5ebc27424629b3830f652fbca379bb38740e5f9af4899e36308e567031009029bc2fe2b8d9c5d859b45fc9593345b902fe6b92aa9bf52c0ebcec06d8c28b3ed70ce08983ea61f4bed6f65325bcdc49931f200a35edebd32963ec81877410d71b30ea4202b30b55377178a53f8dc2ad643f108e589652acb206777d978f79dc68e4a6cf972b2864bdcd39a8e32ac3ea44c4f655d218446903f7995b6e715fb3058b66ee2a64f02cb661be9275f1414596170d4b64c367c5099105bb521f403cfb359ccbdf7845bedb0a33734fe846cef4ab7935e91fbd104b72a61c978bbe9d21aacb58fdd0c5bb57771469e8a429972509970d3b52553776c01b370346be6be840ff48de4aa9a253180ba8d8e8cf1dea7365b8eb67f6b88e4f4025e7d2c8e1a7bd6dabb7de40e2f59c5969fd68fec347afd3397921d6e9471e1d374dbf9345bb3984afa24e685ab3c6e87a9038ec6dd7709c653863e77ef1564eaa9aaf8ab085f399efa5f79c86de8d1019ff4f1bed3c3452109e2356be02f7e05bd11a4ffbe6e6580fe08087897edf67050b2ff2a0753eb5be31d71f70b5674310cc81b392a04d9e14c7ae64f52ed78de940f31768297a793b1962ce9d2f88bafff90bd76418c9eeeb89e7170df765609b02653d407e6604c48d0f2cd96e1b86f70b015ad4e3f9bba38ff1911267095825213f2f17e4c9ce5154d5562ce1b649e308130dfafab56ad11c12435d1ec8156de6eaeb7f657ceb786a7b5ff3489a0103c32a28c95cdedf0b0f4d55ad1b5d13132215c0f47cdaf6e76e7db62f346382b7df265d02980583d38f3c716a1637bf0a801ffc8ae2d662013376ccffa42ef21cb79f80a9cb9397dfac61176a8e56850b4d136ac324945233e32f96d3b66ce4804b00e045a96c170bea63fcaf7362c0398f16d452fa517803abd6ac95466be640c8966dc9ac56c738a993cbdd46acbb69cca9cb47b2c157d301b3818e581a59145e50ca339913bd7bef25b7060ea82ef98dbbb93ca328584682db94ca146ee3f72a7c42a62525369befb573eaa6a8c46a21cfeb9e98da4f8dbcd35a950a0065c69681f335a24ab7f8b645010d8d9f49bfd44a58a3120800ce9584d84def2484678c2726e6b50248cbf1af3a3afe7b0d51", 0x1000}], 0x2, 0x4) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) r7 = openat$md(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/md0\x00', 0x80000, 0x0) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000180)=0x0) fcntl$setown(r8, 0x8, r9) ioctl$BLKFLSBUF(r7, 0x1261, &(0x7f0000000140)=0xff) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:53:19 executing program 2: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x10, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/mls\x00', 0x0, 0x0) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r2, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4d833151e5b8a656}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x4c, r3, 0x800, 0x70bd27, 0x25dfdbfc, {}, [@TIPC_NLA_NODE={0x38, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7c}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20004010}, 0x20000081) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) syz_open_procfs(0x0, &(0x7f0000272000)) r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r4, 0x89e1, 0x0) getsockopt$inet_int(r4, 0x0, 0x3, &(0x7f0000000000), &(0x7f00000000c0)=0x4) r5 = geteuid() ioctl$TUNSETOWNER(r4, 0x400454cc, r5) [ 3501.316345] FAULT_INJECTION: forcing a failure. [ 3501.316345] name failslab, interval 1, probability 0, space 0, times 0 [ 3501.346389] CPU: 1 PID: 26326 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3501.353581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3501.362953] Call Trace: [ 3501.365806] dump_stack+0x142/0x197 [ 3501.370265] should_fail.cold+0x10f/0x159 [ 3501.374472] should_failslab+0xdb/0x130 [ 3501.378478] kmem_cache_alloc_node_trace+0x280/0x770 [ 3501.383640] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 3501.389122] __kmalloc_node_track_caller+0x3d/0x80 [ 3501.389137] __kmalloc_reserve.isra.0+0x40/0xe0 [ 3501.389148] __alloc_skb+0xcf/0x500 [ 3501.389156] ? skb_scrub_packet+0x4b0/0x4b0 [ 3501.389175] ? netlink_has_listeners+0x20a/0x330 [ 3501.407700] kobject_uevent_env+0x781/0xc23 [ 3501.407719] kobject_uevent+0x20/0x26 [ 3501.407736] lo_ioctl+0x11e7/0x1ce0 [ 3501.418443] ? loop_probe+0x160/0x160 [ 3501.418456] blkdev_ioctl+0x96b/0x1860 [ 3501.418464] ? blkpg_ioctl+0x980/0x980 [ 3501.418481] ? __might_sleep+0x93/0xb0 [ 3501.418492] ? __fget+0x210/0x370 [ 3501.418505] block_ioctl+0xde/0x120 [ 3501.418519] ? blkdev_fallocate+0x3b0/0x3b0 [ 3501.425978] do_vfs_ioctl+0x7ae/0x1060 [ 3501.425993] ? selinux_file_mprotect+0x5d0/0x5d0 [ 3501.426004] ? lock_downgrade+0x740/0x740 17:53:19 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x1, 0x0) memfd_create(&(0x7f0000000140)='lotrusted\x1a\x00', 0x0) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r1, 0x89e1, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r1, 0xc0585605, &(0x7f0000000180)={0x1, 0x0, {0xffffffff, 0x9, 0x3017, 0x0, 0xd, 0x1, 0x4, 0x3}}) syz_open_dev$sndseq(0x0, 0x0, 0x0) syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x3, 0x2) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video35\x00', 0x2, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000040)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, &(0x7f0000000140)={0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0) 17:53:19 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='\x00\x00\x00\x00H') connect$inet6(0xffffffffffffffff, 0x0, 0x0) openat$selinux_relabel(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/policy\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_STOP(r0, 0x54a1) mkdir(0x0, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x7, 0xffffffffffffffff, 0x0) ioperm(0x2594, 0x0, 0x0) r1 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_emit_ethernet(0x66, &(0x7f00000006c0)={@broadcast, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x58, 0x3, 0x0, 0x0, 0x4, 0x0, @remote={0xac, 0x70}, @local}, @icmp=@time_exceeded={0xb, 0xc1062330fee2d385, 0x0, 0x0, 0x0, 0x0, {0xf, 0x4, 0x0, 0x0, 0x0, 0x64, 0x5, 0x0, 0x11, 0x6, @rand_addr, @loopback, {[@end, @rr={0x7, 0xb, 0x0, [@dev={0xac, 0x14, 0x14, 0x19}, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @generic={0x0, 0x2}, @ssrr={0x89, 0x17, 0x0, [@multicast1, @empty, @loopback, @dev, @empty]}, @noop]}}}}}}}, 0x0) pivot_root(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet(0x2, 0xa, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(r1, &(0x7f0000000000)={0x31, 0x3, 0x0, {0x4, 0x10, 0x0, '/selinux/policy\x00'}}, 0x31) ioctl$TCSETS2(r2, 0x402c542b, 0x0) memfd_create(&(0x7f0000000240)='\xab\x05\xae\xa8\x17\xe4\x93\xf4\xe4a\xa2(\t\x00\x81\xafu', 0x0) syz_genetlink_get_family_id$tipc(&(0x7f00000005c0)='TIPC\x00') [ 3501.426015] ? ioctl_preallocate+0x1c0/0x1c0 [ 3501.433844] ? __fget+0x237/0x370 [ 3501.433865] ? security_file_ioctl+0x89/0xb0 [ 3501.433879] SyS_ioctl+0x8f/0xc0 [ 3501.433890] ? do_vfs_ioctl+0x1060/0x1060 [ 3501.487544] do_syscall_64+0x1e8/0x640 [ 3501.491887] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3501.496828] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3501.502449] RIP: 0033:0x45a4a7 [ 3501.506985] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 17:53:19 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$TIPC_CMD_GET_REMOTE_MNG(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000180), 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, 0x0, 0x0, 0x70bd27, 0x25dfdbfb}, 0x1c}}, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000440)='/dev/null\x00', 0x0, 0x0) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @empty}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x0, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$TCSETAW(0xffffffffffffffff, 0x5407, &(0x7f0000000700)={0x0, 0x0, 0x658, 0x5, 0xd}) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000006c0)=ANY=[@ANYRESHEX=r2], 0x1}}, 0x4000083) r4 = syz_open_dev$midi(&(0x7f0000000540)='/dev/midi#\x00', 0x5, 0x800) ioctl$KVM_SET_DEBUGREGS(r4, 0x4080aea2, &(0x7f0000000640)={[0xf000, 0xd000, 0xd6865d1f3531313c], 0x1f, 0x40, 0x7fffffff}) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) dup(r5) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r7, 0x89e1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x4000000000007) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$TCGETA(r2, 0x5405, &(0x7f0000000500)) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes-aesni)\x00'}, 0x58) fcntl$getown(r3, 0x9) [ 3501.514794] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 3501.523268] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 3501.530840] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3501.538469] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3501.545759] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:19 executing program 5 (fault-call:3 fault-nth:28): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:19 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ioctl$KVM_DEASSIGN_PCI_DEVICE(r3, 0x4040ae72, &(0x7f00000001c0)={0x800, 0x0, 0x200, 0x4, 0x7}) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5) ioctl$sock_inet_SIOCADDRT(r4, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x27}}, {0x2, 0x4e22, @loopback}, {0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0xf3a6685aea4b82e6, 0x0, 0x0, 0x0, 0xd6, &(0x7f0000000040)='veth0\x00', 0x5, 0x7}) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r5 = syz_open_dev$media(&(0x7f0000000080)='/dev/media#\x00', 0xffffffffffffff01, 0x2000) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r5, 0x84, 0x4, &(0x7f0000000180)=0x4, 0x4) [ 3501.882298] FAULT_INJECTION: forcing a failure. [ 3501.882298] name failslab, interval 1, probability 0, space 0, times 0 [ 3501.894442] CPU: 0 PID: 26372 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3501.901501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3501.911152] Call Trace: [ 3501.913760] dump_stack+0x142/0x197 [ 3501.917454] should_fail.cold+0x10f/0x159 [ 3501.922670] should_failslab+0xdb/0x130 [ 3501.926748] kmem_cache_alloc_node+0x287/0x780 [ 3501.932158] __alloc_skb+0x9c/0x500 [ 3501.935886] ? skb_scrub_packet+0x4b0/0x4b0 [ 3501.940224] ? netlink_has_listeners+0x20a/0x330 [ 3501.945200] kobject_uevent_env+0x781/0xc23 [ 3501.949543] kobject_uevent+0x20/0x26 [ 3501.953437] lo_ioctl+0x11e7/0x1ce0 [ 3501.957053] ? loop_probe+0x160/0x160 [ 3501.960957] blkdev_ioctl+0x96b/0x1860 [ 3501.965004] ? blkpg_ioctl+0x980/0x980 [ 3501.968897] ? __might_sleep+0x93/0xb0 [ 3501.972899] ? __fget+0x210/0x370 [ 3501.977476] block_ioctl+0xde/0x120 [ 3501.981455] ? blkdev_fallocate+0x3b0/0x3b0 [ 3501.985908] do_vfs_ioctl+0x7ae/0x1060 [ 3501.989867] ? selinux_file_mprotect+0x5d0/0x5d0 [ 3501.994617] ? lock_downgrade+0x740/0x740 [ 3501.998775] ? ioctl_preallocate+0x1c0/0x1c0 [ 3502.003186] ? __fget+0x237/0x370 [ 3502.006626] ? security_file_ioctl+0x89/0xb0 [ 3502.011056] SyS_ioctl+0x8f/0xc0 [ 3502.014415] ? do_vfs_ioctl+0x1060/0x1060 [ 3502.018671] do_syscall_64+0x1e8/0x640 [ 3502.022802] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3502.027645] entry_SYSCALL_64_after_hwframe+0x42/0xb7 17:53:19 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:19 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000000a00)=[{{&(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c, 0x0}}, {{&(0x7f0000000140)={0xa, 0x4e20, 0x0, @remote}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@hopopts_2292={{0x18}}, @hopopts_2292={{0x18}}], 0x30}}], 0x2, 0x0) socket$vsock_dgram(0x28, 0x2, 0x0) 17:53:19 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r4, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r5, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000001b80)='./cgroup/syz0\x00', 0x200002, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r6, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r7, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000003f00)={'ip6gre0\x00', 0x0}) sendmmsg$sock(r4, &(0x7f0000004900)=[{{&(0x7f0000000040)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x80, &(0x7f0000000280)=[{&(0x7f0000000380)="f63e3dd4481d79bd729d0cc71bbacfd0c4b8c2949fda2d02cf06ca23ff6ea18f35f97a12642f6ce7a9cdd046902ee701da393a228c7099f71b1ef74b16ddab33b9f9b845ab67eab25af31e056fe8a589280feefd2c2d3d81c1f7c7873dd50a494a61c88683cf596bff1e8832b3b64b406f279eadca12516ae91ae5e3fc3b18fc6a8e909f9f3f0f2f09f8698ca57abc0e533ad7fa3383ad1f55a964ae08e59f54432e4f0b361720b75a93149960b6ada4fe6817ba622d1328c4ee0799738588084f567debf77ac1c185d74e72f348e3f8ff8300d5e814e006ce4cae22aaa21c0a501fb2b82aa515484437f53aa7980cf37a232be6e290b7f18ddb1a89da02c3bd310ed80a9752c0efe37f1367a0bef1cf49d5fe1f5987cd435fb205258340338fcc8cbc8d9d3f890da5f2a65c221256a483a3d907206ffedbecc085af8ecf7d2817ecc8608e4126f39f7bf8bbec05b59c90a84d4a85d4746404e55761af1cc9d06d0555a3012a5ab5aab7d467ac531c2bf7e24b9e826c5a8140971a38cd4f3e3d3a7d493c5d8f0a7ebcf114b477a2af4c69624398d928e107d85c2734aa0f1f09bcf872f968ecf2e6b8676960e54954dba483a9ac0f0a7b50f1ee66cf07ae7e947f690040a8fff131d298548bca176e50573d20805f1bcbf4c094db6064f5bb815a6a3f0d77b68e744c544dac169ac2093b5804f104343769ef20c7812e2d7b12af94e5c6e1eb9bf110ca16d23f639fa5f1e871aa1d8bb840113c9b2afc5a5f6bcdd4aab690db5d81cd74fae16752b6a511bee67375db8d41b89692239cf4844a95fa06299ab686c900934d89d77e7a879843e0164f1c08d742e8c289dd385babdacd7d9668fe92e70211ad721b7fed8e88309af57d2e2d29bb74dad3d54de2512572f4afceee53034e10ddab67b551187674a0d5adf686259cb43d2a9222d6694521a8ee00c4db3cfaf661971d4f994818aaf59e27a56eb3de80efa735f0939f3c6d0a2d7c69767b6e7920198552eeedbc1d17ca52fa69db4cb87b51c7e214d9dfe8ddbfc06e4ad4ed2a2180db20040fbb3265729025d6e31eb0035591b5ee05388b633a0925ec92fd04b92838dbd1797ac74e48f4f5145fe018638a58c86beefc6fd46924df4c3e1760ae8f72df525fefceaa93ca71e12bcd7c97a583845d06c5c37610198a23d178add03abca8e7fe6ec0e1e9ba51a814a51a1c278c9a3bac95704d77690f0bec57554f6248ce07a480d9edd71d3541f199073630b34f0eb91a44be3734063cd31c62d1fde62cf265f4fe7a151ecdca3fc3d4bf6c7be5de68043fd52e17d3ea26a194702a2f47bf6612936c2ec27428df22515711b4e620074e6e4ef6c9815b186ab2e89bfa521c8b82870c8d99d6eab61289b2ee68c490296b065a74595d7826cc616cf2f3762f7d3c2280b7e8a2752231145fcb8ffa2ac0072d2cce5e820b8f4b8711e99fe6909389e13772458576dd8063d3c1d6b77051e37b07f748e627e6f735a32da1c719c32c1cf03384f0d40dd3f3c012852e61adc92edb214958e62e801a28ad3f458e985fc9b47b4550f413f2402ffe6737bb97935487c3d55543b8dfbbed5c8a2b402d95071a6b0222501d29f37f4cbca73ad5782b8f7eb27bb60f6694e89e8369f51f7800b83312c148f569ae866ef16b778860fb2814cca597cad3115e96eaf66c76ace556244a20ab2c0f631e4d628bf39a348f29d42c545b2af0cfc47390a175a837e863cb25f6aa168d4586bde9dca341fd7737db7bedd939c6f0351aa4badd079e0cdc076be08215db0a8bff15c9e0749fe410817bc3de701993ac7c1a2943426bfdcc5374cc36e90f3a2e47da3286cd01940eb3dbbc00e557a07c5913c4a52d6efa455af1b1c1739e73866a0fb5a0f8ab09dcb0a2cfc5c137f4739c33893d1ce02fa06c46203c04de8370ba632e4bc623c204bea131e2f117ab6867da39b0365ee19c7cb8e9b524d142464525f6193d9d69703f4a4f60687dd782f12c0f0629a323be5af094a7848bfd396c23e070bae3ee11d1be3692c1a339e84216d96ae54841e4e26674ba3ce5f038ea3126a302e6fa5cbf34560d02825ec5661c6a2f74732267470a6e46f43227ff77c29f5b90edf62097d262c9c6795f426ceadb419840778c56a8452d9d0e865db0ff8222e247733af4da550623a94c34bb47d42ff2080b12d3f5a4a300c170a460633a3091b1b9f395d4cfe5a19cf7d62899f6bd08540d21a88ac672136f098fe51ea4ee1033c86f9fb76ad88ed40b667ae13e33dc1b2cc1c45217f2f6d696bf03975d4945490cfdffef51af878cf06d0fa1f4c2d5a85b354a43180e6354ea6d3f1f4b8a94b166d9e462e0cfac597470e70c3eb946598d9df52f1f5c335b3eea07208dbdd0577f4408b3d6c2279fb4ab79b2b178cf84986a5622b2498402d2385079d271fd3ad004b938aa2d99f8d24dc3167253380900655ee1847336f601ab820e563fa89f03a119c2c17eac891bc582e1b8bfd391a52a33581a573275ffcd34d86163a293688b58fc3f1001ae6c1d48a76cf8cec79d98851486821587c89a97463a6e638231e03f2851cf94cf86e43402d8e3687a1485198b7fe673e622b5bf053c38ba808ce89d9664ff3904a424339ffbab8c1d10cfda7f3a7fb498600a7c43c2b3d3c12bad3c8730870b898213d92cdaa0b442156071cc253bbfc2ba37474127c1c36ab70f110644fd6503d1448104c478f88ef6c0ca9624546e20e0df809dad376550363d3fc5f4e09427ceda1e905daa9d00f8eb8b28efdba1ab0f6f0ea8fe789c9288560c8705a460306b3a12892a08d0ded74cbda2edcefedc3e1872b92faff0a2793fb0ae41ecf10e78f3d791157fe2cb5d5d91ad69460aaac287e9625172a2c2a276e869ebdcfa6c5e41e40e4247ace3784bf2cdb67cf6f1e6574f6e4a6edec8235cccdb228904744c2eb60176aee286e979ebae6e4601bbcffea7d45d68d05e9aac577b55465fd2298fa09b47d478320ce291e2c3010dbf615523b5c2def2005804aa30865d2900cc1c515072b4bcded4ffa3e12b31497c2ee376145c6c516e36ab3440b2c6d7b698e3d03eff2f16d18b5f99d778586c6f92b76225f2d5acc1fe9577356fb22879875ac1bfd08a529211fa9057b7ebb72be6d1717bdaa3f4aafdf7daddd8766791191f10026ad320f7c8d299249668f94b9eaa595d14beb936b8bbaf9d729a28724c2624b07276097e406f6fcf0b754730f88013654ee6d6610f6610686f91e5bf553b3a9adb20f63a2df8989bb370decda4aebbb67f3f817de832839dfa5075c93eaa6dc1c28277df2e823e504f587f061fcf3d0c401e4ee527023cad2d1bcf1d8151df5f9331f97689ce0572d387bb5fa05e6701ffe968e1be65ded1f3c5b07addaafc8fad91a68f98dd1930b29ce5f19a63638cbfd637eebf1427f5b0bf01d06062e54ff7c4e665f35036b42625adfa6c58e80d76b9afa2ba28f6fdd7b15c1193c5575ed17ef2bc90d915b1b4234a8984039e8373a34b7d404e82c1dfc3753a3fc0fd4c1b8fe6090b6ec40018973822c8606037c42e3dd707d9d8de21fc6bca901fae1ed60d4db0f68352d3f1e1ba0952cdc3d2e7d8c63fbc803464b09f9c160b1711710fece6ce4d9b8f0043113df52e63e3381277b37f9139809d3f14a14908b738e6bf4f1e58c9a5d5706bf92cb3e1b0639d70b324f11fdf307f3d4166f7f9f760528b23e9ac43b8b0a5f337c592a46ab430d135f49ced7237f14ecef319a1846daa49abcce12cb032954de9b697d12c1846fd8c5acaec65b93bb9b61031205065d93aa15c2067abc3963cb27bd0ce083743b8c82381114bcb8cfa86f8d78a0cf330e2efebbc854b0bbaffe571be67b77b193cc47e4ac13a099b0fdd2317a6d55410382f82207de32fadf22940a31db6d55ab86dfd1db53faf76c7f04ed105999e5f67da00c937a0b151368e6bfe81f245a0f382ce4c466eb8c2861a5a4264138c945c3a6ad7394cd7ec5067cb83e77d92eb150397e3c627786776aaa256143e664e0c336f7b522b5d160638603ff462154da57986d6147942480a946c79da0661d613793164608eaf3cf584715f780d5caf386184f91254212037d9f71acddf058f51c8702194860deb612d9b98c85c3bede9cb29b514af4d2de5c2b3f5413feedbc9756b884c2ab6099439bd30015d5ca5f789868323a358f0b10ccffc22ad67ca74b23eac4f17bd9e13b5e59835f10ef2194bd0aa21641cff7fb05f4f68634628aae2531727db6bbc37f4cebe7b0a6113e76f1d4235a4d9e06cf4faa1060305cc1f9ed2f16decf3d69c74eaba29eea61419177cbaf22d9e8803939fffc4d850161fe53f5f255b206ce5d0a4de450296ff38a8b7aa25bb0db7b0c5a10b44e5c9ae7afb0da2528b2891ffafcc6bb675762a7d490b76542b097e127103f05fa280eb5af3297d59674c3429c59ebe469dd849aed9b9eee495f35fdc929a7d76897f6c9c1f30d194a254643174ce257eb11718070448015a15234dff0376a4500043fb3c0724f35ae920b926117694a6a4dc5e8eee668a687daaf34afa30b62761b0e7c8e135c93cd3494c28769e7467d7dd3900694e2c1f87080c6c07cf871da29c579ee62cfd5a54f96ae93547317c81aa44b504ac407ce11725734826ee0ee0e49cb4449085edf83a1592e7c5c8a93d46bd954220e43c3978ee5c954b74c61c1e880405d30206fde79e6e755107b73ff28dda9d2f009a2ef7304909e84bb49a13cf2fbbc9358e556800e1f068bfc11a40811b7818c2e20202ef814d80d20555d4dd047d134317057c3f0d7e7085e2a543736e293f70ec1129d34f830702d1d232358318b1f23abc8143c7a71682fa097494703402f7f90d09cb0fd3cbe264e4ff234b767f9a2cb72c298660436a07654de874c3de386c9d312b4e928a509b077bf0d8c052c61917b99f77bc59a9c48411e8494dda481e5df381251f916b536c662f01708ae3b22d72693908a097e4598f8523c79b40aca882df2d9c2b88716a5c73b9208df96a32eaab5e3078274c6b86dc263ac8b32846e9eb2161e4e7751007bb70d4ef6ffcf9d88ba3422e8166d40f38d3d4aff56623fd664ecec4ba6afe689c702eb557db05ea2e2518c8645515adfa3e4cfdfed96735d5f5db916fc2c6e75f20ee6985aed6d89e646c08aac1ab6aeef581380570b68e7fd2ad7e355e33bb6358ad8864cb0c7e0fa3f3624d0468d26add3bc3d7ae4874310869b25a68c3b7ef907dd65583229e097adb3f8257db0f7d6d57ecd3c536363f9b8a50a30d8751a8dc9e4038a0b9d25af0ec51d1ee745129ca91ae375c0c7795311239d03244f1ae077a1f6fea72c224f5f3440f1d6a846d334a72e4f8d57a726db0adf0982754cc8d47baf529cd62a9f1a431d12d4dc9eb6120abf677152535a68fe7a089fc524fbd5b04058772921162c0d64bbf53490724be000ef60406449373c94b24022cae1e00d10a4a5f8ee69c96ff403c15421da11c6f3138f22b5d764c07d64539b2613fcfd2ebf7147dc7bcbaa33bac08847ca140d3a5be27c43534afe0cec7df346ef4c8833f035854fcf524b4357550c0960188ad2293c33dc8198c3f16e717370125a670512c1649552271287474a845d368a840b95785112057fbae44d72cb913fa809a03d9427543be0c0f334851fbbfd11b0e2c4aca8c21def8ee23a320a9d4427b84e9f4dd4f3e3d479533d9a7d861e20a72197cf43ed1f8c1d6a9f31d8ed0e4b2e59f9c24ff01d2b01bb455e610c9906b7f", 0x1000}, {&(0x7f0000000100)="f8b03b7cf4cdd9a83ea2acb4e7c40d31b49df20038ab259be59c9d97a422627af3b730f32c29b825824b78aea1b23b686e3f4d330aada5b4884f76ba417eb2cc3ebb82c81e70aa9889fc3e2f16da63239e898eef745341cb15d89c", 0x5b}, {&(0x7f0000000180)="32e0ff9f29a0a2194bb3c4f45091b0cf9f96b26878623147a3d6180842a4bee96300bfa3cab9df1f33dded30c5b6df89277ef163e0e1f1942c9512764e23a449b961eb3e31b3e0eb3a5b0766c2d12eef8f2f24758c5fa56ff0421bae9533850ab968c248f03c416d6603b4546d5980da39c8da30154046f28b758b861006533231680f58a8f0a2fdf7909768dfb95ff53b1bfdb9ad38432e84029afb27d186aad5d2639b8b2253283ca78eec67d0a420e065b5e99c8d4de3412ad208345aec43d185c7e6b02bd06bf01649ed16bc078f95249fe9ab750249943d93b695eb939a88b6dbdbeffb23a3d5f980159631b06b4b1475305fb4994cbe74", 0xfa}], 0x3, &(0x7f0000001380)=[@timestamping={{0x14, 0x1, 0x25, 0x4}}, @timestamping={{0x14}}, @mark={{0x14, 0x1, 0x24, 0x1fe}}, @txtime={{0x18, 0x1, 0x3d, 0x8}}, @timestamping={{0x14, 0x1, 0x25, 0x92b}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0xe30c}}], 0xc0}}, {{&(0x7f0000001440)=@pppol2tpin6={0x18, 0x1, {0x0, r6, 0x3, 0x3, 0x3, 0x1, {0xa, 0x4e22, 0x5, @loopback, 0x915b}}}, 0x80, &(0x7f0000001680)=[{&(0x7f00000014c0)="f31743ff7e90691398c563a7a69b793641d54694a1aa43ab8ed8f72a6a84be35300639d9b26cf393850711e517750779f2c82c0d", 0x34}, {&(0x7f0000001500)="d44150c65105858014bf34a6bfc9272ef3541dbfc95f836e867d2bc68d5a213de9f5742d59dafaaa6a32ff0ef4b1b02bf6d225e807a7b9fc97b91ee6bdb119790acdcbf7ba1b2da8ade4e790570d2be01cb862fe6124d39c65ab", 0x5a}, {&(0x7f0000001580)="9030ebe15e87c65e47c1f0932c4ace12df57e5479509a94800ab8e8ad211d8a62b584cfc00f8c45f5fbdc087ab50b87e688b822a6f0bfee608756079e6130d3efbf65084ad13ed918a80b4450b1d8ffad8640d8fc203ccc60d0695902af04badb5f8195fd1c9b204558c12326f77f1a44977a239700f732e01301ccfa6476f0c63d0ba6c988665f97553e53c867208a4e7b9b16d18cf5580fb8eced65d76c1c94e742b2a23ba", 0xa6}, {&(0x7f0000001640)="466da6526814c59057fff71704e0772e7272d35854f673719c40f0adf37e0242f642319c53a6074df45780b2a874a67dd2eb99f3", 0x34}], 0x4, &(0x7f00000016c0)=[@timestamping={{0x14, 0x1, 0x25, 0x4}}, @txtime={{0x18, 0x1, 0x3d, 0xe90}}, @mark={{0x14, 0x1, 0x24, 0xfffffff9}}, @mark={{0x14, 0x1, 0x24, 0x63e6}}, @timestamping={{0x14, 0x1, 0x25, 0x7ff}}, @txtime={{0x18, 0x1, 0x3d, 0x1}}, @timestamping={{0x14, 0x1, 0x25, 0x9}}, @timestamping={{0x14, 0x1, 0x25, 0x80000000}}], 0xc0}}, {{0x0, 0x0, &(0x7f0000001b00)=[{&(0x7f0000001780)="c2ce936131ae2803ab184f20695567fb646d11aa26d0568342e23b842f3cbbe8e02fd961492e2d5df97c7e19710cb8b3c0720b5d3ebfd42cc567b41e3e7b7a47f6889f475feec7a917abe06fe66df11021ea3f3963155cb5df23db0b9107a504126e70dc4ece40896c08edb0c7c6845373047699fd559b2c15a2c4c58df620a95dc15cb8e9f440e338d45e96bae5f8d4ffc1f579f0cd7f22aef578e7", 0x9c}, {&(0x7f0000001840)="8e0a325934ed3673649554e937d3928ff7a766eb9c537403dbb0d9b5109b249dbc2d8407e2e747b2919fe659a9d2df2b3b071ba02c10d2f8833f1a40d70c2b7d1b906af9765828095f43015303a55d34b2d00e03988881a76baea59f2ffb993b1b56b0240f0900bf18e7238f18f9d8e09b07f5ce", 0x74}, {&(0x7f00000018c0)="5f53f97d3d3827110e64931d8bf867d7e9cf8d0fad333f4b6a6396c41769b857590e7ab2df7c7a95e054196c7b3c03cfefc00d24ef7a7d853d6adb23d36d5a3f45acf1acb489b7e6197f9af3fb17e08f6da8b2e01ca06af1c4658bbebf295ab75ac3b4db14eb97cf3ce4cc591884d7f84becb1c2b6b1561776d5ef69deecb2c1584d72fbd82b5dc8eb8d642ab14126a6c698817fbf2aeb2e6486c179aa4bd936ad159d06645d65d5c3abc64dad5ba8b745bd48495f1a09107783f9b3f70f86cf0164feb8b5af29cd6ef912659161f65f4724ae63d5ada74071ebc2e3d20e3ce88009", 0xe2}, {&(0x7f00000019c0)="337bd4cfa686", 0x6}, {&(0x7f0000001a00)="0bfa1ee75b5b991d323d907e4cf304ca1757f4179999cb04bf76aacb34fa2dee2ee58ff48cbfa451403b298796dc6771bb6c46a9d1ca6305e27006b932898dcee9f512ab90eae319352765134d62e821dadfcd1ddbf9c3ed606e2200386e84041c8243f1c541cc1edf1fe27decab9d22e83712b08aed654bdd25d9a495641f08578815534033f486f84f83fc57d8b75743ac25115466e1f42dd15e6c5e8eb03eda7a6b6ff8526abf984ed80c78a4641456835ba6bc5d8a5131913277f53255f81a19c0191e8bb72b23ea2836b03ce6aab043e45a600d0fec102abad544566ce003c7b239385c4f709422a26dbb08de822f7581f51a264aae85", 0xf9}], 0x5}}, {{&(0x7f0000003f40)=@hci={0x1f, r8, 0x3}, 0x80, &(0x7f00000041c0)=[{&(0x7f0000003fc0)="8dcf815c45060ca96c9e064c7932c8416eaa3d8b7bdb1e713552ca894dddb1e22c5ff8bf919b13925dd8b782129e9307eea19dd56f9045b5628a4ebc110c49a0e85a146012704048c8e6261ce9b903d89b975fcb6dda95a838a938358adf93bde93d86e6208b0c4cb2032c8d37ade896210a18f2e68b512a71f1736914897e29076d8e8ea9a7d1", 0x87}, {&(0x7f0000004080)="99ef2488adf9745c3b4ff9a5fa6bcecabc442b8785629185ef7f4fe671224bd5770fa7abbdf85cd45613473bba42a3b9704b7cd29ce082d02c3a8ed68b37065deea7623f88af3abe2270f042321a4a5877268cd57bb97d9f3b2a2aa4246ad6e216f70487d4ab638f0bc5850042bb", 0x6e}, {&(0x7f0000004100)="69cf08abf1084afb0b505e8231308840c7c901b1d3f4706b4e967434d59e056705972edc8b08dd8b62d863a5267cf69dd022e5635ca170ccad41fb6d7ebbad31a8ae70cf4286467db5d3be4e83a4372904e4ed2aa20b9714d57591ad5c11baa668bcb24c42c4b1da4dfedd8ea3a88f93ba77684305c1226ce3db2e76124b4a1dd0a5069de81960558207c539253daffe451a841d8b463ac96033f484644d7cb0bf626ea6a8aaf88ec5", 0xa9}], 0x3, &(0x7f0000004200)=[@txtime={{0x18, 0x1, 0x3d, 0x2}}, @mark={{0x14, 0x1, 0x24, 0x40}}, @timestamping={{0x14, 0x1, 0x25, 0x1000}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @timestamping={{0x14, 0x1, 0x25, 0x6}}, @mark={{0x14, 0x1, 0x24, 0x3}}], 0x90}}, {{0x0, 0x0, &(0x7f0000004340)=[{&(0x7f00000042c0)="8d6bf99f3a99af6b7e10727807f596150f9a20cd11da5de25a1d955d0a96f1b00ccafa11b807a335e4fe5e8245d098b71970eeaa87b653dc78cfb6053409cc8c54f2cfae5f985f3b7d54fe69141bd82f0498171cdc2543906a03b2cee590a27a33fe337a559395f86edee8dcd285830a42c660ff9f3fc8037532", 0x7a}], 0x1}}, {{&(0x7f0000004380)=@nl=@proc={0x10, 0x0, 0x25dfdbff, 0x40000840}, 0x80, &(0x7f0000004880)=[{&(0x7f0000004400)="3a19fb18071f9b84f3bbed023d55281c4ec3f67219e097294a7064b9e1fd7eeec1d4ea02cc306f380e8c8ab735c4124d7b9caf8c6b1052632406e55a9adcd0733c4c4b74999a79664741400ac4fba0d1812447a07c5b4930273586d88b52b91ffab261a45d4e907d0c147cbe79f271993f93b5d0556009c79282faf98748e26bde", 0x81}, {&(0x7f00000044c0)="619d90a3908a6cd56fc6b6d5c9b024dada88911b544191b979609f78c680ba756d2af08d9013edc602f2c271957f323f028106a6ac0e251f0a3d36239742db42a5cc53a48769c3bb870c1e575ddbc27bd85aba0b5bf8d3395da4f9b7ffcf50f5e0e059592f6ed1d125859f81842d28dc015eea78d32d7c1355935b452f8142b93ba9a276026927dcdc89ce1057d91e631e9e4d7810fb98796415b8ce43caba93423cc6fa86ece0306623", 0xaa}, {&(0x7f0000004580)="7d811bab7ba03f7b94d2076c088261d11fd4d99050fd7d06309efa30106d7dd04e07f1dd554cc5a90bf31a57c3d92e742ab4da5af4c48d36e857f2bc6680303146fd7f7502552d652675d14081b8abbe7d43b41670e42652d8bdc459ba3c66d02c769d69c40c374b3a82fb9b", 0x6c}, {&(0x7f0000004600)="7331f8f54476f2dd64a6e7c3e78c0e9fd63e50d15703a1e300369afaac4a07e435f26c7ebf4bea81331807c45aa4eca2a2a8b4534a9b6368b4228a90cd626a00b17a7120856f4c6b1825f2e4f265482e9cfd2dd33ab07810739f5d7c58dbd87bfa53e42e100a2a76cdc6fd2b73edf397c2837facce5682d17b9b8044b901cd5f7a5b8bec48af40c8ab0e2e12cef7aab13c21b39765c8bfd13c4c4ce0d0a6ecfc629f14", 0xa3}, {&(0x7f00000046c0)="5dc57193de15052f06d41b4b93b479557f723478bd92540c92a796cc660e1179d94081960e306f80e028f26a9dcdbbf11d0ffd9aa139f03a5542041c48caafe53b63b9f0deaa9653ce33486d0aaec469d4092d383358a02a2e78b31ba11037e22a53798b4547f73b7d21c7bbd174518ea71912ea7f7215a1", 0x78}, {&(0x7f0000004740)="38e2ad20e880adf87df413ec1ee44778eac3c2dec8127c042e118f0d3c0fcb9c8f5216f1da3ef3f220f8f957833733b1d6554ba8178aa0acaadf6c4491dd0eaf56739bfe2b3e092360665f6e1a4d6dfb2c", 0x51}, {&(0x7f00000047c0)="17b0d785f2e60869a9118ad99ec6257822fa0a3a3f560750d7592a3b3dd6634703ba9cc17f488cb7c7afaa808d179477be22ef3f0e1e71656f28702a8b7b166ee8f131f3eda733a8617436555e05ce5d1bcc81db5c54991c231ce980b42f84ad5ff2ea3b190f7346284e23f3adfee00981eca3fbdecb085ce927c1bf8538f4455024b7f88cf74ab319b4a0531c469bffc1e6da39cb3363680ea7ffc6ba0d7e6584a8d45f6ca59c0bd06af24c7b952b69", 0xb0}], 0x7}}], 0x6, 0x8000) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 3502.032834] RIP: 0033:0x45a4a7 [ 3502.036014] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3502.043718] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 3502.051070] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 3502.058527] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3502.065802] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3502.073081] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:20 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000500), &(0x7f0000000580)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000005c0)=ANY=[@ANYBLOB="01000000adcdeec9896e8908286f57d770f94be0edb535e5c13770ec8e48d71750b0d770eeac3043aaa3ba3daaa296f6ea33c807ca816c6b3d7221572ee3bd6bead1efba63fea72532205c1e654640118d4b2e498f025bd00f2a9d0c737728da4e895984e04f8ac50f203feeaa5a69d6762367524cd2aced4763ec1d4a633f2de0c968eb1dbe96b7126736396d5af19df92e4ce111d696f10cca7aee39e0ce81f4609efcd71ca05b60d3b04d072eb9e60ea25dfea366bf90d38f943fea3bdf7a06218aa5fe056653fceac241dd540be364cdd56c", @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:20 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) personality(0x1000000) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="400000001400210100000000000000000a040000", @ANYRES32=r2, @ANYBLOB="14000100ff01000000000000000000000000000114000600f2000000ffffffff0000000000000000"], 0x40}}, 0x0) 17:53:22 executing program 2: socketpair$unix(0x1, 0x4, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) ioctl$sock_inet_SIOCGARP(r2, 0x8954, &(0x7f0000000080)={{0x2, 0x4e23, @multicast1}, {0x1, @random="d0769027f89c"}, 0x50, {0x2, 0x4e24, @multicast2}, 'bcsf0\x00'}) r3 = fcntl$dupfd(r0, 0x0, r1) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu\x00', 0x200002, 0x0) r5 = openat$cgroup_int(r4, &(0x7f00000028c0)='cpuset.mems\x00', 0x2, 0x0) sendfile(r3, r5, 0x0, 0x7) 17:53:22 executing program 5 (fault-call:3 fault-nth:29): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:22 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:22 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f0000000580)=ANY=[@ANYBLOB="625406b6c2f8803265f7e7eaea0043bb7553a5ba54acc54bb9d3d24c3072afa6e043cd280b0e6af55bbf3f054fcae7b0fdffb9b76e6d2903f89fd8ddd67df8086fe5042f2fbf97ee6a1d54691f1b412c9e033365208e731398759b6ae5527423a3824fab5f2ae0f9431bbe8e7f49b9d9f880748a5a62140d71d83952c5f4b969046dc43ade4920c121aca0271c0300b1ddd2ab0974c186db581712594437643abf5c2a54d11a94aa3ec0ae9ccac3e899a00dd51ee36ac1e519fd8734437c06c0685532c75b64862ce9685051d4fe1a0a00"/223, @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) [ 3504.352797] FAULT_INJECTION: forcing a failure. [ 3504.352797] name failslab, interval 1, probability 0, space 0, times 0 [ 3504.365100] CPU: 1 PID: 26406 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3504.372144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3504.381515] Call Trace: [ 3504.384413] dump_stack+0x142/0x197 [ 3504.388883] should_fail.cold+0x10f/0x159 [ 3504.393343] should_failslab+0xdb/0x130 [ 3504.397617] kmem_cache_alloc_node_trace+0x280/0x770 17:53:22 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() alarm(0x800000) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r2, 0x89e1, 0x0) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r2, 0x29, 0x1, &(0x7f0000000280), 0x4) ioctl$SIOCAX25ADDUID(r3, 0x89e1, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r3, 0x800442d2, &(0x7f00000004c0)={0x5ff, &(0x7f0000000440)=[{0x0, 0x0, 0x0, @link_local}, {0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @random}, {0x0, 0x0, 0x0, @remote}]}) r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$sock_ax25_SIOCADDRT(r1, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast, 0x7, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null, @default, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]}) ioctl$SIOCAX25ADDUID(r4, 0x89e1, 0x0) utimensat(r4, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={{0x77359400}, {0x0, 0x2710}}, 0x100) r5 = getpid() sched_setattr(r5, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='\\\b\x00\x00\x002 ') sendmsg$TIPC_NL_MON_PEER_GET(r6, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="14008000c4d8b57def995ea02f0c593fe7769aeead00cae59df0db9c477676dc9080b88d429ffe23000000000000", @ANYRES16=r7, @ANYBLOB="010700000000000000000d00ffff"], 0x14}}, 0x0) kcmp(r5, 0xffffffffffffffff, 0x0, r2, r6) ioctl$MON_IOCT_RING_SIZE(r1, 0x9204, 0x68040) ptrace$cont(0x9, r0, 0x0, 0x0) [ 3504.402847] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 3504.408419] __kmalloc_node_track_caller+0x3d/0x80 [ 3504.413781] __kmalloc_reserve.isra.0+0x40/0xe0 [ 3504.418680] __alloc_skb+0xcf/0x500 [ 3504.422331] ? skb_scrub_packet+0x4b0/0x4b0 [ 3504.426385] ptrace attach of "/root/syz-executor.4"[26414] was attempted by "/root/syz-executor.4"[26416] [ 3504.426694] ? netlink_has_listeners+0x20a/0x330 [ 3504.442123] kobject_uevent_env+0x781/0xc23 [ 3504.446935] kobject_uevent+0x20/0x26 17:53:22 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(r0, 0x0, 0x80000002, 0x0) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r1, 0x89e1, 0x0) stat(&(0x7f0000000180)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = getgid() getresgid(&(0x7f00000001c0)=0x0, &(0x7f0000000400), &(0x7f0000000540)) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r5, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r6, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000280)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r5, &(0x7f0000000440)={&(0x7f0000000240), 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x2c, r7, 0x300, 0x70bd2c, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x4040) setresgid(r2, r3, r4) stat(&(0x7f0000000180)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r9 = getgid() getresgid(&(0x7f00000001c0)=0x0, &(0x7f0000000400), &(0x7f0000000540)) setresgid(r8, r9, r10) getgroups(0x2, &(0x7f0000000000)=[r3, r8]) r11 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ubi_ctrl\x00', 0x2000, 0x0) r12 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x162800, 0x0) ioctl$RTC_VL_READ(r12, 0x80047013, &(0x7f0000000040)) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) write$P9_RLCREATE(r11, &(0x7f0000000200)={0x18, 0xf, 0x1, {{0x1}, 0x1000}}, 0x18) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) prctl$PR_SET_MM(0x23, 0x1, &(0x7f0000ff9000/0x4000)=nil) [ 3504.450756] lo_ioctl+0x11e7/0x1ce0 [ 3504.454420] ? loop_probe+0x160/0x160 [ 3504.458280] blkdev_ioctl+0x96b/0x1860 [ 3504.462377] ? blkpg_ioctl+0x980/0x980 [ 3504.466997] ? __might_sleep+0x93/0xb0 [ 3504.471094] ? __fget+0x210/0x370 [ 3504.474580] block_ioctl+0xde/0x120 [ 3504.478238] ? blkdev_fallocate+0x3b0/0x3b0 [ 3504.483287] do_vfs_ioctl+0x7ae/0x1060 [ 3504.487229] ? selinux_file_mprotect+0x5d0/0x5d0 [ 3504.492198] ? lock_downgrade+0x740/0x740 [ 3504.496465] ? ioctl_preallocate+0x1c0/0x1c0 [ 3504.501312] ? __fget+0x237/0x370 [ 3504.504910] ? security_file_ioctl+0x89/0xb0 [ 3504.509375] SyS_ioctl+0x8f/0xc0 [ 3504.512772] ? do_vfs_ioctl+0x1060/0x1060 [ 3504.516977] do_syscall_64+0x1e8/0x640 [ 3504.520897] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3504.520916] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3504.520924] RIP: 0033:0x45a4a7 [ 3504.520928] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3504.520938] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 17:53:22 executing program 2: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:22 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = getpid() r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getpgrp(r2) sched_setattr(r0, &(0x7f0000000040)={0xffffffffffffffbb, 0x4, 0x0, 0x7f, 0x5, 0x20, 0x0, 0x1}, 0x11010102b0ffc364) ptrace$setregs(0xf, r1, 0x4, &(0x7f0000001380)="6a04d298b717414dc22950a88b7b0d5e8cd8d319904135f9b3eff9a0c4e8476d6b524a22501ef6b0a3f0b4742c27a297d53bf4726eaa9d2b24952ca85cd9454615eb1e368f4d89ee11270023f34f52f002b7f33743a0baa4c621b8aca82eec28603d7473e3eb6b68a686121990f07c9a10fbbbef0c95003d0dd76b35f5b6dcb299ee0ff4a18d563529477fcdd6157cec6274c6385bcecf7f866d703b04f90533e3e4e386edcd88d05e221f65a55f9e153a742dc26848e427e55c0dfe42fdb984877d27cbebe1740cd7d905e13bccbc5066cc562dd6ee1227bd1bbd755ec819") tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r3, 0x89e1, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r3, 0x4038ae7a, &(0x7f0000000000)={0x0, 0x40000104, &(0x7f0000000380)="bd016dca3f77221624256fbf2a015d2195e6bd374df51e9c223c1f5457e33e9cbeef7e53df8be937f05148ee42edf353bc07f4c124a488af43aa1b0f868a55fd75c138282a2cdc88640fcad818b461bdd1d8fac7bd01230567e3feb5eb357c215c22346e5a412d7124840a3d7c0661fb93d18df55d58111f3c1143aa60f084c1d124b63785231046c396b27132026c2d2c7f96b864f37188cb257e4959f4c2588b40714c6c52a03ee300f22beb51aaf1d6af7bc7ca99b8b6238e719d21f985e28131dbae2a602be75d5214dbd7f7ef89a9266a4fc265fb5644fa0d1258eff4a78d426424e6c17e13caed6739f2a1c97492c86c914dc9fa6f282fa8ef2c0f660ff31d331e969e80eb1446110a267eae729c759a488174d176bec5f1904bb199b01e80559696944ac75fcebe042e54f4038a2e2a0585957fcc108b9475ad5b430ce143a63fea78bd27419c9991c0e122cc18e8bb153157683123bd8867d1be610158cd709aeae9a0f8ecfbd6fdb97207687b4d54bca37a850967a37dfab62f443b5329b24a25570410712899d1a53b5ca6bd795d493c9b23a3a8ab5697bfca99af2a0228b1b0beb2baa77d1fb3b3f11877a3d829ad5f992d4815f8f1ed709b64499befcf1eb6c706572efa1cfca709d2dc905d577f0f2ccf52a8ff25f62d064b1da0b520def7fc560da9fcc8d716fb9c11cfee3d9172b7779288feed57176b289b61b96a02753889e09a8b332daf26e4f508d1113a2a480d46b12634ceac270d5a660bf4f146f345432eccc5e272dac16d4046f4f2b316feeb78bd6b1650b43a8a3e1ba66e47567acfde8ecbdffe2ac746d97a47aa1852f2e1cbbfd125d95e4ce0cd85b3fa8c546d8c57937cb3682edff6e71504bd900886c2350b502de0f80fc658f9a134478cb2755ab092bfe8aa83014347ebd7efad0648bb8c381f5cfa38d167f6a28875192387b272836f4c21886a8724c9e5b2d4c31a9ea5330be93013759ad84784ee8d0b52cc1f366df3d196f81a28e52c77c7e7426872a57cec2bcba3014694dda31f7292e85b7058f99933779d366d85d268852232284622cbd9532752413baae413f65b937a29d8a8c25dff4bdc80349c2defad6f0b28542635086526e4803c9a552f6b99c6020cc59bb0b680d05ab6574149893d3bdf1dd267824fb0a46adab33129c9d9dff75db81a28cc52abacf33741c5a2fe867df7ee643aba630c98de48993e0727dccaf7a487d0e95567ce346f5dcb2b524923c86401dffe763cab9b52dacfe691f4107e81d5fb99f482fe26cac758c301ef26401a2bb66444ea87d54facd548e5541ef8017ec651ba220bd3dfde4a46453bda552dad22e037f8beb3cf53cdaf1574a2ec7ef0988ec3ef95eafe749673f5491aed9c380de921cd730b837bd8586b02444ab748d1891d5f90d178c6c31a3e3ef32f2293495d79c5e71d4384232da052dbfa13e451f7007bef9a44115b0b5484689a740c0cf8ef1afb37fca2851da78b07cf5ef81298c37d638f6869a7d86abebd2f1210b9516ca0af51b3ae4ef3860613f5186e79513ded36dd912bc3b2c8c6360fc9e1b68a86bdae212cc1215f2d31b42d1ed25a428c7547c32656dff02d5caa761fb1e136f449591427b5a1f9f8172c96a2266f1f446b2e5fb250c548a3fc0b6033bc603ab59af0467c44963751ccce246be1718fdf8c94a027428ea008b67af7564d5e93d76d1d97284d6ba2d9c2ee43830da409f53cb54ebc561602bb65a283e48db6f0886423dc77b1e9f023870902971f3950310ca562b88ac393e5a422a044f01a387fc0e706ea9b4e758dc2ae3f51abfed08243ab9af2079ec2d2d35dc42a2659ebd047ffde284f64282b8bf15c6c0a042621d54772fee3e5ed904d07f3fb299c13df575b07afdafc9034db17b6c945885688d92681ba39d0811bcd28decf6c96cb9378981bf08886572df29fdfd227e0016606f24a4f1c6e916a5586db62263880260db1e11856c178b62f687012d06761074effb156713fde35d734fefe25751fc4af45e290dc1a9e289b5ac47a5b89b3e5618e278842e695becfc4bc89a59cd49c786add396649b67dd2ad1e7f2737b3fba6a18df5f379bdecfc8b5245630b1b46a1d807298b3ca7f7cbe42458e027aa72878aeea4cf74ebdf49c7232e4e847e3bb8e1f40f8ed2a9e8039c241e0b41d45b8b93c7e435e293b06817dbed738b36c841f77aedbfb6b43775bfdbb4c2b51ddb6531fe52bec3597145788e9479f326f495e0cbeed73c50f0d497bf3ccdb2ba736f29d4cd72f53bcf270a3a4a12a3011c70f76906dd6670d3f7c73bc3206496478213dc2d4c93dbdb958c13ebde1fd01c623eeeedd439161c7225e4d375bffbfe8a9c1a4bc02f2b37735e7b80cb21d302b79fb35fa464c6e448cc4d6d7776b30dfa8dd70d548ee2645fab24a530e50f709383bbe9aaa214c772fce28fe3e82949e33b9133195776122848cdd0615e2bfd55bac84296ed71d418932e79b4824f8675018a58efd4e0a4022c17e0b81adc4462cd07323a07c6b8ad6e33059fdd630acf5809379e2fda5f63fbf3727d9f19427823bc144fd7bb569eab9be8917d81737e90b3d004c1711ad9f8a4696bb33d81fe42a8af3bafe7e17a4810aecdca253399f89855b26b21f41374dcaf5606327a5a76136f1ce783fd7d675ce548e22545c70ae970a59f384331bbf1621d0c35dd46603b2c9174be66cdf1f81df00541a563d53dd2d2c2ca642465200d70899f5359914bf4485163074f2a28c00822a9ad283859ec2f2680930d279cba03430a2ca5157d5f94abbcd4033e7d4b86324c1662ded3d7583b0d694d4d5f09c7630f36fbc554e8f5920ea67b985a9d37c26579fd06103a8275234809179153efd447ffcb579166738dfc7bffc6a673696b003ed38a554a19d0c5957c6af7d8a2747adb75ad92708054adad0d827b1ba9319abfe30518af8d0dc3b8e1f1f0fef3acc4234b86b93f0cacb93dfefd5085911526c40cede67824278f31a99e765e324c05dd158e0827285b5425913793e7f12b61bd0e225a4852af98ec155854cf717eab663c41f8a82759d6ae030d70b4173ae79b0e44b2faf0eae504de5b86721116fad6852ec4140f23b39efbe3a2eec02bfc0f7c2d5fbeea83208b128a743a640a3e19a5923f3752a0fa775b49ebbc1e998a8c3f8243c9f36f87516117295c6b564eaf5451cba7116f577f8e3121d4c9c26299d31511141721ca8205f61926be0bc51c19b065b59e485a6b15578409c9a2e1428ca364e6f555f25b26246cd75979db94c28e73ffec2d9737915ff9dac1cbbe5e1707e1abc7f766d5f5da52dc79d42eef79ac48af9dfee2dc4b0f6ba58143323924d6dfa813ec50bc6916de099f6e5a8891141f217feadf3d9fdca4163c9556d5361ec5a65603bbb72185a910860a6ddae0ca36aa200d053797b041e54df2f12af7ef12fc6a9974b0a6a777db6754bbe6ddb7f4eea9d7cc604cee09533c364993ce1e84767f3018c613d893f9f5f3a557858f9d7ba66e809df26e6fbd1d8a4f05248e03e4d68be32c334cab08c95376d1ec7baed43db2d5544359341961acfbb18591239d6adbd37be5af3f925d6915bc2b1f0a5a657b2819ac2db7224868b9ed55729d95dc1edc6793b111874cd3ce87580a03f991b129f699a46ff209a68f3e729565cc3bf997e485f069c03ed002b9246befd63ed59de26e50778a9fdf4d2bf68ae6ca24c047ecf3dd625a79c842fe91b63d52360f68508210894874a0ac2e13e75e39f1447f5ca796b5468ab671cc82c88f46fa03b0c83a9ca0524221c951dff97ac4b7e3c6e72888ae359211163db0b02e1fa923d672aef72c08f18e19c8d3c42f1916380875ffc34d3ba041145e22d645acd2d456a9fda6c0842456b1b479e0d7f02b3e5a95f6473de13bc9f18c471d372a3ead3ae739a301c343b0ee85169f759fbf23b6b4b0c9cc46305b8381e049a632c01d7acf5f879e00bd597891e98bddf4dd86063aa321671b2c87825e8095aaef35d69638b07e6e3020d7600e0a9bd3f66819038a0dc300da485755e48f3d3d773b92792516a7c53283a069d6ce368007f70857a2d88776369664fc66dc5b4085137e2c5c4378e62cfd5b0acea2f69c33a7296b8f74efe7e3c150346fbc87e74b66897c11bca1717612481588d46374573d61d9a6a38d781a27701143fe27a818c399c011f6942d3079c44a3a148f59420cfadf40898c01cc764c16abdcf3e6af03f675a851a4da89d1f7164a7de77c9caf8d8c772fa7b7468e9230917eaf8af7fd3175f146382d8bd42df3e87b5a1aa2c4b25ee18eb17f6918ff97cc3c0a8d1e768b8403a3ba1d087c79ef519f64bf2663d8e38ea7f28093f362b0fe21870784635e23f9a813de84a67c8ca6ed8379807b1902c9855c86378497a84d89b96f11a83e6e46e442dd62874409da75b3daa7520e0e5ed55539229c995c95f5d890e682202204d08fa9bf9e4f5252d979f11ca4f0e6bf0d55ff3300cce362d8a5ef2ee4d1200533e4e1f189518fa60422532244fd6d02012562b04615023af4c43ab22ddb4347f61b1717f9749c07cee4f1cdd80a85b3ef59eea6f8bcc2dcf051e19052744a625012d5756d237a2a923b2cd8f483521d3f07ea653f42c399130d2d77a05f55c613d0faf96858e3108bf97441dbc3189e7af56dbf9cea6ba399aa79c3c59b250cd8bbba71f731c76a916c23a3577f0084c6f0f6bd4a91d81128e51091fab982e1346776a5eaa41629def97732c2bdf41a40e6f51a4d9708d4c324aeb82eb5003c6d861fcae7731cbfecfe582e355ff31e10b0880dbe0ac6e9231be69bc4cddd6de67356f67c152b4621d3cd6d6c885ac62537abd64620aed2e7836926f23a28963e7b85200b60daedfdac9c5847e85c2ec834bf2a49de351ee441998fb5be2384a9c758e551b0ebd07074cb32bb857e1bcf6d51ae7bf6db79630e6a054b0566c92bd585ec02038a65d28d8589b9bd04bf5238f597c6a19236b27a86926171940fbeb07dfdad55ca97fd88646bd87906f9538bea216a799be137341137db9bd50e32a725e783e7257f33f2ec86bda5dbae99d98830bd0edca35d771c2799cd285228a179c7b461dc55f9a581c01e8630b288ecae05371b3695d969f1756438af3a526d71c9484080842edec6726a8c978eededef37c97e3f59c97a1dcfbaba6296d82eb90586ad5c654ee3414a74a85b855f66074a592c134cce285730cc908203d904bc5252d3c79b556004e53ff504adf2c5b20ab8b4ad64a66dbe4596b52f4070a597466f52b9abd2bfe8ec9ec31cf8dae2e9f57eae45e1a9005b4e52dd894eab792df0fecd48b5f2542b0ef531c4741e2b0986b8e566630ac1bb6a5adac338a3332a7ee855489659059ccb90cf7396352061c312b08fbe5c373b91461bc1fc146ba3e49507816ac62901ea41604fc567214e1da346c316d114823efa07082cc06e4ff65437386fdf894f10aaecea67591306b90978faf062271c2120744c448282e6165d1b2bc28e4eabcd397cd7292fc02d0db3b3e4192ea8a18c0d8f996f4aa75ee76890e9d1c5ed1e744eba3f2986cfeb03965ebf844a5e753c03f78990edd60cf1ef7056f246465b1aeec0aac2eace1e09e95ba78bbf0418339b3f317133128f9a7dd4739a62ff9cf4a589d43ff1f9b25551353cddc7b85aadba7c31026c30d9650aa9f567b5766ec7d7ada3af86574f7310aca02f395b7a1e481dc802f0a44c14e792d26310a7190352b6088b6c625e735d1d74", &(0x7f0000000100)="955189b3531d5d8e06b273fd8000332769f716c537906a65191eda7180e479302e4defa82a7b9aed0d50212dac95a3569d3cfcffc65a65b6051697e66deaea651cb0823ffca918d710b40ed410f778c792f59b266da0d06da35190f9fd62f6a08586680f8b09d154a7b1f5d933170b1a2e5f32e83d3249d3d81bf545344648e114b841760d68ca0096a06572b4b82acc1f94c234a9127d9bdb430c2505305c37bbbf529efafd305b98674a6adfd569867683c032ce1f5f23495819bc2d3c1480ce56af071fad6eabff3903ad9b8ac10902cf5515019069747a32921ef6c38f0da73a5859b17db342a9a246d847f6903e41ba13", 0x1000, 0xf3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r4, 0x89e1, 0x0) ioctl$DRM_IOCTL_AUTH_MAGIC(r4, 0x40046411, &(0x7f0000000200)=0x80f) ptrace$cont(0x9, r0, 0x0, 0x0) [ 3504.520950] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 3504.530999] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3504.531006] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3504.531011] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:22 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r1, 0x89e1, 0x0) ioctl$NBD_CLEAR_SOCK(r1, 0xab04) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000200)={0x0, 0x0}, &(0x7f0000000240)=0xc) setfsuid(r3) ioctl$SIOCAX25ADDUID(r2, 0x89e1, 0x0) r4 = openat$cgroup_int(r2, &(0x7f0000000000)='cgroup.clone_children\x00', 0x2, 0x0) preadv(r4, &(0x7f0000000100)=[{&(0x7f0000000040)=""/52, 0x34}, {&(0x7f0000000080)=""/8, 0x8}], 0x2, 0x6) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x0, 0xa}}, 0x20) write$RDMA_USER_CM_CMD_BIND(0xffffffffffffffff, &(0x7f00000004c0)={0x14, 0x88, 0xfa00, {r6, 0x0, 0x0, @in6={0xa, 0x0, 0x5, @empty, 0xffffff00}}}, 0x90) ioctl$KDGETKEYCODE(0xffffffffffffffff, 0x4b4c, &(0x7f0000000280)={0x6, 0x3ff}) write$RDMA_USER_CM_CMD_SET_OPTION(r5, &(0x7f0000000180)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000140)=0x1, r6, 0x0, 0x1, 0x4}}, 0x20) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:53:23 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000000)=0x0) wait4(r1, 0x0, 0x8, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x4, 0x0) 17:53:23 executing program 5 (fault-call:3 fault-nth:30): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:23 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = getpid() sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) tkill(r3, 0x1) r4 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:53:23 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) ptrace$setregs(0xd, r1, 0x62, &(0x7f0000000000)="b96c635249bc83dcf28a54774740af6b8cd1fe18f75fd7b408a5cc222a9e41ba8e877e8574c7b1a79568998b48e712266dff1ccc2332b952200a563b63d55e4742d1fe358346d2a0476417") ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:53:23 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f0000000440)=ANY=[@ANYBLOB="0100e6bacc160040844817e26f03756a8f", @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:23 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) [ 3505.191720] FAULT_INJECTION: forcing a failure. [ 3505.191720] name failslab, interval 1, probability 0, space 0, times 0 [ 3505.225503] CPU: 0 PID: 26441 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3505.233142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3505.243578] Call Trace: [ 3505.246219] dump_stack+0x142/0x197 [ 3505.249900] should_fail.cold+0x10f/0x159 [ 3505.254186] should_failslab+0xdb/0x130 [ 3505.258213] kmem_cache_alloc_node_trace+0x280/0x770 [ 3505.263476] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 3505.269103] __kmalloc_node_track_caller+0x3d/0x80 [ 3505.274278] __kmalloc_reserve.isra.0+0x40/0xe0 [ 3505.279221] __alloc_skb+0xcf/0x500 [ 3505.282919] ? skb_scrub_packet+0x4b0/0x4b0 [ 3505.287269] ? netlink_has_listeners+0x20a/0x330 17:53:23 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r4, 0x89e1, 0x0) r5 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r5) r6 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r6, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f0000000000)={r7}, 0xc) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r4, 0x84, 0x1, &(0x7f0000000440)={r7, 0x0, 0x4, 0x7fff, 0x4, 0x9}, 0x14) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r8 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/hash_stats\x00', 0x0, 0x0) fstat(0xffffffffffffffff, &(0x7f0000000100)) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000080), &(0x7f0000000180)=0xc) pipe2(&(0x7f0000000200)={0xffffffffffffffff}, 0x4000) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000280)={r9, &(0x7f0000000380)="0b5d7515d37776e9e9462bc7dece46312ca550f36b3844ab811be2cbe660a876c32600a76b59f7ec2b33a700b02d0f32f1d4b89639b8e7695ee992beb18f10e94d43399933fee78af6b6814decae411030ccdcb4106d13c51f40c44fb1e2cbd8855d07c433a979a71f5526f91e57d0c1e35037abdc8057388b8e2ab5add0d14ebc925ec6c48ad80b2b3f6d6c57e6cfa6c1299d09beb7cc281335477eee8c0080ba8e350fb93412f8242973b25afbf17938cf6c48eb441ed79312", &(0x7f0000000240)=""/27}, 