D_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) 02:11:05 executing program 4: r0 = socket(0x11, 0x4000000002, 0x19) syz_open_dev$midi(&(0x7f0000000100)='/dev/midi#\x00', 0x1, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x1000000400, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_TIMEOUT(0xffffffffffffffff, 0xab09, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x0, 0x0) mknod$loop(&(0x7f00000002c0)='./file0\x00', 0x40, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, &(0x7f00000000c0), 0x0, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000080), &(0x7f0000000180)=0x8) sendmsg$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000200)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4fcb4de25eece47a6b23ea76b836c0f121e20311b5ad2b0bd713d528f24be588962fabc2a220a5ab848639ff13a3129a8818b0990d752bc25c4a9bbeaecd60"}, 0x60, &(0x7f0000000340), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="105500e2ff0000008300000000c76a00"], 0x10}, 0x0) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f00000001c0), 0x10) write$FUSE_NOTIFY_INVAL_INODE(r1, &(0x7f0000000280)={0x28, 0x2, 0x0, {0x3, 0x10001, 0x8}}, 0x28) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000000)={'lo\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f00000000c0)={'lo\x00@\x00', 0x101}) 02:11:05 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1}]}, 0x210) 02:11:05 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) openat$smack_task_current(0xffffffffffffff9c, &(0x7f0000000280)='/proc/self/attr/current\x00', 0x2, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x1, 0x31, 0xffffffffffffffff, 0x0) r2 = dup3(r1, r0, 0x80000) setsockopt$inet_sctp_SCTP_RECVNXTINFO(r2, 0x84, 0x21, &(0x7f0000000100)=0x7, 0x4) setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000240), 0x4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f00000000c0)={0x4, [0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000140)=0x14) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000540)=ANY=[@ANYRES32=r3, @ANYBLOB="050001030014006d6b528ae15fd5a828f824010071650000fc"], &(0x7f00000001c0)=0xa) setxattr$trusted_overlay_origin(&(0x7f0000000200)='./file0\x00', &(0x7f0000000040)='trusted.overlay.origin\x00', &(0x7f0000000080)='y\x00', 0xffffffffffffffb1, 0x0) getsockopt$sock_buf(r1, 0x1, 0x3b, &(0x7f0000000300)=""/150, &(0x7f0000000000)=0x96) r5 = getpgrp(0xffffffffffffffff) capset(&(0x7f00000003c0)={0x399f1736, r5}, &(0x7f0000000400)={0x1ff, 0x0, 0x2, 0x0, 0x5d48, 0x2ec2}) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f0000000440)={r4, 0x40}, &(0x7f0000000480)=0x8) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f00000004c0)={r6, 0x10001}, &(0x7f0000000500)=0x8) 02:11:05 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000080)=0x4) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r0, 0x641f) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r0, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r1, 0x800448d2, &(0x7f0000000140)) 02:11:05 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d7660") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) 02:11:05 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1}]}, 0x210) 02:11:06 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d7660") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) [ 832.931340] kernel msg: ebtables bug: please report to author: bad policy 02:11:06 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:06 executing program 1: r0 = socket$inet(0x2, 0x2, 0x1) setsockopt$inet_int(r0, 0x0, 0x14, &(0x7f00003b9ffc)=0x40000000000800, 0x160) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000469ffc)=0x7fe, 0x4) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000100)={0x2, 0x4e24, @local}, 0x10) recvfrom$inet(r0, &(0x7f0000000000)=""/248, 0xf8, 0x40012000, 0x0, 0x0) 02:11:06 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1}]}, 0x210) [ 833.036970] kernel msg: ebtables bug: please report to author: bad policy 02:11:06 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x1ad, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:06 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) [ 833.156074] kernel msg: ebtables bug: please report to author: bad policy [ 833.299875] device lo entered promiscuous mode [ 833.314692] device lo left promiscuous mode 02:11:06 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x820000}, 0xc, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="000329bd7000001a00000e000000"], 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x4) mount(&(0x7f00000004c0)=ANY=[], &(0x7f000000aff8)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, &(0x7f0000000000)) sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) chdir(&(0x7f0000000340)='./file0\x00') symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10000, 0x8) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) getsockname$netlink(r1, &(0x7f0000000380), &(0x7f0000000580)=0xc) execve(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380), &(0x7f0000000ac0)) ioctl(r0, 0x8912, &(0x7f0000000a00)="153f6234488d") r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000006000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000100)="66b91000004066b80000000066ba000000000f30baa000eddb8f05000f89ae6a660f3a22efa80f09f00fc709f20f1ab60d0066b93608000066b80000000066ba008000000f3066b9800000c00f326635000800000f30", 0x56}], 0x1, 0x0, &(0x7f0000000080), 0x0) ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4008ae93, &(0x7f0000000180)=0x4ffd) stat(&(0x7f0000000040)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0}) r4 = geteuid() lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0}) r6 = getuid() stat(&(0x7f0000000500)='./file0\x00', &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000540)='./file0\x00', &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r0, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0}) r10 = geteuid() r11 = geteuid() fstat(r0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f00000008c0), &(0x7f0000000900)=0x0, &(0x7f0000000940)) fstat(r0, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fsetxattr$system_posix_acl(r2, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f0000000ac0)=ANY=[@ANYBLOB="02000000010006000000000002000600", @ANYRES32=r3, @ANYBLOB="02000000", @ANYRES32=r4, @ANYBLOB="02000000", @ANYRES32=r5, @ANYBLOB="02000400", @ANYRES32=r6, @ANYBLOB="02000400", @ANYRES32=r7, @ANYBLOB="02000400", @ANYRES32=r8, @ANYBLOB="02000200", @ANYRES32=r9, @ANYBLOB="7f7d2125", @ANYRES32=r10, @ANYBLOB="02000300c788e4d327dfba9fdebcbc7332f0b3b93c35bb022e5cab82716c6b9bab9c", @ANYRES32=r11, @ANYBLOB="02000000", @ANYRES32=r12, @ANYBLOB="040003000000000008000100", @ANYRES32=r13, @ANYBLOB="08000600", @ANYRES32=r14, @ANYBLOB="08000200", @ANYRES32=r15, @ANYBLOB="10000600000000002000040000000000"], 0x8c, 0x1) 02:11:06 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:06 executing program 1: preadv(0xffffffffffffffff, &(0x7f0000001380), 0x0, 0x0) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(0xffffffffffffffff, 0x84, 0x20, &(0x7f00000004c0)=0x3aa0, 0x4) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)) socket$bt_rfcomm(0x1f, 0x3, 0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000680), &(0x7f00000006c0)=0x8) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000003c0)={0x53, 0x0, 0x21, 0x0, @scatter={0x0, 0x0, &(0x7f0000000440)}, &(0x7f0000000580)="5f39203a1ec61c000f2657a275e0338c73d24faf8117a1bbcec4ae78adceccee3f", &(0x7f0000000100)=""/44, 0x0, 0x0, 0x0, &(0x7f00000000c0)}) epoll_wait(0xffffffffffffffff, &(0x7f0000000080)=[{}], 0x1, 0x0) syz_execute_func(&(0x7f0000000280)="43cff3430f5db61f8a8a32d23e40da0d0c000000c4427da828c4e3fd6fcbcf340a0f75b700000000bc0f0f52fb1c66420f635313") 02:11:06 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:06 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x2b9, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:06 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) [ 833.405859] device lo entered promiscuous mode [ 833.458976] kernel msg: ebtables bug: please report to author: bad policy [ 833.482441] sd 0:0:1:0: [sg0] tag#145 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK [ 833.491072] sd 0:0:1:0: [sg0] tag#145 CDB: Persistent reserve out, sa=0x19 [ 833.498182] sd 0:0:1:0: [sg0] tag#145 CDB[00]: 5f 39 20 3a 1e c6 1c 00 0f 26 57 a2 75 e0 33 8c 02:11:06 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) 02:11:06 executing program 1: sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x440000000000009) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x100, 0x0) ioctl$KVM_SET_TSS_ADDR(r0, 0xae47, 0xd000) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @ipv4={[], [], @remote}}, 0x1c) sendmmsg(r1, &(0x7f00000002c0), 0x400000000000015, 0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000ffe000/0x1000)=nil, 0x1000}, 0x1}) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x100, 0x82}, &(0x7f0000000180)=0x1df) [ 833.506984] sd 0:0:1:0: [sg0] tag#145 CDB[10]: 73 d2 4f af 81 17 a1 bb ce c4 ae 78 ad ce cc ee [ 833.515828] sd 0:0:1:0: [sg0] tag#145 CDB[20]: 3f 02:11:06 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:06 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0x0, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:06 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) 02:11:06 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x820000}, 0xc, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="000329bd7000001a00000e000000"], 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x4) mount(&(0x7f00000004c0)=ANY=[], &(0x7f000000aff8)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, &(0x7f0000000000)) sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) chdir(&(0x7f0000000340)='./file0\x00') symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10000, 0x8) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) getsockname$netlink(r1, &(0x7f0000000380), &(0x7f0000000580)=0xc) execve(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380), &(0x7f0000000ac0)) ioctl(r0, 0x8912, &(0x7f0000000a00)="153f6234488d") r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000006000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000100)="66b91000004066b80000000066ba000000000f30baa000eddb8f05000f89ae6a660f3a22efa80f09f00fc709f20f1ab60d0066b93608000066b80000000066ba008000000f3066b9800000c00f326635000800000f30", 0x56}], 0x1, 0x0, &(0x7f0000000080), 0x0) ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4008ae93, &(0x7f0000000180)=0x4ffd) stat(&(0x7f0000000040)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0}) r4 = geteuid() lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0}) r6 = getuid() stat(&(0x7f0000000500)='./file0\x00', &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000540)='./file0\x00', &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r0, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0}) r10 = geteuid() r11 = geteuid() fstat(r0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f00000008c0), &(0x7f0000000900)=0x0, &(0x7f0000000940)) fstat(r0, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fsetxattr$system_posix_acl(r2, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f0000000ac0)=ANY=[@ANYBLOB="02000000010006000000000002000600", @ANYRES32=r3, @ANYBLOB="02000000", @ANYRES32=r4, @ANYBLOB="02000000", @ANYRES32=r5, @ANYBLOB="02000400", @ANYRES32=r6, @ANYBLOB="02000400", @ANYRES32=r7, @ANYBLOB="02000400", @ANYRES32=r8, @ANYBLOB="02000200", @ANYRES32=r9, @ANYBLOB="7f7d2125", @ANYRES32=r10, @ANYBLOB="02000300c788e4d327dfba9fdebcbc7332f0b3b93c35bb022e5cab82716c6b9bab9c", @ANYRES32=r11, @ANYBLOB="02000000", @ANYRES32=r12, @ANYBLOB="040003000000000008000100", @ANYRES32=r13, @ANYBLOB="08000600", @ANYRES32=r14, @ANYBLOB="08000200", @ANYRES32=r15, @ANYBLOB="10000600000000002000040000000000"], 0x8c, 0x1) 02:11:06 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x1fd, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:06 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:06 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0x0, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) [ 833.708287] kernel msg: ebtables bug: please report to author: bad policy 02:11:06 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0x0, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) 02:11:06 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:06 executing program 4: mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x800000000008031, 0xffffffffffffffff, 0x0) syz_open_dev$dmmidi(&(0x7f0000000140)='/dev/dmmidi#\x00', 0x0, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, &(0x7f00009ecff8), 0x2, 0x3) move_pages(0x0, 0x1, &(0x7f0000000040)=[&(0x7f000093c000/0x1000)=nil], &(0x7f0000000180), &(0x7f00000001c0), 0x0) lstat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000080)) 02:11:06 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0x0, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:06 executing program 1: sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x440000000000009) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x100, 0x0) ioctl$KVM_SET_TSS_ADDR(r0, 0xae47, 0xd000) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @ipv4={[], [], @remote}}, 0x1c) sendmmsg(r1, &(0x7f00000002c0), 0x400000000000015, 0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000ffe000/0x1000)=nil, 0x1000}, 0x1}) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x100, 0x82}, &(0x7f0000000180)=0x1df) [ 833.819909] kernel msg: ebtables bug: please report to author: bad policy 02:11:06 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0x0, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) 02:11:06 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x2a8, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:06 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x108) 02:11:07 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x0, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:07 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) 02:11:07 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(0xffffffffffffffff, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) [ 833.990280] kernel msg: ebtables bug: please report to author: counter_offset != totalcnt 02:11:07 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(0xffffffffffffffff, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:07 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x29, 0x20000000002, 0x0) ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000100)) write$binfmt_aout(r0, &(0x7f00000000c0), 0xfffffdef) [ 834.089866] kernel msg: ebtables bug: please report to author: EBT_ENTRY_OR_ENTRIES shouldn't be set in distinguisher 02:11:07 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x0, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) [ 834.217228] kernel msg: ebtables bug: please report to author: EBT_ENTRY_OR_ENTRIES shouldn't be set in distinguisher 02:11:07 executing program 4: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) sendto$inet6(r2, &(0x7f0000000100), 0x1ea, 0x20000001, &(0x7f0000000000)={0xa, 0x2}, 0x1c) vmsplice(r0, &(0x7f00000001c0)=[{&(0x7f0000000300)="f38589b17845fa99785cd05fa95444209c67a5ca274a1f86e32f923c14f20d565683927e722717aae15ef02c569014cbc43fab608e67b0d37269ac103613cc0dc04c2f195e8de918270a729c7d1ab00dc5a664219ff2eac57ed79066d0e0a42dac02b2ae40cddc2719663751ac1b9bab7a64a01a45a18cf9feb8428c80c009039c8674eeb41e5861b855297bc6aefa1c8ace4f471e182a32f3c76c463835bf9e3628916f8f468e09243876cff5255a63f62b67c6b589039e36d76a6dd418b6abaf4f2e821efb0dcb6457678b3c02d17cd2781a6cc313c7327860c2570b93db638d230ce02a51132115e0334d8b246e0dfd72fa43425e000a2e57b19895183906bee068e10ab72a49f405f1938ce9b638551e628e43217dfb3fb8d15e3efc556449e8d1e8371f71743a52180fd51d07e965961e9c89152dd9cb32a0c541f62752006902b6ddc0ebccbb42fa057cb533a029325c023e0536d3954d6eb57d4442ef99cd30aed359c52cd2a6f5db3d4aaff12f2942c44a4e863cfeab03cbb63f15fca18e1184a9cf3b8ce0a7f566c7554c7075af447c70edc8c06845dd93ae0dbc869c6afa98cd59053cfce05b144ae530866e1305b2b753027c134f4d10414ada35f2c19b60d9b378b52ebfab4ac8cbed4fc18c2da6a079507b2e4ca64dd65dca420bd4022c79eda92306d074c17682dfa3e29e9d8ba1973c4422421c7348d17b32988ddb98f5e9d4e9fae7be7358bf87f07a1ed8e8e1656889930de533c562800bc3c16dabb0af29c73f0ff0fde6c308d0f904cae9a261acd5214000971805bde915ec0f1a3862d36e636d45cbdef1df67c3eb8bfbcba8abcd151f43aa2d0e5a2625b2e3d447399fae2f65ac1809c165de573f9757f9f2dfa85b64e209cd4aa10674c2a8b5eb61f9679aeed8595bcb0ada3c4def9feb59a2aef58db82b7994620dbda4c9a2095906f0cbdae15aad5e1a812c008c9a8bb71e84138d462bf4ee13dc8920c14580937a1be24aa0fa2cddf5549992dbe00266ad766e714c2b0ad2cf8ad5367be2c4f8da08d058c86dfcd07954105a1b2144a31f9ceb7216acf6362116cb730d2cd22fa1617c98121199a335715eff549022f9870ac06555938b0e6a373fa8a0f7e4ee30cde1fa98213596df5284dd2d31bf77e2a2270266fb91c22695f405e4f53ab582c2b6558e8bbb8613ba5b10305178396c02c51506dae317f79e472bcc95b3f5f2a0d306b2cf93e347b045884127f5c534de6701c4eb155f26aec72927cf776a671afb7374b827d434079c935f31ca193bc49a3ab41950831e0b443f03cc5fd6265df0f09234e08d348b3f19a607a8402d9b3d39905e9eef4db44f5daf5ff350e3f12b08688376a4df4306cce40b9306cf79c6e615563942d996e2aa1685b03df28e1e63d713805742443a1ab2eccf8db9434dadeb767bb85615be0bf2e97a4adf1c7c4687619227bc9029d026c57fd4abb5b0caa9535b73d82733f9602d439aaeb5ca6baf1e5f785d2cc46d4e417034695f1988486e7fffd8ea278709a61e689be8729bc4dc7e716508349190868c77faa405d2c9d75d37b8ab4836a8263a4c2267ea84895e996b0771bc2014aefb1b7f85adb93a773213ef0a71b234f1d61f8d74ed57ffaaae1d301fb39112ca302440885bfb0a8cbde4be49f4abad97949e879f31df06920a2feae1f6cf3ace740ba43b7d349abf433bd45a3e23eeee4147ee5d01ea529a2003cea5f3e7b4a852d3f93e560e1236ce18aa5406af81d06d8c6d69689f3f7122441c16e4d24a02de52ebe81bd68f51a7e36400e903bcbc46d67d841e2f0899d4953a83164aa57ea099cef3a9c3727c4fa60445b0eb16a758faef8e0050c4d53050c871ba0fda6294f1111d271697baf02f033362404f133a4b3c3ab7e1f6453ff954e94443a84e493d05865b8948bb12a087317c41bd62b62ed8763d18e3627a92a917ab9dc6cb1fc157e3cd3f17146c03a3471a5d18f89c2be8607f45da6f0e126673e79fe3f369b8c1b4775353906dd5b2242497864d80b3e7f6deea87c612d09f195925fd26d100a14db437b9eaa902ce320cc365eec466ab78422f042ea38aeb1ae27f4be4b47625555ec5d567f946b296ce1bb62c12b9eef5b2cac6390b021f47e765e14ce9a85107a41cb88ff540506155e79ea9d904b0dbd9ad0b70ffdc6ea41a8f0b64fc7371bbbeae8da689224a8ae1c5aa98cf838afafc1246e9202fe90b1295f6a9ad2874b67416a7fe170ae7ab1cd0948a9f867f3081fe29181133743d4d152c1fa0f38e8ae8a35771fe960e13f4372c2398295a82cde3eadae3ce30b101a3073d3762e38940e66c3fd653b9dc100bca0a66ce77214f7d5e778dca3068b4699e892d068a02e9c8b45a6fe7fc8efbf145025c04a134503c30d201d2dde6b5b51e13c47a58ecc8a7c1e4fecb7ce850024b3772f4688bd13d955356b1748a532171600a43eb58317ca7374192945dcd1670210341eb13ad5d7084842a666527e1e6e750534249f1bc56841ec94c14f395fc75eb714782e7abafc3bfe021463090b613b47e402d10746d4eacd336acc7087e4cacebd072a61048aeaa57c73e71956dfc6cc9c2e1080e491401cb83efba936664361b92dc55b488c9433420cb7d66d373dd8b6e9a071150d1fb75335d400ad172f51e77adb9f03c2b07391a255e9ab5cdbd671d0345405f3a80e714e19c184a5f3826f0e4da05bc9c909ec574eceb6e5efb77eb9e37e6374ea690fd92a8037cd8d46a4042e3df0df453c4d140d1a43f8f40618bfdbd98f8427289035a287317d4419df09505ac093c77a7e2278516ce6af9c9d736cbe9520257f9f88fe76b1a0e8cf3a46b9e0cecb549a8067cfcb10ad9dac4f6636701eedd59364e8afdae2f669b3749203478836955bee3a639f0bbce768cbefcbaa19559c68d122e0a967e7a7960f6825d14a210d998ed192b12ed32c2d1412e387c7742f55ced965928c280b65abef4abcf48541721126b549be0500d872336f80e447d09939576b31c10ac788e66474712814fad6a194eed4b6ecee567da365b4797c54d51c3fbeb08328551486119168c297f696af2267793c1f888acdc65fa8103d3a7784ae14480760ee57ba86c9d61ff48821ace4ba8d5221ccb63f529e53a500b8a62d7c578fec7d7b99ae458e0a873db11a23b05fd2fb04e362526317c71ecdf8f3184f3334f21343871eb26b32a60e0cc8761acf885f5471416f58d3453665c9d4536026d42b367de7cf9469f97d3f0b0371d033f1bc1f3e0f32412c8f55d8135d1a633a884282dc2de188f3a50f4eb0a3a18664f7bf788bd65b827ff044be4a36df5ba309c34f074aee5ee8ca801fb6c5bc115783f0f12d3f9a4af310253671e633506005110cbc1550a0ae1a8d1045d2bdac606692fc42ab8bc77bbb4612e22e416e1576b971bb9b6d98046a4f6411d158f359159059f4e132969285fa02b4bec5aadbaddf7f8131a88321a824b4708c844c74817f454995415af7dee33fabeb6770e557947183b4311af1922665744a587365f2dcb843ed69e29993fe2f4c22683d71d488fe97527090036380e7c7e54a571dfa2ae1dac240f230dea790671ca1a0ab0745ecab25558d86c4147b9206e8607a6acd2f3c96a79b6df97d9467ab392467757f00290d18929bfd131d42917f92b4a77ef22f79915e4788c534be503caffd16989837c62d15734ebba948caaeaf26b3a760fb56a114cf07b855a32bbe6bec3a7a6ab4a1d1ad828b46ca92601096ff7bb1f86587f51c5ab770198917059e45c85e3a925213b198b5ec53ac610fd42f4449e5aedfae511fdbde7eb9d0babe95d53d9bcf90c87d43971b3b74d5e57ae499a2d0480365081405e0054da9d3ef7e458c46ce3009b5dc2ff3de064d7046459c4482d7f157a6cf6b0e8b4a908a0723f92b31ccca0f0b4b5c2bf4b5fb54dfa6bdf401795528d04823a0cb5f5c835e9f155b094985491ad850c33fb203f15c2dfd3912a2ea77e3e13bd4dd21bf834fe066d848b8eadc2595f5372ebe8b5b98f7628a62628b703059babb1c105ae0b2d7b6bab2893e2c0c80ed96d20d346b0c285c6b19e9971ef05aa9a4857dac2ac57351fa1558baeb0b0e4c46b359250bf25da859a879e6e2fe2ce8536a17bcc35b2f31fe9e265700f8b16a0620bd2aad6a860540ea10edd493b1ed74268a8bccb2ddf29351208d2e971bafeb954465f2124296d66acb59ebcb8d78cd9d21b836458005966ee598a41322911625d80b5644561131def259f775712242e60c57bb95bd0f1df02e35896c011edf106c9393d31cb4432012ff509181456ee0b38b96307d862d753311e84a786cd82157e39907e01e6aa4ae8ad040e9bb807f1b1974e6a3c26ebcc6e3f56986179159278a32f942cd2f2c2622cd75c99414835116c8cd6d805111b4e31b83a3ea9283015aa1feacf2a88584ca305cdb387dfdeeaed516036e39063f4f24a5c47f25468c560ca520407126abf04659048bd0ae5e92496367dca882b592898eeb4005960b974f87f29e341e07c7a54871869ec470f9da9a812ead78a04e0357d26d96cce1292af37685538eb7c191fdaed4059ec0f2c1de4cbcf18b0cacf77e46d4335ffd324f25c1320e0be6eab50edaa2aa9f4ced99ac1ca45bc421161b802b5d75ef471c2beada06f4cccfcc86a937ef8d88f1275229b85", 0x812}], 0x1, 0xfffffffffffffffc) splice(r0, 0x0, r2, 0x0, 0xab11, 0x0) getsockopt$inet_tcp_buf(r1, 0x6, 0x3f, &(0x7f0000000040)=""/48, &(0x7f0000000080)=0x30) 02:11:07 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(0xffffffffffffffff, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:07 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x1a}, 0x20) 02:11:07 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x214, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:07 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x0, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:07 executing program 1: mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x2000000, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x800448f0, &(0x7f0000000b80)) 02:11:07 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x150, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0x70, 0xc0}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x1c8) 02:11:07 executing program 3 (fault-call:5 fault-nth:0): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) [ 834.561078] kernel msg: ebtables bug: please report to author: EBT_ENTRY_OR_ENTRIES shouldn't be set in distinguisher 02:11:07 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:07 executing program 1: syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x8, 0x10a0000) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00', 0x5, 0x40000) getegid() mkdir(&(0x7f0000000180)='./file1\x00', 0x0) mount$9p_xen(&(0x7f0000000040)='/\x00', &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='9p\x00', 0x7048, &(0x7f0000000640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000100)='ext-\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000540), 0x820, &(0x7f00000005c0)={[{@noblock_validity='noblock_validity'}, {@grpid='grpid'}, {@usrquota='usrquota'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}]}) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)}, &(0x7f0000000280)=0x10) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000340)=r1, 0x4) mkdir(&(0x7f00000001c0)='./file1\x00', 0x20) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000400)={{{@in=@loopback, @in6}}, {{@in=@loopback}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000500)=0xe8) ioctl$VHOST_SET_VRING_ENDIAN(r0, 0x4008af13, &(0x7f0000000300)={0x3}) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000003c0)='./file1\x00', 0x8, 0x5, &(0x7f0000001800)=[{&(0x7f0000000600)="fbfbea723d673c3bd5ec65569810e0b23683511b904fc6cb40da65e94eff13a7ff8fd889e9ebe8ea2de010fa07f4ed2b8c6eb850fe24232c70994de687dce4e68b54e6c0fdff14591272a3203180f7e996b50accca783e18de0966541bd371cb8c5e352adf298f7779ae032b5ae3aad0a14d38f9ac5eadc94c1d498092bd7d5d794af48f3a8d51096e7c0eaa7b614bc3565709b15cb17ebb4c52aa7e38884dea42d1983f2ae1a76925a3b93e788bf5681e479aad5b1854a44658dd6f6fdd87cc7c114a02455ba2ae3f0a847865a5b6c1765dca7ea4ddaa", 0xd7, 0xe23}, {&(0x7f0000000540)="cd0a78057070cc1da8a2f3d7700c5d4a2bde6d272d961e60ac3f2ee910d084a44857a1357dfa67c47722413e07f6d9dd7e303ecb14e5a11034", 0x39, 0x61}, {&(0x7f0000000580)="ff095e998fa2df87b6a41bff", 0xc, 0x7fffffff}, {&(0x7f0000000700)="dd89c26fd0b0439a0e5a4cc3bc2a985010cde38931b6731263683bc9a4e15167e95640f24e813636039115dbe78c307d6ac8deba004f8a159461bbe54bce0980858d20f4b0e069e78dabf03085714622239a70db48cf79a6a26f3012b87c27eb8c0fd513a023e6e3957ca756d1980f4b16d8c885584676897bc091a50882e2490966c8144ba672393c6842bd1a05af858a918e431dbc239fd88f86282a2c703e11cf0d646a3db4a117ae5112289e429ed3369ad31f9579ab7ea1ba1e43358f792d163cb5b62b13c52af18148b5afd8ad62c83da472daccf7d940f1c4ce3ac5ac01398aca6f362f", 0xe7, 0x32af710e}, {&(0x7f0000000800)="24627729e060a3235b9fdd44e965605a0ab7d5ed8ccc1a51a0788d67a1f701274c7ec0466f99f22615d121dddf1800ecddfa84218d6f0e4eda7831e11c27544fadd9022f336cb955aca52bad587057d0b12dba14f789a56deaa5d034b83760968828e89d0cf65546fbef55a99db7bb7181f8b72db604fb89302e11cdd6395d30300794970c7c99a04872cf10b0ee547d2ce359ca1103e8b1ea70ce97fa5cf70d9223f7f57713877562ee1bc7cffba3d31121009b199ce9cc1ec0b57b35dfba1f7a89c5b5010bf8205fadc3a65a8ff17eb5d35b6c80bb7c16e1e400eb9eb41ce754b541ab93320dc59edc6009531e053f37ad82faa749082343372071e805b785b1f07026f8a5ba706eb15ac839f92dea0a6328ec9c1a2eae9b610f4d10070d034de128e24bd7f8f9bec7a5238502a34155358e90ca14e249c84a4f1b44a48f232d1c027afa6bee3f8ca68d16832d5b89fe344209bd6f20c555b604c43cfb50df875648b94be6703cb6be0f131b96c1230658d82c381b51a209b81aedf9ae849ffbb3ae2b40196d3653d50f6335c0909e227f89cbcd100dae7b2ffe008d1bb633382c33e3e0a564a496363fd81780ea1701430461dd05bf77a6e86062eaf29613af5af17a41bc0c1aded73ddc66c2ee90331aacab999787a0773145d2f27067b9040d19d1f6fc7b0ebce967e334a81be4fb9f5bb4e5d09b4f82b8e20f8fddb09482546aa59a7fd88f4b6d6391b0fad4c5e91c2e25c70f540b8296509d660c30c7be29f9a1971abce8cddf979ec63e1d4ab9030c3ba776c87a4173777ed1e7cae1e5c8105b87a354d30e978414c846dd1aee9d5231d8a05bfbbca908c6a1df4880ec755d236a61927c6532faee299d555b975c43d586663710b54325b00a1dbd0da1c69f47c62a4166732b95fa06fa9a62997fd43c9b4f6747af84b72c8a890f3d7725aebc388665ba54a6dd5771e5eb6860f3412a6c85124f49676af7107816733feae01057324bbb67fb91fe19a664170b6688a77f3d463d48efa41416c4f21e98c8b1b8283237d0134742f6c146ee949c5dd82ad5dead667f8a8161402bb5ad08f395d3c86c45fd3e9e80b20b32b1c2b683f08342844bf75000e898706b194f4eafd12f30c030b3b9463daa2c578ae59a1996795c14309dcdceca3553e32672fffaafa06eb43b6757a17dca9cd727018f67c2b7a490c6980a2f086d1a80cc8f0b5ec34ad79311caad177141c0cfca53e31561fa3e98102edd75800bf536a1a23cbf3f8eac7e5ff5d85a67aab2ae5e13422f56695ca8740ab0c246da9e961ec87e9bfacea8898ff3ed3c9a3a5ae6130d72ba2f6b2c584cbb70596b1a52c2c573bea8ac8c11ddc2c90e587b858ed19b1ccc1816182ba9d5557381e98aac9d455fcbba92c8c0ec7399135852d9d4a662159d21937fc936e1b3001147cf11777a27c1cf40b8d03982449cbe6399e12a43b7f00c5472d887e4ece59e006aa4a145601da7fd32404f9e29ce8ddd4f5a5efb4d69fa5b6ac6b761a7e5fe192f1b94118ef3b4eb8c75d823ec8734b1fedd6ec821125aae95700904be2039b10ca74d6caa56fa0d5d367d1f12056dc0b867ee45b5ab39838b592b9f9461fdb4d84df097887cdcb6f914fa80dd0d7414474a13805aa649fbe70575f8a1694fd839927d9044db528ade0db17c82a135d60f207cb00c65d1cdd26f04844c9df5033c19a2660082d0de99cdbed4b1ed6b4794b7a71d5ccf017d33f248ed770d340985a24bde3ce26b60dd436d0f4880087bef844700dfde9ff72d172833221eca85dd63e4e4da3a4cdecb062ff0355ade69b9b5fde0da1a02faad3de389ccab07b67311f79e83a1d11caca523424ce7769c191008b951c7a54e7d6f868ce61873a2f4134d7d94151bb3839cfe8874ef27f5da760a28aeebcbdec06a223fa2770895f22a931cd015a72e7602b506425da0ebbc3e590f232d477d50e181746f12ee063024813e93657d69b34b89df58da9fa8e130d8d531a11256130e45974dabd7aa672a70857f5556e9699c41dd5043e6197511b97f20ab9e0a2f6ed44986b1a9a3f090ec0cbb6b281ca46581ce31630f37c30be4f54915e4ca1c31ddedb2276d763dcb59495a1c0f902ab1523ec5d275dfbc34015f216c38d5bc85b777c00ac6e21a86a30f7e7ad86e9fb6a71c215fb904dfc376f1579469b70a2353ea618ec5f8bb7c7a709e83c68f0b8affac9825278c4445ac136a9bb8ea48557a78b5cdd10149b75668840b596e0f6ae2209f3f6b4d779a75621bb5a89b7cb97db1888637f70752f131e97e2c84affaed67dc60dba1771d6d4b0ddd691a06fee6a1ece15d0b905e84ba2cca2b79be9f7faa43fdf03d618e1fcea88ec0e72f6bac31c456f4cec4754266c9e68d9fcbeb31321f825dd688d5f29197da04eb5973a0fffd89f4f2c1c27d63d61ab9fc40ac8ee64ef471620adfd5a2b7f5efb475d004152f2f18e885b3a26c7226cbdddf16b2bafa273bb4c0504cb3efa317f696a0aaf3a715abae713ac4453b74f617e36d013a18f6e1d6039636af744f48abdea43bf3b91762f61e8229767427730385c9f805d7cdd65ab06299d740a001f982547877bacc2eac2f9023e9f5d6fb952db665c3f8be49c18690b7354724028686389d053f6ac449b05b7f509c679374a1abaab30b66eff0ac0432cb4bec78dac19284b913e3164eb36ebbf0eddef916c029403289637e771c9918d581d219a8e8452c66c3b7a0e450ae0cb4e4c34244842df42120ec4cce45ce9ef05294c54d09ee2bd3aa27184f001bf1c3a73f087bed0f7ae35c9e75b1301bd2a0911d9809ddc121fdf93cfba1868c1e6908355ea3ffffaf5cf0cfd8f9195d89d40e857ddeec25ae0066d2d1a2df31d5cc09468d8193d77efa368d2f21bf2bb9e4f1da7e2585b7b788ebc299d266f0a2f21b9d6bed115f726d56c94e26020277738b58f28f3462b6ab2c4544132509acf3f350312cabd4923e492fabebe031ef44552eabb81be52d25cdbfa16347299f36b01f92a23d2d54bf65f86ea40c264dd6e4061f9e97f4960c42d05fab6c2775d04e127b8464c13f1cdf3a705a946082258ca5c9426c3aa2f6005b64c72e73019de1db402912cb65cca62f04177fc610276a8d5fbefe02de7ca758e353213600886e7f197448f655073485c98f6c6e67ffa0105a0f79d4b166c4baaa0610b5d5ff6bbc9656a95d6c65fbe97a5c30a65ac6f8c81c8e0fac3174b3e59d9c6f5bc452bb9b2448ca1d57cd82c3a85a78d1c36da70d31e7f433d67b842a80f1e43d8f8ffeabd6bed2149e057d5d25a4b23c925ae70b51e1bd1575a29d6fb2d3daa56fea9a5736d1a6e61db1d267f9046372bd9c970b47c7cc56c73953f5dd1d25a5762ab94c458e251d1f461baf96a4fa7ed91486f8cb704678200ed6c8ee8d26369dc1fd570aa46790f96dda192a0f0d06ffb671500cfdd8dd38f9e90ee7a0ebb74977fb873bf7f8d1fe9bb4491ceb57e6a848c1e461c661b0d1a5366a78b473fe16ad8efe01006aa9b6eae39648905853024c74e759da06ccb068ea4ad47dfd285f54dd9a271a39b9063bc94331c79f288a57d185657f9bd5c4301c9bcecb0a3c5b3e893a0da1bb03ce526100b4e36b0e4b16e780e92e37f5f101f59a13a9756a956aadb0881ff66e17331afadcb10cb6de21ac96b5b380f312974278ffac30d0a69a8f46ae51e16d7266717569cb3063797d6f173622f654e68384a40ad836393ec6e2248cda9e4a51fec783169d49de8968043772cb46dca50b08b582fd949c70f4b1f1e5dcd0b9e576d724eef1909eaa291af0e73e061e3b26b21e2c5018bafaf206a27cb8d26a1b822995f9c7d1dafc9fa5a74057dc26f6cc5b55ac6414f71d586853869ef3b56f369da50e84dbc1d5fbb4ae9c99f500b5f9ba4242b5b8cd24515ef06bbe9b46e98fa25ba568dd804eebfaa7dd9355dbaf06962d0a603aa1c56b3211ae784b01a26a5f20b34d921b64c5cbe9f90ba49a8075aa4453d51a6b96ba9500f432258cfc2587be298018dd69367a07bf02f3a8d4dcedc400ec66e1b549dd43ed5e11ec580d81bdd430528b969e63acd4bdfe13e2264b0f11d826f5b63519946000404e2169472dfe83aaf9a7e5d4140b810e75c6d5284774fadbd96e8813dbf644dfe4e222682e59353927f758ff03d3a2f2455c82e589f8c896ff88448050c28d2523cf0d8dac2390c2d55691fe4d69480e9aa46f7707b31e6d4805b5eceb356574fb6c127bf1faa7e2ee0ba35034c4cd1713c446ff8c3235bb7882d353be520329ef6e8f12e5524fbbb78495a16bee449bd440d29d89fb902027f74a73359ed56453776450b3186247e2ea864f94d710291ca6d8d5d7d5274ca9c8f3c3cde963b45b84630cf3d5ab281cb70aa2efdbfbfed5f5e7705b3b27a8773147d0a221f8bbfae49e1f1f8ba014f03986ce43c38934d51c74a95088df6dadca20d9704e90c1cc65432600f37de6720b9db503c297f6315017035bd674ed406354955c3302f025a8e0d005f880b0b9fa1b1fc88e7638f17b259a67da8905e0c2869fae54b51065accef74f55292b107df85cb673b8e20ca753b2988559c9019c39b68b2807935f986bf28da4fcfdf7b00aed5eb67b42190675c7feee8f4453e2bd9536109486fc8a9b6aed7dc2d365a19cc33bfc5921651621ae3e366a0ab6aa8a371d24c0aeb65669679751cd6b1cc69df1b38d7bfc5b1fd2b9fd172d59643b53dad633cac59953447ee45cb0e822a47da15f66df646a543fa64ea98d784c6d16fb0ead7741e765984316c319a7f6632beead3577d46b017bcb297fc642da5c6b987dbc0e8bd63f7c955d9e1afbd1739609d27cf22a4142108879d50de87d2da19ea935e724f357d7d52ddbee515776de5c555f27abc50296a5d0f15e626602d85e0d269f6390fffde26f972d149c7f2633736c53c8f28bf8dd09277b1ee245978cbcb7b3070475ee80b01b305271e6704dc20c367c5a35c1b366877fd56c7fc4e5e3a3955f253c6fa4213328b63bace2c168d802dae37f702562b513c25caa22ed85c9227cf173a4ced1cef9406147a8d8a166325a5325ce701ab6bf1670d2b38927190176696e9bc3b4a4fa1b65078b879ea34ade89df52d1b01917296bf5f83bf4638fcfd3fa6624f89e6545fde10f82e952484b81ba02213ea6e3409f40d7618d839aca4bd0512ee48cc7a82d60acff6f8de52b31af14536b84eac3c4c53663f336304daea54e045d25fd2aa088d09079a434bc19dbc73211558466829f46807e4d1a218f6322b53171064f9bedd11b21965b758005a84d6b4f04dbdebd589681032d1f2e36b2f8d1870eee2a7ffa9a4f54aee5571b794a57240971b5c67ccd81c4fc5c253b05c6ace63839d0879f8c735adb86db4ad7d67eaa390879c24b91151de96887b177bf7a8be1243f5506d9603eab2e2444253c542a98fadd9afe3301a8fa92f2be185b1517b3b6c67ac0123fa25b1a7ddf3699b143e84dfe239cc198332a4768254a404e73ed7dcb07b833384d85f4e5f5a8a55a63a81bf087192ca6a901ffa2ea2199730c1200073d328bee0880f5ea1d894e4612e52be3803b82323a537e7e762df8b01b6d0d68416696c9d39b9ba2ee4b9dadeb9e4a98b783de3df1e51c22b11edef62bfd7ac9ae8df4b6f52286230a2f4c35f7b4e0ab07854fd8302131b4fc9b06eb854bd64e74c72a13742e6f613fbe2ccdde708c1bcb1ea3d03678a23c2ef0a725467560e79322d12ca96fc25fbbe1d6b70a499e3ba8e6ac", 