0x20) write$FUSE_DIRENTPLUS(r8, &(0x7f00000001c0)={0x10, 0x0, 0x2}, 0x10) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 3505.292123] kobject_uevent_env+0x781/0xc23 [ 3505.296720] kobject_uevent+0x20/0x26 [ 3505.300933] lo_ioctl+0x11e7/0x1ce0 [ 3505.304798] ? loop_probe+0x160/0x160 [ 3505.308643] blkdev_ioctl+0x96b/0x1860 [ 3505.312559] ? blkpg_ioctl+0x980/0x980 [ 3505.316472] ? __might_sleep+0x93/0xb0 [ 3505.320380] ? __fget+0x210/0x370 [ 3505.323914] block_ioctl+0xde/0x120 [ 3505.327550] ? blkdev_fallocate+0x3b0/0x3b0 [ 3505.331908] do_vfs_ioctl+0x7ae/0x1060 [ 3505.335836] ? selinux_file_mprotect+0x5d0/0x5d0 [ 3505.340659] ? lock_downgrade+0x740/0x740 [ 3505.344952] ? ioctl_preallocate+0x1c0/0x1c0 [ 3505.349375] ? __fget+0x237/0x370 [ 3505.352881] ? security_file_ioctl+0x89/0xb0 [ 3505.357416] SyS_ioctl+0x8f/0xc0 [ 3505.357429] ? do_vfs_ioctl+0x1060/0x1060 [ 3505.357445] do_syscall_64+0x1e8/0x640 [ 3505.357454] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3505.357472] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3505.364991] RIP: 0033:0x45a4a7 [ 3505.364997] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 17:53:23 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) lsetxattr$security_smack_transmute(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000100)='TRUE', 0x4, 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:53:23 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = getpid() r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getpgrp(r2) sched_setattr(r0, &(0x7f0000000040)={0xffffffffffffffbb, 0x4, 0x0, 0x7f, 0x5, 0x20, 0x0, 0x1}, 0x11010102b0ffc364) ptrace$setregs(0xf, r1, 0x4, &(0x7f0000001380)="6a04d298b717414dc22950a88b7b0d5e8cd8d319904135f9b3eff9a0c4e8476d6b524a22501ef6b0a3f0b4742c27a297d53bf4726eaa9d2b24952ca85cd9454615eb1e368f4d89ee11270023f34f52f002b7f33743a0baa4c621b8aca82eec28603d7473e3eb6b68a686121990f07c9a10fbbbef0c95003d0dd76b35f5b6dcb299ee0ff4a18d563529477fcdd6157cec6274c6385bcecf7f866d703b04f90533e3e4e386edcd88d05e221f65a55f9e153a742dc26848e427e55c0dfe42fdb984877d27cbebe1740cd7d905e13bccbc5066cc562dd6ee1227bd1bbd755ec819") tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r3, 0x89e1, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r3, 0x4038ae7a, &(0x7f0000000000)={0x0, 0x40000104, &(0x7f0000000380)="bd016dca3f77221624256fbf2a015d2195e6bd374df51e9c223c1f5457e33e9cbeef7e53df8be937f05148ee42edf353bc07f4c124a488af43aa1b0f868a55fd75c138282a2cdc88640fcad818b461bdd1d8fac7bd01230567e3feb5eb357c215c22346e5a412d7124840a3d7c0661fb93d18df55d58111f3c1143aa60f084c1d124b63785231046c396b27132026c2d2c7f96b864f37188cb257e4959f4c2588b40714c6c52a03ee300f22beb51aaf1d6af7bc7ca99b8b6238e719d21f985e28131dbae2a602be75d5214dbd7f7ef89a9266a4fc265fb5644fa0d1258eff4a78d426424e6c17e13caed6739f2a1c97492c86c914dc9fa6f282fa8ef2c0f660ff31d331e969e80eb1446110a267eae729c759a488174d176bec5f1904bb199b01e80559696944ac75fcebe042e54f4038a2e2a0585957fcc108b9475ad5b430ce143a63fea78bd27419c9991c0e122cc18e8bb153157683123bd8867d1be610158cd709aeae9a0f8ecfbd6fdb97207687b4d54bca37a850967a37dfab62f443b5329b24a25570410712899d1a53b5ca6bd795d493c9b23a3a8ab5697bfca99af2a0228b1b0beb2baa77d1fb3b3f11877a3d829ad5f992d4815f8f1ed709b64499befcf1eb6c706572efa1cfca709d2dc905d577f0f2ccf52a8ff25f62d064b1da0b520def7fc560da9fcc8d716fb9c11cfee3d9172b7779288feed57176b289b61b96a02753889e09a8b332daf26e4f508d1113a2a480d46b12634ceac270d5a660bf4f146f345432eccc5e272dac16d4046f4f2b316feeb78bd6b1650b43a8a3e1ba66e47567acfde8ecbdffe2ac746d97a47aa1852f2e1cbbfd125d95e4ce0cd85b3fa8c546d8c57937cb3682edff6e71504bd900886c2350b502de0f80fc658f9a134478cb2755ab092bfe8aa83014347ebd7efad0648bb8c381f5cfa38d167f6a28875192387b272836f4c21886a8724c9e5b2d4c31a9ea5330be93013759ad84784ee8d0b52cc1f366df3d196f81a28e52c77c7e7426872a57cec2bcba3014694dda31f7292e85b7058f99933779d366d85d268852232284622cbd9532752413baae413f65b937a29d8a8c25dff4bdc80349c2defad6f0b28542635086526e4803c9a552f6b99c6020cc59bb0b680d05ab6574149893d3bdf1dd267824fb0a46adab33129c9d9dff75db81a28cc52abacf33741c5a2fe867df7ee643aba630c98de48993e0727dccaf7a487d0e95567ce346f5dcb2b524923c86401dffe763cab9b52dacfe691f4107e81d5fb99f482fe26cac758c301ef26401a2bb66444ea87d54facd548e5541ef8017ec651ba220bd3dfde4a46453bda552dad22e037f8beb3cf53cdaf1574a2ec7ef0988ec3ef95eafe749673f5491aed9c380de921cd730b837bd8586b02444ab748d1891d5f90d178c6c31a3e3ef32f2293495d79c5e71d4384232da052dbfa13e451f7007bef9a44115b0b5484689a740c0cf8ef1afb37fca2851da78b07cf5ef81298c37d638f6869a7d86abebd2f1210b9516ca0af51b3ae4ef3860613f5186e79513ded36dd912bc3b2c8c6360fc9e1b68a86bdae212cc1215f2d31b42d1ed25a428c7547c32656dff02d5caa761fb1e136f449591427b5a1f9f8172c96a2266f1f446b2e5fb250c548a3fc0b6033bc603ab59af0467c44963751ccce246be1718fdf8c94a027428ea008b67af7564d5e93d76d1d97284d6ba2d9c2ee43830da409f53cb54ebc561602bb65a283e48db6f0886423dc77b1e9f023870902971f3950310ca562b88ac393e5a422a044f01a387fc0e706ea9b4e758dc2ae3f51abfed08243ab9af2079ec2d2d35dc42a2659ebd047ffde284f64282b8bf15c6c0a042621d54772fee3e5ed904d07f3fb299c13df575b07afdafc9034db17b6c945885688d92681ba39d0811bcd28decf6c96cb9378981bf08886572df29fdfd227e0016606f24a4f1c6e916a5586db62263880260db1e11856c178b62f687012d06761074effb156713fde35d734fefe25751fc4af45e290dc1a9e289b5ac47a5b89b3e5618e278842e695becfc4bc89a59cd49c786add396649b67dd2ad1e7f2737b3fba6a18df5f379bdecfc8b5245630b1b46a1d807298b3ca7f7cbe42458e027aa72878aeea4cf74ebdf49c7232e4e847e3bb8e1f40f8ed2a9e8039c241e0b41d45b8b93c7e435e293b06817dbed738b36c841f77aedbfb6b43775bfdbb4c2b51ddb6531fe52bec3597145788e9479f326f495e0cbeed73c50f0d497bf3ccdb2ba736f29d4cd72f53bcf270a3a4a12a3011c70f76906dd6670d3f7c73bc3206496478213dc2d4c93dbdb958c13ebde1fd01c623eeeedd439161c7225e4d375bffbfe8a9c1a4bc02f2b37735e7b80cb21d302b79fb35fa464c6e448cc4d6d7776b30dfa8dd70d548ee2645fab24a530e50f709383bbe9aaa214c772fce28fe3e82949e33b9133195776122848cdd0615e2bfd55bac84296ed71d418932e79b4824f8675018a58efd4e0a4022c17e0b81adc4462cd07323a07c6b8ad6e33059fdd630acf5809379e2fda5f63fbf3727d9f19427823bc144fd7bb569eab9be8917d81737e90b3d004c1711ad9f8a4696bb33d81fe42a8af3bafe7e17a4810aecdca253399f89855b26b21f41374dcaf5606327a5a76136f1ce783fd7d675ce548e22545c70ae970a59f384331bbf1621d0c35dd46603b2c9174be66cdf1f81df00541a563d53dd2d2c2ca642465200d70899f5359914bf4485163074f2a28c00822a9ad283859ec2f2680930d279cba03430a2ca5157d5f94abbcd4033e7d4b86324c1662ded3d7583b0d694d4d5f09c7630f36fbc554e8f5920ea67b985a9d37c26579fd06103a8275234809179153efd447ffcb579166738dfc7bffc6a673696b003ed38a554a19d0c5957c6af7d8a2747adb75ad92708054adad0d827b1ba9319abfe30518af8d0dc3b8e1f1f0fef3acc4234b86b93f0cacb93dfefd5085911526c40cede67824278f31a99e765e324c05dd158e0827285b5425913793e7f12b61bd0e225a4852af98ec155854cf717eab663c41f8a82759d6ae030d70b4173ae79b0e44b2faf0eae504de5b86721116fad6852ec4140f23b39efbe3a2eec02bfc0f7c2d5fbeea83208b128a743a640a3e19a5923f3752a0fa775b49ebbc1e998a8c3f8243c9f36f87516117295c6b564eaf5451cba7116f577f8e3121d4c9c26299d31511141721ca8205f61926be0bc51c19b065b59e485a6b15578409c9a2e1428ca364e6f555f25b26246cd75979db94c28e73ffec2d9737915ff9dac1cbbe5e1707e1abc7f766d5f5da52dc79d42eef79ac48af9dfee2dc4b0f6ba58143323924d6dfa813ec50bc6916de099f6e5a8891141f217feadf3d9fdca4163c9556d5361ec5a65603bbb72185a910860a6ddae0ca36aa200d053797b041e54df2f12af7ef12fc6a9974b0a6a777db6754bbe6ddb7f4eea9d7cc604cee09533c364993ce1e84767f3018c613d893f9f5f3a557858f9d7ba66e809df26e6fbd1d8a4f05248e03e4d68be32c334cab08c95376d1ec7baed43db2d5544359341961acfbb18591239d6adbd37be5af3f925d6915bc2b1f0a5a657b2819ac2db7224868b9ed55729d95dc1edc6793b111874cd3ce87580a03f991b129f699a46ff209a68f3e729565cc3bf997e485f069c03ed002b9246befd63ed59de26e50778a9fdf4d2bf68ae6ca24c047ecf3dd625a79c842fe91b63d52360f68508210894874a0ac2e13e75e39f1447f5ca796b5468ab671cc82c88f46fa03b0c83a9ca0524221c951dff97ac4b7e3c6e72888ae359211163db0b02e1fa923d672aef72c08f18e19c8d3c42f1916380875ffc34d3ba041145e22d645acd2d456a9fda6c0842456b1b479e0d7f02b3e5a95f6473de13bc9f18c471d372a3ead3ae739a301c343b0ee85169f759fbf23b6b4b0c9cc46305b8381e049a632c01d7acf5f879e00bd597891e98bddf4dd86063aa321671b2c87825e8095aaef35d69638b07e6e3020d7600e0a9bd3f66819038a0dc300da485755e48f3d3d773b92792516a7c53283a069d6ce368007f70857a2d88776369664fc66dc5b4085137e2c5c4378e62cfd5b0acea2f69c33a7296b8f74efe7e3c150346fbc87e74b66897c11bca1717612481588d46374573d61d9a6a38d781a27701143fe27a818c399c011f6942d3079c44a3a148f59420cfadf40898c01cc764c16abdcf3e6af03f675a851a4da89d1f7164a7de77c9caf8d8c772fa7b7468e9230917eaf8af7fd3175f146382d8bd42df3e87b5a1aa2c4b25ee18eb17f6918ff97cc3c0a8d1e768b8403a3ba1d087c79ef519f64bf2663d8e38ea7f28093f362b0fe21870784635e23f9a813de84a67c8ca6ed8379807b1902c9855c86378497a84d89b96f11a83e6e46e442dd62874409da75b3daa7520e0e5ed55539229c995c95f5d890e682202204d08fa9bf9e4f5252d979f11ca4f0e6bf0d55ff3300cce362d8a5ef2ee4d1200533e4e1f189518fa60422532244fd6d02012562b04615023af4c43ab22ddb4347f61b1717f9749c07cee4f1cdd80a85b3ef59eea6f8bcc2dcf051e19052744a625012d5756d237a2a923b2cd8f483521d3f07ea653f42c399130d2d77a05f55c613d0faf96858e3108bf97441dbc3189e7af56dbf9cea6ba399aa79c3c59b250cd8bbba71f731c76a916c23a3577f0084c6f0f6bd4a91d81128e51091fab982e1346776a5eaa41629def97732c2bdf41a40e6f51a4d9708d4c324aeb82eb5003c6d861fcae7731cbfecfe582e355ff31e10b0880dbe0ac6e9231be69bc4cddd6de67356f67c152b4621d3cd6d6c885ac62537abd64620aed2e7836926f23a28963e7b85200b60daedfdac9c5847e85c2ec834bf2a49de351ee441998fb5be2384a9c758e551b0ebd07074cb32bb857e1bcf6d51ae7bf6db79630e6a054b0566c92bd585ec02038a65d28d8589b9bd04bf5238f597c6a19236b27a86926171940fbeb07dfdad55ca97fd88646bd87906f9538bea216a799be137341137db9bd50e32a725e783e7257f33f2ec86bda5dbae99d98830bd0edca35d771c2799cd285228a179c7b461dc55f9a581c01e8630b288ecae05371b3695d969f1756438af3a526d71c9484080842edec6726a8c978eededef37c97e3f59c97a1dcfbaba6296d82eb90586ad5c654ee3414a74a85b855f66074a592c134cce285730cc908203d904bc5252d3c79b556004e53ff504adf2c5b20ab8b4ad64a66dbe4596b52f4070a597466f52b9abd2bfe8ec9ec31cf8dae2e9f57eae45e1a9005b4e52dd894eab792df0fecd48b5f2542b0ef531c4741e2b0986b8e566630ac1bb6a5adac338a3332a7ee855489659059ccb90cf7396352061c312b08fbe5c373b91461bc1fc146ba3e49507816ac62901ea41604fc567214e1da346c316d114823efa07082cc06e4ff65437386fdf894f10aaecea67591306b90978faf062271c2120744c448282e6165d1b2bc28e4eabcd397cd7292fc02d0db3b3e4192ea8a18c0d8f996f4aa75ee76890e9d1c5ed1e744eba3f2986cfeb03965ebf844a5e753c03f78990edd60cf1ef7056f246465b1aeec0aac2eace1e09e95ba78bbf0418339b3f317133128f9a7dd4739a62ff9cf4a589d43ff1f9b25551353cddc7b85aadba7c31026c30d9650aa9f567b5766ec7d7ada3af86574f7310aca02f395b7a1e481dc802f0a44c14e792d26310a7190352b6088b6c625e735d1d74", &(0x7f0000000100)="955189b3531d5d8e06b273fd8000332769f716c537906a65191eda7180e479302e4defa82a7b9aed0d50212dac95a3569d3cfcffc65a65b6051697e66deaea651cb0823ffca918d710b40ed410f778c792f59b266da0d06da35190f9fd62f6a08586680f8b09d154a7b1f5d933170b1a2e5f32e83d3249d3d81bf545344648e114b841760d68ca0096a06572b4b82acc1f94c234a9127d9bdb430c2505305c37bbbf529efafd305b98674a6adfd569867683c032ce1f5f23495819bc2d3c1480ce56af071fad6eabff3903ad9b8ac10902cf5515019069747a32921ef6c38f0da73a5859b17db342a9a246d847f6903e41ba13", 0x1000, 0xf3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r4, 0x89e1, 0x0) ioctl$DRM_IOCTL_AUTH_MAGIC(r4, 0x40046411, &(0x7f0000000200)=0x80f) ptrace$cont(0x9, r0, 0x0, 0x0) [ 3505.365006] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 3505.365012] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 3505.365017] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3505.365023] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3505.365029] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:23 executing program 5 (fault-call:3 fault-nth:31): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:23 executing program 1: r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r0, 0x89e1, 0x0) ioctl$RFKILL_IOCTL_NOINPUT(r0, 0x5201) semget$private(0x0, 0x3, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r1, 0x89e1, 0x0) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000001640)='/dev/autofs\x00', 0x181802, 0x0) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r3, 0x89e1, 0x0) r4 = accept4$ax25(r3, &(0x7f0000001680)={{0x3, @null}, [@netrom, @rose, @default, @default, @default, @default, @remote, @bcast]}, &(0x7f0000001700)=0x48, 0x800) r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001740)='/dev/sequencer2\x00', 0x10380, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r6, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r7, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) ioctl$sock_FIOGETOWN(r6, 0x8903, &(0x7f0000001780)=0x0) r9 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r10) r11 = getpid() sched_setattr(r11, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000017c0)={{{@in=@remote, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in6=@mcast1}}, &(0x7f00000018c0)=0xe8) r13 = getgid() sendmsg$unix(r1, &(0x7f0000001980)={&(0x7f0000000100)=@abs={0x0, 0x0, 0x4e24}, 0x6e, &(0x7f00000015c0)=[{&(0x7f0000000180)="ccfd0726352ae958b9ea1c14ed6262434b87eafdd5e1c5887c8801ad33d632d516e580c38ba9fae24c0702895a686ab6dc089f5a9f8a0ca455bbe1ebb09203502acb9aac3a60ac005fb5b312ef21cc88c7aed64d7d995b6009f33c97f64f065ff2630b3e859e3d8632479427efa874b44f8da9766727f51b66eefe1a76a3a755fffd", 0x82}, {&(0x7f0000000240)="cbb60097ea9b2ad1c946e860fbea397698897f1ee8838ed6a311a1b318a684f6cfb3e0d23ea969d5f5380430b702a722edade91e49f372c42863d52768b6f3203d2ecdbce39e8d523d589eb8957e19cd80764ed035366d744387a4", 0x5b}, {&(0x7f0000000380)="1c2016f88af6fbdf61aeca379ad9c4ad5eb0698434e420d1f6a2c8cc22038d4ee38734d5b082692d27f90ee7014db21022a5b31fe467783541c5cee486ad3e59452ef6880d785d877a597e7712cc38a898678779c35f509ee3c399be5c160a16558308427ea2990fd66011769d5e6752ecf677f7c67232f813eb153751c4867236f38d1c710f6e83a9febe8490262d159eccc1a424d299266a7a27e4a974df8ded7d33660e55d3a91203654724cb67c891b8757a774beb96c96fea8247c9d656d3e8ecce8c8790a1e8a94b0441f194b426ea3238e730b2a391b7843c40d40ad4", 0xe0}, {&(0x7f0000000480)="a5a96945ac8a7de2abae88093467a664a2d904314ead6bd738da22620ba7a656786605c58a7a93d3aaed222fd7b89ca78a984d2d7e172526736819b90d7ed18cb00d815ffc1729c77b1de88e171d7790df2ff7d6786be9e54e8c3f626c6b8a9ebcaf11a285b408c6e862a42aac78ff79433d2c4058dfd3445d5ed270bf7821e653770c16f4ba277e26947b568cfaf8ef458cb922089e03a393439b658e8716dfcfb0b18e47e5764d5982d8ae844717b81698fa101bb78030939a76a7f1a148c6a3f02cd52380d3e5dec0b214392d778ad8bbc936bf59a506b571ef651402f26476da2cfffd85ea3b724af5a023d36d444cd77fc4289737afabf7a4fcd33ac428b86b2ec5da92392b398bcd7d813bc2a1440b97675f232e2537abab44558f325d653ac39f5b2077b2bf99d60c9b81402fd5974e8953611da5745e06c9b3cd884f875cd6f797530c5d2ba3201c602f6c7f76ce5674d2c03f8d9ca3859f82385ba65d9b139563cba942830622be7c3aeb00ec8ce5480ff9f88f6ac99b8546cd8ff8033a390ba207aa0bde372280ce70e1a51b3898dd0c9782f3a02921ca3a142fcea0c7f5e74901adeba4e0f5ab88333b35c43629e7d00db45ad407c132f3b23e9fc68ff6818b7535f84360d21f3f5929c18a0241cbb8e7199141f4cac86abd36b9087a55d90c1f6a1ba413d942520b7ae92be80c2512e89b218d37d068d6176089b55c45036d2656bc40d225ba9b9ffb694c8b04542f55ba1dd5ae6b5a6afe6f29af9ade417962897549031274d50d05add4b1255968ca0bf9f9896f2ce0846d0ebb5d27f072fcac22e765f2bbef9e00c036b80f7a884ed8499dffaef4b80c591228df1303ff50a2eb3b25acb907289dfe7f61cd6143cfa3e21da6682d6522906467f2526fc2a3cda37d8df8723de27419905167b723c72d1d73f8f02ffea0fc91b39c9895f5365ffd1089b839e7b1a40efe979d6e5333e7fc77e443621612d1f8e5d5d8ae9cd8d39cbc78316daaf32c82ddf2d04e615fba935615d09197603f7d3996193685df653f26bd4a57c262ac7b45c29d5d7710c2fe5e3f7968c968eb4a9add77540a8836f4a365e555b0eecf7722af6c61baee57ea56b779165ce3659f5a796028d5023a98de87c3a587e28947e579d09e9a1e683ee739692777c7727b8700b022df52067e43ef2993004ec8bae63b214f88a9ac58198b62c5f5b4c6b92b657dea0cc27911d46a7d2f2f7aae9e1dc04672272d75da96e76902493a85023843012882ba81637cf3b304afa55166fbb67ca6d0e04841018356ac40c631fc766748fe0b302558c19315515f6b1f73600a116b5534c4fca095293a71425802aa112d0139fc766b0299a3c09c0113be85ca1ee8a794683e6558fd783b3aec30bc16fe72550b6a99ca79959f0279065bb6d27426ce08d206694887846bf1314d423aa9e75f25fb67df54ea019b049eaf80c3c44761bee20afb6598d807ee8e95061930f8d7efe69a4a28d6b86f86a4f0a19c44190fee947c8ca9502d62be9b91c23a52ddbd053a0c52c17bbb33f1b19d639425c20a7a7393b5145700aa60d77e162b3e8f76de66ed2a3e46fd65f11d134430b9ac3fc7e04fc040c5e82e9fa45e38fc01c0d4b0a2bfdda95b3f0f4ee759b45d9d69f38db37beceb1f93891db40dc323a6eea37d022fa7f43f464a418668b486e1d14ce479c3576f88cd5db87e4852730d10bbf72000224d4f30630f40d863777370d1dcdf93116bc708e22d667bb1d739e08b7437e5cb5dcb3b5aaf537d8124ce223a8329dd92baa9943fff0ab9f74e67695d2e06e38f22816f36100030e4e0a9fc1a4622734c23b601146cfd838559716120355b9f832dd343cc34706c88d668915791823db01bba6e19ae03de86bbd2caf8752ebb39d70012900e39e1535f97caee8004984ccc2944231e3b4c7adae8304b406f17f99a6907ee7ad8fa2e828df87dcdc9bca5a355a3e0cb90778ca5598faf7a5fbed783e54dcab7e689d7099b9cdf3def89f846d1d20682c96f5a647f7dbcf90bf76a167f1fe152d79a48e4732f9850d51bbb09ba35fa10fab2cd3170ee93c6f54e2dd49fb7480c569c0899e5353d31d2b6e78b4f986be812791b659ff52b533f5b86c47076ae349461322d7d0ac0d4b6396922090c018cabcae4ca23da535fdbea71a70c08005f726ac308babc9d222aa679b95df3b18e12aa4112e2e2f990b2240cefe35303282b824ea34219f58873c0f880a50e7db8642c828748bd9dc12a4db646babce7200ab9b0fbe2a1d2cb7b9803c15b6c04c15b7b1cfc46f7f0eae8e3ed36cdc449c1cebc0f3f224aef2e4b6a7c917371f67c10de145f7b64e8646814e57b5cc42985bb3213d1be697e44f6eb6727b0470b6648a9c329e658a2194a414a730104c4b81f2d03802789f7308cc00bc2162980b9d0edc68774e90efe3dff5a02061f2618233fe387deafb57316b68ff3bdce57ec6a8f980a59bae6e0f0af6043ca5fe75342c6d6b9ce9283dfce2c47a658f99463425784d81b2087c3045d2da969534d88f45f50c69b70becd22335af97469c17ea8c4ded11976b4be224cf4c8eac002f2667621b583b3bfd824c390d4f8c68169a3dc598884ce8e2d6e3f1dc3bcffbdd135e65151aa8241c69fbc0760dafabbf2da010818643fcfd9af0bbb8430927c05f2405cc5f9613d125d3507a338e2314645531681a042804acece9750d43fa567e998b57cf1d2f56ba1182f9fe975732c6442eee69bb7deac0030c3673a405644489c095bf4d5d9a6b2970d73b7252200049a08ecb073ca6647855b74ca05a359b4ff705380f1b6d7bae2a3afa5e7eab68fb0e43d168e291431ed39744087853e76419834a739f8d56ae8f63116d1e1b1c29c2b55368a8b8fd63842c6c63a4b6bfd8a3cf708b3705cdfc067e7de6364483bc191c0b52e36b41c5008fab1bd76181ab05dc40757a786740ad8436155a8146b82dbc1abae06ff34ab88004ba7fb15cad509d79245a24566d86127cfbe8c699b1ab0742bfde21cb111641368db592d5c9d0ac3d40261fa8028c41878e2208eaf33533ea8f2f2f0366a25eaf73b0a5cc993f7599b95cbf30ac64f3c5e52f809946c20fd3a8e9320b8585ee95cd0967de6143dd0886e835a4503f11ed33f02b2c064995052e4bfc18a9fcddb3801e6f0bd13d92a37a0a116d1c417cfe6c082b337c85eebb768561feb9f5eff74ce6ca5e9a381a2a694d220009814eabc4ceecee73a6b7f8c49524317b55bf735db8900dec51d52df2ebb1850e1fa59ef47f41c59c412b0e016b1ae5c39c26e06047c87871f486f706aa14d6aab44c5c809aae0a7b3bbb77fed379736d44da2a248a8ebda413ca9542e8dd42b7b52e1fadf0b3d6c4fae25f81a08a7a39481ca7a1d4680c9ece14be4e9cb054f0b0bd97d2a5a01f23b6f233989c0844674f0aed87ad48704d1e8d6f267cb17b4c73e1db078a4ae39231c7b272ac3393328890c3c1c232ef0e5bdcb807b5533ddc0b839e318c2707fef2da10f57483265018821b05044f4f31d2a92b190f61df7924306bd69482c44d495796cb7ea6fe56914ec0e8b276b4cec444fbdacd3f7371a3f4875e7fbd1e7d78a1d5a8541d250c3004f2b1291366af096605466f005da2529131c58db8d9be6b1cdc6aa95029eab56c45e93a0a91cca1792a297ed6c91ffe96855f0bb0c386b5c5efd997fd33aa31f844d4d47202240e762f077c3a1802c06647483f96a8805977334e0bd630d6e41191c454b08c8a946b6d86977e7670a7b5f2ede6582415aad967a1b9de7555705bd96f44274b250ff767ae010358e1fb75204818e4009df939485f966ffc23cc789c5ab8d6f8442faafc1ca6f2a11944f59cac885bf48a059e9c96397064441d421153d461f0e89b201a37151c85a29190003d1def428465bd285a4802d881c7c3a41c7c611c03b2d310f38abf53635a6733e0795bbd76dea7ede51cd8c5096049c190b65e2e624a7128cdddf86d641e2d48e2ec5519b0441e84414287ba4a8006115034999a17411e86e67c067c7b57a3c85e146d8727ab5cefaf8b7d90bf0fe5d37c296a4afb90e03f2d0ba806c4f8edbd13b1b2e5a8ebf74ac43bbda57db243c3ffd84d830a55876a2eff80e4508c731601062a4cdda5a27cc8a17d32129788264aa66eca18aca1d011c680892991dcdc640d4ea286e077e64b2784609dcc15a9aac6c69824689e7c212cd927b141ec169d0e9f9be3267f3c9ca7112be935fca7611494eab29ec3dd39468e7114f1b514b6f3f385b7dadeb8b64f5983c4bd8f17ad858e2c5111d4e3a51bb34f4c63a2db2e676ff34dcb7555bd371de1ebf41e28f623585a194386bf93384aa4c09d0e8b4dc7be4d113c6b769d40f44875f629324d222b86ec696f3793b311f0de8aebecb5e2f8d6e37ee7ea059d7a5d0dca189c8ad4c93c5b6ca737bcef0eef44b38734532937e7b3ad7688833a30a446c9eb9ee6272861ff0ee13da9d48950080ef41951b8b1fbfe2731e2037f297b99ccd26c401b97e6ee46cfcbfbaf6a9d20b92cd731fb69e58fde9c7b780efa3acb21e6a1b0d61f62a0fd1f7f62754f973104036de9417f46e19b9bdc78076db01bc2d3a07b4d9b1a305e9405c40b2d81c39f28da9dc938aa959bf6658717bbe3f170cb1458ee4f1885af428cc9b9984b7f49ddc72091862c259a5a247a1507e71bc50ffd93f56fa422f8b791fcafd83726e190bab14217d26fa7e02ce9139c8ec202ae525fafc8a6e83156a28bb9c696ea15f666503c64bffca981c97fa68b93b8a22f086926fefc99c68feb64b4e0dda7650e0905d692300b035a8c4485a4185f8e7527fab1579a2234c644668ba794b27412ce7b4b30d8a61d933280318ed3d00e10445deb52d94d0cae186e09eba4c34d852070bda2cf924b367f576930199d168c99009c466586700dc9871015bf23a8eefa6373cbb85e9847d3ab102abd5984d8034626d4799c7905badc08ebbe3c9ee8e4b6a58a68bfd2cb6ca7414d30295bc56380fc934157376c183c1790e575ce5d2f21a780c6090d959da45e2a360794e3789df729ba94b4068b41534cb92907eb9d0c239152caa22554390ddbb17d238901cf463cda71338519637784b1807727655643357081b6fa0ce1e53d9b54792da3ebee68c5d1c19d36d532f5d8075b7d5d7fc91a4cc81f1c3d1272a6dcd1b59df42c6e20ab8391b2fdc49f2a74a56e09c2efb8fe68c69dab63855ad42d9aebb66ff0a6c22d32154536e592226d5ecbfad62756c2364824f6b3a5e866f97eebea000549e9fe2c3972e36e665874dd245aefc238740a030d0890f3b7b45c890f37d5118be5bac73fd5f1b8346022bc4dae29bbf822c290ce5b1939f574858b1efb29005e9c78bf8faeb70c01de7de95632f76eeae2131fe3b2e41726425c076c700df5311a21b3188cf802e3e56b3a1af2ccca1d3e0b4620908e92bf03588c0ca856da973dd1a16ea7f95f569faf5095fe16caf7f0d26677991c212f5b86224b9b8043956bcb2fc433c3c67a20bcd522305e35721a8e502be6074bed1a119d17590152df6d4d458fa118eceab9ddbe72705f464440904363beac11612dfc7753c06972b85fe6aa1d30372d5bf1ce338152069c5556ced6c3eec4dd6135eb0f8dc453fd26536bfcc8005b7896b61e6e7cf4ffe69779f4f186c5c779127ea803524c459119d2a63ed9416f1cab5c76d09bdda31052648bc86a62562347084030cc920c150ec16fdf4ee6c92325aa47d3004f7bd6b31e2eb3e", 0x1000}, {&(0x7f0000001480)="04c2b7b8475ef3393a55078932dad3a042cd565f4e666d381c0f968ca0afc38183d913ef0021e38f39e86da845beb6c977e7d4fe764f15f0c650ffda46ccb5f3aac96c8fb16098f136e495809d28fc523b214d1447f7abd27c45b64d8b551e821f", 0x61}, {&(0x7f0000001500)="1c8aade456f2caf4266b7375a88a6431978a45524e42237ef7ad3ea26b8ac26f137744fa5831eb1c3c88d2213a612ae639eb916bca828d1ada42a222c5af7463761353de4f52b288063fab3f7d3494d467cdb441d07731b7b190522de1f6397d3fc61115e17330d86b4849a56a38724061d153bfe9f82a943ea3cd6b9e0d8e762870bce5", 0x84}], 0x6, &(0x7f0000001900)=[@rights={{0x1c, 0x1, 0x1, [r0, r2, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [r0, 0xffffffffffffffff, r4, r5]}}, @cred={{0x1c, 0x1, 0x2, {r8, r10, 0xee00}}}, @cred={{0x1c, 0x1, 0x2, {r11, r12, r13}}}], 0x80, 0x40812}, 0x8) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r14 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r17 = dup2(r16, r15) ioctl$PERF_EVENT_IOC_ENABLE(r17, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r14, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) r18 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r18, 0x89e1, 0x0) getsockopt$bt_BT_SECURITY(r18, 0x112, 0x4, &(0x7f0000000040), 0x2) tkill(r14, 0x3c) ptrace$cont(0x18, r14, 0x0, 0x0) ptrace$setregs(0xd, r14, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r14, 0x0, 0x0) 17:53:23 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0xb00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r4, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r5, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) sendmsg(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000100)="6d6d01fbf2e82e90da0c8c49fc9a814c2e6a5b47aa6c2a3d559deed8df1540e90355cb2f4efca7ecb8bda37899687f12a8111009765b469d5e4062c13366aa18f6cf127d5d6acaa32ba34b35ebe3f2c12526b7f0681a4ec176a34b5cba628701155c03860ceed88dba7d8379ff77e4b6a078bda1a4202e9ce08176116a0e1a8cc48e84326e8e5d0a1552134a32888129edc3ccd883ce82f08cfb7568d6d693c5633f5fb99ba83cf7f2ae365e3506011ae32b242e81bac1b84567acf0ce0addce04693060486d4124c174729e01de7e47d78ab8a58925f4ce55e4d4a3cd586df11a64b535ff979f829bcc9fb3eb7b", 0xee}, {&(0x7f0000000040)="3c1f07d768e43dfb462e8f8490a3c18c66a26d0cd777e05a6ec56bb6ed4bebd0178639125aca75fbd2", 0x29}, {&(0x7f0000000200)="5a464feaecb7b929e25fdeb40d14d5f4ebfdd29509609057cfe61228174018aaeaa04eb66320834be9861f6f602291d4c61c8403688c30252bdc9276b029be055e80", 0x42}, {&(0x7f0000000080)}, {&(0x7f0000000380)="47c105001ea8f32605fda25c19809aaa7052e7f5081be6480250a897d051129997282510ae56669d83f51c66d6916370160058f3ec618e8ab0bf7828062bf5054ed24385041ce3f82168e487183dc3e1", 0x50}], 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="e00000000000000000010000ffffffff0b68e7376b6ae2a75a9462fb2f857aa41de92a2ac29ec064da4c97577038fc3d4699812d094806ba64ea75d4209afc0d2d9bc374d532f2efaf57773a5296717f3e2eec3b6707c3ebcaac1d69e99eb9799ae700135ca7cfcbc91635fac2bc44cfbd7b875fe8c48a359414317ebcb6ca3b17070cd7a1eeb60c49dbcd11dc261e865edbea3c4ce644f01f903caca2891eb58af204647e1853bcb69e03fa255987aaae1bfee030d37b8416a3eef6870867ee01f82849cf96515d0ba49880b44fc815000000000078000000000000001701000009000000737089cc489bebeb7953efce3bb92cfc3f224c717d71e59fdff6940f541049e7d061d6467f227e408a9e4ab2b900357fb4b8323d18bee49db0072eeb3a04c7b8e27c4db57420268ab4b7e9337bf43f7dd5e9f3ed5c75841b3c107f0cc98a0d297eb1dc91f8b000"/344], 0x158}, 0x8000) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = syz_open_dev$cec(&(0x7f0000000680)='/dev/cec#\x00', 0x2, 0x2) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r7, 0xc0406618, &(0x7f00000006c0)={{0x1, 0x0, @reserved="47be6f6d89ec44b894a3f33398d58c6a73ed984316e1b3cc8ba764ea13c40906"}}) ioctl$TCGETS2(r6, 0x802c542a, &(0x7f0000000640)) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 3505.578342] FAULT_INJECTION: forcing a failure. [ 3505.578342] name failslab, interval 1, probability 0, space 0, times 0 [ 3505.590286] CPU: 0 PID: 26483 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3505.597516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3505.606900] Call Trace: [ 3505.609527] dump_stack+0x142/0x197 [ 3505.613188] should_fail.cold+0x10f/0x159 [ 3505.617375] should_failslab+0xdb/0x130 [ 3505.621378] kmem_cache_alloc_node_trace+0x280/0x770 [ 3505.626515] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 3505.632034] __kmalloc_node_track_caller+0x3d/0x80 [ 3505.637051] __kmalloc_reserve.isra.0+0x40/0xe0 [ 3505.641754] __alloc_skb+0xcf/0x500 [ 3505.645409] ? skb_scrub_packet+0x4b0/0x4b0 [ 3505.649757] ? netlink_has_listeners+0x20a/0x330 [ 3505.654541] kobject_uevent_env+0x781/0xc23 [ 3505.658898] kobject_uevent+0x20/0x26 [ 3505.662722] lo_ioctl+0x11e7/0x1ce0 [ 3505.666372] ? loop_probe+0x160/0x160 [ 3505.670219] blkdev_ioctl+0x96b/0x1860 [ 3505.674131] ? blkpg_ioctl+0x980/0x980 17:53:23 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) timer_create(0x2, &(0x7f0000000040)={0x0, 0x2a, 0x0, @tid=r1}, &(0x7f0000000140)) wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r6, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="fdffffff8f45ecda07db11267dfb297b1ab8daeb1b30120f6654e1fb8a36616871a5a2044a81e01aef2d52d604ca1bc25485cd4fbaeefabdf7336f7d48fbb6ffb7887116d7eb1ca4eb7c5f163c71a7a797b4ee3d47de8839507cf43790ed6755c8e6d05e2362f8a6db9b4a9dace91502f0afa87196c9d79a43261929b3e8bd11d5112e229acab2267fdf84ed49", @ANYRES16=r7, @ANYBLOB="01070000fed7386b7d3df435ff00"], 0x14}}, 0x0) ioctl$LOOP_CHANGE_FD(r5, 0x4c06, r6) ptrace$cont(0x9, r0, 0x0, 0x0) [ 3505.678050] ? __might_sleep+0x93/0xb0 [ 3505.681956] ? __fget+0x210/0x370 [ 3505.685437] block_ioctl+0xde/0x120 [ 3505.689221] ? blkdev_fallocate+0x3b0/0x3b0 [ 3505.693573] do_vfs_ioctl+0x7ae/0x1060 [ 3505.697485] ? selinux_file_mprotect+0x5d0/0x5d0 [ 3505.702267] ? lock_downgrade+0x740/0x740 [ 3505.706549] ? ioctl_preallocate+0x1c0/0x1c0 [ 3505.710985] ? __fget+0x237/0x370 [ 3505.714465] ? security_file_ioctl+0x89/0xb0 [ 3505.718900] SyS_ioctl+0x8f/0xc0 [ 3505.722298] ? do_vfs_ioctl+0x1060/0x1060 [ 3505.726478] do_syscall_64+0x1e8/0x640 [ 3505.730389] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3505.735260] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3505.740638] RIP: 0033:0x45a4a7 [ 3505.743839] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3505.751596] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 3505.758888] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 3505.766179] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3505.773470] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3505.780759] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 3505.786532] ptrace attach of "/root/syz-executor.1"[26490] was attempted by "/root/syz-executor.1"[26491] 17:53:23 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = openat$full(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/full\x00', 0x12000, 0x0) ioctl$SG_SET_COMMAND_Q(r1, 0x2271, &(0x7f0000000200)) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='memory.swap.current\x00', 0x0, 0x0) ioctl$VHOST_SET_VRING_ERR(r2, 0x4008af22, &(0x7f0000000080)) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r3, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r4, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) fcntl$setpipe(r3, 0x407, 0x8) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup2(r6, r5) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000100)={0x4, 0x0, [{0x80000008, 0x3f, 0x2, 0x9dbc, 0x4, 0x5, 0xfffffffa}, {0x80000000, 0x6, 0x6, 0x4a0, 0x4, 0x98a00000, 0x4}, {0x1, 0x4, 0x3, 0x1, 0x7, 0x2, 0x200}, {0x80000001, 0x1, 0xf910b0b2b72cb4b8, 0x3576477a, 0x5, 0x2, 0x10001}]}) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(r7, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:53:23 executing program 5 (fault-call:3 fault-nth:32): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3505.947317] FAULT_INJECTION: forcing a failure. [ 3505.947317] name failslab, interval 1, probability 0, space 0, times 0 [ 3505.984660] CPU: 0 PID: 26501 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3505.991723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3506.001079] Call Trace: [ 3506.003679] dump_stack+0x142/0x197 [ 3506.007318] should_fail.cold+0x10f/0x159 [ 3506.011473] should_failslab+0xdb/0x130 [ 3506.015450] kmem_cache_alloc_node_trace+0x280/0x770 [ 3506.020557] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 3506.026009] __kmalloc_node_track_caller+0x3d/0x80 [ 3506.030941] __kmalloc_reserve.isra.0+0x40/0xe0 [ 3506.035612] __alloc_skb+0xcf/0x500 [ 3506.039264] ? skb_scrub_packet+0x4b0/0x4b0 [ 3506.043583] ? netlink_has_listeners+0x20a/0x330 [ 3506.048338] kobject_uevent_env+0x781/0xc23 [ 3506.052671] kobject_uevent+0x20/0x26 [ 3506.056472] lo_ioctl+0x11e7/0x1ce0 [ 3506.060097] ? loop_probe+0x160/0x160 [ 3506.063898] blkdev_ioctl+0x96b/0x1860 [ 3506.067781] ? blkpg_ioctl+0x980/0x980 [ 3506.071667] ? __might_sleep+0x93/0xb0 [ 3506.075549] ? __fget+0x210/0x370 [ 3506.079002] block_ioctl+0xde/0x120 [ 3506.082633] ? blkdev_fallocate+0x3b0/0x3b0 [ 3506.086955] do_vfs_ioctl+0x7ae/0x1060 [ 3506.090843] ? selinux_file_mprotect+0x5d0/0x5d0 [ 3506.095595] ? lock_downgrade+0x740/0x740 [ 3506.099741] ? ioctl_preallocate+0x1c0/0x1c0 [ 3506.104152] ? __fget+0x237/0x370 [ 3506.107609] ? security_file_ioctl+0x89/0xb0 [ 3506.112017] SyS_ioctl+0x8f/0xc0 [ 3506.115378] ? do_vfs_ioctl+0x1060/0x1060 [ 3506.119526] do_syscall_64+0x1e8/0x640 [ 3506.123412] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3506.128257] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3506.133439] RIP: 0033:0x45a4a7 [ 3506.136621] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3506.144329] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 3506.151596] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 3506.158861] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3506.166219] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3506.173578] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:26 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x2, 0x14000) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:53:26 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000440)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:26 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, 0x0, &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:26 executing program 5 (fault-call:3 fault-nth:33): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3508.238621] FAULT_INJECTION: forcing a failure. [ 3508.238621] name failslab, interval 1, probability 0, space 0, times 0 [ 3508.250364] CPU: 1 PID: 26512 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3508.257394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3508.266749] Call Trace: [ 3508.269344] dump_stack+0x142/0x197 [ 3508.273031] should_fail.cold+0x10f/0x159 [ 3508.277215] should_failslab+0xdb/0x130 [ 3508.281181] kmem_cache_alloc_node+0x287/0x780 [ 3508.285762] __alloc_skb+0x9c/0x500 [ 3508.289369] ? skb_scrub_packet+0x4b0/0x4b0 [ 3508.293673] ? netlink_has_listeners+0x20a/0x330 [ 3508.298411] kobject_uevent_env+0x781/0xc23 [ 3508.302717] kobject_uevent+0x20/0x26 [ 3508.306505] lo_ioctl+0x11e7/0x1ce0 [ 3508.310114] ? loop_probe+0x160/0x160 [ 3508.313903] blkdev_ioctl+0x96b/0x1860 [ 3508.317770] ? blkpg_ioctl+0x980/0x980 [ 3508.321646] ? __might_sleep+0x93/0xb0 [ 3508.325515] ? __fget+0x210/0x370 [ 3508.328953] block_ioctl+0xde/0x120 [ 3508.332563] ? blkdev_fallocate+0x3b0/0x3b0 [ 3508.336886] do_vfs_ioctl+0x7ae/0x1060 [ 3508.340760] ? selinux_file_mprotect+0x5d0/0x5d0 [ 3508.340770] ? lock_downgrade+0x740/0x740 [ 3508.340780] ? ioctl_preallocate+0x1c0/0x1c0 [ 3508.340790] ? __fget+0x237/0x370 [ 3508.340805] ? security_file_ioctl+0x89/0xb0 [ 3508.340816] SyS_ioctl+0x8f/0xc0 [ 3508.349688] ? do_vfs_ioctl+0x1060/0x1060 [ 3508.349700] do_syscall_64+0x1e8/0x640 [ 3508.349713] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3508.378265] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3508.383634] RIP: 0033:0x45a4a7 [ 3508.386819] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3508.394529] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 3508.401801] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 3508.409072] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3508.416440] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3508.423707] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:26 executing program 2: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:26 executing program 5 (fault-call:3 fault-nth:34): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3508.671884] FAULT_INJECTION: forcing a failure. [ 3508.671884] name failslab, interval 1, probability 0, space 0, times 0 [ 3508.683793] CPU: 0 PID: 26537 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3508.690818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3508.690823] Call Trace: [ 3508.690842] dump_stack+0x142/0x197 [ 3508.690862] should_fail.cold+0x10f/0x159 [ 3508.690879] should_failslab+0xdb/0x130 [ 3508.690891] kmem_cache_alloc_node+0x287/0x780 [ 3508.690916] __alloc_skb+0x9c/0x500 [ 3508.690926] ? skb_scrub_packet+0x4b0/0x4b0 [ 3508.690939] ? netlink_has_listeners+0x20a/0x330 [ 3508.706480] kobject_uevent_env+0x781/0xc23 [ 3508.706503] kobject_uevent+0x20/0x26 [ 3508.706517] lo_ioctl+0x11e7/0x1ce0 [ 3508.719192] ? loop_probe+0x160/0x160 [ 3508.719207] blkdev_ioctl+0x96b/0x1860 [ 3508.719215] ? blkpg_ioctl+0x980/0x980 [ 3508.719231] ? __might_sleep+0x93/0xb0 [ 3508.759024] ? __fget+0x210/0x370 [ 3508.762479] block_ioctl+0xde/0x120 [ 3508.766099] ? blkdev_fallocate+0x3b0/0x3b0 [ 3508.770404] do_vfs_ioctl+0x7ae/0x1060 [ 3508.774302] ? selinux_file_mprotect+0x5d0/0x5d0 [ 3508.779057] ? lock_downgrade+0x740/0x740 [ 3508.783198] ? ioctl_preallocate+0x1c0/0x1c0 [ 3508.787606] ? __fget+0x237/0x370 [ 3508.791046] ? security_file_ioctl+0x89/0xb0 [ 3508.795447] SyS_ioctl+0x8f/0xc0 [ 3508.798803] ? do_vfs_ioctl+0x1060/0x1060 [ 3508.802958] do_syscall_64+0x1e8/0x640 [ 3508.806840] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3508.811666] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3508.816834] RIP: 0033:0x45a4a7 17:53:26 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r4 = syz_open_dev$sndpcmp(&(0x7f0000000400)='/dev/snd/pcmC#D#p\x00', 0x2, 0x1) r5 = getpid() sched_setattr(r5, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) write$cgroup_pid(r4, &(0x7f0000000440)=r5, 0x12) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) ioctl$VIDIOC_S_MODULATOR(r6, 0x40445637, &(0x7f0000000180)={0x800, "b65289bd326406b8c51fb1f15297e7f232d68cdd24a4262e1f25fdca523f595b", 0x1, 0x7, 0x5e, 0x1, 0x3}) r7 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r7, 0x89e1, 0x0) r8 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) syz_open_pts(r8, 0x600) ioctl$sock_inet_SIOCRTMSG(r7, 0x890d, &(0x7f0000000100)={0x0, {0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x2, 0x4e24, @rand_addr=0x40}, {0x2, 0x4e21, @loopback}, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000040)='veth0_to_bridge\x00', 0x6, 0x3ff, 0x6}) ptrace$cont(0x9, r0, 0x0, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r9, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r10, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) ioctl$SIOCGSTAMPNS(r9, 0x8907, &(0x7f0000000200)) [ 3508.820004] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3508.827702] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 3508.835217] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 3508.842474] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3508.849730] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3508.856980] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:26 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0xa0000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x100, 0x0) ioctl$PIO_UNIMAPCLR(r4, 0x4b68, &(0x7f0000000080)={0x0, 0xc00, 0x7}) ptrace$cont(0x9, r0, 0x0, 0x0) 17:53:26 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ioctl$VIDIOC_DBG_G_CHIP_INFO(r3, 0xc0c85666, &(0x7f0000000100)={{0x3, @name="8322a7c7ba50f333c5abe458f17140f1d93fe542de5a31e7d6b7e8faf69eccb5"}, "5a4f54c990d856c9ca3a0f45c40395a8197434393f834d6c4ed4a6b6c677aaac", 0x5}) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:53:26 executing program 5 (fault-call:3 fault-nth:35): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:26 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r4, 0x89e1, 0x0) r5 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r5) r6 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r6, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f0000000000)={r7}, 0xc) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r4, 0x84, 0x1, &(0x7f0000000040)={r7, 0x4, 0x3f, 0x0, 0x5, 0xffffffff}, &(0x7f0000000080)=0x14) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r3, 0x84, 0x7c, &(0x7f0000000100)={r8, 0x81, 0x1}, &(0x7f0000000140)=0x8) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 3509.026445] FAULT_INJECTION: forcing a failure. [ 3509.026445] name failslab, interval 1, probability 0, space 0, times 0 [ 3509.049613] CPU: 0 PID: 26556 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3509.056672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3509.066034] Call Trace: [ 3509.068643] dump_stack+0x142/0x197 [ 3509.072293] should_fail.cold+0x10f/0x159 17:53:26 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, 0x0, &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) [ 3509.076450] should_failslab+0xdb/0x130 [ 3509.080556] kmem_cache_alloc_node+0x287/0x780 [ 3509.085137] __alloc_skb+0x9c/0x500 [ 3509.088833] ? skb_scrub_packet+0x4b0/0x4b0 [ 3509.093157] ? netlink_has_listeners+0x20a/0x330 [ 3509.097918] kobject_uevent_env+0x781/0xc23 [ 3509.102261] kobject_uevent+0x20/0x26 [ 3509.106060] lo_ioctl+0x11e7/0x1ce0 [ 3509.109681] ? loop_probe+0x160/0x160 [ 3509.113520] blkdev_ioctl+0x96b/0x1860 [ 3509.117409] ? blkpg_ioctl+0x980/0x980 [ 3509.121301] ? __might_sleep+0x93/0xb0 [ 3509.125196] ? __fget+0x210/0x370 [ 3509.128651] block_ioctl+0xde/0x120 [ 3509.132281] ? blkdev_fallocate+0x3b0/0x3b0 [ 3509.136583] do_vfs_ioctl+0x7ae/0x1060 [ 3509.140462] ? selinux_file_mprotect+0x5d0/0x5d0 [ 3509.145221] ? lock_downgrade+0x740/0x740 [ 3509.149374] ? ioctl_preallocate+0x1c0/0x1c0 [ 3509.153810] ? __fget+0x237/0x370 [ 3509.157267] ? security_file_ioctl+0x89/0xb0 [ 3509.161676] SyS_ioctl+0x8f/0xc0 [ 3509.165044] ? do_vfs_ioctl+0x1060/0x1060 [ 3509.169193] do_syscall_64+0x1e8/0x640 [ 3509.169204] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3509.177933] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3509.177943] RIP: 0033:0x45a4a7 [ 3509.186290] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3509.193993] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 3509.201251] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 3509.208530] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3509.215802] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3509.223084] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:29 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r1, 0x89e1, 0x0) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r2, 0x89e1, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000080)={0xffffffffffffffff}, 0x2, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f0000000140)={0x2, 0xfffffffffffffdeb, 0xfa00, {0x0, {0xa, 0x4e24, 0xfffffff7, @local}, r3}}, 0x30) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r4 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x810000, 0x0) ioctl$UFFDIO_ZEROPAGE(r4, 0xc020aa04, &(0x7f0000000040)={{&(0x7f0000ffe000/0x1000)=nil, 0x1000}, 0x1}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:53:29 executing program 5 (fault-call:3 fault-nth:36): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:29 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, 0x0, &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:29 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000580)="347a9e31e0e2764ff56f49bd7df9412585827e4a32f8e828803d2c1b3cab6f0dc937958931e521b3b018bfb20423591bd30e2fd9b29b204d2cf9c441ea0cb2d250ef16e84399bb20df45d6b7ae777190c3a97574dd91bd053ecf6a0f1f7450c10edb4fcfea33d903d79697abcb54c205b0fd34e574c4dfc1806e755b0bc403f463de261bbb28616da17c709a85022d315650068e6fc981c84a91e220684f77de830ac2d74a4bb9c030a59462d1f7610a8127add06a64ad55ec3bbc8259b3db20b951d526706ca185ab82abe2448b87970fc912c9f15f3b3e9154dd2970cc5217fe23cef6ae50d2dad1873176cdd0aa012e8467aaa0d9974aabae9bbe91bc5bbc80501e87498fa80807be58e7de939aa8260099de57000000", 0x5e7be05f70fedf39) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:29 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$FS_IOC_MEASURE_VERITY(0xffffffffffffffff, 0xc0046686, &(0x7f0000000140)=ANY=[@ANYBLOB="0000650003be54bf68e791bfefe5706bd86ccfa06d2a24daf11a66415a705509625e11b0981e642e06ee4d98b8dacaef87e3281f85972d315e6c14ff68dd593cdec962243f0a292d8c6881fdafad6417b2f90e0ad6a9e18c925a"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x253, 0x0, 0x0, 0x0) ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000000)={0x12, 0x58bc, 0x0, 0xb8c6, 0x11, 0x5, 0x2, 0x9, 0x7, 0x10000, 0x9, 0x4}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f000001d000)={0xa4353ed7c7f36fa9, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0x100}, 0x31c06}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x82c7ffd76f2487f8) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 3511.306615] FAULT_INJECTION: forcing a failure. [ 3511.306615] name failslab, interval 1, probability 0, space 0, times 0 [ 3511.323162] CPU: 0 PID: 26578 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3511.330215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3511.339601] Call Trace: [ 3511.342216] dump_stack+0x142/0x197 [ 3511.345864] should_fail.cold+0x10f/0x159 [ 3511.350218] should_failslab+0xdb/0x130 [ 3511.354208] kmem_cache_alloc_node_trace+0x280/0x770 [ 3511.359329] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 3511.365452] __kmalloc_node_track_caller+0x3d/0x80 [ 3511.370402] __kmalloc_reserve.isra.0+0x40/0xe0 [ 3511.375097] __alloc_skb+0xcf/0x500 [ 3511.378744] ? skb_scrub_packet+0x4b0/0x4b0 [ 3511.383090] ? netlink_has_listeners+0x20a/0x330 [ 3511.387970] kobject_uevent_env+0x781/0xc23 [ 3511.392309] kobject_uevent+0x20/0x26 [ 3511.396126] lo_ioctl+0x11e7/0x1ce0 [ 3511.399775] ? loop_probe+0x160/0x160 [ 3511.399792] blkdev_ioctl+0x96b/0x1860 [ 3511.407736] ? blkpg_ioctl+0x980/0x980 [ 3511.407755] ? __might_sleep+0x93/0xb0 [ 3511.415563] ? __fget+0x210/0x370 [ 3511.419048] block_ioctl+0xde/0x120 [ 3511.422690] ? blkdev_fallocate+0x3b0/0x3b0 [ 3511.427018] do_vfs_ioctl+0x7ae/0x1060 [ 3511.430913] ? selinux_file_mprotect+0x5d0/0x5d0 [ 3511.435687] ? lock_downgrade+0x740/0x740 [ 3511.439854] ? ioctl_preallocate+0x1c0/0x1c0 [ 3511.444277] ? __fget+0x237/0x370 [ 3511.447757] ? security_file_ioctl+0x89/0xb0 [ 3511.452169] SyS_ioctl+0x8f/0xc0 [ 3511.455557] ? do_vfs_ioctl+0x1060/0x1060 [ 3511.459716] do_syscall_64+0x1e8/0x640 [ 3511.463608] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3511.468450] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3511.473752] RIP: 0033:0x45a4a7 [ 3511.476925] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3511.484625] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4a7 [ 3511.491901] RDX: 0000000000000007 RSI: 0000000000004c00 RDI: 0000000000000008 [ 3511.499183] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3511.506464] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3511.513870] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:29 executing program 2: syz_emit_ethernet(0x3e, &(0x7f0000000000)={@local, @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "50a09c", 0x8, 0xffffff2f, 0x0, @remote={0xfe, 0x80, [0x0, 0x88caffff]}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, {[], @udp={0xffffa888, 0x0, 0x8}}}}}}, 0x0) r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r0, 0x89e1, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000040)={0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000080)=0x1c) 17:53:29 executing program 5 (fault-call:3 fault-nth:37): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:29 executing program 2: ioctl$TIOCSSERIAL(0xffffffffffffffff, 0x541f, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x8000, 0x7fffffff, 0x0, 0x0, 0x10082, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000000c0)="800000003804001423c90b9801000000360019000300e60100006c00000000000004000000000100000074ade1d4a6005100000040010080002e", 0xfffffffffffffc93, 0x7fffffff}], 0x0, 0x0) [ 3511.678472] FAULT_INJECTION: forcing a failure. [ 3511.678472] name failslab, interval 1, probability 0, space 0, times 0 [ 3511.697331] CPU: 1 PID: 26605 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3511.704422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3511.713870] Call Trace: [ 3511.716465] dump_stack+0x142/0x197 [ 3511.720112] should_fail.cold+0x10f/0x159 [ 3511.724283] should_failslab+0xdb/0x130 [ 3511.728269] kmem_cache_alloc+0x2d7/0x780 [ 3511.732433] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 3511.737889] ? ext4_sync_fs+0x800/0x800 [ 3511.741859] ext4_alloc_inode+0x1d/0x610 [ 3511.745929] alloc_inode+0x64/0x180 [ 3511.749580] new_inode_pseudo+0x19/0xf0 [ 3511.753579] new_inode+0x1f/0x40 [ 3511.757766] __ext4_new_inode+0x32c/0x4860 [ 3511.762015] ? avc_has_perm+0x2df/0x4b0 [ 3511.766050] ? ext4_free_inode+0x1210/0x1210 [ 3511.770576] ? dquot_get_next_dqblk+0x160/0x160 [ 3511.775277] ext4_mkdir+0x331/0xc20 [ 3511.779137] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 3511.783835] ? security_inode_mkdir+0xd0/0x110 [ 3511.788442] vfs_mkdir+0x3ca/0x610 [ 3511.792007] SyS_mkdir+0x1b7/0x200 [ 3511.795979] ? SyS_mkdirat+0x210/0x210 [ 3511.799882] ? do_syscall_64+0x53/0x640 [ 3511.804010] ? SyS_mkdirat+0x210/0x210 [ 3511.807895] do_syscall_64+0x1e8/0x640 [ 3511.811790] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3511.816746] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3511.821940] RIP: 0033:0x459a57 17:53:29 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x202040, 0x0) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0x9) r2 = dup(r0) r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0xee72) r4 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/keycreate\x00', 0x2, 0x0) sendfile(r2, r4, 0x0, 0x10008000fffffffc) [ 3511.825125] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 3511.832833] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a57 [ 3511.840113] RDX: 0000000000000007 RSI: 00000000000001ff RDI: 0000000020000100 [ 3511.847387] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3511.854779] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3511.862049] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:29 executing program 5 (fault-call:3 fault-nth:38): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3511.955045] FAULT_INJECTION: forcing a failure. [ 3511.955045] name failslab, interval 1, probability 0, space 0, times 0 [ 3511.968046] CPU: 1 PID: 26615 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3511.975131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3511.984640] Call Trace: [ 3511.987257] dump_stack+0x142/0x197 [ 3511.990917] should_fail.cold+0x10f/0x159 [ 3511.995095] should_failslab+0xdb/0x130 [ 3511.999093] kmem_cache_alloc+0x2d7/0x780 [ 3512.003258] ? __d_lookup+0x3a2/0x670 [ 3512.007203] ? mark_held_locks+0xb1/0x100 [ 3512.011355] ? d_lookup+0xe5/0x240 [ 3512.014904] __d_alloc+0x2d/0x9f0 [ 3512.018357] d_alloc+0x4d/0x270 [ 3512.021719] __lookup_hash+0x58/0x180 [ 3512.025680] filename_create+0x16c/0x430 [ 3512.029852] ? kern_path_mountpoint+0x40/0x40 [ 3512.034348] SyS_mkdir+0x92/0x200 [ 3512.037807] ? SyS_mkdirat+0x210/0x210 [ 3512.041697] ? do_syscall_64+0x53/0x640 [ 3512.045668] ? SyS_mkdirat+0x210/0x210 [ 3512.049547] do_syscall_64+0x1e8/0x640 [ 3512.053583] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3512.058477] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3512.064302] RIP: 0033:0x459a57 [ 3512.067486] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 3512.075219] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a57 [ 3512.082491] RDX: 0000000000000007 RSI: 00000000000001ff RDI: 0000000020000100 [ 3512.089789] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3512.097092] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 17:53:30 executing program 2: ioctl$IOC_PR_RESERVE(0xffffffffffffffff, 0x401070c9, &(0x7f0000000040)={0x2a}) syz_emit_ethernet(0x3e, &(0x7f0000000000)={@local, @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "50a09c", 0x8, 0xffffff2f, 0x0, @remote={0xfe, 0x80, [0x0, 0x88caffff]}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, {[], @udp={0xffffa888, 0x0, 0x8}}}}}}, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000080)='vmnet1ppp1bdev^\x00'}, 0x30) syz_open_procfs(r0, &(0x7f0000000100)='net/ip6_mr_vif\x00') 17:53:30 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/status\x00', 0x0, 0x0) ioctl$SG_GET_COMMAND_Q(r0, 0x2270, &(0x7f0000000080)) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r1, 0x3c) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) [ 3512.104532] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:32 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040)={0x0, 0x0}) ptrace$getenv(0x4201, r1, 0x3, &(0x7f0000000000)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:53:32 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:32 executing program 2: r0 = memfd_create(&(0x7f0000000200)='$B6/%cpuset]\x17\xdd\x93\x11]T\n\xe3[\xe5M\f\xe5\x1a\x8c\xc3\xb9(\x05\xb0\x98\xb8\"v\x94w\x85\x83\xea\xd5\xc1\x9c\xc1\x02\x11\x9e\xc51\xbd\x82\xc7\x87\xd1\vVT\xc4\xf7\xef\x9d\xb4\xb2\x1c\x92\xaa\xb6s&\xa4\xf0=\xc9\xa6\xb4q\xc6U\x14\x96\xce\x02\xa6F\'X\xb3\xa2 k\x17b\x97JA\xac\xad\x18[\x19~aj\x9e<)?\xa4\x90t\xafE\xa7\xd5?\xa7(\x1b\xa7\x027VH\xb2\xc6\x19|\x9d p\x06\x96\xc7\xe1\xc6\x00\x8dV\x11\x8e\x94\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd5\x87\xa8\xf1B\xf0\xe8\xdf\t\x06\xd1i\xa0\x12\xa3m\xff6\bS\xd1\xe7(\x9f\x84u\xaaz\x05~\xa4$n\xfe\xfb\x89\xf3\x8f}\xb8\xd0\x1e\x86V\xa7I\xb9C9!\xd1-\xe0\v\xe4\xbd\x11r\x86\x95\xfc\xd0\xf5f\xe5\xa8\xaa\xf6\xab\xeau4\x14\xd2\xda\xdd:\xc9\xf0\xf4\xba\xcc]/\x03\x88\a\xbaKHI\x8bn8zfS\n\x9d\xb5\x8a\xefA7\'\x90\a<4\x05\xf7BH\xcc\xb0?\xfc\xde\xe0\xcbB>\xad)\x13\xa7to\x86\x1d\xf1\xca\x99\xa6\x1als\xc0\x10\xcarp\xda\xa6|&]\x16\rt:)\\\xd0\"\xb3{\xd1e', 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r1, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r2, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r3, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r4, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYRESHEX=r0, @ANYRES16=r0, @ANYRES64, @ANYRESHEX=0x0, @ANYRESHEX=r4], 0x40) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r8}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_MODE={0x8, 0x1, 0x6}]}}}]}, 0x3c}}, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0xf0ffff, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x20, 0x10, 0xc0b, 0x0, 0x0, {0x0, 0x0, 0x0, r8, 0x3}}, 0x20}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000140)={'team0\x00', r8}) getsockname$packet(0xffffffffffffffff, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000340)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=@newneigh={0x34, 0x1c, 0x20, 0x70bd26, 0x25dfdbff, {0x4d4912e55aaa91aa, 0x0, 0x0, r9, 0x14, 0x1c, 0xb}, [@NDA_SRC_VNI={0x8, 0xb, 0x80}, @NDA_MASTER={0x8, 0x9, 0xffff065d}, @NDA_IFINDEX={0x8, 0x8, r10}]}, 0x34}, 0x1, 0x0, 0x0, 0x81}, 0x4000000) 17:53:32 executing program 5 (fault-call:3 fault-nth:39): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:32 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(0xffffffffffffffff, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r6 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r6, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r6, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r7 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r7, 0x89e1, 0x0) r8 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r8) r9 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r9, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r9, 0x84, 0x1d, &(0x7f0000000580)=ANY=[@ANYBLOB="9019f29b6451cdb0c3b6faa05fa4247b37c63f690631a8697ed91d45a5778b05f88698c438a7e6a223b9dcc7bb421cbb2fe969a685c8c38e4870a1a439af0ff44b2800000000d593025e22d38871964535334427b20a51c2d2f6b7feabf5f42b56e94bd3e4c14276b5b07b66618cc92fb5bfd98f255ba4eff67a35573a3daad8387a658f3be2cbe0475aa63034024d9d4d240df7de63c033ccdfd7c5f0a1b9a03da478c351bb63433e91f3ca157ca0ed19a61de52a44311d93eaab16907d4f6f5db66fd10607291959ecb44a9c31c869a63c4035e8ecfcbd01b8c2f830c05e1e6b5f79c4dc41f189031622a76deeae367f497611abec13369cfb2c24759b6c3fe3dbb18da8f545fc3a2b079f785fcc8736b2171d81979869bc3e420bdf2f2c04ec1158000000000000", @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r8, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r7, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r10}, &(0x7f00000002c0)=0x20) [ 3514.318707] FAULT_INJECTION: forcing a failure. [ 3514.318707] name failslab, interval 1, probability 0, space 0, times 0 [ 3514.330610] CPU: 1 PID: 26634 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3514.337636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3514.346990] Call Trace: [ 3514.349593] dump_stack+0x142/0x197 [ 3514.353230] should_fail.cold+0x10f/0x159 [ 3514.353265] should_failslab+0xdb/0x130 [ 3514.353276] __kmalloc+0x71/0x7a0 [ 3514.364825] ? mls_compute_context_len+0x3f6/0x5e0 [ 3514.369762] ? context_struct_to_string+0x33a/0x630 [ 3514.374782] context_struct_to_string+0x33a/0x630 [ 3514.374796] ? security_load_policycaps+0x320/0x320 [ 3514.374813] security_sid_to_context_core+0x18a/0x200 [ 3514.374826] security_sid_to_context_force+0x2b/0x40 [ 3514.374841] selinux_inode_init_security+0x493/0x700 [ 3514.395037] ? selinux_inode_create+0x30/0x30 [ 3514.395049] ? kfree+0x20a/0x270 [ 3514.395068] security_inode_init_security+0x18d/0x360 [ 3514.395080] ? ext4_init_acl+0x1f0/0x1f0 [ 3514.395091] ? security_kernel_post_read_file+0xd0/0xd0 [ 3514.408019] ? posix_acl_create+0xf5/0x3a0 [ 3514.408036] ? ext4_set_acl+0x400/0x400 [ 3514.408046] ? lock_downgrade+0x740/0x740 [ 3514.408059] ext4_init_security+0x34/0x40 [ 3514.417291] __ext4_new_inode+0x3385/0x4860 [ 3514.417314] ? ext4_free_inode+0x1210/0x1210 [ 3514.417332] ? dquot_get_next_dqblk+0x160/0x160 [ 3514.417356] ext4_mkdir+0x331/0xc20 [ 3514.426931] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 3514.435015] ? security_inode_mkdir+0xd0/0x110 [ 3514.435029] vfs_mkdir+0x3ca/0x610 [ 3514.435043] SyS_mkdir+0x1b7/0x200 [ 3514.435053] ? SyS_mkdirat+0x210/0x210 [ 3514.435067] ? do_syscall_64+0x53/0x640 [ 3514.435076] ? SyS_mkdirat+0x210/0x210 [ 3514.443516] do_syscall_64+0x1e8/0x640 [ 3514.443525] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3514.443542] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3514.443549] RIP: 0033:0x459a57 [ 3514.443555] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 3514.443566] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a57 [ 3514.443572] RDX: 0000000000000007 RSI: 00000000000001ff RDI: 0000000020000100 [ 3514.443577] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3514.443583] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3514.443589] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:32 executing program 5 (fault-call:3 fault-nth:40): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3514.567824] IPv6: ADDRCONF(NETDEV_UP): bond1: link is not ready [ 3514.578512] 8021q: adding VLAN 0 to HW filter on device bond1 17:53:32 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000280)='/dev/video35\x00', 0x2, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000480)=ANY=[@ANYBLOB="f848fe7a3db62122494d8656173e44c18d497815f81601c0b59718168516cdd87b8f0180093803cc0a79f343925c865d2fa2ba610876369c610236089c8fb55dc524dda8da62a985556da4197b4e8de0b0b01503ff8fe788878805d78e9523a50ea581cda1f9622a6ec5e70d821fef55b1c93340eeca38880adb571aaaf4bb30aed534066006bf2dc5de921ef549c450e08b2e199904ef885a9cd001ff27bbc570f87efd86b0c7b6770ccfe1d4b922d7f671c6351429652c68bf83277abbdfa4e92f250929f1975cf5e204a7fb389142c5185563b47986e11f2bce408a21af31e93f13b6901db5f417f12c93a83efcba8269c0ce951907486c1cc2b9e4f058f84c416147bb1a907b0cf1a18be94bac8b8da11e61c872"], 0x0) ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000100)={0x0, 0xffffffff, 0x2, {0x2, @sliced={0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20]}}}) ioctl$VIDIOC_CREATE_BUFS(r2, 0xc058560f, &(0x7f0000000300)={0x0, 0x2, 0x0, {0x0, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x760000}}}) ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r0, 0xc0945662, &(0x7f0000000000)={0x6, 0x0, [], {0x0, @bt={0x5, 0x7ff, 0x1, 0x0, 0x2800000, 0x7fffffff, 0x7, 0xffffff7f, 0xbfd, 0x8001, 0x400, 0x80, 0xffffffff, 0x6, 0x1, 0x86c852674fa33587}}}) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000200)={0x7, &(0x7f00000000c0)=[{0x1000, 0x7, 0x80, 0x3}, {0x7, 0x1, 0x0, 0x80000001}, {0xd4ee, 0x40, 0x80, 0x80}, {0x9, 0x1, 0x7, 0x4}, {0x81, 0x5, 0x0, 0x9}, {0x376c, 0x1, 0x0, 0x8}, {0x3, 0x8, 0x91, 0x5}]}) r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r4, 0x89e1, 0x0) getsockname$netrom(r4, &(0x7f0000000400)={{0x3, @default}, [@rose, @default, @default, @rose, @remote, @default, @default, @default]}, &(0x7f00000002c0)=0x48) ioctl$FICLONERANGE(r2, 0x4020940d, &(0x7f0000000240)={r3, 0x0, 0x8, 0x800, 0xd4b}) 17:53:32 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x30, 0x1, 0x1, 0x0, 0xffff, 0x20000000004}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000006c0)=[{{&(0x7f0000000140)=@nfc, 0x80, &(0x7f0000000240), 0x3, 0x0, 0xfffffffffffffebc}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r2, 0x40045542, 0x0) fcntl$setpipe(r3, 0x407, 0xef) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) openat$cgroup_procs(0xffffffffffffff9c, &(0x7f0000000000)='tasks\x00', 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) socket$bt_rfcomm(0x1f, 0x1, 0x3) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, 0x0, 0xfffffd33}}], 0x1, 0x40, 0x0) clone(0x89030900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(0x0, 0x0, 0x0, 0xfffffffffffffffd) syz_mount_image$bfs(&(0x7f00000000c0)='bfs\x00', &(0x7f0000000100)='./file0\x00', 0x4, 0x7, &(0x7f0000000780)=[{&(0x7f00000001c0)="a6282aba9f339cf858e8bdea4238ea36206be319ac03cac60d22ef01c1f5594ae684c31eb2def5f502d4bc92107baa86ac852fe9683a476807b16e2afc4c118c", 0x40, 0x6}, {&(0x7f0000000340)="28fc912f9980037a1c95654fb0097652d98c9fc92bffd75907ea39eb35f17ad01b9553687d1909adfb4b8971a76239702383e9c23014408e6ac4d077fc9e0b674fdb3c659592256f9c60d2d5673c4b37d718f38053945cbc06677a3641c97670f64ba034d91a70443289a79950cdf05d4f5dc4e42d83b69445557e16b5f56af1c2979a043f2512f3054a7c915911098b5853763f9baffa074c6f32cc98afa80245b627673b5e51761b61a04fefd88f30cc36e7309c38475b39cfae96bcb659d47dd08bff956a2ec7cb739ae92a87a81bb7b16dcfd17edaa568783ca71e63548cb976641e74d024836d2238cc69f5601d11bc07e4f71a46ff6f9345ef", 0xfc, 0x7}, {&(0x7f0000000240)="942a32dc427c4536a5369caa3bd7145af1ad0a8f93aa9897de2d7084e2c1b0953bd9", 0x22, 0x2}, {&(0x7f0000000440)="122319a0950d1984af5baf9edea63174f17ff8e86995a30390424911773bb7ccdb84280f44e335590a53e1f8f770a4dab3ca89ed91f384b1ca00b80e7985e87f64af68a044998814feadb2a907562139a63a586b38356d2e4e41ae0cb877af08a5a3fa320383262c21f002", 0x6b, 0x3ff}, {&(0x7f00000004c0)="b1797503732f8c3e2200a5703b2bec13b42bfada8968be406aed7f391ecfae70622b4e255255fae5ae2bfb47612153caa219efd9d10cb99e7fb376493b771b0dab4373e68d55356105c2e713f9df4c34441b8e66c3837087beffb69000c78db9414d23321b05067d4bef9a21d6adaf1af2eadc1cae430f1ce9a46ff1446938a293bfd24534e5f5c5b3167bb08a313b4af0e4a097fcce3b09b140b1b41ef1190fa26acaab952b05364a64d61bdd2bc761ef1a04ce00dc53d55d669753433780510bd613ceda0ecdfe8d5dc055e4291c627930bcb0b1a159bff8b2701e70df8084369702052e085bad", 0xe8, 0x100000001}, {&(0x7f00000005c0)="21f79e438fd018d189efaca6b00b4a0e40e8bcbe46609fe2dbae9467c7ad8c00a5fac897d0eb93a59d37e639b29ce35e5560d4f4f9adf0ca1286cf070f2cfecd260f7ca809e93f3a2c42b03dcb1216623d1e2effe400bfe8fb45cf5b4403736121820f95875d82d0378e7fc3a2e292eb6b82cac514f98ce95f4ea5698ff85aef287ec06a62603f4cfa8556d730822cea7de97187dc0bdb90848d9978ec85ef54008ea3c30e8a5e3ef0bd9914dfbdf4c0540215682151a92cea0d1baa7e0f2acbaa4fc1c6db2b75ca90541b47ba929c9a11ae2e00dc1ed01b940bcdefee73576566c8c0d969a17896243beec6690b", 0xee, 0x6}, {&(0x7f00000002c0)="b5edd624f63e21c6808276a8c9abb0b596bde5450c338455647968996d7518ff5b853e4ed11564470f6a4742", 0x2c, 0x1}], 0x2000a9, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000200)='net/igmp\x00') ioctl$VIDIOC_QUERYBUF(r4, 0xc0585609, &(0x7f00000009c0)={0xffffffff, 0x6, 0x4, 0x4000, {}, {0x1, 0x1b, 0xf7, 0xfe, 0x7, 0x0, "6c93a4f1"}, 0x0, 0x4, @planes=&(0x7f0000000740)={0xffff7fff, 0x7fff, @mem_offset=0x8, 0x2}, 0x4}) add_key(&(0x7f0000000840)='asymmetric\x00', &(0x7f0000000880)={'syz', 0x0}, &(0x7f00000008c0)="37375078efdc6ac6cc58776564b12bc8f6d48587762e5d7210f907758a8550372791061738abfca6ce2f558e11d4c61f01b3fbc2b3a66865cd791d575f443c745b9a22805cfcb1dd6613f19e2941e3e410f5b72f166025643462fdaeebdc9903b120cb2741127401dd9dccb5d0dc9b8a7a532e6e3d350866220fd71888ad8d7b162689787fec9767dd5499460fb4e60cb5dc69862ad998ee8d6fe72ba796dc9860820d57824527867fa148e446a98d88f29c2c5ae79fbcc62ab46b1dba5ce27b479314eb1db93a06e0741f760038a17ca216cd8195baf6dafea4823cadf880b28a415d", 0xe3, 0x0) prctl$PR_MPX_DISABLE_MANAGEMENT(0x2c) openat$nullb(0xffffffffffffff9c, &(0x7f0000000700)='/dev/nullb0\x00', 0x800, 0x0) preadv(r5, &(0x7f00000017c0), 0x315, 0x800000) [ 3514.768771] FAULT_INJECTION: forcing a failure. [ 3514.768771] name failslab, interval 1, probability 0, space 0, times 0 [ 3514.791193] CPU: 0 PID: 26656 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3514.798250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3514.807610] Call Trace: [ 3514.810206] dump_stack+0x142/0x197 [ 3514.813846] should_fail.cold+0x10f/0x159 [ 3514.818013] should_failslab+0xdb/0x130 [ 3514.822000] kmem_cache_alloc+0x2d7/0x780 [ 3514.826155] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 3514.831611] ? ext4_sync_fs+0x800/0x800 [ 3514.835593] ext4_alloc_inode+0x1d/0x610 [ 3514.839672] alloc_inode+0x64/0x180 [ 3514.843294] new_inode_pseudo+0x19/0xf0 [ 3514.847283] new_inode+0x1f/0x40 [ 3514.850641] __ext4_new_inode+0x32c/0x4860 [ 3514.854888] ? avc_has_perm+0x2df/0x4b0 [ 3514.858850] ? ext4_free_inode+0x1210/0x1210 [ 3514.863242] ? dquot_get_next_dqblk+0x160/0x160 [ 3514.867899] ext4_mkdir+0x331/0xc20 [ 3514.871525] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 3514.876182] ? security_inode_mkdir+0xd0/0x110 [ 3514.880756] vfs_mkdir+0x3ca/0x610 [ 3514.884288] SyS_mkdir+0x1b7/0x200 [ 3514.887810] ? SyS_mkdirat+0x210/0x210 [ 3514.891684] ? do_syscall_64+0x53/0x640 [ 3514.895640] ? SyS_mkdirat+0x210/0x210 [ 3514.899513] do_syscall_64+0x1e8/0x640 [ 3514.903390] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3514.908256] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3514.913438] RIP: 0033:0x459a57 [ 3514.916610] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 3514.924319] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a57 [ 3514.931585] RDX: 0000000000000006 RSI: 00000000000001ff RDI: 0000000020000100 [ 3514.938849] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3514.946111] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 [ 3514.953375] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000005 17:53:32 executing program 5 (fault-call:3 fault-nth:41): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3515.045410] FAULT_INJECTION: forcing a failure. [ 3515.045410] name failslab, interval 1, probability 0, space 0, times 0 [ 3515.057428] CPU: 1 PID: 26679 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3515.064437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3515.073789] Call Trace: [ 3515.076379] dump_stack+0x142/0x197 [ 3515.080020] should_fail.cold+0x10f/0x159 [ 3515.084172] ? __es_tree_search.isra.0+0x15f/0x1c0 [ 3515.089106] should_failslab+0xdb/0x130 [ 3515.093091] kmem_cache_alloc+0x47/0x780 [ 3515.097158] __es_insert_extent+0x26c/0xe60 [ 3515.101476] ext4_es_insert_extent+0x1f0/0x590 [ 3515.106097] ? check_preemption_disabled+0x3c/0x250 [ 3515.111107] ? ext4_es_find_delayed_extent_range+0x960/0x960 [ 3515.116901] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 3515.122341] ? ext4_es_find_delayed_extent_range+0x31d/0x960 [ 3515.128188] ext4_ext_put_gap_in_cache+0xcb/0x110 [ 3515.133034] ? ext4_zeroout_es+0x170/0x170 [ 3515.137260] ? ext4_find_extent+0x64c/0x960 [ 3515.141578] ext4_ext_map_blocks+0x1d4b/0x4fa0 [ 3515.146157] ? save_trace+0x290/0x290 [ 3515.149940] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 3515.154941] ? __lock_is_held+0xb6/0x140 [ 3515.158987] ? lock_acquire+0x16f/0x430 [ 3515.162953] ? ext4_map_blocks+0x402/0x17c0 [ 3515.167276] ext4_map_blocks+0xd3c/0x17c0 [ 3515.171413] ? __lock_is_held+0xb6/0x140 [ 3515.175462] ? check_preemption_disabled+0x3c/0x250 [ 3515.180471] ? ext4_issue_zeroout+0x160/0x160 [ 3515.184983] ? __brelse+0x50/0x60 [ 3515.188444] ext4_getblk+0xac/0x450 [ 3515.192064] ? ext4_iomap_begin+0x8a0/0x8a0 [ 3515.196375] ? ext4_free_inode+0x1210/0x1210 [ 3515.201125] ext4_bread+0x6e/0x1a0 [ 3515.204688] ? ext4_getblk+0x450/0x450 [ 3515.208592] ext4_append+0x14b/0x360 [ 3515.212305] ext4_mkdir+0x531/0xc20 [ 3515.215945] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 3515.220623] ? security_inode_mkdir+0xd0/0x110 [ 3515.225209] vfs_mkdir+0x3ca/0x610 [ 3515.228744] SyS_mkdir+0x1b7/0x200 [ 3515.232288] ? SyS_mkdirat+0x210/0x210 [ 3515.236179] ? do_syscall_64+0x53/0x640 [ 3515.240150] ? SyS_mkdirat+0x210/0x210 17:53:33 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) setsockopt$RDS_GET_MR(0xffffffffffffffff, 0x114, 0x2, &(0x7f00000001c0)={{&(0x7f00000000c0)=""/182, 0xb6}, &(0x7f0000000180), 0x21}, 0x20) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f0000000080)=[{0x0}, {0x0, 0xfffffffffffffd01}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79603f99615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x3) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) r4 = getpid() sched_setattr(r4, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r4, 0x10, &(0x7f0000000040)={0x1}) [ 3515.244042] do_syscall_64+0x1e8/0x640 [ 3515.247930] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3515.252778] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3515.257965] RIP: 0033:0x459a57 [ 3515.261153] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 3515.268857] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a57 [ 3515.276158] RDX: 0000000000000007 RSI: 00000000000001ff RDI: 0000000020000100 [ 3515.283413] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 17:53:33 executing program 2: shutdown(0xffffffffffffffff, 0x1) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x1, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) gettid() ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x5450, 0xffffffffffffffff) perf_event_open(&(0x7f00000016c0)={0x3, 0x70, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000040), 0x2}, 0x1000, 0x1, 0x8, 0x0, 0x5, 0x3, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x5a2b77713425647) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0xfffffffffffffe65) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='/group.sta\x9f\xd4t\x00+\x04J{\t\xab\v\x02t\xe1\t\x85\xa6\xfa\x15\xb3[\xa6\x94!\xf2\x04\xde\xc5f\x8a\x06\x00\x00\x00\xb9\x0f\xf8`\xe0\x1f&+\xaf\xacu\nm\\\xe2Y\xcba\xea\f\xd9DXX>\xef/\xc5\x97\xea\x93\xa7\xde\xc9\xb4\x16\x8eF\x8b\xe0Wm\x1d\x0e\xbf\x8b\xc4G\x8f\x8e\xd8[T|i$\x88\x04\x00\x00\x00\x00\x00\x00\x00\x90\x1eB\x8b\x98\xad\xd17_Q\xe15\x84\x8f\xea\x98\xc6\xe3WE\x11\xe0\xc6\x1f\xf2/\xf6\x1f', 0x2761, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)}, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000000)) 17:53:33 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000680)=[{&(0x7f0000000440)="647617368439d0c007f4d0de5b9ac6fa41548a2789f9e9a3f4219abd724a64a68b8f299a3693c8694dec04faf1e406f19bdfb9a7ae03d8b70516a49ef232f9420501948f6e52930452dd3545f69db626277ec5136f8ec5d6a704b2eeb7dd08efa6de4095", 0x64}, {&(0x7f00000004c0)="7d5efa62dc9348a6f7bedc8d84447feee467c3d847791f6a67647607dc825a79bea7fd561320a4c44c17d1569ec6e5de3e654ed283a0cc242cad263ff9f30c", 0x3f}, {&(0x7f0000000580)="cda28ce254a8be2cc2368208b3a9761b32a12ca0c79d26b1ae9ee9c9389528e0f564cc0b2f504facf58e70ae2ac85e1b7129dab1c8d8907abecc1cd22b64382ddac3c263d0d6d94a42f87a464329276efca815b306b9a4c44565017f79c0f54baf721db26b7e77cfc3f0db12c62a59c41d16774b4a48fc798bcb9cd2750c2040f04dbe330eb6a38a6740b6422cd8c5a479f4ee281b048d773b581974363a8acf23983c375cef378510e1c3bb733fa45d5cd8f0f415cb6d330b8d8744dbd47c3ef00affabfe892090c6bc57f659b4e3ff31303f76f7d74dd22fbf8e3da86b7fba0d430a66129e5b91cf83ae6f07", 0xed}], 0x3, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) [ 3515.290669] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3515.297932] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:35 executing program 5 (fault-call:3 fault-nth:42): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:35 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:35 executing program 2: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:35 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0xff) recvmmsg(r2, &(0x7f0000000440), 0x0, 0x2106, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) fcntl$getown(r3, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x8, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:35 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) stat(&(0x7f0000000180)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() getresgid(&(0x7f00000001c0), &(0x7f0000000400)=0x0, &(0x7f0000000540)) setresgid(r1, r2, r3) stat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000180)='./file0\x00', &(0x7f00000002c0)) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r5, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="14000000", @ANYRES16=r6, @ANYBLOB="01070000000000fbecc19e1489bf35ff00"/29], 0x14}}, 0x0) ioctl$sock_FIOGETOWN(r5, 0x8903, &(0x7f0000000200)) r7 = getgid() getresgid(&(0x7f00000001c0), &(0x7f0000000400), &(0x7f0000000540)) getgroups(0x3, &(0x7f0000000180)=[r2, r4, r7]) tkill(r0, 0x3c) r8 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r8, 0x89e1, 0x0) ioctl$sock_bt_cmtp_CMTPCONNDEL(r8, 0x400443c9, &(0x7f0000000240)={{0x2, 0x40, 0x5f, 0x4, 0x0, 0x7f}, 0x1}) r9 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r9, 0x89e1, 0x0) setsockopt$inet6_tcp_int(r9, 0x6, 0x17, &(0x7f0000000000)=0xff, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r10, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r11, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) ioctl$FS_IOC_SETFSLABEL(r10, 0x41009432, &(0x7f0000000440)="8e272ac3adf60cc3b9b5e43f7dd9618857b37c4af087e201ae43faba2a5b16c9b00918d7ba3685873ec0922e3c4d00bb894c585ac999897d173b1d7bfe33f9fb32ae565693c52457918b33a554d0b6b0da1888fe6779d9c1f25a22f0e45fcd7c7425ea8268bac6569aa83ea3e1c2ba681fd73496ae6d0a26e3741d926e8e7564d555b5aab6c867945b8ce5605c89223a79a1ec5b73682741121e23105d70f858b9ead24b0e7389a5dc67aaff9ad7620d51c8b3032985bfa0824ad02bde8cd837ae4979792612098867f36cb9e48178000e939ac9789a5f3048a61958052058a3066c1e28ac8f24ae15d51d6f834b65473b410be9576285f49d0e44cee0737d5a") ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 3517.388321] FAULT_INJECTION: forcing a failure. [ 3517.388321] name failslab, interval 1, probability 0, space 0, times 0 [ 3517.400854] CPU: 0 PID: 26704 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3517.407914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3517.417297] Call Trace: [ 3517.419913] dump_stack+0x142/0x197 [ 3517.423578] should_fail.cold+0x10f/0x159 [ 3517.427748] should_failslab+0xdb/0x130 [ 3517.431741] __kmalloc+0x2f0/0x7a0 [ 3517.435302] ? ext4_find_extent+0x709/0x960 [ 3517.439651] ext4_find_extent+0x709/0x960 [ 3517.443830] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 3517.449310] ext4_ext_map_blocks+0x1a3/0x4fa0 [ 3517.453839] ? save_trace+0x290/0x290 [ 3517.457718] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 3517.463038] ? __lock_is_held+0xb6/0x140 [ 3517.467142] ? lock_acquire+0x16f/0x430 [ 3517.471153] ? ext4_map_blocks+0x402/0x17c0 [ 3517.475542] ext4_map_blocks+0xd3c/0x17c0 [ 3517.479709] ? __lock_is_held+0xb6/0x140 [ 3517.483846] ? check_preemption_disabled+0x3c/0x250 [ 3517.488887] ? ext4_issue_zeroout+0x160/0x160 [ 3517.493391] ? __brelse+0x50/0x60 [ 3517.497024] ext4_getblk+0xac/0x450 [ 3517.500673] ? ext4_iomap_begin+0x8a0/0x8a0 [ 3517.505011] ? ext4_free_inode+0x1210/0x1210 [ 3517.509430] ext4_bread+0x6e/0x1a0 [ 3517.512981] ? ext4_getblk+0x450/0x450 [ 3517.516886] ext4_append+0x14b/0x360 [ 3517.520630] ext4_mkdir+0x531/0xc20 [ 3517.524266] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 3517.528931] ? security_inode_mkdir+0xd0/0x110 [ 3517.533568] vfs_mkdir+0x3ca/0x610 [ 3517.537100] SyS_mkdir+0x1b7/0x200 [ 3517.540637] ? SyS_mkdirat+0x210/0x210 [ 3517.544562] ? do_syscall_64+0x53/0x640 [ 3517.548538] ? SyS_mkdirat+0x210/0x210 [ 3517.552581] do_syscall_64+0x1e8/0x640 [ 3517.556496] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3517.561371] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3517.566582] RIP: 0033:0x459a57 [ 3517.569784] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 3517.577519] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a57 [ 3517.584813] RDX: 0000000000000007 RSI: 00000000000001ff RDI: 0000000020000100 [ 3517.592239] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3517.599716] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3517.607030] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:35 executing program 5 (fault-call:3 fault-nth:43): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3517.778423] FAULT_INJECTION: forcing a failure. [ 3517.778423] name failslab, interval 1, probability 0, space 0, times 0 [ 3517.790044] CPU: 1 PID: 26734 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3517.797856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3517.807523] Call Trace: [ 3517.810142] dump_stack+0x142/0x197 [ 3517.813792] should_fail.cold+0x10f/0x159 [ 3517.818221] should_failslab+0xdb/0x130 [ 3517.822383] __kmalloc+0x71/0x7a0 [ 3517.825956] ? mls_compute_context_len+0x3f6/0x5e0 [ 3517.830907] ? context_struct_to_string+0x33a/0x630 [ 3517.835946] context_struct_to_string+0x33a/0x630 [ 3517.841020] ? security_load_policycaps+0x320/0x320 [ 3517.846037] security_sid_to_context_core+0x18a/0x200 [ 3517.851237] security_sid_to_context_force+0x2b/0x40 [ 3517.856364] selinux_inode_init_security+0x493/0x700 [ 3517.861792] ? selinux_inode_create+0x30/0x30 [ 3517.866300] ? kfree+0x20a/0x270 [ 3517.869673] security_inode_init_security+0x18d/0x360 [ 3517.874865] ? ext4_init_acl+0x1f0/0x1f0 [ 3517.878944] ? security_kernel_post_read_file+0xd0/0xd0 [ 3517.884331] ? posix_acl_create+0xf5/0x3a0 [ 3517.888579] ? ext4_set_acl+0x400/0x400 [ 3517.892555] ? lock_downgrade+0x740/0x740 [ 3517.896809] ext4_init_security+0x34/0x40 [ 3517.900961] __ext4_new_inode+0x3385/0x4860 [ 3517.905379] ? ext4_free_inode+0x1210/0x1210 [ 3517.909784] ? dquot_get_next_dqblk+0x160/0x160 [ 3517.914601] ext4_mkdir+0x331/0xc20 [ 3517.918237] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 3517.922907] ? security_inode_mkdir+0xd0/0x110 [ 3517.927483] vfs_mkdir+0x3ca/0x610 [ 3517.931009] SyS_mkdir+0x1b7/0x200 [ 3517.934546] ? SyS_mkdirat+0x210/0x210 [ 3517.938430] ? do_syscall_64+0x53/0x640 [ 3517.942400] ? SyS_mkdirat+0x210/0x210 [ 3517.946385] do_syscall_64+0x1e8/0x640 [ 3517.950267] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3517.955166] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3517.960348] RIP: 0033:0x459a57 [ 3517.963531] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 3517.971357] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a57 17:53:35 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_bp={0x0}, 0x0, 0x0, 0x10000000, 0x0, 0x80000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_NEW_SERVICE(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000580)='TIPCv2\x00') syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@text16={0x10, &(0x7f00000000c0)="0f20d86635200000000f22d826d33566b91109000066b80060000066ba000000000f306766c74424000d0000006766c7442402f60000006766c744240600000000670f0114246766c74424003f8c00006766c7442402e4d400006766c744240600000000670f011424660f38827500b8dd000f00d80f21f30f01c3ddc3", 0x7d}], 0x0, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_TSS_ADDR(r1, 0xae47, 0xd000) write(0xffffffffffffffff, &(0x7f0000001d00), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) creat(0x0, 0x0) open(&(0x7f0000000080)='./bus\x00', 0x0, 0x208) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, 0x0, 0x0) r4 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x40000, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[]}, 0x1, 0x0, 0x0, 0x4}, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) fchdir(0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, 0x0) setregid(0x0, r5) [ 3517.978723] RDX: 0000000000000007 RSI: 00000000000001ff RDI: 0000000020000100 [ 3517.986006] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3517.993274] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3518.000689] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:35 executing program 5 (fault-call:3 fault-nth:44): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:36 executing program 2: r0 = socket(0x2, 0x3, 0x82) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x80000, &(0x7f00000036c0)={[{@dir_umask={'dir_umask'}}, {@codepage={'codepage', 0x3d, 'cp869'}}, {@codepage={'codepage', 0x3d, 'macgaelic'}}]}) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r2, 0x89e1, 0x0) ioctl$VIDIOC_G_DV_TIMINGS(r2, 0xc0845658, &(0x7f0000000000)={0x0, @bt={0x8, 0xffffb765, 0x0, 0x7, 0x100000001, 0x8, 0xfffffeff, 0x3f, 0xcc, 0x2419, 0x10001, 0x20, 0x9, 0x1, 0x2, 0x14}}) [ 3518.223871] FAULT_INJECTION: forcing a failure. [ 3518.223871] name failslab, interval 1, probability 0, space 0, times 0 [ 3518.235483] CPU: 0 PID: 26747 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3518.242547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3518.251940] Call Trace: [ 3518.254550] dump_stack+0x142/0x197 [ 3518.258206] should_fail.cold+0x10f/0x159 [ 3518.262374] ? __es_tree_search.isra.0+0x15f/0x1c0 [ 3518.267362] should_failslab+0xdb/0x130 17:53:36 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x401, 0x200) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f0000000280)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="6653070000003639eb0407bdd12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e234321fe4ba80a0bbe77c839f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff134fcd8a03f77d4eda2bb196da00ac18d4d60a7b66723d939aed801afaac9ca634e5dba70f7ee16a60c741b66316ce3c6f47836def208f36fa118385b62cff38bf65e3999844e529a4cce0211ddb6188057066f4a62e881f019339eea317bec16daafcd264e827912118276b1de77b6b8c22705f30179f12f6b293452d78e0ce82d21fc0a96d1d4c3b84a", 0xfffffffffffffdbb}], 0x10000000000003bf, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r4 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x80800, 0x0) getsockopt$IPT_SO_GET_ENTRIES(r4, 0x0, 0x41, &(0x7f0000000080)=ANY=[@ANYBLOB="6e617400000000000000000000000000000000000000000000000000000000000d000000d0bd8dce326bca205c862f671a"], &(0x7f0000000240)=0x31) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) ioctl$MON_IOCX_GETX(r5, 0x4018920a, &(0x7f0000000500)={&(0x7f00000003c0), &(0x7f0000000400)=""/80, 0x50}) ptrace$cont(0x9, r0, 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DAEMON(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000480)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="31000000000000000000090000003c0003000800030000000000140002006c6f000000000000000000000000000014000400ff0200000000000000000000000000010800010001000000"], 0x50}}, 0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0xa2000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x40, r7, 0x100, 0x70bd25, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x43f92d3d}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xffff}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x24044}, 0x40000) 17:53:36 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) [ 3518.271448] kmem_cache_alloc+0x47/0x780 [ 3518.275551] __es_insert_extent+0x26c/0xe60 [ 3518.279897] ext4_es_insert_extent+0x1f0/0x590 [ 3518.284508] ? check_preemption_disabled+0x3c/0x250 [ 3518.289561] ? ext4_es_find_delayed_extent_range+0x960/0x960 [ 3518.295637] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 3518.301125] ? ext4_es_find_delayed_extent_range+0x31d/0x960 [ 3518.306962] ext4_ext_put_gap_in_cache+0xcb/0x110 [ 3518.311940] ? ext4_zeroout_es+0x170/0x170 [ 3518.316203] ? ext4_find_extent+0x64c/0x960 [ 3518.320603] ext4_ext_map_blocks+0x1d4b/0x4fa0 [ 3518.325217] ? save_trace+0x290/0x290 [ 3518.329088] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 3518.334245] ? __lock_is_held+0xb6/0x140 [ 3518.338379] ? lock_acquire+0x16f/0x430 [ 3518.342390] ? ext4_map_blocks+0x402/0x17c0 [ 3518.346745] ext4_map_blocks+0xd3c/0x17c0 [ 3518.350927] ? __lock_is_held+0xb6/0x140 [ 3518.355006] ? check_preemption_disabled+0x3c/0x250 [ 3518.360055] ? ext4_issue_zeroout+0x160/0x160 [ 3518.364576] ? __brelse+0x50/0x60 [ 3518.368062] ext4_getblk+0xac/0x450 [ 3518.371723] ? ext4_iomap_begin+0x8a0/0x8a0 [ 3518.376071] ? ext4_free_inode+0x1210/0x1210 [ 3518.380515] ext4_bread+0x6e/0x1a0 [ 3518.384070] ? ext4_getblk+0x450/0x450 [ 3518.387974] ext4_append+0x14b/0x360 [ 3518.391745] ext4_mkdir+0x531/0xc20 [ 3518.395393] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 3518.400091] ? security_inode_mkdir+0xd0/0x110 [ 3518.404700] vfs_mkdir+0x3ca/0x610 [ 3518.408263] SyS_mkdir+0x1b7/0x200 [ 3518.411839] ? SyS_mkdirat+0x210/0x210 [ 3518.415965] ? do_syscall_64+0x53/0x640 [ 3518.419970] ? SyS_mkdirat+0x210/0x210 [ 3518.423887] do_syscall_64+0x1e8/0x640 [ 3518.427794] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3518.432668] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3518.437875] RIP: 0033:0x459a57 [ 3518.441078] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 3518.448808] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a57 [ 3518.456095] RDX: 0000000000000007 RSI: 00000000000001ff RDI: 0000000020000100 [ 3518.463381] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 17:53:36 executing program 2: sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="44000000100201050000000000e3fce47ca91d97b168a9c161725800000000000012", @ANYRES32=0x0, @ANYBLOB="0000000000000000240012000c000100626f6e64000000001400020008000500020000000800010004000000"], 0x3}}, 0x0) socket$netlink(0x10, 0x3, 0x15) r2 = socket(0x10, 0x800000000080002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140), 0x52b, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000080)={r1, &(0x7f0000000040), &(0x7f0000000200)=""/4096, 0x4}, 0x20) [ 3518.470684] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3518.477960] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 3518.496796] IPVS: sync thread started: state = MASTER, mcast_ifn = lo, syncid = 0, id = 0 17:53:36 executing program 5 (fault-call:3 fault-nth:45): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:36 executing program 2: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ppp\x00', 0x80000101005, 0x0) r1 = dup2(r0, r0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000000000)=""/246) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r2, 0x89e1, 0x0) ioctl$PPPIOCSMAXCID(r2, 0x40047451, &(0x7f0000000140)) pwritev(r2, &(0x7f0000000300)=[{&(0x7f0000000380)="fe17597d67ad44aa833b4647673745c1b2aa34232c0d16608bbfd4ad85c53a43a2100ddb1027a27cc4fd720395d8566dbb06ce53b525bbc8d219750fa131fd19cc7529fd9195d5", 0x15c}, {&(0x7f00000002c0)="0bf7ebb1d50ee756386a9563ef4d407db02f696e854f96586e947ab1", 0x1c}], 0x2, 0x4000005) getrusage(0x1, &(0x7f0000000400)) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r3, 0x89e1, 0x0) setsockopt$TIPC_CONN_TIMEOUT(r3, 0x10f, 0x82, &(0x7f00000001c0)=0x7, 0x4) mount(&(0x7f0000000100)=@nullb='/dev/nullb0\x00', &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='exofs\x00', 0x12, &(0x7f0000000280)='/dev/btrfs-control\x00') [ 3518.653843] FAULT_INJECTION: forcing a failure. [ 3518.653843] name failslab, interval 1, probability 0, space 0, times 0 [ 3518.684993] CPU: 1 PID: 26770 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3518.692090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3518.701462] Call Trace: [ 3518.704084] dump_stack+0x142/0x197 [ 3518.707738] should_fail.cold+0x10f/0x159 [ 3518.711904] should_failslab+0xdb/0x130 [ 3518.715889] kmem_cache_alloc+0x2d7/0x780 [ 3518.720047] ? rcu_read_lock_sched_held+0x110/0x130 [ 3518.725077] ? __mark_inode_dirty+0x2b7/0x1040 [ 3518.729687] ext4_mb_new_blocks+0x509/0x3990 [ 3518.734196] ? ext4_find_extent+0x709/0x960 [ 3518.738557] ext4_ext_map_blocks+0x26cd/0x4fa0 [ 3518.743171] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 3518.748208] ? __lock_is_held+0xb6/0x140 [ 3518.752298] ? lock_acquire+0x16f/0x430 [ 3518.756297] ext4_map_blocks+0x881/0x17c0 [ 3518.760473] ? ext4_issue_zeroout+0x160/0x160 [ 3518.764998] ? __brelse+0x50/0x60 [ 3518.768468] ext4_getblk+0xac/0x450 [ 3518.772430] ? ext4_iomap_begin+0x8a0/0x8a0 [ 3518.776782] ? ext4_free_inode+0x1210/0x1210 [ 3518.781222] ext4_bread+0x6e/0x1a0 [ 3518.784777] ? ext4_getblk+0x450/0x450 [ 3518.788679] ext4_append+0x14b/0x360 [ 3518.792408] ext4_mkdir+0x531/0xc20 [ 3518.796049] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 3518.800730] ? security_inode_mkdir+0xd0/0x110 [ 3518.805323] vfs_mkdir+0x3ca/0x610 [ 3518.808887] SyS_mkdir+0x1b7/0x200 [ 3518.812436] ? SyS_mkdirat+0x210/0x210 [ 3518.816331] ? do_syscall_64+0x53/0x640 [ 3518.820321] ? SyS_mkdirat+0x210/0x210 [ 3518.824225] do_syscall_64+0x1e8/0x640 [ 3518.828122] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3518.832981] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3518.838173] RIP: 0033:0x459a57 [ 3518.841361] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 17:53:36 executing program 2: add_key$user(0x0, &(0x7f0000000540)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r0 = getpid() sendmsg$alg(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x80) sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PIO_UNISCRNMAP(r2, 0x4b6a, &(0x7f0000000180)="a0cd29abc21799be844408e70a08b51316aff1e5b35d779a80a05b91cee8fe34fee46f3ae0f0ce59b397fae34660c8a2650a1920c32b608aa824712e5f985d68d2fb905c2b9486ef") r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x40000}, 0x0) r6 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x200000000d8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$EVIOCGID(r6, 0x80084502, &(0x7f0000000040)=""/28) r7 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x3, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r7, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) r8 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r8, 0x89e1, 0x0) ioctl$PPPIOCNEWUNIT(r8, 0xc004743e, &(0x7f00000002c0)=0x2) ioctl$sock_inet6_SIOCADDRT(r7, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000400)=ANY=[], 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) [ 3518.849091] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a57 [ 3518.856375] RDX: 0000000000000007 RSI: 00000000000001ff RDI: 0000000020000100 [ 3518.863665] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3518.870965] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3518.878286] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:36 executing program 5 (fault-call:3 fault-nth:46): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3519.050925] FAULT_INJECTION: forcing a failure. [ 3519.050925] name failslab, interval 1, probability 0, space 0, times 0 [ 3519.062281] CPU: 1 PID: 26788 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3519.069303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3519.078656] Call Trace: [ 3519.081241] dump_stack+0x142/0x197 [ 3519.085043] should_fail.cold+0x10f/0x159 [ 3519.089177] ? __es_tree_search.isra.0+0x15f/0x1c0 [ 3519.094092] should_failslab+0xdb/0x130 [ 3519.098060] kmem_cache_alloc+0x47/0x780 [ 3519.102106] ? ext4_es_can_be_merged+0x16e/0x230 [ 3519.106890] __es_insert_extent+0x26c/0xe60 [ 3519.111207] ext4_es_insert_extent+0x1f0/0x590 [ 3519.115769] ? ext4_es_find_delayed_extent_range+0x960/0x960 [ 3519.121570] ext4_map_blocks+0xab1/0x17c0 [ 3519.125734] ? ext4_issue_zeroout+0x160/0x160 [ 3519.130231] ? __brelse+0x50/0x60 [ 3519.133685] ext4_getblk+0xac/0x450 [ 3519.137405] ? ext4_iomap_begin+0x8a0/0x8a0 [ 3519.141732] ? ext4_free_inode+0x1210/0x1210 [ 3519.146141] ext4_bread+0x6e/0x1a0 [ 3519.149677] ? ext4_getblk+0x450/0x450 [ 3519.153571] ext4_append+0x14b/0x360 [ 3519.157283] ext4_mkdir+0x531/0xc20 [ 3519.160916] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 3519.165588] ? security_inode_mkdir+0xd0/0x110 [ 3519.170178] vfs_mkdir+0x3ca/0x610 [ 3519.173721] SyS_mkdir+0x1b7/0x200 [ 3519.177262] ? SyS_mkdirat+0x210/0x210 [ 3519.181150] ? do_syscall_64+0x53/0x640 [ 3519.185121] ? SyS_mkdirat+0x210/0x210 [ 3519.189011] do_syscall_64+0x1e8/0x640 [ 3519.192893] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3519.197746] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3519.202929] RIP: 0033:0x459a57 [ 3519.206113] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 3519.213821] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a57 [ 3519.221086] RDX: 0000000000000007 RSI: 00000000000001ff RDI: 0000000020000100 [ 3519.228383] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3519.228392] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3519.242901] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:38 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ioctl$DRM_IOCTL_MARK_BUFS(0xffffffffffffffff, 0x40206417, &(0x7f0000000000)={0x4, 0xffffc69c, 0x6, 0xc8, 0xc, 0xfff}) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080)={0x0}, &(0x7f00000001c0)=0xc) ptrace$setregs(0xf, r2, 0x80, &(0x7f0000000100)="349edd11184b00182ae3d9fe63b4e0b89bb281f7b87b3b07f72f711ba4794cdad66db14c5981e982fd8cb096a63d88f6354fe60000000000b14d1b5153e2662f9101959b843331f2e3f0c859ae2777eb79a1983d03ffad8602a52b0b656c54bf65939ac4db0ac102e1a35a8191ae03dcb5970bceac660fb0839855970dd8f6fdfc294b8984bf4f942d2f42c92281b5cab5e1fcb77d3012d7137996cf100dbfe9bf996355cc61a06daabeda42de6a64faa52ccc000000000000") ptrace$cont(0x9, r0, 0x0, 0x0) 17:53:38 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r2, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r4 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) r6 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r6) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r7, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r8}, &(0x7f00000002c0)=0x20) 17:53:38 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = fcntl$getown(0xffffffffffffffff, 0x9) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x200000000d8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffd}, 0x0, 0x4, 0x4, 0x0, 0x10000000000000}, r3, 0x0, 0xffffffffffffffff, 0x1) sched_setattr(r3, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3, 0x6, 0x0, 0xfffffffffffffe00}, 0x0) migrate_pages(r3, 0x6, &(0x7f0000000080)=0x40, &(0x7f0000000180)=0x7fffffff) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000100)) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_vs_stats_percpu\x00') sendfile(r4, r4, 0x0, 0x3f) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r6, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r7, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) r8 = syz_open_dev$adsp(&(0x7f00000000c0)='/dev/adsp#\x00', 0xffffffff80000000, 0x40601) r9 = accept$netrom(0xffffffffffffffff, &(0x7f00000001c0)={{0x3, @null}, [@bcast, @rose, @null, @netrom, @remote, @bcast, @null]}, &(0x7f0000000140)=0x48) poll(&(0x7f0000000240)=[{r6}, {r8, 0x81}, {r0, 0x8000}, {r2, 0x8000}, {r2, 0x80}, {r9, 0x1}], 0x6, 0x7f) ioctl$UI_SET_PROPBIT(0xffffffffffffffff, 0x4004556e, 0x0) syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0xfffffffffffffffb, 0x0) ioctl$PERF_EVENT_IOC_REFRESH(r5, 0x2402, 0xf17) unshare(0x40040400) ioctl$SNDRV_TIMER_IOCTL_GINFO(0xffffffffffffffff, 0xc0f85403, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xc) vmsplice(0xffffffffffffffff, &(0x7f0000000300), 0x0, 0xc) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x0, 0x0) socket$inet6_sctp(0xa, 0x10000000005, 0x84) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x40d09) syz_genetlink_get_family_id$SEG6(&(0x7f0000000280)='SEG6\x00') rt_tgsigqueueinfo(0x0, 0x0, 0x16, &(0x7f0000000000)) 17:53:38 executing program 5 (fault-call:3 fault-nth:47): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:38 executing program 0: r0 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x3, 0x2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000200)=0x0) getresuid(&(0x7f0000000240)=0x0, &(0x7f0000000280), &(0x7f00000002c0)=0x0) fstat(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = getpid() getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000380)={{{@in6=@remote, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6}}, &(0x7f0000000480)=0xe8) getresgid(&(0x7f00000004c0)=0x0, &(0x7f0000000500), &(0x7f0000000540)=0x0) sendmmsg$unix(r0, &(0x7f00000005c0)=[{&(0x7f0000000040)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f00000001c0)=[{&(0x7f00000000c0)="ee5e1ab3f14b632fafb9af6b2c877e251e77cd05dd35253cd7fbae26701d77458424adecbfe077b0e5618443ce9807fe531844515e9da1cce1ac1158aeda0890169e78592c28e5f864b0a5877ed3b789988d5b058b8d4ebfbaeb97e08a00b22f7cef70a320c383677bc3f2543d", 0x6d}, {&(0x7f0000000140)="ae84a64ba4cca02f952e9ae3912b98dbb43ee91a6541a76a9e07d34372ddaee444bbfd24b1edb7fde5960a63898e83b887e6fb582291dfe639b028e6dc7b3a6b9a70d6114752d142a76fafb269a60b45e7c7b53024ea190ea69fadada469db83", 0x60}], 0x2, &(0x7f0000000580)=[@cred={{0x1c, 0x1, 0x2, {r1, r2, r4}}}, @cred={{0x1c, 0x1, 0x2, {r5, r6, r8}}}], 0x40, 0x800}], 0x1, 0x6040000) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000006c0)={{{@in6=@loopback, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in6}}, &(0x7f00000007c0)=0xe8) syz_mount_image$iso9660(&(0x7f0000000600)='iso9660\x00', &(0x7f0000000640)='./file0\x00', 0x4, 0x0, &(0x7f0000000680), 0x200000, &(0x7f0000000800)={[{@nojoliet='nojoliet'}, {@unhide='unhide'}, {@block={'block', 0x3d, 0x200}}, {@map_off='map=off'}, {@map_acorn='map=acorn'}, {@map_acorn='map=acorn'}], [{@smackfsdef={'smackfsdef'}}, {@euid_gt={'euid>', r3}}, {@pcr={'pcr', 0x3d, 0x2b}}, {@fsname={'fsname', 0x3d, 'cgroup~posix_acl_access'}}, {@fowner_gt={'fowner>', r9}}]}) r10 = socket$inet6(0xa, 0x1, 0x9) getsockopt$sock_int(r10, 0x1, 0x3c, &(0x7f0000000980), &(0x7f00000009c0)=0x4) ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000a00)) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/cachefiles\x00', 0x388f3066de8f04cb, 0x0) r11 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000b40)='/dev/vga_arbiter\x00', 0x10004, 0x0) ioctl$PPPIOCSCOMPRESS(r11, 0x4010744d) r12 = semget$private(0x0, 0x3, 0x5) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000b80)={{{@in=@local, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @initdev}}, 0x0, @in=@dev}}, &(0x7f0000000c80)=0xe8) semctl$IPC_SET(r12, 0x0, 0x1, &(0x7f0000000cc0)={{0x9d, r13, r4, r6, r7, 0x100, 0x8}, 0x40, 0x2, 0x9}) r14 = geteuid() mount$9p_rdma(&(0x7f0000000d40)='127.0.0.1\x00', &(0x7f0000000d80)='./file0\x00', &(0x7f0000000dc0)='9p\x00', 0x64274584673632a5, &(0x7f0000000e00)={'trans=rdma,', {'port', 0x3d, 0x4e22}, 0x2c, {[{@sq={'sq', 0x3d, 0x6}}, {@rq={'rq', 0x3d, 0x2}}, {@timeout={'timeout', 0x3d, 0x9}}, {@sq={'sq', 0x3d, 0x3}}], [{@subj_type={'subj_type', 0x3d, 'eth0'}}, {@fsuuid={'fsuuid', 0x3d, {[0x53, 0x61, 0x35, 0x30, 0x46cf4e3459c65e12, 0x32, 0x3, 0x31], 0x2d, [0x33, 0x32, 0x61], 0x2d, [0x64, 0x64, 0x38, 0x75afb837a6bda43d], 0x2d, [0x57, 0x66, 0x64, 0xf3e0dff7c01ded6a], 0x2d, [0x34, 0x66, 0x33, 0x0, 0x65, 0x7e965a1f5bf1c30c, 0x66, 0x3c]}}}, {@fowner_eq={'fowner', 0x3d, r14}}]}}) r15 = socket$vsock_stream(0x28, 0x1, 0x0) write$binfmt_elf64(r15, &(0x7f0000000f00)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x8, 0x4c, 0x0, 0x3ff, 0x3, 0x3, 0x7, 0x64, 0x40, 0x1d8, 0x6, 0x5ead, 0x38, 0x1, 0x5, 0x7f, 0x5}, [{0x6474e551, 0x20, 0x37ac89a4, 0x23, 0x7, 0xfffffffffffffffa, 0x6, 0x400}, {0x5, 0x6, 0xfffffffffffffffc, 0x1, 0xc0, 0x2d, 0x2, 0x3ff3db15}], "88aa2aca1e5420b4a831a3fa940832ac8995f311fb4b3c08b9801a32a48a2337f0880dde5e97762b51a987e8277ca8a76f70a882cbf54c7ed2022a057484eaa34a0e32a0c5d8171f2ca9a43a6a54515304c0c0aa41fa86d357476be6a31425555dffb48ab51a051a6abad4cd128f2d9489", [[], [], [], [], [], []]}, 0x721) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001640)) accept$inet6(r10, &(0x7f0000001680)={0xa, 0x0, 0x0, @ipv4={[], [], @broadcast}}, &(0x7f00000016c0)=0x1c) r16 = accept$netrom(0xffffffffffffffff, &(0x7f0000001700)={{0x3, @null}, [@remote, @bcast, @null, @rose, @rose, @default, @bcast, @netrom]}, &(0x7f0000001780)=0x48) getsockopt$netrom_NETROM_T2(r16, 0x103, 0x2, &(0x7f00000017c0)=0xda, &(0x7f0000001800)=0x4) socket$inet_udplite(0x2, 0x2, 0x88) openat$autofs(0xffffffffffffff9c, &(0x7f0000001840)='/dev/autofs\x00', 0x100000, 0x0) r17 = mq_open(&(0x7f0000001880)='#em1vboxnet0!