0x1000, 0x5}], 0x800001, &(0x7f0000001880)={[{@jqfmt_vfsold='jqfmt=vfsold'}, {@minixdf='minixdf'}, {@minixdf='minixdf'}, {@grpid='grpid'}, {@nouid32='nouid32'}, {@barrier_val={'barrier', 0x3d, 0xb0}}], [{@fsmagic={'fsmagic'}}, {@fsmagic={'fsmagic', 0x3d, 0x9}}]}) [ 834.669671] FAULT_INJECTION: forcing a failure. [ 834.669671] name failslab, interval 1, probability 0, space 0, times 0 [ 834.689588] CPU: 0 PID: 29181 Comm: syz-executor3 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 834.698247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 834.707610] Call Trace: [ 834.710226] dump_stack+0x244/0x3ab [ 834.713879] ? dump_stack_print_info.cold.2+0x52/0x52 [ 834.719094] should_fail.cold.4+0xa/0x17 [ 834.719116] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 834.719133] ? dput.part.25+0x241/0x860 [ 834.719164] ? lock_downgrade+0x900/0x900 [ 834.728368] ? mark_held_locks+0x130/0x130 [ 834.728389] ? mnt_get_count+0x150/0x150 [ 834.728417] ? fs_reclaim_acquire+0x20/0x20 [ 834.728444] ? lock_downgrade+0x900/0x900 [ 834.728465] ? lock_acquire+0x1ed/0x520 [ 834.757298] ? perf_trace_sched_process_exec+0x860/0x860 [ 834.759163] cgroup: fork rejected by pids controller in [ 834.762782] ? trace_hardirqs_on+0xbd/0x310 [ 834.762803] __should_failslab+0x124/0x180 [ 834.762844] should_failslab+0x9/0x14 [ 834.762872] __kmalloc+0x2e0/0x760 [ 834.762899] ? __local_bh_enable_ip+0x160/0x260 [ 834.762921] ? hci_sock_sendmsg+0xb91/0x26d0 [ 834.768570] /syz2 [ 834.772685] hci_sock_sendmsg+0xb91/0x26d0 [ 834.799606] ? hci_send_to_channel+0x50/0x50 [ 834.799628] ? aa_sock_msg_perm.isra.14+0xba/0x160 [ 834.799647] ? apparmor_socket_sendmsg+0x29/0x30 [ 834.799669] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 834.819305] ? security_socket_sendmsg+0x94/0xc0 [ 834.824070] ? hci_send_to_channel+0x50/0x50 [ 834.828494] sock_sendmsg+0xd5/0x120 [ 834.832220] sock_write_iter+0x35e/0x5c0 [ 834.836299] ? sock_sendmsg+0x120/0x120 [ 834.840294] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 834.845841] ? iov_iter_init+0xc2/0x1e0 [ 834.849829] __vfs_write+0x6b8/0x9f0 [ 834.853570] ? kernel_read+0x120/0x120 [ 834.857483] ? apparmor_path_rmdir+0x30/0x30 [ 834.861902] ? lock_release+0xa10/0xa10 [ 834.865914] ? check_preemption_disabled+0x48/0x200 [ 834.870953] ? apparmor_file_permission+0x24/0x30 [ 834.875844] ? rw_verify_area+0x118/0x360 [ 834.880008] vfs_write+0x1fc/0x560 [ 834.883565] ksys_write+0x101/0x260 [ 834.887208] ? __ia32_sys_read+0xb0/0xb0 [ 834.891305] ? trace_hardirqs_off_caller+0x300/0x300 [ 834.896428] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 834.901980] __x64_sys_write+0x73/0xb0 [ 834.905881] do_syscall_64+0x1b9/0x820 [ 834.909780] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 834.915168] ? syscall_return_slowpath+0x5e0/0x5e0 [ 834.920124] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 834.924978] ? trace_hardirqs_on_caller+0x310/0x310 [ 834.930004] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 834.935034] ? prepare_exit_to_usermode+0x291/0x3b0 [ 834.940088] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 834.944957] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 834.950174] RIP: 0033:0x457519 [ 834.953397] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 834.972324] RSP: 002b:00007f9349bdec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 834.980041] RAX: ffffffffffffffda RBX: 00007f9349bdec90 RCX: 0000000000457519 [ 834.987313] RDX: 0000000000000020 RSI: 0000000020000080 RDI: 0000000000000005 [ 834.994590] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 835.001866] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9349bdf6d4 [ 835.009142] R13: 00000000004cb488 R14: 00000000004d8af0 R15: 0000000000000006 02:11:08 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x345, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:08 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:08 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uhid\x00', 0x2, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00', 'syz1\x00', 'syz0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00UO\x00', &(0x7f0000000040)=""/11, 0xfd98, 0x2}, 0x248) write$UHID_CREATE(r0, &(0x7f0000000200)={0x0, 'syz0\x00', "73797a31000000000000000000000000000000000000000000000000000000000000000000ef5600", 'syz0\x00', &(0x7f0000000340)=""/133, 0x85}, 0x120) 02:11:08 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x150, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0x70, 0xc0}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x1c8) 02:11:08 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:08 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x3c6, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:08 executing program 3 (fault-call:5 fault-nth:1): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) [ 835.457614] FAULT_INJECTION: forcing a failure. [ 835.457614] name failslab, interval 1, probability 0, space 0, times 0 [ 835.494445] CPU: 1 PID: 29214 Comm: syz-executor3 Not tainted 4.19.0-rc7-next-20181011+ #92 02:11:08 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(0xffffffffffffffff, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:08 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x334, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) [ 835.502978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 835.512337] Call Trace: [ 835.514950] dump_stack+0x244/0x3ab [ 835.518624] ? dump_stack_print_info.cold.2+0x52/0x52 [ 835.523844] should_fail.cold.4+0xa/0x17 [ 835.527923] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 835.533042] ? kasan_check_read+0x11/0x20 [ 835.537224] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 835.542550] ? rcu_softirq_qs+0x20/0x20 [ 835.546559] ? unwind_dump+0x190/0x190 [ 835.550496] ? is_bpf_text_address+0xd3/0x170 [ 835.551228] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 835.555043] ? kernel_text_address+0x79/0xf0 [ 835.555059] ? __kernel_text_address+0xd/0x40 [ 835.555098] ? unwind_get_return_address+0x61/0xa0 [ 835.555129] ? __save_stack_trace+0x8d/0xf0 [ 835.577892] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 835.580000] ? save_stack+0xa9/0xd0 [ 835.580019] ? save_stack+0x43/0xd0 [ 835.593924] ? kasan_kmalloc+0xc7/0xe0 [ 835.597826] ? __kmalloc+0x15b/0x760 [ 835.601567] ? hci_sock_sendmsg+0xb91/0x26d0 02:11:08 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(0xffffffffffffffff, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) [ 835.606026] ? sock_sendmsg+0xd5/0x120 [ 835.609924] ? sock_write_iter+0x35e/0x5c0 [ 835.614175] ? __vfs_write+0x6b8/0x9f0 [ 835.618120] ? vfs_write+0x1fc/0x560 [ 835.619279] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 835.621839] ? ksys_write+0x101/0x260 [ 835.621856] ? __x64_sys_write+0x73/0xb0 [ 835.621878] ? do_syscall_64+0x1b9/0x820 [ 835.640500] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 835.645897] __should_failslab+0x124/0x180 [ 835.650352] should_failslab+0x9/0x14 [ 835.654179] kmem_cache_alloc_node+0x56/0x730 02:11:08 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x12e, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) [ 835.658720] ? iov_iter_advance+0x315/0x1370 [ 835.663009] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 835.663146] ? perf_trace_sched_process_exec+0x860/0x860 [ 835.675284] __alloc_skb+0x114/0x770 [ 835.679026] ? netdev_alloc_frag+0x1f0/0x1f0 [ 835.683699] ? copyin+0xb7/0x100 [ 835.687079] ? _copy_from_iter_full+0x2b8/0xc20 [ 835.691762] ? kasan_kmalloc+0xc7/0xe0 [ 835.695668] ? iov_iter_advance+0x1370/0x1370 [ 835.696494] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 835.700194] ? __local_bh_enable_ip+0x160/0x260 [ 835.700222] ? hci_sock_sendmsg+0xb91/0x26d0 [ 835.715964] hci_sock_sendmsg+0x1b31/0x26d0 [ 835.720308] ? hci_send_to_channel+0x50/0x50 [ 835.724734] ? aa_sock_msg_perm.isra.14+0xba/0x160 [ 835.729692] ? apparmor_socket_sendmsg+0x29/0x30 [ 835.734473] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 835.740022] ? security_socket_sendmsg+0x94/0xc0 [ 835.744327] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 835.744799] ? hci_send_to_channel+0x50/0x50 [ 835.755872] sock_sendmsg+0xd5/0x120 [ 835.759613] sock_write_iter+0x35e/0x5c0 [ 835.763705] ? sock_sendmsg+0x120/0x120 [ 835.767712] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 835.773261] ? iov_iter_init+0xc2/0x1e0 [ 835.775017] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 835.777267] __vfs_write+0x6b8/0x9f0 [ 835.777292] ? kernel_read+0x120/0x120 [ 835.791587] ? apparmor_path_rmdir+0x30/0x30 [ 835.796013] ? lock_release+0xa10/0xa10 [ 835.800007] ? check_preemption_disabled+0x48/0x200 [ 835.804258] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 835.805039] ? apparmor_file_permission+0x24/0x30 [ 835.816576] ? rw_verify_area+0x118/0x360 [ 835.820745] vfs_write+0x1fc/0x560 [ 835.824318] ksys_write+0x101/0x260 [ 835.827995] ? __ia32_sys_read+0xb0/0xb0 [ 835.832080] ? trace_hardirqs_off_caller+0x300/0x300 [ 835.832130] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 835.837211] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 835.837238] __x64_sys_write+0x73/0xb0 [ 835.837272] do_syscall_64+0x1b9/0x820 [ 835.857256] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 835.862638] ? syscall_return_slowpath+0x5e0/0x5e0 [ 835.867585] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 835.872402] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 835.872456] ? trace_hardirqs_on_caller+0x310/0x310 [ 835.884180] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 835.889255] ? prepare_exit_to_usermode+0x291/0x3b0 [ 835.894310] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 835.896078] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 835.899165] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 835.899183] RIP: 0033:0x457519 [ 835.914244] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 835.930663] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 835.933151] RSP: 002b:00007f9349bdec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 835.933170] RAX: ffffffffffffffda RBX: 00007f9349bdec90 RCX: 0000000000457519 [ 835.933180] RDX: 0000000000000020 RSI: 0000000020000080 RDI: 0000000000000005 [ 835.933188] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 835.933210] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9349bdf6d4 [ 835.952356] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 835.954839] R13: 00000000004cb488 R14: 00000000004d8af0 R15: 0000000000000006 [ 835.962131] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.046680] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.054353] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.062097] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.071066] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.100725] EXT4-fs (sda1): re-mounted. Opts: noblock_validity,grpid,usrquota,errors=continue,jqfmt=vfsv0,,errors=continue [ 836.111975] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.118869] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.126057] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.131397] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.136032] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.146693] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.152244] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.160228] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.160520] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.167336] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.175565] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.180619] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 02:11:09 executing program 1: ioctl(0xffffffffffffffff, 0x890f, &(0x7f0000000280)="025cc80700145f8f764070") r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0xffffffffffffff00, 0x80) getsockopt$IP_VS_SO_GET_INFO(r0, 0x0, 0x481, &(0x7f0000000040), &(0x7f0000000080)=0xc) prctl$setmm(0x23, 0xa, &(0x7f0000011000/0x2000)=nil) prctl$setmm(0x23, 0xb, &(0x7f0000012000/0x3000)=nil) 02:11:09 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(0xffffffffffffffff, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:09 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x1a8, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) [ 836.209322] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.213359] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.222786] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.229571] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.244121] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.246406] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.251771] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.267628] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.275651] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.276692] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.283009] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.294637] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.317223] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.317762] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.327356] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.337327] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.348798] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.354854] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.360792] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.367961] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.370174] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.389576] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.396447] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.396653] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.403565] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.414142] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.416650] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.432644] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.434137] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.443722] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.453401] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.457007] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.461040] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.473597] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.474064] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.486944] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.487686] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.496453] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.500740] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.507166] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.514125] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.520507] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.527596] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.533941] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.540882] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.547636] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.554722] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.560990] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.568014] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.574538] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.581202] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.588094] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.595523] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.601288] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.608298] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.614725] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.621407] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.628074] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.635804] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.641512] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.648516] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.655462] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.662252] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.668927] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.676548] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.682372] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.689537] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.695735] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.702855] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.709159] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.716175] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.722566] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.729328] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.736048] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.743810] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.749459] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.756477] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.762892] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.769584] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.776321] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.783878] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.789660] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.796725] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.803093] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.809824] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.816534] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.824210] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.829988] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.837036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.843386] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.850151] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.856863] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.864529] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.870309] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.877411] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.883779] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.890527] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.897265] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.905119] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.910651] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.917806] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.924156] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.930901] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.937610] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.945488] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.951011] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.958216] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.964492] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.971222] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.977928] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.985661] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 836.991352] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 836.998515] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.004835] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.011607] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.018290] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.025954] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.031810] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.038997] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.045350] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.052073] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.058820] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.066594] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.072360] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.079296] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.085741] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.092849] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.099256] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.106377] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.112762] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.119517] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.126230] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.133964] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.139629] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.146730] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.155665] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.160153] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.166430] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.175378] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.179778] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.187566] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.199954] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.204530] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.209914] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.214109] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.226900] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.227387] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.233744] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.244105] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.247270] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.254184] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.260516] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.267553] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.274006] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.283328] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.289172] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.294331] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.301538] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.314245] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.316377] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.320931] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.320958] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.330612] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.338034] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.350914] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.354718] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.361627] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.368161] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.375059] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.381592] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.388570] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.395052] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.402021] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.408411] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.415337] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.421866] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.428747] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.435325] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.442031] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.448643] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.455636] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.462039] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.468951] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.475502] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.482329] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.488810] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.495759] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.502185] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.509079] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.515611] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.522455] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.528967] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.535846] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.542332] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.549002] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.555715] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.562668] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.569166] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.577439] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.582634] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.589531] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.596039] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.602915] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.609438] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.616403] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.622852] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.629742] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.636226] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.643089] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.649586] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.656597] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.663014] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.669882] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.676398] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.683275] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.689762] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.696669] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.703237] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.710176] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.716603] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.723560] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.730036] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.737006] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.743456] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.750312] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.756818] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.763823] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.770312] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.777241] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.783748] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.790529] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 837.797103] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.810516] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.817391] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.824215] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.830896] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 837.837753] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz0] on syz1 [ 837.848275] hid-generic 0000:0000:0000.0005: hidraw1: HID v0.00 Device [syz0] on syz1 02:11:10 executing program 3 (fault-call:5 fault-nth:2): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) 02:11:10 executing program 2 (fault-call:3 fault-nth:0): ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:10 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:10 executing program 4: r0 = syz_open_dev$admmidi(&(0x7f0000000d40)='/dev/admmidi#\x00', 0x0, 0x80000) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000100)={0x0, 0xd, "14ecf0d813e228e11afadfdb28"}, &(0x7f00000002c0)=0x15) ioctl$TIOCSCTTY(r0, 0x540e, 0xdd) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000300)={r1, @in={{0x2, 0x4e22, @rand_addr=0x1}}, 0x4, 0x1}, 0x90) syz_mount_image$btrfs(&(0x7f0000000140)='btrfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000e80)}], 0x1200000, &(0x7f0000000940)) syz_mount_image$ntfs(&(0x7f0000000040)='ntfs\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f00000001c0)=ANY=[]) ioctl$KVM_SET_GUEST_DEBUG(r0, 0x4048ae9b, &(0x7f0000000240)={0x80002, 0x0, [0x1000, 0x10001, 0x1, 0x88b, 0x1, 0xfffffffffffffffa, 0x33f2, 0x8]}) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000c40)={&(0x7f00000008c0)=@abs={0x1}, 0x6e, &(0x7f0000000c00)=[{&(0x7f0000000bc0)}], 0x1}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$overlay(0x404000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65302c776f726b6469723d2e2f66696c65315c004910aefb9e0b9b2fa7f99b47f9f78246f4e0e4234b9f9e3a90cdec3d447b431fe398f25fd93649666e64b8f0543d3a8a533dc85ae9940dc676ec4d199dbb4c779599f66c7549da9267"]) 02:11:10 executing program 1: r0 = socket$unix(0x2, 0x40000000002, 0x88) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x101142, 0x0) r2 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) write$binfmt_aout(r1, &(0x7f0000000140)=ANY=[@ANYPTR64=&(0x7f0000000100)=ANY=[@ANYPTR, @ANYRESDEC=r0]], 0x3) sendfile(r0, r2, &(0x7f00000000c0), 0xffff) connect$unix(r0, &(0x7f0000000000)=@abs, 0x6e) sendfile(r0, r2, &(0x7f0000000180), 0xad37) 02:11:10 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x168, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) [ 837.955356] audit: type=1804 audit(1539310270.976:488): pid=29276 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor1" name="/root/syzkaller-testdir064090159/syzkaller.6xB25n/954/file0" dev="sda1" ino=16583 res=1 [ 837.983208] FAULT_INJECTION: forcing a failure. [ 837.983208] name failslab, interval 1, probability 0, space 0, times 0 02:11:11 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x2, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b70000000000018abfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000012d400300000000002706000001ed00001c140000000000006f460000000000006b0a00fe00000000850000002e000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00'}, 0x48) 02:11:11 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) [ 837.992256] audit: type=1804 audit(1539310270.986:489): pid=29278 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor1" name="/root/syzkaller-testdir064090159/syzkaller.6xB25n/954/file0" dev="sda1" ino=16583 res=1 [ 837.995462] FAULT_INJECTION: forcing a failure. [ 837.995462] name failslab, interval 1, probability 0, space 0, times 0 [ 838.053977] CPU: 1 PID: 29279 Comm: syz-executor3 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 838.062519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 838.071889] Call Trace: [ 838.074507] dump_stack+0x244/0x3ab [ 838.078159] ? dump_stack_print_info.cold.2+0x52/0x52 [ 838.082564] audit: type=1804 audit(1539310270.986:490): pid=29276 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor1" name="/root/syzkaller-testdir064090159/syzkaller.6xB25n/954/file0" dev="sda1" ino=16583 res=1 [ 838.083380] should_fail.cold.4+0xa/0x17 [ 838.083404] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 838.116473] ? __save_stack_trace+0x8d/0xf0 [ 838.118578] overlayfs: failed to resolve './file1': -2 [ 838.120818] ? save_stack+0xa9/0xd0 [ 838.120832] ? save_stack+0x43/0xd0 [ 838.120845] ? kasan_kmalloc+0xc7/0xe0 [ 838.120859] ? kasan_slab_alloc+0x12/0x20 [ 838.120883] ? kmem_cache_alloc_node+0x144/0x730 [ 838.146216] ? __alloc_skb+0x114/0x770 [ 838.150116] ? hci_sock_sendmsg+0x1b31/0x26d0 02:11:11 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) [ 838.154621] ? sock_sendmsg+0xd5/0x120 [ 838.158528] ? sock_write_iter+0x35e/0x5c0 [ 838.162775] ? __vfs_write+0x6b8/0x9f0 [ 838.166681] ? vfs_write+0x1fc/0x560 [ 838.170399] ? ksys_write+0x101/0x260 [ 838.174235] ? __x64_sys_write+0x73/0xb0 [ 838.178311] ? do_syscall_64+0x1b9/0x820 [ 838.182383] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 838.187769] ? kernel_text_address+0x79/0xf0 [ 838.192188] ? __kernel_text_address+0xd/0x40 [ 838.196700] ? unwind_get_return_address+0x61/0xa0 02:11:11 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x0) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) [ 838.201644] ? __save_stack_trace+0x8d/0xf0 [ 838.205981] ? save_stack+0xa9/0xd0 [ 838.209625] __should_failslab+0x124/0x180 [ 838.213867] should_failslab+0x9/0x14 [ 838.217682] kmem_cache_alloc_node_trace+0x5a/0x740 [ 838.222705] ? kasan_unpoison_shadow+0x35/0x50 [ 838.227313] ? kasan_kmalloc+0xc7/0xe0 [ 838.231233] ? check_preemption_disabled+0x48/0x200 [ 838.236290] __kmalloc_node_track_caller+0x3c/0x70 [ 838.241263] __kmalloc_reserve.isra.40+0x41/0xe0 [ 838.246046] __alloc_skb+0x150/0x770 [ 838.249775] ? netdev_alloc_frag+0x1f0/0x1f0 [ 838.254197] ? copyin+0xb7/0x100 [ 838.257588] ? _copy_from_iter_full+0x2b8/0xc20 [ 838.262284] ? kasan_kmalloc+0xc7/0xe0 [ 838.266234] ? iov_iter_advance+0x1370/0x1370 [ 838.270751] ? __local_bh_enable_ip+0x160/0x260 [ 838.275462] ? hci_sock_sendmsg+0xb91/0x26d0 [ 838.279888] hci_sock_sendmsg+0x1b31/0x26d0 [ 838.284229] ? hci_send_to_channel+0x50/0x50 [ 838.288652] ? aa_sock_msg_perm.isra.14+0xba/0x160 [ 838.293591] ? apparmor_socket_sendmsg+0x29/0x30 [ 838.298366] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 02:11:11 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x0) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) [ 838.303915] ? security_socket_sendmsg+0x94/0xc0 [ 838.308682] ? hci_send_to_channel+0x50/0x50 [ 838.313100] sock_sendmsg+0xd5/0x120 [ 838.316826] sock_write_iter+0x35e/0x5c0 [ 838.320901] ? sock_sendmsg+0x120/0x120 [ 838.324894] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 838.330452] ? iov_iter_init+0xc2/0x1e0 [ 838.334465] __vfs_write+0x6b8/0x9f0 [ 838.338194] ? kernel_read+0x120/0x120 [ 838.342102] ? apparmor_path_rmdir+0x30/0x30 [ 838.346519] ? lock_release+0xa10/0xa10 [ 838.350507] ? check_preemption_disabled+0x48/0x200 [ 838.355539] ? apparmor_file_permission+0x24/0x30 [ 838.360400] ? rw_verify_area+0x118/0x360 [ 838.364575] vfs_write+0x1fc/0x560 [ 838.368126] ksys_write+0x101/0x260 [ 838.371765] ? __ia32_sys_read+0xb0/0xb0 [ 838.375855] ? trace_hardirqs_off_caller+0x300/0x300 [ 838.380972] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 838.386534] __x64_sys_write+0x73/0xb0 [ 838.390446] do_syscall_64+0x1b9/0x820 [ 838.394371] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 838.399741] ? syscall_return_slowpath+0x5e0/0x5e0 02:11:11 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x0) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) [ 838.404675] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 838.409528] ? trace_hardirqs_on_caller+0x310/0x310 [ 838.414585] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 838.419647] ? prepare_exit_to_usermode+0x291/0x3b0 [ 838.424683] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 838.429539] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 838.434739] RIP: 0033:0x457519 [ 838.437972] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 838.456884] RSP: 002b:00007f9349bdec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 838.464617] RAX: ffffffffffffffda RBX: 00007f9349bdec90 RCX: 0000000000457519 [ 838.471896] RDX: 0000000000000020 RSI: 0000000020000080 RDI: 0000000000000005 [ 838.479169] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 838.486450] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9349bdf6d4 [ 838.493725] R13: 00000000004cb488 R14: 00000000004d8af0 R15: 0000000000000006 [ 838.501023] CPU: 0 PID: 29275 Comm: syz-executor2 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 838.509543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 838.518899] Call Trace: [ 838.521500] dump_stack+0x244/0x3ab [ 838.525167] ? dump_stack_print_info.cold.2+0x52/0x52 [ 838.530373] ? lock_downgrade+0x900/0x900 [ 838.534534] should_fail.cold.4+0xa/0x17 [ 838.538600] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 838.543957] ? release_sock+0x1ec/0x2c0 [ 838.547957] ? release_sock+0x1ec/0x2c0 [ 838.551994] ? __local_bh_enable_ip+0x160/0x260 [ 838.556679] ? nf_sockopt_find.constprop.0+0x2d/0x290 [ 838.561891] ? lock_release+0xa10/0xa10 [ 838.565876] ? perf_trace_sched_process_exec+0x860/0x860 [ 838.571349] ? do_ip_setsockopt.isra.14+0x2e7/0x3e40 [ 838.576473] ? fs_reclaim_acquire+0x20/0x20 [ 838.580816] ? lock_downgrade+0x900/0x900 [ 838.584971] ? perf_trace_sched_process_exec+0x860/0x860 [ 838.584990] ? mutex_trylock+0x2b0/0x2b0 [ 838.585009] __should_failslab+0x124/0x180 [ 838.585024] should_failslab+0x9/0x14 [ 838.585041] kmem_cache_alloc_node_trace+0x270/0x740 [ 838.585062] ? __might_fault+0x12b/0x1e0 [ 838.611750] __get_vm_area_node+0x130/0x3a0 [ 838.616101] __vmalloc_node_range+0xc4/0x750 [ 838.620521] ? do_replace+0x23b/0x4c0 [ 838.624330] ? do_replace+0x23b/0x4c0 [ 838.628135] vmalloc+0x6f/0x80 [ 838.631338] ? do_replace+0x23b/0x4c0 [ 838.635143] do_replace+0x23b/0x4c0 [ 838.638787] ? apparmor_cred_transfer+0x590/0x590 [ 838.643638] ? do_replace_finish+0x2940/0x2940 [ 838.648248] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 838.654013] ? ns_capable_common+0x13f/0x170 [ 838.658451] do_ebt_set_ctl+0xe7/0x110 [ 838.662351] nf_setsockopt+0x7d/0xd0 [ 838.666089] ip_setsockopt+0xd8/0xf0 [ 838.669805] tcp_setsockopt+0x93/0xe0 [ 838.673611] sock_common_setsockopt+0x9a/0xe0 [ 838.678117] __sys_setsockopt+0x1ba/0x3c0 [ 838.682272] ? kernel_accept+0x310/0x310 [ 838.686359] ? ksys_write+0x1ae/0x260 [ 838.690175] ? trace_hardirqs_on+0xbd/0x310 [ 838.694542] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 838.699916] ? trace_hardirqs_off_caller+0x300/0x300 [ 838.705027] __x64_sys_setsockopt+0xbe/0x150 [ 838.709452] do_syscall_64+0x1b9/0x820 [ 838.713347] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 838.718725] ? syscall_return_slowpath+0x5e0/0x5e0 [ 838.723658] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 838.728512] ? trace_hardirqs_on_caller+0x310/0x310 [ 838.733547] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 838.738589] ? prepare_exit_to_usermode+0x291/0x3b0 [ 838.743613] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 838.748467] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 838.753653] RIP: 0033:0x457519 [ 838.756846] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 838.775753] RSP: 002b:00007f6796dcdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 838.783487] RAX: ffffffffffffffda RBX: 00007f6796dcdc90 RCX: 0000000000457519 [ 838.790778] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000003 [ 838.798051] RBP: 000000000072bf00 R08: 0000000000000210 R09: 0000000000000000 02:11:11 executing program 3 (fault-call:5 fault-nth:3): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) [ 838.805330] R10: 0000000020000700 R11: 0000000000000246 R12: 00007f6796dce6d4 [ 838.812600] R13: 00000000004c39ca R14: 00000000004d5a18 R15: 0000000000000004 [ 838.843602] syz-executor2: vmalloc: allocation failure: 256 bytes, mode:0x6000c0(GFP_KERNEL), nodemask=(null) [ 838.856476] ntfs: (device loop4): parse_options(): Unrecognized mount option upperdir. [ 838.891770] syz-executor2 cpuset=syz2 mems_allowed=0 [ 838.892403] FAULT_INJECTION: forcing a failure. [ 838.892403] name failslab, interval 1, probability 0, space 0, times 0 [ 838.897374] CPU: 0 PID: 29275 Comm: syz-executor2 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 838.916725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 838.926097] Call Trace: [ 838.928716] dump_stack+0x244/0x3ab [ 838.932375] ? dump_stack_print_info.cold.2+0x52/0x52 [ 838.937620] warn_alloc.cold.119+0xb7/0x1bd [ 838.941960] ? zone_watermark_ok_safe+0x3f0/0x3f0 [ 838.946814] ? kasan_kmalloc+0x9b/0xe0 [ 838.950747] ? __might_fault+0x12b/0x1e0 [ 838.954821] ? __get_vm_area_node+0x2e5/0x3a0 [ 838.959331] __vmalloc_node_range+0x472/0x750 [ 838.963843] ? do_replace+0x23b/0x4c0 [ 838.967653] vmalloc+0x6f/0x80 [ 838.970853] ? do_replace+0x23b/0x4c0 [ 838.974661] do_replace+0x23b/0x4c0 [ 838.978297] ? apparmor_cred_transfer+0x590/0x590 [ 838.983154] ? do_replace_finish+0x2940/0x2940 [ 838.987758] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 838.993312] ? ns_capable_common+0x13f/0x170 [ 838.997747] do_ebt_set_ctl+0xe7/0x110 [ 839.001658] nf_setsockopt+0x7d/0xd0 [ 839.005388] ip_setsockopt+0xd8/0xf0 [ 839.009128] tcp_setsockopt+0x93/0xe0 [ 839.012971] sock_common_setsockopt+0x9a/0xe0 [ 839.017498] __sys_setsockopt+0x1ba/0x3c0 [ 839.021657] ? kernel_accept+0x310/0x310 [ 839.025762] ? ksys_write+0x1ae/0x260 [ 839.029572] ? trace_hardirqs_on+0xbd/0x310 [ 839.032716] ntfs: (device loop4): parse_options(): Unrecognized mount option lowerdir. [ 839.033906] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 839.033924] ? trace_hardirqs_off_caller+0x300/0x300 [ 839.033949] __x64_sys_setsockopt+0xbe/0x150 [ 839.042004] ntfs: (device loop4): parse_options(): Unrecognized mount option workdir. [ 839.047408] do_syscall_64+0x1b9/0x820 [ 839.047439] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 839.047459] ? syscall_return_slowpath+0x5e0/0x5e0 [ 839.047472] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 839.047496] ? trace_hardirqs_on_caller+0x310/0x310 [ 839.047521] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 839.047544] ? prepare_exit_to_usermode+0x291/0x3b0 [ 839.099032] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 839.103887] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 839.109083] RIP: 0033:0x457519 [ 839.112281] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 839.131205] RSP: 002b:00007f6796dcdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 839.138927] RAX: ffffffffffffffda RBX: 00007f6796dcdc90 RCX: 0000000000457519 [ 839.146202] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000003 [ 839.153474] RBP: 000000000072bf00 R08: 0000000000000210 R09: 0000000000000000 [ 839.160745] R10: 0000000020000700 R11: 0000000000000246 R12: 00007f6796dce6d4 [ 839.168012] R13: 00000000004c39ca R14: 00000000004d5a18 R15: 0000000000000004 [ 839.176200] CPU: 0 PID: 29313 Comm: syz-executor3 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 839.184712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 839.194060] Call Trace: [ 839.196692] dump_stack+0x244/0x3ab [ 839.200351] ? dump_stack_print_info.cold.2+0x52/0x52 [ 839.205554] should_fail.cold.4+0xa/0x17 [ 839.209615] ? __kernel_text_address+0xd/0x40 [ 839.214110] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 839.219215] ? __save_stack_trace+0x8d/0xf0 [ 839.223552] ? mark_held_locks+0x130/0x130 [ 839.227786] ? save_stack+0x43/0xd0 [ 839.231432] ? __kasan_slab_free+0x102/0x150 [ 839.235840] ? kasan_slab_free+0xe/0x10 [ 839.239815] ? kmem_cache_free+0x83/0x290 [ 839.243974] ? kfree_skbmem+0x154/0x230 [ 839.247963] ? kfree_skb+0x1be/0x580 [ 839.251677] ? hci_sock_sendmsg+0x1e22/0x26d0 [ 839.256176] ? sock_sendmsg+0xd5/0x120 [ 839.260075] ? sock_write_iter+0x35e/0x5c0 [ 839.264328] ? __vfs_write+0x6b8/0x9f0 [ 839.268219] ? vfs_write+0x1fc/0x560 [ 839.271932] ? ksys_write+0x101/0x260 [ 839.275746] ? __x64_sys_write+0x73/0xb0 [ 839.279842] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 839.285231] ? fs_reclaim_acquire+0x20/0x20 [ 839.289559] ? lock_downgrade+0x900/0x900 [ 839.293721] ? trace_hardirqs_on+0xbd/0x310 [ 839.298053] ? perf_trace_sched_process_exec+0x860/0x860 [ 839.303509] ? trace_hardirqs_on+0x310/0x310 [ 839.307925] ? debug_check_no_obj_freed+0x305/0x58d [ 839.312947] ? check_preemption_disabled+0x48/0x200 [ 839.317968] __should_failslab+0x124/0x180 [ 839.322204] should_failslab+0x9/0x14 [ 839.326006] kmem_cache_alloc_node+0x26e/0x730 [ 839.330591] ? __kasan_slab_free+0x119/0x150 [ 839.335008] __alloc_skb+0x114/0x770 [ 839.338730] ? kfree_skbmem+0x10b/0x230 [ 839.342715] ? netdev_alloc_frag+0x1f0/0x1f0 [ 839.347151] ? refcount_inc_not_zero_checked+0x1e5/0x2f0 [ 839.352614] ? hci_dev_get+0x10c/0x150 [ 839.356505] ? lock_downgrade+0x900/0x900 [ 839.360658] ? lock_release+0xa10/0xa10 [ 839.364638] ? __kfree_skb+0x20/0x20 [ 839.368358] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 839.373900] mgmt_cmd_status+0x39/0x460 [ 839.377881] hci_sock_sendmsg+0x1e47/0x26d0 [ 839.382205] ? hci_send_to_channel+0x50/0x50 [ 839.386641] ? aa_sock_msg_perm.isra.14+0xba/0x160 [ 839.391574] ? apparmor_socket_sendmsg+0x29/0x30 [ 839.396335] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 839.401878] ? security_socket_sendmsg+0x94/0xc0 [ 839.406652] ? hci_send_to_channel+0x50/0x50 [ 839.411118] sock_sendmsg+0xd5/0x120 [ 839.414844] sock_write_iter+0x35e/0x5c0 [ 839.418911] ? sock_sendmsg+0x120/0x120 [ 839.422910] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 839.428456] ? iov_iter_init+0xc2/0x1e0 [ 839.432450] __vfs_write+0x6b8/0x9f0 [ 839.436180] ? kernel_read+0x120/0x120 [ 839.440090] ? apparmor_path_rmdir+0x30/0x30 [ 839.444502] ? lock_release+0xa10/0xa10 [ 839.448481] ? check_preemption_disabled+0x48/0x200 [ 839.453503] ? apparmor_file_permission+0x24/0x30 [ 839.458355] ? rw_verify_area+0x118/0x360 [ 839.462533] vfs_write+0x1fc/0x560 [ 839.466092] ksys_write+0x101/0x260 [ 839.469730] ? __ia32_sys_read+0xb0/0xb0 [ 839.473798] ? trace_hardirqs_off_caller+0x300/0x300 [ 839.478905] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 839.484470] __x64_sys_write+0x73/0xb0 [ 839.488362] do_syscall_64+0x1b9/0x820 [ 839.492253] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 839.497652] ? syscall_return_slowpath+0x5e0/0x5e0 [ 839.502595] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 839.507482] ? trace_hardirqs_on_caller+0x310/0x310 [ 839.512533] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 839.517551] ? prepare_exit_to_usermode+0x291/0x3b0 [ 839.522574] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 839.527451] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 839.532641] RIP: 0033:0x457519 [ 839.535839] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 839.554747] RSP: 002b:00007f9349bdec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 839.562461] RAX: ffffffffffffffda RBX: 00007f9349bdec90 RCX: 0000000000457519 [ 839.569733] RDX: 0000000000000020 RSI: 0000000020000080 RDI: 0000000000000005 [ 839.576999] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 839.584268] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9349bdf6d4 [ 839.591547] R13: 00000000004cb488 R14: 00000000004d8af0 R15: 0000000000000006 [ 839.602389] Mem-Info: [ 839.604991] active_anon:198559 inactive_anon:4954 isolated_anon:0 [ 839.604991] active_file:23784 inactive_file:26756 isolated_file:0 [ 839.604991] unevictable:513 dirty:321 writeback:0 unstable:0 [ 839.604991] slab_reclaimable:15106 slab_unreclaimable:106214 [ 839.604991] mapped:55239 shmem:3829 pagetables:2181 bounce:0 [ 839.604991] free:1160353 free_pcp:1001 free_cma:0 [ 839.640786] Node 0 active_anon:792072kB inactive_anon:19816kB active_file:95136kB inactive_file:107024kB unevictable:2052kB isolated(anon):0kB isolated(file):0kB mapped:220956kB dirty:1284kB writeback:0kB shmem:15316kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 212992kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 839.688816] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 839.719206] lowmem_reserve[]: 0 2820 6323 6323 [ 839.731466] Node 0 DMA32 free:2889372kB min:30060kB low:37572kB high:45084kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2890772kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:1400kB local_pcp:72kB free_cma:0kB [ 839.759553] lowmem_reserve[]: 0 0 3503 3503 [ 839.764045] Node 0 Normal free:1745236kB min:37352kB low:46688kB high:56024kB active_anon:787936kB inactive_anon:19816kB active_file:95136kB inactive_file:107024kB unevictable:2052kB writepending:1284kB present:4718592kB managed:3588076kB mlocked:2048kB kernel_stack:7616kB pagetables:8576kB bounce:0kB free_pcp:2808kB local_pcp:1472kB free_cma:0kB [ 839.764094] lowmem_reserve[]: 0 0 0 0 [ 839.802057] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 839.816144] Node 0 DMA32: 3*4kB (M) 0*8kB 1*16kB (M) 2*32kB (M) 3*64kB (M) 3*128kB (M) 4*256kB (M) 2*512kB (M) 3*1024kB (M) 2*2048kB (M) 703*4096kB (M) = 2889372kB [ 839.838565] Node 0 Normal: 731*4kB (UME) 969*8kB (UME) 585*16kB (UME) 296*32kB (UME) 950*64kB (UME) 169*128kB (UME) 22*256kB (UME) 9*512kB (UME) 11*1024kB (UME) 5*2048kB (UME) 391*4096kB (UM) = 1745220kB 02:11:12 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:12 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x119, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:12 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x800448d2, &(0x7f0000000140)) 02:11:12 executing program 1: socketpair(0x1e, 0x1, 0x0, &(0x7f0000000000)={0x0, 0x0}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) msync(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x2e6528970a575e3a) 02:11:12 executing program 3 (fault-call:5 fault-nth:4): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) 02:11:12 executing program 4: r0 = creat(&(0x7f0000000600)='./bus\x00', 0x0) ftruncate(0xffffffffffffffff, 0x8204) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x208912, &(0x7f00000001c0)) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000000), 0x4) syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) r3 = dup(r2) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000200)=0x5) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(0xffffffffffffffff, 0x40485404, &(0x7f0000000440)={{0x2, 0x0, 0x7, 0x0, 0x7fffffff}, 0x100}) bind$rds(r0, &(0x7f00000004c0)={0x2, 0x4e21}, 0x10) setsockopt$sock_int(r2, 0x1, 0x21, &(0x7f0000000240), 0x4) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000540)={0x0}, &(0x7f0000000580)=0xfffffffffffffecd) r5 = syz_open_procfs(r4, &(0x7f00000001c0)='cmdline\x00') sendfile(0xffffffffffffffff, r5, &(0x7f0000000340), 0x0) bind$inet6(r2, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) bind$inet6(r3, &(0x7f0000000500)={0xa, 0x4e23, 0x67, @ipv4={[], [], @local}, 0x2}, 0x1c) ioctl$SG_SET_COMMAND_Q(r5, 0x2271, &(0x7f0000000400)) sendto$inet6(r3, &(0x7f0000000640)="9627b0c42d25225d691cb87928d0a9d261cd15217f68253d88f914c41a90639fa9142da13108145dffec949cb4f0667eb995cb3bede73827135b7f642d605b08572e782cb0e8c0dc26377c71c15b441e92141b7b430466a370f2bcc4739bc2e1c3a1f8", 0x63, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) ioctl$KDSKBLED(0xffffffffffffffff, 0x4b65, 0x0) r6 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) write$P9_RXATTRWALK(r5, &(0x7f00000003c0)={0xf, 0x1f, 0x2, 0x6}, 0xf) ioctl$FICLONERANGE(0xffffffffffffffff, 0x4020940d, &(0x7f0000000380)) accept4$packet(0xffffffffffffffff, &(0x7f0000000280), &(0x7f00000002c0)=0x14, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000300)={'syzkaller1\x00'}) ftruncate(r6, 0x3ff) sendfile(r3, r6, &(0x7f00000005c0), 0x2008000fffffffe) [ 839.857112] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 839.866035] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 839.874649] 54375 total pagecache pages [ 839.878613] 0 pages in swap cache [ 839.882047] Swap cache stats: add 0, delete 0, find 0/0 [ 839.887439] Free swap = 0kB [ 839.890458] Total swap = 0kB [ 839.893506] 1965979 pages RAM [ 839.896623] 0 pages HighMem/MovableOnly [ 839.900576] 342290 pages reserved [ 839.904140] 0 pages cma reserved 02:11:13 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$KVM_SET_NR_MMU_PAGES(r1, 0xae44, 0x9) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000140)={0x0, @loopback, @multicast2}, &(0x7f0000000180)=0xc) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000240)=ANY=[@ANYBLOB="ff000000000000000000000002000000115c9c38643f3d00000000000000000000de0500000400000000000080200000000000000000000000000000000000fe915bdecb2ec3020206e273e64572fa23be3d97c238d88674a02dc7557ca889eebb8cc617a40c4e80a460cc62638d6cf7133dcc705303e9e9fd93cd06fb000bfcc8993f9281da8e2c6ecf"]) listen(r2, 0xfffffffffffffff7) r3 = syz_open_dev$vcsn(&(0x7f0000000100)='/dev/vcs#\x00', 0x0, 0x402081) getsockopt$inet_sctp6_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f00000001c0), &(0x7f0000000200)=0x4) ioctl$TIOCGPTPEER(r3, 0x5441, 0x9) 02:11:13 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x700, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) [ 839.962521] FAULT_INJECTION: forcing a failure. [ 839.962521] name failslab, interval 1, probability 0, space 0, times 0 [ 840.000839] CPU: 1 PID: 29333 Comm: syz-executor3 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 840.009393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 840.018777] Call Trace: [ 840.021394] dump_stack+0x244/0x3ab [ 840.025066] ? dump_stack_print_info.cold.2+0x52/0x52 [ 840.030305] should_fail.cold.4+0xa/0x17 [ 840.034385] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 840.039517] ? __save_stack_trace+0x8d/0xf0 [ 840.043864] ? save_stack+0xa9/0xd0 [ 840.047499] ? save_stack+0x43/0xd0 [ 840.051128] ? kasan_kmalloc+0xc7/0xe0 [ 840.055039] ? kasan_slab_alloc+0x12/0x20 [ 840.059219] ? kmem_cache_alloc_node+0x144/0x730 [ 840.063994] ? __alloc_skb+0x114/0x770 [ 840.067894] ? mgmt_cmd_status+0x39/0x460 [ 840.072063] ? hci_sock_sendmsg+0x1e47/0x26d0 [ 840.076574] ? sock_sendmsg+0xd5/0x120 [ 840.080477] ? sock_write_iter+0x35e/0x5c0 [ 840.084726] ? __vfs_write+0x6b8/0x9f0 [ 840.088621] ? vfs_write+0x1fc/0x560 [ 840.092355] ? ksys_write+0x101/0x260 [ 840.096178] ? do_syscall_64+0x1b9/0x820 [ 840.100263] ? fs_reclaim_acquire+0x20/0x20 [ 840.104600] ? lock_downgrade+0x900/0x900 [ 840.108752] ? ksys_write+0x101/0x260 [ 840.112570] ? perf_trace_sched_process_exec+0x860/0x860 [ 840.118036] ? lock_downgrade+0x900/0x900 [ 840.122222] __should_failslab+0x124/0x180 [ 840.126476] should_failslab+0x9/0x14 [ 840.130292] kmem_cache_alloc_node_trace+0x270/0x740 [ 840.135403] ? kasan_unpoison_shadow+0x35/0x50 [ 840.140028] ? kasan_kmalloc+0xc7/0xe0 [ 840.143934] __kmalloc_node_track_caller+0x3c/0x70 [ 840.148885] __kmalloc_reserve.isra.40+0x41/0xe0 [ 840.153657] __alloc_skb+0x150/0x770 [ 840.157377] ? kfree_skbmem+0x10b/0x230 [ 840.161364] ? netdev_alloc_frag+0x1f0/0x1f0 [ 840.165786] ? refcount_inc_not_zero_checked+0x1e5/0x2f0 [ 840.171262] ? hci_dev_get+0x10c/0x150 [ 840.175172] ? lock_downgrade+0x900/0x900 [ 840.179343] ? lock_release+0xa10/0xa10 [ 840.183357] ? __kfree_skb+0x20/0x20 [ 840.187129] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 840.192735] mgmt_cmd_status+0x39/0x460 [ 840.196737] hci_sock_sendmsg+0x1e47/0x26d0 [ 840.201089] ? hci_send_to_channel+0x50/0x50 [ 840.205513] ? aa_sock_msg_perm.isra.14+0xba/0x160 [ 840.210498] ? apparmor_socket_sendmsg+0x29/0x30 [ 840.215268] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 840.220816] ? security_socket_sendmsg+0x94/0xc0 [ 840.225586] ? hci_send_to_channel+0x50/0x50 [ 840.230008] sock_sendmsg+0xd5/0x120 [ 840.233739] sock_write_iter+0x35e/0x5c0 [ 840.237812] ? sock_sendmsg+0x120/0x120 [ 840.241805] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 840.247357] ? iov_iter_init+0xc2/0x1e0 [ 840.251352] __vfs_write+0x6b8/0x9f0 [ 840.255099] ? kernel_read+0x120/0x120 [ 840.259026] ? apparmor_path_rmdir+0x30/0x30 [ 840.263467] ? lock_release+0xa10/0xa10 [ 840.267467] ? apparmor_file_permission+0x24/0x30 [ 840.272338] ? rw_verify_area+0x118/0x360 [ 840.276531] vfs_write+0x1fc/0x560 [ 840.280091] ksys_write+0x101/0x260 [ 840.283731] ? __ia32_sys_read+0xb0/0xb0 [ 840.287814] ? trace_hardirqs_off_caller+0x300/0x300 [ 840.292944] __x64_sys_write+0x73/0xb0 [ 840.296849] do_syscall_64+0x1b9/0x820 [ 840.300752] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 840.306126] ? syscall_return_slowpath+0x5e0/0x5e0 [ 840.311064] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 840.315916] ? trace_hardirqs_on_caller+0x310/0x310 [ 840.320942] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 840.325968] ? prepare_exit_to_usermode+0x291/0x3b0 [ 840.330996] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 840.335872] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 840.341067] RIP: 0033:0x457519 [ 840.344302] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 02:11:13 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0xf3, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:13 executing program 4: mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000100)={{{@in=@broadcast, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in=@multicast1}}, &(0x7f0000000040)=0xe8) ioprio_set$uid(0x3, r1, 0x1) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/mcfilter6\x00') mount$bpf(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='bpf\x00', 0x0, &(0x7f00000003c0)) sendfile(r0, r2, &(0x7f0000000000), 0x800000080000002) 02:11:13 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x800448d2, &(0x7f0000000140)) [ 840.363245] RSP: 002b:00007f9349bdec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 840.370986] RAX: ffffffffffffffda RBX: 00007f9349bdec90 RCX: 0000000000457519 [ 840.378286] RDX: 0000000000000020 RSI: 0000000020000080 RDI: 0000000000000005 [ 840.385588] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 840.392872] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9349bdf6d4 [ 840.400155] R13: 00000000004cb488 R14: 00000000004d8af0 R15: 0000000000000006 02:11:13 executing program 3 (fault-call:5 fault-nth:5): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) 02:11:13 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x800448d2, &(0x7f0000000140)) 02:11:13 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000240)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, &(0x7f0000000000), &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000000000000000000200000000000000000000000ffffffff0000000000000000000000000012c301a8b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001900000009000000000000000000106cf4aa4ac99e8d000000006c6f00000000000000000000000000010000000000000000000000001000000000000100895fc5d400000012a85f001a4b0000000000000005000000aaaaaaaaaa000003cae1dd0000007000000070000000a0000000415544495400000006000000000000000000000000000000000000000000000008000000000000000000000000000000"]}, 0x1a8) r2 = socket$inet6(0xa, 0x100000002, 0x0) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast1, 0xd}, 0x1c) sendto$inet6(r2, &(0x7f00000002c0), 0x0, 0x0, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @dev={0xfe, 0x80, [], 0x1e}}, 0x1c) 02:11:13 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x38, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:13 executing program 0 (fault-call:10 fault-nth:0): ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) [ 840.586574] FAULT_INJECTION: forcing a failure. [ 840.586574] name failslab, interval 1, probability 0, space 0, times 0 [ 840.600343] CPU: 1 PID: 29366 Comm: syz-executor3 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 840.608880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 840.618275] Call Trace: [ 840.620898] dump_stack+0x244/0x3ab [ 840.624547] ? dump_stack_print_info.cold.2+0x52/0x52 [ 840.629757] ? is_bpf_text_address+0xd3/0x170 02:11:13 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000340)='/dev/audio\x00', 0x0, 0x0) ioctl$BLKSECTGET(r1, 0x1267, &(0x7f0000000000)) ioctl$int_in(r1, 0x8000008010500d, &(0x7f0000000200)) [ 840.629777] should_fail.cold.4+0xa/0x17 [ 840.629791] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 840.629812] ? save_stack+0xa9/0xd0 [ 840.629823] ? save_stack+0x43/0xd0 [ 840.629834] ? kasan_kmalloc+0xc7/0xe0 [ 840.629849] ? __kmalloc_node_track_caller+0x50/0x70 [ 840.629865] ? __kmalloc_reserve.isra.40+0x41/0xe0 [ 840.629878] ? __alloc_skb+0x150/0x770 [ 840.629892] ? mgmt_cmd_status+0x39/0x460 [ 840.629904] ? hci_sock_sendmsg+0x1e47/0x26d0 [ 840.629918] ? sock_sendmsg+0xd5/0x120 [ 840.629930] ? sock_write_iter+0x35e/0x5c0 [ 840.629945] ? __vfs_write+0x6b8/0x9f0 [ 840.629957] ? vfs_write+0x1fc/0x560 [ 840.629969] ? ksys_write+0x101/0x260 [ 840.629982] ? __x64_sys_write+0x73/0xb0 [ 840.629998] ? do_syscall_64+0x1b9/0x820 [ 840.630018] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 840.651370] ? fs_reclaim_acquire+0x20/0x20 [ 840.651390] ? lock_downgrade+0x900/0x900 [ 840.651411] ? ksys_write+0x101/0x260 [ 840.685992] ? trace_hardirqs_on+0xbd/0x310 [ 840.693582] ? lock_downgrade+0x900/0x900 [ 840.693599] ? __kmalloc_node_track_caller+0x3c/0x70 [ 840.693613] ? kasan_unpoison_shadow+0x35/0x50 [ 840.693626] ? kasan_kmalloc+0xc7/0xe0 [ 840.693645] __should_failslab+0x124/0x180 [ 840.749410] should_failslab+0x9/0x14 [ 840.753253] kmem_cache_alloc_node+0x56/0x730 [ 840.757761] ? kasan_kmalloc+0xc7/0xe0 [ 840.761677] __alloc_skb+0x114/0x770 [ 840.765419] ? netdev_alloc_frag+0x1f0/0x1f0 [ 840.769866] ? __alloc_skb+0x4c1/0x770 [ 840.773773] ? netdev_alloc_frag+0x1f0/0x1f0 [ 840.778212] ? refcount_inc_not_zero_checked+0x130/0x2f0 [ 840.783704] ? hci_dev_get+0x10c/0x150 [ 840.787608] ? lock_downgrade+0x900/0x900 [ 840.791772] ? lock_release+0xa10/0xa10 [ 840.795762] ? __kfree_skb+0x20/0x20 [ 840.799497] create_monitor_ctrl_event+0x43/0x3b0 [ 840.804393] ? sock_dequeue_err_skb+0x423/0x430 [ 840.809104] mgmt_cmd_status+0x2ae/0x460 [ 840.813210] hci_sock_sendmsg+0x1e47/0x26d0 [ 840.817578] ? hci_send_to_channel+0x50/0x50 [ 840.822035] ? aa_sock_msg_perm.isra.14+0xba/0x160 [ 840.827001] ? apparmor_socket_sendmsg+0x29/0x30 [ 840.831785] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 840.837338] ? security_socket_sendmsg+0x94/0xc0 [ 840.842119] ? hci_send_to_channel+0x50/0x50 [ 840.846550] sock_sendmsg+0xd5/0x120 [ 840.850281] sock_write_iter+0x35e/0x5c0 [ 840.854359] ? sock_sendmsg+0x120/0x120 [ 840.858355] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 840.863903] ? iov_iter_init+0xc2/0x1e0 [ 840.867901] __vfs_write+0x6b8/0x9f0 [ 840.871632] ? kernel_read+0x120/0x120 [ 840.875539] ? apparmor_path_rmdir+0x30/0x30 [ 840.879962] ? lock_release+0xa10/0xa10 [ 840.883949] ? check_preemption_disabled+0x48/0x200 [ 840.888991] ? apparmor_file_permission+0x24/0x30 [ 840.893872] ? rw_verify_area+0x118/0x360 [ 840.898032] vfs_write+0x1fc/0x560 [ 840.901597] ksys_write+0x101/0x260 [ 840.905246] ? __ia32_sys_read+0xb0/0xb0 [ 840.909326] ? trace_hardirqs_off_caller+0x300/0x300 [ 840.914453] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 840.920005] __x64_sys_write+0x73/0xb0 [ 840.923011] FAULT_INJECTION: forcing a failure. [ 840.923011] name failslab, interval 1, probability 0, space 0, times 0 [ 840.923910] do_syscall_64+0x1b9/0x820 [ 840.923949] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 840.944362] ? syscall_return_slowpath+0x5e0/0x5e0 [ 840.949300] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 840.954175] ? trace_hardirqs_on_caller+0x310/0x310 [ 840.959227] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 840.964259] ? prepare_exit_to_usermode+0x291/0x3b0 [ 840.969301] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 840.974157] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 840.979378] RIP: 0033:0x457519 [ 840.982605] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 841.001551] RSP: 002b:00007f9349bdec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 841.009284] RAX: ffffffffffffffda RBX: 00007f9349bdec90 RCX: 0000000000457519 [ 841.016565] RDX: 0000000000000020 RSI: 0000000020000080 RDI: 0000000000000005 [ 841.023844] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 841.031131] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9349bdf6d4 [ 841.038412] R13: 00000000004cb488 R14: 00000000004d8af0 R15: 0000000000000006 [ 841.045750] CPU: 0 PID: 29374 Comm: syz-executor0 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 841.054260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 841.063616] Call Trace: [ 841.066220] dump_stack+0x244/0x3ab [ 841.069863] ? dump_stack_print_info.cold.2+0x52/0x52 [ 841.075065] ? perf_trace_sched_process_exec+0x860/0x860 [ 841.080527] should_fail.cold.4+0xa/0x17 [ 841.084601] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 841.089730] ? up_write+0x7b/0x220 [ 841.093288] ? down_read+0x120/0x120 [ 841.097018] ? ima_get_action+0x7e/0xa0 [ 841.101013] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 841.106047] ? xas_create+0x2bf/0x1170 [ 841.109942] ? mark_held_locks+0x130/0x130 [ 841.114175] ? xas_find_conflict+0x890/0x890 [ 841.118573] ? ima_add_template_entry.cold.4+0x3c/0x3c [ 841.123845] ? mark_held_locks+0x130/0x130 [ 841.128104] ? refcount_inc_not_zero_checked+0x2f0/0x2f0 [ 841.133548] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 841.139077] __should_failslab+0x124/0x180 [ 841.143301] should_failslab+0x9/0x14 [ 841.147092] kmem_cache_alloc_node+0x56/0x730 [ 841.151572] ? ida_alloc_range+0x609/0xc70 [ 841.155798] ? lock_downgrade+0x900/0x900 [ 841.159958] __alloc_skb+0x114/0x770 [ 841.163664] ? netdev_alloc_frag+0x1f0/0x1f0 [ 841.168058] ? mark_held_locks+0x130/0x130 [ 841.172295] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 841.177845] ? apparmor_capable+0x355/0x6c0 [ 841.182165] create_monitor_ctrl_open+0x148/0x9e0 [ 841.186993] ? send_monitor_note+0x480/0x480 [ 841.191390] ? security_capable+0x99/0xc0 [ 841.195547] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 841.201073] hci_sock_ioctl+0x37e/0x810 [ 841.205120] ? hci_sock_sendmsg+0x26d0/0x26d0 [ 841.209603] ? usercopy_warn+0x110/0x110 [ 841.213656] sock_do_ioctl+0xeb/0x420 [ 841.217445] ? compat_ifr_data_ioctl+0x170/0x170 [ 841.222212] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 841.227140] ? workqueue_set_max_active+0x10/0x3e0 [ 841.232072] ? __f_unlock_pos+0x19/0x20 [ 841.236037] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 841.241218] sock_ioctl+0x313/0x690 [ 841.244836] ? dlci_ioctl_set+0x40/0x40 [ 841.248799] ? ksys_dup3+0x680/0x680 [ 841.252504] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 841.257440] ? dlci_ioctl_set+0x40/0x40 [ 841.261403] do_vfs_ioctl+0x1de/0x1720 [ 841.265286] ? fsnotify_first_mark+0x350/0x350 [ 841.269855] ? __fsnotify_parent+0xcc/0x420 [ 841.274163] ? ioctl_preallocate+0x300/0x300 [ 841.278558] ? __fget_light+0x2e9/0x430 [ 841.282543] ? fget_raw+0x20/0x20 [ 841.285983] ? __sb_end_write+0xd9/0x110 [ 841.290040] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 841.295559] ? fput+0x130/0x1a0 [ 841.298829] ? ksys_write+0x1ae/0x260 [ 841.302617] ? security_file_ioctl+0x94/0xc0 [ 841.307033] ksys_ioctl+0xa9/0xd0 [ 841.310478] __x64_sys_ioctl+0x73/0xb0 [ 841.314357] do_syscall_64+0x1b9/0x820 [ 841.318237] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 841.323587] ? syscall_return_slowpath+0x5e0/0x5e0 [ 841.328501] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 841.333332] ? trace_hardirqs_on_caller+0x310/0x310 [ 841.338351] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 841.343383] ? prepare_exit_to_usermode+0x291/0x3b0 [ 841.348417] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 841.353289] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 841.358467] RIP: 0033:0x457519 [ 841.361650] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 841.380549] RSP: 002b:00007f6007c87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 02:11:14 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x3a2, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:14 executing program 3 (fault-call:5 fault-nth:6): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) [ 841.388256] RAX: ffffffffffffffda RBX: 00007f6007c87c90 RCX: 0000000000457519 [ 841.395517] RDX: 0000000020000140 RSI: 00000000800448d2 RDI: 0000000000000005 [ 841.402779] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 841.410040] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6007c886d4 [ 841.417318] R13: 00000000004c1f82 R14: 00000000004d2d90 R15: 0000000000000006 [ 841.511493] FAULT_INJECTION: forcing a failure. [ 841.511493] name failslab, interval 1, probability 0, space 0, times 0 [ 841.543635] CPU: 1 PID: 29394 Comm: syz-executor3 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 841.552180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 841.561551] Call Trace: [ 841.564162] dump_stack+0x244/0x3ab [ 841.567814] ? dump_stack_print_info.cold.2+0x52/0x52 [ 841.573023] should_fail.cold.4+0xa/0x17 [ 841.577099] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 841.582219] ? __save_stack_trace+0x8d/0xf0 [ 841.586561] ? save_stack+0xa9/0xd0 [ 841.590214] ? save_stack+0x43/0xd0 [ 841.593850] ? kasan_kmalloc+0xc7/0xe0 [ 841.597752] ? kasan_slab_alloc+0x12/0x20 [ 841.601912] ? kmem_cache_alloc_node+0x144/0x730 [ 841.606679] ? __alloc_skb+0x114/0x770 [ 841.610585] ? create_monitor_ctrl_event+0x43/0x3b0 [ 841.615612] ? mgmt_cmd_status+0x2ae/0x460 [ 841.619856] ? hci_sock_sendmsg+0x1e47/0x26d0 [ 841.624361] ? sock_sendmsg+0xd5/0x120 [ 841.628260] ? sock_write_iter+0x35e/0x5c0 [ 841.632504] ? __vfs_write+0x6b8/0x9f0 [ 841.636401] ? vfs_write+0x1fc/0x560 [ 841.640136] ? ksys_write+0x101/0x260 [ 841.643956] ? __x64_sys_write+0x73/0xb0 [ 841.648039] ? do_syscall_64+0x1b9/0x820 [ 841.652335] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 841.657724] ? __alloc_skb+0x150/0x770 [ 841.661638] ? mgmt_cmd_status+0x39/0x460 [ 841.665803] ? hci_sock_sendmsg+0x1e47/0x26d0 [ 841.670312] ? sock_sendmsg+0xd5/0x120 [ 841.674219] ? sock_write_iter+0x35e/0x5c0 [ 841.678470] ? __vfs_write+0x6b8/0x9f0 [ 841.682368] ? vfs_write+0x1fc/0x560 [ 841.686082] ? __x64_sys_write+0x73/0xb0 [ 841.690135] ? do_syscall_64+0x1b9/0x820 [ 841.694195] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 841.699654] ? fs_reclaim_acquire+0x20/0x20 [ 841.703975] ? lock_downgrade+0x900/0x900 [ 841.708124] ? ksys_write+0x101/0x260 [ 841.711940] __should_failslab+0x124/0x180 [ 841.716172] should_failslab+0x9/0x14 [ 841.719980] kmem_cache_alloc_node_trace+0x5a/0x740 [ 841.724985] ? kasan_unpoison_shadow+0x35/0x50 [ 841.729567] ? kasan_kmalloc+0xc7/0xe0 [ 841.733459] ? check_preemption_disabled+0x48/0x200 [ 841.738473] __kmalloc_node_track_caller+0x3c/0x70 [ 841.743408] __kmalloc_reserve.isra.40+0x41/0xe0 [ 841.748212] __alloc_skb+0x150/0x770 [ 841.751938] ? netdev_alloc_frag+0x1f0/0x1f0 [ 841.756335] ? __alloc_skb+0x4c1/0x770 [ 841.760221] ? netdev_alloc_frag+0x1f0/0x1f0 [ 841.764633] ? refcount_inc_not_zero_checked+0x130/0x2f0 [ 841.770098] ? hci_dev_get+0x10c/0x150 [ 841.774021] ? lock_downgrade+0x900/0x900 [ 841.778190] ? lock_release+0xa10/0xa10 [ 841.782179] ? __kfree_skb+0x20/0x20 [ 841.785893] create_monitor_ctrl_event+0x43/0x3b0 [ 841.790742] ? sock_dequeue_err_skb+0x423/0x430 [ 841.795404] mgmt_cmd_status+0x2ae/0x460 [ 841.799465] hci_sock_sendmsg+0x1e47/0x26d0 [ 841.803774] ? hci_send_to_channel+0x50/0x50 [ 841.808188] ? aa_sock_msg_perm.isra.14+0xba/0x160 [ 841.813129] ? apparmor_socket_sendmsg+0x29/0x30 [ 841.817900] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 841.823450] ? security_socket_sendmsg+0x94/0xc0 [ 841.828220] ? hci_send_to_channel+0x50/0x50 [ 841.832649] sock_sendmsg+0xd5/0x120 [ 841.836376] sock_write_iter+0x35e/0x5c0 [ 841.840459] ? sock_sendmsg+0x120/0x120 [ 841.844472] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 841.850001] ? iov_iter_init+0xc2/0x1e0 [ 841.853967] __vfs_write+0x6b8/0x9f0 [ 841.857672] ? kernel_read+0x120/0x120 [ 841.861563] ? apparmor_path_rmdir+0x30/0x30 [ 841.865975] ? lock_release+0xa10/0xa10 [ 841.869945] ? check_preemption_disabled+0x48/0x200 [ 841.874957] ? apparmor_file_permission+0x24/0x30 [ 841.880334] ? rw_verify_area+0x118/0x360 [ 841.884495] vfs_write+0x1fc/0x560 [ 841.888031] ksys_write+0x101/0x260 [ 841.891654] ? __ia32_sys_read+0xb0/0xb0 [ 841.895707] ? trace_hardirqs_off_caller+0x300/0x300 [ 841.900806] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 841.906364] __x64_sys_write+0x73/0xb0 [ 841.910277] do_syscall_64+0x1b9/0x820 [ 841.914193] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 841.919575] ? syscall_return_slowpath+0x5e0/0x5e0 [ 841.924504] ? trace_hardirqs_on_caller+0x310/0x310 [ 841.929514] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 841.934533] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 841.941188] ? __switch_to_asm+0x40/0x70 [ 841.945241] ? __switch_to_asm+0x34/0x70 [ 841.949329] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 841.954164] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 841.959347] RIP: 0033:0x457519 [ 841.962529] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 841.981444] RSP: 002b:00007f9349bbdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 841.989147] RAX: ffffffffffffffda RBX: 00007f9349bbdc90 RCX: 0000000000457519 [ 841.996406] RDX: 0000000000000020 RSI: 0000000020000080 RDI: 0000000000000005 [ 842.003673] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 842.010942] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9349bbe6d4 [ 842.018237] R13: 00000000004cb488 R14: 00000000004d8af0 R15: 0000000000000006 02:11:15 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x4000, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:15 executing program 3 (fault-call:5 fault-nth:7): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) 02:11:15 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x326, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:15 executing program 0 (fault-call:10 fault-nth:1): ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:15 executing program 1: r0 = socket$pppoe(0x18, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = semget$private(0x0, 0x2, 0x90) semctl$GETVAL(r1, 0x0, 0xc, &(0x7f0000000040)=""/26) connect$pppoe(r0, &(0x7f00000001c0)={0x18, 0x0, {0x3, @local, 'ip6_vti0\x00'}}, 0x1e) ioctl$PPPOEIOCSFWD(r0, 0x4008b100, &(0x7f0000000380)={0x18, 0x0, {0x0, @empty, 'ip6_vti0\x00'}}) r2 = accept(r0, &(0x7f00000003c0)=@ll, &(0x7f0000000440)=0x80) sendmsg$kcm(r2, &(0x7f0000001d40)={&(0x7f0000000480)=@in6={0xa, 0x4e20, 0xedeb, @remote, 0x7fff}, 0x80, &(0x7f00000017c0)=[{&(0x7f0000000500)="0d52d5cc3b1b5e8a594e5408f9864a6dffd5f9911072f5b51227b823c14aef90ba840067ba1b86ab50ad330e7a8b19ae2ea146d0efa3e1a92f6c1fb7c054085bf46a5500b5470c99ab10ebd4c968d1e612ce5d14f9316a756ddea38a03388b42490204fb20c695f73a17f967329997e017b7a99b1a56af25624369a5a3abdede5ef305395a93b720", 0x88}, {&(0x7f00000005c0)="bfe967f1e559eb166c8dacceae9b97ec25114889", 0x14}, {&(0x7f0000000600)="fa50465c215f3a2dbec12c0f67c20bd9934f8edef425757883ecef839446172b96c5d870fb7110de910ba63460704a4a52c69beb1f719e8daec675a1b6df53bcb407996360224b5d9d5c809252e68ee9f7a54a2ed4720125a421cbd4fdccf58b31361436dc4d90ad4ef3f34fefe6cd804cf8503fb11dc7f1148de080fbea9ac72b763a9960b042d93e5c3010cb93f186e664f526129ae91c1e861263751741fba742d1fa9faa434fffa0924f81772a250b625179c70f41bda73cd40f79b1a1a783059247baceb31b4b4a6f305aae871de31a2da6a5e8eff95f62fe0d0d72ce43b6cd9360003b0626c39063cb2f405a382c3468966d812dc98c36b8cd1843e8748ca4686c10990ee988f31527ea512eb596847e687265fc1d86ecbc51860e502ea429915dccfe7a421f8ee88d8a805774c7ce2a18ae367f45f0aeeef00a74cb55933db735d6734171d3ed3ff7a156425bfe1d977b992cdd10e000cb436f18d9be300a9a4a22dbe3a657cecf85de635a775618f31318944605dffcb5d0ba03c1d2f0af02af36c66b8670d1707c70466d8b20953992c76131a4f8db7d46419921129380edd75abd1fa4cc23c63682e974797e8241525c89f6343b6c1c92d88fc9fff2467eaf03215d96c5a0c21e7c78879b39937887fdcdf56c3e0d955ec1143288859d36b452f6952308d9ee18bc3b141413a570750a30a725dd84e46b2623aaaf39e17b752f1991199e559f89b32b11458886d6d3e17d77b1738b2ca069335432b1b64a145fad7df584b88654329dc6f9cabe7f40822f41e4e7c239c66be8745dad2262e238b6c29304d916e0d5635fe1c121ea86e3710b2d96e535c88e8d523dab4579b8dbd35a9cd20d1033067bf26c0dbfe88e6f97546692465264ccf68ef03d2e89ee842872d71186301640044d14988b9b2120d454194de572275cc4032193b9f899b412bfcf00786dd02dcf8318b7deafc2495ce2c4c597f7c4037774a5af93b91e9fec3645282fbc0c79a60f16f842852fcccb127224a620be091740b212732dd8383fa734c86f1e61f2b29b18ec7bc4484e3b12b3aa1b3c632ffe36bc57e4a00f204e7fa7c570d466e25149b6128a5b438471d639557364183a55d2944b1bce91a19599c3fce2bc864ef151384dde5df0fc4fa7dc5883c693c700e07cc65e1f807b885505744a8d6807c520a09116b8cf63667f4fcabda62e23bdd8eb862a8dfa1ff15b9321ab0c201abc43e8c129aeec1ed7f0e0888e5e964256aa96959f1db58ceada73f47ad3dce5246a56bf68473725046e6386ff763a8a0c5ae15150c17294624628068cdd137d9e1f023f2a3591c692239fcfccbcdde9068eb4225128d29e2c023a92951dd6285defcbbda2a6d2b2e5f21641ddff760f3b7800c6faf1bcf6375182439422910576a260484c06f43a69e49f0f46b55ffb13c42f99da531e066ee0ded77052bf4ca377b53f9837fc991783bb13e203acf5ac513bfc913a5e64e2079cd91892e191c2f10c28c3a3cb5f9701d8d191407d9b8079d7d58392b0e69172afb6469b82cfdb15f32236d329b023ad338958b6b48cb2755a810d8be7e8f57f1ea469465a5a340360725cfd6f7897a3ce1f4d4c75536eeef49f0b3e0e999bcc75990fe291330850745515df9fe4cecec1352d413fc459811878214a80ede897733d9cdf4b9ee9ee1c023bd6a5e4a08fdd0d3c546ba0d0dbca48b9e31065202ef5ade0ffc259db739b740be0986af2939480e4fae9ccb64e2df947912bfb25bc039c72f4407a5d4f118c621c12914a519e68b5bb7e550897361a40e5ba07f938e5187d16e32f7e2b7b0d489d9d7be832a676cf355537c1492648f8b7d7e9d05cabeacfee7c5205c2497d82c1072a76542b42fad69bf8d1750380559cdb0a06cbca47f0f23230369966529acbe1ebf8451ccbf2aacb8006986cd8c246f47730ca73a35dbe9905d66888e4dd511058bf2ed591098281af2cc84e7b40ee9f05115a9fb1dcd49a66a4a63cd2fdfb3a5d407825f95fa2a991148517d374965b283ad4420cc3964805e5f9132e30f1ade66d376230e4ca020976d574469036f6963f33b088195c6f27e4b89df4f6a501e85501b7830b7742180372093b91c16c824465880f54c0df0e370d0d95417eb72f6989430313ad7e4cd53ea1624dd4b074d772572a45c9391d740bd7604fd1ab4d2a9808b1d45a00eabd324ecd361a3bc97e23c43c93a55db2278c07c9efca69bcdce79e89ea45feb7cb0589436f3eb73e7bf998c0658bdb119b31bd4f8649d645eea5db10fd4fed46f4653241a5b8d14fccd71c8d1eb2f76ff8bbd7050fbfe00cfbebde56a70ab4455611641a1e3bb5f3605b08ed24ea1343a039f1121f0b4d3707ea2c31f15a6f1bdf7b7cbf65ade2ccd0f02e6b95e27285a608a74ea79e477fd66d5e9bc37723fa7b3f7b20ba18daa2658cdccc763f24370cd748d14400ae8d3a0e53fed58fb0dd16d858a832043f9db5cb9ac7669daa4a6978c71e1b30a53b51069bb6519385388f4f862fdfc16c9fc7dcc7dfe25e4b683af141dd38f2b95004b480947fb06a09f93f5390436036cc7c1f45e9b196b4db5d59a65aadce842e5d13a3a9367d72140154864e5a1bc68f79df83107d2ac05c07dc91eb6082cf018f1a614d7ce3e0e4a9d14cfd354151cf7dd3be5827e07f6c7170737bde4234ba81724decc273e9b9b81f03d0bce6a9b069a6d6ad44245db9089f8fe7db25662c488c9e02c4bfe3e4b9a4b946affa165302d1311c24248aa5b546ce168b4699da12ecbc21166063781d13e06a959b1677494a11bb5a5c7df96303235871ca7199d13a1ee64ef8ee51005b5388bfe405c0e8dabf30d26ff5548452ab55a46d627f16dac4fa6a102ebfcf804b3bb57659e01094125f4c9a986a32a27eb7218da7dad62a0cabaae568c23eae38d2132f89f884b43d9af0eed84ec296344a3544498ccd34a35160f3afb84d6694371b1a51c894e522f869158ba9210ee9c8cd124a2f18bce396bdfc76959ba83edfc010f6a774e745a716b50155f080319ccfe18e7b68868592b227cb3c9ec03da9961a0cb2dd46aee19220261046bfe8f39b26a385970730c0f343db28bf92e3ff269264e126e04c038da0d17e1676f44090863f05f9dde22f6c126b7e0be78774cf5d9565b22f7adad40dcf5c33f519f02a75a7116327a0b9c60ea2d30bc81e429427bed2f5d92842d0613c8f8bf16e72940c1b0cab150bb18b418bd5d001121103863a327045465adddc95d5c777cff3dafcf52f4e6e2fd5d7709514a9adc338cffb2f0d66b3f783eace1c759a86807cd2c2bcc406d8b21229a0ccef261b3f674e74e2fe5867fb0aee0b3e19301485af68c156a2cf309b748bee4e1bf9a83ec98939b1120bdf9cc5f50964b187dc8577d27961fa5bf57bc45880bffa95441074fd06ad0a9bae6f362966032896451aeb771a486ac581efe55f04342765cc0d430e61b61d651b17adebb49fe204507d4381f694f4fc872ec8e76e857a4f62742981e155bdd8b735090feb7eddee7e6366b7031817d8001b3d4ebdc7887b37c5d6d7d32610b739d5e5dd23c8ab739baff968fa54065e94dbec01b346f53445371d6dab601ededc3130d615e7401c9f189e579d614c1f2d675dba4154b3e9a7e1648ef0733f79602a89325469f818cd053503419501488499457cd9201cd1ee0f3f60d883a59ec50985811ff55142d170e4d4b1f4f8d91d62651a1dca0e997c503a26c2a16636e18fe80f245981bd775f60563113883d178b46ab5ecca260bfaf99a75b71e6af988f6cb330cf8291c98e45b946937b3e3f00cf2ad91e508e2a7d3605c9e3dc4fe87959fbebae56364f94da555990cfda48b2d4a9624a3b8b43303d54789d09dc412f457ee9c475fb80ff440b0f5dbe445e4ae831db281d9d2c27f980c3b6f65d87e2ad5d74ce0d47632a60fc7b59bd18e7fac828b94b873d579ad68ccddc7ae6aa98698cd2315d6c2885c8a3adb059fbc00b9e434194f228a313e7fced03147b99073b6a8a9d88a902980bd93601d6671a19f098d42874c03610995cc1138bda71c769a7b868ac0e3f60a44c7ce52ebaaa7794c70df4c65354e2746b0ee3653d20773f41b0f29186686f2a361cf1efd466b76658a438022e81b02f5c863f7a3b349b7615c8d36629e03c815c641f78bf62aab90d801ff59dd030ddba9c45ebe33949efda69f24f6514d9e6f75c6cb20deb5d05484906a7fe75181e14076c9baf760ea8de0e13d11711bb02b7b673f9fe570587c63de359ba0bf5fc4bb919f96db495734f3403be63b8179f13c92d7b784d6c41b1929c33d955a738c1b399bfd92f95e57dc89b50d8ba9a1bcc20c2d80214727fd7124d81c0e05206aaf96b891131ca1b8ac11e83708b09caeb1505db1496d755f9311318bf6ed870df0047b9103cfff61360809b0f702f7894b0c7711fb55dc91deeae9cf1465dce4fac9ac30becda4daaae4d10666bf33a11cc5a0292a47d32809664dc3967cdfe1ba95b6b4ffef0e9bbc29d50d034b6b371f18788fed47a174f36e5a454381f9d5adf09be3ec8e72cd803d162c70eb5058eae941e09459e630ca5788bccb64e00a898c2a3949cd46c2aa1cbc41f5ed56f4f288fa9b33abcba06aab17391c7aa625e299c22918ec4b9b895c075234851af42de3458386d83bf4c6e8592e9e1ee1d68f7a67d64f2a6672d5fe8d2836e30fd92528273088b043f47c703279308f8ef94692a9e19315af0689b874801bf255d1508b8afe75b1afcf6b3dfbcaf98848a8ea20b6363f64335cac73e5a7ceacfd5eb39bd5fa10b0527af5fe7bdf2aa46bb46702bae1cb81fea9c4f4b1ac5760e017bff059684168a1d8e3ea175b47953ef2814e0d59c9adfe7bd1d1e0dded173a7351d80c38568ef88bee3375d87e0ce1374847d61f9c63e21cfb8e2f3e4b5dc6b193f0ec468b55daf3acdc924b7a98320147214d23e8084e013ff36fef43ce1841c9a8897094c032d1063a3f945cf8d31f58fa2cbde4fb1d282da10da54cd4807c67ea15b843c47d139d88a5e4654260b4b88ca1791815c5e293ebeeba6c2c7e679d5aab369c1f7eeb13407e6479b8d4404feee31ea1733e24e5b981b384e0bafa5076228f61fb8202e4cf54154f7bb70162f0125637cce6a31fa714374c6379853bc1d84b0cf38f5c766fb18b02323918884f9968e37f082f04bafbf788dc612dc08492dc38e37f7fce9d00bfb177cb9fbe68816c84e3215dfadc11200be443f042ef0f56c73f0d919d035dd7cb74253a77cd791ff845f02e93e7f46ceb65962c33cf69d17578f5c0f7e55d33941832b18b40319b04302075d87de2f90aae494ed6f74a676bbb3047677db6f66c23bfc2e7806d796fa36beefaeb4742dfc83fe237d17a1a058660008677f6512746ba3e7cf3ce0246c691fd40b3a516dfb59b5bae0a6d45c30e56903a1ca8aa2f4c3707f3c783f4f3d2d218f7cf827441c0add6c94a7a16ca7d13a8cffcf2ae2e3b169d84229f4b7bad871b5eec1188aa5a6fe4f4b873992e73c1bd8b68c5a2463e4a08ff93a827657376555af387e87e021b5e30af8012293773849f37343c8707c5a7c06a6625f1d7fa0928432d2ca207592c1b3966f71e24b29c8bf6970aa8548d3e1109153ebb0a8baa1582bb1c74b8c2e8d64db799c05ac0f61d1fc71f114729fd3efea125536412bac5a981a4a4842fe2a1e4a88303b609145fffd92a9e39a0da9ce45114156a370229485ba41d969701aaf3b8c408582f4a2260b3b54fb0f", 0x1000}, {&(0x7f0000001600)="de1067de7936b9ea5b631aefe084e2f593a595811ba3ec9e2ff1fbf01b6e27ceb2e554e111f8683a9fbfc78379df0a07d3818b526a3e8433763ef7d24e006c0e5f85f11d7954149dd923f72bea77e87a9eae31fe8b1249404d086cb1b1f286196219bbef46655a96a2321dec495d753aaca3436d45e8995d96801a152525b3d13ce3195675c594e20fab92d3202261df2f9c82183daded88c686ca86918bc1c3", 0xa0}, {&(0x7f00000016c0)="404d7c233902de37e11d9c8fff94412323a66f219c71dbd5eadc15b286fb6ab08d889c5b119174ffb7274fa81c1cada18d2d3e147d669432c6013ee5b33412d76250403e0711fe51ed229f3b9ac3b184312fbd4057720171832d10ecf1403b10a0876c33216ddaf2ad5ed2347a3df667f63b89b40fbe94a59e1af839e60f44e89889792acbcdbf9ce08509dd9c7529a108e5887044a905810280a85711de697bc1115aec38a8a33a7ad1717d83b0ffdd571e81bb9402ec9863ced247245ac21b9a1e601d8392ba03c6666cd22dedbf4aa0584a0624214427e05cc899ed79fce0718fd5659284da9d25f291b9", 0xec}], 0x5, &(0x7f0000001840)=[{0x110, 0x105, 0xfffffffffffeffff, "648bd4e6575b89f39cafa0502c7184e0d749fc6ce2285b2533af9427421c82ad96ca810b985a89fb1f5a1bf9bcf6a0c01fab881efe28c6d290ce5459e57b11a3554e7f7bcb202dc0c3475030b4a759c3f27c23a6f5228b1800a878bb839ac103b0ccedaf622decd0166b093a4cfeb1ba75c86bdd40bdafe93d30935eee644d31c21f8c932da921e7e44d2a08dde89c4516836e3f7f4929cf78285d77a336ed2fd722adb6804578081cf6feebdfea729a57939d1feefeb5b381f873fc9f497354125c9417de578ed76c16f71ddc78e8b1c7dbc9f044363d0bfe4d748daa1f348e3b841342a05b99c184a5e4e9c7a1c067d06d6f044f4baf1409"}, {0xb8, 0x12b, 0x78, "9f9f87041d7aba2574023905e5e36dd233e9b70d01de630bf93a63b85b288db5bcd5e2b2138b79f7e7426dc478de432359b5da360ee11c53915b8ea17473ed5ab4a079e62d069e738385eb019309ce1b4989cd1ab745331b86cb760fe7429eaf520286af9da0365102450e11d3089d0d6d8847df252913644071331c6bc95a0afbcfa4921515b3f54edecd2d205be736654ae15ccede2682f94b9645a2d08968d68926af65"}, {0xc0, 0x112, 0x2, "03b9608ff7706f0cfb5f8c98ceaebf766be9d5eed266aafe1ca8ce5053fb0d19e043e62aab9cbbf7712198d71fb288ceb068d6cc0d116e2f28112ab0aeb54a86e30a052eab66eb48491778afd6ebc561a59b4cb17f0bf67e5da3e25018bebce385fb39a28c1f68eb4c014acec5559f03438b55c6a3bad3684b3639e7f9ad58b37294dade1a0a93705413e5603f4e3508b4a8b5dd8f775b0073d6ae0504198c0576b3bec19209296a0002fe576c425c1d"}, {0x38, 0x118, 0x4, "0a64833758384368d15fe72ac8cc1f4dcc1b8350a76b5c04bc68898103d6c5e93210c88f31"}, {0x58, 0x10b, 0x56, "cd5a984d4e1caa7eb57b960328a218fe1cf28b682ee989104e45a94926c986f5b749365fd4811a256ac9446e21c77027f8760f6b6e60a919684dc1caf830dec85be380a5"}, {0x68, 0x88, 0x4, "3d87a406169ffbb19d29913443b0475b5fff34d7672efbc38e000004198a505ee3a1aa16cec5e97b142694c0ae1f556ad36fff7668f7154abbf21231c06898509d14dc14bf0a8cdd0e42d9ca544eda07f686bb4c2a9a09f2"}, {0xe8, 0x114, 0x3, "258054658f99e51cbe8486593d63805f14ef8f69c91dcbab165245c6af83e4907405385c5125caef305482f7dbd9ef471f44c83b9280c6f924a7419a3d544517350f8948c985ae7f5d7142bf90e5f2187a8e9f6904a5328c508b52355591ac9a3c8f30ceeea21b6965344ccf32db374328e3752cd9ce06dd3b8c96fee24a8077cbcc03c81d3efce2efa26c49ee6d818607e15a14e1d8c5795b78befa63d67eed7ebd958803dc8d66660f726d0167abdb36d23b4cb96f841a73b3b7e3a9761e84289a08094fdefe7cee8ff87589974cbd703979c48d3c55"}, {0x88, 0x199, 0x3f, "7610f68ea21cbdcd7b5f097135ebfcc747d83c46e40ee6dcc27e0219213669017520edfc7a25e524b22af46b50d4573f2af03f81696f049250bbc0244265074d25ada3c6e4b8de652e9bcfe5db43ca8dfc54695545f6f83dca44242580073e759445f35ad303c14c2daea959fc954fd77ed1"}], 0x4f0, 0x50}, 0x40000) socketpair(0xa, 0x5, 0x2, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$UI_SET_RELBIT(r3, 0x40045566, 0xc) 02:11:15 executing program 4: syz_emit_ethernet(0x3e, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff08004500001400000000006c90bbac1414000304907800000000450000000000000000000000acce9ff81a141400"], &(0x7f0000000000)) 02:11:15 executing program 4: r0 = openat$qat_adf_ctl(0xffffffffffffff9c, 0xfffffffffffffffe, 0x800, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000000)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0x10) unshare(0x8000000) r1 = mq_open(&(0x7f000084dff0)='!selinuxselinux\x00', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000664fc0)={0x0, 0x1, 0x5}) mq_timedreceive(r1, &(0x7f0000000040)=""/50, 0x32, 0xc84e676dc11b, &(0x7f00000000c0)={0x77359400}) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000080)={0x1, 0x8, 0x8, 0x200000, 0x0}, &(0x7f0000000100)=0x10) setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000140)={r2, 0x65}, 0x8) mq_timedsend(r1, &(0x7f00000001c0)="cfe0cd36d267eafda77ba395d440b0e441ad6f4f63abdddec5a896b85faefcaebdb6b0060d6916c377ba1fcb373cda4823d100e17a02fd3962672837f9326c9ee7773dbc14f922727ab73cef1ceb2dfca5136aa4950a928e5a5db5d0e52af1312d500800380c68feb14b8f2c153dd43e8aeb840c6ca5d63fd0c98c0fcb237fb17e70c590879e5014b0be33", 0x7e, 0x0, &(0x7f0000000180)) 02:11:15 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x21a, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) [ 842.223535] FAULT_INJECTION: forcing a failure. [ 842.223535] name failslab, interval 1, probability 0, space 0, times 0 [ 842.264918] CPU: 0 PID: 29422 Comm: syz-executor0 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 842.273469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 842.282839] Call Trace: [ 842.285457] dump_stack+0x244/0x3ab [ 842.289108] ? dump_stack_print_info.cold.2+0x52/0x52 [ 842.294382] should_fail.cold.4+0xa/0x17 [ 842.298501] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 842.303632] ? __save_stack_trace+0x8d/0xf0 [ 842.307986] ? save_stack+0xa9/0xd0 [ 842.311638] ? save_stack+0x43/0xd0 [ 842.315289] ? kasan_kmalloc+0xc7/0xe0 [ 842.319195] ? kasan_slab_alloc+0x12/0x20 [ 842.323366] ? kmem_cache_alloc_node+0x144/0x730 [ 842.328161] ? __alloc_skb+0x114/0x770 [ 842.332070] ? create_monitor_ctrl_open+0x148/0x9e0 [ 842.337112] ? hci_sock_ioctl+0x37e/0x810 [ 842.341270] ? sock_do_ioctl+0xeb/0x420 [ 842.345253] ? sock_ioctl+0x313/0x690 [ 842.349065] ? do_vfs_ioctl+0x1de/0x1720 [ 842.353130] ? ksys_ioctl+0xa9/0xd0 [ 842.356761] ? __x64_sys_ioctl+0x73/0xb0 [ 842.360831] ? do_syscall_64+0x1b9/0x820 [ 842.364902] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 842.370281] ? mark_held_locks+0x130/0x130 [ 842.374530] ? xas_find_conflict+0x890/0x890 [ 842.378949] ? perf_trace_lock+0x7a0/0x7a0 [ 842.380316] IPVS: ftp: loaded support on port[0] = 21 [ 842.383199] ? _raw_spin_unlock_irq+0x60/0x80 [ 842.383218] ? finish_task_switch+0x1f5/0x900 [ 842.383235] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 842.383255] __should_failslab+0x124/0x180 [ 842.383274] should_failslab+0x9/0x14 [ 842.411018] kmem_cache_alloc_node_trace+0x5a/0x740 [ 842.416038] ? kasan_unpoison_shadow+0x35/0x50 [ 842.420625] ? kasan_kmalloc+0xc7/0xe0 [ 842.424522] ? check_preemption_disabled+0x48/0x200 [ 842.429552] __kmalloc_node_track_caller+0x3c/0x70 [ 842.434480] __kmalloc_reserve.isra.40+0x41/0xe0 [ 842.439244] __alloc_skb+0x150/0x770 [ 842.442964] ? netdev_alloc_frag+0x1f0/0x1f0 [ 842.447363] ? mark_held_locks+0x130/0x130 [ 842.451596] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 842.457123] ? apparmor_capable+0x355/0x6c0 [ 842.461446] create_monitor_ctrl_open+0x148/0x9e0 [ 842.466279] ? send_monitor_note+0x480/0x480 [ 842.470675] ? security_capable+0x99/0xc0 [ 842.474817] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 842.480344] hci_sock_ioctl+0x37e/0x810 [ 842.484305] ? hci_sock_sendmsg+0x26d0/0x26d0 [ 842.488803] ? usercopy_warn+0x110/0x110 [ 842.492861] sock_do_ioctl+0xeb/0x420 [ 842.496652] ? compat_ifr_data_ioctl+0x170/0x170 [ 842.501409] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 842.506342] ? workqueue_set_max_active+0x10/0x3e0 [ 842.511268] ? __f_unlock_pos+0x19/0x20 [ 842.515251] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 842.520440] sock_ioctl+0x313/0x690 [ 842.524058] ? dlci_ioctl_set+0x40/0x40 [ 842.528050] ? ksys_dup3+0x680/0x680 [ 842.531768] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 842.536685] ? dlci_ioctl_set+0x40/0x40 [ 842.540656] do_vfs_ioctl+0x1de/0x1720 [ 842.544534] ? fsnotify_first_mark+0x350/0x350 [ 842.549105] ? __fsnotify_parent+0xcc/0x420 [ 842.553415] ? ioctl_preallocate+0x300/0x300 [ 842.557825] ? __fget_light+0x2e9/0x430 [ 842.561785] ? fget_raw+0x20/0x20 [ 842.565237] ? __sb_end_write+0xd9/0x110 [ 842.569288] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 842.574809] ? fput+0x130/0x1a0 [ 842.578077] ? ksys_write+0x1ae/0x260 [ 842.581869] ? security_file_ioctl+0x94/0xc0 [ 842.586283] ksys_ioctl+0xa9/0xd0 [ 842.589735] __x64_sys_ioctl+0x73/0xb0 [ 842.593618] do_syscall_64+0x1b9/0x820 [ 842.597495] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 842.602865] ? syscall_return_slowpath+0x5e0/0x5e0 [ 842.607796] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 842.612636] ? trace_hardirqs_on_caller+0x310/0x310 [ 842.617646] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 842.622664] ? prepare_exit_to_usermode+0x291/0x3b0 [ 842.627693] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 842.632549] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 842.637737] RIP: 0033:0x457519 [ 842.640921] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 02:11:15 executing program 0 (fault-call:10 fault-nth:2): ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) [ 842.660154] RSP: 002b:00007f6007c87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 842.667864] RAX: ffffffffffffffda RBX: 00007f6007c87c90 RCX: 0000000000457519 [ 842.675132] RDX: 0000000020000140 RSI: 00000000800448d2 RDI: 0000000000000005 [ 842.682391] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 842.689653] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6007c886d4 [ 842.696906] R13: 00000000004c1f82 R14: 00000000004d2d90 R15: 0000000000000006 02:11:15 executing program 1: creat(&(0x7f0000000700)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, &(0x7f0000000100)={0x77359400}, &(0x7f0000048000), 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x6, 0x100000000000031, 0xffffffffffffffff, 0x0) tkill(r0, 0x1000000000016) syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000100)) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000200)=0x5) mq_timedsend(r2, &(0x7f0000000180)="a158593ce3aa5ebce568af882ffc9cfe7f526228f1504d50", 0x18, 0x400, &(0x7f00000001c0)={0x0, 0x1c9c380}) perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, r2, 0x0) 02:11:15 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) [ 842.780024] FAULT_INJECTION: forcing a failure. [ 842.780024] name failslab, interval 1, probability 0, space 0, times 0 [ 842.818378] CPU: 0 PID: 29436 Comm: syz-executor0 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 842.826911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 842.836281] Call Trace: [ 842.838886] dump_stack+0x244/0x3ab [ 842.842527] ? dump_stack_print_info.cold.2+0x52/0x52 [ 842.847735] ? save_stack+0x43/0xd0 [ 842.851383] ? __kasan_slab_free+0x102/0x150 [ 842.855801] ? kasan_slab_free+0xe/0x10 [ 842.859787] ? kmem_cache_free+0x83/0x290 [ 842.863945] ? kfree_skb+0x1be/0x580 [ 842.867676] should_fail.cold.4+0xa/0x17 [ 842.871760] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 842.876879] ? trace_hardirqs_on+0x310/0x310 [ 842.881295] ? trace_hardirqs_on+0xbd/0x310 [ 842.885628] ? trace_hardirqs_off+0xb8/0x310 [ 842.890051] ? trace_hardirqs_on+0x310/0x310 [ 842.894494] ? debug_check_no_obj_freed+0x305/0x58d [ 842.899545] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 842.905089] ? check_preemption_disabled+0x48/0x200 [ 842.910113] ? trace_hardirqs_on+0xbd/0x310 [ 842.914460] ? kfree_skbmem+0x154/0x230 [ 842.918467] ? trace_hardirqs_off_caller+0x300/0x300 [ 842.923588] ? fs_reclaim_acquire+0x20/0x20 [ 842.927914] ? lock_downgrade+0x900/0x900 [ 842.932054] ? perf_trace_sched_process_exec+0x860/0x860 [ 842.937493] ? lock_downgrade+0x900/0x900 [ 842.941631] __should_failslab+0x124/0x180 [ 842.945852] should_failslab+0x9/0x14 [ 842.949646] __kmalloc+0x2e0/0x760 [ 842.953190] ? hci_get_dev_list+0x8f/0x330 [ 842.957432] hci_get_dev_list+0x8f/0x330 [ 842.961501] ? _raw_read_unlock+0x2c/0x50 [ 842.965649] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 842.970846] hci_sock_ioctl+0x270/0x810 [ 842.974819] ? hci_sock_sendmsg+0x26d0/0x26d0 [ 842.979313] ? usercopy_warn+0x110/0x110 [ 842.983382] sock_do_ioctl+0xeb/0x420 [ 842.987182] ? compat_ifr_data_ioctl+0x170/0x170 [ 842.991952] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 842.996896] ? workqueue_set_max_active+0x10/0x3e0 [ 843.001869] ? __f_unlock_pos+0x19/0x20 [ 843.005859] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 843.011059] sock_ioctl+0x313/0x690 [ 843.014733] ? dlci_ioctl_set+0x40/0x40 [ 843.018724] ? ksys_dup3+0x680/0x680 [ 843.022467] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 843.027403] ? dlci_ioctl_set+0x40/0x40 [ 843.031387] do_vfs_ioctl+0x1de/0x1720 [ 843.035300] ? fsnotify_first_mark+0x350/0x350 [ 843.039867] ? __fsnotify_parent+0xcc/0x420 [ 843.044177] ? ioctl_preallocate+0x300/0x300 [ 843.048576] ? __fget_light+0x2e9/0x430 [ 843.052536] ? fget_raw+0x20/0x20 [ 843.055986] ? __sb_end_write+0xd9/0x110 [ 843.060051] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 843.065586] ? fput+0x130/0x1a0 [ 843.068851] ? ksys_write+0x1ae/0x260 [ 843.072657] ? security_file_ioctl+0x94/0xc0 [ 843.077054] ksys_ioctl+0xa9/0xd0 [ 843.080502] __x64_sys_ioctl+0x73/0xb0 [ 843.084385] do_syscall_64+0x1b9/0x820 [ 843.088267] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 843.093631] ? syscall_return_slowpath+0x5e0/0x5e0 [ 843.098554] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 843.103417] ? trace_hardirqs_on_caller+0x310/0x310 [ 843.108453] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 843.113470] ? prepare_exit_to_usermode+0x291/0x3b0 [ 843.118475] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 843.123306] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 843.128480] RIP: 0033:0x457519 [ 843.131660] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 843.150547] RSP: 002b:00007f6007c87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 843.158260] RAX: ffffffffffffffda RBX: 00007f6007c87c90 RCX: 0000000000457519 [ 843.165518] RDX: 0000000020000140 RSI: 00000000800448d2 RDI: 0000000000000005 [ 843.172800] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 02:11:16 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x14d, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) [ 843.180056] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6007c886d4 [ 843.187311] R13: 00000000004c1f82 R14: 00000000004d2d90 R15: 0000000000000006 [ 844.049056] bridge0: port 1(bridge_slave_0) entered blocking state [ 844.055496] bridge0: port 1(bridge_slave_0) entered disabled state [ 844.062498] device bridge_slave_0 entered promiscuous mode [ 844.069920] device bridge_slave_1 left promiscuous mode [ 844.076340] bridge0: port 2(bridge_slave_1) entered disabled state [ 844.162921] device bridge_slave_0 left promiscuous mode [ 844.168397] bridge0: port 1(bridge_slave_0) entered disabled state [ 845.082847] bond14 (unregistering): Released all slaves [ 845.090879] bond13 (unregistering): Released all slaves [ 845.103595] bond12 (unregistering): Released all slaves [ 845.114569] bond11 (unregistering): Released all slaves [ 845.123490] bond10 (unregistering): Released all slaves [ 845.131937] bond9 (unregistering): Released all slaves [ 845.144575] bond8 (unregistering): Released all slaves [ 845.155840] bond7 (unregistering): Released all slaves [ 845.165726] bond6 (unregistering): Released all slaves [ 845.175743] bond5 (unregistering): Released all slaves [ 845.185453] bond4 (unregistering): Released all slaves [ 845.195209] bond3 (unregistering): Released all slaves [ 845.203617] bond2 (unregistering): Released all slaves [ 845.253745] bond1 (unregistering): Released all slaves [ 845.261827] team0 (unregistering): Port device team_slave_1 removed [ 845.271393] team0 (unregistering): Port device team_slave_0 removed [ 845.280531] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 845.305232] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 845.374098] bond0 (unregistering): Released all slaves [ 845.436340] bridge0: port 2(bridge_slave_1) entered blocking state [ 845.443244] bridge0: port 2(bridge_slave_1) entered disabled state [ 845.450090] device bridge_slave_1 entered promiscuous mode [ 845.473017] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 845.503940] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 845.567284] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 845.604086] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 845.764578] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 845.771914] team0: Port device team_slave_0 added [ 845.804961] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 845.812193] team0: Port device team_slave_1 added [ 845.846720] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 845.883339] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 845.918482] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 845.925952] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 845.941826] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 845.965535] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 845.975011] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 845.990950] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 846.231044] bridge0: port 2(bridge_slave_1) entered blocking state [ 846.237472] bridge0: port 2(bridge_slave_1) entered forwarding state [ 846.244107] bridge0: port 1(bridge_slave_0) entered blocking state [ 846.250460] bridge0: port 1(bridge_slave_0) entered forwarding state [ 846.257815] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 846.462586] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 847.003234] 8021q: adding VLAN 0 to HW filter on device bond0 [ 847.075938] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 847.146078] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 847.152237] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 847.159881] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 847.226893] 8021q: adding VLAN 0 to HW filter on device team0 02:11:20 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x7, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:20 executing program 0 (fault-call:10 fault-nth:3): ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:20 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x3, 0x1a}, 0x20) 02:11:20 executing program 1: creat(&(0x7f0000000700)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, &(0x7f0000000100)={0x77359400}, &(0x7f0000048000), 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x6, 0x100000000000031, 0xffffffffffffffff, 0x0) tkill(r0, 0x1000000000016) syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000100)) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000200)=0x5) mq_timedsend(r2, &(0x7f0000000180)="a158593ce3aa5ebce568af882ffc9cfe7f526228f1504d50", 0x18, 0x400, &(0x7f00000001c0)={0x0, 0x1c9c380}) perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, r2, 0x0) 02:11:20 executing program 4: sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000300), 0x4) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff) pipe2(&(0x7f00000002c0)={0xffffffffffffffff}, 0x80000) write$P9_RCLUNK(r0, &(0x7f0000000340)={0x7, 0x79, 0x1}, 0x7) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000240)=ANY=[], &(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='nfs\x00', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000240)='/dev/audio\x00', 0x68900, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r2 = getpid() perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000050d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/sequencer2\x00', 0x8000044000, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000200)=0xfffffffffffffff9) ioctl$KDSKBMODE(r3, 0x4b45, &(0x7f0000000140)=0xfffffffffffeffff) perf_event_open(&(0x7f0000000480)={0x3, 0x70, 0x10000, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x8000, 0x200, 0x1ff, 0x400, 0x20, 0x0, 0x0, 0x5, 0x0, 0x4000000, 0x5, 0x2, 0xffffffffffff6d26, 0x1ff, 0x1ff, 0xc6c, 0x49, 0x0, 0xff, 0x0, 0x1000, 0x5, 0x1, 0x8, 0x6, 0x0, 0x0, 0x7e, 0x1, @perf_bp={&(0x7f0000000280), 0x8}, 0x10, 0x6, 0x8, 0x6, 0x0, 0x5, 0x711645cd}, r2, 0xf, 0xffffffffffffff9c, 0x2) r4 = dup(0xffffffffffffffff) ioctl$KVM_GET_REG_LIST(r4, 0x400452c9, &(0x7f0000000040)=ANY=[]) 02:11:20 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x47, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:20 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x198, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:20 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:20 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0xfeffff0700000000, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:20 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x46, 0x1a}, 0x20) 02:11:20 executing program 1: perf_event_open(&(0x7f0000000240)={0x2, 0x70, 0xe, 0x8000000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$inet_udp(0x2, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000140)={0x0}, &(0x7f00000002c0)=0xc) perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0x1cf4ea95, 0x2, 0x6, 0x1, 0x0, 0x6, 0x400, 0x2, 0x6, 0x7, 0xd99896c, 0x39, 0x4, 0x100, 0x81, 0x8, 0x23d0a67d, 0x1, 0x100, 0xfffffffffffffff1, 0x5, 0x5, 0x683000, 0x0, 0xcb, 0x40, 0xf03, 0x800, 0x6, 0x0, 0x1f, 0x6, 0x0, 0xffffffffffffff80, 0x6, 0x42f, 0x0, 0x9, 0x1, @perf_bp={&(0x7f00000000c0), 0x8}, 0x880, 0x0, 0x3, 0x7, 0xfffffffffffffff7, 0x3, 0x9}, r1, 0xf, 0xffffffffffffff9c, 0x9) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)="2f67726f75702e7374619fd474002b044a7b09ab0b0274e10985a6fa15b35ba69421f204dec5668a06000000b90ff860e01f262bafac750a6d5ce259cb61ea0cd94458583eef2fc597ea93a7dec9b4168e468be0576d1d0ebf8bc4478f8ed85b547c6924880400000000000000901e428b98add1375f51e135848fea98c6e3574511e0c61ff22ff61f", 0x2761, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000040)={r2, r2}) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xfffffffffffffd9f, &(0x7f0000000100), 0x0, &(0x7f0000001580), 0xfcdb}, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000000)) bpf$PROG_LOAD(0x5, &(0x7f0000006000)={0x0, 0x0, &(0x7f0000000780)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x8, &(0x7f0000002b40)=""/8, 0x40f00, 0x0, [], 0x0, 0xf}, 0x48) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r2, 0x50, &(0x7f0000000300)}, 0x10) 02:11:20 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0xffffffff00000000, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:20 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x5450, &(0x7f0000000140)) 02:11:20 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x1b8, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:20 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa02}, 0x20) 02:11:20 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0xfeffff07, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:21 executing program 4: sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000300), 0x4) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff) pipe2(&(0x7f00000002c0)={0xffffffffffffffff}, 0x80000) write$P9_RCLUNK(r0, &(0x7f0000000340)={0x7, 0x79, 0x1}, 0x7) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000240)=ANY=[], &(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='nfs\x00', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000240)='/dev/audio\x00', 0x68900, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r2 = getpid() perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000050d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/sequencer2\x00', 0x8000044000, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000200)=0xfffffffffffffff9) ioctl$KDSKBMODE(r3, 0x4b45, &(0x7f0000000140)=0xfffffffffffeffff) perf_event_open(&(0x7f0000000480)={0x3, 0x70, 0x10000, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x8000, 0x200, 0x1ff, 0x400, 0x20, 0x0, 0x0, 0x5, 0x0, 0x4000000, 0x5, 0x2, 0xffffffffffff6d26, 0x1ff, 0x1ff, 0xc6c, 0x49, 0x0, 0xff, 0x0, 0x1000, 0x5, 0x1, 0x8, 0x6, 0x0, 0x0, 0x7e, 0x1, @perf_bp={&(0x7f0000000280), 0x8}, 0x10, 0x6, 0x8, 0x6, 0x0, 0x5, 0x711645cd}, r2, 0xf, 0xffffffffffffff9c, 0x2) r4 = dup(0xffffffffffffffff) ioctl$KVM_GET_REG_LIST(r4, 0x400452c9, &(0x7f0000000040)=ANY=[]) 02:11:21 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x40030000000000}}, 0x20) 02:11:21 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0xc020660b, &(0x7f0000000140)) 02:11:21 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x3000000, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:21 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x22f, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:21 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0xeffdffffffffffff}}, 0x20) 02:11:21 executing program 1: sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000300), 0x4) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff) pipe2(&(0x7f00000002c0)={0xffffffffffffffff}, 0x80000) write$P9_RCLUNK(r0, &(0x7f0000000340)={0x7, 0x79, 0x1}, 0x7) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000240)=ANY=[], &(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='nfs\x00', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000240)='/dev/audio\x00', 0x68900, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r2 = getpid() perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000050d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/sequencer2\x00', 0x8000044000, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000200)=0xfffffffffffffff9) ioctl$KDSKBMODE(r3, 0x4b45, &(0x7f0000000140)=0xfffffffffffeffff) perf_event_open(&(0x7f0000000480)={0x3, 0x70, 0x10000, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x8000, 0x200, 0x1ff, 0x400, 0x20, 0x0, 0x0, 0x5, 0x0, 0x4000000, 0x5, 0x2, 0xffffffffffff6d26, 0x1ff, 0x1ff, 0xc6c, 0x49, 0x0, 0xff, 0x0, 0x1000, 0x5, 0x1, 0x8, 0x6, 0x0, 0x0, 0x7e, 0x1, @perf_bp={&(0x7f0000000280), 0x8}, 0x10, 0x6, 0x8, 0x6, 0x0, 0x5, 0x711645cd}, r2, 0xf, 0xffffffffffffff9c, 0x2) r4 = dup(0xffffffffffffffff) ioctl$KVM_GET_REG_LIST(r4, 0x400452c9, &(0x7f0000000040)=ANY=[]) 02:11:21 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x5421, &(0x7f0000000140)) 02:11:21 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x600, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:21 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x34000}}, 0x20) 02:11:21 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0xc0189436, &(0x7f0000000140)) 02:11:21 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x3, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:21 executing program 4: syz_mount_image$gfs2(&(0x7f00000002c0)='gfs2\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x0, &(0x7f0000000540), 0x0, &(0x7f00000000c0)={[{@locktable={'locktable', 0x3d, 'b/ev'}}, {@lockproto_nolock='lockproto=lock_nolock'}]}) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000580)='/dev/mixer\x00', 0x40001, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f00000005c0), 0x4) 02:11:21 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0xeffdffff00000000}}, 0x20) 02:11:21 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x8904, &(0x7f0000000140)) 02:11:21 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x27e, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:21 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x400000000000000, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:21 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000532000)=0x19) ioctl$TCFLSH(r1, 0x540b, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x82, 0x0) 02:11:21 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x200000000000000}}, 0x20) [ 848.667528] gfs2: fsid=b_ev: Trying to join cluster "lock_nolock", "b_ev" [ 848.684620] gfs2: fsid=b_ev: Now mounting FS... [ 848.691187] gfs2: not a GFS2 filesystem [ 848.696128] gfs2: fsid=b_ev: can't read superblock [ 848.701305] gfs2: fsid=b_ev: can't read superblock: -22 02:11:21 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x600000000000000, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:21 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x89a0, &(0x7f0000000140)) 02:11:21 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x4000000000000000, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) [ 848.779397] gfs2: fsid=b_ev: Trying to join cluster "lock_nolock", "b_ev" [ 848.802491] gfs2: fsid=b_ev: Now mounting FS... [ 848.811951] gfs2: not a GFS2 filesystem 02:11:21 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000680)={&(0x7f0000000040), 0xc, &(0x7f0000000640)={&(0x7f0000000500)=ANY=[@ANYBLOB="4800000010000104000000000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000007006000000000000a9fcffffffffffff00000001"], 0x48}}, 0x0) [ 848.841687] gfs2: fsid=b_ev: can't read superblock [ 848.852913] gfs2: fsid=b_ev: can't read superblock: -22 02:11:21 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x1000000}}, 0x20) 02:11:22 executing program 4: r0 = syz_open_dev$sndpcmc(&(0x7f0000000300)='/dev/snd/pcmC#D#c\x00', 0x2, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') sendmsg$IPVS_CMD_GET_DAEMON(r0, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000808}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x6c, r1, 0xdb02f50ce4a92d11, 0x70bd2a, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x698fbcc3}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xcf6}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x80}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x7}]}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0xfffffffffffffb6e}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x10001}]}]}, 0x6c}}, 0x40800) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r4, 0x4048ae9b, &(0x7f0000000540)={0xd0003}) ioctl$KVM_RUN(r4, 0xae80, 0x0) setxattr$security_selinux(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.selinux\x00', &(0x7f0000000080)='system_u:object_r:apt_var_log_t:s0\x00', 0x23, 0x1) ioctl$KVM_RUN(r4, 0x4048ae9b, 0x705000) 02:11:22 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x1d6, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:22 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x8981, &(0x7f0000000140)) [ 848.935194] netlink: 40 bytes leftover after parsing attributes in process `syz-executor1'. 02:11:22 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x500000000000000, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:22 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0xfdef}}, 0x20) 02:11:22 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet6(0xa, 0x80003, 0x800000000000006) pipe(&(0x7f0000000c80)={0xffffffffffffffff, 0xffffffffffffffff}) bind$alg(r2, &(0x7f0000000cc0)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw-cast6-avx\x00'}, 0x58) ioctl(r1, 0x8912, &(0x7f0000000040)="153f6234488dd25d766070") sendmsg$nl_generic(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x1d, 0x2000000000001, 0x0, 0x0, {0x7e}}, 0x14}}, 0x0) 02:11:22 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x9801000000000000, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:22 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x8941, &(0x7f0000000140)) 02:11:22 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x1d0, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:22 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0xeffd}}, 0x20) [ 849.185605] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 02:11:22 executing program 4: syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1, &(0x7f0000000340)=[{&(0x7f0000000000)="0001000000ff000000000000c9030000ec000000010008000000000000000000002000000020000000010000000000006e5fbe5c0000ffff53ef0100010000006e5fbe5a0000c9040000000000000000000000010000000000800000002c0000cae737d4f1e6", 0xfffffffffffffde1, 0x400}], 0x0, &(0x7f0000000080)) 02:11:22 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0xc0045878, &(0x7f0000000140)) [ 849.278545] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 02:11:22 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x40000000, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:22 executing program 1: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0x4000000000000002, &(0x7f00000000c0)=0x3f2, 0x4) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vga_arbiter\x00', 0x410000, 0x0) r2 = syz_genetlink_get_family_id$fou(&(0x7f00000003c0)='fou\x00') sendmsg$FOU_CMD_DEL(r1, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x24, r2, 0x4, 0x70bd2b, 0x25dfdbfc, {}, [@FOU_ATTR_IPPROTO={0x8, 0x3, 0xff}, @FOU_ATTR_AF={0x8, 0x2, 0xa}]}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0) bind$inet6(r0, &(0x7f0000000300)={0xa, 0x4e20}, 0x1c) r3 = add_key(&(0x7f0000000200)='ceph\x00', &(0x7f0000000240)={'syz', 0x1}, &(0x7f0000000280)="ad26e08408711990535f703b0d3f54a4f5639692df067286c76f6b0dd12813807546d39bf61257f8f27457be755f4adfff94d3d5c8d25dfd7183fe624298e16c840e620b775c11d4322d6f4fb407492080117d3be6ea68d8a5c7aff968f7effe6cec9cd5135959988e8111d31826d064981edb3ca4cc1cf363", 0x79, 0xfffffffffffffffb) add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000080)={'syz', 0x1}, &(0x7f0000000100)="5a8e27db7bbf1f51c7df7ec2fb0019c7360eccd6a3d4a6c7a3178755518ff97118269e5cf9a8ddf09554999279b8c1892628193ea363553dab11f028cc4de71be580946c11d71456f6d631d773657eb3e67f185a2cf67d8b41dea442c78fa9a72d944943e922151dbf01dc36c8439806abd15a794223bcf75f0dad102ba31b39557fe2cbdfa85b81b350ea2d8ddc82023d444ebaccd316fa81860536a0880ee3ec9ebe0780731060af645df385a293eb1d4a5478c703ae7a51111a0ae468ee51015a9e6504ad2d197c29e5c26b282b44665f8a6579a66217eb706a", 0xdb, r3) r4 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @ipv4={[], [], @loopback}}, 0x1c) listen(r0, 0x1ff) 02:11:22 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x2}}, 0x20) 02:11:22 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x700000000000000, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:22 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x26a, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:22 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x2, &(0x7f0000000140)) 02:11:22 executing program 1: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x401) ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070") bpf$MAP_CREATE(0x0, &(0x7f0000001b00)={0xb, 0x21, 0x6, 0x9, 0x40000000001, 0xffffffffffffff9c, 0x0, [0x10]}, 0x2c) setxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='trusted.overlay.redirect\x00', &(0x7f0000000100)='./file0\x00', 0x8, 0x0) 02:11:22 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x100000000000000}}, 0x20) 02:11:22 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x8980, &(0x7f0000000140)) 02:11:22 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$nfc_llcp(r0, &(0x7f00000006c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "8811888754a539d39f2bd6a40fa80cc00c27860525fec2541e21ccf67e1d7b55cabe9e068dd58ce565aa9a9d325e01c7627ffe7a54cdbd77b300", 0x2e}, 0x259) listen(r0, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000180)={0x0, 0x2710}, 0x100000267) r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r1, &(0x7f0000000000)={0x1a, 0x1, 0x0, 0x0, 0x0, 0xff, @dev}, 0x10) socketpair$inet6(0xa, 0x80005, 0x0, &(0x7f0000000a00)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_inet6_tcp_SIOCATMARK(r2, 0x8905, &(0x7f0000000d00)) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000e40)='/dev/rfkill\x00', 0x10000, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000f40)={0x0, 0x28, "bcbfbc363d017430af5b79c61eaf75e60c0e00846fe79b6c448f6a2722e82099b4cd78b85408cc63"}, &(0x7f0000000f80)=0x30) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r3, 0x84, 0x23, &(0x7f0000000fc0)={r4, 0x7fff}, 0x8) recvmmsg(r1, &(0x7f0000001140)=[{{&(0x7f0000000100)=@alg, 0x80, &(0x7f0000000180), 0x0, &(0x7f00000001c0)=""/234, 0xea, 0x6}, 0xfffffffffffffff9}, {{&(0x7f00000002c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000340)=""/77, 0x4d}, {&(0x7f00000003c0)=""/167, 0xa7}, {&(0x7f0000000480)=""/23, 0x17}, {&(0x7f00000004c0)=""/27, 0x1b}], 0x4, &(0x7f0000000540)=""/175, 0xaf, 0x1}, 0xc00000}, {{&(0x7f0000000600)=@nfc_llcp, 0x80, &(0x7f0000000c00)=[{&(0x7f0000000680)=""/223, 0xdf}, {&(0x7f0000000780)=""/57, 0x39}, {&(0x7f00000007c0)=""/72, 0x48}, {&(0x7f0000000840)=""/30, 0x1e}, {&(0x7f0000000880)=""/132, 0x84}, {&(0x7f0000000940)=""/45, 0x2d}, {&(0x7f0000000980)=""/116, 0x74}, {&(0x7f0000000a00)}, {&(0x7f0000000a40)=""/178, 0xb2}, {&(0x7f0000000b00)=""/243, 0xf3}], 0xa, &(0x7f0000000cc0)=""/53, 0x35, 0x80000000}, 0x5}], 0x3, 0x3, &(0x7f0000001240)) socket$pppoe(0x18, 0x1, 0x0) r5 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x143000) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r5, 0x40505412, &(0x7f0000000ec0)={0x5, 0x80000001, 0xffffffff, 0x0, 0xd}) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @ipv4={[], [], @broadcast}}, 0x1c) sendmmsg(r1, &(0x7f0000001ec0)=[{{&(0x7f0000000080)=@nfc={0x27, 0x1411}, 0x80, &(0x7f0000000200), 0x0, &(0x7f0000000240)}}, {{&(0x7f0000001b00)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0xf, &(0x7f0000001e40)}}], 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) [ 849.616742] EXT4-fs (loop4): VFS: Can't find ext4 filesystem 02:11:22 executing program 4: r0 = socket$inet(0x2, 0x80003, 0x3) r1 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/zero\x00', 0x0, 0x0) ioctl$IOC_PR_PREEMPT_ABORT(r1, 0x401870cc, &(0x7f0000000100)={0x0, 0xfffffffffffffffa, 0x200, 0x4}) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) sendmmsg(r0, &(0x7f0000001e80)=[{{&(0x7f0000000000)=@in, 0x80, &(0x7f0000000080), 0x0, &(0x7f0000000080)}}, {{&(0x7f00000002c0)=@in={0x2, 0x0, @broadcast}, 0x80, &(0x7f0000000140), 0x0, &(0x7f0000000040)}}], 0x2, 0x0) 02:11:22 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0xffffffff00000000}}, 0x20) 02:11:22 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x48, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:22 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x2000000, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:22 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x98010000, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:22 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0xeffdffff}}, 0x20) 02:11:22 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x40049409, &(0x7f0000000140)) 02:11:22 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x2, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:22 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d3, &(0x7f0000000140)) 02:11:22 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x2000000}}, 0x20) 02:11:22 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x195, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:23 executing program 1: syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x2, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bond_slave_0\x00', 0x0}) msgget(0x3, 0xfffffffffffffffd) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={@remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}, 0x0, r1}) socketpair$inet_udp(0x2, 0x2, 0x0, &(0x7f0000000640)) perf_event_open(&(0x7f0000000200)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket(0x0, 0x80802, 0x0) 02:11:23 executing program 4: r0 = memfd_create(&(0x7f00000000c0)='dev ', 0x0) write(r0, &(0x7f0000000040)="16", 0x1) sendfile(r0, r0, &(0x7f0000001000), 