\x00', 0x40, 0x41, &(0x7f00000018c0)={0x95b, 0x3ff, 0x100000001, 0x4, 0x7, 0x10001, 0x7, 0x7}) fcntl$getown(r17, 0x9) [ 3520.483140] FAULT_INJECTION: forcing a failure. [ 3520.483140] name failslab, interval 1, probability 0, space 0, times 0 [ 3520.498942] CPU: 1 PID: 26801 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3520.505985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3520.515432] Call Trace: [ 3520.518028] dump_stack+0x142/0x197 [ 3520.521663] should_fail.cold+0x10f/0x159 [ 3520.525859] should_failslab+0xdb/0x130 [ 3520.529840] kmem_cache_alloc+0x2d7/0x780 [ 3520.534628] ? rcu_read_lock_sched_held+0x110/0x130 [ 3520.539648] ? __mark_inode_dirty+0x2b7/0x1040 [ 3520.544243] ext4_mb_new_blocks+0x509/0x3990 [ 3520.548668] ? ext4_find_extent+0x709/0x960 [ 3520.553002] ext4_ext_map_blocks+0x26cd/0x4fa0 [ 3520.557599] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 3520.562617] ? __lock_is_held+0xb6/0x140 [ 3520.566689] ? lock_acquire+0x16f/0x430 [ 3520.566708] ext4_map_blocks+0x881/0x17c0 [ 3520.574811] ? ext4_issue_zeroout+0x160/0x160 [ 3520.574824] ? __brelse+0x50/0x60 [ 3520.582748] ext4_getblk+0xac/0x450 [ 3520.582759] ? ext4_iomap_begin+0x8a0/0x8a0 [ 3520.582768] ? ext4_free_inode+0x1210/0x1210 [ 3520.582783] ext4_bread+0x6e/0x1a0 [ 3520.598684] ? ext4_getblk+0x450/0x450 [ 3520.598701] ext4_append+0x14b/0x360 [ 3520.598714] ext4_mkdir+0x531/0xc20 [ 3520.598729] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 3520.606299] ? security_inode_mkdir+0xd0/0x110 [ 3520.606312] vfs_mkdir+0x3ca/0x610 [ 3520.606325] SyS_mkdir+0x1b7/0x200 [ 3520.606335] ? SyS_mkdirat+0x210/0x210 [ 3520.606346] ? do_syscall_64+0x53/0x640 [ 3520.634090] ? SyS_mkdirat+0x210/0x210 [ 3520.637992] do_syscall_64+0x1e8/0x640 [ 3520.641860] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3520.646742] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3520.651917] RIP: 0033:0x459a57 [ 3520.655095] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 3520.662794] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a57 [ 3520.670048] RDX: 0000000000000007 RSI: 00000000000001ff RDI: 0000000020000100 [ 3520.677299] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3520.684558] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3520.691817] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 3520.772463] IPVS: ftp: loaded support on port[0] = 21 [ 3521.189639] IPVS: ftp: loaded support on port[0] = 21 17:53:39 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x800, 0x0) ioctl$VIDIOC_S_INPUT(r1, 0xc0045627, &(0x7f0000000100)=0x8) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) r5 = getpid() sched_setattr(r5, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) ptrace$setopts(0x4206, r5, 0x4c3, 0x20) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000140)='/dev/hwrng\x00', 0x1, 0x0) setsockopt$l2tp_PPPOL2TP_SO_DEBUG(r6, 0x111, 0x1, 0x6, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:53:39 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00004f9fe4), 0x3c) mremap(&(0x7f000052e000/0x2000)=nil, 0x2000, 0x1000, 0x0, &(0x7f0000387000/0x1000)=nil) r0 = syz_open_procfs(0x0, &(0x7f00000016c0)='smaps_rollup\x00') readv(r0, &(0x7f0000001700)=[{&(0x7f0000001500)=""/179, 0xb3}], 0x1) lsetxattr$security_selinux(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.selinux\x00', &(0x7f0000000080)='system_u:object_r:checkpolicy_exec_t:s0\x00', 0x28, 0x0) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r1, 0x89e1, 0x0) write$P9_RFLUSH(r1, &(0x7f00000000c0)={0x7, 0x6d, 0x1}, 0x7) 17:53:39 executing program 5 (fault-call:3 fault-nth:48): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:39 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r2, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r4 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) r6 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r6) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r7, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r8}, &(0x7f00000002c0)=0x20) [ 3521.374868] FAULT_INJECTION: forcing a failure. [ 3521.374868] name failslab, interval 1, probability 0, space 0, times 0 [ 3521.397400] CPU: 0 PID: 26835 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3521.404457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3521.413817] Call Trace: [ 3521.416406] dump_stack+0x142/0x197 [ 3521.416423] should_fail.cold+0x10f/0x159 [ 3521.416438] should_failslab+0xdb/0x130 [ 3521.428164] __kmalloc+0x2f0/0x7a0 [ 3521.431707] ? ext4_find_extent+0x709/0x960 [ 3521.436033] ext4_find_extent+0x709/0x960 [ 3521.440179] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 3521.440191] ext4_ext_map_blocks+0x1a3/0x4fa0 [ 3521.440203] ? save_trace+0x290/0x290 [ 3521.440219] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 3521.440227] ? __lock_is_held+0xb6/0x140 [ 3521.440243] ? lock_acquire+0x16f/0x430 [ 3521.440253] ? ext4_map_blocks+0x402/0x17c0 [ 3521.440269] ext4_map_blocks+0xd3c/0x17c0 [ 3521.440279] ? __lock_is_held+0xb6/0x140 [ 3521.440288] ? check_preemption_disabled+0x3c/0x250 [ 3521.440301] ? ext4_issue_zeroout+0x160/0x160 [ 3521.440315] ? __brelse+0x50/0x60 [ 3521.450233] ext4_getblk+0xac/0x450 [ 3521.450246] ? ext4_iomap_begin+0x8a0/0x8a0 [ 3521.450257] ? ext4_free_inode+0x1210/0x1210 [ 3521.450269] ext4_bread+0x6e/0x1a0 [ 3521.450279] ? ext4_getblk+0x450/0x450 [ 3521.450292] ext4_append+0x14b/0x360 [ 3521.450305] ext4_mkdir+0x531/0xc20 [ 3521.450320] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 3521.463155] ? security_inode_mkdir+0xd0/0x110 [ 3521.463168] vfs_mkdir+0x3ca/0x610 [ 3521.471432] SyS_mkdir+0x1b7/0x200 [ 3521.471442] ? SyS_mkdirat+0x210/0x210 [ 3521.471451] ? do_syscall_64+0x53/0x640 [ 3521.471461] ? SyS_mkdirat+0x210/0x210 [ 3521.471477] do_syscall_64+0x1e8/0x640 [ 3521.479643] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3521.479659] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3521.479667] RIP: 0033:0x459a57 [ 3521.479673] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 17:53:39 executing program 0: clock_gettime(0x0, &(0x7f00000000c0)) r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r0, 0x89e1, 0x0) timerfd_settime(r0, 0x0, &(0x7f00000001c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) preadv(0xffffffffffffffff, 0x0, 0x1d, 0x0) socket$netlink(0x10, 0x3, 0x0) symlink(&(0x7f0000000040)='./file1\x00', &(0x7f0000000000)='.//ile0\x00') r1 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x1, 0x0) fcntl$setlease(r1, 0x400, 0x0) syz_open_dev$amidi(0x0, 0x0, 0x101002) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) pipe(0x0) ioctl$VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0d05640, &(0x7f0000000480)={0x0, @vbi={0x3, 0x0, 0x101, 0x0, [0x0, 0x4000], [0xfffff800, 0x3]}}) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="75707065726469723d2eb266696c65302c6c6f7765726469723d2e3a66696c65302c776f726b6469723d2e2f66696c6531"]) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000280)='/dev/null\x00', 0x10000, 0x0) ioctl$PERF_EVENT_IOC_REFRESH(r2, 0x2402, 0x4e7) r3 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) ftruncate(0xffffffffffffffff, 0x2081fc) socket(0x10, 0x0, 0x0) renameat(r3, &(0x7f0000000180)='.//ile0\x00', r3, &(0x7f00000007c0)='./file0/f.le.\x00') [ 3521.479682] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a57 [ 3521.479690] RDX: 0000000000000007 RSI: 00000000000001ff RDI: 0000000020000100 [ 3521.489167] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3521.489173] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3521.489178] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:39 executing program 5 (fault-call:3 fault-nth:49): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3521.748285] overlayfs: failed to resolve '.²file0': -2 [ 3521.773595] overlayfs: failed to resolve '.²file0': -2 [ 3521.790846] FAULT_INJECTION: forcing a failure. [ 3521.790846] name failslab, interval 1, probability 0, space 0, times 0 [ 3521.802194] CPU: 1 PID: 26859 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3521.809211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3521.818566] Call Trace: [ 3521.821155] dump_stack+0x142/0x197 [ 3521.824780] should_fail.cold+0x10f/0x159 [ 3521.824792] ? __es_tree_search.isra.0+0x15f/0x1c0 [ 3521.824808] should_failslab+0xdb/0x130 [ 3521.833862] kmem_cache_alloc+0x47/0x780 [ 3521.833876] ? ext4_es_can_be_merged+0x16e/0x230 [ 3521.833892] __es_insert_extent+0x26c/0xe60 [ 3521.850963] ext4_es_insert_extent+0x1f0/0x590 [ 3521.850977] ? ext4_es_find_delayed_extent_range+0x960/0x960 [ 3521.850997] ext4_map_blocks+0xab1/0x17c0 [ 3521.861354] ? ext4_issue_zeroout+0x160/0x160 [ 3521.861366] ? __brelse+0x50/0x60 [ 3521.861382] ext4_getblk+0xac/0x450 [ 3521.861394] ? ext4_iomap_begin+0x8a0/0x8a0 [ 3521.861404] ? ext4_free_inode+0x1210/0x1210 [ 3521.861417] ext4_bread+0x6e/0x1a0 [ 3521.861429] ? ext4_getblk+0x450/0x450 [ 3521.870058] ext4_append+0x14b/0x360 [ 3521.870071] ext4_mkdir+0x531/0xc20 [ 3521.870088] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 3521.870102] ? security_inode_mkdir+0xd0/0x110 [ 3521.870124] vfs_mkdir+0x3ca/0x610 [ 3521.877168] SyS_mkdir+0x1b7/0x200 [ 3521.877179] ? SyS_mkdirat+0x210/0x210 [ 3521.877189] ? do_syscall_64+0x53/0x640 [ 3521.877204] ? SyS_mkdirat+0x210/0x210 [ 3521.885901] do_syscall_64+0x1e8/0x640 [ 3521.885912] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3521.885928] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3521.885936] RIP: 0033:0x459a57 17:53:39 executing program 0: fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r1, 0x89e1, 0x0) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r2, 0x89e1, 0x0) bind$alg(r2, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'echainiv(aegis256)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="0a0775db7b2803b4f0a12585675d26b0d5e383e5b3b60ced5c54dbb7295df0df8217ad62005127000000000000e60000", 0x30) r3 = accept$alg(r0, 0x0, 0x0) r4 = dup(r3) r5 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000340)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce003d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308bd73f4772539", 0x2b2, 0xfffffffffffffffe) add_key$user(0x0, &(0x7f00000005c0)={'syz'}, &(0x7f0000000000)="1d", 0x1, 0xfffffffffffffffd) r6 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000340)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce003d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308bd73f4772539", 0x2b2, 0xfffffffffffffffe) r7 = add_key$user(0x0, &(0x7f00000005c0)={'syz'}, &(0x7f0000000000)="1d", 0x1, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r7, r6, r7}, &(0x7f0000000440)=""/243, 0xf3, &(0x7f0000000240)={&(0x7f0000000600)={'rmd320\x00'}}) r8 = add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f0000000480)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) add_key(&(0x7f0000000240)='rxrpc_s\x00', 0x0, &(0x7f00000002c0)="d32c72c61c59ec22", 0x8, r8) r9 = add_key(&(0x7f0000000400)='user\x00', &(0x7f0000000580)={'syz', 0x2}, &(0x7f0000000640)="cae313843964d33d2826b1e40de2df6327a6c8c13976f0f557dbf5b0d4d0cf97c15e790ff1a42f999dd9259cb22ad494ed28598911315131cce6ff6cc76d6c142a6a9c28e75bb5528552e6a293084a92f463cc4590ed28029bb2833e6555ebd67c61203d43ebd91d35820d6d5439660edf0a87c14efe4cc017201ce90a96be", 0x75d, r8) keyctl$dh_compute(0x17, &(0x7f0000000140)={r9, r5, r6}, &(0x7f0000000440)=""/243, 0xf3, &(0x7f00000006c0)={&(0x7f0000000600)={'mcryptd(crct10dif)\x00'}}) keyctl$describe(0x6, r5, &(0x7f00000002c0)=""/130, 0x82) write$UHID_DESTROY(r4, &(0x7f0000000080), 0xfff2) recvmmsg(r4, &(0x7f0000001280)=[{{&(0x7f0000000700)=@isdn, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000001380)=""/183}, {&(0x7f0000001300)=""/78}, {&(0x7f00000008c0)=""/153}, {&(0x7f0000000980)=""/145}, {&(0x7f0000000a40)=""/231}, {&(0x7f0000000b40)=""/239}, {&(0x7f0000000c40)=""/245}, {&(0x7f0000000d40)=""/67}]}, 0x400}, {{&(0x7f0000000e40)=@ethernet={0x0, @broadcast}, 0x0, &(0x7f0000001180)=[{&(0x7f0000000ec0)=""/238}, {&(0x7f0000000fc0)=""/82}, {&(0x7f0000000540)=""/26}, {&(0x7f0000001040)=""/73}, {&(0x7f00000010c0)=""/93}, {&(0x7f0000001140)=""/43}], 0x0, &(0x7f0000001200)=""/63}, 0x34}], 0x2, 0x0, 0x0) pivot_root(0x0, 0x0) lsetxattr$trusted_overlay_redirect(0x0, &(0x7f00000000c0)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0xfffffffffffffcd2, 0x0, 0x0, 0x0, 0x2, 0x0, 0xd17c}, 0x0) r10 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r10, 0x0, r10) r11 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r11) r12 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r12, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r12, 0x84, 0x1d, &(0x7f00000001c0)=ANY=[@ANYBLOB="81000f00", @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r11, 0x84, 0x72, &(0x7f0000000000)={r13}, 0xc) r14 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r14, 0x89e1, 0x0) ioctl$CAPI_GET_FLAGS(r14, 0x80044323, &(0x7f0000000200)) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r10, 0x84, 0x73, &(0x7f0000000180)={r13, 0x59b, 0x0, 0x0, 0x2}, &(0x7f00000001c0)=0x18) [ 3521.885945] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 [ 3521.893336] ORIG_RAX: 0000000000000053 [ 3521.893343] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a57 [ 3521.893348] RDX: 0000000000000007 RSI: 00000000000001ff RDI: 0000000020000100 [ 3521.893354] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3521.893359] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3521.893364] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 3522.007185] could not allocate digest TFM handle mcryptd(crct10dif) [ 3522.771563] could not allocate digest TFM handle mcryptd(crct10dif) 17:53:41 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x20000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) tkill(r1, 0x34) r2 = socket$tipc(0x1e, 0xd, 0x0) r3 = socket$isdn(0x22, 0x3, 0x26) ioctl$FICLONERANGE(r2, 0x4020940d, &(0x7f0000000000)={r3, 0x0, 0x9, 0x0, 0x3}) 17:53:41 executing program 5 (fault-call:3 fault-nth:50): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:41 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r2, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r4 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) r6 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r6) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r7, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r8}, &(0x7f00000002c0)=0x20) 17:53:41 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = fcntl$getown(0xffffffffffffffff, 0x9) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x200000000d8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffd}, 0x0, 0x4, 0x4, 0x0, 0x10000000000000}, r3, 0x0, 0xffffffffffffffff, 0x1) sched_setattr(r3, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3, 0x6, 0x0, 0xfffffffffffffe00}, 0x0) migrate_pages(r3, 0x6, &(0x7f0000000080)=0x40, &(0x7f0000000180)=0x7fffffff) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000100)) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_vs_stats_percpu\x00') sendfile(r4, r4, 0x0, 0x3f) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r6, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r7, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) r8 = syz_open_dev$adsp(&(0x7f00000000c0)='/dev/adsp#\x00', 0xffffffff80000000, 0x40601) r9 = accept$netrom(0xffffffffffffffff, &(0x7f00000001c0)={{0x3, @null}, [@bcast, @rose, @null, @netrom, @remote, @bcast, @null]}, &(0x7f0000000140)=0x48) poll(&(0x7f0000000240)=[{r6}, {r8, 0x81}, {r0, 0x8000}, {r2, 0x8000}, {r2, 0x80}, {r9, 0x1}], 0x6, 0x7f) ioctl$UI_SET_PROPBIT(0xffffffffffffffff, 0x4004556e, 0x0) syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0xfffffffffffffffb, 0x0) ioctl$PERF_EVENT_IOC_REFRESH(r5, 0x2402, 0xf17) unshare(0x40040400) ioctl$SNDRV_TIMER_IOCTL_GINFO(0xffffffffffffffff, 0xc0f85403, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xc) vmsplice(0xffffffffffffffff, &(0x7f0000000300), 0x0, 0xc) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x0, 0x0) socket$inet6_sctp(0xa, 0x10000000005, 0x84) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x40d09) syz_genetlink_get_family_id$SEG6(&(0x7f0000000280)='SEG6\x00') rt_tgsigqueueinfo(0x0, 0x0, 0x16, &(0x7f0000000000)) 17:53:41 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(r0, &(0x7f0000000300)="0f42cdf2343650ff73d859e4136016f675b5aad7b39fa82a101371060bda482d9e10c6b5b80db7d17d33ddff64e1f8b50ae7ef0e04874afb4f0b02b5d385a7a2c5c65b2a68fe2972023f434dc017b0191cc7b70f1cac2adc2f7642c24f73e503a64c09971f623fc92645f7167d0b325998b5107ed4ec000000000000000000", 0x7f) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000180)={0x0, 0x0, @ioapic={0x0, 0x10000, 0x0, 0x0, 0x0, [{}, {}, {0x0, 0x0, 0x0, [], 0x8}, {}, {0x0, 0x2}, {0x5}, {0x3, 0xfc}, {0x0, 0x0, 0x20}, {0x0, 0x0, 0x0, [], 0x81}, {0xfd}, {0x0, 0x0, 0x6}, {}, {}, {0x0, 0x0, 0x0, [], 0x1}, {0x0, 0x0, 0x6}, {0x7}, {}, {}, {0x0, 0x0, 0x0, [], 0xfe}, {0x0, 0x0, 0x1}, {}, {}, {0x0, 0x0, 0x0, [], 0x3}]}}) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) write$P9_RRENAMEAT(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000280)={0x0, 0x0, [0x0, 0x1, 0x1, 0x5]}) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000740)={0x3, 0x0, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000500)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 3523.542781] FAULT_INJECTION: forcing a failure. [ 3523.542781] name failslab, interval 1, probability 0, space 0, times 0 [ 3523.562232] CPU: 1 PID: 26887 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3523.569278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3523.578649] Call Trace: [ 3523.581250] dump_stack+0x142/0x197 [ 3523.581268] should_fail.cold+0x10f/0x159 [ 3523.581280] should_failslab+0xdb/0x130 [ 3523.581290] __kmalloc+0x2f0/0x7a0 [ 3523.589029] ? check_preemption_disabled+0x3c/0x250 [ 3523.589043] ? ext4_find_extent+0x709/0x960 [ 3523.589055] ext4_find_extent+0x709/0x960 [ 3523.610050] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 3523.615489] ext4_ext_map_blocks+0x1a3/0x4fa0 [ 3523.619966] ? save_trace+0x290/0x290 [ 3523.623751] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 3523.628747] ? __lock_is_held+0xb6/0x140 [ 3523.632798] ? lock_acquire+0x16f/0x430 [ 3523.636752] ? ext4_map_blocks+0x829/0x17c0 [ 3523.641076] ext4_map_blocks+0x881/0x17c0 [ 3523.645209] ? ext4_issue_zeroout+0x160/0x160 [ 3523.649687] ? __brelse+0x50/0x60 [ 3523.653124] ext4_getblk+0xac/0x450 [ 3523.656743] ? ext4_iomap_begin+0x8a0/0x8a0 [ 3523.661046] ? ext4_free_inode+0x1210/0x1210 [ 3523.665445] ext4_bread+0x6e/0x1a0 [ 3523.668966] ? ext4_getblk+0x450/0x450 [ 3523.672837] ext4_append+0x14b/0x360 [ 3523.676533] ext4_mkdir+0x531/0xc20 [ 3523.680148] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 3523.684800] ? security_inode_mkdir+0xd0/0x110 [ 3523.689361] vfs_mkdir+0x3ca/0x610 [ 3523.692884] SyS_mkdir+0x1b7/0x200 [ 3523.696409] ? SyS_mkdirat+0x210/0x210 [ 3523.700281] ? do_syscall_64+0x53/0x640 [ 3523.705801] ? SyS_mkdirat+0x210/0x210 [ 3523.709669] do_syscall_64+0x1e8/0x640 [ 3523.713537] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3523.718369] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3523.723538] RIP: 0033:0x459a57 [ 3523.726706] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 3523.734399] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a57 [ 3523.741651] RDX: 0000000000000007 RSI: 00000000000001ff RDI: 0000000020000100 [ 3523.748911] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 3523.756171] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000007 [ 3523.763425] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 3523.998337] IPVS: ftp: loaded support on port[0] = 21 17:53:42 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5) setsockopt$inet_mtu(r4, 0x0, 0xa, &(0x7f0000000040)=0x3, 0x4) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x9, r0, 0x0, 0x0) ioctl$UI_SET_FFBIT(0xffffffffffffffff, 0x4004556b, 0x1b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000100)="347c92d0dbbedf6c59f317650c8d8bf83b4aae2c7661e968ecd089c514f373d0c3f73d5fd9012370cbd87aa7bdc5ac641930ce2b828d67543a5f6860cdf6672b63c756fe7959cc1be6d7e471ab93f8b1c15372a22cc9299bbdeb49906a44d9649a73c7b32b94826aacbf333fdc806e306930f9abc44c487b677e7a4c301784da40094055fcced418f01e5cc082f604d33781101d4e7d310780fc1d50ef04e32704f6d40abe5704071d9a062b95cd19ed0d0a380efb2941593e201eeadafaa616e0138e8198c9fdd54b6224") ptrace$cont(0x9, r0, 0x0, 0x0) 17:53:42 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc66) socketpair$unix(0x1, 0x80001, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$bt_l2cap_L2CAP_OPTIONS(0xffffffffffffffff, 0x6, 0x1, &(0x7f0000000080)={0x5, 0x8001, 0x0, 0x8, 0x9, 0x6, 0x6}, 0xc) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f00000002c0)=ANY=[@ANYPTR64=&(0x7f0000000440)=ANY=[@ANYPTR64=&(0x7f0000000040)=ANY=[@ANYRESHEX]]]) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:53:42 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x400900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x304}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x2, 0x0) tkill(r0, 0x3c) ptrace$cont(0x17, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000140)) ptrace$cont(0x9, r0, 0x0, 0x0) r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/commit_pending_bools\x00', 0x1, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0xb95e, 0x48022) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) getsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000100), &(0x7f0000000140)=0x8) ioctl$SIOCAX25ADDUID(r3, 0x89e1, 0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000080)={r2, 0x75f, 0x1, r3}) 17:53:42 executing program 5 (fault-call:3 fault-nth:51): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:42 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:42 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) openat$smack_task_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/current\x00', 0x2, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000040)={0x0, 0x0}) tkill(r1, 0x1) ptrace$setopts(0x4206, r0, 0x2, 0xa) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) [ 3524.461821] FAULT_INJECTION: forcing a failure. [ 3524.461821] name failslab, interval 1, probability 0, space 0, times 0 [ 3524.505923] CPU: 1 PID: 26915 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3524.512977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3524.522332] Call Trace: [ 3524.524927] dump_stack+0x142/0x197 [ 3524.528568] should_fail.cold+0x10f/0x159 [ 3524.532727] should_failslab+0xdb/0x130 [ 3524.536692] __kmalloc_track_caller+0x2ec/0x790 [ 3524.541348] ? rcu_read_lock_sched_held+0x110/0x130 [ 3524.546349] ? syscall_trace_enter+0x4c8/0xd40 [ 3524.550914] ? exit_to_usermode_loop+0x220/0x220 [ 3524.555652] ? strndup_user+0x62/0xf0 [ 3524.559439] memdup_user+0x26/0xa0 [ 3524.562962] strndup_user+0x62/0xf0 [ 3524.566572] SyS_mount+0x3c/0x120 [ 3524.570005] ? copy_mnt_ns+0x8c0/0x8c0 [ 3524.573877] do_syscall_64+0x1e8/0x640 [ 3524.577746] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3524.582576] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3524.587748] RIP: 0033:0x45d08a [ 3524.590919] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 3524.598613] RAX: ffffffffffffffda RBX: 00007f1d3bb83b40 RCX: 000000000045d08a 17:53:42 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = fcntl$getown(0xffffffffffffffff, 0x9) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x200000000d8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffd}, 0x0, 0x4, 0x4, 0x0, 0x10000000000000}, r3, 0x0, 0xffffffffffffffff, 0x1) sched_setattr(r3, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3, 0x6, 0x0, 0xfffffffffffffe00}, 0x0) migrate_pages(r3, 0x6, &(0x7f0000000080)=0x40, &(0x7f0000000180)=0x7fffffff) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000100)) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_vs_stats_percpu\x00') sendfile(r4, r4, 0x0, 0x3f) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r6, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r7, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) r8 = syz_open_dev$adsp(&(0x7f00000000c0)='/dev/adsp#\x00', 0xffffffff80000000, 0x40601) r9 = accept$netrom(0xffffffffffffffff, &(0x7f00000001c0)={{0x3, @null}, [@bcast, @rose, @null, @netrom, @remote, @bcast, @null]}, &(0x7f0000000140)=0x48) poll(&(0x7f0000000240)=[{r6}, {r8, 0x81}, {r0, 0x8000}, {r2, 0x8000}, {r2, 0x80}, {r9, 0x1}], 0x6, 0x7f) ioctl$UI_SET_PROPBIT(0xffffffffffffffff, 0x4004556e, 0x0) syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0xfffffffffffffffb, 0x0) ioctl$PERF_EVENT_IOC_REFRESH(r5, 0x2402, 0xf17) unshare(0x40040400) ioctl$SNDRV_TIMER_IOCTL_GINFO(0xffffffffffffffff, 0xc0f85403, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xc) vmsplice(0xffffffffffffffff, &(0x7f0000000300), 0x0, 0xc) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x0, 0x0) socket$inet6_sctp(0xa, 0x10000000005, 0x84) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x40d09) syz_genetlink_get_family_id$SEG6(&(0x7f0000000280)='SEG6\x00') rt_tgsigqueueinfo(0x0, 0x0, 0x16, &(0x7f0000000000)) 17:53:42 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) readlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=""/116, 0x74) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0xe) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 3524.605872] RDX: 00007f1d3bb83ae0 RSI: 0000000020000100 RDI: 00007f1d3bb83b00 [ 3524.613124] RBP: 0000000000000001 R08: 00007f1d3bb83b40 R09: 00007f1d3bb83ae0 [ 3524.620375] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 3524.627626] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:42 executing program 5 (fault-call:3 fault-nth:52): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3524.799521] FAULT_INJECTION: forcing a failure. [ 3524.799521] name failslab, interval 1, probability 0, space 0, times 0 [ 3524.810940] CPU: 1 PID: 26938 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3524.817968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3524.827330] Call Trace: [ 3524.829926] dump_stack+0x142/0x197 [ 3524.833565] should_fail.cold+0x10f/0x159 [ 3524.837727] should_failslab+0xdb/0x130 [ 3524.841708] __kmalloc_track_caller+0x2ec/0x790 [ 3524.846386] ? kasan_check_write+0x14/0x20 [ 3524.850625] ? strndup_user+0x62/0xf0 [ 3524.854431] memdup_user+0x26/0xa0 [ 3524.857972] strndup_user+0x62/0xf0 [ 3524.861607] SyS_mount+0x6b/0x120 [ 3524.865079] ? copy_mnt_ns+0x8c0/0x8c0 [ 3524.868969] do_syscall_64+0x1e8/0x640 [ 3524.872858] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3524.877709] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3524.882895] RIP: 0033:0x45d08a [ 3524.886082] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 17:53:42 executing program 5 (fault-call:3 fault-nth:53): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3524.893792] RAX: ffffffffffffffda RBX: 00007f1d3bb83b40 RCX: 000000000045d08a [ 3524.901057] RDX: 00007f1d3bb83ae0 RSI: 0000000020000100 RDI: 00007f1d3bb83b00 [ 3524.908325] RBP: 0000000000000001 R08: 00007f1d3bb83b40 R09: 00007f1d3bb83ae0 [ 3524.915592] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 3524.922859] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 3525.028731] FAULT_INJECTION: forcing a failure. [ 3525.028731] name failslab, interval 1, probability 0, space 0, times 0 [ 3525.042356] CPU: 1 PID: 26942 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3525.049390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3525.058751] Call Trace: [ 3525.061349] dump_stack+0x142/0x197 [ 3525.064989] should_fail.cold+0x10f/0x159 [ 3525.069150] should_failslab+0xdb/0x130 [ 3525.073131] __kmalloc_track_caller+0x2ec/0x790 [ 3525.077807] ? kasan_check_write+0x14/0x20 [ 3525.082042] ? strndup_user+0x62/0xf0 [ 3525.085848] memdup_user+0x26/0xa0 [ 3525.089389] strndup_user+0x62/0xf0 [ 3525.093017] SyS_mount+0x6b/0x120 [ 3525.096475] ? copy_mnt_ns+0x8c0/0x8c0 [ 3525.100381] do_syscall_64+0x1e8/0x640 [ 3525.104267] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3525.109126] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3525.114315] RIP: 0033:0x45d08a [ 3525.117500] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 17:53:43 executing program 5 (fault-call:3 fault-nth:54): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3525.125204] RAX: ffffffffffffffda RBX: 00007f1d3bb83b40 RCX: 000000000045d08a [ 3525.132468] RDX: 00007f1d3bb83ae0 RSI: 0000000020000100 RDI: 00007f1d3bb83b00 [ 3525.139735] RBP: 0000000000000001 R08: 00007f1d3bb83b40 R09: 00007f1d3bb83ae0 [ 3525.147003] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 3525.154269] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:43 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) [ 3525.265309] FAULT_INJECTION: forcing a failure. [ 3525.265309] name failslab, interval 1, probability 0, space 0, times 0 [ 3525.302726] CPU: 0 PID: 26951 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3525.309774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3525.309779] Call Trace: [ 3525.309797] dump_stack+0x142/0x197 [ 3525.309822] should_fail.cold+0x10f/0x159 [ 3525.309839] should_failslab+0xdb/0x130 [ 3525.309852] kmem_cache_alloc+0x2d7/0x780 [ 3525.321783] ? lock_downgrade+0x740/0x740 [ 3525.321801] alloc_vfsmnt+0x28/0x7d0 [ 3525.321818] vfs_kern_mount.part.0+0x2a/0x3d0 [ 3525.321831] do_mount+0x417/0x27d0 [ 3525.321839] ? copy_mount_options+0x5c/0x2f0 [ 3525.321850] ? rcu_read_lock_sched_held+0x110/0x130 [ 3525.329592] ? copy_mount_string+0x40/0x40 [ 3525.329606] ? copy_mount_options+0x1fe/0x2f0 [ 3525.329619] SyS_mount+0xab/0x120 [ 3525.329626] ? copy_mnt_ns+0x8c0/0x8c0 [ 3525.329639] do_syscall_64+0x1e8/0x640 [ 3525.329648] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3525.329663] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3525.329671] RIP: 0033:0x45d08a [ 3525.337753] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 3525.337765] RAX: ffffffffffffffda RBX: 00007f1d3bb83b40 RCX: 000000000045d08a [ 3525.337771] RDX: 00007f1d3bb83ae0 RSI: 0000000020000100 RDI: 00007f1d3bb83b00 [ 3525.337776] RBP: 0000000000000001 R08: 00007f1d3bb83b40 R09: 00007f1d3bb83ae0 [ 3525.337782] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 3525.337787] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:45 executing program 5 (fault-call:3 fault-nth:55): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:45 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x6, r0, 0x80, 0x2) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000040)={0x0, 0x0}) ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000180)="7fcd95355be3435c9073c5c5efa0fc868f71de51918e4ca4eae635f7b789f74b84cbb784d344380151a3acc3a001a65e615ad9ab75acd5d5112674173e53d55e19d4000f76237313ef1975267ee57c36c38575a2ecba30260fd9881febef2bb9084b05927cbd65c6efb39dbc06a3bc59dc76290cce289cbf32cbc31196c0491a") ptrace$cont(0x9, r0, 0x0, 0x0) 17:53:45 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x8, &(0x7f0000000080)=0xf9, 0x4) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000400)=ANY=[@ANYBLOB="5f454c47065b05007311625b1e43f0010bf32b9a993b89725d4d1c31090000173bd22023eb2be30c77a0ba068c2b206431cbfabdf1ba04fb7e92c1dda2de803ddf1eb6e00100db10c8203b9befd204603766a143dc457298a4a0c40bfdb8d1319b86120c9ff17bcb4a1ddd393d50a7b4eb3fc3df94dc8e42f51dd40bdfd0689be24d3f465f01ba7d2fd2348f3910f0b567feab1024e5545c8e2f4fb2b1f87dae23e4be2a374031cf106f8cc4951eb16c0c2007a2ae51e6705ef4c96aeead685ba8a3ce7009d0d35c7dfaeaa17a06888ae80990595c5a0920d575791269d11760ba875795e45962c5e9b44f753fbd2b6d42b0fc33c8ddb8b5bb25d4f3cf8a7893f375d1ac3f709a6d9be460643177d009a08dfeb8dd9d8dd811dafdbf6e891bd0fb35ced45262208b9fa230002bb571a322180a52fde0d66ba36c2f336d040ada505673e79f2fa40a161a63bf2d2e3229bd2110492f50e55a7bd8d21ec373efcc1c9de46416766e9103746f39d66611666b22613ba77ece8a272b79e19131b485c91642bb07b583ad1b9acddb7ccbfd23737e08d1c550ecb2a46f7ae0d7c03bac9b37cf3c67b13f08e011407610be2b120d9b52aecd4b6ef90ccc9ea117ce8ca22857fd578c4f79440a2f62c0129b6b00b7f673ee41171bd1ca7bbc1d102227ac54def8fba714eaf5b5f6d7aa21d3bd87fd335f86314846f42be07ec489b2824b795d22372e6e1f9712f14b506586f0547eae6a9fb5e596e2c67f9d3ae6350c2d5385812e56e2209ba26bf4abacb241298415999ed6838e2143c38ebb9b106b7b70805a7ee53dc40916a9f9de3bf1957499fbe456a7aaf22e"], 0xa) r3 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240)={0x0}, &(0x7f0000000280)=0x5) setsockopt$inet_opts(r3, 0x0, 0x8, &(0x7f0000000240)="92af5614c44977d13345ee4111974b2f9ea0ca4d7e60735f1f915c5d7a805b5c03cd62d8254a0000761bc6e1206ec24fb308ccd06761e0ebc8f62a88dc05c9c3fb5ca2bd57d05ef51073bd7b42d8f8598bd015f90c152957fd8b40f0755a146b73e90331233e8d4d8e6eff098be57ba3c6c009efda34dcc9a36a623af800bed53692dd96b53e0adaab65574a7c98fce2e2ccc0921c40ec4dca6dfa553ca4b5867d8b387ce8c2b399bb4538e42c5a241041bc163dea71cac8325d987046a18dda5551e4583d6036552a515ae9ba5e3bc20a399d3bd8eb13", 0xd7) close(r2) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)={0x4fc, r6, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}, [@TIPC_NLA_BEARER={0x164, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x3, @mcast2, 0x8000}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0x0, @mcast2, 0x9}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x7fffffff, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x8}}, {0x14, 0x2, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1a}}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x401}, @TIPC_NLA_BEARER_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffff4f8e}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}}, {0x14, 0x2, @in={0x2, 0xffff, @multicast2}}}}, @TIPC_NLA_BEARER_NAME={0x18, 0x1, @l2={'eth', 0x3a, 'team_slave_0\x00'}}]}, @TIPC_NLA_BEARER={0x190, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0xb0, @rand_addr="59ecf2156a45c15c32bdda213724c310", 0x400}}, {0x14, 0x2, @in={0x2, 0x4e24, @empty}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0x8000, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0x6, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0xfffffff8}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e23, @rand_addr=0xff}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0xffff, @local, 0xc4f}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e23, @multicast1}}, {0x14, 0x2, @in={0x2, 0x4e20, @multicast1}}}}, @TIPC_NLA_BEARER_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_DOMAIN={0xfcb9}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0x4c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7fffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x17f00}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}]}, @TIPC_NLA_MEDIA={0x14, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_MEDIA={0x118, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x4c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3ff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x4c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xe36}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x54, 0x2, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffff8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x200}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}]}, @TIPC_NLA_MON={0x24, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffffffe}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xe2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x2}]}, @TIPC_NLA_MON={0x2c, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x3ff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x10000}]}, @TIPC_NLA_MEDIA={0x48, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xf}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x400}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}]}]}, @TIPC_NLA_SOCK={0x30, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x80000000}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1000}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xb48}]}]}, 0x4fc}}, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r5, 0x10e, 0x2, &(0x7f0000000040)=0x1, 0x4) r7 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000cc0)=ANY=[@ANYBLOB="7044a8df97eb08ea3eabc494e7323fcdc5ee3adab92a8e2d398eecc4a339544521a223f9a29f059d28cecd2f6ac8110c1d85b9debcb5f6242dedcf03f55eef79e32f72db5d9f8b25014c3a5256a3289e57bed890353c799887569456cae098492bcb2c1168f8b84799c5e2edf2ba04a673c5fd0d0165e74c323ae44da52a0582da910253d95bf348d043c3db398d85f0bc2a9af04f523a5793b3552ff610d16f1db26088b7fac7de137383a2449be7d4e424c75f31e9", @ANYRES16=r4, @ANYRES32=0x0], 0x47a) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r8, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="14960002", @ANYRES16=r9, @ANYBLOB="010700000000000000000d00ffff"], 0x14}}, 0x0) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r10, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r11, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) splice(r8, 0x0, r8, 0x0, 0x0, 0x4) r12 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/enforce\x00', 0x8000, 0x0) ioctl$VIDIOC_G_INPUT(r12, 0x80045626, &(0x7f00000001c0)) 17:53:45 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = fcntl$getown(0xffffffffffffffff, 0x9) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x200000000d8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffd}, 0x0, 0x4, 0x4, 0x0, 0x10000000000000}, r3, 0x0, 0xffffffffffffffff, 0x1) sched_setattr(r3, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3, 0x6, 0x0, 0xfffffffffffffe00}, 0x0) migrate_pages(r3, 0x6, &(0x7f0000000080)=0x40, &(0x7f0000000180)=0x7fffffff) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000100)) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_vs_stats_percpu\x00') sendfile(r4, r4, 0x0, 0x3f) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r6, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r7, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) r8 = syz_open_dev$adsp(&(0x7f00000000c0)='/dev/adsp#\x00', 0xffffffff80000000, 0x40601) r9 = accept$netrom(0xffffffffffffffff, &(0x7f00000001c0)={{0x3, @null}, [@bcast, @rose, @null, @netrom, @remote, @bcast, @null]}, &(0x7f0000000140)=0x48) poll(&(0x7f0000000240)=[{r6}, {r8, 0x81}, {r0, 0x8000}, {r2, 0x8000}, {r2, 0x80}, {r9, 0x1}], 0x6, 0x7f) ioctl$UI_SET_PROPBIT(0xffffffffffffffff, 0x4004556e, 0x0) syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0xfffffffffffffffb, 0x0) ioctl$PERF_EVENT_IOC_REFRESH(r5, 0x2402, 0xf17) unshare(0x40040400) ioctl$SNDRV_TIMER_IOCTL_GINFO(0xffffffffffffffff, 0xc0f85403, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xc) vmsplice(0xffffffffffffffff, &(0x7f0000000300), 0x0, 0xc) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x0, 0x0) socket$inet6_sctp(0xa, 0x10000000005, 0x84) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x40d09) syz_genetlink_get_family_id$SEG6(&(0x7f0000000280)='SEG6\x00') rt_tgsigqueueinfo(0x0, 0x0, 0x16, &(0x7f0000000000)) 17:53:45 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) [ 3527.477768] FAULT_INJECTION: forcing a failure. [ 3527.477768] name failslab, interval 1, probability 0, space 0, times 0 [ 3527.509298] CPU: 1 PID: 26970 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3527.516404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 17:53:45 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$full(0xffffffffffffff9c, &(0x7f0000000040)='\x00\x00\xf8\xff\xff\xff\r\xff\xff\x00', 0x301500, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 3527.525787] Call Trace: [ 3527.528403] dump_stack+0x142/0x197 [ 3527.532174] should_fail.cold+0x10f/0x159 [ 3527.536383] should_failslab+0xdb/0x130 [ 3527.540509] kmem_cache_alloc+0x2d7/0x780 [ 3527.544848] ? lock_downgrade+0x740/0x740 [ 3527.549042] alloc_vfsmnt+0x28/0x7d0 [ 3527.552769] vfs_kern_mount.part.0+0x2a/0x3d0 [ 3527.557350] do_mount+0x417/0x27d0 [ 3527.560934] ? copy_mount_options+0x5c/0x2f0 [ 3527.565379] ? rcu_read_lock_sched_held+0x110/0x130 [ 3527.565394] ? copy_mount_string+0x40/0x40 [ 3527.565407] ? copy_mount_options+0x1fe/0x2f0 [ 3527.565419] SyS_mount+0xab/0x120 [ 3527.565427] ? copy_mnt_ns+0x8c0/0x8c0 [ 3527.565440] do_syscall_64+0x1e8/0x640 [ 3527.565453] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3527.574709] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3527.582650] RIP: 0033:0x45d08a [ 3527.582656] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 3527.582665] RAX: ffffffffffffffda RBX: 00007f1d3bb83b40 RCX: 000000000045d08a [ 3527.582669] RDX: 00007f1d3bb83ae0 RSI: 0000000020000100 RDI: 00007f1d3bb83b00 17:53:45 executing program 5 (fault-call:3 fault-nth:56): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3527.582674] RBP: 0000000000000001 R08: 00007f1d3bb83b40 R09: 00007f1d3bb83ae0 [ 3527.582678] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 3527.582682] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:45 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)=0x0) migrate_pages(r0, 0x8a88, &(0x7f0000000040)=0xfffffffffffffff7, &(0x7f0000000080)=0x7) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/autofs\x00', 0x200100, 0x0) ioctl$SG_GET_KEEP_ORPHAN(r2, 0x2288, &(0x7f0000000140)) tkill(r1, 0x3c) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) r3 = eventfd(0x1000) ioctl$FICLONERANGE(0xffffffffffffffff, 0x4020940d, &(0x7f0000000180)={r3, 0x0, 0x5, 0x3, 0xfffffffffffffffb}) ptrace$cont(0x9, r1, 0x0, 0x0) 17:53:45 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x82040, 0x0) ioctl$CAPI_SET_FLAGS(r1, 0x80044324, &(0x7f0000000080)=0x1) wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:53:45 executing program 0: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, 0x0, 0x180) r1 = getpgid(0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000000)=0x0) r3 = gettid() bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0x6d, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40), &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000018c0)={r3, 0xffffffffffffffff, 0x0, 0x0, 0x0, r4}, 0x30) prctl$PR_SET_MM_AUXV(0x23, 0xc, &(0x7f0000001900)="b5dbc888cb12dac2ee487b4e56ddf8b395b6e2af4e8dc473d6294555df50cfe8327c737f0e4139e3d01636af838f30f7d9d2379c01faf0b7397295ce8e0003971c01e281b19c62b42fe7286e5063d6d51ee6efa9a787927a758bd044803b488d77563780438e86cd1cd776df7ee4a9d9c1467a3fdde00dc7b4575bb43e59479544e62881c11dceaa19dd76713d02af39850adf65157f01646eb6f6ca0d07913c26ef516ce8c348541636e4de5bf640a1484fa2acfb563ab78aee66fa2681ff079d3237b0ca6db1fb2c83f194c3a3b8ab5aee306086b1dacd57009f283fdf9d8c31292c0e32f3e5a9080de0448d8391e9621e696ca3e52cfde4398283d5db4467ca88c1cead16d6c6957c4b6d0d251ad65e156eff3c6c78c9c4da3412047ebcfdd76599fe98e2213747fdbe9b1f916e335c15878d1b47b9e55f478d135f2d5bdc61cda2be440dbb0596c09e1bf7b4c1b7c3365cde5f4c5b9d915a7fd476ecd1902c0a56ebdf6db7cfbd60a31b6ee90e19b01a3cbbced04ace347cb3bedd1b8a37d17fa07e10b2e267b7ca7e8d00eaa965939ac49027a9ce6d5c98f083e32ae47e3f9857001d95c8a6df10944379185661657307d06b105b037818a41bb534c04596314c3b6323eea4446f4b426883816ed187b321c2feff3e68ea69714785daf4658ddefb5483233adf12754ef454d8fbd14564e35db6bbe00cb6a1cc2f916e6b814fe633af6d1c3d48fd8f045191e7b9039c2f26bc768ce161ae7e04e78338901054e2a0d05205bb13bef1aeaf9c5aa8460e252472be84d542b01a7bdfe2f1f2618413291d6c85e30a1c22e1934885a17e36c5d7bacc0a1314d0cdbe465cc476938cbe27f0390f49e50da9d6b16e9f66460eb9a478a3e08df902b5836b3dd2409523994afc07b31be56a2b374e0d13640a091ca17900691bda4d980d8e0382c666751c762c895dfe55840741e7b90003652f42ff87b0103e31af55147fc2a6cdb79cf44a5ef2dd77dbeff722ff5e0d828c1070291b71eba3fca0238a9bb018c554f909753f90a8181bdf5ba774f7be5ffe44f3f47a56e892f1d5dd83558591feeb22b14ca7a50bd116f095fdc26f33b6ba23fbe18aea25a72caff8b685519984eb3b4cf9946e72b964524242a79f2e937f41b46852ab1f5dbcb3e6318d4c288cd1731d571758688ce222f4a8fe71cb5311cbf1b60f4969691d8d9ff8bdd7b04f2a400572ed9193a0905f3ddae36132228c018bfa946803d3241a1fad546e6c77ccdf0d51869ada278ab79dd414d9702e561db0b592b5ec1262727e8b64aaea7431acc761ae340600dc786890c250ba45fcc2537cc38826ef59d4587d2db9492c0dbb1a226c3f7fcd9ed5cbc3fd8ddb56e8f358c21ba9c012f38fadd43e8996df012c8f81dbfed8a26d7b2e23754415ab60198a301f0dfe04b10c623ed25975fef85644118a43fcc7a28518579babe6f672f2f21c5c02a983e9bb0b4a3183b4c9e8065f5f05788f6a1677f1613906c06a0c9f5c0ff893acdaa3cec48ac7819393215d3c09eb75e6fe703101db866648fad136567a0ed238744384ef23396cdc4da2f7fea1242c87b267ac92f189a490b3eb5967c1e97a72f44e0f63255d1cf143766ea15c4c9924179115c8cf49af16b386f2047f0f0b6f1cd8a5327db706ccd2b36947ce211799f72f845411d4e94b69abf784822db9481bd1a936aeec86c64dd2baea44b5d2d10cfd02ab0aeccd1f8f3bc65f93c54ccc78cf53583700cfce717a823e55cacec4a57c1fc6fce251eda0e81ecd0882451ab2f00588bc27f70a7b217d90b6b97d0c5389b84d4af8d25ddb2e3b55ccc19a812e77f799981942799e93663d510e3a7a8473e1dd0ba93f0540d959307bd0f01c8b0a3a018d1152cc156415149ba0a1acc8b9fe76398186e192d81552b760d407d7d44db557611765331c8382fe2019a44f64d982b2926c2396719ed9898b4ad4b3626063174223297cef3853fb305b33d74791510ac58bb070842bd6f4076cf7e1ca7846561c723be826a34a1bd77798523fcd4d30ee8359dd9da42056188b80b685ce7c11e9843976a9b0697113c159d87a0f841a0f1fa9534f5db47eadb9a6f6261caf00785845ec6f4818e62ea07457306d286d1071fe258e2b37d00bb6e12718fbaa2ba6cdc61f4db07f7c3d8945f62b58964a0ce23d063e75f9533ee06c6528e2367b0341fe6a96495ec20b4167200442bb9725f5996191ec2958fbcf4c6d1420b61b94401f076c68da0c79a8938907385e77d227fe2d2eee4533a99ea65dd41c3d4892f785dae81d26dcfa5d9baa5ceda55003480dd7260fa0df01c99d8d0a7023b43547350c9dd1fdde021ab4eb2b54c19c1e028d351c4b474b8fdc36d7a60c1b198c581fd2cec035c269ed6b6713cc54ccbc646c0d1e7d1e58ee0fecdbd72ef1869dcad1fcd49c4545829f3ee86317bf06b6793824d0117253ec86b6a8e8de34e237016220c1f1ba0118d2d1380beeebf9af8f0bcbdf73c728f19dbd4cfd62eae073dd44b18fd5f959e7a4ae10ab6d0c7e14f2367216d132ad3685a416a0620783d1d32f0fc028baaf2510ec6967d3ec224923d13a31f5dc240fd8b937745c79bb67f46613e3d041f327c075c98dda1d996d82e008253a715d51935b848f8ff5856edca31faabea5ffb1b5f22f162267351befd2b3163ee9e8767c8b12a2f685be927de6a13e6361af197b4e106ee77bcdf33a870f65ce4ccdcf1ea6bf252de1d2efea18f14b31e7e8ed3ba5f0d51c459ca06eebf8e72077959670c53fb5c824b5e421988890a17b3e71925e51b559e083f3c161429aad25d18f5653a048c62f0229e0f6275d230ca2af205efe3939e8f96de771e74b98e5c16d0fb49cb05244076bea77316f298f9fa089f0fd1a4a93d863cdbae155af2c11e4685b34df287ff5034d68e0228043466e8f5e1f25257c17a27a267f6d75a66768cb06128617d3647a8e1040824adc0ac48430eaa49dca8a2d651af53f1ba04caa08e78dc43706c36634a12eb8a4b7aee6978a86dd25da0267abe3e195a312e4df1d1b1a114c9e6a771a5a68fc7401f529de9c8f555d8dabb32cdf788d67bc5c7e66e962312503100d1342f4783fdac57663a8adf884a4b3faed1747df906590869399790d1365d8942548d4150efd72f2321b222c5a1828fdf1f9bf9830807d070f2069c1d90d16cb28cdfe13988c28ec43427ef40a634d05b6161273a46f9b7fe6f7040b555375528dba3fa7805b4eafd876c768041f006cd7f796ae8d817daf8c65c72b0bd131a334ca8f7e9bf4afb12351be4c9f2e356f3c7238f195d430cd253846fd5a07b419059ae8702776bf3a3a031201721083f4865aefb44972cda882d12d4d8e7d3e677116a9cb387488f1591892fad0b61ab59da6b800eb52ed348aae2be9e4a9abd597bba4094f5237f4cc8783eefe6fe78e48548b5ed99810cde31511eccf19f59f1a3fc248cf5be31cf32f773d4ebe7193ee1b682fe99c2c59d2e7373ded0a12909d0dc1068490164679c3af9c744980c766d95f13fff673ef7e44bd18b118aba5e3933723fadf9af9561f8e503da60151533733cd60655b46920267abd6dd52381da861445a8c5cd724d7cd2050f2f3e33d85a1601f16f1bf74172b8f8dba0322056088372accf3100edd1b210c8fc4f30477643da46c830604c39a857ba158166664cf5bfe3883502b237280e653759b8aece68155e9e4ceeed6b464467a7c6d6bb8c91843e81257997feb78e067e00b22536c58f74a59f14c8df8ba7ac6ba681d7ec9394431c07d93aad45065fc4b26fc17281ab0b7bb03fbdf0d9ac263ea769e89d6d63ae45c95feceb9aeb759465aba0f7edee91c05eb0381f4ae431125a5351cd40de69883c4e359c45d17ef72be737ea265186870336293d5fc3adfc09a21cfd5d314f420528c0d991ba65cccd8845c219fdf565e01e3b850b4544eb4159348b072a725dcbfee40faec4f89d740506488f2a9eb13f0709ee4e0852986192c129baf5d920823db964486a8b5b7f51bc4f9b9b8a8d30230779ff42f235aedc1038bfdc9cc59c74882b8a4e8c9a70f2c79d774cb9ab76a472f2ec7d35ba50256ca9467dca499bc45b53eb98446e7536501675799c1979fbd61abf64a120b15d6b1d1084da6fc7c430bda97e9b035f6da566f5e0d74ffe6b5daa72e57191551c0e58750906ff1f5070ee080ab455770d08e3e2048088ddf662c1b482bf5c1b87163dab752720d5e04967cc4655ec7c24bed1dbf5fd3cd0e730e42a906c2c5097a1887f2b74f5d3cbbe581d36c226e09eead2eaf6b25c204679dfa68349bfce61747a5f0fac27352305af69f72c5e1a230fb77990fd47faea6267de8f6621a744d126a0d82bf328cb3203a592906f0edf28b259aa6d181866898aff59f545a9b8852e7f39953a12a22bfc7dd9a3074ad25f4d0eb622513ebc9b02e8f813b02c4b78ebd32012771dc4114507fb9c73fe388f72ab47dce640ed47145cc738769ecb4ee3991238dd2a57dd882b7850e050f8c3bee7675d1ad0040dd90563841c69b5aaab26d9691c42a09275b8d82ccb5a03da766dd3a743de0cbbc7326fa27b2c2289aa682095b60265e51a4fcb00c01e30bdebcd202ac645aecfc51f68b1fc6e540142661f1205060b8475ea8a652e8c220a33238a97253591bc980443656980c92c5836993c8bac1d2204bb1c27bf6b6f696258e0cffae77d325093ab0976a16bf04085d32939963076b8494d768208ef2f0778276f3f39420881c7539eaa112bdc85f3a8fc6230e9402b355516b2cdff7a9f2c74af75485e372731c2b4f4507f5d56778113fe4022cc49c7d19587b53293f80661d1417e17a25f5d6a93fe06cf524a6884686f23fa418f7ed812b7c84b1ada7f13af78f021d1dccb2dadffcc7121738b842ce98f583f9827920df50f314321e7d084efb0c5a38ee2ee928cf0b6ad20e4281d33183960a75f76de17b18c490f14043a1fb1d880947ef0ebb21d795dde70979fe29a765c6933aa7c016a13bb07334d5f006063b5f76b6c2bca3a9a7a8f3c3a79b685a68fc492c898dc7689ad1e5cc7120a720eded6977a783336819d04d78011a5eb30d50ea6e99775ab604dcc46831ffa10c7149158a579d729ba67ae22fd2d32fae7aa25c8897a7f390c0eb77cb5f52ca8bab8f6be8f14e5243269d9aec8abe4a85dfd912e5e10df176036d6e764d90ed8b28a9ad92df33ccc966934d032650a1cb01b57f1fdc992dd2f81abe4c59c80c5ad7540d9641dcc705d799a04044dc21b2c1e4fa67e24f8d21bbe3039bdd55ba62a5b18803b422a40881d1641fa5792a3c20aab8a8f6290b580395868c11e5e106f4dbd6e97ed6ce2f07fd2215cd164678f60bc1ccfe14caad1284535cda26ff6985f61ccc7b6d5c714bee1e09c5991a102e96edf882775ce1510e852d38e57b3316db2243533c50f0024153ee28d147067292e91983a8673e46d5a34f2465744ab05e47758e5f5c9bcb2b3db58882605953d0f2bbdd405f933ed9b28ba2252d4a77fae692df2fb3865544540a931a139cacf7402d63e70449d94c2ba6ec38351daae814c27d4c24b17b0ccaa10ae6f3f5f7ac3e85fb00c1bfb9de16c3f719e4c2531e2bb8097eacea9a57544e137dd6a15d8ba95f026dbbbfaec960ea3898610424350126b6285683f6225b14dac257e627422fa15c2f76cd4802388234bd5ba562158161e8d696017caa1dcd120324861eecc85715fa5b7fdcaeef5c0c5d186495c2bd9cacfadbddc54b3c", 0x1000) setxattr$security_capability(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='security.capability\x00', &(0x7f0000000240)=@v3={0x3000000, [{0x8d7, 0x6}, {0x1, 0x1000000}], 0xee01}, 0x18, 0x5) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000)={r4}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x5, &(0x7f0000000000)='comm\x00', r4}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r2, 0xffffffffffffffff, 0x0, 0x17, &(0x7f0000000040)='net/ip_vs_stats_percpu\x00', r4}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r1, 0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', r4}, 0x560) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, r0, 0x0, 0x0, 0x0, r4}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000000)='/loproc(\x00', r4}, 0x30) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000700)={r4}, 0xc) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) ioctl$CAPI_REGISTER(r5, 0x400c4301, &(0x7f0000000280)={0x3, 0x36, 0x1}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000140)='\x00', r4}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x16, &(0x7f0000000000)='wlan0em0\\\\:[:selinux+\x00', r4}, 0x30) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000080)={r6}, 0xc) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r9 = dup2(r8, r7) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) mlockall(0x3) [ 3527.774313] FAULT_INJECTION: forcing a failure. [ 3527.774313] name failslab, interval 1, probability 0, space 0, times 0 [ 3527.799533] CPU: 1 PID: 26996 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3527.806616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3527.815989] Call Trace: [ 3527.818603] dump_stack+0x142/0x197 [ 3527.822251] should_fail.cold+0x10f/0x159 [ 3527.826419] should_failslab+0xdb/0x130 [ 3527.830401] __kmalloc_track_caller+0x2ec/0x790 [ 3527.835074] ? kstrdup_const+0x48/0x60 [ 3527.838962] kstrdup+0x3a/0x70 [ 3527.842150] kstrdup_const+0x48/0x60 [ 3527.845871] alloc_vfsmnt+0xe5/0x7d0 [ 3527.849587] vfs_kern_mount.part.0+0x2a/0x3d0 [ 3527.854105] do_mount+0x417/0x27d0 [ 3527.857672] ? copy_mount_options+0x5c/0x2f0 [ 3527.862090] ? rcu_read_lock_sched_held+0x110/0x130 [ 3527.867123] ? copy_mount_string+0x40/0x40 [ 3527.871387] ? copy_mount_options+0x1fe/0x2f0 [ 3527.875885] SyS_mount+0xab/0x120 [ 3527.879334] ? copy_mnt_ns+0x8c0/0x8c0 [ 3527.883248] do_syscall_64+0x1e8/0x640 [ 3527.887146] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3527.892004] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3527.897202] RIP: 0033:0x45d08a [ 3527.900391] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 3527.908099] RAX: ffffffffffffffda RBX: 00007f1d3bb83b40 RCX: 000000000045d08a [ 3527.915456] RDX: 00007f1d3bb83ae0 RSI: 0000000020000100 RDI: 00007f1d3bb83b00 [ 3527.922720] RBP: 0000000000000001 R08: 00007f1d3bb83b40 R09: 00007f1d3bb83ae0 [ 3527.929989] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 3527.937446] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:45 executing program 5 (fault-call:3 fault-nth:57): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3528.045219] FAULT_INJECTION: forcing a failure. [ 3528.045219] name failslab, interval 1, probability 0, space 0, times 0 [ 3528.065599] CPU: 0 PID: 27013 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3528.072657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3528.082014] Call Trace: [ 3528.084607] dump_stack+0x142/0x197 [ 3528.088254] should_fail.cold+0x10f/0x159 [ 3528.092414] should_failslab+0xdb/0x130 [ 3528.096393] __kmalloc_track_caller+0x2ec/0x790 [ 3528.101064] ? unwind_get_return_address+0x61/0xa0 [ 3528.105995] ? __save_stack_trace+0x7b/0xd0 [ 3528.110341] ? btrfs_parse_early_options+0xa3/0x310 [ 3528.115362] kstrdup+0x3a/0x70 [ 3528.118560] btrfs_parse_early_options+0xa3/0x310 [ 3528.123407] ? btrfs_freeze+0xc0/0xc0 [ 3528.127989] ? find_next_bit+0x28/0x30 [ 3528.131878] ? pcpu_alloc+0xcf0/0x1050 [ 3528.135770] ? find_held_lock+0x35/0x130 [ 3528.139925] ? pcpu_alloc+0xcf0/0x1050 [ 3528.143820] btrfs_mount+0x11d/0x2b28 [ 3528.147619] ? lock_downgrade+0x740/0x740 [ 3528.151763] ? find_held_lock+0x35/0x130 [ 3528.155822] ? pcpu_alloc+0x3af/0x1050 [ 3528.159714] ? _find_next_bit+0xee/0x120 [ 3528.163862] ? check_preemption_disabled+0x3c/0x250 [ 3528.168875] ? btrfs_remount+0x11f0/0x11f0 [ 3528.173115] ? rcu_read_lock_sched_held+0x110/0x130 [ 3528.178136] ? __lockdep_init_map+0x10c/0x570 [ 3528.182642] ? __lockdep_init_map+0x10c/0x570 [ 3528.187130] mount_fs+0x97/0x2a1 [ 3528.190492] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3528.194997] do_mount+0x417/0x27d0 [ 3528.198540] ? copy_mount_options+0x5c/0x2f0 [ 3528.202934] ? rcu_read_lock_sched_held+0x110/0x130 [ 3528.207945] ? copy_mount_string+0x40/0x40 [ 3528.212175] ? copy_mount_options+0x1fe/0x2f0 [ 3528.216689] SyS_mount+0xab/0x120 [ 3528.220128] ? copy_mnt_ns+0x8c0/0x8c0 [ 3528.224009] do_syscall_64+0x1e8/0x640 [ 3528.227883] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3528.232722] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3528.237900] RIP: 0033:0x45d08a [ 3528.241079] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 3528.248867] RAX: ffffffffffffffda RBX: 00007f1d3bb83b40 RCX: 000000000045d08a [ 3528.256117] RDX: 00007f1d3bb83ae0 RSI: 0000000020000100 RDI: 00007f1d3bb83b00 [ 3528.263370] RBP: 0000000000000001 R08: 00007f1d3bb83b40 R09: 00007f1d3bb83ae0 [ 3528.270623] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 3528.277885] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:46 executing program 2: mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) mount(0x0, &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f0000000300)='tracefs\x00', 0x0, 0x0) symlink(&(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', &(0x7f00000002c0)='./file0\x00') perf_event_open(&(0x7f0000000340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x401}}, 0x0, 0x2, 0xffffffffffffffff, 0x1) creat(&(0x7f0000000780)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', 0x0) unlink(&(0x7f0000000000)='./file0\x00') r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r0, 0x89e1, 0x0) ioctl$KDSKBMETA(r0, 0x4b63, &(0x7f00000003c0)=0x9) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl\x00', 0x42000, 0x0) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) accept(r5, &(0x7f0000000200), &(0x7f0000000280)=0x80) ioctl$MON_IOCX_MFETCH(r4, 0xc0109207, &(0x7f00000001c0)={&(0x7f0000000100)=[0x0, 0x0], 0x2, 0x7}) 17:53:46 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:46 executing program 5 (fault-call:3 fault-nth:58): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3528.388800] QAT: Invalid ioctl 17:53:46 executing program 2: socket$packet(0x11, 0x0, 0x300) r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/policy\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x12, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r1) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f00000005c0), 0xfffffffffffffefc) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) stat(&(0x7f0000000040)='./file1\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000180)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r7 = getgid() getresgid(&(0x7f00000001c0)=0x0, &(0x7f0000000400), &(0x7f0000000540)) setresgid(r6, r7, r8) getgroups(0x3, &(0x7f0000000540)=[r4, r5, r7]) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000580)={r3}, 0xc) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000100)={0x5, 0xfff8, 0x0, 0x0, 0x800, 0x11, 0x7, 0xd3, r3}, &(0x7f0000000140)=0x20) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000380)={r9, 0x87, "42de2700f039694f0005066599cf5d25b31e2d7555363bf8a008359bd2e962615b06ec234416bfe5543bb35d251bb407626e209e6cbe15c4cdc37ad2275cf3f65e0426e21a564add533dd5d5bc36478955f27e5605b36a50bd91759c08a1ea95536996761b5534a6783478224919a50a8833fe33e2bedd77d6669c523cd0b8e32efe5dff9684e5"}, &(0x7f0000000180)=0x8f) socket$inet6_tcp(0xa, 0x1, 0x0) r10 = syz_open_procfs(0x0, &(0x7f0000000200)='net/igmp\x00') socket(0x800000010, 0x1000000002, 0x0) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) write$binfmt_misc(r0, 0x0, 0x0) ioctl$sock_SIOCDELDLCI(0xffffffffffffffff, 0x8981, 0x0) sendmsg$TIPC_CMD_DISABLE_BEARER(r10, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r11, 0x40086602, 0x400007) r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00\n\x05\xb0\xc3\xffc\x1f$\xb4m\xe1\x01\xfc\xff\xff\xd82R\xaf0\'\xe6\x96\x9f\xa5\xeb]]\'HP\xf8\x9bG\xb3\xfc^\xb6\xe8\x8f\xbf\x9a\xea\x9e\x8a\xb0)N\xcb\xcc\n\xcc\x03\x9ca\x90', 0x7a05, 0x1700) write$cgroup_subtree(r11, &(0x7f0000000040)=ANY=[], 0x0) write$cgroup_pid(r12, &(0x7f0000000000), 0x10000000d) [ 3528.426011] FAULT_INJECTION: forcing a failure. [ 3528.426011] name failslab, interval 1, probability 0, space 0, times 0 [ 3528.441725] CPU: 1 PID: 27025 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3528.448769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3528.458126] Call Trace: [ 3528.460725] dump_stack+0x142/0x197 [ 3528.464362] should_fail.cold+0x10f/0x159 [ 3528.468523] should_failslab+0xdb/0x130 [ 3528.472500] kmem_cache_alloc+0x2d7/0x780 [ 3528.476650] ? check_preemption_disabled+0x3c/0x250 [ 3528.481673] alloc_vfsmnt+0x28/0x7d0 [ 3528.485391] vfs_kern_mount.part.0+0x2a/0x3d0 [ 3528.489890] ? find_held_lock+0x35/0x130 [ 3528.493950] vfs_kern_mount+0x40/0x60 [ 3528.493967] btrfs_mount+0x3ce/0x2b28 [ 3528.493976] ? lock_downgrade+0x740/0x740 [ 3528.493987] ? find_held_lock+0x35/0x130 [ 3528.501555] ? pcpu_alloc+0x3af/0x1050 [ 3528.501573] ? btrfs_remount+0x11f0/0x11f0 [ 3528.501587] ? rcu_read_lock_sched_held+0x110/0x130 [ 3528.501606] ? __lockdep_init_map+0x10c/0x570 [ 3528.509782] ? __lockdep_init_map+0x10c/0x570 [ 3528.517873] mount_fs+0x97/0x2a1 [ 3528.527338] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3528.539641] do_mount+0x417/0x27d0 [ 3528.543163] ? copy_mount_options+0x5c/0x2f0 [ 3528.547554] ? rcu_read_lock_sched_held+0x110/0x130 [ 3528.552552] ? copy_mount_string+0x40/0x40 [ 3528.556769] ? copy_mount_options+0x1fe/0x2f0 [ 3528.561259] SyS_mount+0xab/0x120 [ 3528.564688] ? copy_mnt_ns+0x8c0/0x8c0 [ 3528.568559] do_syscall_64+0x1e8/0x640 [ 3528.572425] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3528.577338] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3528.582508] RIP: 0033:0x45d08a [ 3528.585735] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 3528.594298] RAX: ffffffffffffffda RBX: 00007f1d3bb83b40 RCX: 000000000045d08a [ 3528.601642] RDX: 00007f1d3bb83ae0 RSI: 0000000020000100 RDI: 00007f1d3bb83b00 [ 3528.608899] RBP: 0000000000000001 R08: 00007f1d3bb83b40 R09: 00007f1d3bb83ae0 [ 3528.616146] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 17:53:46 executing program 0: shmat(0x0, &(0x7f0000bdf000/0x3000)=nil, 0x5000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r0, 0x89e1, 0x0) ioctl$sock_inet6_udp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000180)) shmget(0x1, 0x4000, 0x80, &(0x7f0000be0000/0x4000)=nil) r1 = shmget(0x0, 0x1000, 0x54000042, &(0x7f0000be3000/0x1000)=nil) ioctl$KVM_TPR_ACCESS_REPORTING(r0, 0xc028ae92, &(0x7f0000000300)={0x200, 0xfffffffc}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r2, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r3, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x96000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r4, 0x20, 0x70bd29, 0x25dfdbfd, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x2, @link='syz0\x00'}}}, ["", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x40802}, 0x8000) ioctl$IMCTRLREQ(r0, 0x80044945, &(0x7f0000000040)={0x4000, 0x493d, 0x20, 0x81}) shmctl$SHM_STAT(r1, 0xd, &(0x7f00000000c0)=""/175) [ 3528.623397] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:46 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) r1 = syz_open_dev$vcsn(&(0x7f0000000200)='/dev/vcs#\x00', 0x8, 0x189200) connect$ax25(r1, &(0x7f0000000340)={{0x3, @default, 0x8}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='/\x02roup.stap\x00', 0x2761, 0x0) r2 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040), 0x2, 0x0) write$cgroup_int(r2, &(0x7f00000002c0), 0xfefe) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='vcan0\x00', 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000440)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r3, 0x423}, 0x1c}}, 0x0) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1100}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x30, r3, 0x400, 0x70bd2a, 0x25dfdbfe, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x1, 0x8, 0xa4, 0x1}}}, [""]}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x40000) sendfile(r0, r2, &(0x7f0000000100), 0xa74) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000240)={0x0, 0x4}, &(0x7f00000003c0)=0x8) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r5, 0x84, 0x5, &(0x7f0000000480)={r4, @in6={{0xa, 0x4e23, 0x20, @local, 0xff}}}, 0x84) 17:53:46 executing program 0: r0 = socket$inet(0x2, 0x1, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x9000, 0x0) ioctl$UI_DEV_DESTROY(r2, 0x5502) socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000017000)=0x8008, 0x4) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @multicast2}, 0x10) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000356ffc)=0xffffffffffffff40, 0x4) bind$inet(r0, &(0x7f0000e15000)={0x2, 0x4e20, @empty}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f00000a2000)={0x1, &(0x7f0000f07000)=[{0x6}]}, 0x10) listen(r0, 0x0) 17:53:46 executing program 5 (fault-call:3 fault-nth:59): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3528.978550] FAULT_INJECTION: forcing a failure. [ 3528.978550] name failslab, interval 1, probability 0, space 0, times 0 [ 3529.018805] CPU: 1 PID: 27054 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3529.025863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3529.035219] Call Trace: [ 3529.037809] dump_stack+0x142/0x197 [ 3529.041436] should_fail.cold+0x10f/0x159 [ 3529.045597] should_failslab+0xdb/0x130 [ 3529.049575] __kmalloc+0x2f0/0x7a0 [ 3529.053106] ? find_held_lock+0x35/0x130 [ 3529.057153] ? pcpu_alloc+0xcf0/0x1050 [ 3529.061024] ? btrfs_mount+0x19a/0x2b28 [ 3529.064986] btrfs_mount+0x19a/0x2b28 [ 3529.068774] ? lock_downgrade+0x740/0x740 [ 3529.072909] ? find_held_lock+0x35/0x130 [ 3529.076967] ? pcpu_alloc+0x3af/0x1050 [ 3529.080858] ? btrfs_remount+0x11f0/0x11f0 [ 3529.085080] ? rcu_read_lock_sched_held+0x110/0x130 [ 3529.090085] ? __lockdep_init_map+0x10c/0x570 [ 3529.094561] ? __lockdep_init_map+0x10c/0x570 [ 3529.099054] mount_fs+0x97/0x2a1 [ 3529.102407] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3529.106886] do_mount+0x417/0x27d0 [ 3529.110407] ? copy_mount_options+0x5c/0x2f0 [ 3529.114803] ? rcu_read_lock_sched_held+0x110/0x130 [ 3529.119799] ? copy_mount_string+0x40/0x40 [ 3529.124018] ? copy_mount_options+0x1fe/0x2f0 [ 3529.128495] SyS_mount+0xab/0x120 [ 3529.131927] ? copy_mnt_ns+0x8c0/0x8c0 [ 3529.135796] do_syscall_64+0x1e8/0x640 [ 3529.139665] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3529.144504] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3529.149682] RIP: 0033:0x45d08a [ 3529.152864] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 3529.160555] RAX: ffffffffffffffda RBX: 00007f1d3bb83b40 RCX: 000000000045d08a [ 3529.167840] RDX: 00007f1d3bb83ae0 RSI: 0000000020000100 RDI: 00007f1d3bb83b00 [ 3529.175098] RBP: 0000000000000001 R08: 00007f1d3bb83b40 R09: 00007f1d3bb83ae0 [ 3529.182354] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 3529.189607] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:48 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) r2 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0x0) keyctl$restrict_keyring(0x1d, r2, &(0x7f0000000140)='trusted\x00', &(0x7f0000000180)='/dev/btrfs-control\x00') ioctl$SIOCAX25ADDUID(r1, 0x89e1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000000)={0x3, 0x1, 0xfffffffe, 0x80000000, 0x2}, 0x14) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) ioctl$RNDADDENTROPY(r1, 0x40085203, &(0x7f0000000380)=ANY=[@ANYBLOB="030000000010000072c940868f04f8601aaace196abe7ec88ed5e50a1b5cc1a7c675f37ab48d26b1df95e4e4e2ad5e87561bf015ce5ac77e4be964d868b71f3015171390e692a63a4b704d2d4d350d195f45a89c2b7c235f6b65daf0bf096d348fa984867dbe51a194041dd5168ae0c9de5f978452985fdb2c5a230ef406e39ef22051ec42d375b6512fc62e5f7b9c72f528348573baba23d11ef1e306ac606d8071589e1699fdb121757176e85f4e52980c9be4811671a411e621e63dd3f825f4e482120d926c4635d0bb5f8e46afd888cd96d0b92896837e956cb5a97f94d5346dfeef0f0beebc4c8ce4a53245243b73faf74dee045ebb6f4dcf3b6111921ed1a793625f22809e7f88f923cd286aed61cd5427f299435bc1268f33385862386f9ec59022d489f8c9ef2e64e0d78bb744584b158949ba4eb4a2bd83ae33d61d67fd69be6cf6c9c0761bc11a624136585dbdee0ea1dfdd212df5d62dc18c47c820a09c955e15c021c0528d3e8b8663d252a12f00bae80d39b89a407eb3c2c644006ede3d1374fb1c56c344be5732a71883498f2a813ca6fcf39ed0d4ea93e61c99727ad7dd684b672b5000da9d474788daaf2814b40f681bdbfe6d67c08652ae456bec66c23c1217c4c9215f7b08a75607e7d5413323e984f73ae661eec3727ab61f0e9761e5eb04e6f2b5115237bc89cf19090065a3da01460f643232a64141dd122f5ebc969cb741b2f5d72a7bba488aa0aefd126fe72c553812fa1d7eae10c870202301c98616085ef863f72ef6b0b26445999cca4ec1166e52a0bc0d1dccb85d40b683dec708ee750877fba7eadb6bd8e55e81fddd517ab29aa1506a4c15d83173cecca0424feb6e7c6532baec6173eeba0754dcdd4ef6a55ca89a4d2d2a47451be48ee099ecce9d7f222c114a1c60f083ac97daf34605bb9cac767663bc3097d976bc2877f26d41cb1d0af7ad4561420ea55301c8b7cc0641c0e30a7cd7315e35a6d205b0fd20f9d383f1a050300dddf03fff21183e72e8d715655ea7997758d31714a9da3ab3be6945dc8b3568a3eaa481511c09bc23d8d5bbbeb2a53dfb27b8209a6355fc77b7854c9281f9da4d79f6b0752e3aad9d629832aa22a1ae2d0db2bc8f7eb51dfc1097a140cd5637dd5f40d94b974d05ab7414a1e38c032a1eb05454a48a869a4efa1485e5e14891c7afaa2ebbe19a3756bdb069888dc5bc83fe3b4581019c5cda74d568c9ba57ade32c5965670ffc04767aa1b4be94f25c00387fdcdcddd5a73d250a3c7f26047283935ba52d482f4e8f8c202d56022eb219caaff0a3609a6962c7d6feeeaccfc1791ea57b55994aa5e8436e8da951c0cde6fed76cba1422880a5944cc4647dccf78615ef08edf3e699760788746b8e5519eeb1a03b3fa3e6f02b6a62e480d772ae306825554bba6cdd9849353d9c3a7cfda1dc182ea9d83340d23b27303063a80ec233c6c2f037e30fae41f46d3e42f3e453ae0b8ec8745fe77bec2133a5279a896034ee6df7903ad57e3718564b3470c56ebf7a2be379b33f7608666d9a016d34428b0b9f77f8ccda9b22c472c272226a3f60d67c45799dbe94b94dae542d6505c31fb4db4682ef195ed6ef3e678cb201d03505a2fee2504636ede99e2b444a5c045d11ba62b9eeb1590c5c64a9df2bccfc349df83f4501ec397031bd541de998bff2830ed80b2151bfc6926683ac2a8f3eded711b98e9351365a9a04896b333bca0062b499862192e6602df1a747124149445edd028cc0d061783a49890d445412298b1dea641432a9e631da5abc9a7c1bd7c3f7ecbae130ea5a19d4a86080811e8c31583b254503a4ee4967d7fdd6cde22c90f71df009f29ce6810e624143d1c3579e0d905c6b8e64fd42872e2ecf100691a638fbab3b76cc1294e109a1bebf6fa6d48bec7f3be0bcc1c44197fdd11fbfc484a1d4d7c03852fffbec82501709f99a78395ff05373e817d3ffd86f1045d0fed8bcc6a852b012c8fafc13dafa9805edc9bf27cf3d179770fc125e6df6355159976a62cc6ede52916aba8932eba6c7af105c11d2ca7dc73018ba99afd6198c744a93289dd8c89f16533e1c0e7a6d54c535581179d5fb0b51968353bf3b36c3b7de2091f3fa03e38a381051fe6f4b87039733500765c992644daa7c743ee10f1123b127910a40b009c51ca756c43c66738d2d9c87197577d324bef0b54ef06e9557e29a63b5ea97f1b2add5a4f55ce3d1258eeb04997ffa155afc8cc75b32936392ddb1774c86e8d7d1c35ea0ccff783be6e1f35878d3bff140311b86af508b87d57e641fb00e2be401f4a53ffc9343769774d9c7d76e8a475d2a2f86447aa8052940adbfe7cf60095b892772e8807abf5cd04d018dd0f73b2f4620849059577019bd28eb0eb32ffdee9613bba248b06ce91f533fa709f127142d3cbb9d2b17ae1b65c5af915f2714ee6ce80eb5a929314f912607b727af8e44cabace105aa25a78243a71c00ce8e4efc1c7ae0b3f83e56230ea70a553004ffee1ff8dbb6b7014fbd68861f39f49d42191b8561ceed392100bcc48e2ba17427058b8c1d5f30b3d8546bc2fd84fc011e7ae2a33f10900d159f178cbf69c5ac5e359f4f7f64ea142ae380bbbd4fae8346ee409d12b7d5c1e817d31c5b9f66d1ab23c8fe92ce8c74c23d3acd499632dd9c5f8a1ac07bdeccce010a3b91364fc654be9f27c0ddebfe46db574d3ba74551b45cf6b735807d23602c99d093e4ccca28089b7e682ff1220f8487b887849e38c1c38f7ef4400002c0bf62c64dbbb84e44f7683e4cb521d351ecde71367f9f9ed03967d53b596c59fd77b56291389670b14c6dc08448697f1ee164988b7c9f09a7a5895b56616487c19afe37789678de4f73e2fcdd36c992b4fd50d494f07f47afa7814eb34830a90710db942dfbadf528ebb419e6f99532e2538a9951181c06a808c57333f2ac84085a6c0822ad39156953b5d556ab4b0df01ebe562dfda1692e6354854337d4238760e4f6175776f35dedb6838b22a8e8fcfa90e4c067a00223759934425835c5479c05ab65a11365298c6ade09c765344af7a7459a3bb56af13119ef7d8e1bfe56358ba0e53b499b007d286c6a5eb6b6503b430e9801724ae75ef2a74d60b2b0902eba0e45c383b33cd27bf974fcf87e5aa6005ec73079f86e8f4b670881ed8a4b9e885ce81f2315717231cb1ce6d9beed0852b3df87392c2943c39b488cf45e4c23b27d769aef51fd0aaed361ebd965229429ae22ab9657c7b0ae9d20693c9824a9304a443402f08983723b2064c2125f636ad4a9206dfcdcf76ba073788daa2bf5b3050ccb11015253b5a678dd1854064c018909f03c871286cd96894feaa230fec5c9ac5e01a1584d5c303cfb3924e0f0e603300bf4b80d78721751785bc9e8b9bf1f1062dcc708af01b694730c0e1ab25f032f61a231e00b2fa9ef99d47ad3618466af60e714a09080985367a345e1d6f148ef94be8f8a411a3a2340209fcd24589fadffd31d6daf5d8476dad475edcafb03a477a02012c7ed3c7552c8c77f65e1929416f7ceb60eb70c45f47f3465a2ecc4032d71d8716729674c990a3aea87d8e598ab516234c4c12bcb3aae04e3d4db390215d3b1158c88a21361ee9924845a766adaf9da4e30effb52413d8d84031b67c9e3d2d22af058ae948cbec08915c6fc0d40911e4849b7f0e9dcf8ac8c908e3f81abd4b8a7dcaf0b08dd64d9ee04837a1f82ce8bfbf582aacc52e29ea081d25aba2ca5b149da9c0f796da54035bc8414ffdd011ca4c2925911e7ab3e1c735210382d6884d0cd2234a941f7156887bb81b169770b8496e085553aa7c49892b8b16451c91578f4169850ce72c0d37c69c4d0278b2aa6c5cd099f66871c7d40c4a65dcb281d9a5e0919074d02f79206e39fddaba01c11f37560a4b8ddcaac7ca6f603da8713be26ab7ccd4a81e9ffcffd349b60f2d56af042d1ff4dc9715599d394c5034f5b752e9571e70bf539c0276c0f8b7dea3f329de220fd86c810839085fc9f0cdf494025e321a7e4d368699a97f77c40cb882c0c5f0386edf943455cbc74946e4babc8dbc9a583466dbb610be5007cdd3a45cf3e0d05d971fdd2c256af10f7e142866d18b3a625b5d9963ca992a31409ea0648d0cb178fbc1c2e34bb15bc743b7f05a49f902e356cd9dd140f6205d29f91d734d0785fdc492ebbd886739b12c295fd626a10c572edf08991522c6ad540ddd7c35e5c650f66f22263d42552c0094c6c1a8cc8fd15941e9595f057161fb89511d6597d197be3150aa694bd7813eab9bbce70f6a5c247eabdd5dc269590d8545b74438d5adcb55e21798068509c3ea6d3ac5b393266bedc53b270d4f7d4e5a21d7fcecd4371bb2863e81dace2ea60f3d8092ea187989ea6dbd771ccfb4f68d35eae22b877389eb2897620a6ddebfc74312b18d06331f7c56aab6fc3080e9ea83532a1c16151d5a8a27f2337b03b2be11e19ab770f1aad22125e4bf9c372e57a670bc88e1d811f9028c62ba5e4e451966e09633795fb618f471f8c6aaa4932fc081a6a9c9d6fc78a2226ccff4be2ca4b1d67c20ffa0bb101d69787927c78769b8402e5e530474179eb7e14fdf9bcb7de7d5995b81691b4173bfcffe39ec0654981289fa1c8db16b1c257274969fdcaf7b285286ab646e368e5d8c8c967ba0aff22428af2a70e39526f53b6627cd0379deded2df4f1aba6cbd7169044387828694c987964d998eeda5a93771632c2fd023c7c89e7d59073b2bb6accbc898d8a7c04cb7f8f4540756853587d67d0d5d67b9285599e86c1ba87b2597355413dddd2de216dead0b0fb691b047f03880c5df91e63c813a96c460e68c9ec32c32d266b14bbfccb7496e3bda6a3e44798cf512ebb8deeea36015487fac25e232225b0d9c37b6867be83f4a5d4a3db01fe1994ddc5e4e3101fe4dc82ec2e0ccc7c291d0f1b5b75c7e96c0883c42c4698895dbbfd099db58c0ae621d7b59510b71102a6bd274e25ac48d3ade24cf712bc58da3f6aee21b9cdd734b5f4c5d2ba2c1b088ea12b82fd8846ff759f406c4b64db295008618c524f65940100010000000000ad0f604b4a9204579dc82eab3be30441c49483d96177796db7836f4aeb8d35ea580fd996faa263b8a67e58502744cf7347464b75c125518c2a323d307f12f8a82a31f0d612b37a3b20db0132c1c4f280e4b17e3a5aa0508e8d4e1c8bd977d86eae7b79ed310b846595a9f68575ce1c2420fe74425c8363133cbf951770df9601a3b0dddd456622d4bcdefe1b693b0f1e99e104dc4ccc99b6485e514466e40f9dc2ca1066a64561f58c7e020f65bc07a80b3b29c6d385e2978f1be20f260a0a6fd72209d12cd30d2a76499ee13bf59c629915c78b86bba7a962f502d862bd068ad6488558bd573d9ebfd71b91d2060ee654ac08ee92f893f8004b36c8fec8dc52c5d50a47718397a60deb42f8be79ddef9b2b68f5046023b96fd9c52d8fd9a36a8b45bd237a2952901e7adb9693548bffe20a940100b0e947208c56211a8fffda736a88d56869338bdf9986f492fbe33045171f1dcb045e2006f7f29177fa3c1ae93049f89f34383f69e7e294a20b39d571ebf802d4069cf8185113c242ff5ca7a125caf4d1a2c4d97b9017127f40b56d7c3636377bcb27dd5c66377271aa79edf0780372c71c7c94206362d148eff06d97e02dd87950b2a704f448ee4229e92d131ff62592481bc65536bfc756beda5b9e92b0f7bb62d561b2710cfc055d1a4c3c5c9130f3443e9b4f3798ddda60d69a68"]) 17:53:48 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:48 executing program 2: socket$packet(0x11, 0x0, 0x300) r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/policy\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x12, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r1) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f00000005c0), 0xfffffffffffffefc) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) stat(&(0x7f0000000040)='./file1\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000180)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r7 = getgid() getresgid(&(0x7f00000001c0)=0x0, &(0x7f0000000400), &(0x7f0000000540)) setresgid(r6, r7, r8) getgroups(0x3, &(0x7f0000000540)=[r4, r5, r7]) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000580)={r3}, 0xc) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000100)={0x5, 0xfff8, 0x0, 0x0, 0x800, 0x11, 0x7, 0xd3, r3}, &(0x7f0000000140)=0x20) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000380)={r9, 0x87, "42de2700f039694f0005066599cf5d25b31e2d7555363bf8a008359bd2e962615b06ec234416bfe5543bb35d251bb407626e209e6cbe15c4cdc37ad2275cf3f65e0426e21a564add533dd5d5bc36478955f27e5605b36a50bd91759c08a1ea95536996761b5534a6783478224919a50a8833fe33e2bedd77d6669c523cd0b8e32efe5dff9684e5"}, &(0x7f0000000180)=0x8f) socket$inet6_tcp(0xa, 0x1, 0x0) r10 = syz_open_procfs(0x0, &(0x7f0000000200)='net/igmp\x00') socket(0x800000010, 0x1000000002, 0x0) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) write$binfmt_misc(r0, 0x0, 0x0) ioctl$sock_SIOCDELDLCI(0xffffffffffffffff, 0x8981, 0x0) sendmsg$TIPC_CMD_DISABLE_BEARER(r10, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r11, 0x40086602, 0x400007) r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00\n\x05\xb0\xc3\xffc\x1f$\xb4m\xe1\x01\xfc\xff\xff\xd82R\xaf0\'\xe6\x96\x9f\xa5\xeb]]\'HP\xf8\x9bG\xb3\xfc^\xb6\xe8\x8f\xbf\x9a\xea\x9e\x8a\xb0)N\xcb\xcc\n\xcc\x03\x9ca\x90', 0x7a05, 0x1700) write$cgroup_subtree(r11, &(0x7f0000000040)=ANY=[], 0x0) write$cgroup_pid(r12, &(0x7f0000000000), 0x10000000d) 17:53:48 executing program 0: chdir(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r0 = creat(&(0x7f0000000000)='./file1/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000008b80)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500), 0x1, 0x0, 0x0, 0x100}, 0x4001041) chdir(&(0x7f0000000180)='./file0\x00') socket$bt_cmtp(0x1f, 0x3, 0x5) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r1, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r2, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) r3 = dup(r1) ioctl$sock_inet6_tcp_SIOCOUTQ(r3, 0x5411, &(0x7f0000000080)) ioctl$TUNSETGROUP(0xffffffffffffffff, 0x400454ce, 0x0) link(&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)='./file1\x00') 17:53:48 executing program 5 (fault-call:3 fault-nth:60): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:48 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) membarrier(0x8, 0x0) [ 3530.802777] FAULT_INJECTION: forcing a failure. [ 3530.802777] name failslab, interval 1, probability 0, space 0, times 0 [ 3530.819279] CPU: 0 PID: 27077 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3530.826328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3530.835685] Call Trace: [ 3530.838281] dump_stack+0x142/0x197 [ 3530.841923] should_fail.cold+0x10f/0x159 [ 3530.847120] should_failslab+0xdb/0x130 [ 3530.851099] __kmalloc_track_caller+0x2ec/0x790 [ 3530.855771] ? unwind_get_return_address+0x61/0xa0 [ 3530.860705] ? __save_stack_trace+0x7b/0xd0 [ 3530.865028] ? btrfs_parse_early_options+0xa3/0x310 [ 3530.870047] kstrdup+0x3a/0x70 [ 3530.873241] btrfs_parse_early_options+0xa3/0x310 [ 3530.878083] ? save_trace+0x290/0x290 [ 3530.881879] ? btrfs_freeze+0xc0/0xc0 [ 3530.881889] ? find_next_bit+0x28/0x30 [ 3530.881907] ? pcpu_alloc+0xcf0/0x1050 [ 3530.889565] ? find_held_lock+0x35/0x130 [ 3530.897470] ? pcpu_alloc+0xcf0/0x1050 [ 3530.897485] btrfs_mount+0x11d/0x2b28 [ 3530.905132] ? lock_downgrade+0x740/0x740 [ 3530.905141] ? find_held_lock+0x35/0x130 [ 3530.905150] ? pcpu_alloc+0x3af/0x1050 [ 3530.917197] ? _find_next_bit+0xee/0x120 [ 3530.921257] ? check_preemption_disabled+0x3c/0x250 [ 3530.926274] ? btrfs_remount+0x11f0/0x11f0 [ 3530.930512] ? rcu_read_lock_sched_held+0x110/0x130 [ 3530.935537] ? __lockdep_init_map+0x10c/0x570 [ 3530.940030] ? __lockdep_init_map+0x10c/0x570 [ 3530.944529] mount_fs+0x97/0x2a1 [ 3530.947896] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3530.952389] ? find_held_lock+0x35/0x130 [ 3530.956454] vfs_kern_mount+0x40/0x60 [ 3530.960262] btrfs_mount+0x3ce/0x2b28 [ 3530.964062] ? lock_downgrade+0x740/0x740 [ 3530.968203] ? find_held_lock+0x35/0x130 [ 3530.972264] ? pcpu_alloc+0x3af/0x1050 [ 3530.976158] ? btrfs_remount+0x11f0/0x11f0 [ 3530.980398] ? rcu_read_lock_sched_held+0x110/0x130 [ 3530.985429] ? __lockdep_init_map+0x10c/0x570 [ 3530.989933] ? __lockdep_init_map+0x10c/0x570 [ 3530.994435] mount_fs+0x97/0x2a1 [ 3530.997802] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3531.002298] do_mount+0x417/0x27d0 [ 3531.005834] ? copy_mount_options+0x5c/0x2f0 [ 3531.010248] ? rcu_read_lock_sched_held+0x110/0x130 [ 3531.015271] ? copy_mount_string+0x40/0x40 [ 3531.019513] ? copy_mount_options+0x1fe/0x2f0 [ 3531.024014] SyS_mount+0xab/0x120 [ 3531.027466] ? copy_mnt_ns+0x8c0/0x8c0 [ 3531.031350] do_syscall_64+0x1e8/0x640 [ 3531.035223] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3531.040062] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3531.045230] RIP: 0033:0x45d08a 17:53:48 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x5, &(0x7f0000000000)) mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) poll(0x0, 0x0, 0x0) r0 = socket$key(0xf, 0x3, 0x2) mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='dax\x00', 0x4400, &(0x7f0000000180)='vboxnet0\x00') sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="0203000312000000000000000000000005000600000000000a000000380e000000000000000000000000ffffac1e0001000000000000000004000900a000000000000000020d6bfded2342273716fbaa28f7be830000000002000100000000000000000d0000000005000500000000000a00000000000000fe8000000000000000000000000000000000000000000000dd85c10ed21ce87ce1dac792a099f5615ab86ae6a3cff497ac2843cf7bd76b3b7b0f0df6f4e7da00154ef0fdebe86cb37d649b746d2447f6fd497b053e6acb85656b8e35ad24c5284a93d631415d3f5a0afbabc83d645b030b649c20cd3d60bd3775022b6792f4698af32cca43639b88699c7a9ba8386fd6b701a02e5f7c0aaf4206f89ec388530bf592544d9dfe10a8b97516bc271e38ac52dd5d991a990810cd4c7aff57d4d00acf9ce7692ca01aab49b5a28c4efd1c0e1514abb65f922ab91351d7081c780115d8fa83f2c858604ca80f25e1fcbefcb9b7f5f7ec2d8365bcb25d0a2bcf911e6934707aefc9e41ff00aa685220bd429912d2c211ccfe158ba6fec34dd2315a48084ad2292631b9f07d7142ca694c4fc9ea1b687fdda62c3aa7d856cb8a3c81d5612e59ce9abf837fda9f0515f3a1f186e76d6c8d01398a137769b18f2c4f770cc3b1e54055acf28d88771cddd09d6721b81fd7679696a59cb8a168bc4ffb7543c4f77f8e1d0cec188f03f45698b170db21dbcf3f1946011c55fc4d26173602be57f3e84c28d8c60f8ebe74f6786786e8d7c5a701dd1"], 0x90}}, 0x0) 17:53:49 executing program 2: socket$packet(0x11, 0x0, 0x300) r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/policy\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x12, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r1) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f00000005c0), 0xfffffffffffffefc) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) stat(&(0x7f0000000040)='./file1\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000180)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r7 = getgid() getresgid(&(0x7f00000001c0)=0x0, &(0x7f0000000400), &(0x7f0000000540)) setresgid(r6, r7, r8) getgroups(0x3, &(0x7f0000000540)=[r4, r5, r7]) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000580)={r3}, 0xc) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000100)={0x5, 0xfff8, 0x0, 0x0, 0x800, 0x11, 0x7, 0xd3, r3}, &(0x7f0000000140)=0x20) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000380)={r9, 0x87, "42de2700f039694f0005066599cf5d25b31e2d7555363bf8a008359bd2e962615b06ec234416bfe5543bb35d251bb407626e209e6cbe15c4cdc37ad2275cf3f65e0426e21a564add533dd5d5bc36478955f27e5605b36a50bd91759c08a1ea95536996761b5534a6783478224919a50a8833fe33e2bedd77d6669c523cd0b8e32efe5dff9684e5"}, &(0x7f0000000180)=0x8f) socket$inet6_tcp(0xa, 0x1, 0x0) r10 = syz_open_procfs(0x0, &(0x7f0000000200)='net/igmp\x00') socket(0x800000010, 0x1000000002, 0x0) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) write$binfmt_misc(r0, 0x0, 0x0) ioctl$sock_SIOCDELDLCI(0xffffffffffffffff, 0x8981, 0x0) sendmsg$TIPC_CMD_DISABLE_BEARER(r10, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r11, 0x40086602, 0x400007) r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00\n\x05\xb0\xc3\xffc\x1f$\xb4m\xe1\x01\xfc\xff\xff\xd82R\xaf0\'\xe6\x96\x9f\xa5\xeb]]\'HP\xf8\x9bG\xb3\xfc^\xb6\xe8\x8f\xbf\x9a\xea\x9e\x8a\xb0)N\xcb\xcc\n\xcc\x03\x9ca\x90', 0x7a05, 0x1700) write$cgroup_subtree(r11, &(0x7f0000000040)=ANY=[], 0x0) write$cgroup_pid(r12, &(0x7f0000000000), 0x10000000d) [ 3531.048408] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 3531.056106] RAX: ffffffffffffffda RBX: 00007f1d3bb83b40 RCX: 000000000045d08a [ 3531.063367] RDX: 00007f1d3bb83ae0 RSI: 0000000020000100 RDI: 00007f1d3bb83b00 [ 3531.070633] RBP: 0000000000000001 R08: 00007f1d3bb83b40 R09: 00007f1d3bb83ae0 [ 3531.077885] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 3531.085138] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:49 executing program 5 (fault-call:3 fault-nth:61): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3531.231037] FAULT_INJECTION: forcing a failure. [ 3531.231037] name failslab, interval 1, probability 0, space 0, times 0 [ 3531.277665] CPU: 1 PID: 27093 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3531.284717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3531.294073] Call Trace: [ 3531.296665] dump_stack+0x142/0x197 [ 3531.300305] should_fail.cold+0x10f/0x159 [ 3531.304461] should_failslab+0xdb/0x130 [ 3531.308440] __kmalloc+0x2f0/0x7a0 [ 3531.311980] ? match_token+0x22b/0x480 [ 3531.315869] ? match_strdup+0x5f/0xa0 [ 3531.319773] match_strdup+0x5f/0xa0 [ 3531.323409] btrfs_parse_early_options+0x241/0x310 [ 3531.328344] ? btrfs_freeze+0xc0/0xc0 [ 3531.332145] ? find_next_bit+0x28/0x30 [ 3531.336031] ? pcpu_alloc+0xcf0/0x1050 [ 3531.339918] ? pcpu_alloc+0xcf0/0x1050 [ 3531.343808] btrfs_mount+0x11d/0x2b28 [ 3531.347601] ? lock_downgrade+0x740/0x740 [ 3531.351731] ? find_held_lock+0x35/0x130 [ 3531.355772] ? pcpu_alloc+0x3af/0x1050 [ 3531.359642] ? _find_next_bit+0xee/0x120 [ 3531.363684] ? check_preemption_disabled+0x3c/0x250 [ 3531.368682] ? btrfs_remount+0x11f0/0x11f0 [ 3531.372907] ? rcu_read_lock_sched_held+0x110/0x130 [ 3531.377908] ? __lockdep_init_map+0x10c/0x570 [ 3531.382385] ? __lockdep_init_map+0x10c/0x570 [ 3531.386863] mount_fs+0x97/0x2a1 [ 3531.390215] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3531.394690] ? find_held_lock+0x35/0x130 [ 3531.398732] vfs_kern_mount+0x40/0x60 [ 3531.402520] btrfs_mount+0x3ce/0x2b28 [ 3531.406307] ? lock_downgrade+0x740/0x740 [ 3531.410563] ? find_held_lock+0x35/0x130 [ 3531.414613] ? pcpu_alloc+0x3af/0x1050 [ 3531.418496] ? btrfs_remount+0x11f0/0x11f0 [ 3531.422716] ? rcu_read_lock_sched_held+0x110/0x130 [ 3531.427722] ? __lockdep_init_map+0x10c/0x570 [ 3531.432210] ? __lockdep_init_map+0x10c/0x570 [ 3531.436693] mount_fs+0x97/0x2a1 [ 3531.440055] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3531.444542] do_mount+0x417/0x27d0 [ 3531.448097] ? copy_mount_options+0x5c/0x2f0 [ 3531.452484] ? rcu_read_lock_sched_held+0x110/0x130 [ 3531.457481] ? copy_mount_string+0x40/0x40 [ 3531.461699] ? copy_mount_options+0x1fe/0x2f0 [ 3531.466175] SyS_mount+0xab/0x120 [ 3531.469606] ? copy_mnt_ns+0x8c0/0x8c0 [ 3531.473560] do_syscall_64+0x1e8/0x640 [ 3531.477426] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3531.482252] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3531.487422] RIP: 0033:0x45d08a [ 3531.490613] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 3531.498311] RAX: ffffffffffffffda RBX: 00007f1d3bb83b40 RCX: 000000000045d08a [ 3531.505580] RDX: 00007f1d3bb83ae0 RSI: 0000000020000100 RDI: 00007f1d3bb83b00 [ 3531.512829] RBP: 0000000000000001 R08: 00007f1d3bb83b40 R09: 00007f1d3bb83ae0 [ 3531.520081] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 17:53:49 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x7ee7}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x2, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000100)=0x14, 0x800) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r1, 0x89e1, 0x0) r2 = accept4$packet(r1, &(0x7f0000007c40)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000007c80)=0x14, 0x800) recvmmsg(r2, &(0x7f0000007880), 0xa, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r5 = add_key(&(0x7f0000000140)='blacklist\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffa) keyctl$instantiate_iov(0x14, r5, &(0x7f0000000a80)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {&(0x7f0000000240)}], 0x6, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r6 = creat(&(0x7f0000000140)='./bus\x00', 0x0) syncfs(r6) ioctl$FS_IOC_ENABLE_VERITY(r6, 0x40806685, 0x0) 17:53:49 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) [ 3531.527348] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000005 17:53:49 executing program 5 (fault-call:3 fault-nth:62): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3531.636297] FAULT_INJECTION: forcing a failure. [ 3531.636297] name failslab, interval 1, probability 0, space 0, times 0 [ 3531.648242] CPU: 0 PID: 27108 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3531.655285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3531.664638] Call Trace: [ 3531.667233] dump_stack+0x142/0x197 [ 3531.670876] should_fail.cold+0x10f/0x159 [ 3531.675036] should_failslab+0xdb/0x130 [ 3531.679006] __kmalloc+0x2f0/0x7a0 [ 3531.682528] ? match_token+0x22b/0x480 [ 3531.686398] ? match_strdup+0x5f/0xa0 [ 3531.690180] match_strdup+0x5f/0xa0 [ 3531.693802] btrfs_parse_early_options+0x241/0x310 [ 3531.698734] ? btrfs_freeze+0xc0/0xc0 [ 3531.698745] ? find_next_bit+0x28/0x30 [ 3531.698756] ? pcpu_alloc+0xcf0/0x1050 [ 3531.698767] ? pcpu_alloc+0xcf0/0x1050 [ 3531.706435] btrfs_mount+0x11d/0x2b28 [ 3531.706448] ? lock_downgrade+0x740/0x740 [ 3531.714190] ? find_held_lock+0x35/0x130 [ 3531.714200] ? pcpu_alloc+0x3af/0x1050 [ 3531.714212] ? _find_next_bit+0xee/0x120 [ 3531.722117] ? check_preemption_disabled+0x3c/0x250 [ 3531.722129] ? btrfs_remount+0x11f0/0x11f0 [ 3531.722143] ? rcu_read_lock_sched_held+0x110/0x130 [ 3531.722162] ? __lockdep_init_map+0x10c/0x570 [ 3531.730063] ? __lockdep_init_map+0x10c/0x570 [ 3531.730079] mount_fs+0x97/0x2a1 [ 3531.730094] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3531.765398] ? find_held_lock+0x35/0x130 [ 3531.769453] vfs_kern_mount+0x40/0x60 [ 3531.773244] btrfs_mount+0x3ce/0x2b28 [ 3531.777025] ? lock_downgrade+0x740/0x740 [ 3531.781172] ? find_held_lock+0x35/0x130 [ 3531.785217] ? pcpu_alloc+0x3af/0x1050 [ 3531.789089] ? btrfs_remount+0x11f0/0x11f0 [ 3531.793316] ? rcu_read_lock_sched_held+0x110/0x130 [ 3531.798320] ? __lockdep_init_map+0x10c/0x570 [ 3531.802798] ? __lockdep_init_map+0x10c/0x570 [ 3531.807282] mount_fs+0x97/0x2a1 [ 3531.810631] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3531.815113] do_mount+0x417/0x27d0 [ 3531.818632] ? retint_kernel+0x2d/0x2d [ 3531.822503] ? copy_mount_string+0x40/0x40 [ 3531.826731] ? copy_mount_options+0x199/0x2f0 [ 3531.831223] ? copy_mount_options+0x1fe/0x2f0 [ 3531.835793] SyS_mount+0xab/0x120 [ 3531.839248] ? copy_mnt_ns+0x8c0/0x8c0 [ 3531.843133] do_syscall_64+0x1e8/0x640 [ 3531.847019] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3531.851844] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3531.857012] RIP: 0033:0x45d08a [ 3531.860179] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 3531.867866] RAX: ffffffffffffffda RBX: 00007f1d3bb83b40 RCX: 000000000045d08a [ 3531.875145] RDX: 00007f1d3bb83ae0 RSI: 0000000020000100 RDI: 00007f1d3bb83b00 [ 3531.882407] RBP: 0000000000000001 R08: 00007f1d3bb83b40 R09: 00007f1d3bb83ae0 [ 3531.889662] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 3531.896912] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:51 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0xa0700, 0x0) write$UHID_CREATE(r0, &(0x7f0000000380)={0x0, 'syz1\x00', 'syz1\x00', 'syz1\x00', &(0x7f0000000100)=""/175, 0xaf, 0x3f, 0x422, 0x1, 0x2, 0x2}, 0x120) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 17:53:51 executing program 5 (fault-call:3 fault-nth:63): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:51 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x5, &(0x7f0000000000)) mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) poll(0x0, 0x0, 0x0) r0 = socket$key(0xf, 0x3, 0x2) mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='dax\x00', 0x4400, &(0x7f0000000180)='vboxnet0\x00') sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="0203000312000000000000000000000005000600000000000a000000380e000000000000000000000000ffffac1e0001000000000000000004000900a000000000000000020d6bfded2342273716fbaa28f7be830000000002000100000000000000000d0000000005000500000000000a00000000000000fe8000000000000000000000000000000000000000000000dd85c10ed21ce87ce1dac792a099f5615ab86ae6a3cff497ac2843cf7bd76b3b7b0f0df6f4e7da00154ef0fdebe86cb37d649b746d2447f6fd497b053e6acb85656b8e35ad24c5284a93d631415d3f5a0afbabc83d645b030b649c20cd3d60bd3775022b6792f4698af32cca43639b88699c7a9ba8386fd6b701a02e5f7c0aaf4206f89ec388530bf592544d9dfe10a8b97516bc271e38ac52dd5d991a990810cd4c7aff57d4d00acf9ce7692ca01aab49b5a28c4efd1c0e1514abb65f922ab91351d7081c780115d8fa83f2c858604ca80f25e1fcbefcb9b7f5f7ec2d8365bcb25d0a2bcf911e6934707aefc9e41ff00aa685220bd429912d2c211ccfe158ba6fec34dd2315a48084ad2292631b9f07d7142ca694c4fc9ea1b687fdda62c3aa7d856cb8a3c81d5612e59ce9abf837fda9f0515f3a1f186e76d6c8d01398a137769b18f2c4f770cc3b1e54055acf28d88771cddd09d6721b81fd7679696a59cb8a168bc4ffb7543c4f77f8e1d0cec188f03f45698b170db21dbcf3f1946011c55fc4d26173602be57f3e84c28d8c60f8ebe74f6786786e8d7c5a701dd1"], 0x90}}, 0x0) 17:53:51 executing program 2: r0 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x1, 0x240c00) write$P9_RSTAT(r0, &(0x7f0000000040)={0x6e, 0x7d, 0x2, {0x0, 0x67, 0x7550, 0x2, {0x20, 0x4, 0x2}, 0x8000000, 0x0, 0x7, 0x2, 0x0, '', 0x19, 'cpuset-)posix_acl_access+', 0x0, '', 0x1b, 'ppp0}vboxnet0ppp1ppp0vmnet1'}}, 0x6e) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8242d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$CAPI_GET_MANUFACTURER(r0, 0xc0044306, 0xfffffffffffffffe) close(r3) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r4, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r5, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) ioctl$TUNSETNOCSUM(r0, 0x400454c8, 0x0) fsetxattr$trusted_overlay_nlink(r4, &(0x7f00000000c0)='trusted.overlay.nlink\x00', &(0x7f0000000100)={'L-', 0x7}, 0x28, 0x0) 17:53:51 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:51 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ioctl$KVM_SET_BOOT_CPU_ID(r3, 0xae78, &(0x7f0000000080)=0x2000000002) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) futimesat(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)={{0x0, 0x7530}, {0x77359400}}) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 3533.828267] FAULT_INJECTION: forcing a failure. [ 3533.828267] name failslab, interval 1, probability 0, space 0, times 0 [ 3533.879686] CPU: 0 PID: 27127 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3533.886783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3533.896155] Call Trace: [ 3533.898769] dump_stack+0x142/0x197 [ 3533.902439] should_fail.cold+0x10f/0x159 [ 3533.906633] should_failslab+0xdb/0x130 [ 3533.910638] kmem_cache_alloc_trace+0x2e9/0x790 [ 3533.915346] selinux_parse_opts_str+0x42c/0xa30 [ 3533.920066] ? selinux_sb_show_options+0xd50/0xd50 [ 3533.925031] ? free_pages+0x46/0x50 17:53:51 executing program 2: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfa\x81\x00\x00\x00\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7.