0xffff) getpeername$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000000140)=0xfffffffffffffda9) ftruncate(r0, 0x9) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) connect(r0, &(0x7f00000003c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, r0, 0x1, 0x2, 0x1, 0x2, {0xa, 0x4e22, 0x3, @mcast2, 0x2}}}, 0x80) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)="7374617409c0d2febcf9df2deac8c177ff171248e91193513049f831550d6f7de66cf637bdbf1311920c8a26eda4dcc3783f9db5116b34d31b0512a5608aaff01e7952340cd6fd00000000", 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x7c774aac) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r1, 0x0) quotactl(0x0, &(0x7f0000000380)='./file0\x00', 0x0, &(0x7f0000000480)) mount(&(0x7f0000000340)=ANY=[@ANYBLOB="f2717de1e91cde560be4fe803261a561dc1c6fa86c24eb40ae5b574f5c3ca10dc43dd69372987110507b37f90e4604c1aa4d4d56c550c3d23c0f4e2517249a50a176fbcd8fd38cc689ab474f17f2834ef643f9fbd505409e560412a93da908f75b844cf119df12b1f4b348ef31d40000000000000000000000000000"], &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ext2\x00', 0x0, &(0x7f00000000c0)) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000001240)={{{@in=@dev, @in6=@ipv4={[], [], @local}}}, {{@in6=@mcast1}, 0x0, @in6=@mcast2}}, &(0x7f0000001340)=0xe8) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$can_raw(r1, &(0x7f00000004c0)={&(0x7f0000000100), 0x10, &(0x7f0000000480)={&(0x7f0000000440)=@can={{0x2, 0x80000000, 0x1, 0x8}, 0x4, 0x1, 0x0, 0x0, "b1c21054c574fbda"}, 0x10}, 0x1, 0x0, 0x0, 0x7a1ce0b30dce9365}, 0x10) fcntl$addseals(r2, 0x409, 0xf) getpid() fcntl$addseals(r0, 0x409, 0x0) fchmod(0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000200)={{{@in6, @in=@loopback}}, {{@in6=@dev}, 0x0, @in=@broadcast}}, &(0x7f0000000080)=0xfffffeb0) 02:11:23 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x5000000, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:23 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x400300}}, 0x20) 02:11:23 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x8983, &(0x7f0000000140)) 02:11:23 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x62, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:23 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0xfffffdef}}, 0x20) 02:11:23 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x8982, &(0x7f0000000140)) 02:11:23 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x7000000, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:23 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x3e7, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:23 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000033000/0x4000)=nil, 0x4000, 0xfffffffffffffffc) r0 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x3, 0x4040) ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, &(0x7f0000000100)={'syzkaller0\x00', {0x2, 0x4e24, @multicast1}}) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/ptype\x00') r2 = socket$kcm(0x29, 0x7, 0x0) setsockopt$bt_l2cap_L2CAP_CONNINFO(r1, 0x6, 0x2, &(0x7f0000000000)={0x7fffffff, 0x8, 0x4, 0x8}, 0x6) sendfile(r2, r1, &(0x7f0000301ff8), 0xffffffff) write$binfmt_aout(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000b20e3008dc255ddc000000"], 0xfffffdef) 02:11:23 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0xfffffffffffffdef}}, 0x20) 02:11:23 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0xc0045878, &(0x7f0000000140)) 02:11:25 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x3d0, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:25 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x3f00, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:25 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x400448dd, &(0x7f0000000140)) 02:11:25 executing program 1: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000580)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, &(0x7f0000000000)) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)=""/193, &(0x7f0000000280)=""/97, &(0x7f0000000500)=""/127}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000000c0)={0x1, 0x0, &(0x7f0000000040)=""/83, &(0x7f0000000380)=""/181, &(0x7f0000000440)=""/141}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001900)=ANY=[]) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000006c0)=0x1) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000008c0)={0x800000000000034, 0x0, [{0x0, 0xfffffffffffffe19, &(0x7f0000000900)=""/209}]}) r1 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0xff, 0x0) setsockopt$l2tp_PPPOL2TP_SO_SENDSEQ(r1, 0x111, 0x3, 0x1, 0x4) openat(0xffffffffffffff9c, &(0x7f00000005c0)='./file1\x00', 0x800, 0x1) r2 = openat(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', 0x40, 0x90) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r2, 0x84, 0x20, &(0x7f0000000340)=0x80, 0x4) 02:11:25 executing program 4: r0 = socket$inet6(0xa, 0x81000000000001, 0x0) r1 = syz_open_dev$mice(&(0x7f00000013c0)='/dev/input/mice\x00', 0x0, 0x200) socketpair$inet(0x2, 0x80003, 0x1, &(0x7f0000001640)) getpeername$inet(r1, &(0x7f0000001400), &(0x7f0000001600)=0x10) syz_mount_image$nfs(&(0x7f0000000040)='nfs\x00', &(0x7f0000000080)='./file0\x00', 0x1, 0x1, &(0x7f0000001e80)=[{&(0x7f0000001dc0)="7a3ca74ad776c4a9d97ed9d8e2d1c7704391fb814cb03d03328e8eb61d19835919f9a1195b4e9da476429034f049e6431342261561c4ce3f2dbdf76f33ab63dbff34cc227517313dbfcf01b87bbe81176dcd4369627c8678163cd2ef6d589d13e1ef62494d33a64ca013f03de4e367f81cc92afadce3c40b52651b4db8c820999d9138d017", 0x85, 0x1000}], 0x100000, &(0x7f0000001ec0)='\x00') r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) ioctl$RTC_WIE_OFF(0xffffffffffffffff, 0x7010) r3 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r3, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r2, {0x2, 0x0, @multicast2}, 0x4}}, 0x26) getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000023c0)={{{@in=@local, @in6=@local}}, {{@in6=@dev}, 0x0, @in=@multicast1}}, &(0x7f0000002380)=0x99) sendmmsg(r2, &(0x7f0000001d40)=[{{0x0, 0x0, &(0x7f0000001740)=[{&(0x7f00000002c0)="ad56a33a2cd573523c3cc4197d4aa316e1f58c4a15616d1914c46ea30510bf5275003db8092cfb4c26459851b02026cde22c74c3d4d23c91bc65ee96377c334fe1ae1ed259a40ca295a5c145c1638e14231789e9c0472e70f8ad68ec86b2aff73dd2a2d277bcf16e09a3b66b1466031082ffd8ed10706c7a502b9b60cf8c47bfec26dcef040bdf79e3152e9e608324fbc83aa7e621d717113dbf87ca8e5cdf2c7b720d76c20035991e3338b4bbb075209763701b2e89948e342da10799128d9527ebbf6921f1c727d2238bcccb7ec6cd7068fa11", 0xd4}, {&(0x7f00000000c0)="f1ea164a29eca485d4b835ea6acded4636f2dcc3a30ebfbe7170d42ad23b55b358fcc8fe48082acb8e0796a0c5773ff0ddcd756488cd6a2ab29657a3f190d3b609080100a40f7e13dd47e06bbe7edab130eb50d3bdc81d345aa31676398596f384f76e94af4434e7ab922f36f17532acb713ae7604f9694b73e1a07d377ff6fe00883f5ba416d17e06a2a505810a44dcf8899a0dcec9c6765626", 0x9a}, {&(0x7f00000001c0)="5782407bf9fa5e6a6ad1cb0c3185a7fcfe214cf960ec30f9a01ddb3d03e521b1f445023afd2f06487e723518ae102ad9bb3dbeecb19d1a26928b50757baad66a8a9e8d202fa0b78ef1e3f61aa67793e4bf3b523c7049510215565d1d77100f6b71314e7f8274211b9feb2a6305b8075115eb48d79bf2cbd50850b6711566904275359a8b8350ffed16f15279bef95e597dd88a5e662f99a62dcb492c652c719c9c437edd80c868ec653db246541c", 0xae}, {&(0x7f00000003c0)="cb7ac777ef5cd5255082db68f8a37b12444fad0a73803c705690675214ac6aefc22313171b27623e312eba0f80130349e1efd1a06483d2e8a73df8c984dbaa0df3483b3c4c58d9eeb9e860fc2fef1ae3775df0bcf83e12df8919ec56630d55db52ce67c0924c0f8a909ead38a5487bce3ab3095e4f826775d46dbdec22b77b5601e797e0be75c8ac0c87593037faeb20eaadb6991a8aa1d942838d481e7c4e277b0c96c3e50ccbf4f5f3791a7e65a3552cb6a3670ba9218f5c164a445400147650aa3295b012819fc4e6f39eac9f29282cfd869622bd5a31e77d32e422dd5342aaceb9bfbb04bb9e8c12e9dc2f158ce31266be8b073732b8bb6170172496928e646b51010c95336b2b0a22af4f2d5972d8bc64ddc2194979ab243b1053627069587a4189cd168ffb2fc8003b7ce6e8bfa21b20dc1563308d09bf3551b0458a4339bfbd4705ed503c1359d3506d766b7dc4fc503c3df1685702972f4067ed6ef495a7494090b6063014e3bc02cc9d93ebcfd7c5d555419143723c31dc6f97bdad7bf2c6b8d4537cd1c1474e5e6959377155026fd73c628b992a1329ff35b9042ffde23750a6e953685098a9e393cdd4d067f70690224f769cbf0125fec17b64c5a225178f97054a3e6a9a192f6606f559798ba7629bf991f4d4dd9504c9865b66e719af23b14950e5815df9dcbb8d68f1d0cbfd5a764af69e95a7b8617014d4c8364ed708dd094c8916d8d981268f07c4dde4edc52327341e968f0fdbb6a04345bab05857a997219a301c39a2a195d8a503e4fe9289bb2c804da887fa9ad664c04a01815075bc91fcd6362562c24ce2cec2174086aff2528dee5aaeefd03fb436f78b7440991316b8dadd0027e4e300b24442b2bcc1cd275dc07b35d0af368c560fe2eee0fdb880c2722c4bb1f073e09f9d4d932b3ba73c230eba11d33914672ab9903ebb30155145818a0f59ef4f9c7b8ced9f308eb9c8dd813cef0df1e8a8269fceb898dd32da063b6c3acb473d4a9e78ab846712ff7b1fac28863be6e15cf640116b66d763a59e7b2e0dcdfeb4a646149db2c9ae532292690fa5175909b4e4fe668ee366413feb920fc136c6146a017fd9b6e2b1ff98a99f601d2d813a06586e0f799ed8a4c7f805892ebc7bdfc9704241477a1503c8091762005b80f4d88374bca3ba97455ab9923785b60f27b97626088d8987a7754c5d474d49f955db463913194c1be25d7d981109fd1d2ab18df35c693659e28dc2dd16ee538a544c592d85cc7fd250c85626c1b7b2b797f62f7130be04442d468a82a77efbf77bb71a5f5b9598188be3507ce20a7e49a5912b2709cd7cac996d53dcb0cb77475d443222d62e2fe695e9dcc03d3fbcaa85d477fe64a30eda6e764c426c49a96204ebc6913f6459ba8ed03c67fb87f0951e52b2f8b0e8a7c863fdcfb1a52d428602e3a4284bee58b202bb722b12f239e42dd91bdb04f7b132dcdeffecb70e83b12bd90c2796684ee8fc3e0343b990833376937fe31571149769989bd59b8df742d646b089f165f8c465e94a67103fbbe8e8e6a84e72161a048de4f0604a98f5cae4eff0c5fd106b93d3318b2436c874d90019b92a27d93c745001f40da8ecbf9d606f6c3e4bb412ce7b7dbddf17b990e962fa4f3d2c18553bffd116ffadbb51881b584031f38034c0d5291dc0a70a4048d94979329fe1448a6a19d2aa2bd1dbbefedc89b79b4a668fc3514831ddd7af5a47108874d592effc0ef3aa57f60eeef336dbe35aec45a0c75b30e8798d1e391d43a38813246a9f00f7b2dff678cec104fc480c42376c19bd19a97e5ac1fe1c92237d7091c87b7d127adf3caf1b1fe4228d5478ea949cd4e30de3196c268255c0fcca51b8abfd7b4e631bea2ccaf47764906dd4914f7b49783c0713c9e3688babe91d5a4e3bba134ce6f852590d2898c59dcce40fdd557d5b447876ff21815f0934e56fc97be0c26a2b7cd1ec42644aafdf5987c9a3c6b2e13b48077d3b64679f67d0b1ae85c6c91697849420df723985c1e56f0ce1e6af9b96b8644d8464ca7842927f49be7c08dc362187640ef10396231f838d4bebfc27e8e8b2e3b328ef06708bd0e521d2a3491c862f5e20306104a6a03d0e4155653fc5651a6b0ea8c686ea664d1419f18ace0de5b38ff78915b4d45d02e3a8bc832be4472fc101f6186696276f160fb419b22b6d852e2539467ad755a046bff76213fc569f7aeed7c969f60552dd8ea2774259592586b5d0e459abc25b911c04b8091ea082e5b3ba8995b742668579f744ad750cb9b8f725ee8d8f8d46a53d946d15075923644c460dc59eb9a8e9068e88593943652e0da5338ae2410c0632c9c9bfa82fc08a7dc598c1435f3d9d3bb85d1b79d71ea20a32a63ee5175aa3137e8a2fffe1eba55f9b5b226b6a33e123fbeb3c7f8618aee67a2fae6832577d5a2a0fdc0dc246bd2d82ca03afdd49aa6688604c29dcf55acf73c65075ddca1b9a33a01fc6da654618b019c4fef6de692697906511db64c7275f31e1de2a9740954db25ff72aa65a9a38d1eefe4e8fa2c5ed47ed44b6f15a93dcb516421fdf0b607643dc04739e6306d5938d8a60ca75d9aff47107a6ad9589ddcb0045da603f232f6ad27341d3b3a5efed28fd34d57ffbbb05b0bcfd97fbb475be85ddc3859ef193b45e56f4677bb714b8120b001f0e21baa6e7f443083e8331689a1a17a33c86db72953c53af8cb062652f5434f9b704ad182ddb935c8a7ef429282e17f08c1984309a238da1020a96de905b4066955d26ca7127513bf9cef760f9ee50791037a0572fb5f6853a3046836493d7fcd25e1d943b59deae88227732aa5d37a6ec7018699c95315931be37122d21278b4fe2634937a35bfa45b95135dba96e02bf50d532261d7529e92cf1d873745d7456bd9d29e8817e8fb54c9dcef50e81dbdb8ec2152fd6f79aa58282e225a2120500dd04bf5f6233d2be9368d9392ec86e0bca3eeebad62112bc3e4f63b56793ee7930adfd77b826d1cb3cbaa4c28500187e3c7ee6e9f7ebbf98f2ccdb55ad4dd995520a45e0cbdc228db4fd8e8f68ab46de0684cea33e94bef7164d9b5fa06cf531dffd1ecbef62da645d95bc11f1b0c516bcbdb736cd5d7810440889e16b959c6a835d32a6a7dd469827f9246d1da1e6a32aca3cd2ca4bb5873fdbbdffb29639809fbffa90721a2492df63d166a5a0de2f9c27dc3d6b19692b4dba38750a9ad4e1a4ce34e373b4d364646575f8457bca9ece6d9348198f0159e01573a045dd5026bb3c12b1ac362410635ba040a6cbdace80cc7937aac73cbc3816a17dd2572c4264ee0f3e0ccc516a1848d358026c2e9f347e238639c87aea6ead2cd82f0d3295a25ba3ff953be8391b6f3142e0fed383c7e20df4a25e816b030ea9a21115a2dd6c836c2ba0e9455275a7e31e748d583a0b96e74a53693f2962488b19ef32211f8efaf5d54aec2a47d4e14ee03900ab196149cf910dc2167f544bbdb946c72fc1d2c16d743465592d85038e67a5f0348efd38bc889a0e59fdade00c2f6e3caf075ed1b23116d38a39b8a875d71756d3bf5b115537e421a7d4f54593269a9f58e2ddb454b7d1c7a3e72077e3678cfa27ee66d568587115b6defb42f5d138ab1128c598debb9a5488cf51410e62f1bfee87c6126bc7a732715456e7bf3418a39e39eb1508d21658505e336ac1feb478449c5bce8ba47065fd0fa12b76f47f8dbc11037eb6c6e2340d343ca388d64632cd836bd481c175bf24142bf4e3a5a054549120f0ca8e733113cd09d103b724ecf130a081b343223a8ec8d558cd86317a8d363ecbf64a7e2627d3913c81bae15e3eec5e7db4ccf65ca868973897b5732779dcc65ec087b8df8d533af80d43b95f466c40b9ab645ff3fd4bf960583cb47f86869843188764bd9b0efb3b7074dbb41bb68c2d74f1c5d4caa086530716440c88b2bd79dd4499be86046ab15785d660b6149f95eb22154ad8e8f0a9594ffd2965aa4c987b1036b7aeded81fb013721f4f3bf3026ba9064fdbc8aa0e41c1f92a3f8d47c1a3dee2cbc451b8284d65d4f7d23a60c75273ec7f849e196cdfcb988959e96b90b2ff5944ca61751724bb704a2c8a7e97c7cf56e38dee49af44ceb3975888bf7d862ef899cf8770cb358a717b23d45d9a287455afee4be4aa4fd50f502f561fafc0bf0f73a5a711a8b0cff25f19c1b561513012f8119680be15b1c714f3e147017c4a07df96c4d8c97a77b347ab40bed45363e63a4b9161e39b1e595c3db2f0ade44b4ea54673f3dd7fcdc90db9911c7f8d6cf0a4e6fe5686555fa7fdd4a9b18202beddef1c9f82d5344116f025e9fb8c0beb07b03edb4f286a9e4d062188d60c0920876e775dec7f10fe4031b862e30820161e8fb45bbee44f1e4f2226ad0da533817c9088947020e65917ccea9b9f9cf8880089a0b9974b4ee8042cd9b0efb57f243b9067a416fdd46cc6bf77bfbfd4e823141023c5a46ae85d668172f2235d526123deb3df305811368da21e1e9b2a452e6069ed256f2fff4d2d0fb40ee9666d3ecda60e22b6a6a8044e54ed8a25aa5430250c8346d2879d305dae711d406b2834641f2c4d3a09945ce394975fb6c9c3f2092bf4c1b8bb6f1bcc08d8cb318862c695fa085463659bbf0b4b8cdd33a3f00786dc6d1bcbc063b0475744f85c13c90b931877783bd84136bee5e93226664ef91a8558b4d7198aa86990ccec48bc14c3cb950378d35d6c24fd937361418171681385ba70be44bbc57dc6b850a6fc8f85d3ba9eb0962e592bd36bd8b3da8196f85547300fe878362b659f7ea7157de19246868e0b6beed02548ba417945dbd8946e1378574e6f4cd1962b6ac3573be41edbc2eefbe5557d5a7cb5bd65f48e0758b0ffa75dee71190a61cd2f65df3f0827f925bba54dbc94d445004a14d63cda59bd5244288e9571418ea73d581ad7a9ad74ef6ef95ef7420d7a8a39f0b4073a7f17f20d76fd7ed748f33c1d56dc3cf7bb8bd9b3658ded45e096efdd36665afdb8768346ecfeb33aab0f3ba1ab8cf362ff7b2b847fc37c8f56106119f959ae43db04a4aff836508a094bb2c73034a3b055d9b14a307d52913ef014d18ac09b1ffbfe1626655c6e7cc6803a46630f26cdc00e59f9ad4d3d1285d33657d5cf3469802abab8f537eb8e0028a8158935dd3f74e872e6b3e51db94d1b8b897a342068e8428561de33d58c1e2c6a4318864efb5f03e57064d65f6d8c024e8e4ecb785103ae901dade03573cd7da363ca0b270f84e93994177ed4ca31d74b68cf02d8c809b19adf52f19ca599001eb039ca566015e925f65a25630137010567fd2d03fbbdbd97b512634654a98fec7c5c4d06685e5ecad13dcf0fb565ea115bb981216a582578ff23948c3b73ef4afec69dd398cb5e84a5fc93a7b788fffdc6c656e024880cff72570661aced04817f596482e2a7fa31f1e901cbac6e9ee3117df9f895ba81ce7203ebec6d5d46c9e003132362b4f6066b89caf72d88110d177906ff2e539d7b75c46db1ed5adc182eb4e8993ffc99a132f4ce78224ce612da3cef83d75af94026becc6fc623dde778d13649e4337d45fd353ba0f989b19fcc8499f7b70fe5be562fa99225eb53bb9e344b5bfe24bd4c40b4db3a60473956563e4ca12065cb1a497d90b5ff30d055f37d4ce36a0f8f40a54a41c2c1ee544297f615a2eacf29627c45c9713497626cc9bf381122d680ac939a68e1a1d15f4d5270eb545f195e0528bfafe81916321a773bf98a49647ee11e4ddf29608073395f", 0x1000}, {&(0x7f0000002040)="2d561da2ac349104e845303d56e19eff8e98777af8d04e496e27773e7133609f02fa9908a7ee68d914a0aabb39edbaf1b42193353300f031cc034c23ff465d11dbd8383cf3ea3c04a33dc3b3b9a36d69fea97e21fa3841fd07febbf51188622b7544a04899694458816efeae430fe0a0d9b00c4471a3119b378a1a6dab2ee68596ce2c4d2f", 0x85}, {&(0x7f0000001440)="37af72396c5545e24aa4aa59a3b8667ac3f702dbab67b8c569de6ba46cbc17f921aa906e68b4dc28df764277a06a3a89ef4edf8b1b8c1508d7b2cd2e9a4a021bbc59cf289eb5ccac94f11ed920cee0ed59975a1d441002eeb49ac753a437fe37e6f0ba94378914d0669e5973cfdbaf1f74c3185d98fad84852f21da6947a1af1619be97a13c193fbff5d330fe985c3619f2473292a648d177b14fcd297933cea4b973a83e499bd4c302d8d5c17a3f3fe14f39bbf3ac9", 0xb6}, {&(0x7f0000001500)="6b4576fd1d3efeb20675bb0f254ada999258c88c2ca5bc4e4aea9c1af6dc395ddd398611f48da23b897a0f8492f10aa9f1780199eeeb0c7f3a4f760b45d2707592329b35f1c71f510f2b3c08765b5b7f7f475d907ebaf47f17b2865ccf0a3be8b62e7551d1407787db7109dad9ba5541dea3d9555a16f311505f7807a8b075ca116a10f0c3b7219bca8bcf0ff2e60f49fd71999d606de003352b067282e94af291275a791a57918c251cf415fb1fe7ac0ac971e6c92251f2842505f035aed11da65235ae30", 0xc5}, {&(0x7f0000002100)="ca0164feb85fa4629b6fad5c94aaeb465519365e7dd0233ba4a774d2ab7317a4371a88cb1533b67af859c644cc2b9f5614567294066f3ef8c3c8f53eb974524c6664861499e25c65ed2bf55f1733711929416e45588ac8bbb8df38f2edad19f5ad1fee14484cf9db0a12cb8bfa3abee0916a180f13", 0x75}, {&(0x7f0000001680)="a1c2c74a0815624af16eb0160d3f6c781d809a74499172db8bfde62ebc97ef91b27f388e5c8207187f5d0f9837a74277db206a7af40f042b407fdf72d98239763c17e4d75c58d2e923d9c2a47ded51be647baf687131b6cfdfda6b6be9a3f353baa182f74b17a48f766e975cb76433ee9debcb12e0941b898f01c75bcdc188c618ae362dfd", 0x85}], 0x9, 0x0, 0x0, 0x20000080}, 0x8}, {{&(0x7f0000001800)=@ax25={0x3, {"ba123755561cf0"}, 0x3ff}, 0x80, &(0x7f0000001bc0)=[{&(0x7f0000001880)="44167eb8eb2a2a6415597ec742b299ccaffe545f98cd04e851414cfefd4203118f11a88efca8d7d6dc523798d1edd8e81664c3fc80ede2354e8294bf6f7908950d02a4542fd9548925efc8c9beb54f4d3d68d74a52a15fc80dd8dca95ec7e585551a144fb2cd5f", 0x67}, {&(0x7f0000001900)="fed96a3e072a56e5b0a879146d04d8be947eb8", 0x13}, {&(0x7f0000001940)="7850460c0b78973181ea7b0c653318d052021c780674710520b062325f07974a8da54f047164e42c2aef3db0d2c268d80d3899e50777ed62e3f0ffb0a0309183c5fb1b", 0x43}, {&(0x7f00000019c0)="4522729a183100b24097bc42fdca6766f24de91c123c9c53571bf7fb98dca01522026769f2039143f1d4955cfcfb376a41289fb36f0eb6570a56dcc324660fd7240b35c8c9686a663fb39c701cf03ad4741cf63cb4f8e19a4426f2ccf36a5bb8b5b0f21bb232c82094f696b51799c4aa7af47c2f87e5c8f4d64db317c9c2b5e09144d1bd30f05319644feb263902d200fc8f2dcd649a7431cdf48458f0a25f8658dac0679e20758a663b99ac8da956210b581f5e083c92de915390bb6bc5425c70d3f203b3f496ec24616d", 0xcb}, {&(0x7f0000001ac0)="65964052e961236dfa124c0e7e71f030c0526e4c0f327bed2d99c577dbf8bd5f179ccd6aceecb688b9e825b3c97be9b0f347e3657f648b73fa32a26d0ec3e24a9f79bad7d5f1d3a68e83b958161a5295020ea96a290a878c30ac57825c76da0bb5234f993e7e4eca60e915daf76f1ea07824bc008c1b62d880e80dda35b62e9550b3ca78c6d64ac0b4820bce", 0x8c}, {&(0x7f0000001b80)="79a79f0862b9e107", 0x8}], 0x6, &(0x7f0000002180)=ANY=[@ANYBLOB="e0000000000000009f0100000800000082060ea20a34b9d77617e8749bc7284f0381a96669de242cfc6512e9ac94a74c0efe7df2d9b78970646ea91b0d659c63799cf64c423a89522df8e8aa57f7da2a6bc7a7b854b8ecb22491bf5587c2226d9f823164110eef65b91f6642b22be12349608a7655bc43d11f1b7c25ebdcdbb4121f1b92f047702c77f7647dccc621c6c1137c997a2462c4614cbb2414e2442641911abe55d0edc236aa3cc151fd38daa7540c683292580a731378babe29e694c8f6e5288cc8c222139054261765869ff18bcb000020000000000c000004010000000000006096d53c13de074b73f419c71126d636c240dd557432f9c84d99ae116d30bd9bf1698038d315e949616ecb01129afb03a9ebcb8a207a6eba6033f18c4ff48ac681fa76f0a369cb47c9c6e241aab22c293a18b27b07000000000000000000002e1506c35f05a8bab6ef1be6c12607acc53dcf67a65e6e35572ffc2b1e5f3d2339a86273bbc64c915420a239eded164757db9a9feec820a82d7dda565612ce8f5c0fe7bf322d6326989962bedba63c2e5e8a5f3111bd57cc9986262b4771accd616e06fe91dc9ba6f3829f59fb7fac7ea62737b41299d64f2c889aa7f9d290171e775e426a71e86b43063bba14d7e51bb8e123f636cce96632dd1b01763d56d0da96d93050bbe1f7b0c3d09d3e8f2ae202b7"], 0x100, 0x20000000}, 0x800}], 0x2, 0x1) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") 02:11:25 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0xfffffffffffffdef}}, 0x20) 02:11:25 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x400448cc, &(0x7f0000000140)) 02:11:25 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x5, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:25 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x200000000000000}}, 0x20) 02:11:25 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0xbc, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:25 executing program 1: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x3}, &(0x7f0000000280)=0xc) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000004c0)={r1, 0x200}, 0x8) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000200)="2f65786500000000000409004bddd9de91be10eeaf000ee9a90f798058439ed554fa07424ada75af1f02ac06edbcd7a071fb35331ce39c5a00000000") getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000100)={0x0, @in={{0x2, 0x4e24}}}, &(0x7f0000000040)=0x98) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000500)=ANY=[], 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r2, 0x84, 0xf, &(0x7f0000000300)={0x0, @in={{0x2, 0x4e23, @broadcast}}, 0x0, 0x7fffffff, 0x1800000000000000}, &(0x7f00000003c0)=0x98) ioctl$KDGETMODE(0xffffffffffffffff, 0x4b3b, &(0x7f0000000400)) fremovexattr(r2, &(0x7f00000000c0)=@known='user.syz\x00') bind$packet(0xffffffffffffffff, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) socket$l2tp(0x18, 0x1, 0x1) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000080)) mknod(&(0x7f0000000440)='./file0\x00', 0x0, 0x0) rmdir(&(0x7f00000001c0)='./file0\x00') r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x800, 0x0) ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) 02:11:25 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x5452, &(0x7f0000000140)) 02:11:25 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0xeffdffff}}, 0x20) 02:11:25 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x6, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:25 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x894c, &(0x7f0000000140)) 02:11:25 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f00000000c0)) r1 = socket(0x1d, 0x0, 0x7) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x4, {0x0, 0x0, 0x3, 0x0, 0x0, 0x2}, 0x0, 0xffffffff7fffffff}, 0xe) openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) fcntl$setpipe(r1, 0x407, 0x8) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r3, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "00f40c442848cb166b002ee8dca8717b71d4fab6ad71c03cb2aa506b39b663e1c4c87d2b6f25b24347dc000000000200", 0xfffffffffffffffd}, 0x60) 02:11:25 executing program 4: r0 = socket$inet6(0xa, 0x40000000000002, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x1, &(0x7f0000000040)=0x3, 0x4) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000100)=0xffff, 0x4) r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x98) setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000140)={0x20002000}) ioctl$SG_GET_SCSI_ID(r0, 0x2276, &(0x7f0000000180)) sendto$inet6(r0, &(0x7f0000000080), 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local}, 0x1c) setsockopt$inet6_udp_int(r0, 0x11, 0x1, &(0x7f0000000080), 0x4) 02:11:25 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0xfdef}}, 0x20) 02:11:25 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x200000000000000, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:25 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x176, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:25 executing program 4: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x2000, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000040)={0x40000000, 0x80000000, 0x1b}) getsockopt$IPT_SO_GET_REVISION_MATCH(r0, 0x0, 0x42, &(0x7f0000000080)={'HL\x00'}, &(0x7f00000000c0)=0x1e) r1 = fcntl$dupfd(r0, 0x406, r0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) fsetxattr$security_selinux(r0, &(0x7f0000000100)='security.selinux\x00', &(0x7f0000000140)='system_u:object_r:dhcpd_state_t:s0\x00', 0x23, 0x3) ioctl$TIOCPKT(r1, 0x5420, &(0x7f0000000180)=0x7ff) r3 = getpgid(0x0) fcntl$lock(r2, 0x7, &(0x7f00000001c0)={0x1, 0x3, 0x7, 0x8, r3}) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000200)=0xff, 0x4) ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r1, 0x800442d4, &(0x7f0000000240)=0xeb9) ioctl$SG_GET_VERSION_NUM(r0, 0x2282, &(0x7f0000000280)) ioctl$TIOCCBRK(r0, 0x5428) ioctl$TIOCLINUX6(r0, 0x541c, &(0x7f00000002c0)={0x6, 0x9}) connect$l2tp(r1, &(0x7f0000000300)=@pppol2tp={0x18, 0x1, {0x0, r2, {0x2, 0x4e21, @remote}, 0x1, 0x4, 0x0, 0x2}}, 0x26) write$binfmt_elf32(r0, &(0x7f0000000340)={{0x7f, 0x45, 0x4c, 0x46, 0x1, 0x1, 0xac5, 0x0, 0x5, 0x2, 0x3e, 0x1, 0xf9, 0x38, 0x8f, 0x6, 0x0, 0x20, 0x2, 0x5, 0xec82, 0x9}, [{0x4, 0x6, 0x7fffffff, 0x6, 0x8000, 0x6, 0x80a0, 0xc9}, {0x5, 0x0, 0x4, 0x5, 0x0, 0x9, 0x0, 0x6}], "f28a0aff39d7a25fb68d8923a1bbc05f2976e5bf94483b076ab95a5b137b4887aa13337a54689b5547b5a1a42f0229a4f5ba7f2005c2248883f33c0ff9c2e4d480208a66f83823b60149b3cdb0b068694615b4c7aa2eb0049ba6e5522ee4ba0e42a76529466067823418a5008f8e4fa0c987dd9d"}, 0xec) ioctl$sock_inet_SIOCSIFBRDADDR(r2, 0x891a, &(0x7f0000000440)={'teql0\x00', {0x2, 0x4e21, @local}}) setsockopt$IP_VS_SO_SET_EDIT(r1, 0x0, 0x483, &(0x7f0000000480)={0x32, @empty, 0x4e21, 0x4, 'nq\x00', 0x24, 0x7fffffff, 0xd}, 0x2c) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000004c0)={'vcan0\x00', 0x0}) setsockopt$inet6_mreq(r0, 0x29, 0x15, &(0x7f0000000500)={@loopback, r4}, 0x14) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000540)) open$dir(&(0x7f0000000580)='./file0\x00', 0x0, 0x4) ioctl$RTC_IRQP_READ(r1, 0x8008700b, &(0x7f00000005c0)) setsockopt$inet_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f0000000600), 0x4) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r1, 0xc0045516, &(0x7f0000000640)=0x94) iopl(0x1000) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f00000006c0)={&(0x7f0000000680)=[0x0, 0x0, 0x0], 0x3}) openat(r1, &(0x7f0000000700)='./file0\x00', 0x0, 0x2) fcntl$getown(r1, 0x9) ioctl$KDSETLED(r0, 0x4b32, 0x8) 02:11:25 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x100000000000000, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:25 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x400448c9, &(0x7f0000000140)) 02:11:25 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x3f00000000000000, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:25 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x34000}}, 0x20) 02:11:25 executing program 4: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') ioctl$TCSETAW(r1, 0x5407, &(0x7f00000000c0)={0x0, 0x401, 0xc145, 0x8, 0x6, 0x0, 0x7, 0x9, 0x300000000, 0x11b}) r2 = socket$inet6(0xa, 0x1, 0x8010000000000084) ioctl$sock_inet_SIOCGIFDSTADDR(r2, 0x8917, &(0x7f0000000000)={'bpq0\x00', {0x2, 0x0, @multicast2}}) bind$inet6(r2, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r3 = add_key$keyring(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$restrict_keyring(0x1d, r3, &(0x7f0000000340)='syzkaller\x00', &(0x7f0000000380)="5970726f63ef736563757269747900") listen(r2, 0x4) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) r5 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet6(0xa, 0x0, 0x0) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, 0xffffffffffffffff, 0x0) write$tun(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="286dcc45562b1906296c75"], 0x1) r6 = perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) close(r6) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000140), &(0x7f0000000200)=0xc) sendto$inet6(r4, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) accept4(r4, &(0x7f0000000480)=@l2, &(0x7f00000003c0)=0x80, 0x80800) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x0) r7 = accept4(r2, 0x0, &(0x7f0000000040), 0x0) inotify_add_watch(r0, &(0x7f0000000080)='./file0\x00', 0x10000000) syz_open_dev$mouse(&(0x7f0000000200)='/dev/input/mouse#\x00', 0x7fff, 0x200000) ioctl$TIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000240)) dup3(r0, r7, 0x80000) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r7, 0x84, 0x1, &(0x7f0000000400)={0x0, 0x0, 0x40}, &(0x7f0000000440)=0x14) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000280)={'team0\x00', @dev={[], 0x19}}) 02:11:25 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x3ad, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:26 executing program 1: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x176, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:26 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d4, &(0x7f0000000140)) 02:11:26 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x1000000, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:26 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0xfffffdef}}, 0x20) 02:11:26 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x51, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:26 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x1000000}}, 0x20) 02:11:26 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x300, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:26 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448f0, &(0x7f0000000140)) 02:11:26 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0xeffd}}, 0x20) 02:11:26 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x2}}, 0x20) 02:11:26 executing program 4: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') ioctl$TCSETAW(r1, 0x5407, &(0x7f00000000c0)={0x0, 0x401, 0xc145, 0x8, 0x6, 0x0, 0x7, 0x9, 0x300000000, 0x11b}) r2 = socket$inet6(0xa, 0x1, 0x8010000000000084) ioctl$sock_inet_SIOCGIFDSTADDR(r2, 0x8917, &(0x7f0000000000)={'bpq0\x00', {0x2, 0x0, @multicast2}}) bind$inet6(r2, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r3 = add_key$keyring(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$restrict_keyring(0x1d, r3, &(0x7f0000000340)='syzkaller\x00', &(0x7f0000000380)="5970726f63ef736563757269747900") listen(r2, 0x4) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) r5 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet6(0xa, 0x0, 0x0) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, 0xffffffffffffffff, 0x0) write$tun(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="286dcc45562b1906296c75"], 0x1) r6 = perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) close(r6) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000140), &(0x7f0000000200)=0xc) sendto$inet6(r4, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) accept4(r4, &(0x7f0000000480)=@l2, &(0x7f00000003c0)=0x80, 0x80800) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x0) r7 = accept4(r2, 0x0, &(0x7f0000000040), 0x0) inotify_add_watch(r0, &(0x7f0000000080)='./file0\x00', 0x10000000) syz_open_dev$mouse(&(0x7f0000000200)='/dev/input/mouse#\x00', 0x7fff, 0x200000) ioctl$TIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000240)) dup3(r0, r7, 0x80000) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r7, 0x84, 0x1, &(0x7f0000000400)={0x0, 0x0, 0x40}, &(0x7f0000000440)=0x14) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000280)={'team0\x00', @dev={[], 0x19}}) 02:11:26 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x400448ca, &(0x7f0000000140)) 02:11:26 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x357, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:26 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x500, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:26 executing program 1: r0 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x0, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vga_arbiter\x00', 0x117000, 0x0) ioctl$TUNSETLINK(r0, 0x400454cd, 0x207) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha1\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000ff8000), 0x0) r4 = accept$alg(r3, 0x0, 0x0) r5 = msgget$private(0x0, 0x2a) msgctl$IPC_RMID(r5, 0x0) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000180)={0x0, @remote, @broadcast}, &(0x7f00000001c0)=0xc) bind$xdp(r1, &(0x7f0000000200)={0x2c, 0x1, r6, 0x22, r0}, 0x10) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000300)={0x0, 0x9}, &(0x7f0000000340)=0x8) ioctl$sock_inet_tcp_SIOCOUTQ(r1, 0x5411, &(0x7f0000000400)) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000380)={r7, 0x8}, &(0x7f00000003c0)=0x8) ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f0000000240)={0x7, 0x80000000}) recvmmsg(r4, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x80, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) socketpair$inet(0x2, 0x6, 0x3, &(0x7f0000000140)) ioctl(r2, 0x8912, &(0x7f0000000000)="0a5cc80700315f85715070") fsetxattr$trusted_overlay_nlink(r4, &(0x7f0000000280)='trusted.overlay.nlink\x00', &(0x7f00000002c0)={'U-', 0xfff}, 0x28, 0x3) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r0, 0x80045700, &(0x7f0000000040)) 02:11:26 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x40030000000000}}, 0x20) 02:11:26 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x9801, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:27 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x33, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:27 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x100000000000000}}, 0x20) 02:11:27 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x400448cb, &(0x7f0000000140)) 02:11:27 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x7fffffe, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:27 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') ioctl$TCSETAW(r1, 0x5407, &(0x7f00000000c0)={0x0, 0x401, 0xc145, 0x8, 0x6, 0x0, 0x7, 0x9, 0x300000000, 0x11b}) r2 = socket$inet6(0xa, 0x1, 0x8010000000000084) ioctl$sock_inet_SIOCGIFDSTADDR(r2, 0x8917, &(0x7f0000000000)={'bpq0\x00', {0x2, 0x0, @multicast2}}) bind$inet6(r2, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r3 = add_key$keyring(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$restrict_keyring(0x1d, r3, &(0x7f0000000340)='syzkaller\x00', &(0x7f0000000380)="5970726f63ef736563757269747900") listen(r2, 0x4) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) r5 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet6(0xa, 0x0, 0x0) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, 0xffffffffffffffff, 0x0) write$tun(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="286dcc45562b1906296c75"], 0x1) r6 = perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) close(r6) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000140), &(0x7f0000000200)=0xc) sendto$inet6(r4, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) accept4(r4, &(0x7f0000000480)=@l2, &(0x7f00000003c0)=0x80, 0x80800) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x0) r7 = accept4(r2, 0x0, &(0x7f0000000040), 0x0) inotify_add_watch(r0, &(0x7f0000000080)='./file0\x00', 0x10000000) syz_open_dev$mouse(&(0x7f0000000200)='/dev/input/mouse#\x00', 0x7fff, 0x200000) ioctl$TIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000240)) dup3(r0, r7, 0x80000) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r7, 0x84, 0x1, &(0x7f0000000400)={0x0, 0x0, 0x40}, &(0x7f0000000440)=0x14) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000280)={'team0\x00', @dev={[], 0x19}}) 02:11:28 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero\x00', 0x8500, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r0, 0x4038ae7a, &(0x7f0000000300)={0x7ff, 0xdc3, &(0x7f0000000280)="ffc7974268c449e0803b06c9579ea19e359062c6f46ece7ed055380742eba8debdccbcdce237c032a7ccf3d340a1b194efff39cd1f6d8c285b31aa6450daef4fba3eb781aa71de6a142e18cb8fa9f133f9ad859da0f7", &(0x7f0000000140)="4da6045b71e6e8d62edd2187df8592ade3e4cd7a07", 0x56, 0x15}) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x6, &(0x7f0000000340)=@raw=[@generic={0x7ff, 0x6, 0x20, 0x3248}, @alu={0x0, 0x3f, 0x0, 0xf, 0x1, 0x0, 0xffffffffffffffff}, @jmp={0x5, 0x2, 0x2, 0x4, 0x4, 0xffffffffffffffc0, 0x4}], &(0x7f0000000000)="504c20004cf7d12af11ce92537b5e3191e66de5d4ec18e4c2df01484a86d77842f624946eae310794c8c96ff1407002e25951139bda5d2990e523f8ec3080ffc1224d8dc4c84a9c8e8ab31576806715523fa70740702e45add", 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a80)={r1, 0x0, 0xe, 0x9e, &(0x7f0000000380)="26d48d0a150000000070bd6688a8", &(0x7f00000001c0)=""/158, 0x11fd}, 0x28) 02:11:28 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x8903, &(0x7f0000000140)) 02:11:28 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x400300}}, 0x20) 02:11:28 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x4, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:28 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x3d8, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:28 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') ioctl$TCSETAW(r1, 0x5407, &(0x7f00000000c0)={0x0, 0x401, 0xc145, 0x8, 0x6, 0x0, 0x7, 0x9, 0x300000000, 0x11b}) r2 = socket$inet6(0xa, 0x1, 0x8010000000000084) ioctl$sock_inet_SIOCGIFDSTADDR(r2, 0x8917, &(0x7f0000000000)={'bpq0\x00', {0x2, 0x0, @multicast2}}) bind$inet6(r2, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r3 = add_key$keyring(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$restrict_keyring(0x1d, r3, &(0x7f0000000340)='syzkaller\x00', &(0x7f0000000380)="5970726f63ef736563757269747900") listen(r2, 0x4) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) r5 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet6(0xa, 0x0, 0x0) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, 0xffffffffffffffff, 0x0) write$tun(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="286dcc45562b1906296c75"], 0x1) r6 = perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) close(r6) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000140), &(0x7f0000000200)=0xc) sendto$inet6(r4, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) accept4(r4, &(0x7f0000000480)=@l2, &(0x7f00000003c0)=0x80, 0x80800) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x0) r7 = accept4(r2, 0x0, &(0x7f0000000040), 0x0) inotify_add_watch(r0, &(0x7f0000000080)='./file0\x00', 0x10000000) syz_open_dev$mouse(&(0x7f0000000200)='/dev/input/mouse#\x00', 0x7fff, 0x200000) ioctl$TIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000240)) dup3(r0, r7, 0x80000) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r7, 0x84, 0x1, &(0x7f0000000400)={0x0, 0x0, 0x40}, &(0x7f0000000440)=0x14) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000280)={'team0\x00', @dev={[], 0x19}}) 02:11:28 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x300000000000000, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:28 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0xeffdffff00000000}}, 0x20) 02:11:28 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x3db, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:28 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x8902, &(0x7f0000000140)) 02:11:28 executing program 4: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000540)='/dev/vcs\x00', 0x20000, 0x0) syz_mount_image$btrfs(&(0x7f0000000140)='btrfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000e80)}], 0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="e0"]) syz_mount_image$ntfs(&(0x7f0000000040)='ntfs\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f00000001c0)=ANY=[]) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000340), 0xc, &(0x7f00000004c0)={&(0x7f0000000d80)={0x14, 0x0, 0x6, 0x0, 0x0, 0x25dfdbfc, {0x2, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x20000041}, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000008c0)=@abs={0x1}, 0x6e, &(0x7f0000000c00)=[{&(0x7f0000000bc0)}], 0x1}, 0x8040) ioctl$EVIOCSREP(r0, 0x40084503, &(0x7f0000000480)=[0x2, 0xfffffffffffffff9]) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl(r1, 0x3609, &(0x7f0000000580)) lgetxattr(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000200)=@random={'btrfs.', 'lowerdir'}, &(0x7f0000000240)=""/253, 0xfd) mount$overlay(0x404000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}]}) setxattr$trusted_overlay_redirect(&(0x7f0000000580)='./file1\x00', &(0x7f00000005c0)='trusted.overlay.redirect\x00', &(0x7f0000000600)='./file1\x00', 0x8, 0x3) syz_mount_image$ntfs(&(0x7f0000000380)='ntfs\x00', &(0x7f00000003c0)='./file0\x00', 0x1, 0x1, &(0x7f0000000400)=[{&(0x7f0000000980)="b81489272659a7ba1c7851f4d4a5cfd824f3ecc1748ad4acf37faaec88fa32625a18a91768dc0cfe30bf8b6b676a9c37c8f667090d3ec8", 0x37, 0x2}], 0x1001000, &(0x7f0000000440)={[{@case_sensitive_yes='case_sensitive=yes'}], [{@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@dont_hash='dont_hash'}]}) 02:11:28 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x3f000000, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:28 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0xeffdffffffffffff}}, 0x20) 02:11:28 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0xa0, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:28 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x8901, &(0x7f0000000140)) 02:11:28 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x4000000, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) [ 855.454939] ntfs: (device loop4): ntfs_fill_super(): Unable to determine device size. 02:11:28 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x6000000, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) [ 855.733869] ntfs: (device loop4): parse_options(): Unrecognized mount option ./file1. [ 855.746267] overlayfs: filesystem on './file0' not supported as upperdir 02:11:29 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0xffffffff00000000}}, 0x20) 02:11:29 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x4020940d, &(0x7f0000000140)) 02:11:29 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x240000, 0x0) readlinkat(r1, &(0x7f0000000040)='\x00', &(0x7f0000000100)=""/17, 0x11) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) r2 = getpid() setsockopt$IP_VS_SO_SET_DELDEST(0xffffffffffffffff, 0x0, 0x488, &(0x7f0000000080)={{0x0, @local, 0x4e20, 0x0, 'wlc\x00', 0x2a}, {@multicast1, 0x4e24, 0x0, 0x8, 0x0, 0xb3}}, 0x44) sched_setscheduler(r2, 0x5, &(0x7f0000000200)) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x4e1d, @loopback}, 0xfffffffffffffd51) 02:11:29 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x1ef, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:29 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x22, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:29 executing program 4: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000540)='/dev/vcs\x00', 0x20000, 0x0) syz_mount_image$btrfs(&(0x7f0000000140)='btrfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000e80)}], 0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="e0"]) syz_mount_image$ntfs(&(0x7f0000000040)='ntfs\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f00000001c0)=ANY=[]) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000340), 0xc, &(0x7f00000004c0)={&(0x7f0000000d80)={0x14, 0x0, 0x6, 0x0, 0x0, 0x25dfdbfc, {0x2, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x20000041}, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000008c0)=@abs={0x1}, 0x6e, &(0x7f0000000c00)=[{&(0x7f0000000bc0)}], 0x1}, 0x8040) ioctl$EVIOCSREP(r0, 0x40084503, &(0x7f0000000480)=[0x2, 0xfffffffffffffff9]) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl(r1, 0x3609, &(0x7f0000000580)) lgetxattr(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000200)=@random={'btrfs.', 'lowerdir'}, &(0x7f0000000240)=""/253, 0xfd) mount$overlay(0x404000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}]}) setxattr$trusted_overlay_redirect(&(0x7f0000000580)='./file1\x00', &(0x7f00000005c0)='trusted.overlay.redirect\x00', &(0x7f0000000600)='./file1\x00', 0x8, 0x3) syz_mount_image$ntfs(&(0x7f0000000380)='ntfs\x00', &(0x7f00000003c0)='./file0\x00', 0x1, 0x1, &(0x7f0000000400)=[{&(0x7f0000000980)="b81489272659a7ba1c7851f4d4a5cfd824f3ecc1748ad4acf37faaec88fa32625a18a91768dc0cfe30bf8b6b676a9c37c8f667090d3ec8", 0x37, 0x2}], 0x1001000, &(0x7f0000000440)={[{@case_sensitive_yes='case_sensitive=yes'}], [{@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@dont_hash='dont_hash'}]}) 02:11:29 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x400448e4, &(0x7f0000000140)) 02:11:29 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x10, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:29 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x2000000}}, 0x20) 02:11:29 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000240)=ANY=[@ANYBLOB="0024ade3c90400000054db5f9a22744acf9bd1aa35bb6818218e5a080000000000"], &(0x7f00000002c0)=0x1) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000380)={{{@in6=@remote, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in6=@mcast2}}, &(0x7f0000000200)=0xe8) ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f0000000280)={@loopback, 0x2c, r1}) setsockopt$inet6_int(r0, 0x29, 0xfb, &(0x7f00000001c0)=0x8, 0x4) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4, 0x0, @dev, 0x2}, 0xfffffffffffffef4) sysinfo(&(0x7f0000000300)=""/19) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bond_slave_0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8936, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x3ac, 0x3ef, 0x5, 0x30c, 0x0, 0x1d3, 0xe003, 0x33c, 0x0, 0x0, 0x0, 0x0, 0x8]}, 0x75, r2}) socket$l2tp(0x18, 0x1, 0x1) gettid() ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={@local, @empty, @loopback, 0x3, 0x0, 0x1f, 0x0, 0x100000000, 0x0, r2}) ioctl$sock_inet6_udp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000180)) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp\x00', 0x509000, 0x0) ioctl$SCSI_IOCTL_GET_IDLUN(r3, 0x5382, &(0x7f0000000480)) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) accept$alg(r3, 0x0, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3000, 0x2, &(0x7f0000ffa000/0x3000)=nil) sendto$inet6(r4, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) [ 856.311043] ntfs: (device loop4): ntfs_fill_super(): Unable to determine device size. 02:11:29 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x5451, &(0x7f0000000140)) 02:11:29 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0xfffffffffffffdef}}, 0x20) 02:11:29 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x14, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:29 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0xa5, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:29 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x8940, &(0x7f0000000140)) 02:11:29 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x40030000000000}}, 0x20) 02:11:29 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x8, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:29 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000240)=ANY=[@ANYBLOB="0024ade3c90400000054db5f9a22744acf9bd1aa35bb6818218e5a080000000000"], &(0x7f00000002c0)=0x1) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000380)={{{@in6=@remote, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in6=@mcast2}}, &(0x7f0000000200)=0xe8) ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f0000000280)={@loopback, 0x2c, r1}) setsockopt$inet6_int(r0, 0x29, 0xfb, &(0x7f00000001c0)=0x8, 0x4) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4, 0x0, @dev, 0x2}, 0xfffffffffffffef4) sysinfo(&(0x7f0000000300)=""/19) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bond_slave_0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8936, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x3ac, 0x3ef, 0x5, 0x30c, 0x0, 0x1d3, 0xe003, 0x33c, 0x0, 0x0, 0x0, 0x0, 0x8]}, 0x75, r2}) socket$l2tp(0x18, 0x1, 0x1) gettid() ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={@local, @empty, @loopback, 0x3, 0x0, 0x1f, 0x0, 0x100000000, 0x0, r2}) ioctl$sock_inet6_udp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000180)) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp\x00', 0x509000, 0x0) ioctl$SCSI_IOCTL_GET_IDLUN(r3, 0x5382, &(0x7f0000000480)) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) accept$alg(r3, 0x0, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3000, 0x2, &(0x7f0000ffa000/0x3000)=nil) sendto$inet6(r4, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) 02:11:29 executing program 4: r0 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x2, 0x4000) ioctl$BLKRESETZONE(r0, 0x40101283, &(0x7f0000000100)={0x3de, 0x7f}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(aes-aesni)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000000)="649c47ad46390dc86dae79fa409d4d54", 0x10) r2 = semget(0x2, 0x3, 0x59) semctl$GETALL(r2, 0x0, 0xd, &(0x7f0000000140)=""/87) r3 = accept$alg(r1, 0x0, 0x0) write(r0, &(0x7f00000001c0)="449ef70c9c148c03fed80f03e3883bda9b8c4e0e619695fc67d31692cf1c349f8f9a7aaf77cc2b4fe3a647984b74c4a36b5e", 0x32) io_setup(0x800000100000005, &(0x7f0000f69000)=0x0) io_submit(r4, 0x1, &(0x7f0000bd9fe0)=[&(0x7f0000617fc0)={0x0, 0x0, 0x0, 0x0, 0x0, r3, &(0x7f000007d000)="b3", 0x1}]) 02:11:29 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x89a1, &(0x7f0000000140)) 02:11:29 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x3f5, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:29 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x1000000}}, 0x20) 02:11:29 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x13, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:29 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x11f, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:29 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x5460, &(0x7f0000000140)) 02:11:29 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x2d, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:29 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)="2f67726f75702e73746174003c23fb572a1f0294e6f378b41ad54b4d9d9a1f63f8785ad188a7e1c88875e05b18a4cb3a9cd12dcea440d899c22c652b3a47df4b1dee483b157624c59c0100e89e6a357c00000000000000000000000000000000", 0x2761, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x7da, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r1, &(0x7f0000000080)=0x2, 0x12) 02:11:30 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ppoll(&(0x7f00000002c0)=[{r1, 0xc054}], 0x1, &(0x7f0000000300)={0x77359400}, &(0x7f0000000340)={0x1}, 0x8) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:30 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x2}}, 0x20) 02:11:30 executing program 1: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f0000000800)='./file0\x00', 0x0, 0x28) openat$cgroup_int(r0, &(0x7f00000008c0)=':ugetlb.2MB.failcnt\x00', 0x2, 0x0) mount$9p_unix(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000200)={'trans=unix,', {[{@access_client='access=client'}, {@nodevmap='nodevmap'}, {@posixacl='posixacl'}, {@access_any='access=any'}], [{@measure='measure'}, {@smackfstransmute={'smackfstransmute', 0x3d, 'msdos\x00'}}, {@smackfsfloor={'smackfsfloor', 0x3d, '-em0system-(.+keyring'}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x66, 0x3b, 0x71, 0x76, 0x32, 0x0, 0x64], 0x2d, [0x63, 0x76, 0x75, 0x30], 0x2d, [0x7f, 0x64, 0x37, 0x38], 0x2d, [0x7f, 0x3f, 0x0, 0x75], 0x2d, [0x77, 0x39, 0x73, 0x76, 0x65, 0x32, 0x35, 0x30]}}}, {@hash='hash'}]}}) 02:11:30 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0xd, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:30 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0xfffffdef}}, 0x20) 02:11:30 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8000008912, &(0x7f0000000100)="153f6234488dd25d766070") r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhci\x00', 0x4000, 0x0) setsockopt$RDS_RECVERR(r1, 0x114, 0x5, &(0x7f00000000c0), 0x4) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) accept4$bt_l2cap(r2, 0x0, &(0x7f0000000000), 0x0) 02:11:30 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getsockopt$inet_tcp_buf(r1, 0x6, 0xb, &(0x7f0000000480)=""/196, &(0x7f00000002c0)=0xc4) getegid() ioctl$PIO_FONTRESET(r1, 0x4b6d, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) [ 857.130569] 9pnet: p9_fd_create_unix (30711): problem connecting socket: ./file0: -111 02:11:30 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x211, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:30 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x2c, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:30 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0xa, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:30 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) flock(r0, 0x6) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)="2f007e574d000330809022cfde26555dc9ecfe1974406edad38364782d63b6612854b9e49dbdcaef718197e37e870a308b1e3a798fa788a46d3025ef933e51828ab675064e2adbe9126423b4a73d68fbe99c6db2f160d49cb6cce76c27289a4f9d097354aaa5860d2383df87526baa184d90bb7729366c17bc33d765e9bc2f882a13f3a9c1f60660bd4fd2fa31d2c0a775242289bce062d10d24ded5406918a66b2c75c43fe1ff458ae5cd9fec63039ba5a7b66a60ede5ccdabc7ee77660ef2358ccdff02226021384b0c235f114ed9ade92767aecc256acdeb610df42e7169f240357f735ae5fe29017e51e27252f48b95bfbbb3a865535298bdc36d71db635f41c57771db77aeaff883feb3dc3cc24bd3c036e396ad3af37945058839e812270bc40901fa654e7cc3292a82fc80c374dc07142a1c2e9d3e2528e4fdac32bcaefe910ebd3b948a3bfebef5fa8d82473c7fbf3ec", 0x0, 0x0) fcntl$notify(r2, 0x402, 0x800000000000000d) getsockopt$inet_udp_int(r2, 0x11, 0x67, &(0x7f0000000000), &(0x7f0000000040)=0x4) fcntl$notify(r2, 0x402, 0x1) lsetxattr$security_smack_entry(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='security.SMACK64IPOUT\x00', &(0x7f0000000100)="2f007e574d000330809022cfde26555dc9ecfe1974406edad38364782d63b6612854b9e49dbdcaef718197e37e870a308b1e3a798fa788a46d3025ef933e51828ab675064e2adbe9126423b4a73d68fbe99c6db2f160d49cb6cce76c27289a4f9d097354aaa5860d2383df87526baa184d90bb7729366c17bc33d765e9bc2f882a13f3a9c1f60660bd4fd2fa31d2c0a775242289bce062d10d24ded5406918a66b2c75c43fe1ff458ae5cd9fec63039ba5a7b66a60ede5ccdabc7ee77660ef2358ccdff02226021384b0c235f114ed9ade92767aecc256acdeb610df42e7169f240357f735ae5fe29017e51e27252f48b95bfbbb3a865535298bdc36d71db635f41c57771db77aeaff883feb3dc3cc24bd3c036e396ad3af37945058839e812270bc40901fa654e7cc3292a82fc80c374dc07142a1c2e9d3e2528e4fdac32bcaefe910ebd3b948a3bfebef5fa8d82473c7fbf3ec", 0x154, 0x0) r3 = shmget$private(0x0, 0x1000, 0x20, &(0x7f0000fff000/0x1000)=nil) shmctl$SHM_STAT(r3, 0xd, &(0x7f0000000400)=""/111) [ 857.235924] 9pnet: p9_fd_create_unix (30711): problem connecting socket: ./file0: -111 02:11:30 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = socket$inet_smc(0x2b, 0x1, 0x0) recvmmsg(r2, &(0x7f0000002c00)=[{{&(0x7f00000002c0)=@alg, 0x80, &(0x7f0000000340)=[{&(0x7f0000000480)=""/4096, 0x1000}, {&(0x7f0000001480)=""/248, 0xf8}, {&(0x7f0000001580)=""/124, 0x7c}], 0x3, &(0x7f0000001600)=""/31, 0x1f, 0x200}, 0x1}, {{&(0x7f0000001640)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x80, &(0x7f00000027c0)=[{&(0x7f00000016c0)=""/4096, 0x1000}, {&(0x7f00000026c0)=""/237, 0xed}], 0x2, &(0x7f0000002800)=""/204, 0xcc, 0x4}, 0x4}, {{&(0x7f0000002900)=@ax25, 0x80, &(0x7f0000002b00)=[{&(0x7f0000002980)=""/99, 0x63}, {&(0x7f0000002a00)=""/68, 0x44}, {&(0x7f0000002a80)=""/86, 0x56}], 0x3, &(0x7f0000002b40)=""/164, 0xa4, 0xffff}, 0x28}], 0x3, 0x100, &(0x7f0000002cc0)={0x77359400}) ioctl$HCIINQUIRY(r2, 0x800448f0, &(0x7f0000002d00)={r4, 0x6f4, 0x1, 0x0, 0x5, 0x6, 0x6}) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000002d40)={0x0, @in={{0x2, 0x4e22, @broadcast}}, 0x0, 0x8}, &(0x7f0000002e00)=0x90) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r3, 0x84, 0x7c, &(0x7f0000002e40)={r5, 0x5d5, 0xfffffffffffffffb}, 0x8) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:30 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x34000}}, 0x20) 02:11:30 executing program 1: socketpair$unix(0x1, 0x4, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r1 = openat$ion(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0xfffb, 0x80001b, 0x0, 0xffffffffffffffff}) ioctl$EXT4_IOC_SWAP_BOOT(r1, 0x6611) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000080)=0x3) dup2(r0, r2) 02:11:30 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x31, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:30 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0xffffffff00000000}}, 0x20) 02:11:30 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070") r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x224100, 0x0) ioctl$IOC_PR_RESERVE(r1, 0x401070c9, &(0x7f0000000040)={0xf62, 0x8}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x1c, 0x20000032, 0x201, 0x0, 0x0, {}, [@nested={0x8, 0x1, [@typed={0x4, 0x1, @binary}]}]}, 0x1c}}, 0x0) 02:11:30 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x353, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:30 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x32, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) [ 857.455974] ion_buffer_destroy: buffer still mapped in the kernel [ 857.458385] tc_dump_action: action bad kind 02:11:30 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0xc, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:30 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x2000000}}, 0x20) 02:11:30 executing program 4: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$amidi(&(0x7f0000000100)='/dev/amidi#\x00', 0x0, 0x0) ioctl$VHOST_GET_VRING_ENDIAN(0xffffffffffffffff, 0x4008af14, &(0x7f0000000180)) r2 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r2, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) ioctl$sock_bt_bnep_BNEPGETCONNINFO(r1, 0x800442d3, &(0x7f0000000000)={0x5, 0x6, 0x100, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, 'bridge0\x00'}) listen(r2, 0x4) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00') ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r1, 0xc1105511, &(0x7f00000004c0)={{0x0, 0x6, 0x0, 0x0, 'syz1\x00'}, 0x2, 0x70, 0x100000001, 0x0, 0x0, 0x74, 'syz1\x00', &(0x7f0000000140), 0x0, [], [0x0, 0x3, 0x8, 0x5cd2]}) ioctl$FIGETBSZ(0xffffffffffffffff, 0x2, &(0x7f00000001c0)) sendto$inet6(r2, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) write$binfmt_misc(r3, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x0) r4 = accept4(r2, 0x0, &(0x7f0000000040), 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f0000000300)=ANY=[@ANYBLOB="4ae72320fc150fbb12dad521af6c06bc2b82"], &(0x7f0000000340)=0x1) dup3(r0, r4, 0x80000) 02:11:30 executing program 1: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet(0x2, 0x3, 0x4000000004) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl\x00', 0x40, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) r2 = socket(0xa, 0x1, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f00000001c0)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x31, &(0x7f0000000040)={0x0, {{0x2, 0x0, @local}}}, 0x88) 02:11:31 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000002040)=0x6) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() r6 = gettid() r7 = gettid() ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000300)=0x0) setsockopt$netlink_NETLINK_CAP_ACK(r0, 0x10e, 0xa, &(0x7f0000000fc0), 0x4) sendmsg$nl_route(r2, &(0x7f0000000f80)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0xae0}, 0xc, &(0x7f0000000340)={&(0x7f0000000480)=@bridge_getlink={0xaf0, 0x12, 0x100, 0x70bd2b, 0x25dfdbfb, {0x7, 0x0, 0x0, r4, 0x0, 0x600}, [@IFLA_EVENT={0x8, 0x2c, 0x5}, @IFLA_CARRIER_CHANGES={0x8, 0x23, 0x1}, @IFLA_VF_PORTS={0xa6c, 0x18, [{0x318, 0x1, [@generic="1a675082db3141ffd162cab3571d1b6808b98782add7b9dfb979d83d864de8c29d478611c35f", @typed={0x8, 0x3, @fd=r0}, @generic="5ded43c5745e24431d1aaca733f35ca5637ce329e48b82dd6aa9de3224afedbd32bc7506de678eab3760b3198ae2e098bd6cbd9710f14a20fad67ba14ee79f935dba2d3dfe5f9404d4c959cdf970fadb884c5245189ad3e5076c04421fe5be6421590f432e7b1a6a60b3eb2a9d765686fd1b9c80180f4835a7bdb457ac8d46ed4faced7e5086a48726ece769e8315f4852ad2d2795621e719c64d9637e07d57d51677d04254a575c2c4e0a1d422b877655f8bd93ed531da6854a00", @typed={0x8, 0x21, @ipv4=@multicast1}, @typed={0x4c, 0x14, @binary="207f8393bdb5de6094b0d1e341f86ff0f67dddc0f61ed2dcae766e78f5e5a3f7bb92359f12fcca0882d18bbf90545fad757913c7ebd8724497b206c541600092b11e7b6325a673"}, @nested={0xc, 0x4a, [@typed={0x8, 0x27, @fd=r3}]}, @nested={0x128, 0x7e, [@typed={0x4, 0x4f}, @generic="4c3e38622becbbdf606ef7b54d7118d2b6b84a006d022a85580a", @typed={0xc, 0x1e, @str='-eth1\x00'}, @typed={0x8, 0x15, @pid=r6}, @typed={0x10, 0x6f, @str='/dev/dsp\x00'}, @generic="362bf51c68bc7fa731e94a50ec4f4999381cd22dbac8e1d8aa91c6fc4143f49f5a9b96fda348c0220ae0a075826725bc91c0c50c12ade9408eb01b675471ecb916987903b0e919fbee0beb8372a56798e7b4a5eca106350e9b1e1ef24d7fb1c816436af56a01fa7fe9e7ef3582af5581f0d2f689655c8bc6aea58dd1c3efd0315c55f5afa05caa87296603946e78e08a400dc47def7ffdaf", @typed={0x8, 0x5a, @uid=r5}, @generic="04f1365d3610ae86fbf6568101351affccfa5ad895b0a8e99bbe5b3a7ac2cf3c15d3d3f6a7a1f5872bbb86fb8331aa60602c1fca7c8f1e4a", @typed={0x8, 0x58, @fd=r3}]}, @nested={0xa0, 0x7b, [@generic="a571cfca2f6e1b8e79fe379cd690d96dff85c216d9b75b307e3c8f6986222fa1a420154da08645f903a1092abd5e5f000d87c09a1a9f471f267c218e91b05a634e741db9a0f4d6903b9e99b7da1574df0280e2ebe249624e9c391318d5c4d9344b8d096ba8dcb260029b221798d60ef4654d8838968970d4e1a58322d6cdfb063ad32ee6dc1874276b4980cc55ec4898558b0ba34bc52bd870878218"]}]}, {0x750, 0x1, [@generic="a1a1754ed2c1f51fc54adc14026435a0bf7f69a949d625919f3d60aaee9234cff9b92ec1d03fda5aa4ccfb14fd05d73e3ff28b9b75e94a9b500d59f625f5e289cfe6456351f979bf3e714b7f988477cbe543d3029e0c53f20d266fd6d0656f7ca26be2f1573afc5ffc", @generic="d838ed33ffd15d8aaa8fdc1243c7704f6f8c49246d6c87ed9b31c172", @typed={0x78, 0x2c, @binary="8d43280b7ab24cfa25031b3e1584f5219719504adcd4768569337f5191cbbcec40d1b3a88ada14958c734b9fd41fe99e6b897b4c98ec2562626efdf5077948d14c81864426fedd650b3730a98a62f1d1f8b89451755728ea48925ebbcc47e5dcd01da72442d39ef1b90f02e111583cf5bc47"}, @generic="f3fa27809a1c490e8e437c84e05c133db8985bc5ca7a780bb4ea6ba4c8bf0d81d5c00fff6f8207c6821e8b4d96ed80e87590eae52e622d33ef93e746fd12b09ee57cd1d7b035f04e4cd5c46000cecd1e75b3b996666748be2014b4428cb4d4c08275ef0ed556a5dad87c9077523152e0fe14401ca532470c94810673454e384dbe89408c84601c1a140e7d74c6ed476e0dfd06cd4b75b8e6679fadbd8a1a874701405d7acc8039d1458547632bd56d0c3192613365d025c26096eb5a5c5f2ca7c276ea", @nested={0xa0, 0x45, [@typed={0x8, 