\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x1) r2 = add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f0000000480)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) add_key(&(0x7f0000000240)='rxrpc_s\x00', 0x0, &(0x7f00000002c0)="d32c72c61c59ec22", 0x8, r2) add_key$keyring(0x0, 0x0, 0x0, 0x0, r2) add_key(0x0, &(0x7f0000000200)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc) r3 = dup2(r1, r0) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = fcntl$dupfd(r5, 0x0, r4) ioctl$TIOCLINUX6(0xffffffffffffffff, 0x541c, 0x0) r7 = syz_open_dev$admmidi(0x0, 0x0, 0x0) ioctl$NBD_DO_IT(0xffffffffffffffff, 0xab03) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r8 = openat$cgroup_ro(r7, &(0x7f0000000140)='pids.current\x00', 0x0, 0x0) sendto$inet6(r8, &(0x7f0000000180)="107f", 0x2, 0x40, &(0x7f00000001c0)={0xa, 0x4e24, 0x7, @loopback, 0x80}, 0x1c) r9 = openat$zero(0xffffffffffffff9c, &(0x7f0000000340)='/dev/zero\x00', 0x801, 0x0) r10 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r10, 0x89e1, 0x0) accept$packet(r10, 0x0, &(0x7f0000000380)) setsockopt$l2tp_PPPOL2TP_SO_LNSMODE(r9, 0x111, 0x4, 0x1, 0x4) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00'}) r11 = accept4$inet(r3, &(0x7f0000000000)={0x2, 0x0, @empty}, &(0x7f0000000040)=0x10, 0x0) setsockopt$SO_TIMESTAMPING(r11, 0x1, 0x25, &(0x7f00000000c0)=0x22, 0x4) write$sndseq(r0, 0x0, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000440)=ANY=[@ANYBLOB="0b00000073797a31000000007f000000000000000005000000000000000000000000000000000000000000000000000038fc592501623b45e5d6c85d43040000000b8853030000fe000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000073797a30000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000100"/280], 0x118) [ 3533.928683] ? selinux_sb_copy_data+0x21e/0x390 [ 3533.933384] security_sb_parse_opts_str+0x75/0xb0 [ 3533.938256] parse_security_options+0x4e/0xa0 [ 3533.942782] btrfs_mount+0x2bb/0x2b28 [ 3533.946616] ? lock_downgrade+0x740/0x740 [ 3533.950799] ? find_held_lock+0x35/0x130 [ 3533.955014] ? pcpu_alloc+0x3af/0x1050 [ 3533.958939] ? btrfs_remount+0x11f0/0x11f0 [ 3533.963203] ? rcu_read_lock_sched_held+0x110/0x130 [ 3533.968256] ? __lockdep_init_map+0x10c/0x570 [ 3533.973217] mount_fs+0x97/0x2a1 17:53:51 executing program 2: mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='efivarfs\x00', 0x408, &(0x7f0000000100)='\x00') r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$DRM_IOCTL_AGP_RELEASE(0xffffffffffffffff, 0x6431) ioctl$SIOCAX25ADDUID(r0, 0x89e1, 0x0) ioctl$EVIOCGNAME(r0, 0x80404506, &(0x7f0000000140)=""/24) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/procosys/net/mpv4Rvs/lblc_expirafion\x00', 0x2, 0x0) sendfile(r1, r1, 0x0, 0xc8e) ioctl$sock_inet_udp_SIOCINQ(r0, 0x541b, &(0x7f0000000180)) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r2, 0x89e1, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r2, 0x28, 0x0, &(0x7f0000000000)=0x9, 0x8) ioctl$DRM_IOCTL_SET_MASTER(r1, 0x641e) [ 3533.973235] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3533.981157] ? find_held_lock+0x35/0x130 [ 3533.981176] vfs_kern_mount+0x40/0x60 [ 3533.981192] btrfs_mount+0x3ce/0x2b28 [ 3533.981200] ? lock_downgrade+0x740/0x740 [ 3533.981207] ? find_held_lock+0x35/0x130 [ 3533.981217] ? pcpu_alloc+0x3af/0x1050 [ 3533.981231] ? btrfs_remount+0x11f0/0x11f0 [ 3533.981245] ? rcu_read_lock_sched_held+0x110/0x130 [ 3533.981263] ? __lockdep_init_map+0x10c/0x570 [ 3533.989281] ? __lockdep_init_map+0x10c/0x570 [ 3533.997329] mount_fs+0x97/0x2a1 17:53:51 executing program 2: sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040), 0x3) mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x0, 0x11, 0xffffffffffffffff, 0x0) syz_open_dev$amidi(0x0, 0x0, 0x0) r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r0, 0x89e1, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2020}, 0xc, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="2c0100003000000428bd7000fddbdf2500000000d4000100d0fb04000000080001006e6174002c000200280001000300000020000000aaa5201e0900000005000000ac1414aa00000000ffffffff0100000094000600c19cb4422b4ba46c3264d864f5887e0642c65bc45f4c250411f76391c2d7fde3a2c1649c8223b9ab879e85870ed52830c58ae99a8df3a0a8fa83e3afd609782921a432956ce52215da481a5ce89a86549e52ad1495327417e70560b00d1bf3b40afeff01624b8a964e4e0c487cbd98b755d84bf48562cbb6cf18201981a79c6a736d5f806fb7cb1d51775cb4200000000000440001004000200000000c0001006761637400000000100002000c0003000500001d000000001c000600c9169ef2baae36afc5f920369aa3af6708192dfecb2500000000"], 0x12c}, 0x1, 0x0, 0x0, 0x8840}, 0x800) add_key$user(0x0, &(0x7f0000000000)={'syz'}, 0x0, 0x0, 0xfffffffffffffffe) add_key$user(0x0, &(0x7f0000000540)={'syz'}, 0x0, 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x9, 0x8d}, 0x0) r1 = getpid() sched_setattr(r1, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@remote, @empty, @loopback}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, 0x0) rt_sigaction(0x0, 0x0, 0x0, 0x0, 0x0) [ 3534.005402] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3534.032692] do_mount+0x417/0x27d0 [ 3534.036255] ? retint_kernel+0x2d/0x2d [ 3534.040157] ? copy_mount_string+0x40/0x40 [ 3534.044399] ? __sanitizer_cov_trace_pc+0x1d/0x60 [ 3534.049250] ? copy_mount_options+0x1fe/0x2f0 [ 3534.053748] SyS_mount+0xab/0x120 [ 3534.057200] ? copy_mnt_ns+0x8c0/0x8c0 [ 3534.061094] do_syscall_64+0x1e8/0x640 [ 3534.064985] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3534.069825] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3534.075009] RIP: 0033:0x45d08a [ 3534.078185] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 3534.085885] RAX: ffffffffffffffda RBX: 00007f1d3bb83b40 RCX: 000000000045d08a [ 3534.093147] RDX: 00007f1d3bb83ae0 RSI: 0000000020000100 RDI: 00007f1d3bb83b00 [ 3534.100398] RBP: 0000000000000001 R08: 00007f1d3bb83b40 R09: 00007f1d3bb83ae0 [ 3534.107651] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 3534.114964] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:52 executing program 5 (fault-call:3 fault-nth:64): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3534.198423] FAULT_INJECTION: forcing a failure. [ 3534.198423] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3534.218117] CPU: 0 PID: 27162 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3534.225174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3534.234538] Call Trace: [ 3534.237129] dump_stack+0x142/0x197 [ 3534.240759] should_fail.cold+0x10f/0x159 [ 3534.244909] ? __might_sleep+0x93/0xb0 [ 3534.244928] __alloc_pages_nodemask+0x1d6/0x7a0 [ 3534.244942] ? check_preemption_disabled+0x3c/0x250 [ 3534.253741] ? __alloc_pages_slowpath+0x2930/0x2930 [ 3534.253753] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 3534.253764] ? __alloc_pages_nodemask+0x639/0x7a0 [ 3534.253779] alloc_pages_current+0xec/0x1e0 [ 3534.253793] ? btrfs_parse_early_options+0x1a2/0x310 [ 3534.253806] __get_free_pages+0xf/0x40 [ 3534.253814] get_zeroed_page+0x11/0x20 [ 3534.253826] selinux_sb_copy_data+0x2a/0x390 [ 3534.253842] security_sb_copy_data+0x75/0xb0 [ 3534.253853] parse_security_options+0x37/0xa0 [ 3534.253864] btrfs_mount+0x2bb/0x2b28 [ 3534.253875] ? lock_downgrade+0x740/0x740 [ 3534.253883] ? find_held_lock+0x35/0x130 [ 3534.253895] ? pcpu_alloc+0x3af/0x1050 [ 3534.253916] ? btrfs_remount+0x11f0/0x11f0 [ 3534.263940] ? rcu_read_lock_sched_held+0x110/0x130 [ 3534.263961] ? __lockdep_init_map+0x10c/0x570 [ 3534.263980] mount_fs+0x97/0x2a1 [ 3534.274236] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3534.274245] ? find_held_lock+0x35/0x130 [ 3534.274257] vfs_kern_mount+0x40/0x60 [ 3534.274272] btrfs_mount+0x3ce/0x2b28 [ 3534.274281] ? lock_downgrade+0x740/0x740 [ 3534.274288] ? find_held_lock+0x35/0x130 [ 3534.274299] ? pcpu_alloc+0x3af/0x1050 [ 3534.283803] ? btrfs_remount+0x11f0/0x11f0 [ 3534.283821] ? rcu_read_lock_sched_held+0x110/0x130 [ 3534.283840] ? __lockdep_init_map+0x10c/0x570 [ 3534.291575] ? __lockdep_init_map+0x10c/0x570 [ 3534.291590] mount_fs+0x97/0x2a1 [ 3534.291604] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3534.291616] do_mount+0x417/0x27d0 17:53:52 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r2 = syz_open_dev$vcsn(&(0x7f00000001c0)='/dev/vcs#\x00', 0x2, 0x240) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000200)=0x3d) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r3, 0x89e1, 0x0) r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x2000, 0x0) ioctl$SIOCAX25ADDUID(r4, 0x89e1, 0x0) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3) syz_open_dev$vbi(0x0, 0x1, 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x4, 0x10000) r8 = dup(r7) r9 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r9, 0x89e1, 0x0) r10 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000100)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_QBUF(r10, 0xc058560f, &(0x7f0000000140)={0x10001, 0x72454c56389ed15, 0x4, 0x2, {}, {0x4, 0x8, 0x5, 0x4, 0x1, 0x6, "1e7d1a4c"}, 0x9, 0x1, @userptr=0x1000, 0x4}) ioctl$PPPIOCSMAXCID(r9, 0x40047451, &(0x7f0000000080)=0x1f) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) r11 = dup3(r0, r1, 0x0) dup2(r11, r6) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) [ 3534.291623] ? copy_mount_options+0x5c/0x2f0 [ 3534.291631] ? rcu_read_lock_sched_held+0x110/0x130 [ 3534.291642] ? copy_mount_string+0x40/0x40 [ 3534.300429] ? copy_mount_options+0x1fe/0x2f0 [ 3534.300443] SyS_mount+0xab/0x120 [ 3534.300450] ? copy_mnt_ns+0x8c0/0x8c0 [ 3534.300462] do_syscall_64+0x1e8/0x640 [ 3534.300470] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3534.300485] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3534.308742] RIP: 0033:0x45d08a [ 3534.308748] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 17:53:52 executing program 5 (fault-call:3 fault-nth:65): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3534.308759] RAX: ffffffffffffffda RBX: 00007f1d3bb83b40 RCX: 000000000045d08a [ 3534.308765] RDX: 00007f1d3bb83ae0 RSI: 0000000020000100 RDI: 00007f1d3bb83b00 [ 3534.308770] RBP: 0000000000000001 R08: 00007f1d3bb83b40 R09: 00007f1d3bb83ae0 [ 3534.308777] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 3534.316945] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 3534.563565] FAULT_INJECTION: forcing a failure. [ 3534.563565] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3534.575427] CPU: 0 PID: 27177 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3534.582441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3534.591787] Call Trace: [ 3534.594425] dump_stack+0x142/0x197 [ 3534.598045] should_fail.cold+0x10f/0x159 [ 3534.602189] __alloc_pages_nodemask+0x1d6/0x7a0 [ 3534.606843] ? __alloc_pages_slowpath+0x2930/0x2930 [ 3534.611847] cache_grow_begin+0x80/0x400 [ 3534.615894] kmem_cache_alloc+0x6a6/0x780 [ 3534.620031] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3534.625126] getname_kernel+0x53/0x350 [ 3534.629053] kern_path+0x20/0x40 [ 3534.632411] lookup_bdev.part.0+0x63/0x160 [ 3534.636635] ? blkdev_open+0x260/0x260 [ 3534.640506] ? free_hot_cold_page+0x763/0xca0 [ 3534.644982] blkdev_get_by_path+0x76/0xf0 [ 3534.649130] btrfs_scan_one_device+0x97/0x400 [ 3534.653656] ? device_list_add+0x8d0/0x8d0 [ 3534.657871] ? __free_pages+0x54/0x90 [ 3534.661651] ? free_pages+0x46/0x50 [ 3534.665265] btrfs_mount+0x2e3/0x2b28 [ 3534.669059] ? lock_downgrade+0x740/0x740 [ 3534.673195] ? find_held_lock+0x35/0x130 [ 3534.677237] ? pcpu_alloc+0x3af/0x1050 [ 3534.681147] ? btrfs_remount+0x11f0/0x11f0 [ 3534.685366] ? rcu_read_lock_sched_held+0x110/0x130 [ 3534.690368] ? __lockdep_init_map+0x10c/0x570 [ 3534.694850] mount_fs+0x97/0x2a1 [ 3534.698203] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3534.702679] ? find_held_lock+0x35/0x130 [ 3534.706723] vfs_kern_mount+0x40/0x60 [ 3534.710518] btrfs_mount+0x3ce/0x2b28 [ 3534.714299] ? lock_downgrade+0x740/0x740 [ 3534.718427] ? find_held_lock+0x35/0x130 [ 3534.722473] ? pcpu_alloc+0x3af/0x1050 [ 3534.726355] ? btrfs_remount+0x11f0/0x11f0 [ 3534.730572] ? rcu_read_lock_sched_held+0x110/0x130 [ 3534.735577] ? __lockdep_init_map+0x10c/0x570 [ 3534.740063] ? __lockdep_init_map+0x10c/0x570 [ 3534.744539] mount_fs+0x97/0x2a1 [ 3534.747906] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3534.752384] do_mount+0x417/0x27d0 [ 3534.756025] ? copy_mount_options+0x5c/0x2f0 [ 3534.760427] ? rcu_read_lock_sched_held+0x110/0x130 [ 3534.765540] ? copy_mount_string+0x40/0x40 [ 3534.770134] ? copy_mount_options+0x1fe/0x2f0 [ 3534.775487] SyS_mount+0xab/0x120 [ 3534.779007] ? copy_mnt_ns+0x8c0/0x8c0 [ 3534.782910] do_syscall_64+0x1e8/0x640 [ 3534.786794] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3534.791659] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3534.796866] RIP: 0033:0x45d08a [ 3534.800040] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 3534.808064] RAX: ffffffffffffffda RBX: 00007f1d3bb83b40 RCX: 000000000045d08a [ 3534.815321] RDX: 00007f1d3bb83ae0 RSI: 0000000020000100 RDI: 00007f1d3bb83b00 [ 3534.822952] RBP: 0000000000000001 R08: 00007f1d3bb83b40 R09: 00007f1d3bb83ae0 [ 3534.830665] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 3534.838245] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:54 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:54 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000003740)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0x14, 0x2, [@IFLA_BOND_ARP_VALIDATE={0x8, 0x9, 0x2}, @IFLA_BOND_MIIMON={0x8, 0x3, 0xa4}]}}}]}, 0x44}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') r5 = accept4$x25(r1, &(0x7f0000000180), &(0x7f00000001c0)=0x12, 0x80000) write(r5, &(0x7f0000000200)="33cf79b458d8c8acff19c5ef004688078921a2a425e7172af460af29167d6b26be813ab2d4692d1b6d0f2254dab3e331e68e1abd3bc3d90afa9579dffa48b5d5aeb970cacd6eba3a59b8d5461dbbaf6d47a2ab0b08e560f4b802289049d57697846177a5d42cb1b8101561df8fb24635c94a04ca35c768abea195fed9d29da9d3516a92b4194698f02a00ebdae686994dcb7685c35ac7a0e3ae3cdfc90057dfbb8afe4e6c305ca8470b5337b8473edae92c617ef02e64cc9f6e33ef6047c39", 0xbf) sendmsg$TIPC_NL_MON_PEER_GET(r3, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r4, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000140)={0xffffffffffffffff, r6, 0xb, 0x1}, 0x10) flock(r3, 0x1) 17:53:54 executing program 2: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bind(0xffffffffffffffff, &(0x7f0000000140)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r0 = creat(&(0x7f0000000040)='./file1\x00', 0x40) ioctl$KVM_REINJECT_CONTROL(r0, 0xae71, &(0x7f0000000100)={0xff}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4108, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xf1c6}, 0x5010, 0x3, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x4, 0x0, [0x200008c0, 0x0, 0x0, 0x20000afc, 0x20000b2c], 0x0, 0x0}, 0x78) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) r1 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r1, 0x7, &(0x7f0000027000)={0x1}) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0) r2 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) getsockopt$inet_mreqn(r4, 0x0, 0x0, 0x0, 0x0) 17:53:54 executing program 5 (fault-call:3 fault-nth:66): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:54 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r4, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r5, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) fcntl$getown(r4, 0x9) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:53:54 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-co\xeetrol\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r1, 0x89e1, 0x0) ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000000380)=""/4096) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 3536.896462] FAULT_INJECTION: forcing a failure. [ 3536.896462] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3536.908304] CPU: 0 PID: 27191 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3536.915318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3536.922026] (unnamed net_device) (uninitialized): ARP validating cannot be used with MII monitoring [ 3536.924667] Call Trace: [ 3536.924692] dump_stack+0x142/0x197 [ 3536.924713] should_fail.cold+0x10f/0x159 [ 3536.924728] __alloc_pages_nodemask+0x1d6/0x7a0 [ 3536.924742] ? __alloc_pages_slowpath+0x2930/0x2930 [ 3536.953943] cache_grow_begin+0x80/0x400 [ 3536.958009] kmem_cache_alloc+0x6a6/0x780 [ 3536.962164] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3536.967279] getname_kernel+0x53/0x350 [ 3536.971166] kern_path+0x20/0x40 [ 3536.974537] lookup_bdev.part.0+0x63/0x160 [ 3536.978769] ? blkdev_open+0x260/0x260 [ 3536.982776] ? free_hot_cold_page+0x763/0xca0 [ 3536.987277] blkdev_get_by_path+0x76/0xf0 [ 3536.991435] btrfs_scan_one_device+0x97/0x400 [ 3536.992091] (unnamed net_device) (uninitialized): ARP validating cannot be used with MII monitoring [ 3536.995953] ? device_list_add+0x8d0/0x8d0 [ 3536.995964] ? __free_pages+0x54/0x90 [ 3536.995974] ? free_pages+0x46/0x50 [ 3536.995989] btrfs_mount+0x2e3/0x2b28 [ 3536.996001] ? lock_downgrade+0x740/0x740 [ 3536.996009] ? find_held_lock+0x35/0x130 [ 3536.996020] ? pcpu_alloc+0x3af/0x1050 [ 3536.996035] ? btrfs_remount+0x11f0/0x11f0 [ 3537.037095] ? rcu_read_lock_sched_held+0x110/0x130 [ 3537.042151] ? __lockdep_init_map+0x10c/0x570 [ 3537.046659] mount_fs+0x97/0x2a1 [ 3537.050034] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3537.054538] ? find_held_lock+0x35/0x130 [ 3537.058603] vfs_kern_mount+0x40/0x60 [ 3537.062410] btrfs_mount+0x3ce/0x2b28 [ 3537.066252] ? lock_downgrade+0x740/0x740 [ 3537.070402] ? find_held_lock+0x35/0x130 [ 3537.074466] ? pcpu_alloc+0x3af/0x1050 [ 3537.078366] ? btrfs_remount+0x11f0/0x11f0 [ 3537.082606] ? rcu_read_lock_sched_held+0x110/0x130 [ 3537.087634] ? __lockdep_init_map+0x10c/0x570 [ 3537.092129] ? __lockdep_init_map+0x10c/0x570 [ 3537.096616] mount_fs+0x97/0x2a1 [ 3537.099987] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3537.104490] do_mount+0x417/0x27d0 [ 3537.108030] ? copy_mount_options+0x5c/0x2f0 [ 3537.112443] ? rcu_read_lock_sched_held+0x110/0x130 [ 3537.117463] ? copy_mount_string+0x40/0x40 [ 3537.123114] ? copy_mount_options+0x1fe/0x2f0 [ 3537.127613] SyS_mount+0xab/0x120 [ 3537.131085] ? copy_mnt_ns+0x8c0/0x8c0 [ 3537.134979] do_syscall_64+0x1e8/0x640 [ 3537.138869] ? trace_hardirqs_off_thunk+0x1a/0x1c 17:53:54 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0xa0700, 0x0) write$UHID_CREATE(r0, &(0x7f0000000380)={0x0, 'syz1\x00', 'syz1\x00', 'syz1\x00', &(0x7f0000000100)=""/175, 0xaf, 0x3f, 0x422, 0x1, 0x2, 0x2}, 0x120) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 17:53:55 executing program 4: r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r0, 0x89e1, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000140)={0x6, 0x8208, 0x6, 0x9}, &(0x7f0000000180)=0x10) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x80, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/policy\x00', 0x0, 0x0) getsockopt$inet6_udp_int(r2, 0x11, 0x67, &(0x7f0000000040), &(0x7f0000000080)=0x4) setxattr$security_selinux(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='security.selinux\x00', &(0x7f0000000240)='system_u:object_r:run_init_exec_t:s0\x00', 0x25, 0x1) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 17:53:55 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:53:55 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0xa0700, 0x0) write$UHID_CREATE(r0, &(0x7f0000000380)={0x0, 'syz1\x00', 'syz1\x00', 'syz1\x00', &(0x7f0000000100)=""/175, 0xaf, 0x3f, 0x422, 0x1, 0x2, 0x2}, 0x120) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) [ 3537.143716] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3537.148905] RIP: 0033:0x45d08a [ 3537.152092] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 3537.159803] RAX: ffffffffffffffda RBX: 00007f1d3bb83b40 RCX: 000000000045d08a [ 3537.167076] RDX: 00007f1d3bb83ae0 RSI: 0000000020000100 RDI: 00007f1d3bb83b00 [ 3537.174342] RBP: 0000000000000001 R08: 00007f1d3bb83b40 R09: 00007f1d3bb83ae0 [ 3537.181608] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 3537.188874] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:55 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) ptrace$setopts(0x4206, r2, 0x9, 0x2000fb) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x80, 0x0) write$input_event(r3, &(0x7f0000000080)={{0x77359400}, 0x1f, 0x5, 0xff01}, 0x18) tkill(r0, 0x3c) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000100)={0x2, 0x87, 0xfffffff9, 0xe9, 0x9, 0x0, 0x1, 0x3, 0xf51, 0x9, 0xfffff8f7, 0x80}) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:53:55 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0x1}], 0x4, 0xf) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x4000, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000140)={r1, 0x10, &(0x7f0000000100)={&(0x7f0000000040)=""/103, 0x67, 0xffffffffffffffff}}, 0x10) ptrace$cont(0x9, r0, 0x0, 0x0) 17:53:55 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:55 executing program 5 (fault-call:3 fault-nth:67): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:55 executing program 2: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bind(0xffffffffffffffff, &(0x7f0000000140)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r0 = creat(&(0x7f0000000040)='./file1\x00', 0x40) ioctl$KVM_REINJECT_CONTROL(r0, 0xae71, &(0x7f0000000100)={0xff}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4108, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xf1c6}, 0x5010, 0x3, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x4, 0x0, [0x200008c0, 0x0, 0x0, 0x20000afc, 0x20000b2c], 0x0, 0x0}, 0x78) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) r1 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r1, 0x7, &(0x7f0000027000)={0x1}) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0) r2 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) getsockopt$inet_mreqn(r4, 0x0, 0x0, 0x0, 0x0) [ 3537.741745] FAULT_INJECTION: forcing a failure. [ 3537.741745] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3537.757739] CPU: 1 PID: 27234 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3537.764777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3537.774179] Call Trace: [ 3537.776772] dump_stack+0x142/0x197 [ 3537.780387] should_fail.cold+0x10f/0x159 [ 3537.784525] ? __might_sleep+0x93/0xb0 [ 3537.788403] __alloc_pages_nodemask+0x1d6/0x7a0 [ 3537.793055] ? __alloc_pages_slowpath+0x2930/0x2930 [ 3537.798047] ? lock_downgrade+0x740/0x740 [ 3537.802178] alloc_pages_current+0xec/0x1e0 [ 3537.806482] __page_cache_alloc+0x248/0x3e0 [ 3537.810785] do_read_cache_page+0x625/0xfc0 [ 3537.815105] ? blkdev_writepages+0xd0/0xd0 [ 3537.819322] ? find_get_pages_contig+0xaa0/0xaa0 [ 3537.824071] ? blkdev_get+0xb0/0x8e0 [ 3537.827765] ? dput.part.0+0x170/0x750 [ 3537.831643] ? bd_may_claim+0xd0/0xd0 [ 3537.831656] ? path_put+0x50/0x70 [ 3537.838878] ? lookup_bdev.part.0+0xe1/0x160 [ 3537.843278] read_cache_page_gfp+0x6e/0x90 [ 3537.843292] btrfs_read_disk_super+0xdd/0x440 [ 3537.843303] btrfs_scan_one_device+0xc6/0x400 [ 3537.843315] ? device_list_add+0x8d0/0x8d0 [ 3537.843323] ? __free_pages+0x54/0x90 [ 3537.843331] ? free_pages+0x46/0x50 [ 3537.843345] btrfs_mount+0x2e3/0x2b28 [ 3537.843358] ? lock_downgrade+0x740/0x740 [ 3537.876015] ? find_held_lock+0x35/0x130 [ 3537.880061] ? pcpu_alloc+0x3af/0x1050 [ 3537.883941] ? btrfs_remount+0x11f0/0x11f0 [ 3537.888172] ? rcu_read_lock_sched_held+0x110/0x130 [ 3537.893174] ? __lockdep_init_map+0x10c/0x570 [ 3537.897655] mount_fs+0x97/0x2a1 [ 3537.901005] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3537.905480] ? find_held_lock+0x35/0x130 [ 3537.909529] vfs_kern_mount+0x40/0x60 [ 3537.913313] btrfs_mount+0x3ce/0x2b28 [ 3537.917089] ? lock_downgrade+0x740/0x740 [ 3537.921224] ? find_held_lock+0x35/0x130 [ 3537.925265] ? pcpu_alloc+0x3af/0x1050 [ 3537.929135] ? btrfs_remount+0x11f0/0x11f0 [ 3537.933359] ? rcu_read_lock_sched_held+0x110/0x130 [ 3537.938360] ? __lockdep_init_map+0x10c/0x570 [ 3537.942852] ? __lockdep_init_map+0x10c/0x570 [ 3537.947341] mount_fs+0x97/0x2a1 [ 3537.950690] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3537.955179] do_mount+0x417/0x27d0 [ 3537.958694] ? copy_mount_options+0x5c/0x2f0 [ 3537.963085] ? rcu_read_lock_sched_held+0x110/0x130 [ 3537.968077] ? copy_mount_string+0x40/0x40 [ 3537.972304] ? copy_mount_options+0x1fe/0x2f0 [ 3537.976776] SyS_mount+0xab/0x120 [ 3537.980204] ? copy_mnt_ns+0x8c0/0x8c0 [ 3537.984072] do_syscall_64+0x1e8/0x640 [ 3537.987945] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3537.992791] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3537.997960] RIP: 0033:0x45d08a [ 3538.001130] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 3538.008816] RAX: ffffffffffffffda RBX: 00007f1d3bb83b40 RCX: 000000000045d08a [ 3538.016077] RDX: 00007f1d3bb83ae0 RSI: 0000000020000100 RDI: 00007f1d3bb83b00 [ 3538.023374] RBP: 0000000000000001 R08: 00007f1d3bb83b40 R09: 00007f1d3bb83ae0 [ 3538.030636] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 3538.037888] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:55 executing program 5 (fault-call:3 fault-nth:68): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3538.123241] FAULT_INJECTION: forcing a failure. [ 3538.123241] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3538.135074] CPU: 0 PID: 27249 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3538.142085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3538.151524] Call Trace: [ 3538.154124] dump_stack+0x142/0x197 [ 3538.157765] should_fail.cold+0x10f/0x159 [ 3538.161924] __alloc_pages_nodemask+0x1d6/0x7a0 [ 3538.166606] ? __alloc_pages_slowpath+0x2930/0x2930 [ 3538.171636] cache_grow_begin+0x80/0x400 [ 3538.175705] kmem_cache_alloc+0x6a6/0x780 [ 3538.179852] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3538.184963] getname_kernel+0x53/0x350 [ 3538.188851] kern_path+0x20/0x40 [ 3538.192221] lookup_bdev.part.0+0x63/0x160 [ 3538.196454] ? blkdev_open+0x260/0x260 [ 3538.200337] ? free_hot_cold_page+0x763/0xca0 [ 3538.204830] blkdev_get_by_path+0x76/0xf0 [ 3538.208982] btrfs_scan_one_device+0x97/0x400 [ 3538.213478] ? device_list_add+0x8d0/0x8d0 [ 3538.217714] ? __free_pages+0x54/0x90 [ 3538.221516] ? free_pages+0x46/0x50 [ 3538.225160] btrfs_mount+0x2e3/0x2b28 [ 3538.229068] ? lock_downgrade+0x740/0x740 [ 3538.233212] ? find_held_lock+0x35/0x130 [ 3538.237268] ? pcpu_alloc+0x3af/0x1050 [ 3538.241158] ? btrfs_remount+0x11f0/0x11f0 [ 3538.245396] ? rcu_read_lock_sched_held+0x110/0x130 [ 3538.250419] ? __lockdep_init_map+0x10c/0x570 [ 3538.254926] mount_fs+0x97/0x2a1 [ 3538.258296] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3538.262784] ? find_held_lock+0x35/0x130 [ 3538.266849] vfs_kern_mount+0x40/0x60 [ 3538.270649] btrfs_mount+0x3ce/0x2b28 [ 3538.274452] ? lock_downgrade+0x740/0x740 [ 3538.278592] ? find_held_lock+0x35/0x130 [ 3538.282659] ? pcpu_alloc+0x3af/0x1050 [ 3538.286552] ? btrfs_remount+0x11f0/0x11f0 [ 3538.290789] ? rcu_read_lock_sched_held+0x110/0x130 [ 3538.295810] ? __lockdep_init_map+0x10c/0x570 [ 3538.300303] ? __lockdep_init_map+0x10c/0x570 [ 3538.304806] mount_fs+0x97/0x2a1 [ 3538.308175] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3538.312669] do_mount+0x417/0x27d0 [ 3538.316206] ? copy_mount_options+0x5c/0x2f0 [ 3538.320615] ? rcu_read_lock_sched_held+0x110/0x130 [ 3538.325627] ? copy_mount_string+0x40/0x40 [ 3538.329861] ? copy_mount_options+0x1fe/0x2f0 [ 3538.334357] SyS_mount+0xab/0x120 [ 3538.337803] ? copy_mnt_ns+0x8c0/0x8c0 [ 3538.341690] do_syscall_64+0x1e8/0x640 [ 3538.345573] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3538.350419] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3538.355606] RIP: 0033:0x45d08a [ 3538.358788] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 3538.366492] RAX: ffffffffffffffda RBX: 00007f1d3bb83b40 RCX: 000000000045d08a [ 3538.373790] RDX: 00007f1d3bb83ae0 RSI: 0000000020000100 RDI: 00007f1d3bb83b00 [ 3538.381055] RBP: 0000000000000001 R08: 00007f1d3bb83b40 R09: 00007f1d3bb83ae0 [ 3538.388319] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 3538.395584] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:57 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:53:57 executing program 5 (fault-call:3 fault-nth:69): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:57 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000440)='/dev/null\x00', 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000340), &(0x7f0000000380)=0x14) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:53:57 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x0) write$apparmor_current(r4, &(0x7f0000000100)=@profile={'permprofile ', 'cgroupvboxnet1usertrusted,GPL\x00'}, 0x2a) close(r4) r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r5, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000000)={r6}, 0xc) getsockopt$inet_sctp_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f0000000040)={r6, 0x9c87, 0x63, 0x1bb, 0x40, 0x81}, &(0x7f0000000080)=0x14) ptrace$cont(0x9, r0, 0x1, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 3539.920831] FAULT_INJECTION: forcing a failure. [ 3539.920831] name failslab, interval 1, probability 0, space 0, times 0 [ 3539.932506] CPU: 0 PID: 27260 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3539.939506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3539.948843] Call Trace: [ 3539.951421] dump_stack+0x142/0x197 [ 3539.955056] should_fail.cold+0x10f/0x159 [ 3539.959198] should_failslab+0xdb/0x130 [ 3539.963154] kmem_cache_alloc+0x47/0x780 [ 3539.967206] radix_tree_node_alloc.constprop.0+0x1c7/0x310 [ 3539.972814] __radix_tree_create+0x337/0x4d0 [ 3539.977209] page_cache_tree_insert+0xa7/0x2d0 [ 3539.981781] ? file_check_and_advance_wb_err+0x380/0x380 [ 3539.987214] ? debug_smp_processor_id+0x1c/0x20 [ 3539.991870] __add_to_page_cache_locked+0x2ab/0x7e0 [ 3539.996892] ? find_lock_entry+0x3f0/0x3f0 [ 3540.001111] add_to_page_cache_lru+0xf4/0x310 [ 3540.005597] ? add_to_page_cache_locked+0x40/0x40 [ 3540.010421] ? __page_cache_alloc+0xdd/0x3e0 [ 3540.014812] do_read_cache_page+0x64e/0xfc0 [ 3540.019115] ? blkdev_writepages+0xd0/0xd0 [ 3540.023349] ? find_get_pages_contig+0xaa0/0xaa0 [ 3540.028095] ? blkdev_get+0xb0/0x8e0 [ 3540.031809] ? dput.part.0+0x170/0x750 [ 3540.035679] ? bd_may_claim+0xd0/0xd0 [ 3540.039471] ? path_put+0x50/0x70 [ 3540.042903] ? lookup_bdev.part.0+0xe1/0x160 [ 3540.047310] read_cache_page_gfp+0x6e/0x90 [ 3540.051537] btrfs_read_disk_super+0xdd/0x440 [ 3540.056031] btrfs_scan_one_device+0xc6/0x400 [ 3540.060517] ? device_list_add+0x8d0/0x8d0 [ 3540.064738] ? __free_pages+0x54/0x90 [ 3540.068522] ? free_pages+0x46/0x50 [ 3540.072137] btrfs_mount+0x2e3/0x2b28 [ 3540.075933] ? lock_downgrade+0x740/0x740 [ 3540.080062] ? find_held_lock+0x35/0x130 [ 3540.084109] ? pcpu_alloc+0x3af/0x1050 [ 3540.087992] ? btrfs_remount+0x11f0/0x11f0 [ 3540.092218] ? rcu_read_lock_sched_held+0x110/0x130 [ 3540.097236] ? __lockdep_init_map+0x10c/0x570 [ 3540.102590] mount_fs+0x97/0x2a1 [ 3540.105954] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3540.110530] ? find_held_lock+0x35/0x130 [ 3540.114574] vfs_kern_mount+0x40/0x60 [ 3540.118356] btrfs_mount+0x3ce/0x2b28 [ 3540.122137] ? lock_downgrade+0x740/0x740 [ 3540.126269] ? find_held_lock+0x35/0x130 [ 3540.130308] ? pcpu_alloc+0x3af/0x1050 [ 3540.134183] ? btrfs_remount+0x11f0/0x11f0 [ 3540.138400] ? rcu_read_lock_sched_held+0x110/0x130 [ 3540.143413] ? __lockdep_init_map+0x10c/0x570 [ 3540.147892] ? __lockdep_init_map+0x10c/0x570 [ 3540.152373] mount_fs+0x97/0x2a1 [ 3540.155724] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3540.160201] do_mount+0x417/0x27d0 [ 3540.163719] ? copy_mount_options+0x5c/0x2f0 [ 3540.168107] ? rcu_read_lock_sched_held+0x110/0x130 [ 3540.173107] ? copy_mount_string+0x40/0x40 [ 3540.177334] ? copy_mount_options+0x1fe/0x2f0 [ 3540.181811] SyS_mount+0xab/0x120 [ 3540.185242] ? copy_mnt_ns+0x8c0/0x8c0 [ 3540.189114] do_syscall_64+0x1e8/0x640 [ 3540.192988] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3540.197824] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3540.203002] RIP: 0033:0x45d08a [ 3540.206171] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 3540.213861] RAX: ffffffffffffffda RBX: 00007f1d3bb83b40 RCX: 000000000045d08a 17:53:58 executing program 0: socket$alg(0x26, 0x5, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) sendto(r0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=@in={0x2, 0x0, @multicast2}, 0x80) [ 3540.221233] RDX: 00007f1d3bb83ae0 RSI: 0000000020000100 RDI: 00007f1d3bb83b00 [ 3540.228501] RBP: 0000000000000001 R08: 00007f1d3bb83b40 R09: 00007f1d3bb83ae0 [ 3540.235862] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 3540.243114] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:58 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r1 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/hash_stats\x00', 0x0, 0x0) write$FUSE_GETXATTR(r1, &(0x7f0000000040)={0x18, 0x0, 0x1, {0x9}}, 0x18) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x40, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:53:58 executing program 5 (fault-call:3 fault-nth:70): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:58 executing program 2: sched_setattr(0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f035000c803cf", 0x2f}], 0xaaaaaaaaaaaad09, 0x0, 0x0, 0x238) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r2, 0x89e1, 0x0) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r3, 0x89e1, 0x0) r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r4, 0x89e1, 0x0) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) syz_open_procfs$namespace(0x0, &(0x7f0000000800)='ns/pid\x00') syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00') r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) semget(0x0, 0x7, 0x0) syz_open_dev$sndpcmp(0x0, 0x2, 0x400000) r8 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r8, 0xc008ae67, &(0x7f0000000340)={0x8001, 0xd1f}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000980)={0x0, &(0x7f0000000940)}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x1, 0x1000, 0x0, 0x4c8, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r7, 0xae80, 0x0) setsockopt$inet6_MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, &(0x7f0000000440)={{0xa, 0x4e20, 0x1f, @loopback}, {0xa, 0x4e24, 0x0, @local, 0x400}, 0x1000, [0x7, 0x800, 0x0, 0x10001, 0xffff, 0x43ff, 0x4, 0x4]}, 0x5c) add_key$user(0x0, 0x0, &(0x7f0000000700)="e1938f35059997f19264f98cf35be1dcd665bb8f3224d0300c5c42dec6843d0c7ab6562804affea41779300b141e606844a5f499cde432660554e79da6926fb43d8b462a70a91e4a8011ab9e076ecc19ff0ad9a7199f38f1b42737f98443805079a1cf5d8e197a7f34a67da5761a154976b20f54d4d106e32c281ea93dfd82b1f5a1c2767cb47da333ff9658ec4ead10933c14bd", 0x94, 0x0) fallocate(0xffffffffffffffff, 0x10, 0x0, 0x2000002) recvfrom$packet(0xffffffffffffffff, &(0x7f0000000100)=""/36, 0x24, 0x1, 0x0, 0x0) read$alg(0xffffffffffffffff, &(0x7f00000009c0)=""/240, 0xf0) r9 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$SO_ATTACH_FILTER(r9, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6}]}, 0x10) getsockopt$sock_buf(r9, 0x1, 0x1a, 0x0, &(0x7f0000000080)) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/qat_adf_ctl\x00', 0x8000, 0x0) socket$inet6(0xa, 0x0, 0x6b) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000200)=@sack_info={0x0, 0x7, 0x10001}, &(0x7f0000000240)=0xc) 17:53:58 executing program 0: r0 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/user\x00', 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write$selinux_user(r0, &(0x7f0000001340)=ANY=[@ANYBLOB="756e636f6e66696e65645f753a73797374656d5f723a696e736d6f645f743a73303a63313032332073797374656d5f75d452c355f39cc27a2228420700000000000000240a69d4cef44befd29cb9bb6eecb89b71216279fb1956ca5ccb08bd8accb7ef49ed226a7c011a43fea42e7b690b47a694ce55d477d7dbf5f0df0900646edb74c818005ce6d5f512c123580e7e33e7c92c5954da4d611e4dbc54855b556ff1e4c0c0e30d840de973b995f147bcdcc35324a54b2e86b0f67dceb91a1f482c05be94ff471a549818f454b8adc200"/218], 0x30) [ 3540.432308] FAULT_INJECTION: forcing a failure. [ 3540.432308] name failslab, interval 1, probability 0, space 0, times 0 [ 3540.443543] CPU: 0 PID: 27290 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3540.450819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3540.460303] Call Trace: [ 3540.462886] dump_stack+0x142/0x197 [ 3540.466561] should_fail.cold+0x10f/0x159 [ 3540.470725] should_failslab+0xdb/0x130 [ 3540.477632] kmem_cache_alloc+0x47/0x780 [ 3540.481692] radix_tree_node_alloc.constprop.0+0x1c7/0x310 [ 3540.487341] __radix_tree_create+0x337/0x4d0 [ 3540.491746] page_cache_tree_insert+0xa7/0x2d0 [ 3540.496323] ? file_check_and_advance_wb_err+0x380/0x380 [ 3540.501765] ? debug_smp_processor_id+0x1c/0x20 [ 3540.506464] __add_to_page_cache_locked+0x2ab/0x7e0 [ 3540.511475] ? find_lock_entry+0x3f0/0x3f0 [ 3540.515702] add_to_page_cache_lru+0xf4/0x310 [ 3540.520191] ? add_to_page_cache_locked+0x40/0x40 [ 3540.525022] ? __page_cache_alloc+0xdd/0x3e0 [ 3540.529426] do_read_cache_page+0x64e/0xfc0 [ 3540.533747] ? blkdev_writepages+0xd0/0xd0 [ 3540.537965] ? find_get_pages_contig+0xaa0/0xaa0 [ 3540.542699] ? blkdev_get+0xb0/0x8e0 [ 3540.546393] ? dput.part.0+0x170/0x750 [ 3540.550268] ? bd_may_claim+0xd0/0xd0 [ 3540.554059] ? path_put+0x50/0x70 [ 3540.557499] ? lookup_bdev.part.0+0xe1/0x160 [ 3540.561914] read_cache_page_gfp+0x6e/0x90 [ 3540.566145] btrfs_read_disk_super+0xdd/0x440 [ 3540.570624] btrfs_scan_one_device+0xc6/0x400 [ 3540.575117] ? device_list_add+0x8d0/0x8d0 [ 3540.579334] ? __free_pages+0x54/0x90 [ 3540.583123] ? free_pages+0x46/0x50 [ 3540.586732] btrfs_mount+0x2e3/0x2b28 [ 3540.590514] ? lock_downgrade+0x740/0x740 [ 3540.594649] ? find_held_lock+0x35/0x130 [ 3540.598711] ? pcpu_alloc+0x3af/0x1050 [ 3540.602587] ? btrfs_remount+0x11f0/0x11f0 [ 3540.606826] ? rcu_read_lock_sched_held+0x110/0x130 [ 3540.611835] ? __lockdep_init_map+0x10c/0x570 [ 3540.616313] mount_fs+0x97/0x2a1 [ 3540.619670] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3540.624161] ? find_held_lock+0x35/0x130 [ 3540.628304] vfs_kern_mount+0x40/0x60 [ 3540.632107] btrfs_mount+0x3ce/0x2b28 [ 3540.635897] ? lock_downgrade+0x740/0x740 [ 3540.640031] ? find_held_lock+0x35/0x130 [ 3540.644077] ? pcpu_alloc+0x3af/0x1050 [ 3540.647950] ? btrfs_remount+0x11f0/0x11f0 [ 3540.652177] ? rcu_read_lock_sched_held+0x110/0x130 [ 3540.657203] ? __lockdep_init_map+0x10c/0x570 [ 3540.661700] ? __lockdep_init_map+0x10c/0x570 [ 3540.666201] mount_fs+0x97/0x2a1 [ 3540.669559] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3540.674050] do_mount+0x417/0x27d0 [ 3540.677573] ? copy_mount_options+0x5c/0x2f0 [ 3540.681979] ? rcu_read_lock_sched_held+0x110/0x130 [ 3540.686978] ? copy_mount_string+0x40/0x40 [ 3540.691199] ? copy_mount_options+0x1fe/0x2f0 [ 3540.695682] SyS_mount+0xab/0x120 [ 3540.699124] ? copy_mnt_ns+0x8c0/0x8c0 [ 3540.703004] do_syscall_64+0x1e8/0x640 [ 3540.706928] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3540.711772] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3540.716959] RIP: 0033:0x45d08a [ 3540.720140] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 17:53:58 executing program 0: syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r0, 0x0) unshare(0x40000000) r1 = accept(r0, 0x0, 0x0) write$binfmt_elf64(r1, &(0x7f0000000540)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "45bbdc69bbff39ac5dc60b4b68e9d85a2ee082b856566b7760bc4bbe60c896559926ba235d4615161c6e24ff92e2de79f8a652876b9e5c220210b102e8fed56cfa50165024f29d4fece46ae4c6fcae5cfd960c0f0412", [[], []]}, 0x2ce) r2 = socket$inet_udplite(0x2, 0x2, 0x88) fstat(r2, &(0x7f0000000000)) syz_genetlink_get_family_id$tipc(0x0) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x2180, 0x0) fanotify_mark(0xffffffffffffffff, 0xc0, 0x3962a2a0ef50cd8d, r3, &(0x7f00000000c0)='./file0\x00') openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000440)='TIPC\x00') 17:53:58 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) [ 3540.727836] RAX: ffffffffffffffda RBX: 00007f1d3bb83b40 RCX: 000000000045d08a [ 3540.735107] RDX: 00007f1d3bb83ae0 RSI: 0000000020000100 RDI: 00007f1d3bb83b00 [ 3540.742368] RBP: 0000000000000001 R08: 00007f1d3bb83b40 R09: 00007f1d3bb83ae0 [ 3540.749630] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 3540.756938] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:58 executing program 5 (fault-call:3 fault-nth:71): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3540.897790] IPVS: ftp: loaded support on port[0] = 21 [ 3540.926100] FAULT_INJECTION: forcing a failure. [ 3540.926100] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3540.938285] CPU: 0 PID: 27313 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3540.945309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3540.954655] Call Trace: [ 3540.954675] dump_stack+0x142/0x197 [ 3540.954697] should_fail.cold+0x10f/0x159 [ 3540.965014] ? __might_sleep+0x93/0xb0 [ 3540.968887] __alloc_pages_nodemask+0x1d6/0x7a0 [ 3540.973550] ? __alloc_pages_slowpath+0x2930/0x2930 [ 3540.978549] ? lock_downgrade+0x740/0x740 [ 3540.982685] alloc_pages_current+0xec/0x1e0 [ 3540.986992] __page_cache_alloc+0x248/0x3e0 [ 3540.991299] do_read_cache_page+0x625/0xfc0 [ 3540.995602] ? blkdev_writepages+0xd0/0xd0 [ 3540.999831] ? find_get_pages_contig+0xaa0/0xaa0 [ 3541.004566] ? blkdev_get+0xb0/0x8e0 [ 3541.008261] ? dput.part.0+0x170/0x750 [ 3541.012130] ? bd_may_claim+0xd0/0xd0 [ 3541.015915] ? path_put+0x50/0x70 [ 3541.019346] ? lookup_bdev.part.0+0xe1/0x160 [ 3541.023738] read_cache_page_gfp+0x6e/0x90 [ 3541.027959] btrfs_read_disk_super+0xdd/0x440 [ 3541.032448] btrfs_scan_one_device+0xc6/0x400 [ 3541.036926] ? device_list_add+0x8d0/0x8d0 [ 3541.041153] ? __free_pages+0x54/0x90 [ 3541.044954] ? free_pages+0x46/0x50 [ 3541.048578] btrfs_mount+0x2e3/0x2b28 [ 3541.052372] ? lock_downgrade+0x740/0x740 [ 3541.056516] ? find_held_lock+0x35/0x130 [ 3541.060566] ? pcpu_alloc+0x3af/0x1050 [ 3541.064441] ? btrfs_remount+0x11f0/0x11f0 [ 3541.068662] ? rcu_read_lock_sched_held+0x110/0x130 [ 3541.073671] ? __lockdep_init_map+0x10c/0x570 [ 3541.078157] mount_fs+0x97/0x2a1 [ 3541.081521] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3541.085998] ? find_held_lock+0x35/0x130 [ 3541.090043] vfs_kern_mount+0x40/0x60 [ 3541.093831] btrfs_mount+0x3ce/0x2b28 [ 3541.097614] ? lock_downgrade+0x740/0x740 [ 3541.101743] ? find_held_lock+0x35/0x130 [ 3541.105792] ? pcpu_alloc+0x3af/0x1050 [ 3541.109664] ? btrfs_remount+0x11f0/0x11f0 [ 3541.113882] ? rcu_read_lock_sched_held+0x110/0x130 [ 3541.118897] ? __lockdep_init_map+0x10c/0x570 [ 3541.123372] ? __lockdep_init_map+0x10c/0x570 [ 3541.127852] mount_fs+0x97/0x2a1 [ 3541.131204] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3541.135695] do_mount+0x417/0x27d0 [ 3541.139216] ? copy_mount_options+0x5c/0x2f0 [ 3541.143606] ? rcu_read_lock_sched_held+0x110/0x130 [ 3541.148604] ? copy_mount_string+0x40/0x40 [ 3541.152821] ? copy_mount_options+0x1fe/0x2f0 [ 3541.157305] SyS_mount+0xab/0x120 [ 3541.160736] ? copy_mnt_ns+0x8c0/0x8c0 [ 3541.164606] do_syscall_64+0x1e8/0x640 [ 3541.168473] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3541.173303] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3541.178474] RIP: 0033:0x45d08a [ 3541.181645] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 3541.189335] RAX: ffffffffffffffda RBX: 00007f1d3bb83b40 RCX: 000000000045d08a [ 3541.196597] RDX: 00007f1d3bb83ae0 RSI: 0000000020000100 RDI: 00007f1d3bb83b00 [ 3541.203867] RBP: 0000000000000001 R08: 00007f1d3bb83b40 R09: 00007f1d3bb83ae0 [ 3541.211120] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 3541.218376] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:53:59 executing program 5 (fault-call:3 fault-nth:72): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:53:59 executing program 2: sched_setattr(0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f035000c803cf", 0x2f}], 0xaaaaaaaaaaaad09, 0x0, 0x0, 0x238) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r2, 0x89e1, 0x0) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r3, 0x89e1, 0x0) r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r4, 0x89e1, 0x0) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) syz_open_procfs$namespace(0x0, &(0x7f0000000800)='ns/pid\x00') syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00') r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) semget(0x0, 0x7, 0x0) syz_open_dev$sndpcmp(0x0, 0x2, 0x400000) r8 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r8, 0xc008ae67, &(0x7f0000000340)={0x8001, 0xd1f}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000980)={0x0, &(0x7f0000000940)}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x1, 0x1000, 0x0, 0x4c8, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0xba8e}) ioctl$KVM_RUN(r7, 0xae80, 0x0) setsockopt$inet6_MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, &(0x7f0000000440)={{0xa, 0x4e20, 0x1f, @loopback}, {0xa, 0x4e24, 0x0, @local, 0x400}, 0x1000, [0x7, 0x800, 0x0, 0x10001, 0xffff, 0x43ff, 0x4, 0x4]}, 0x5c) add_key$user(0x0, 0x0, &(0x7f0000000700)="e1938f35059997f19264f98cf35be1dcd665bb8f3224d0300c5c42dec6843d0c7ab6562804affea41779300b141e606844a5f499cde432660554e79da6926fb43d8b462a70a91e4a8011ab9e076ecc19ff0ad9a7199f38f1b42737f98443805079a1cf5d8e197a7f34a67da5761a154976b20f54d4d106e32c281ea93dfd82b1f5a1c2767cb47da333ff9658ec4ead10933c14bd", 0x94, 0x0) fallocate(0xffffffffffffffff, 0x10, 0x0, 0x2000002) recvfrom$packet(0xffffffffffffffff, &(0x7f0000000100)=""/36, 0x24, 0x1, 0x0, 0x0) read$alg(0xffffffffffffffff, &(0x7f00000009c0)=""/240, 0xf0) r9 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$SO_ATTACH_FILTER(r9, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6}]}, 0x10) getsockopt$sock_buf(r9, 0x1, 0x1a, 0x0, &(0x7f0000000080)) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/qat_adf_ctl\x00', 0x8000, 0x0) socket$inet6(0xa, 0x0, 0x6b) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000200)=@sack_info={0x0, 0x7, 0x10001}, &(0x7f0000000240)=0xc) [ 3541.372955] FAULT_INJECTION: forcing a failure. [ 3541.372955] name failslab, interval 1, probability 0, space 0, times 0 [ 3541.385164] CPU: 1 PID: 27329 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3541.392198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3541.401543] Call Trace: [ 3541.404127] dump_stack+0x142/0x197 [ 3541.407745] should_fail.cold+0x10f/0x159 [ 3541.411876] ? __lock_is_held+0xb6/0x140 [ 3541.415919] ? mempool_free+0x1d0/0x1d0 [ 3541.419875] should_failslab+0xdb/0x130 [ 3541.423831] kmem_cache_alloc+0x47/0x780 [ 3541.427880] ? mempool_free+0x1d0/0x1d0 [ 3541.431838] mempool_alloc_slab+0x47/0x60 [ 3541.435968] mempool_alloc+0x138/0x300 [ 3541.439840] ? remove_element.isra.0+0x1b0/0x1b0 [ 3541.444577] ? find_held_lock+0x35/0x130 [ 3541.448622] ? create_empty_buffers+0x2d3/0x480 [ 3541.453276] ? save_trace+0x290/0x290 [ 3541.457078] bio_alloc_bioset+0x368/0x680 [ 3541.461210] ? bvec_alloc+0x2e0/0x2e0 [ 3541.464994] submit_bh_wbc+0xf6/0x720 [ 3541.468778] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 3541.474220] block_read_full_page+0x7a2/0x960 [ 3541.478720] ? set_init_blocksize+0x220/0x220 [ 3541.483204] ? __bread_gfp+0x290/0x290 [ 3541.487073] ? add_to_page_cache_lru+0x159/0x310 [ 3541.491812] ? add_to_page_cache_locked+0x40/0x40 [ 3541.496635] blkdev_readpage+0x1d/0x30 [ 3541.500504] do_read_cache_page+0x671/0xfc0 [ 3541.504807] ? blkdev_writepages+0xd0/0xd0 [ 3541.509030] ? find_get_pages_contig+0xaa0/0xaa0 [ 3541.513764] ? blkdev_get+0xb0/0x8e0 [ 3541.517460] ? dput.part.0+0x170/0x750 [ 3541.521333] ? bd_may_claim+0xd0/0xd0 [ 3541.525115] ? path_put+0x50/0x70 [ 3541.528548] ? lookup_bdev.part.0+0xe1/0x160 [ 3541.532937] read_cache_page_gfp+0x6e/0x90 [ 3541.537154] btrfs_read_disk_super+0xdd/0x440 [ 3541.541630] btrfs_scan_one_device+0xc6/0x400 [ 3541.546108] ? device_list_add+0x8d0/0x8d0 [ 3541.550322] ? __free_pages+0x54/0x90 [ 3541.554104] ? free_pages+0x46/0x50 [ 3541.557717] btrfs_mount+0x2e3/0x2b28 [ 3541.561498] ? lock_downgrade+0x740/0x740 [ 3541.565623] ? find_held_lock+0x35/0x130 [ 3541.569673] ? pcpu_alloc+0x3af/0x1050 [ 3541.573548] ? btrfs_remount+0x11f0/0x11f0 [ 3541.577770] ? rcu_read_lock_sched_held+0x110/0x130 [ 3541.582774] ? __lockdep_init_map+0x10c/0x570 [ 3541.587258] mount_fs+0x97/0x2a1 [ 3541.590610] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3541.595083] ? find_held_lock+0x35/0x130 [ 3541.599130] vfs_kern_mount+0x40/0x60 [ 3541.602913] btrfs_mount+0x3ce/0x2b28 [ 3541.606694] ? lock_downgrade+0x740/0x740 [ 3541.610821] ? find_held_lock+0x35/0x130 [ 3541.614862] ? pcpu_alloc+0x3af/0x1050 [ 3541.618736] ? btrfs_remount+0x11f0/0x11f0 [ 3541.622954] ? rcu_read_lock_sched_held+0x110/0x130 [ 3541.627957] ? __lockdep_init_map+0x10c/0x570 [ 3541.632432] ? __lockdep_init_map+0x10c/0x570 [ 3541.636909] mount_fs+0x97/0x2a1 [ 3541.640257] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3541.644734] do_mount+0x417/0x27d0 [ 3541.648252] ? copy_mount_options+0x5c/0x2f0 [ 3541.652639] ? rcu_read_lock_sched_held+0x110/0x130 [ 3541.657637] ? copy_mount_string+0x40/0x40 [ 3541.661854] ? copy_mount_options+0x1fe/0x2f0 [ 3541.666340] SyS_mount+0xab/0x120 [ 3541.669778] ? copy_mnt_ns+0x8c0/0x8c0 [ 3541.673649] do_syscall_64+0x1e8/0x640 [ 3541.677515] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3541.682340] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3541.687509] RIP: 0033:0x45d08a [ 3541.690681] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 3541.698385] RAX: ffffffffffffffda RBX: 00007f1d3bb83b40 RCX: 000000000045d08a [ 3541.705639] RDX: 00007f1d3bb83ae0 RSI: 0000000020000100 RDI: 00007f1d3bb83b00 [ 3541.712904] RBP: 0000000000000001 R08: 00007f1d3bb83b40 R09: 00007f1d3bb83ae0 17:53:59 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) [ 3541.720160] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 3541.727417] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:54:00 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r2, r1) vmsplice(0xffffffffffffffff, &(0x7f0000000040), 0x4, 0xa) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) prctl$PR_CAP_AMBIENT(0x2f, 0x4, 0x23) r3 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r3) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r4, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f00000001c0)=ANY=[@ANYBLOB, @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000000)={r5}, 0xc) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000040)={r5, 0x5}, 0x8) tkill(r0, 0x3c) syz_open_procfs(r0, &(0x7f0000000080)='oom_score_adj\x00') ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000100)='SEG6\x00') socket$inet_smc(0x2b, 0x1, 0x0) 17:54:00 executing program 2: ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000000)) syz_open_dev$usbfs(0x0, 0x90a, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, 0x0, 0x0) getresuid(&(0x7f00000017c0), &(0x7f0000001800), &(0x7f0000001840)) r3 = socket$inet_udplite(0x2, 0x2, 0x88) fstat(r3, &(0x7f0000000000)) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000080)=[@in6={0xa, 0x4e24, 0x4c, @empty, 0x9d51}, @in6={0xa, 0x4e24, 0xffffffff, @loopback, 0x3}, @in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}], 0x48) 17:54:01 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x1, 0x0) tkill(r0, 0x3c) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r1, 0x89e1, 0x0) getsockname$packet(r1, &(0x7f0000000000), &(0x7f0000000040)=0x14) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:54:01 executing program 0: syz_mount_image$iso9660(&(0x7f0000000480)='iso9660\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800)={[{@dmode={'dmode', 0x3d, 0x1}}]}) r0 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x0, 0x1) ioctl$TCGETS2(r0, 0x802c542a, &(0x7f0000000040)) ioctl$SIOCRSACCEPT(r0, 0x89e3) 17:54:01 executing program 5 (fault-call:3 fault-nth:73): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:54:01 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r2, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r4 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) r6 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r6) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r7, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r8}, &(0x7f00000002c0)=0x20) 17:54:01 executing program 2: ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000000)) syz_open_dev$usbfs(0x0, 0x90a, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @null]}, 0x48) listen(r1, 0x0) r2 = accept(r1, 0x0, 0x0) write$binfmt_elf64(r2, 0x0, 0x0) getresuid(&(0x7f00000017c0), &(0x7f0000001800), &(0x7f0000001840)) r3 = socket$inet_udplite(0x2, 0x2, 0x88) fstat(r3, &(0x7f0000000000)) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000080)=[@in6={0xa, 0x4e24, 0x4c, @empty, 0x9d51}, @in6={0xa, 0x4e24, 0xffffffff, @loopback, 0x3}, @in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}], 0x48) 17:54:01 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x30c53e5c1aa45135, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000380)='/proc/capi/capi20\x00', 0x300200, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{0x0}, {0x0, 0x343}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xfffffffffffffcab}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ioctl$RNDADDENTROPY(0xffffffffffffffff, 0x40085203, &(0x7f0000000180)={0x4, 0x75, "a6bab47f64b6ab395998d0de0309f6fb194e0e664045e4288d1b1a88373760b85a68971a98c97eab49f71a989d42e3c61a3f4b41d4b32a1352f8e3bcef190895abf31df67d133cfba049d2a2ce0431eee254dd9e39f55bccd8dcd8ff9b1482236f36c7f08becec5b85cfa29b3f8d5d5088c436400b"}) move_pages(r0, 0x4, &(0x7f0000000200)=[&(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil], &(0x7f0000000240)=[0xfffffffb, 0x805], &(0x7f0000000280)=[0x0, 0x0], 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x9c0a3, 0x0) ioctl$SIOCAX25ADDUID(r2, 0x89e1, 0x0) ioctl$KDSKBMODE(r2, 0x4b45, &(0x7f0000000140)=0x9f) write$FUSE_IOCTL(r2, &(0x7f0000000100)={0x20, 0x0, 0x6, {0x7fff, 0x0, 0x3, 0x8}}, 0x20) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r3 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/\x06\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe9\xff\xff\xff\x00', 0x197a40, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r3, 0x4048ae9b, &(0x7f0000000040)={0xa0000, 0x0, [0x401, 0x8, 0x92c1, 0x3, 0xfffffffffffffffc, 0x601282ac, 0xf3b, 0x3]}) ptrace$cont(0x9, r0, 0x0, 0x0) [ 3543.396466] FAULT_INJECTION: forcing a failure. [ 3543.396466] name fail_page_alloc, interval 1, probability 0, space 0, times 0 17:54:01 executing program 0: timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) preadv(0xffffffffffffffff, 0x0, 0x1d, 0x0) socket$netlink(0x10, 0x3, 0x0) symlink(&(0x7f0000000040)='./file1\x00', &(0x7f0000000000)='.//ile0\x00') r1 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) fcntl$setlease(r1, 0x400, 0x0) syz_open_dev$amidi(0x0, 0x24, 0x101002) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$VIDIOC_TRY_FMT(r2, 0xc0d05640, &(0x7f0000000480)={0x3, @vbi={0x83, 0x0, 0x101, 0x494e4f4b, [0xf0a, 0x4000], [0xfffff800, 0x3], 0x108}}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r4, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r5, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r6, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r7, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r8, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r9, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) mount$overlay(0x400000, &(0x7f0000000700)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x10c0800, &(0x7f0000000780)=ANY=[@ANYRESOCT=r7, @ANYPTR=&(0x7f0000000880)=ANY=[@ANYRES64=r0, @ANYBLOB="b732b1504744978ac620e32ad24442dccc828da3972fb7be98ea72cea3a8f1021ad56e825240b99e79e3a3f7", @ANYPTR=&(0x7f0000000800)=ANY=[@ANYRESOCT, @ANYBLOB="6b7ba7980b450c26bbbaea774e1822", @ANYRESDEC=0x0, @ANYPTR], @ANYRESHEX=r2, @ANYRESHEX=r9], @ANYRES32=r3]) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(0xffffffffffffffff, 0x84, 0x4, &(0x7f0000000400)=0x8, 0x4) r10 = syz_open_dev$vbi(&(0x7f00000001c0)='/dev/vbi#\x00', 0x1, 0x2) r11 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r11, 0x89e1, 0x0) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r11, 0x84, 0x7c, &(0x7f0000000200)={0x0, 0x1000, 0x6}, &(0x7f0000000280)=0x8) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r10, 0x84, 0x7c, &(0x7f0000000380)={r12, 0x0, 0x1}, &(0x7f00000003c0)=0x8) r13 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r14 = creat(&(0x7f00000002c0)='./file0\x00', 0x40) r15 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r15, 0x89e1, 0x0) r16 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r16, 0x89e1, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r16, 0x84, 0x71, &(0x7f0000000580)={0x0, 0x3}, &(0x7f00000005c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r15, 0x84, 0x1a, &(0x7f0000000600)={r17, 0x4a, "46cb2615bd33d1b214b6b01910cc1933b3ff55e3910cb1e17f3a592890661cb35e6808fefa1baf1552f7a6d072598feb9f94520c5f273e93d32903d722ef2b9557d8c5ecdb6821d6b84c"}, &(0x7f0000000680)=0x52) ftruncate(r14, 0x2081fc) ioctl$KVM_SET_VCPU_EVENTS(r14, 0x4040aea0, &(0x7f00000000c0)={0x0, 0x1d, 0x0, 0x0, 0x100, 0x0, 0x6, 0x4, 0x80, 0xb4, 0xfb, 0x81, 0x0, 0x10001, 0x4, 0x7, 0x1f, 0x92, 0xfd}) socket(0x10, 0x2, 0x0) renameat(r13, &(0x7f0000000180)='.//ile0\x00', r13, &(0x7f00000007c0)='./file0/f.le.\x00') [ 3543.474032] CPU: 0 PID: 27364 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3543.481093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3543.490446] Call Trace: [ 3543.493039] dump_stack+0x142/0x197 [ 3543.496686] should_fail.cold+0x10f/0x159 [ 3543.500835] ? __might_sleep+0x93/0xb0 [ 3543.504732] __alloc_pages_nodemask+0x1d6/0x7a0 [ 3543.509406] ? __alloc_pages_slowpath+0x2930/0x2930 [ 3543.514423] ? lock_downgrade+0x740/0x740 [ 3543.518584] alloc_pages_current+0xec/0x1e0 17:54:01 executing program 0: mkdir(&(0x7f0000000000)='./file1\x00', 0x378) getxattr(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000180)=@known='system.advise\x00', 0x0, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/de\x00\x80eutofso', 0x7c9401, 0x0) ioctl$SG_EMULATED_HOST(r0, 0x2203, &(0x7f0000000080)) [ 3543.522904] __page_cache_alloc+0x248/0x3e0 [ 3543.522919] do_read_cache_page+0x625/0xfc0 [ 3543.522929] ? blkdev_writepages+0xd0/0xd0 [ 3543.522943] ? find_get_pages_contig+0xaa0/0xaa0 [ 3543.531550] ? blkdev_get+0xb0/0x8e0 [ 3543.531560] ? dput.part.0+0x170/0x750 [ 3543.531570] ? bd_may_claim+0xd0/0xd0 [ 3543.531580] ? path_put+0x50/0x70 [ 3543.531588] ? lookup_bdev.part.0+0xe1/0x160 [ 3543.531599] read_cache_page_gfp+0x6e/0x90 [ 3543.531610] btrfs_read_disk_super+0xdd/0x440 [ 3543.531623] btrfs_scan_one_device+0xc6/0x400 [ 3543.548146] ? device_list_add+0x8d0/0x8d0 [ 3543.568488] ? __free_pages+0x54/0x90 [ 3543.568498] ? free_pages+0x46/0x50 [ 3543.568514] btrfs_mount+0x2e3/0x2b28 [ 3543.568527] ? lock_downgrade+0x740/0x740 [ 3543.592512] ? find_held_lock+0x35/0x130 [ 3543.596558] ? pcpu_alloc+0x3af/0x1050 [ 3543.600449] ? btrfs_remount+0x11f0/0x11f0 [ 3543.604681] ? rcu_read_lock_sched_held+0x110/0x130 [ 3543.609705] ? __lockdep_init_map+0x10c/0x570 [ 3543.614202] mount_fs+0x97/0x2a1 [ 3543.617559] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3543.622037] ? find_held_lock+0x35/0x130 [ 3543.626082] vfs_kern_mount+0x40/0x60 [ 3543.629864] btrfs_mount+0x3ce/0x2b28 [ 3543.633657] ? lock_downgrade+0x740/0x740 [ 3543.637798] ? find_held_lock+0x35/0x130 [ 3543.641840] ? pcpu_alloc+0x3af/0x1050 [ 3543.645717] ? btrfs_remount+0x11f0/0x11f0 [ 3543.649939] ? rcu_read_lock_sched_held+0x110/0x130 [ 3543.654944] ? __lockdep_init_map+0x10c/0x570 [ 3543.659429] ? __lockdep_init_map+0x10c/0x570 [ 3543.663907] mount_fs+0x97/0x2a1 [ 3543.667256] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3543.671736] do_mount+0x417/0x27d0 [ 3543.675255] ? copy_mount_options+0x5c/0x2f0 [ 3543.679664] ? rcu_read_lock_sched_held+0x110/0x130 [ 3543.684672] ? copy_mount_string+0x40/0x40 [ 3543.688891] ? copy_mount_options+0x1fe/0x2f0 [ 3543.693368] SyS_mount+0xab/0x120 [ 3543.696799] ? copy_mnt_ns+0x8c0/0x8c0 [ 3543.700669] do_syscall_64+0x1e8/0x640 [ 3543.704540] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3543.709368] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3543.714537] RIP: 0033:0x45d08a [ 3543.717707] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 17:54:01 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r3, 0x89e1, 0x0) write$FUSE_NOTIFY_DELETE(r3, &(0x7f00000004c0)={0x2c, 0x6, 0x0, {0x4, 0x4, 0x3, 0x0, 'uid'}}, 0x2c) setuid(r2) getresuid(&(0x7f0000000500)=0x0, &(0x7f0000000540), &(0x7f0000000580)) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000040)='./file0\x00', 0xffffffffffff0000, 0x3, &(0x7f0000000200)=[{&(0x7f0000000100)="ed9cef92d4cfc3b43d17138f64305b1ccf9a10fbb1c77a1eb2bfc083771935bc2e070554aff92737a7f0a637465b6c3d8bf55a0630189e71bb758019a634d9311cbcf6d2f41479a6f9c5bdd969856456909fd1956dead8ce572823a38a865d73319836b07020bebd0fcfb9e8b3caec657bb0e87e20c390c8f5e2acd0e697fb", 0x7f, 0x800}, {&(0x7f0000000700)="2c081a40a0587fa6c478977fcf9924a8edd71be5ebcf63fae638c68d444e06172a91ba785a97beb8a3e04d4e732b52b426880c74600748e5c2f16058a1b62a262d5c5e58a3cf036e054c8bdaa41c36f413f650537c56d6072f571f8d9b81bcd71a01d04c3e864c0705017f875635079c7d5d", 0x72, 0x40}, {&(0x7f0000000080)="8d7bb218fe9a9fe36557fd67", 0xc, 0x4}], 0x4, &(0x7f00000005c0)={[{@shortname_win95='shortname=win95'}, {@shortname_lower='shortname=lower'}, {@shortname_win95='shortname=win95'}, {@fat=@allow_utime={'allow_utime', 0x3d, 0x2}}, {@iocharset={'iocharset', 0x3d, 'cp950'}}], [{@subj_type={'subj_type'}}, {@audit='audit'}, {@seclabel='seclabel'}, {@func={'func', 0x3d, 'MMAP_CHECK'}}, {@permit_directio='permit_directio'}, {@dont_appraise='dont_appraise'}, {@euid_eq={'euid', 0x3d, r4}}, {@uid_eq={'uid', 0x3d, r2}}, {@fsuuid={'fsuuid', 0x3d, {[0x1a, 0x7, 0x0, 0x66, 0x3e40dd2576346ba9, 0x31, 0x36, 0x64], 0x2d, [0x4, 0x31, 0x62, 0x7], 0x2d, [0x31, 0x33, 0x62, 0x35], 0x2d, [0x20c4e9d0f8ac3c2c, 0x34, 0x61, 0x34], 0x2d, [0x65, 0x37, 0x0, 0x61, 0x1c, 0x62, 0x31]}}}]}) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 3543.725394] RAX: ffffffffffffffda RBX: 00007f1d3bb83b40 RCX: 000000000045d08a [ 3543.732655] RDX: 00007f1d3bb83ae0 RSI: 0000000020000100 RDI: 00007f1d3bb83b00 [ 3543.739904] RBP: 0000000000000001 R08: 00007f1d3bb83b40 R09: 00007f1d3bb83ae0 [ 3543.747154] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 3543.754403] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:54:01 executing program 5 (fault-call:3 fault-nth:74): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3543.922185] FAULT_INJECTION: forcing a failure. [ 3543.922185] name failslab, interval 1, probability 0, space 0, times 0 [ 3543.937415] CPU: 0 PID: 27404 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3543.944454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3543.953808] Call Trace: [ 3543.956401] dump_stack+0x142/0x197 [ 3543.960034] should_fail.cold+0x10f/0x159 [ 3543.964190] should_failslab+0xdb/0x130 [ 3543.968162] kmem_cache_alloc+0x2d7/0x780 [ 3543.972395] ? save_stack_trace+0x16/0x20 [ 3543.976531] ? save_stack+0x45/0xd0 [ 3543.980146] ? kasan_kmalloc+0xce/0xf0 [ 3543.984024] ? kmem_cache_alloc_trace+0x152/0x790 [ 3543.988870] ? btrfs_mount+0x1069/0x2b28 [ 3543.992918] ? mount_fs+0x97/0x2a1 [ 3543.996443] getname_kernel+0x53/0x350 [ 3544.000353] kern_path+0x20/0x40 [ 3544.003828] lookup_bdev.part.0+0x63/0x160 [ 3544.008042] ? blkdev_open+0x260/0x260 [ 3544.011909] ? btrfs_open_devices+0x27/0xb0 [ 3544.016223] blkdev_get_by_path+0x76/0xf0 [ 3544.020371] btrfs_get_bdev_and_sb+0x38/0x2e0 [ 3544.024868] __btrfs_open_devices+0x194/0xab0 [ 3544.029347] ? check_preemption_disabled+0x3c/0x250 [ 3544.034348] ? find_device+0x100/0x100 [ 3544.038229] ? btrfs_mount+0x1069/0x2b28 [ 3544.042285] ? rcu_read_lock_sched_held+0x110/0x130 [ 3544.047291] btrfs_open_devices+0xa4/0xb0 [ 3544.051423] btrfs_mount+0x11b4/0x2b28 [ 3544.055350] ? lock_downgrade+0x740/0x740 [ 3544.059493] ? find_held_lock+0x35/0x130 [ 3544.063552] ? pcpu_alloc+0x3af/0x1050 [ 3544.067428] ? btrfs_remount+0x11f0/0x11f0 [ 3544.071665] ? rcu_read_lock_sched_held+0x110/0x130 [ 3544.076666] ? __lockdep_init_map+0x10c/0x570 [ 3544.081148] mount_fs+0x97/0x2a1 [ 3544.084500] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3544.088986] ? find_held_lock+0x35/0x130 [ 3544.093047] vfs_kern_mount+0x40/0x60 [ 3544.096853] btrfs_mount+0x3ce/0x2b28 [ 3544.100653] ? lock_downgrade+0x740/0x740 [ 3544.104816] ? find_held_lock+0x35/0x130 [ 3544.108872] ? pcpu_alloc+0x3af/0x1050 [ 3544.112758] ? btrfs_remount+0x11f0/0x11f0 [ 3544.116989] ? rcu_read_lock_sched_held+0x110/0x130 [ 3544.122023] ? __lockdep_init_map+0x10c/0x570 [ 3544.126501] ? __lockdep_init_map+0x10c/0x570 [ 3544.130980] mount_fs+0x97/0x2a1 [ 3544.134337] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3544.138813] do_mount+0x417/0x27d0 [ 3544.142344] ? copy_mount_options+0x5c/0x2f0 [ 3544.146732] ? rcu_read_lock_sched_held+0x110/0x130 [ 3544.151736] ? copy_mount_string+0x40/0x40 [ 3544.155955] ? copy_mount_options+0x1fe/0x2f0 [ 3544.160436] SyS_mount+0xab/0x120 [ 3544.163878] ? copy_mnt_ns+0x8c0/0x8c0 [ 3544.167758] do_syscall_64+0x1e8/0x640 [ 3544.171628] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3544.176474] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3544.181645] RIP: 0033:0x45d08a [ 3544.184821] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 3544.192513] RAX: ffffffffffffffda RBX: 00007f1d3bb83b40 RCX: 000000000045d08a [ 3544.199775] RDX: 00007f1d3bb83ae0 RSI: 0000000020000100 RDI: 00007f1d3bb83b00 [ 3544.207025] RBP: 0000000000000001 R08: 00007f1d3bb83b40 R09: 00007f1d3bb83ae0 [ 3544.214281] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 3544.221534] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:54:03 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x4) tkill(r0, 0x3c) r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r4, 0x89e1, 0x0) write$P9_RCLUNK(r4, &(0x7f0000000040)={0x7, 0x79, 0x1}, 0x7) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:54:03 executing program 0: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm_plock\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) keyctl$set_timeout(0xf, 0x0, 0x8000) symlink(&(0x7f0000000040)='./file1\x00', &(0x7f0000000000)='.//ile0\x00') getsockname(0xffffffffffffffff, 0x0, 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) socket(0x9, 0x2, 0x0) recvfrom(r0, &(0x7f0000000380)=""/164, 0xa4, 0x100, &(0x7f0000000480)=@in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x80) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r2 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f0000000140), 0x0) socket$bt_rfcomm(0x1f, 0x1, 0x3) lsetxattr$system_posix_acl(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='system.posix_acl_access\x00', &(0x7f0000000280)=ANY=[@ANYBLOB="020000000100000000000000040000000000000008000000", @ANYRES32=r3, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=r3, @ANYBLOB], 0x5, 0x0) renameat(r1, &(0x7f0000000180)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 17:54:03 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r0 = getpid() tkill(r0, 0x9) bind(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_dev$vcsa(&(0x7f00000002c0)='/dev/vcsa#\x00', 0xffff, 0x20e002) write$selinux_validatetrans(r1, &(0x7f0000000300)={'/usr/sbin/cupsd', 0x20, 'system_u:object_r:auditd_log_t:s0', 0x20, 0xaf0, 0x20, '/usr/sbin/ntpd\x00'}, 0x56) r2 = socket$packet(0x11, 0x3, 0x300) r3 = getpid() sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) ptrace$getregset(0x4204, r3, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=""/127, 0x7f}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bond0\x00', 0x0}) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) r6 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r6) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r7, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000000)={r8}, 0xc) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7b, &(0x7f0000000380)={r8, 0x860c}, &(0x7f00000003c0)=0x8) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x6c00, &(0x7f0000000140)={&(0x7f00000010c0)=ANY=[@ANYBLOB="740000002400f30700000000ddffffff0000000052a1513c1fe7d00a164d2f42d07ba6cdadf2f781f7890f978f5d6fe31c61158b6f02e5645ab7d81fc17d7e555386be71c166e8e9f9a42c1ee54becb6518e6788dd9b6c5b29ec031310fc3dab18b6a57db8c857cbadae8ebf1e083806bcd4057c472c49832009c2412bba9fc6e310c784b95f4e29260b0c0c913af00b289bab9936776c67bca873012edd7f9eaf656f4aad4f3d72ed0fffc3fe86f1ec98a78a02f5d5d3", @ANYRES32=r4, @ANYBLOB="00000000ffffffffffffffff080001007366710006000500fffff0000010e104deccbbbde735b9a00000000000000000000000000033cc3512c9aa8178bdf1001b00000000000000000000de7f46000000000000007f0000000000009900007cf76567e30e03c32824f1583940fb0e363002e94564838f548258a632963f8262d0485c9b90c19b6ca74fb97882f65eb406eaf163fe648fceb6d85c1a8e44476c248656cb5d845549c5ceffcfeaabfca524afef20c0034fbd36262c964c61f3771603fd386dc70a77e574732bd950e808d63007d6c6683e251ac28f6b0000863aa3d9e240168ef067671514ccb381077c2afecae2bb28925f8dd87c3994ef3645d77e7281ab057d2bef3b8444014c8752a4a8a434ac70810633f2eb7d7a89d0f3cf2074bb2e180772593cd728026dfe9b7bc2cbc70a0c42fd1a3f071dde69a5dcd32cb951da688b87961591b4671e63cf37feaac76f85b3bdaad65e1cd467ba00007d55848be0f405c700000000010000004bf9fbef7bde2667d4d7d9d9ea1091e7a922d0137c5fc0d0771ade0c82e3d68a0704ab7ca369e014cde4fbfbb2267345e7a7b6e27df356d3566411220610d72fd12f80461a6178df46c6ff661d7927befa3d95c26e351cdae73b73da338e9af046368d9424a9a921f44d0775c2f88d300d4d46cccd7d98b0111a9907d5834f07bad6df1a4c6503542bf77cf1d9f1ff4ae3fbbd86384b17161022073d14e0bb52c762fdd85609bbb6aeeb65f6b300de37a94e71c166d875ba535e3a9c98fc5a091ec64b035aaba22448ad7139eb18f30ffc3ccd08f0056a2c495799c100addcb043ba8d64b2357957aa361a3381912e562f230a55dfcd4d99220660a79e57b0fc705c666b34658452c252cc73de9657549788a607165e6227aadb6003f874a93a59f8739d6a25da9c3d4cf2d3c270cee5825a81f3fc266c48f4e869e98b1094fe3d270a43cfd6ae4e4ab093ca5acbd508f5fe4f32c4812551b270623c590f8d40be1fc477a9f386f5047819d1b77356261e4ec87168ee209dab90ea802f9c4fd387eb1452d77c3be090a75ce88951d3403efc24fcbf8ca7090eb40200000000000000005d67c1670d99788dddbde7541e25ef8161c705b54eec4e093559342ab2cba47427a22e84b2405ccecbc11c2291f01e164a73bb18b20671d034961c93f63a961e4f7823abb167bdc304b77ec58d22c034a3975c55bf86ce00000000000000000000000000000061af13c82298a26df2d0fce0bc0266034b27dadc15ddd339d66163ef9b51d20efb8f38d4d3b8c6e57d384ca3891b41c726701d2a5acc0ca27b31dedfd5ae189f842d2508d4bbbd9d9e860df1ac9f7c184e52f5bcd8d616a07e5ca09b3669df4829188de3f25f2672ed91b0ecc9c9b4e35aac57d08c470ef9284cd385358cc5c3966202105815e53531d741e5e5e24f07172a9591f75b844e7ae3995ca2c719edbc31c0b37f6044f0bef069a0f7111480a158298f39824ebf0fd62174743f3c95460112ca174ba06a86e6bcd9dfdf44d8a246e1ce819f6632223fac63e8b10927f95a4f3ca25ea226bca63e05cf8303ef0b85096e"], 0x74}}, 0x0) r9 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r9, &(0x7f0000000180)=[{0xa, 0x1000000000000, &(0x7f0000000100)=[{&(0x7f0000000040)="e588da94b522c2d1f313702948718f407fe7166ac45a790cd2065b44582f3310fb003cb29f9afc1ddb6272a61982d91403b9914e7638a71eab73d729de3c717034a0069e9ed7d8d5fa1979ad04faed8aeb63cac0ab9a4d2927d53b44ef0f6eb8b357571086780d116f40c92841c5a3d72ac31d7abedde3433aa57b7fefb2a6e25f68b39642e8ed4cba1d481661ba"}, {&(0x7f0000000600)="a175aecfc133f10e8096d588d507cb2369905aafe9156c60719627564d1f5841ed3912a4b4d6372b4d52111e6d26ae638675c823527d292fb9cfb0691358daaeed278a87b98817f0efa445e1e8110e40b7979829311002818ea4bfa43e186dbdf71f761f261789a4e4063b30213fc8674cff946703b49ecc157cd063ec3bf08b8f75365561ef81b12e6d77479cb6fba9e4a0e862fe0729da03403caa9b02aff1a185885195"}], 0x10, &(0x7f0000000100)}], 0x126618d46e7cf97, 0x0) 17:54:03 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x295}, {0x0}, {0x0}, {&(0x7f0000000180)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x1) r1 = socket$rxrpc(0x21, 0x2, 0x0) ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, &(0x7f0000000240)=0x5) recvfrom$rxrpc(r1, &(0x7f0000000100)=""/89, 0x59, 0x10000, &(0x7f0000000080)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x4e22, @local}}, 0x24) socket$alg(0x26, 0x5, 0x0) ptrace$setopts(0x2109, r0, 0x0, 0x48) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) r2 = accept4$llc(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) setsockopt$sock_int(r2, 0x1, 0xc, &(0x7f0000000040)=0x7, 0x4) 17:54:03 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r2, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r4 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) r6 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r6) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r7, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r8}, &(0x7f00000002c0)=0x20) 17:54:03 executing program 5 (fault-call:3 fault-nth:75): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:54:03 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x100000000, 0x8000) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 3546.008984] FAULT_INJECTION: forcing a failure. [ 3546.008984] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3546.022736] CPU: 1 PID: 27416 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3546.029775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3546.039172] Call Trace: [ 3546.041789] dump_stack+0x142/0x197 [ 3546.045624] should_fail.cold+0x10f/0x159 [ 3546.049987] __alloc_pages_nodemask+0x1d6/0x7a0 [ 3546.054675] ? fs_reclaim_acquire+0x20/0x20 [ 3546.059007] ? __alloc_pages_slowpath+0x2930/0x2930 [ 3546.064040] cache_grow_begin+0x80/0x400 [ 3546.068111] kmem_cache_alloc_node_trace+0x697/0x770 [ 3546.069941] ptrace attach of "/root/syz-executor.1"[27426] was attempted by "/root/syz-executor.1"[27427] [ 3546.073212] ? mutex_unlock+0xd/0x10 [ 3546.073225] ? btrfs_scan_one_device+0xeb/0x400 [ 3546.073240] __kmalloc_node+0x3d/0x80 [ 3546.073253] kvmalloc_node+0x93/0xe0 [ 3546.073268] btrfs_mount+0xf88/0x2b28 [ 3546.102771] ? lock_downgrade+0x740/0x740 [ 3546.107269] ? find_held_lock+0x35/0x130 [ 3546.111333] ? pcpu_alloc+0x3af/0x1050 [ 3546.115236] ? btrfs_remount+0x11f0/0x11f0 [ 3546.119485] ? rcu_read_lock_sched_held+0x110/0x130 [ 3546.124513] ? __lockdep_init_map+0x10c/0x570 [ 3546.129011] mount_fs+0x97/0x2a1 [ 3546.132377] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3546.136868] ? find_held_lock+0x35/0x130 [ 3546.140932] vfs_kern_mount+0x40/0x60 [ 3546.144741] btrfs_mount+0x3ce/0x2b28 [ 3546.148550] ? lock_downgrade+0x740/0x740 [ 3546.152694] ? find_held_lock+0x35/0x130 [ 3546.156761] ? pcpu_alloc+0x3af/0x1050 [ 3546.160656] ? btrfs_remount+0x11f0/0x11f0 [ 3546.161611] netlink: 80 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3546.164895] ? rcu_read_lock_sched_held+0x110/0x130 [ 3546.164918] ? __lockdep_init_map+0x10c/0x570 [ 3546.164932] ? __lockdep_init_map+0x10c/0x570 [ 3546.187499] mount_fs+0x97/0x2a1 [ 3546.190877] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3546.195383] do_mount+0x417/0x27d0 [ 3546.198927] ? copy_mount_options+0x5c/0x2f0 [ 3546.203340] ? rcu_read_lock_sched_held+0x110/0x130 [ 3546.208365] ? copy_mount_string+0x40/0x40 [ 3546.212598] ? copy_mount_options+0x1fe/0x2f0 [ 3546.217098] SyS_mount+0xab/0x120 [ 3546.220554] ? copy_mnt_ns+0x8c0/0x8c0 [ 3546.224447] do_syscall_64+0x1e8/0x640 [ 3546.228333] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3546.231619] overlayfs: filesystem on './file0' not supported as upperdir [ 3546.233182] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3546.233191] RIP: 0033:0x45d08a [ 3546.233197] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 17:54:04 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r1, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="010700000000000400000d00ffffcd920d130759291df5832b50573f7320ccd59018c3d5293cf66085b680d87e6987ae233ff17c1d535a5c496f217b46cb0184064858a87b17ea5f1ab7c2c39380b922901a2179dd6fcdf4e387e57b9761d4d4f520f23b2436ae8a2dbd0557fb38718ee8adac7db2c190c09ea98b19829e55b9f2ab8df169d6285d07e99e8266040beed8a2cd1a384a27895b40281dffd7e4277dfd3ed2171c0c159525141acd4ac86c5192401976d96c924355d65fdd8e668af7ccd33d7a49bd"], 0x14}}, 0x0) fcntl$F_GET_RW_HINT(r1, 0x40b, &(0x7f0000000040)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup2(r4, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:54:04 executing program 0: gettid() mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x4}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgrp(0x0) write$P9_RXATTRWALK(0xffffffffffffffff, &(0x7f0000000000)={0xf, 0x1f, 0x1, 0x80000001}, 0xf) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r0, 0x89e1, 0x0) ioctl$KVM_DEASSIGN_PCI_DEVICE(r0, 0x4040ae72, &(0x7f0000000040)={0x81, 0x2, 0x3, 0x1, 0x7}) mount(&(0x7f0000000180)=ANY=[@ANYBLOB="5b643a3a00c000001a363a0029b9804632e03d310dd6ded9447b461f70548de60e3b349e3444c89dfcaea6f17b6f0a04990badfd22712a6686895cb59b0414b9ce542b353f0cc30491253429a922803194cfb5c3cc149ef0b00eaa1585803d20d9bb26b37202083c4d3fa8ee18"], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) [ 3546.233208] RAX: ffffffffffffffda RBX: 00007f1d3bb83b40 RCX: 000000000045d08a [ 3546.233214] RDX: 00007f1d3bb83ae0 RSI: 0000000020000100 RDI: 00007f1d3bb83b00 [ 3546.233224] RBP: 0000000000000001 R08: 00007f1d3bb83b40 R09: 00007f1d3bb83ae0 [ 3546.277878] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 3546.285134] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 3546.293948] protocol 88fb is buggy, dev hsr_slave_0 [ 3546.299012] protocol 88fb is buggy, dev hsr_slave_1 17:54:04 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$FS_IOC_SETVERSION(r2, 0x40087602, &(0x7f0000000140)=0xfff) fallocate(0xffffffffffffffff, 0x0, 0xffff, 0x0) connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0x200, 0x20000) getsockopt$TIPC_NODE_RECVQ_DEPTH(0xffffffffffffffff, 0x10f, 0x83, 0x0, &(0x7f0000000100)) lstat(0x0, &(0x7f0000000580)) socket$inet6(0xa, 0x80006, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) fchdir(r4) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) setsockopt$inet_sctp_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f00000001c0)=0x7, 0x39b) openat$random(0xffffffffffffff9c, &(0x7f0000000080)='/dev/urandom\x00', 0x0, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(0xffffffffffffffff, 0xc028ae92, &(0x7f00000000c0)={0x7, 0xfffffffd}) umount2(&(0x7f0000000540)='./file0\x00', 0x4) connect$inet6(0xffffffffffffffff, 0x0, 0x0) [ 3546.356306] libceph: resolve 'd' (ret=-3): failed [ 3546.361304] libceph: parse_ips bad ip '[d:' [ 3546.367368] libceph: resolve 'd' (ret=-3): failed [ 3546.373000] libceph: parse_ips bad ip '[d:' 17:54:04 executing program 5 (fault-call:3 fault-nth:76): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 3546.448107] FAULT_INJECTION: forcing a failure. [ 3546.448107] name failslab, interval 1, probability 0, space 0, times 0 [ 3546.459321] CPU: 0 PID: 27456 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3546.466323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3546.475658] Call Trace: [ 3546.478235] dump_stack+0x142/0x197 [ 3546.481856] should_fail.cold+0x10f/0x159 [ 3546.485996] should_failslab+0xdb/0x130 [ 3546.489948] kmem_cache_alloc+0x47/0x780 [ 3546.494001] radix_tree_node_alloc.constprop.0+0x1c7/0x310 [ 3546.499606] __radix_tree_create+0x337/0x4d0 [ 3546.504024] page_cache_tree_insert+0xa7/0x2d0 [ 3546.508597] ? file_check_and_advance_wb_err+0x380/0x380 [ 3546.514033] ? debug_smp_processor_id+0x1c/0x20 [ 3546.518689] __add_to_page_cache_locked+0x2ab/0x7e0 [ 3546.523690] ? find_lock_entry+0x3f0/0x3f0 [ 3546.527907] ? lock_downgrade+0x740/0x740 [ 3546.532045] add_to_page_cache_lru+0xf4/0x310 [ 3546.536529] ? add_to_page_cache_locked+0x40/0x40 [ 3546.541358] ? __page_cache_alloc+0xdd/0x3e0 [ 3546.545744] pagecache_get_page+0x1f5/0x750 [ 3546.550046] __getblk_gfp+0x24b/0x710 [ 3546.553825] ? lru_add_drain_all+0x18/0x20 [ 3546.558038] __bread_gfp+0x2e/0x290 [ 3546.561645] btrfs_read_dev_one_super+0x9f/0x270 [ 3546.566379] btrfs_read_dev_super+0x5d/0xb0 [ 3546.570680] ? btrfs_read_dev_one_super+0x270/0x270 [ 3546.575684] btrfs_get_bdev_and_sb+0xdc/0x2e0 [ 3546.580155] __btrfs_open_devices+0x194/0xab0 [ 3546.584635] ? check_preemption_disabled+0x3c/0x250 [ 3546.589632] ? find_device+0x100/0x100 [ 3546.593505] ? btrfs_mount+0x1069/0x2b28 [ 3546.597552] ? rcu_read_lock_sched_held+0x110/0x130 [ 3546.602551] btrfs_open_devices+0xa4/0xb0 [ 3546.606679] btrfs_mount+0x11b4/0x2b28 [ 3546.610553] ? lock_downgrade+0x740/0x740 [ 3546.614678] ? find_held_lock+0x35/0x130 [ 3546.618717] ? pcpu_alloc+0x3af/0x1050 [ 3546.622585] ? btrfs_remount+0x11f0/0x11f0 [ 3546.626810] ? rcu_read_lock_sched_held+0x110/0x130 [ 3546.631808] ? __lockdep_init_map+0x10c/0x570 [ 3546.636286] mount_fs+0x97/0x2a1 [ 3546.639631] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3546.644102] ? find_held_lock+0x35/0x130 [ 3546.648147] vfs_kern_mount+0x40/0x60 [ 3546.651928] btrfs_mount+0x3ce/0x2b28 [ 3546.655705] ? lock_downgrade+0x740/0x740 [ 3546.659830] ? find_held_lock+0x35/0x130 [ 3546.663877] ? pcpu_alloc+0x3af/0x1050 [ 3546.667755] ? btrfs_remount+0x11f0/0x11f0 [ 3546.671979] ? rcu_read_lock_sched_held+0x110/0x130 [ 3546.676980] ? __lockdep_init_map+0x10c/0x570 [ 3546.681453] ? __lockdep_init_map+0x10c/0x570 [ 3546.685935] mount_fs+0x97/0x2a1 [ 3546.689280] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3546.693763] do_mount+0x417/0x27d0 [ 3546.697277] ? copy_mount_options+0x5c/0x2f0 [ 3546.701663] ? rcu_read_lock_sched_held+0x110/0x130 [ 3546.706664] ? copy_mount_string+0x40/0x40 [ 3546.710886] ? copy_mount_options+0x1fe/0x2f0 [ 3546.715367] SyS_mount+0xab/0x120 [ 3546.718794] ? copy_mnt_ns+0x8c0/0x8c0 [ 3546.722658] do_syscall_64+0x1e8/0x640 [ 3546.726523] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3546.731356] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3546.736538] RIP: 0033:0x45d08a [ 3546.739703] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 17:54:04 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r2, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r4 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) r6 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r6) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r7, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r8}, &(0x7f00000002c0)=0x20) [ 3546.747388] RAX: ffffffffffffffda RBX: 00007f1d3bb83b40 RCX: 000000000045d08a [ 3546.754634] RDX: 00007f1d3bb83ae0 RSI: 0000000020000100 RDI: 00007f1d3bb83b00 [ 3546.761968] RBP: 0000000000000001 R08: 00007f1d3bb83b40 R09: 00007f1d3bb83ae0 [ 3546.769214] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 3546.776461] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:54:04 executing program 5 (fault-call:3 fault-nth:77): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:54:04 executing program 2: getresuid(&(0x7f0000000180), &(0x7f0000000200), &(0x7f0000000240)=0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000540)='/dev/btrfs-control\x00', 0x800, 0x0) ioctl$UI_DEV_DESTROY(r5, 0x5502) chroot(&(0x7f0000000580)='./file0\x00') r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') r7 = syz_open_dev$swradio(&(0x7f00000005c0)='/dev/swradio#\x00', 0x1, 0x2) write$uinput_user_dev(r7, &(0x7f0000000980)={'syz0\x00', {0x4, 0x1, 0x2, 0x8}, 0x12, [0x8, 0xff, 0x3, 0xfffffffd, 0x1, 0x0, 0x2, 0x3f, 0x2, 0x8000, 0xf6d3, 0xfffffda7, 0x200, 0x0, 0x40, 0x1, 0x8, 0xf4e3d9bb, 0x3, 0x5, 0x7, 0xfffff24f, 0x7ff, 0x0, 0x80000001, 0x7fffffff, 0xfffffffe, 0xffffffc5, 0x2, 0x8, 0x0, 0x1, 0x8001, 0x0, 0x1a, 0x2a4, 0x3, 0x0, 0x1, 0x8, 0x7, 0x10001, 0xca, 0xffffffff, 0x9, 0x8, 0x45d2, 0x7ff, 0x4, 0xe0, 0x1ff, 0xffffffff, 0x0, 0x6, 0xf6, 0x100, 0x8, 0x43d3, 0x9, 0xc80, 0x5, 0x8, 0x7, 0x4], [0x4, 0x7fffffff, 0xa8c, 0xfff, 0x6, 0x53, 0x200, 0x5, 0x80000000, 0x7, 0x3, 0x7fffffff, 0xd1f, 0x278, 0x92ac, 0x5, 0x80, 0x23f, 0x3, 0x5c, 0xc1f2, 0x8, 0xff, 0x3bd, 0x9, 0x96, 0x401, 0x1, 0xfffffffc, 0x3, 0x2, 0x80000000, 0x800, 0x5d24, 0xff, 0x6, 0x7, 0x3, 0x81, 0x9, 0x8001, 0xfffffff9, 0x1, 0xd47b, 0x7, 0x7, 0x400, 0x5, 0x7, 0x6644, 0x6, 0x81, 0x8, 0x0, 0x7, 0x6c9fff91, 0x1, 0x6, 0x3f, 0x6, 0x80000000, 0x1c6, 0x5, 0x6], [0x3, 0x6, 0x20, 0x4, 0x0, 0x4, 0x6, 0x9, 0x0, 0xffff, 0xff, 0xe8ec, 0x87, 0x5, 0xaab3, 0x1, 0x3, 0x7, 0x1, 0x7, 0x42, 0x2, 0x9d, 0x800, 0x0, 0x400, 0xb, 0x3, 0xfc58, 0xffffffff, 0x9, 0x3ff, 0xf70, 0x2, 0x100, 0x8001, 0x80000000, 0x7, 0x8001, 0x0, 0xffffff00, 0x3, 0x9, 0x6, 0x9, 0x10001, 0x7, 0x2e, 0x5, 0x200, 0x603, 0x1, 0x9, 0x40, 0x42, 0x7, 0x6, 0x2, 0x288, 0x7e, 0x57b, 0x1, 0x38, 0x80000001], [0x400, 0x1, 0x1, 0xf99, 0x0, 0x2, 0xfff, 0xffff4e35, 0x4, 0x9, 0x1b, 0x9, 0x2, 0x200, 0x3, 0x3, 0x4, 0x8, 0x3f, 0x4, 0x2, 0x64e, 0xbf, 0x4, 0x5, 0x0, 0x5, 0x7, 0xfff, 0x7fffffff, 0x3f0d, 0x400, 0xd4, 0x7, 0x3f, 0xfffffffa, 0x0, 0xdcdd, 0x1f, 0x6, 0x6, 0x9, 0x81, 0x5, 0x1, 0x9, 0x3, 0xbdd0, 0x6, 0x2, 0x3, 0x1, 0x7fffffff, 0x8, 0xaeb, 0x34, 0x10000, 0xc0, 0x3, 0x4, 0x8, 0x2, 0x3, 0x200]}, 0x45c) sendmsg$TIPC_NL_MON_PEER_GET(r4, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000006ebccfdbb89c2937777ad26c43e69945d6282eae0029ccc7a200d3900a0de2ded62a41bafcd95466989560ac94ab4431566a0ab4427315ef338c01df399651f27f2fefea4ae66dda2f2e572bde27a24462ceafdb0567f5cd50b4e647edc24d6fc28baa729ccabf4d992363acdc6e89db90ed739846ca75ce4f0c11005c4dd1ec30709adec7fe3408e95f6b5ac9ef5939eb79fc668c55c88bfc45469d68333579dec0cce5ae6aeac9dc4159e7c9122cb0ee44f88d58a23d047ce1c504820a1c39080413efb9fd75daec16c8827e27699c57ed87ece656050b7795a620c71e57a7e465478d2309a4a861ee1ca7f25e1f89eba8a45ef874dbd33afb36b5d10cff2c008666ac8000218576aabeb2aaeaf6baacb43ea205f492de7e56bebf6f082071ae4ae88dc2b8bebae6369e9b845a63648bfa5666e23dff8e0ccce2d7232fe546e9b53fcc23f4e499e33b76d8d0464f63fb7ad0959c17e7e8e9bcd70f75ee55e65625659214550ef580896a023ac335daefbd462d57229100bb39bc33e8c382dede3d838d21208b1ee63fa48ae9afb59570", @ANYRES16=r6, @ANYBLOB="010700000000000000000d00ffff"], 0x14}}, 0x0) fstat(r4, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x101800, &(0x7f0000000400)={[{@metacopy_off='metacopy=off'}, {@xino_off='xino=off'}, {@default_permissions='default_permissions'}, {@index_off='index=off'}, {@xino_auto='xino=auto'}, {@index_off='index=off'}, {@metacopy_off='metacopy=off'}, {@xino_auto='xino=auto'}, {@upperdir={'upperdir', 0x3d, './file0'}}], [{@uid_eq={'uid', 0x3d, r0}}, {@uid_eq={'uid', 0x3d, r2}}, {@subj_type={'subj_type', 0x3d, 'usrjquota='}}, {@context={'context', 0x3d, 'unconfined_u'}}, {@pcr={'pcr', 0x3d, 0xc}}, {@fowner_lt={'fowner<', r3}}, {@mask={'mask', 0x3d, '^MAY_WRITE'}}, {@func={'func', 0x3d, 'PATH_CHECK'}}, {@uid_gt={'uid>', r8}}]}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r11 = dup3(r10, r9, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r11, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4, 0x61, &(0x7f0000000000)=[{&(0x7f00000002c0)="25bca274769e620aa734fa0095e0610687463915e38802a9d8aea872943afd874e4e98b479a7316270146d0e02f8e63ba8863cd7dcc6760253ef", 0x3a, 0x3fd}], 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="75d0070000003c95623713c62f4a29304a00e72d39783e53fafc26313b361707d3fdf348fba47b28"]) [ 3546.924280] FAULT_INJECTION: forcing a failure. [ 3546.924280] name failslab, interval 1, probability 0, space 0, times 0 [ 3546.943872] CPU: 1 PID: 27469 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3546.950919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3546.960280] Call Trace: [ 3546.962865] dump_stack+0x142/0x197 [ 3546.966483] should_fail.cold+0x10f/0x159 [ 3546.970620] should_failslab+0xdb/0x130 [ 3546.976330] kmem_cache_alloc+0x2d7/0x780 [ 3546.980458] ? save_stack_trace+0x16/0x20 [ 3546.984597] ? save_stack+0x45/0xd0 [ 3546.988224] ? kasan_kmalloc+0xce/0xf0 [ 3546.992092] ? kmem_cache_alloc_trace+0x152/0x790 [ 3546.996915] ? btrfs_mount+0x1069/0x2b28 [ 3547.000979] ? mount_fs+0x97/0x2a1 [ 3547.004512] getname_kernel+0x53/0x350 [ 3547.008392] kern_path+0x20/0x40 [ 3547.011740] lookup_bdev.part.0+0x63/0x160 [ 3547.015972] ? blkdev_open+0x260/0x260 [ 3547.019880] ? btrfs_open_devices+0x27/0xb0 [ 3547.024197] blkdev_get_by_path+0x76/0xf0 [ 3547.028329] btrfs_get_bdev_and_sb+0x38/0x2e0 [ 3547.032807] __btrfs_open_devices+0x194/0xab0 [ 3547.037284] ? check_preemption_disabled+0x3c/0x250 [ 3547.042310] ? find_device+0x100/0x100 [ 3547.046184] ? btrfs_mount+0x1069/0x2b28 [ 3547.050229] ? rcu_read_lock_sched_held+0x110/0x130 [ 3547.055234] btrfs_open_devices+0xa4/0xb0 [ 3547.059380] btrfs_mount+0x11b4/0x2b28 [ 3547.063255] ? lock_downgrade+0x740/0x740 [ 3547.067409] ? find_held_lock+0x35/0x130 [ 3547.071466] ? pcpu_alloc+0x3af/0x1050 [ 3547.075349] ? btrfs_remount+0x11f0/0x11f0 [ 3547.079576] ? rcu_read_lock_sched_held+0x110/0x130 [ 3547.084583] ? __lockdep_init_map+0x10c/0x570 [ 3547.089090] mount_fs+0x97/0x2a1 [ 3547.092441] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3547.096928] ? find_held_lock+0x35/0x130 [ 3547.101060] vfs_kern_mount+0x40/0x60 [ 3547.104902] btrfs_mount+0x3ce/0x2b28 [ 3547.108716] ? lock_downgrade+0x740/0x740 [ 3547.112845] ? find_held_lock+0x35/0x130 [ 3547.116900] ? pcpu_alloc+0x3af/0x1050 [ 3547.120785] ? btrfs_remount+0x11f0/0x11f0 [ 3547.125008] ? rcu_read_lock_sched_held+0x110/0x130 [ 3547.130046] ? __lockdep_init_map+0x10c/0x570 [ 3547.134535] ? __lockdep_init_map+0x10c/0x570 [ 3547.139017] mount_fs+0x97/0x2a1 [ 3547.142370] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3547.146847] do_mount+0x417/0x27d0 [ 3547.150374] ? copy_mount_options+0x5c/0x2f0 [ 3547.154780] ? rcu_read_lock_sched_held+0x110/0x130 [ 3547.159779] ? copy_mount_string+0x40/0x40 [ 3547.163995] ? copy_mount_options+0x1fe/0x2f0 [ 3547.168480] SyS_mount+0xab/0x120 [ 3547.171912] ? copy_mnt_ns+0x8c0/0x8c0 [ 3547.175785] do_syscall_64+0x1e8/0x640 [ 3547.179653] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3547.184488] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3547.189669] RIP: 0033:0x45d08a [ 3547.192849] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 3547.200545] RAX: ffffffffffffffda RBX: 00007f1d3bb83b40 RCX: 000000000045d08a [ 3547.207811] RDX: 00007f1d3bb83ae0 RSI: 0000000020000100 RDI: 00007f1d3bb83b00 [ 3547.215113] RBP: 0000000000000001 R08: 00007f1d3bb83b40 R09: 00007f1d3bb83ae0 [ 3547.222420] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 3547.229684] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:54:05 executing program 0: syz_open_dev$dri(0x0, 0x0, 0x0) accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x80800) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x8d}, 0x0) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000100)=0x73, 0x4) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r3, 0x660c) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) socket$alg(0x26, 0x5, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000006c0)='Net/3\x97OOT\x15\x00\xb6\xcf@e\xd3r\x82\x9fc') setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000380)="0c4f4d16cf2f3a2dd8a5046790a60c91e487dc9ca281434dbc169c6555a654da5e42c953490634b417ec9535653162fc5730d4c8dab3e136550ed7d31fa8d7094afd6e5154349155e6ef7e5fb08d79c283188a3f28548ab4366e6863ba5561aedbd1ee3f9a2c5646e4a9c2806b231528bca7ee2134e39966c40bcb1371a7e7691672a8dc9bda07175f11a9160cba3f0ddb78db3b2e184e1e9aa371691df9f49a5e3343bce4e4b8a2c80831b63d95ed57cf89982b317abf1cf8a71078d00dd5fa9151c142fa4bb765d503150f5f6f34284c7480a5091e9b246e", 0xd9) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000580)='/proc/capi/capi20\x00', 0x80000, 0x0) ioctl$VIDIOC_PREPARE_BUF(r4, 0xc058565d, &(0x7f00000005c0)={0x0, 0xb, 0x4, 0x0, {0x0, 0x7530}, {0x0, 0x2, 0x81, 0x10, 0x0, 0x6, "cf676f53"}, 0x80, 0x5, @offset=0x9, 0x4}) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x199, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(0xffffffffffffffff, 0xc06855c8, &(0x7f0000000640)={0x10, 0xd17, {0x52, 0x2db, 0x7f, {0x200}, {0x40, 0x4}, @const={0x7ff, {0x8, 0xba, 0x1, 0x9150}}}, {0x0, 0x5, 0x0, {0x4, 0x3}, {0x7, 0x1}, @ramp={0x800, 0x80, {0x100, 0x4c2, 0x800, 0x3}}}}) mq_timedsend(r4, 0x0, 0x0, 0x4, &(0x7f0000000540)={0x0, 0x989680}) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fsetxattr$trusted_overlay_nlink(r3, &(0x7f0000000240)='trusted.overlay.nlink\x00', &(0x7f0000000300)={'U+', 0x7}, 0x28, 0x3) openat$audio(0xffffffffffffff9c, &(0x7f0000000340)='/dev/audio\x00', 0x4000, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00') preadv(r5, &(0x7f0000000040)=[{0x0}], 0x1, 0x80000000) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000700)=ANY=[@ANYBLOB="0111043c077fc94b6100338f9a7ffed34bbabd665bd22481df81a68a94d0ced9e0716de2221b87c64131f559c13e001980dcc97e57a93cb8a2766d74714b1f7e9ccdb77def44155366966f1798be870bdedf64e00339ab4f48e42365cc968df3b0e74a894b5cb8a9e33522be94daf99b19e28dd1609f15defaa3ebbf343b2e38853ffa01467dd95ebc2c7163a43aab5174564d94e1a122148163ff0639b4d0380cd6cfcbcac29be6f55450608459f6a28cb849eab5b28606a045b74f526eeb34b1b090ae4fbffd12d1b7b47697ef5638f0a85f3f5e237e659493cd02000000000000004ce2d4d95c1c2d41e27cf0905a4472da8faf93305a891e53163f6ecaeb65ce0a3ef717fc828cd1e4a2b4c2d509fddb7f0689f937ace667beb7d2ba2df61dd08f019b2ab547611bbfbe118f10aa9a90d7d90000000000000000000000000000ad232275a8089b69e4a57a2254b7cc193189a6352c6269fead9b62cc58346fa7198b8cebd9a067e3e28be28671b76a6f90271a626c41081ee68f65668fffc9301d2ac791a1", @ANYRES32=0x0], &(0x7f000095dffc)=0x8) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000080)={r6}, 0x0) syz_open_dev$dri(&(0x7f0000000040)='/dev/dri/card#\x00', 0x0, 0x0) 17:54:05 executing program 5 (fault-call:3 fault-nth:78): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:54:05 executing program 2: accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rtc\x00', 0x0, 0x0) ioctl$RTC_UIE_ON(r1, 0x7003) pipe2(0x0, 0x0) dup3(0xffffffffffffffff, r1, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000001140)=[{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000300)}, {&(0x7f0000000140)="8d93682d3645a66298b06a18e8eb4933f47d743f932f1c4c1236", 0x1a}, {&(0x7f0000000180)="98a15617168925fd259138ac85bf9d25602e2ca282bbd0b27c9561fdc7d06ce6675277c1b4cf71d41e7d72034bb32daa371c4cb01c29631d51ff6d8e88be74100c19fdfe734be2d34ecda154faa057c0ab516cb93ea46c1e943b8ea95164c839059df051d08211725511599babd248063065", 0x72}, {0x0}], 0x4}], 0x1, 0x8001) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r2, 0x89e1, 0x0) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r2, 0x84, 0x4, &(0x7f0000000100)=0xd85, 0x4) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = semget$private(0x0, 0x8, 0x0) semctl$GETPID(r4, 0x1, 0xb, &(0x7f0000000280)=""/109) semctl$IPC_INFO(r4, 0x0, 0x3, &(0x7f0000001180)=""/4096) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r3, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="010700000000000000000deaffff"], 0x14}}, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240), &(0x7f00000002c0)=0xc) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000180)='cpu\t>-6\n\x00\xff\x00\xdc.\xdf\xbbk\xad\x1b\xf3\xf6_|S\x93>\xb4\x15#b\x91\xec\xf2\x12\xbb\xd0\xcd0\xa4\xda\xa8\xe1o+\xbd}EV\xba6\xae\xee(4\xe4\x8d\x17\b\xa7\xb04G\xc28\xfb\x19\x94\xdf\x11JE\x02\x98Pm\x0f(\x98\xff\x05[\xd9\xad|\xa3\xc9Y~\xf4\xf7\xf9F\x9c\xf0\x83H\xb5\x12\xdeM\x802\x1f\xa6\x8a\x89\x1c') r6 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r6, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x4}) ioctl$sock_inet6_SIOCADDRT(r6, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x5) [ 3547.349317] FAULT_INJECTION: forcing a failure. [ 3547.349317] name failslab, interval 1, probability 0, space 0, times 0 [ 3547.360539] CPU: 0 PID: 27491 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3547.367554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3547.376899] Call Trace: [ 3547.379473] dump_stack+0x142/0x197 [ 3547.383085] should_fail.cold+0x10f/0x159 [ 3547.387215] should_failslab+0xdb/0x130 [ 3547.391172] kmem_cache_alloc+0x47/0x780 [ 3547.395217] radix_tree_node_alloc.constprop.0+0x1c7/0x310 [ 3547.400820] __radix_tree_create+0x337/0x4d0 [ 3547.405211] page_cache_tree_insert+0xa7/0x2d0 [ 3547.409770] ? file_check_and_advance_wb_err+0x380/0x380 [ 3547.415207] ? debug_smp_processor_id+0x1c/0x20 [ 3547.419856] __add_to_page_cache_locked+0x2ab/0x7e0 [ 3547.424850] ? find_lock_entry+0x3f0/0x3f0 [ 3547.429064] ? lock_downgrade+0x740/0x740 [ 3547.433191] add_to_page_cache_lru+0xf4/0x310 [ 3547.437664] ? add_to_page_cache_locked+0x40/0x40 [ 3547.442481] ? __page_cache_alloc+0xdd/0x3e0 [ 3547.446877] pagecache_get_page+0x1f5/0x750 [ 3547.451180] __getblk_gfp+0x24b/0x710 [ 3547.454963] ? lru_add_drain_all+0x18/0x20 [ 3547.459179] __bread_gfp+0x2e/0x290 [ 3547.462788] btrfs_read_dev_one_super+0x9f/0x270 [ 3547.467522] btrfs_read_dev_super+0x5d/0xb0 [ 3547.471819] ? btrfs_read_dev_one_super+0x270/0x270 [ 3547.476816] btrfs_get_bdev_and_sb+0xdc/0x2e0 [ 3547.481291] __btrfs_open_devices+0x194/0xab0 [ 3547.485776] ? check_preemption_disabled+0x3c/0x250 [ 3547.490772] ? find_device+0x100/0x100 [ 3547.494639] ? btrfs_mount+0x1069/0x2b28 [ 3547.498688] ? rcu_read_lock_sched_held+0x110/0x130 [ 3547.503687] btrfs_open_devices+0xa4/0xb0 [ 3547.507824] btrfs_mount+0x11b4/0x2b28 [ 3547.511690] ? lock_downgrade+0x740/0x740 [ 3547.515813] ? find_held_lock+0x35/0x130 [ 3547.519851] ? pcpu_alloc+0x3af/0x1050 [ 3547.523717] ? btrfs_remount+0x11f0/0x11f0 [ 3547.527932] ? rcu_read_lock_sched_held+0x110/0x130 [ 3547.532928] ? __lockdep_init_map+0x10c/0x570 [ 3547.537424] mount_fs+0x97/0x2a1 [ 3547.540772] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3547.545242] ? find_held_lock+0x35/0x130 [ 3547.549286] vfs_kern_mount+0x40/0x60 [ 3547.553064] btrfs_mount+0x3ce/0x2b28 [ 3547.556847] ? lock_downgrade+0x740/0x740 [ 3547.560972] ? find_held_lock+0x35/0x130 [ 3547.565011] ? pcpu_alloc+0x3af/0x1050 [ 3547.568895] ? btrfs_remount+0x11f0/0x11f0 [ 3547.573119] ? rcu_read_lock_sched_held+0x110/0x130 [ 3547.578119] ? __lockdep_init_map+0x10c/0x570 [ 3547.582593] ? __lockdep_init_map+0x10c/0x570 [ 3547.587069] mount_fs+0x97/0x2a1 [ 3547.590417] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3547.594930] do_mount+0x417/0x27d0 [ 3547.598451] ? copy_mount_options+0x5c/0x2f0 [ 3547.602838] ? rcu_read_lock_sched_held+0x110/0x130 [ 3547.607831] ? copy_mount_string+0x40/0x40 [ 3547.612042] ? copy_mount_options+0x1fe/0x2f0 [ 3547.616515] SyS_mount+0xab/0x120 [ 3547.620034] ? copy_mnt_ns+0x8c0/0x8c0 [ 3547.623898] do_syscall_64+0x1e8/0x640 [ 3547.627763] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3547.632675] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3547.637850] RIP: 0033:0x45d08a [ 3547.641026] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 17:54:05 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) [ 3547.648741] RAX: ffffffffffffffda RBX: 00007f1d3bb83b40 RCX: 000000000045d08a [ 3547.656005] RDX: 00007f1d3bb83ae0 RSI: 0000000020000100 RDI: 00007f1d3bb83b00 [ 3547.663252] RBP: 0000000000000001 R08: 00007f1d3bb83b40 R09: 00007f1d3bb83ae0 [ 3547.670501] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 3547.677756] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:54:06 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = syz_open_dev$midi(0x0, 0x10000, 0x200000) r1 = memfd_create(&(0x7f0000000040)='\xb0\xf6v\x87\xd9\v\xab\x8bf\xf8+\x8b\x8a\x16\x11O\xdd\xdfk\x00\x9b\xafa\xacL\xb0n\xa9L\x89p0\te\xe8[\x17\xb6\x00l\x8a\t\x98\x1f\x00\xb7\xe4\xd6\xbc\x84\xc1f\x85\x81\xa2B\xea*\xb1\x10\xe8L\x00\xd9\xb7\n%4\xa3\xb7%\xc2\x04\xe4\xf1\xda\xf9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00^\xca\xe2}I\xc6\b\v\xa5\xfck\xe3\x1b\xbe\x81}e\xfd\xb33\x18\n\x04-{\xd4\x80\x91.\x83\x9e\x10\x80\xb7]\x99\xa6cs\xa5\xf4\xf9\xee\x041\xd9R\xf5d\xfa\x85<\x9e\x1ejJ\x00\x8eD\xbf\bgm\xac\xa1\xe0@\x92|o0\xa6{M\xe1} [\xbb\xf7\x9c\x9c\x12\xf0\xd5\xbe\xf1\\\xb816\x9c\xd7\x98\xb0\b\xc1\x18wH\x8b9@:^+\xb5<\x04', 0x3) write$binfmt_misc(r1, &(0x7f0000000c40)=ANY=[@ANYRES32], 0xfffffe73) fcntl$addseals(r1, 0x409, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) getsockopt$inet6_mreq(r0, 0x29, 0x0, &(0x7f0000000240)={@mcast1}, &(0x7f0000000140)=0x14) setsockopt$packet_drop_memb(0xffffffffffffffff, 0x107, 0x2, 0x0, 0x0) fchdir(r2) r3 = getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2}, 0x0) rt_sigqueueinfo(0x0, 0x24, &(0x7f0000000600)={0xa, 0x0, 0xff}) rt_tgsigqueueinfo(0x0, r3, 0x0, 0x0) r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer2\x00', 0x280040, 0x0) ioctl$CAPI_SET_FLAGS(r4, 0x80044324, &(0x7f0000000280)=0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x0, 0x0) r5 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000340)={0x1, 0x1, 0x5000, 0x1000, &(0x7f0000ffc000/0x1000)=nil}) write$P9_RREADLINK(r5, &(0x7f00000006c0)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b035041291559f3ee3aacfb33c6af9680d512f4d8a5c51817c3ff01a1f62ac71e85445d8f244f6be479ffffffffff8756ea7d486588272169d8b90f1d7106f5776f7894ee47382b8811e658a49a0eba9b9d6a05995f57d199fcf8722be75fa42c080601d48e793d1429196b4d9182f7c46359a074285b251aca195af3b2887cc79d0cede7cc0b7e7f95c7d70472f76e23c6cfecb8a87d876af047e3e6f5e06c72a3d537663ec380609fb90b85c96a59e994b4c3b97459e6ca006cd0fb6025bf27bf704e42e42cc6d1ce06ea12aab17a7ca6ebb34abbf249de7d1828a47e27189dc29d8e6e0624e62d19c5cc5a9a5519f17a0d3d817b74f379a49babdf73519ed9"], 0xbe) ioctl$SNDRV_TIMER_IOCTL_PVERSION(r2, 0x80045400, 0x0) sendfile(r5, r5, &(0x7f0000000000), 0x8080fffffffe) connect$netrom(0xffffffffffffffff, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @netrom, @bcast, @rose, @rose, @null]}, 0x48) listen(0xffffffffffffffff, 0x0) r6 = accept(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r6, 0x84, 0x18, 0x0, &(0x7f0000000580)) 17:54:07 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dentrol\x00\x00\x00\x00\x00\x00\x00\x00\x00\xeb\x00', 0x6c052a79fde7541f, 0x0) ioctl$SIOCAX25ADDUID(r4, 0x89e1, 0x0) ioctl$EVIOCSKEYCODE(r4, 0x40084504, &(0x7f0000000040)=[0x5, 0xf50]) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:54:07 executing program 2: io_setup(0xd9, &(0x7f0000000040)=0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r1, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r2, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) fcntl$setlease(r1, 0x400, 0x0) io_getevents(r0, 0x0, 0x0, 0x0, 0xffffffffffffffff) 17:54:07 executing program 5 (fault-call:3 fault-nth:79): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:54:07 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:54:07 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) ioctl$PPPIOCGFLAGS(r0, 0x8004745a, &(0x7f0000000180)) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x1, 0x0) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000140)={&(0x7f0000000000)='./file0\x00', r2}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') getsockopt$inet_sctp6_SCTP_INITMSG(r2, 0x84, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x8) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) ioctl$VIDIOC_G_MODULATOR(r5, 0xc0445636, &(0x7f00000001c0)={0xfff, "bb967dae0927cd253bec47315839c33d46a7f6db617b23cf312cf428821901b1", 0x8, 0x4b, 0x1, 0x10, 0x4}) sendmsg$TIPC_NL_MON_PEER_GET(r3, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r4, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) vmsplice(r3, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x1) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) sched_getparam(r1, &(0x7f0000000380)) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, r1, 0x8001, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 17:54:07 executing program 2: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) getpid() r0 = getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30}, 0x0) sched_setattr(r0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) fsetxattr$trusted_overlay_upper(0xffffffffffffffff, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="00fb880600000000000000aefcfdf36a0049c2a79a05f6520a140820e8f44e7f1d9d5f8bc6f8d93144ef8614e4528bb732de5cb24c2311d7167354781915ed041d89837661cf8e7a299ac5efcfc0102c866b6a9f9cf915462f490078695a7184003af8ac484c7e64cfc68120e7ad6e7b015090be9f91205ef105"], 0x1, 0x3) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, 0x0, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) unshare(0x2040400) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x800, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x1, 0x0, 0x80000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000880)='\xfbJE\n\xc8z\xf8W\x8bmemory.e6ents\x00#3\x13i\xa3\xb9\"\xf8\xab\x82w\xb9.\x998Y\xf7\xf3\aJ\xc2\xbf\xf5Y\xce\t\x1d\xf9\x0f\x8cy\xf1\xcfTh\xf85z\x9d>\xb5\xd3\xcf\x84=\x19\n\x1fi\xd4\x0e\x00\x84\xd7\xd8\xfd\xd3f!\xc4Z/\xbe\xb6x\xdaV\xc9\x96\x83p\x83\x10\x7fe\xfe\xe4\xd5\x19\xba\x9f\xd4\xaf\x8b\xc4\xe6#?\x940.\x87]\xe0\xdd\xd9\xd0\xeb1\x96\xed7\x1bt\xb6\x99\x04\xcf\xd1X\x01\x87\xf8\xa3[8\xd2\xc2\x15\xa8\xc7:\x7f\x12\x16\x1d\x89\xca\xe4s\x06\x12;\xc0\xfc\xab\xc8\x9fY\x1a\x91\xb4U\xeb|\t`E\xf0\xd3\xc5\xc4\xef\ann\x0f!\xc3\xa3&\a\xf0\x13\x05\xd3M\\ \xcd\x1e\xeb\x95F{\xf4\xd4\xb4D\xbe\x8e\xab\x95\x16l^\x96n\xa5\x9c\x101\xf3\x87\x9f\xc6dHD4\x05\xc1&y\x89,\xfby~x\x1cs\xf1Y?o\x05V\xa2\xb4\xb1\x8c\xb8\xd8\xd3zkV,\xdb\xcaE\xb3\xb4\x909\t\xb46EG0\x96\x7f\xbdC\xe9\x18W\x9b\xd9\xc7\xec|\xf4\x1d)w\xcf\xd5\b+|\xb5\xbf\x18\xb0q\xc2G\xd3#\xfeZ\xf0\xb4\x00\xa4\x7fsqk\x1d\xb0*', 0x26e1, 0x0) ioctl$sock_ifreq(r3, 0x8991, &(0x7f00000000c0)={'bond0\x00\x16\b\xea\xff\xff\x80\x00\x00\x02\xff', @ifru_names='bond_slave_1\x00'}) ioctl$sock_ifreq(r3, 0x8990, &(0x7f0000000240)={'bond0\x00\xe1\x03\n\x00!!\x00\x01\x00', @ifru_names='bond_slave_1\x00\x00\x00\b'}) socket$inet_dccp(0x2, 0x6, 0x0) r4 = getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9, 0x80000000000000, 0x0, 0x4}, 0x0) rt_sigqueueinfo(r4, 0x2f, &(0x7f00000003c0)={0x34}) [ 3549.196008] FAULT_INJECTION: forcing a failure. [ 3549.196008] name failslab, interval 1, probability 0, space 0, times 0 [ 3549.233798] CPU: 1 PID: 27528 Comm: syz-executor.5 Not tainted 4.14.154 #0 17:54:07 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x88300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 3549.240865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3549.250227] Call Trace: [ 3549.252824] dump_stack+0x142/0x197 [ 3549.256469] should_fail.cold+0x10f/0x159 [ 3549.260634] should_failslab+0xdb/0x130 [ 3549.264746] kmem_cache_alloc+0x2d7/0x780 [ 3549.268994] ? add_to_page_cache_lru+0x159/0x310 [ 3549.273750] ? add_to_page_cache_locked+0x40/0x40 [ 3549.278597] alloc_buffer_head+0x24/0xe0 [ 3549.282666] alloc_page_buffers+0xb7/0x200 [ 3549.286911] __getblk_gfp+0x342/0x710 [ 3549.290723] ? retint_kernel+0x2d/0x2d [ 3549.294643] ? lru_add_drain_all+0x18/0x20 [ 3549.298894] __bread_gfp+0x2e/0x290 [ 3549.302527] btrfs_read_dev_one_super+0x9f/0x270 [ 3549.307302] btrfs_read_dev_super+0x5d/0xb0 [ 3549.311636] ? btrfs_read_dev_one_super+0x270/0x270 [ 3549.316665] btrfs_get_bdev_and_sb+0xdc/0x2e0 [ 3549.321167] __btrfs_open_devices+0x194/0xab0 [ 3549.325670] ? check_preemption_disabled+0x3c/0x250 [ 3549.330697] ? find_device+0x100/0x100 [ 3549.334590] ? btrfs_mount+0x1069/0x2b28 [ 3549.338654] ? rcu_read_lock_sched_held+0x110/0x130 [ 3549.343676] btrfs_open_devices+0xa4/0xb0 [ 3549.347835] btrfs_mount+0x11b4/0x2b28 [ 3549.351734] ? lock_downgrade+0x740/0x740 [ 3549.355884] ? find_held_lock+0x35/0x130 [ 3549.359947] ? pcpu_alloc+0x3af/0x1050 [ 3549.363846] ? btrfs_remount+0x11f0/0x11f0 [ 3549.368090] ? rcu_read_lock_sched_held+0x110/0x130 [ 3549.373123] ? __lockdep_init_map+0x10c/0x570 [ 3549.377631] mount_fs+0x97/0x2a1 [ 3549.381007] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3549.385506] ? find_held_lock+0x35/0x130 [ 3549.389578] vfs_kern_mount+0x40/0x60 [ 3549.393389] btrfs_mount+0x3ce/0x2b28 [ 3549.397196] ? lock_downgrade+0x740/0x740 [ 3549.401346] ? find_held_lock+0x35/0x130 [ 3549.405408] ? pcpu_alloc+0x3af/0x1050 [ 3549.409306] ? btrfs_remount+0x11f0/0x11f0 [ 3549.413563] ? rcu_read_lock_sched_held+0x110/0x130 [ 3549.418600] ? __lockdep_init_map+0x10c/0x570 [ 3549.423105] ? __lockdep_init_map+0x10c/0x570 [ 3549.427610] mount_fs+0x97/0x2a1 [ 3549.430990] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3549.435494] do_mount+0x417/0x27d0 [ 3549.439036] ? copy_mount_options+0x5c/0x2f0 [ 3549.443449] ? rcu_read_lock_sched_held+0x110/0x130 [ 3549.448476] ? copy_mount_string+0x40/0x40 [ 3549.452724] ? copy_mount_options+0x1fe/0x2f0 [ 3549.457225] SyS_mount+0xab/0x120 [ 3549.460678] ? copy_mnt_ns+0x8c0/0x8c0 [ 3549.464575] do_syscall_64+0x1e8/0x640 [ 3549.468466] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3549.473317] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3549.478531] RIP: 0033:0x45d08a [ 3549.481735] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 3549.489446] RAX: ffffffffffffffda RBX: 00007f1d3bb83b40 RCX: 000000000045d08a 17:54:07 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) r1 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x0, 0x2) ioctl$KVM_NMI(r1, 0xae9a) ptrace$cont(0x18, r0, 0x0, 0x5) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) ptrace$cont(0x1f, r2, 0x0, 0x100000000) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/btrfs-control\x00', 0x101080, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000580)={0x67446698, 0x1, 0x3, 0x4, 0x3, "d5341e435845f5e3b4178ef4dfb9fc070356fe7339fc62a1cdf8714bf356c0d9c7f768dfc14f778167870c5f8964595a6546cc8c93e7c8433705231e7dc3aacd88ffab6f2e5dfdb57f37e40192b4f2bc51fc57751746dfcb016f25e4c8e650c9879b696513b825c2f7d6b44a3cdd320bf1c35cadbc356461c3b63df6436b6f259b5ee29568b3c09b0024c998c565fad1f56249a49bc772ef3e36634e03f6f9f662d5b812c8558f821b397d2417982f9da98fe36dc208e5554214903917869d4ae90f463a0996d10c0e1d4ac01988b9b6e210a93e1e063c8adbff8305c1a8afb2c2ddeb6feb20b99d56cdb2ebfc514586ae116262aa508fd582b16cda821aaa42746681d9d21430540b2a1a63d1bc0ee159f36d543a85c245eaeddeb416d8b7838e17f1f35cc8d488a9e463ebb4976e2d50fbe17292fabb92c49aaf58dc3942bbc9ba145f6749397076ecbbdc5bc9dac74af43eb387ff67c56be35260326b5dc3a7f6f577148b55b46d273d95eba3cd8ddf2ffed201e438e663bedd19fb365960876b208f72d69075acb16af2f39ff4c0eb348c8f6562a09333d1d78fe8bdf19fc57d1c3b3c1ab60b25a2cb6a4c081b668ee227c2249c358fbee3b2952653c5d740c250923bf930100042d3c1cb017fd1f6980d9e6ee951b2fdf5e12e5596a9c289ba66953535c9d0d7f409da9f63567b3ae682aa39b3ac53e2cde2e158f55b4984160a9278daf8645e69e03036a9754ba1baee79be0e2c19e0d4858ea5d527d5e9099b67f5947acd8091d33c575b1002315a67287679c1052649967292e9186b8a9a4fdfa067604a3f97157e63300f34cd22de4a3345d18e9ad808111e7ff1b0fb693896f97de31cddfad8321a2f72601aa56a2e74762c23adde7330ebac7c9584480fc0217966a06d6f1e667e5490bea753f7b3773a19c77acfcfe8b69d6c7cbf97a3bbed62181fca18d36944db7a439c1cf234821ce6b77a4b8693509cd2a301f8473b7b4a5f2d66722eef73585eb69b9c6f0dc79f5af4c63d38172d3a261a2fd82e76512e8451d7c78ea69350679f24d35f015ca82407073b420cd0995ab851f3f84a00c836c78d60f1fa79879204d96884cd9b5e2f3b78efa2f8b6d3f45f5be7f4f80f901b3a372a959e175e8b09e59247b96d311e56cd039795e4060dd2df1dca5349301717d3d93593c3d76fc67decfdfa2f303de2fbab7297980d72849b4ffbb15f6499ddb9b53bd9cd2d614ba369bd731cbbc3cd0abcafef0ad2b301780b99c6f748ffd60810ca27c759dacd9065baa1badd0c2b3b1dc8fa9fc00f5979bcb35ffdb1aa8fb335ac2ab29064b770fd4a2bbb542884031d7806d4a19e2139919307bfd7d153dfb8e072371d29b2d300cb481fb431c2eb438c2925ccb9e622bb2ce2e3581506a531302bb621fb124fbc6893d9f2c2b823ae56766485ef2c1c410f9c1b13b34aaad2a58e15eb00e99b78b61de73558f4ab3ff5174d3f5fd2c629fac0c6cc6e307d4cb06ef936a5eaf7698563e2614319301859ea35c02115c34b287def3702f64ad6dd36f83a8248b961c80307f584fae5b6bb8e881f21f4dd877f75d428949b4cdcdba8400e58133f8ac8bac08b7d79b13e43e1aef4024a543ed1b3079689435eddf8064a1bd4e55bdf341040b94d261f9e825c10e0c56468df455b091a274bc2509b2b2aaff5dd7c5706e7a4cf3f4468bc46caaaa3406020a99443a89e71067edc4f92354702b8c7a3c0087decfb7e3253e8cc1fb3b2aefae2c0edc186549f3209aa0a7db58b613a196fa31cfd1f8fd5751ae6c9239dbaa9f37855f6f1128dd0f6179b51dfc88c490f7591b801cb2e963066f52be88f02e2e2b331674662be66d92e6870abf6fa6e3636c25f20c0346eb663dea82051d5c326dfd79266b21ae0bfbfec3b9c6045e8224d8525133e09318de3add053f3d43cb2acc8cb3dbd115bd6b035151a24fa5c62541bd304630d8aeed5927c356db4fa3482d84adbc6b4a447dd5b403afde8dd9bf83ee426ec5646f572dc0d58edb30226337e4058d120005531463480a7425165da758c46fd23f735e834399d34902c7708654b3eacf8faa49514f80beee4cade1cb0ff6b6b7bc22ecb5965e9487ac46069b8507dc2038ffc7ab026f9814214b5847bcacdb190bcfb0349cb8d0f041ded796c54c68dd3c5819fcc772eda0eb8f31e33aa1f7616aa49fdec3df001021ddd1635688a55aae677a29d13559a6202ad2ad3e599094e01f3035435299218b59b181a1a752766669fe219ffa432a0912bbab8c9541fd5c8373524722bc97d87f7bf6998d85ee9dcd71cf999d13d8e4cf2cf93fe2331685150eefd7474edea2457231ae74135e0593b5ccfc9211f651d809765398df5f6cdfd31131b614fc1340519e776e71c372d242c6b1790a1a715ca293a74c552b6d6bbe3b966557585c9d0dbae9d20e14a00d3dd294292b1731af431c8f0c9b85e373e854408fb5543229b91244788afca59ba34157539cea45af970aa719ea4e2a212598b91eb5de92259118d96f21974e158272ef9c06a8b5c23d51d3c940bf68f0c4c4a70b88ffbb74c37c7d11c25f4f2fadb33343fa9c9a5dee59421640987fdcf43c151c6049545c39bec593a383c58abfe810ac08acc32253e34183a04fcdb8086ab3d9d5edb940981b0aadbe1efcce0d387043bb7128dfc88776b6307f41943cd48e228d31f70002437da61e1984280b95ea96b6f5c215b19833ba876a397bd1905ef1af6e28bfd5729cceca7d6b68dea6caf7ca638e4828a3efab5f14dc511d2fdbf0b64dd59c193f57731d6ad8d87f1f9d48a50d1e71eecafb3002e6c38d566595eb046aca89dcd7ca4b67d5ca51599c57e06e332df1bda764a34def6c0cb97426e63edd0ca8e77b10242bea437d3588d0c382dae4ffcce9dd4941611a9c98d60cc2e5096036488205be88d059a252045565f9d59dad4fd37333d97e722bd53401c7dba6d290f973512e4679883788069bbd209184bca3e66ba0acbf5375cf5c90e19c5a8b9ab9292fba60dca7e7b4dfeda17ab17cfb33d2bd020f18c38c9cd1077053dd5f0a432f102c00eed6bbce1e09e7d8bd5cd9bd409d0e4afe38b45d4ef883b8324f73a7533f8620edd4279d718a922bb880e45b6207eebc2700eebb15c9879fa2e2fa3eb2217599ece25e20a6bcefc99b1d028559118a99a28fe7b85666dc17574280b39d3f0e8e188a795a42f7b7e15632c3f0207099aad4b59d729b526cec71838f802505e666c0c1aec37aed20f0a029bf4c8ec7654f995601b8dbfe381bdf77f2aab6bbeb6de16e587f3cff27da16a8b352c79e91347c54320692840aca2c0f56bf844c0e207f0a257d3c87aea2114679aba08d3b6c609abdd04115419bc2b715c57d458d37fac4d5e8aef8979a521cb8ec9ce26079c9cd6cbc5beb669136364077a0e47f615e48614fc015020cee3b3d53954550c480cbdaf7e33a6a213d09968882d440920088e89c7deb01208b54a356e8e6dfc5fe95ec92414b608fe4f928ff660fc60db8e50e172b5974f8c872ab81b56851e4eb712f22aed94a21b0ab1f4602ff2fa41dda8b8da2ed1dd1d96cf428e747b678b7845c09b94497161a0608369cef3b17163d84444d831cd06ac9ac236fd054fb4311deceaf6b936ed63c42fe9401d4d02861d511462493353a5156bd95e6cec2216ec4be051803829490759b1d12f6770eddadde6e82e24df81dbcfe243799fd8c7bc399a412c67bbeca2df4bbc4b925bfedd036a104982c80b2840fa2c696fe52875dabf571dda10a98654af25b7b30d37c1f7101c1d54c3ed38613fad4cdfdd38a1da55197e0a8ef8f34b0b4b38bda5cc843d183905afba5e9ad8cf42380ffe58648453d6f875bac161dcc76a347bc7de65abc7ff2c621fce02cfbbc681eeec13581df2eabbd5247c2b5caa1e17940bb973f3d2c86a1f78e9a686fe3114a2ddcd237da7626a540114d0457586d78a45cef11cd944b704fa6fe516a4e7b9b5217f4f8aa1dc522bfb354f85e44d56a31ed9132858b9f353e8bd8c19c102e9b8750102a2b78223bea87bb04f3fca464d74c9ac907a5bcf959c56890960ba6bdcb2cac403920cb6f63c1779dd1f41aae5abf3b4f4e86c50366a57e06bcbc2114528bb196bc24e9107794735d4abb8e24785caaf68aab1d4bf449cdeb3cd9938fe7851572b1f51c8c014b85931a6ff9053cf809074a3d003a01ff592ad54de02ffc750a9884e6d52c1db2cbbf2ad2816b8bb4bb7ef73dc4f9e9786502aaaee71d0189eaa2a697e683fc583d57dde03bc97d27228551f420a8ab8d85164b0002a5fa0c968f226796a7def11522eb3423a34aa6c56ea5c5875720a4c4a3fd3e3833774a39816318f4db5548cffdc77a14795447261c23f382bdeb226ee6adc6a6ca45a30cb3d15ec5b0f5e9ab1ec49b4fd2b951eb9dcd0885f415577be3ec4bb32d2c6ba8a4725c4cd3035fddaf2d8546cdc408b0e09dcc3dabca2d7d9b0da25915f16c8df9eeaa1a33d992f86c9ace90f13cb450d2dcd0c82e4ad8fb30f3218a4045d711590ba2aeafe084cf68f84fc00a9ec532e3d134e75a742ef873b741f9e681b8cb92ab5cf37bf8cc2d5de699f715dfda554149998ef1acd046cb51e1697fbe03126764690b760471dda004f61a27f07da95ba4787d22b2cfde5142b2ae39acf744c7d6e9d4c9982ab235cb0e9bdd02b2406812b2c2825db8ae92170ec52388d0ff0a9c055cd30346c2812aa085e4a16d94f5f155df16d83575bbba2f99033a89d8f53acfb0e505ade839888f3fe785ece249e067f0bd3f80420b01d5d56dbf8b89c613e3bdd615626bd34c59c4577a1b8d6638cdcc9c7a01b147eda920a8d5c8f15afe52fefd6f1f25dbefe31c8af392af03757def58cfb264847cc95a18515cde7c4aff1cb2a605ddef2da796519cd090290ec8ac087549256574af0d9b373b057c04ac945b2bebbcca77d1f044a5bcf80a2970605a2176d2da0a07be49a19171017622a9f696202d8186d005d1cc5909ad1281a4ffcfc25d1a89988601bd05f05b50b0f47e6e3862e8b14bb7db21a5fe9f04d723d6b8f1559773bb3e88520d4ad55ee7eee0452977c964987a40d8445fe648610f365b68596d2001bd977e8c004b8dd7e9db7f059d539bf5f9063a6d0f3ae95b786c728ac433498b3539e41c7c04a1771fdfbe54a33d4f2579201474fa3f9b9b4aee8ada066901748d3b91a39ce08f3d9921e54a0f78b2021274fffbe5255e8110da2fddf5c39296ad523df05680624b3ed5326ad1291fbc9c136a4ceaab84d0f3220a21e9ca3ad0c4c2cd358512855b9bbf5842e852eabb6cd1a3f82b934842585e889986ca7cc0e7e1b123b6e6b433b449fd19d37d989af8fb0e02645dd23e50f4df815120b311204ba8edb2054fc13195848f3b555a59a324c6ffe9c180481b689d66bc2a3aab324993fd4899fbf8532ca2d64f3c317ad11e62a75e946eddd99bb08bf4c9bace082853fabbb44f43d703a839186e634a29ae1517d7b4b40afa9c9b5d56e0064a2f95fd7f34e614ce25008724c08f31e55837ec34748ec774097d985ce6ba4c045901f1038f9634e87e4e254d5b210997692e9926998e465e5461675b05b9a85b055d0ed8f11fe51f66167808178e52d27e234f103a36e862f87e657465d30ef52a4b9ef4130e9f42b7088465f52613ff283eee4aabcdd051f815b1199ad5fc1b6442aaa54329f6373fc77dae6566ad894bdb7450373c64938c73fc51ae5036f2a35a47ec8ebf4ceee0f6faad7"}, 0x1010) ioctl$SIOCAX25ADDUID(r3, 0x89e1, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x0, 0xa}}, 0x20) write$RDMA_USER_CM_CMD_BIND(0xffffffffffffffff, &(0x7f00000004c0)={0x14, 0x88, 0xfa00, {r4, 0x0, 0x0, @in6={0xa, 0x0, 0x5, @empty, 0xffffff00}}}, 0x90) r5 = syz_open_dev$sndseq(&(0x7f00000001c0)='/dev/snd/seq\x00', 0x0, 0x0) r6 = syz_open_dev$sndseq(0x0, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f0000000000)={0x0, 0x0, 0x0, 'queue0\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r6, 0xc08c5335, &(0x7f0000000100)={0x0, 0x81, 0x1, 'queue0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00'}) write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000080)={0xe, 0x18, 0xfa00, @id_tos={&(0x7f0000000040)=0x2, r4, 0x0, 0x0, 0x1}}, 0x20) [ 3549.496724] RDX: 00007f1d3bb83ae0 RSI: 0000000020000100 RDI: 00007f1d3bb83b00 [ 3549.503999] RBP: 0000000000000001 R08: 00007f1d3bb83b40 R09: 00007f1d3bb83ae0 [ 3549.511290] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 3549.518566] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 17:54:07 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r2, 0x89e1, 0x0) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) setsockopt$EBT_SO_SET_ENTRIES(r3, 0x0, 0x80, 0x0, 0x180) r4 = getpgid(0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000000)=0x0) r6 = gettid() bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0x6d, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40), &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000018c0)={r6, 0xffffffffffffffff, 0x0, 0x0, 0x0, r7}, 0x30) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000)={r7}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x5, &(0x7f0000000000)='comm\x00', r7}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, 0xffffffffffffffff, 0x0, 0x17, &(0x7f0000000040)='net/ip_vs_stats_percpu\x00', r7}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r4, 0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', r7}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, r3, 0x0, 0x0, 0x0, r7}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000000)='/loproc(\x00', r7}, 0x30) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000700)={r7}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000140)='\x00', r7}, 0x30) r8 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) setsockopt$EBT_SO_SET_ENTRIES(r8, 0x0, 0x80, 0x0, 0x180) r9 = getpgid(0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000000)=0x0) r11 = gettid() bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0x6d, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40), &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000018c0)={r11, 0xffffffffffffffff, 0x0, 0x0, 0x0, r12}, 0x30) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000)={r12}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x5, &(0x7f0000000000)='comm\x00', r12}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r10, 0xffffffffffffffff, 0x0, 0x17, &(0x7f0000000040)='net/ip_vs_stats_percpu\x00', r12}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r9, 0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', r12}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, r8, 0x0, 0x0, 0x0, r12}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000000)='/loproc(\x00', r12}, 0x30) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000700)={r12}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000140)='\x00', r12}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r1, r2, 0x0, 0x3, &(0x7f0000000100)='+%\x00', r12}, 0x30) wait4(r13, 0x0, 0xc1000002, 0x0) fstatfs(0xffffffffffffffff, &(0x7f0000000000)=""/39) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x8) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:54:07 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x9, &(0x7f0000000000)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 3549.598128] bond0: Releasing backup interface bond_slave_1 17:54:07 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x0, 0x4000) write$FUSE_NOTIFY_INVAL_INODE(r1, &(0x7f0000000180)={0x28, 0x2, 0x0, {0x6, 0x1, 0x5}}, 0x28) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r2, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r3, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r5, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}, 0x1, 0x0, 0x0, 0x4c019}, 0x0) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = accept4$ax25(r6, &(0x7f0000000000)={{0x3, @bcast}, [@bcast, @remote, @null, @netrom, @null, @remote, @bcast, @default]}, &(0x7f0000000080)=0x48, 0x800) r8 = socket$bt_bnep(0x1f, 0x3, 0x4) poll(&(0x7f0000000100)=[{r2, 0x2068}, {r4, 0x1}, {r7, 0x20}, {r8}], 0x4, 0x6) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 17:54:07 executing program 0: r0 = socket$unix(0x1, 0x5, 0x0) bind$unix(r0, &(0x7f00000006c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x0, 0x0) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) clone(0x20001000104, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$9p_unix(&(0x7f0000000180)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f00000001c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000240)={'trans=unix,'}) [ 3550.024895] 9pnet: p9_fd_create_unix (27573): problem connecting socket: éq‰Y’3aK: -91 [ 3550.035151] 9pnet: p9_fd_create_unix (27574): problem connecting socket: éq‰Y’3aK: -91 [ 3550.236734] bond0: Enslaving bond_slave_1 as an active interface with an up link 17:54:10 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getresgid(0x0, &(0x7f0000000300), &(0x7f0000000340)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000240)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r3, 0xc0a85322, &(0x7f0000000380)) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/28) r5 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r6, 0x89e1, 0x0) r7 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000000), 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000001c0)={0x8, 0x5, 0x200, 0x0, 0x401, 0x8d, 0x0, 0x8f, r9}, &(0x7f00000002c0)=0x20) 17:54:10 executing program 5 (fault-call:3 fault-nth:80): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 17:54:10 executing program 0: recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=""/4096, 0x1000}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000103ff8)='./file0\x00', 0x141042, 0x0) ftruncate(r0, 0x1000) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x806, 0x0) sendfile(r1, r0, 0x0, 0x40801001) readv(r1, &(0x7f0000000100)=[{&(0x7f0000000080)=""/4, 0x4}], 0x2dc) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, 0x0) syz_mount_image$ntfs(&(0x7f00000001c0)='ntfs\x00', &(0x7f0000000240)='./file0\x00', 0x9b, 0x1, &(0x7f0000000300)=[{&(0x7f0000000280), 0x0, 0x7}], 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRESDEC=r3]) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) ioctl$SIOCAX25ADDUID(r4, 0x89e1, 0x0) r5 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5) ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, 0x0) ioctl$PIO_FONTX(r1, 0x4b6c, 0x0) ioctl$PIO_FONT(r0, 0x4b61, &(0x7f0000000280)="51e71a6d7a4ff69cbc133e3fcc2839bc0cdf84a7263fd670fc3edd9f90566db8d3f756d9b451c2f10767bac24d61fead13e522ce1f3b17f6ede17c24b588957ecbee859947d9fa4a7bc115c1dcf07f5f5f9f68f5b1f12f9b98dedda9e358b0e8f55645f70d223bcececa22094e") pipe(&(0x7f0000000100)={0xffffffffffffffff}) vmsplice(r6, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) getsockopt$TIPC_SOCK_RECVQ_DEPTH(0xffffffffffffffff, 0x10f, 0x84, &(0x7f00000000c0), &(0x7f0000000140)=0x4) setsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000180)={0x8, 0xaf, 0xbc, 0x5, 0x3, 0x5, 0x8, 0x4, 0x0, 0x0, 0xff}, 0xb) 17:54:10 executing program 2: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) open(0x0, 0x8800, 0xb43efb56b7fac6b6) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) rmdir(&(0x7f0000000140)='./bus\x00') sched_setattr(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x4, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) r4 = socket$unix(0x1, 0x1, 0x0) connect(r4, &(0x7f0000000000)=@un=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x43) r5 = socket$inet(0x2, 0x2, 0x0) bind$inet(r5, &(0x7f0000000200), 0x10) setsockopt$SO_TIMESTAMP(r5, 0x1, 0x1d, &(0x7f0000000180)=0x7fffffff, 0x4) connect$inet(r5, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r5, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r5, &(0x7f0000003c80), 0x38e, 0x62, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000340)={@remote, @rand_addr, 0x0}, &(0x7f0000000700)=0xc) accept(r1, &(0x7f0000001b80)=@xdp, &(0x7f0000001c00)=0xfffffffffffffe5f) r7 = syz_open_procfs(0x0, &(0x7f0000000140)='status\x00') preadv(r7, 0x0, 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000002000)={{{@in6=@local, @in6}}, {{@in6=@dev}, 0x0, @in6=@empty}}, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000002440)=[{{&(0x7f0000000100)={0x2, 0x4e22, @loopback}, 0x10, &(0x7f0000001a40)=[{&(0x7f0000000580)="c48f0032207820831bf53ab5c35723d409d0a6cbe1e3b4fbdf3f23d884ea651ed425e935647f8b84851afad79f1e6359f54808dd4e20efd4b90112fd692c9b650964b671cdcea4b8b1859b896e2dad7a98dc2e40728787fedd23c000397df4c79749a2fb93beff0963be63df2a286201ae5a51a5243e1b6175e2659b4984210358cdc89524ec1fd1bc5e17858f5f485d56de4e0f690609012a5a0f68c184814575e53af720fffa1b39aaa33a00ea1a6eb0af57cd5bad2b10cc6b32cf864727e784dbacc37509aad5156d382c250a58f7", 0xd0}, {&(0x7f0000000240)="f4b6e907030bde240880121d45d65a41a53ea7605e80556104730ad0f3d41d959d78e2c8", 0x24}, {&(0x7f0000000780)}, {&(0x7f0000000880)="208edd5c9d4e6dc2213ef5b5321a39768a91b0987f42285231256062bf9ab234c53b8c349a41349e08507c7929665d3283be4d5e8e01607a177ee07b3a04bbd905b8dd5e0329be54efdd2795dea3fded901a36adfc0b6c32156605580d114c73527b372332e4fef20c79a261fadbc600a36acf95ed8a4b3c393d235f18bcafc15f8be762a4c7f522c0cae959f7d0558512c2", 0x92}, {&(0x7f0000000340)}, {&(0x7f0000000500)="e2aba58ddeba1c90d39050709a9558c8f1af917a3fda4fa2e7efad4fd8168e1309338d053fdcab020cf53e37410acdce85f0", 0x32}, {0x0}, {&(0x7f0000000a40)="f354b9fa3b2988465ad6bfeaa237ab4f58e4744e82e5dd410d5d4152f9c042605f8c73129342780f355a533472b9c6098b46ad52c0147edadb826507aeef75029179ccb38dd04551e7f8e0eddf51d526f9899c31db90d03aa142b1fc2f16a6d85610ed3bbbe85245d1048a9775f80e6ea787564333a5432978c16ccc94f101d32877b019009271834dffa42c50f0dc7406684a307791a810440e4a6bbedefd321ea85b6b2fcb344128f9186f491ba6256539549f6083cfa2b52866eff508b68a4b1bac02bdafe035a371c32c160c62df6f45d5f5f4f94e9aee209f23a6f2aa01a42d9ef4e59cf4bcf60e91b0b17cef4c696811c05de8ed829f10d8f7b8b8f52f665aba92b0593f11d0bea23fbfe40f1d9e25691f0093379a92ce283b22c5698f4e4af1eef0e3e0b8070d00ab228eadcdac9bc6b035f35b35bff7b9df1cd55e8efead07773b190b4e2f609528f6a5ef9313c45c77591baf006e78cc703e4fec6b7ec27a4bc256cfaa8a442aa1aa7eefbc66691a20c8c1272ef1d31080d6ad3a193b760c4616a030184c1dfcdf3c7f2837129ad098ec3ec6e4f3d942146d301ede8e412ea58b1801d0a037a53980a3ab721a79d89dbdf8db9f5e0a35ad96aaf4e208c8c706580a52e85810db8579ee9efe7cf3dfb85a2216c1a7aa43fbe9d6714e53671e4e433ce0eae164ca6e09083cb17c05f0b19d59f31a4748f7fe7501e65c73d1643b5b823a82c801288410f4974eba2a22b440cbc33a4a6b2415225c2a02c16dba01ae00d023747ae8e64be135f825f2b414b9467cbcc6f9711f0b6c979ac6ed183363b3d79208fed114d1217d6459b336cad9a9ecdd6054eacc3b09d7e3e8ccbe97a1e16109d62e626ea7e99f4450f310fc319f97dc08cb962361ecdf4e49da7cad6241d05d884508833a9cb6c560e9c8cc5a947b0b9ab125abcfb182b9b1df4e5d693290aeddd4c72166435718672a730a355b53a3125233d44f267b028307b59385103eaca3e9a2aba5a4199c695f0cfaac9c33caaac5dc70777bc2c7752d0ddf4acba663c04bd793ebc64b77b69e9895e0eb4c25f82ccf884d063a5a5ad871207dd19b1c135fb840191c274b96c771c4bf2b24efab2ef11d8dc77ee36a662ce063200066ac0e983b21853b99489662aefbfd9bbe43149d8fd9f5e3da25c3e79ab0ae0272ca57a9229cfab90003d7ad751c503677a3e0f689cdc751e4bf1346e72418bbbd9b0394a9b04b27750952ecbf2bd97cf3d8ff6a84341079ed8f41e100df11589fea0976b9b10fba8bea108ab1a1be768f5542242458982ab573676103e666e3aa6c2fda1c50bf45957e0d56a7781832fe26a944057152aed5dae27636600406dee73df4dd533ee3e26c9d287d54ad3f3080b46a7858e0bd541276a6229bddb47fe8a6a418f09fb2d46146c6fa1d10b09a3c036044c40aa5dab9e54324ade1bced5d9d654f2cf97955d432752f195871fa26490c4eeb0efe30145dcec9ce12137dff86b46a0b2cc6fbd74a1e87037ae1a811f009821293d38e0166e5a6eadbe77d230e82a79715a75fdf167584f4a3c84abbc1551f2482572dd2671309f856d2ff78cb65067d64160b0ee1c786b2e7530628c018b705da4de9e3c3539ac0fcfcf06ec1e5b56669099ee043559b475ccd1e985c28822649aa80780243ed6578507e8e2756f646d5fd8369aa323aadd34344ff56fb152527a22e623da5f889da22082d8918ebef1096fec9eadea7d5f7e10fa97e6055ca328d2cbce84b8abe250bc8758837a4150fa61e3dda4301b716e94f310d5274ca725863b4b0a32f2cadbf8d6e0324c6871b220d052cef787f0185ce3f9072b575a8fbfc5c89c5fb3f580414e4c8f4b2f304ab688f20577b6602ddbd42dbf72be5cef43c29e4296853a9dda2f3e884f5495d0a892d9afbc5913601dfaaf296cfadd27001375137f2568fbfdca973026f3c4bceedf4432bd2341d457e2e69e9f3cefc4781723bc22ba7b34eff14c1fc3a3c4074968045714e985cba40040b51beaa4a432e62c7dd064949cf9876427ec57ddf4aad5826785f3e9bf0f35f84b124be98babc96af9156526990df479300ac604d9dab804ffcd1d105cdfb07970e4cfc69fe2540abebbeb92e96cc182037126585bd783d479aec4935b5600a9aad903d40c419859fde29689ac0557f0c29a2331008d6710a571c485eace637b209951836f1fcef7b624f7d86df6c0c336ec6f4588a689a840719a87f8885c84e414d93b159bdde3643f2581b82c564e7f4e7ca98a35682f0de477903441aa5532d48ffee38c46f70bea9a74d235e7d0f42c3c826284533ad80504bc78ae626b6c1ed7d3a7be24bc30dfae4489b4505e2d4f52095f81ecb90c3c5a5895b5fef1d430ecd0fcf75fc65eb5c2a7fdadd4f87b2e9d451aa2344d84cd1a912938a59cb61a347d50c1c146b2f70b6119a69bfc48b2e88d5a3c99e5e36443ea56fb9a0604a0586ae36806ed4e9bccdcef63bbced4c75b60507de699546321a874d2f2940a35d5b1005367a8134006599b343876191f4663ac42dc3b7d98cfcacdfc0ac7b214fcad53e6b131603e1f66a67d96f509ef9a6af34bbe7cd2338465f9589eb6c8939f881854650e50fc63fb347fe0e00f2565c39cf97982237fa09416bb4d2b65bbe5923fb570626200af43991b21dca1ab46421fb3df05ee93eab2c1c63eff0c5b76bc42385cef8a8c0a950dc6eae1a69b5f229a30b03a23e73fcc206dd20fc0db9c314d22203f4f9166f822b4f4873128c6cd899fd10f82b7d932c5e84d0e65660bb4452e2757bcaa26169ee3dfd5c3a9def15c2015f403e648efb8fc8d3a8b8592bd05615046089ddf78ca5837a9c9a8746fb44b7c6e0228118880ffa470dacf6bffa336aa6469b907ce91fc371a705203da5bd5e5df3e1739b568d13c738854f8c20f75bdd550e2bf58d8b2654ac27829c6780beba10e7d5e6c4656f707e9d9a62a4d57566d28bdd66dd2cada9237fefbeb6f9c38debd259fbf4145298bb90309620535436764b9f95c997eac0fc598fcf62f96d615e426869a11fc965275f33ea561eebb953ad67c48b9928975eb6b910f52cbe0ad612513f31d5a5bcef68fc664be681414695978f7e876ac515e3d752666a5412e13c731ab39cd1a275bc127aa49c086dcea2d2cbb68adc9312a91f86e389858ff5cc156aeb4f14f4bf4ab8d86bf80dc56c3a23ac294094aba79ed8ef24ee21a6c7252e6653ec95a1bdab68971671411db13c4d01f3665e81f9f680476a1e7842f21845a21073798ed34b4df54ac2d2ca8d64978436bf4dd852670e2530e995b9139a4cd164462c869fb2ae31d3e7ef93a4ccb4a3dcff225dbcf354a069823e0aad04a664b40c55ee4c80daffc4ed7444c2eb38f2af379bb329aff66a5a4e170b0f02484c74894366e14b23640dcd0d83653f38d3d17a8f1a032005e21f1105b9dc8cf4c75a1484952197af3b963c7da3199c5105862fe3a5af46c43635e37ea379419ed8fa325a2121d43dfa4ebd717b32ec30acac65ba9cbd2a213376e28d67570c4dffe71a7acc58ca14e3aa68587e38b67565475afe2f5e743ce17b76fbb004e037e5b2076190b86161edc146f1169fde94b192a23509b44917403013813a482fcf7960773644d85ab2c5994c93f40d957aaf914d71d5c9713a63b84c211209f1f29313ff92f690ac93de7b46edf542f192d977e7c0c92126f8a9768badcfb525e53cb3d747300ab3b34ed3d42885a63d808f84777dfdf46dbe80bd234a682535878e80c2fed439793c1662b52c6c1a3bf7d6d89bdef08e64e88be5cc871d6a3a26fc3941eb0db79e82a9b89478d745b9f3d1f408bea8141156653559c9697672974519d9c89e36dfdce5898919f5ef19d6686fe5f2567bb0a39ff4bb1fd0bd9b55d2cb76cbe2fbf0147752629be014bfd1d89810b2d88212db0a1068722e9089f5a73bec16ee975bda88c8fdb842469b70b56c1dcc777490b3c8581659d35213f8484e6445aac5c6c4bcdd39814fdc1bfa86043c0b49eef7e1964e1fdc89c0220065ffa5423120824aa55cc6118e4d2c9e1bd4a7aa3a94699bb7cd9decb51b7057e5c60c887e7489bd0e1ab7a85f0b0327d8a3115941268bfa1d6d4c161b9eecdf9103fd055148426308428fedd7ccbdb9be4ece9a513c489e6cfff76e4006660d5c1c04227da23c96bb72d45f2bea1fde02fc5b9fa8000b3eec2cf69f25dceb1ea7de49f70b29ef101a53aa9d8c54ae65467db58df24e2c4a3734a09528f838654bf2b34bd4a19f15b06c023e840ff66e274c5a90cf0201d33489571b786d09872ced1da5d470314d71468d0c8ccbe28e7cd71e92c6345c91106b47a13283e4736ae8c63fee4bb18b0185ca918cbf83bfa5ad090002d4e7fa3b9e6aa0d85c2a1ae2a07f08641302db8bffa69d153f368847bffdd5a0a65c63c51c5877156f841250223538639bf6565dfebfb48c94b021ea88fb153cc88bcaee219bf1f18fdb7d8750d956319bd950946a004023b0189b70df74d3cfc283a61b5564a2f6c9bf50cdbde1c42afdcf261ab2ededb13199408443ddcd43a39be60c4620a31551d05c91da448ba95bb45a12c0557c46625d7aa21e5c47eb78e76fcd3d9d12c3c1dc3de6097b89c66c8b43aded600daf64f00e3de6d0a3d939892afa7cf41fa9bf36f3a7683868476e85ab8bc9012e613160db7b34abc5bae5c79782ca0ff683ff6228a8559fbdc8a611411a99853c914b5a4ce350db1dba9fee5080bca59a4f2715568b1b79ebfcf3e95e4c9e394bb5982e02b2f353588b76ee0cebf472d52e9e34dec433d6ec6dfc81e52cc3d59abdb1df3a7f6eefacacf34fbeaf735792069f8cf8704ecda5db038d48a727a3ebcd0c8a6182c35b2244297c6f9eb446890146b17e9a1621a6f3510c2902e267f2f02367db2474681b58949987f3b79fa30821887e0690cc5b41cd61aa00c3ef7faf1878a9ffa33385b23456d1c75ed7701a3242ee7da024ad902edcf0b25d2b75df807b9b8bb4a3ccc60e0bf743a45ca01416714c2b42094d4616cf459dcfdb1f0ac99d39f00207e06853ac71d88268270b4c5007b9c52bb6eea9f5e2ea2c689c4b3265a9a55de2910cf5f14875bb2fae35c9b1a53f969cafbe59b49ebd82fb2aaa46953ca2e6ab48edfdc61de8a3b9b2b8be1f5af0d09927c8bdc35f537900ffa0112db1b5e2c59d20c98d91517365071ea1244a2246addef85d7f50447905e3528a5f31a6794ed07ac2fdc8e611c87b48f8276c0201ccbf364705086f45515bc838cff83d98ebc24c50b5d2465a597c627435b8fe5aadcbb74febf685b26b2c37b943720601a50923cd974fcc9cb5e00e8a96fff9d9f965218c85eb3bc89ffa2133ceb2cdf274f37013d4f8451600223f9ed048596d78ceca953525aa31910dd1ad56f58f080f4cf1e1fcdb8cbd72f071da262e13358eb13c1cadbf322dffae8968c7f325150c172fd619c320883f2b5d286f4cb221e7a9fd97389e35d6c8de1225d8ee8c0f3a76e94784af1bb2a2a5e9e03a3ca5db4ef2b672a952e6e9d21ae3189a9b8e9c95530c8f55462a636f83ff0239d50754a08e43320aa82bd6b0f75378ee089afd63687de6aeff0de914550a67e0ea4d1f644ac363214966205d7d1476fada60555957352454f0fce11a80fafd16932b148458bece36e1961bf5162d41afb526ed0659bf060d9a6add4572ccc4b2b4c1d4a7800cb0163f776f8883ed98ec18c354fb3e8e9dfc249f8252a041d2b168c9ef9967457d3dd6daac08f0", 0x1000}], 0x8, &(0x7f0000001c40)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x3}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r6, @multicast2, @broadcast}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x1f}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x9a}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x2a}, @loopback}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x5}}, @ip_tos_int={{0x14, 0x0, 0x1, 0xff}}], 0xb8}}, {{0x0, 0x0, &(0x7f0000001f00)=[{&(0x7f0000001d00)="6e86192b3fadbbb74663e482d44f10dd67341f5360ba5284fd02713f7393ffbbb664acdf32eae6ac83347a80645a84e5c1041e2d9e37ad21c232856c810913be9ca0a483d1f86851488a8109ec20d2153c34d0ebaaf97c2215f984a769fce1ba9128afcb76f1b1a5224c5f8754fc2313b7528cd1fbd4ccffb73e57511470c097fd2bf6582d", 0x85}, {&(0x7f0000001dc0)="6b657b72cd325e2b65871fb2a15899555c4cad9fe97dffcbacdb00"/36, 0x24}, {&(0x7f0000001e00)="2a3dbd05bf4cb07e2438073d32b019040ce1216e3dbe7d201d687924b842ed2e39add49f48894b79020b40e24e62889419def1e7438794b52d60ce5ef7d4f32317afd3fe9a452e2745686dd1825b16c692c8b3bf5ce325b05f011993e443bcd3b0562c38970b99f3aa3cd9ad966946e2a01e23aefc9fd6dd4a5e1feb1ec4", 0x7e}, {&(0x7f0000002600)="f3be3bb62ed6d05e87404d89b26a3faf0ad980e0bdcbfdb620167ff5d72cf58a5e05f3768ca65a27cf5e3d9cd0d468653b28c5cbffde164378915a68846452e01daebdff4676ee664474e74956d984a14d8471d919efa4f603850de69d9170b3eedbe69e274a57ad14306bfa6609b9d7f590d97c9e526892bd7d03115b32da7bd8e580392938", 0x86}], 0x4}}, {{&(0x7f0000001fc0)={0x2, 0x4e22, @local}, 0x10, &(0x7f0000002200), 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB="b5f70000000007003daab6000031002c674c0c7754e3a7dc365f91f53d99acdba4c882d21a1db9783ff11c683e81337a160fcd8a9649bab01aae2aa626200bccbd30d8d1a4547557e50cde1d5b3c593af1db3031091809664d061419c258aa421b3eb7c0c723453461087e67db83d22360070af8fa63195d97030371f51eb0110000000000f80000000000000000000000ca5760d979b15c0e84d36c5435b2d9a09e062048f465ff5217ab6b99eee7c5ec1e7355f193f5d16df4f00a77f9f8a703fd60d17e9f5cf10a09292e5d19df517475bf4564ba0add7559353ba42fb8ac6a0be458ab41a34795f4540a49f72a8cc7fed2810257bc27e3f65cc51054a413ae16434bd03c91891caeb8b0d20f5f09ff45c800b4cd6b602b28081514d04ee70c284bb41566b7d62d680186a3c3122d6f3f6d9fb3b65c61d6c013afdb2a7bf63da4950fb4fc6474c763d4c7a14e378900e6131069a76446d72083d56f970cc1bb0e655eee6ee94293"], 0x11e}}, {{&(0x7f0000002280)={0x2, 0x4e24, @broadcast}, 0x10, &(0x7f0000002400)}}], 0x4, 0x140060c4) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r8 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r8, 0x4, 0x24000) io_setup(0x8, &(0x7f00000004c0)=0x0) io_submit(r9, 0xc2, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r8, &(0x7f0000000000), 0x10000}]) 17:54:10 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setopts(0x4206, r0, 0x0, 0x0) r4 = msgget(0x3, 0x2) msgctl$MSG_INFO(r4, 0xc, &(0x7f0000000080)=""/4) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) r5 = getpid() sched_setattr(r5, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040)=0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r7, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="1400e37f", @ANYRES16=r8, @ANYBLOB="010700000000000000000d00ffff"], 0x14}}, 0x0) ioctl$FS_IOC_FSGETXATTR(r7, 0x801c581f, &(0x7f00000000c0)={0x80000000, 0x2, 0x5, 0x1ff, 0x7fffffff}) tgkill(r5, r6, 0x41) [ 3552.215121] FAULT_INJECTION: forcing a failure. [ 3552.215121] name failslab, interval 1, probability 0, space 0, times 0 [ 3552.238801] CPU: 1 PID: 27587 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3552.245861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3552.255216] Call Trace: [ 3552.257811] dump_stack+0x142/0x197 [ 3552.261455] should_fail.cold+0x10f/0x159 [ 3552.265611] should_failslab+0xdb/0x130 [ 3552.269586] kmem_cache_alloc_trace+0x2e9/0x790 [ 3552.274255] ? mutex_trylock+0x1c0/0x1c0 [ 3552.278317] ? btrfs_close_devices+0x21/0x140 [ 3552.282816] btrfs_alloc_device+0xa4/0x6a0 [ 3552.287054] ? btrfs_find_device_by_devspec+0xf0/0xf0 [ 3552.292253] __btrfs_close_devices+0x2c6/0xa90 [ 3552.296842] ? __mutex_unlock_slowpath+0x71/0x800 [ 3552.301706] ? btrfs_alloc_device+0x6a0/0x6a0 [ 3552.306203] btrfs_close_devices+0x29/0x140 [ 3552.310531] btrfs_mount+0x1fd9/0x2b28 [ 3552.314417] ? lock_downgrade+0x740/0x740 [ 3552.318555] ? find_held_lock+0x35/0x130 [ 3552.318573] ? pcpu_alloc+0x3af/0x1050 [ 3552.318590] ? btrfs_remount+0x11f0/0x11f0 [ 3552.318606] ? rcu_read_lock_sched_held+0x110/0x130 [ 3552.335755] ? __lockdep_init_map+0x10c/0x570 [ 3552.340260] mount_fs+0x97/0x2a1 [ 3552.343644] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3552.348131] ? find_held_lock+0x35/0x130 [ 3552.352242] vfs_kern_mount+0x40/0x60 [ 3552.356075] btrfs_mount+0x3ce/0x2b28 [ 3552.359858] ? lock_downgrade+0x740/0x740 [ 3552.363993] ? find_held_lock+0x35/0x130 [ 3552.368042] ? pcpu_alloc+0x3af/0x1050 [ 3552.371927] ? btrfs_remount+0x11f0/0x11f0 [ 3552.376154] ? rcu_read_lock_sched_held+0x110/0x130 [ 3552.381171] ? __lockdep_init_map+0x10c/0x570 [ 3552.385658] ? __lockdep_init_map+0x10c/0x570 [ 3552.390152] mount_fs+0x97/0x2a1 [ 3552.393512] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3552.397990] do_mount+0x417/0x27d0 [ 3552.402473] ? copy_mount_options+0x5c/0x2f0 [ 3552.406872] ? rcu_read_lock_sched_held+0x110/0x130 [ 3552.411869] ? copy_mount_string+0x40/0x40 [ 3552.416083] ? copy_mount_options+0x1fe/0x2f0 [ 3552.420568] SyS_mount+0xab/0x120 [ 3552.424007] ? copy_mnt_ns+0x8c0/0x8c0 [ 3552.427876] do_syscall_64+0x1e8/0x640 [ 3552.431744] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3552.436694] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3552.441880] RIP: 0033:0x45d08a [ 3552.445113] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 3552.452805] RAX: ffffffffffffffda RBX: 00007f1d3bb83b40 RCX: 000000000045d08a [ 3552.460065] RDX: 00007f1d3bb83ae0 RSI: 0000000020000100 RDI: 00007f1d3bb83b00 [ 3552.467326] RBP: 0000000000000001 R08: 00007f1d3bb83b40 R09: 00007f1d3bb83ae0 [ 3552.474580] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 3552.481840] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 3552.491028] ------------[ cut here ]------------ [ 3552.495793] kernel BUG at fs/btrfs/volumes.c:890! [ 3552.500926] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 3552.500933] kobject: 'brif' (ffff888083f92600): calling ktype release [ 3552.506291] Modules linked in: [ 3552.512927] kobject: (ffff888083f92600): dynamic_kobj_release [ 3552.516051] CPU: 1 PID: 27587 Comm: syz-executor.5 Not tainted 4.14.154 #0 [ 3552.521948] kobject: 'brif': free name [ 3552.528900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3552.543310] task: ffff88800e89a200 task.stack: ffff88801f9d0000 [ 3552.549436] RIP: 0010:__btrfs_close_devices+0x7d8/0xa90 [ 3552.554786] RSP: 0018:ffff88801f9d7700 EFLAGS: 00010246 [ 3552.560130] RAX: 0000000000040000 RBX: ffff88804dbfa480 RCX: ffffc90008e45000 [ 3552.567381] RDX: 0000000000040000 RSI: ffffffff8265e758 RDI: 0000000000000282 [ 3552.574687] RBP: ffff88801f9d77c8 R08: ffff88800e89a200 R09: ffff88800e89aac8 [ 3552.581936] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88805b8372c0 [ 3552.589185] R13: ffff88804dbfa548 R14: fffffffffffffff4 R15: dffffc0000000000 [ 3552.596448] FS: 00007f1d3bb84700(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000 [ 3552.604665] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3552.610531] CR2: 000000000075c000 CR3: 000000005881f000 CR4: 00000000001406e0 [ 3552.617792] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 3552.625043] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 3552.632730] Call Trace: [ 3552.635313] ? __mutex_unlock_slowpath+0x71/0x800 [ 3552.640146] ? btrfs_alloc_device+0x6a0/0x6a0 [ 3552.644626] btrfs_close_devices+0x29/0x140 [ 3552.648928] btrfs_mount+0x1fd9/0x2b28 [ 3552.652796] ? lock_downgrade+0x740/0x740 [ 3552.656921] ? find_held_lock+0x35/0x130 [ 3552.660962] ? pcpu_alloc+0x3af/0x1050 [ 3552.664834] ? btrfs_remount+0x11f0/0x11f0 [ 3552.669051] ? rcu_read_lock_sched_held+0x110/0x130 [ 3552.674054] ? __lockdep_init_map+0x10c/0x570 [ 3552.678532] mount_fs+0x97/0x2a1 [ 3552.681878] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3552.686352] ? find_held_lock+0x35/0x130 [ 3552.690403] vfs_kern_mount+0x40/0x60 [ 3552.694207] btrfs_mount+0x3ce/0x2b28 [ 3552.698008] ? lock_downgrade+0x740/0x740 [ 3552.702149] ? find_held_lock+0x35/0x130 [ 3552.706205] ? pcpu_alloc+0x3af/0x1050 [ 3552.710091] ? btrfs_remount+0x11f0/0x11f0 17:54:10 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) wait4(r0, 0x0, 0x9000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) r2 = memfd_create(&(0x7f0000000000)='cgroupcpusetposix_acl_access+\x00', 0x4) ptrace$cont(0x7, r1, 0xdb, 0x9) ptrace$setopts(0x4206, r0, 0x0, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r3 = getpid() sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r4 = getpid() r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, 0x0) write$UHID_CREATE(r5, &(0x7f0000000380)={0x0, 'syz1\x00', 'syz0\x00', 'syz0\x00', &(0x7f0000000100)=""/238, 0xee, 0x7ff, 0x7, 0x6, 0x5, 0xdc1}, 0x120) sched_setattr(r4, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r6, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r7, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r8, &(0x7f0000000100)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000600)={0x14, r9, 0x701, 0x0, 0x0, {0xd, 0x0, 0x1a0ffffffff}}, 0x14}}, 0x0) sendmsg$TIPC_NL_NET_SET(r6, &(0x7f0000000280)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000240)={&(0x7f00000004c0)={0x1d0, r9, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0x120, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0x0, @mcast2, 0x8}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xc1, @ipv4={[], [], @local}, 0x80}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x10000}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x83}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x100}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x401}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}]}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xe0c}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0x3ff, @mcast1}}, {0x14, 0x2, @in={0x2, 0x4e24, @multicast1}}}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10000}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8}]}]}, @TIPC_NLA_NET={0x70, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7fffffff}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xfffffffffffffff7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x80000001}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x100000000}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xffffffffffff7fff}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x1}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xffffffff}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x9}]}, @TIPC_NLA_MON={0x2c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffffffd}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7f}]}]}, 0x1d0}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) kcmp(r3, r4, 0x6, 0xffffffffffffffff, r2) ptrace$cont(0x9, r0, 0x0, 0x0) 17:54:10 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab35f4ad614fd33cebbc150bb2b03b5b2461179f5f90bba001b50c0da6218a8106df2858ec973328e5a2c078a3fe3b52020203517e25ee74e82ba80a0fa881e689f7615baf78f08ea33bcb860d6a0b61193d4a1cb622431d42fee5e91531bfdfe5cb19ff1", 0xa7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1f) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 3552.714328] ? rcu_read_lock_sched_held+0x110/0x130 [ 3552.719361] ? __lockdep_init_map+0x10c/0x570 [ 3552.723853] ? __lockdep_init_map+0x10c/0x570 [ 3552.728351] mount_fs+0x97/0x2a1 [ 3552.731723] vfs_kern_mount.part.0+0x5e/0x3d0 [ 3552.736220] do_mount+0x417/0x27d0 [ 3552.739759] ? copy_mount_options+0x5c/0x2f0 [ 3552.744169] ? rcu_read_lock_sched_held+0x110/0x130 [ 3552.749193] ? copy_mount_string+0x40/0x40 [ 3552.753415] ? copy_mount_options+0x1fe/0x2f0 [ 3552.757918] SyS_mount+0xab/0x120 [ 3552.761362] ? copy_mnt_ns+0x8c0/0x8c0 [ 3552.765243] do_syscall_64+0x1e8/0x640 [ 3552.769139] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 3552.773983] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 3552.779153] RIP: 0033:0x45d08a [ 3552.782321] RSP: 002b:00007f1d3bb83a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 3552.790015] RAX: ffffffffffffffda RBX: 00007f1d3bb83b40 RCX: 000000000045d08a [ 3552.797275] RDX: 00007f1d3bb83ae0 RSI: 0000000020000100 RDI: 00007f1d3bb83b00 [ 3552.804554] RBP: 0000000000000001 R08: 00007f1d3bb83b40 R09: 00007f1d3bb83ae0 [ 3552.811812] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000007 [ 3552.819068] R13: 00000000004c9e4d R14: 00000000004e1b50 R15: 0000000000000006 [ 3552.826318] Code: c1 ea 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e 59 02 00 00 48 8b 45 80 c7 80 10 01 00 00 00 00 00 00 e9 e2 f8 ff ff e8 78 52 f7 fe <0f> 0b e8 71 52 f7 fe 0f 0b 48 89 f7 e8 67 05 21 ff e9 ad f8 ff [ 3552.845525] RIP: __btrfs_close_devices+0x7d8/0xa90 RSP: ffff88801f9d7700 [ 3552.854496] ---[ end trace 421ab838ba1a7880 ]--- [ 3552.859656] Kernel panic - not syncing: Fatal exception [ 3552.866328] Kernel Offset: disabled [ 3552.869959] Rebooting in 86400 seconds..