0x21, @fd=r0}, @generic="7b89e630299bc36b373d304afc0b703fd8bace96e6b99ba3f6ad30e90086d0a7ade2c3dc8a79072dee0562f3441e3e1f954f6fd60ccfec59cf68d717f9eb5836405eaf60cf3031d4bedfc693ed80f4159da1b204f796dcfb75bddaf569fba4c1bd59ca6942e5d62dc7b7b93f92dfad72d5833820fe7e076c19d792c39ba78555209417fa89b61dcc0727c827ca5e8a671e54"]}, @nested={0xec, 0x5b, [@typed={0xe8, 0x37, @binary="723a9730f7efbde19f46a7b5af356f0d300360775f76ed862cb9ba8c958b44175afcba693eba107d27aeb6d810c2e94923a4b337dc815f8bd24c324d6b9a2098cff720ea407b376ea3f41711e5776f8a4db8ac84d1f4173943c5e49441f51dadfbb1a68f542c819df53c322a4e9edfa94dc2266c9324c08ab48f441b50ed1af48779ecd54157835037bcd77117ec52cdc3244b92b0a8ba6b2d3c95386e3ee94ed7e120e8466dde7b675d8dc5db67627d4941b765e639886612f9daef3f293bb64204c0d13a184be6002c685bfcf5d90ed810f5344f2661a8987732487e1824b62765d5"}]}, @nested={0x3f8, 0x7e, [@typed={0x1c, 0x32, @str=':$(eth1eth0em0selinux\x00'}, @generic="7f77f4026e8085c3788c5f6b5f5b7dd824d76044baa4a16d7323fcf38dd57a116fabca6fe53eaa24a6e7e6188f23fb2044ae2fb3b26cd060736a10cc68a56479275e86c970bc627e589e6ad88ba561c62af898e15fa851c2eb618d6ad6946351534cde4708e5f67c8fa51b1f187b93476dd0bffa2e97e521a64fb5bd40b7e80fd72f9db7b0f7f933c2977dcc9ef15b5a0ee87762b3f4559141bd004e8b65f3a80941d8e8686197862889479fa0ae933ec3d525114334a8df948ae220e9e72b0446a2e2c52da9dcb7e16229e4df", @generic="14736ebbb0186f840235d7e88c8d3f5ec19857c94018be1ce0872340770ba6c9348783c4eb27a320690d2849c125603c7939a8a0179dff8e959d26075fdb56f4ac2ce9ca86a6a0834180f87942f11f1880aa2c80d8", @generic="2391f0031a55fd4570fa13e9c3f75fd788272a8a67ee2c956c1401dc88d248e372b85ef43ea33c9470171c", @generic="63172e8d0d78088e05d825a0e51e0d1862de5877a6a4c4d24ecc900e5c5c6eb69cce8d528f6443bd2fca23ef304bcc7aca338d40704d8d37d8d35052670c5ba50f0b1939060819569edf2b0200b1a578d8ead236daae493d0b83fc36c276dda493c2d5c768f0ed62d500d2e896b0c6d279c42f82a5d7a762d300469e2532fdea814ecfcdb5f6a704bc5f06bc2ddae9edaea8f2401e26bf6eae28a52e77d2309da584f747e9a189b9c30baf6d0fe9d6e50292609349df", @generic="317691848fa144055b8a8a7734e070d18a43d38d9263fed8e9015aa4aea1a7c65f38098d95df2582f47ba5293516f60990b397448788ecca8f045c2c75f6396bc07c4fd2d473d4820edbb260800ba070bc0b65198ae8ed79dca38ef96dd485672ab085e5a0c3af85d601546b347a3ee4bd785a7e429b19da42b5736a1f873edd737953a2e3b79cdb3d9d9d0dd9f3f1b0ff31d61bd7c9bd2367a9831191ad7a1dc8d8c4e45f59f73bc44c5fa1b142ac8e5fcfdb7dca5cd4212367f0e7806c80a942d092e2c447acf41f14e43fe58e9071aa30e356d62af71d43e54d9953e8025eca477d1ee1", @generic="ef65f38eaa8bb316b7697e16df33c724ce0d3ee78a501df786e1d57f531e7fc4971d43b332c6b7ca2bd35957b2397dfbe7bdb36f56a5acc5e5feb28f3eaad282da1ed942303ce00687f890d2cdad9d41627c9fe5a141bcc03d17375b30af2c0d349d2ca6ee9a5675e4f925efe971726217ac01bac05b61941de8f52fa031", @typed={0x8, 0x2a, @pid=r7}, @generic="858a788354b78c444139faf1636ae0fed20db3d44a887a302bb5ff7f4df6fc914c7c2f8621164e3f848e2dd451f5b7fc1a20b2534369bee2f277bcd5943bf304658490791e6d2c38ec81f8a2ae75f7552a3e9c4acd3201dd", @generic="e081608532cd1c6763c2fc97f0b17b3a0237"]}, @typed={0x8, 0x1a, @pid=r8}]}]}, @IFLA_GROUP={0x8, 0x1b, 0x8}, @IFLA_NET_NS_FD={0x8, 0x1c, r3}, @IFLA_NUM_RX_QUEUES={0x8, 0x20, 0x1}, @IFLA_IFALIAS={0x14, 0x14, 'bridge_slave_1\x00'}, @IFLA_IFNAME={0x14, 0x3, 'syzkaller1\x00'}, @IFLA_IFALIAS={0x14, 0x14, 'ifb0\x00'}]}, 0xaf0}, 0x1, 0x0, 0x0, 0x4040}, 0x4004000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r1, 0x81785501, &(0x7f0000001000)=""/4096) 02:11:31 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x3c4, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:31 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x28, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:31 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x400300}}, 0x20) 02:11:31 executing program 4: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000180), 0x315) getsockopt$IP6T_SO_GET_ENTRIES(0xffffffffffffffff, 0x29, 0x41, &(0x7f0000000200)=ANY=[], &(0x7f00000002c0)) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000080)='lp\x00', 0x3) r2 = socket$inet6(0xa, 0x1, 0x8010000000000084) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x14) lstat(&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) fsetxattr$security_ima(r0, &(0x7f0000000600)='security.ima\x00', &(0x7f0000000640)=@v1={0x2, "96c609d0c0f5"}, 0x7, 0x2) getresgid(&(0x7f0000000240)=0x0, &(0x7f0000000280), &(0x7f0000000340)) fchown(r2, r3, r4) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e23}, 0x1c) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000003c0)='./file0\x00', 0x9, 0x2, &(0x7f0000000580)=[{&(0x7f0000000400)="53c2600d347fa30de052d1110b383fb58337ce11e947eb0f246646553330dfbb379bbbaf65a7b2b1c44ffcd2753267baf4b16440517a6ad99e29710a7e6150ac80cee8ce6bc4", 0x46, 0x7}, {&(0x7f0000000480)="c78527f8bb01cbccf099771c1c1b6005c12a18b0e05f79e566a24e94aa7ead063bba1f9dcdd66a672389b93e5865f1e9d7a31176b31cb0866be3476389ada6565550ad908e3fda2737f002e7386a0fdb83e34394cfda9bd94ecd3426f0732bfc5087ca984fd87af14673fc5c125d0a41ac646551d8f6aa42c8c56661c33110a123fb63a2bbee52759ffaabe4ef2e281dfb3a8c1663193ace33e5df09eefc5652226b82830c7fdaad13c08ad9105dafec645c93475cf4368434c30372b1b9a232b91c248af2ba6daa480ba70cb862d5f5947419510f85dd737fdde777f77dd82550657e4bd2166a2732d202946b96941deaf60a2653", 0xf5, 0x4}], 0x10, &(0x7f00000005c0)={[{@rodir='rodir'}, {@utf8no='utf8=0'}, {@uni_xlateno='uni_xlate=0'}], [{@smackfsfloor={'smackfsfloor'}}]}) ioctl$FICLONERANGE(r2, 0x4020940d, &(0x7f0000000100)={r2}) listen(r2, 0x18) r5 = open(&(0x7f0000000680)='./file0\x00', 0x40, 0x8) r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000700)='IPVS\x00') sendmsg$IPVS_CMD_GET_DAEMON(r5, &(0x7f0000000800)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x10000080}, 0xc, &(0x7f00000007c0)={&(0x7f0000000740)={0x4c, r6, 0x300, 0x70bd25, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0x38, 0x2, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x200}, @IPVS_DEST_ATTR_ADDR={0x14}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0xb7a}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x9}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4008050}, 0x8000) r7 = socket$inet6(0xa, 0x5, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ppp\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r7, 0x84, 0x6b, &(0x7f0000000000)=[@in={0x2, 0x4e23, @local, [0x3f9, 0x10000000000000]}], 0x10) 02:11:31 executing program 1: getpgrp(0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000000c0)=0x0) getpgid(r0) r1 = getpgrp(0xffffffffffffffff) r2 = getpgid(r1) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8820, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4, 0x2b12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x20000000, 0x0, 0x80000000000}, r2, 0x0, 0xffffffffffffff9c, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x5, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850019000000000000000095000000000000000000"], &(0x7f0000000080)='GPL\x00', 0xe2, 0xfb, &(0x7f0000000300)=""/251}, 0x48) 02:11:31 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x5, 0x5, 0xd9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000180)={0xffffffffffffffff}}}, 0x20) ioctl$KVM_S390_VCPU_FAULT(r1, 0x4008ae52, &(0x7f0000000500)=0xea) write$RDMA_USER_CM_CMD_BIND_IP(r2, &(0x7f0000000200)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e21, 0x2, @mcast2, 0x9}, r3}}, 0x30) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r4 = socket$inet6(0xa, 0x3, 0x20000000021) sendto$inet6(r4, &(0x7f0000000080), 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback={0xffffffff00000000}, 0x4000}, 0x1c) r5 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x4, 0x121000) fstat(r5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$EVIOCSMASK(r2, 0x40104593, &(0x7f00000004c0)={0x16, 0x82, &(0x7f0000000400)="f93ea8df13ca5bd63bc21c0fc8342324d3edc3273b1a4e07ad5fe7325f8369a0ecd46862c720d0b248d494daac4d2f4b8c201e5a5e6a16f1e4d3b323fddbd3b14482006410381a1b67151051b6a915e68b1731fbebe3255f7200bbdb5b90f42180c39c3180b89f7d8d0d2719abbe94db7c24583758b345e953c1d27aa2563a53c9b6"}) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000340)={0xa0, 0x0, 0x7, {{0x2, 0x1, 0x3f, 0x8, 0x7fff, 0x5, {0x0, 0x6153, 0xfff, 0x6, 0x4, 0x8, 0x8, 0x9, 0x8, 0x7, 0x5, r6, r7, 0x848, 0x86ab}}, {0x0, 0x3}}}, 0xa0) ioctl$KVM_GET_DIRTY_LOG(r5, 0x4010ae42, &(0x7f00000000c0)={0x10000, 0x0, &(0x7f0000ffc000/0x4000)=nil}) ioctl$DRM_IOCTL_SET_MASTER(r1, 0x641e) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r5, 0x4010ae74, &(0x7f0000000080)={0xd08, 0x696, 0x1}) 02:11:31 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x24, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:31 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x1ca, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:31 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) ioctl$EVIOCGPHYS(r1, 0x80404507, &(0x7f00000002c0)=""/37) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) flistxattr(r3, &(0x7f0000000480)=""/252, 0xfc) 02:11:31 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0xeffdffff}}, 0x20) [ 858.270463] FAT-fs (loop4): Unrecognized mount option "smackfsfloor=" or missing value 02:11:31 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x18, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:31 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000001700)='/dev/rfkill\x00', 0x4000fe, 0x0) setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x2e, &(0x7f00000004c0)="64f66a8d37de403b98aa2eb90a64292beae4690687a3f78350228aa99c605d765083985952b936efc3e21d5377b451596a3cdc05b3d2f08ff5866073b5e76cd455fedf395d6db4cb99b3ceb83f5bdd563ccc494c24561dfe452e04c279eedde3ed67aaa3d9f0559b8dcc394f34da4f7550e875ac48044c1e6c4ff08595c0c96e7a37d83600786858a92c5361cd34254824bd552951af0d7ff97679dee49461bb66465cf6a7dcd7fb0021065510c9bcd6c51eb0c4e7385444ba84ec2c9c47db0d2e8365946cfa53962e7c4863892d012155025838b83d017ad29a9662c468093ee114fdb53cceb30ca2b24f7d2c2dc58703cfc2fe839112f397a0a232d86ced3b9e6d9dcdc6e8b3709854b05ba8dde5442a92448d6123d3ff6b080f45675741a7c35d379490025fb45b893ef99d53b9ef0e2793b45d3c255eed8899503e7323fea7fc6bb839336aebd76b9b07c38b118451c6f7d6a39541247ac4649086105b849a75ff9fdb5ce0996d9ffb34b55294d5576cd116ddb6d32b9238adebb2155034710d4c047118f4edccf0d1c733b2c1235c09fc956621daa9b82c72cc88dd924d775a2a80efa1c5b40b69f4e98077babe377a2cbe27de624fc34f039a569cefb81d46c8a719188b9d1fed06e4ab7178e8bf48b7622d3538169a35bb818d9a304af0ce95641d390ca5e3a986fb367a996430e6b801b8bdf2bb3d738a29f2c1368cc879eb282f91199f06e9fb8ca3301a34993827414d1ba90f6df91d953296a6e54886f540252955f9704ad914413ec9a39474eaf1bdeaa5273d409ab552e973907bbe42102b506b4273415abe52ff1a5e9e9cd69a91f417797f99003489aa87757abb532eb4e4d0dacea97d6ef5b03b4568037b8642d3df31bcf749989413c9e458f0c524cf14a5970daf8b249f046fba714d13ffd762a7ea742c6387afa08716223c4259031bec745d86e4b1276533ce1ac1a74fd60da00be30f2c6ed85e5aa725e21d06af7d7aef1cfd9e3875a5123fa092f310ac6636f8ed0f729ca574e0f220977fb8da968ee242ed9789b6b3e3540745f7e6142bb8061b5c886b8f983600ab8ddd60de8fb9f3dc44c89bf3ae98fbaa793ed26083d5d423f31597d37e3e48b7ffcc933ba0b2d88cb55ca7c333b8fbe8a1bfae7e27a3289306ad9d7c4a7daab7922927bf71f648d98cbdc7e2177176603ebcc5a13e4302e21574322a3f3bb8cb3c699d834564afcd2ff4a8116eefb208bf49b55288e33ce3deeee4c53657ffa3a0970c89a1873bbafbf1e6eb4e03d70beba42261f572931fa600ca98c30317b7dc064c33424e7f550f342712c025d9dc1912e6ee45406738c1176bc183e9ce44196082abb7a70daade44e2c06c33b114f6f9fbbc83a80d27c9e8514dc5d9834ded976528a15403e8bfd7a54f66983cfc1c2de6dab540460eb4b91f6748015bae32c5e788d9dfc470104608e24a566e7ad84b043f40de7c42e0df1e37e266b542722158ebec21f4c22ad8c1094b67fe916f61fac973b74c0e4837e942f37ea8c97d05dde88acc87d11a01e31816aeae917094e1e4b22d34bb64b6af8819a43af04b66ec56bbde4aebdda117634473d4f1f37eb7b82c55d2a8ebc5273fb7543738feff6edea8815486bdf22f238fdaec738e9155f72fc9c47b55b143d05ede7f964efbd073cc37e5d5796453cab221a2b38d7798414abbcd195543bdd19a36a0943048c7cabf1f0e10b62f0c1cfdc952d1c0a0a3558ae96405f376d9f589508ca1d91bc910621ab5bdb2ee8855bd804ad160ec6ec7d08bc82f4c468646d67dba793f763001c7299dccf365e0859a171b1c55819cf428e4c3d49c7e1e673cf27c5098defb81b930fa7ae11855c4492207483583cdbe21e40f0434c67d35e93e889510283b915755f939a6d1ed9d254786edc1641a09a091e8e45985917b4e17593b6ed172719ea50a7984ffa95d21144eb32f1ec7702b90023e01757596a28c2bd3bd87b9586a05e1870592885bf7b33dd8f8ac7e9582d0155a345a6e79a139927e9db650c7ed77a250381c935b41d43fbd53139d0fb7ce1afb49ac8f92056bedde1d2bfadda6fa89fc0efd542cc14c3f5fdee69a4faefb03edfe9bf44373fc6cf369cd2a45ddc5a45ff6da6127f9615c7846fc7cbe82f6395cbd7d874c59d43727d8ad1fb11650e0d7637359476baf5ad38b256575412e625ee45f27636e685b357dd82c549c358fa1187f3f8b9bee06734a949a7f2ac657c46333661b9dcd6ff4df9aac6f1224cdcfdcda15e3ce263aa5c3f703f1d19d64aef3c538369e81f5b8b3a8ecf4e96501f82a6267dbd2bc9231877310b3501be8ea58a3378cc4d656c1d48709b39220522c16c27ec1fea01e9b34b8502d0fb61329beefd47bd9a07dbbded69408620aa2305c187285284fcb02127f9a03f422330607e7a5acff7bc58b243f6a58ed01baf79d6110d306da5ce05cd5e3273378a274c2353c0c81f8853e5f4cc442d10282c0df2ebf841e6070fb84bfc4590ea140fa103aaac00678f8aa73176f48f568cbb3c110473a6efb88c59e70ee6a6ce369351b2145f37e0b448b1c53f02495503f198df07b242cc13a1cd5212db63e003b8318f275c9dc2790df8e13a4fd99e0840ab3eb89239be89ecfe04e627cfbdb5419166320ec6188a0791cf4f8ca1a6e6a5713d44bd34db99d4b3a509d14d8ac399e7649caa4cd4e0d2a1082f5cae34b95ca02ad6780aecb1e8c44a2462b98a22586f393f868ff87362ec47049a78209f0b9fbac8cfac35f8d3e1ff8df359a4aeefcb5ee94c19c828b3ad485f039a9fe9bb806b045c6c14e2ff4a9ebb096e8ef3fbb6d12f8b26032ad1a67162e4e2d1500a8074a9034c0bed17deadde24713e75db61b4ea760bdb0de0db1d586b1d1b0f27816a496ec9546354bbd112626170f63155f50a34ca55bd9a6f0994e9564f6e07733704e0640bd6b2271b6a29f1f993d3db58234ee2199b4a3e9ff660a7ce35f315d7a196e2a389fd7dc0ad127f3d33c41873b38e2f7d30f767d00ff78cddbb3b88d70aa8c9cbb5c2b9f81693af97dcd4eb63b38b93ca9ee1b2367a4394a674e521db6d56592d4c157beab011f913a0ff8fd68c8054e1ec0fe26f112594f657101600877c68f3a2cf925c7611b45e7b7e47f34e22a7bb91841e60cedc89a9b43195f1dc9667d2eb412ade438415491e8f35b3d3d099d1810047bb39f42b73b1b567eecd3f7527ecde2d2b8433d05403fbf97dbc669d43e79b0537fe64452b517bace8ed4d0b089b3f18c4cd87ad304b7f960bb5196675ad1598b28691328d10701766f23a927013c367bd4c1810d076ba2ac707dcfffc5fbcb6f36f974a2a1591d6b7406524f91953963ad5974acbcdd706c073a20e622e213ee4b53c68fbe86fe52cf75a6dd8098aee76b6a6c5c3611ced9d2642898e046787e90a5ff8b38965b3f3260657b76c5c43c511ee33985eb6644927fb18c23b34f6a63a89bff1545c3e4868c64ededeea14d896d0d34a47f876581f5d84f2fb448ed1e927c89af3ecbb8ca0730e4190552918421c574d43aba6329c197b58a59c494a3af1b8cea5ceba0c3beecd5bca455a6c2de37e4dcc10fe97754d37e88ac92531c5fc646f6f93a6b24d689c9627c99a932b5808f40b1cca8624f70533bc387777d8581796ebcbeaaa58212e5974e7b453bbe5203688d74136e2184dbd51ca44da922ee960eaf72ed3da43d8ed043e6a8517d0c5bff58756b13d5c4032e9f470fe95f2a259f35f31402f3d0661c6ea02415726ad6f3d3e54ef51c1b01b72689473500ce633cae443e27d9a4e60303b72f212fc598c8764bde742181fe301aaec4a35c9ac698b748e15e01aaea2cfa905a3b8a9b6e3c57ccfe1c688337fd646ba14d023be8e75c0df70f0d9193ab5b54ca57598cfa57fef506f18444d9d33529b936bd6b2dc2265870388e536b76e1186f96c240569ce2595469c80c0a95bbca46b81b2e9d56de2218603de40dab82d25ab538a5adfdda796e4e4e5143e1a363a696fb501cd35a11e972c9cc9f074d716cafbeda13626218fbe7af202af59bca2fe47d758d1fbe0b61e7657402a9b7ef5c90e7272ed5cd474eb3a7787b088097668f96d0c272b926033fe4854eb61f2c93e864322fdc9895af66995b2a3876f9c98e299a3cdef44a55729f431d3eeda25d08b70ed6cedf5bb5bcf7d86ae2ce72ed2896d167f2e5e2c0e5c7701394697e5b1e170856a30824501c7ee7cccc3fe9dbae021a5af53aa99c73c24604d0ab4bd70cba5e71fab636e05b38a572da23dae46f56e4c591b23d276656ffbb9e98727ad719f6f118286bebefe91b771fc64b7b1831c2569b5fc6e0e0cdb6f9f9360854b4c64fd21dde43a40d398c13c2f370f1ed32c254ecc89343767e336a483435e7c75b6f24578dbd3aaa097e57f9cce2141bcb4ac46f4d03dbb9d484dccf4a428c0d1c62524f2ea782b5bae4fdaf3b0b0cbc562e1d2810396b243d70daf8a229ca1c102611743f618953b037c1113d96a91969dda1ec9b433a32797ef379b3bb3487e02c03c95308b977f67a1839e23a4b80f64d1c8540cc9859f986a8adc977c46b35f1d1bf6751f695a9ca9eb3db7967ba483ca88c971d2744ece5033b6d64fe4e19d80d2edb899fb88ec4fd2a59f381d7da1d9b1f3ff55eb9001fa9759252fc1335efad3bdc90b248e75430d64d5c15d772e08fa9610ac9ec99d34771af218606b3a0fead685ee3486304b45e64d75556efaf372f2bd653b29ecc386f16bdc74a792c1952e2cf84c8bb58069f71ee6ba43389314bb0fdf6c9fe75f538123c78d75b22e6a7c9a16ca4c6df19979a91faa83cbab831724608c09ac88f808296c04461042bf8a17f88ba7580527e5c48bfc56c2df96b8528d35220503f0e83a94667f47d3f0404962be952a4738e43e2a0b2fc6e4bc1d4b4ef1fecf924d0283ecb33a72523eacd8f803fd2758f294530075a3bf8638ae66b90db1bf880bedf6f61cced771940214783c09f161d793436f227e955b7027830fc3efbab02ebccb7fc38e6b1eb7b7af4b156916a0278e7807b92e59ce1931e9d7579b8fbe99a54a87a2ce0c98497cdb12647d466a0875a8bd089200e96395704d2a58f68d55fa93be30fb561a9ed650b328c5810a75b49fa2d1e2f3ebdcb900935dac776f69e12ecc6859b25a25ab69bece0e47595bb838e54aa99b2be466da9813a5abfd84fa0ee45c1f80fd796751653414dae8a83f07383f206b6f1f48ce5f606ede0c986b343101b3491848629c0d3ddd0774a0bf098c511b2b8ed8d07e04fff6e2f73bed0d0f0bd144fbe7969576aa903e9a860db34fb2261c54d332338b3beb0ad6e32520f4c17814c6ca3ec6fbe4113dc0abe558889cba98f63b4845c79fc3e928fd13569bed354ec1e0a0b31a8f3b913e5e4251837f28503372c47134eabdc3a18cbf0abebb183b65b48e415321f4357aec413bb63c36988551bb5f4f5122cd7a10eeb59d9e9622e3c71c2f6bd606a8c922e532b13be2c5180e8e2c3c432ac018639ae450e620ddc7a9a5b42521d2ff84c44fb27c338662ace0364808886b42ce745dd0a94084b975f26a451f2e53f0e1e3d27f54535702f3e026cc8c9f20e851da141b8befc1f1f09d3c410adb15ff3803b751fe843a566dd34841f89d253c5af5c48696f20339960b62e748415de87c70d4fcb782d77cd8031c07218047293692af69c795c268cbdefb3abf2283f032bca7a12d5b8457ab8f2ccc0c1de9152ea8d689cf07d48e993684baf46cca0b121d3b3", 0x1000) r2 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x80000000, @loopback}, 0x1c) listen(r3, 0x4) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r4, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) fcntl$setlease(r0, 0x400, 0x2) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYBLOB="478b5fea962494658dc2633cef9ec2390c5ed00a2ca8d4e35bd61960f0a7c6b9bc3f507b64990a2b8fa1b33391e733eaa1f165ae2e5cc0000000000000f945833daeaf70993c4d6644cf4eb64957c50fb3b65dee0593a90be1aa56f8ba924bf408eec6d4714481a9d847"], 0x6a) r5 = accept4(r3, 0x0, &(0x7f0000000040), 0x0) ioctl$TIOCOUTQ(r2, 0x5411, &(0x7f0000000240)) r6 = dup3(r0, r5, 0x80000) r7 = syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000014c0)={{{@in6=@mcast1, @in6=@loopback}}, {{@in6=@dev}, 0x0, @in6=@dev}}, &(0x7f0000000200)=0xe8) getsockopt$inet6_mreq(r3, 0x29, 0x1c, &(0x7f0000000280)={@mcast1, 0x0}, &(0x7f00000002c0)=0x14) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f00000003c0)={@multicast2}, &(0x7f0000000480)=0xc) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f00000015c0)={'vcan0\x00', 0x0}) accept4$packet(r2, &(0x7f0000002f00)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000002f40)=0x14, 0x800) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000003000)={{{@in6=@ipv4={[], [], @loopback}, @in=@dev}}, {{@in6=@local}, 0x0, @in=@dev}}, &(0x7f0000003100)=0xe8) getpeername$packet(r6, &(0x7f0000003140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000003180)=0x14) getsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f0000003300)={{{@in6, @in=@multicast1}}, {{@in=@multicast2}, 0x0, @in=@dev}}, &(0x7f0000003400)=0xe8) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000035c0)={{{@in6=@dev, @in6=@loopback}}, {{}, 0x0, @in6}}, &(0x7f00000036c0)=0xe8) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000003700)={'vcan0\x00'}) getsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f0000001600)={{{@in=@rand_addr, @in6=@loopback}}, {{}, 0x0, @in=@rand_addr}}, &(0x7f0000000000)=0xffffffffffffffb6) sendmsg$TEAM_CMD_PORT_LIST_GET(r1, &(0x7f0000004180)={&(0x7f00000000c0), 0xc, &(0x7f0000004140)={&(0x7f0000003a00)={0x280, r7, 0x702, 0x70bd28, 0x25dfdbfb, {}, [{{0x8, 0x1, r8}, {0x12c, 0x2, [{0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r9}}}, {0x3c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0xc, 0x4, 'hash\x00'}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8}, {0x8}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8}, {0x8}}, {0x8, 0x6, r10}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0x6}}}]}}, {{0x8}, {0x130, 0x2, [{0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8}, {0x8, 0x4, 0x4}}}, {0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x8}}}]}}]}, 0x280}, 0x1, 0x0, 0x0, 0x4040800}, 0x4) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000400), &(0x7f0000000440)=0x14) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000140), 0x7}, 0xffffffffffffff95) socket$kcm(0xa, 0x122000000003, 0x11) 02:11:31 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) setsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f0000000480)="04c94e5ea6a2fd92d7e9a6277ea4684ef279eb6ed3055b3b5821df16dc691b10c320d4e4944a1a4f7e1f6d5e25becd669599186fb96e9ea2acba8e7d022dc84fba4eb2a789bb966b75b1c7f1e48476f606ed6af551c7a5eaf1ea7cf79c559567ee5c513bcdf31ab758d859a7a9eb0744e8f420cfb64cbafdb1184ec79319b92b5349c00d5bb8aa48e068a9e78bb5b5a2712acb4e96ca9021307791f0918c528ca9442a7a3fb1da48dcb17b18d2e97fab5c45ce31ee0e295e8ba0117adb46f512e98a7fb4316620e5914b59318788eaac4c67c32f20832457d3f6343369", 0xdd) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() ioctl$sock_inet_SIOCSIFNETMASK(r1, 0x891c, &(0x7f00000002c0)={'bcsf0\x00', {0x2, 0x4e20}}) setsockopt$l2tp_PPPOL2TP_SO_SENDSEQ(r1, 0x111, 0x3, 0x1, 0x4) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) setsockopt$l2tp_PPPOL2TP_SO_SENDSEQ(r1, 0x111, 0x3, 0x1, 0x4) 02:11:31 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0xeffd}}, 0x20) [ 858.443907] FAT-fs (loop4): Unrecognized mount option "smackfsfloor=" or missing value 02:11:31 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x2f, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:31 executing program 4: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000180), 0x315) getsockopt$IP6T_SO_GET_ENTRIES(0xffffffffffffffff, 0x29, 0x41, &(0x7f0000000200)=ANY=[], &(0x7f00000002c0)) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000080)='lp\x00', 0x3) r2 = socket$inet6(0xa, 0x1, 0x8010000000000084) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x14) lstat(&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) fsetxattr$security_ima(r0, &(0x7f0000000600)='security.ima\x00', &(0x7f0000000640)=@v1={0x2, "96c609d0c0f5"}, 0x7, 0x2) getresgid(&(0x7f0000000240)=0x0, &(0x7f0000000280), &(0x7f0000000340)) fchown(r2, r3, r4) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e23}, 0x1c) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000003c0)='./file0\x00', 0x9, 0x2, &(0x7f0000000580)=[{&(0x7f0000000400)="53c2600d347fa30de052d1110b383fb58337ce11e947eb0f246646553330dfbb379bbbaf65a7b2b1c44ffcd2753267baf4b16440517a6ad99e29710a7e6150ac80cee8ce6bc4", 0x46, 0x7}, {&(0x7f0000000480)="c78527f8bb01cbccf099771c1c1b6005c12a18b0e05f79e566a24e94aa7ead063bba1f9dcdd66a672389b93e5865f1e9d7a31176b31cb0866be3476389ada6565550ad908e3fda2737f002e7386a0fdb83e34394cfda9bd94ecd3426f0732bfc5087ca984fd87af14673fc5c125d0a41ac646551d8f6aa42c8c56661c33110a123fb63a2bbee52759ffaabe4ef2e281dfb3a8c1663193ace33e5df09eefc5652226b82830c7fdaad13c08ad9105dafec645c93475cf4368434c30372b1b9a232b91c248af2ba6daa480ba70cb862d5f5947419510f85dd737fdde777f77dd82550657e4bd2166a2732d202946b96941deaf60a2653", 0xf5, 0x4}], 0x10, &(0x7f00000005c0)={[{@rodir='rodir'}, {@utf8no='utf8=0'}, {@uni_xlateno='uni_xlate=0'}], [{@smackfsfloor={'smackfsfloor'}}]}) ioctl$FICLONERANGE(r2, 0x4020940d, &(0x7f0000000100)={r2}) listen(r2, 0x18) r5 = open(&(0x7f0000000680)='./file0\x00', 0x40, 0x8) r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000700)='IPVS\x00') sendmsg$IPVS_CMD_GET_DAEMON(r5, &(0x7f0000000800)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x10000080}, 0xc, &(0x7f00000007c0)={&(0x7f0000000740)={0x4c, r6, 0x300, 0x70bd25, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0x38, 0x2, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x200}, @IPVS_DEST_ATTR_ADDR={0x14}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0xb7a}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x9}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4008050}, 0x8000) r7 = socket$inet6(0xa, 0x5, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ppp\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r7, 0x84, 0x6b, &(0x7f0000000000)=[@in={0x2, 0x4e23, @local, [0x3f9, 0x10000000000000]}], 0x10) 02:11:31 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x245, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:31 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0xeffdffffffffffff}}, 0x20) 02:11:31 executing program 0: r0 = syz_open_dev$sndpcmp(&(0x7f0000000480)='/dev/snd/pcmC#D#p\x00', 0xdd13, 0x0) stat(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000580)='./file0\x00', &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f00000002c0)) openat$vnet(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vhost-net\x00', 0x2, 0x0) mount$fuseblk(&(0x7f0000000740)='/dev/loop0\x00', &(0x7f0000000300)='./file0\x00', &(0x7f0000000780)='fuseblk\x00', 0x820, &(0x7f00000007c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@default_permissions='default_permissions'}], [{@obj_type={'obj_type', 0x3d, 'vmnet0'}}, {@context={'context', 0x3d, 'root'}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'em0'}}, {@fscontext={'fscontext', 0x3d, 'staff_u'}}]}}) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x4) r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r4, 0x641f) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r4, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r5, 0x800448d2, &(0x7f0000000140)) 02:11:31 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x17, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) [ 858.739695] FAT-fs (loop4): Unrecognized mount option "smackfsfloor=" or missing value 02:11:31 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000140)) sched_setattr(0x0, &(0x7f0000000000)={0x0, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, &(0x7f0000000280)) r0 = creat(&(0x7f0000000340)='./bus\x00', 0x0) write$FUSE_IOCTL(r0, &(0x7f0000000000)={0x20}, 0x20) fcntl$setstatus(r0, 0x4, 0x44000) io_setup(0x40000100000003, &(0x7f0000000200)=0x0) io_submit(r1, 0xff, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, r0, &(0x7f0000000040)="00020000"}]) unshare(0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x0, 0x0) getegid() 02:11:31 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x29, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:31 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x100000000000000}}, 0x20) 02:11:31 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0xc4, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:31 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x9) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000300)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() ioctl$KDSETLED(r1, 0x4b32, 0x68) ioctl$ASHMEM_GET_PROT_MASK(r1, 0x7706, &(0x7f0000000280)) fgetxattr(r3, &(0x7f00000002c0)=@random={'system.', '/dev/dsp\x00'}, &(0x7f0000000480)=""/251, 0xfb) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:31 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x200000000000000}}, 0x20) 02:11:32 executing program 1: r0 = creat(&(0x7f0000000700)='./bus\x00', 0x0) mmap(&(0x7f000030b000/0x1000)=nil, 0x1000, 0x4, 0x10, r0, 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r1, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x10000000013, &(0x7f0000000000)=0x1, 0x4) connect$inet(r4, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xd}}, 0x10) r5 = socket$inet6(0xa, 0x1000000000002, 0x0) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r4, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0x0, 0xfffffffffffffffe}, 0x14) dup2(r5, r3) r6 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, r6, 0x0, 0x12, &(0x7f0000000040)="232629862d656d30275ca26367726f757000", 0xffffffffffffffff}, 0x30) ptrace$pokeuser(0x6, r7, 0x3, 0x8000) r8 = creat(&(0x7f0000000240)='./bus\x00', 0x40) ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000000000)=0x0) r10 = getpid() kcmp(r9, r10, 0x7, r6, r8) 02:11:32 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x20000, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xa, 0x5, 0xfff, 0x3, '\x00', 0x10001}) 02:11:32 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x23, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:32 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x16, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:32 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0xeffdffff00000000}}, 0x20) 02:11:32 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:32 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x4a, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:32 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x21, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:32 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0xfdef}}, 0x20) 02:11:32 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x20000, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xa, 0x5, 0xfff, 0x3, '\x00', 0x10001}) 02:11:32 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r1, 0x84, 0x1b, &(0x7f00000002c0)={0x0, 0x3a, "71d36ed5ed2b1a7139e44ef2dd93544805e959fb4b0e496e142355da675e8f0ea71815611454b5f0c65fd4f68cf1b0a945ff5fa802928a5bac57"}, &(0x7f0000000340)=0x42) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000480)={r2, @in={{0x2, 0x4e24, @multicast1}}}, &(0x7f0000000540)=0x84) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) openat$cgroup_procs(r1, &(0x7f0000000580)='cgroup.procs\x00', 0x2, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r3, 0x800448d2, &(0x7f0000000140)) 02:11:32 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x4, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:32 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x2]}}, 0x20) 02:11:32 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x20000, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xa, 0x5, 0xfff, 0x3, '\x00', 0x10001}) 02:11:32 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f00000003c0), 0xffffffffffffffff) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x2000, 0x102) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f0000000240)={0x7f, 0x3, {0x3, 0x2, 0x3, 0x3, 0x7}}) execveat(r1, &(0x7f0000000140)='.\x00', &(0x7f0000000300)=[&(0x7f0000000180)='-\x00', &(0x7f00000002c0)='\x00'], &(0x7f00000004c0)=[&(0x7f0000000340)='\x00', &(0x7f0000000380)='trustedppp1eth0\x00', &(0x7f0000000400)='\x00', &(0x7f0000000440)="657468306d643573756d70726f631f73797374656d5e2d6b657972696e6700", &(0x7f0000000480)='\x00'], 0x400) mknod(&(0x7f0000000040)='./file0\x00', 0x60, 0x0) capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x2}) execve(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080), &(0x7f0000000240)) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000200)=0x1, 0x4) r2 = semget$private(0x0, 0x3, 0x0) semctl$IPC_INFO(r2, 0x7, 0x3, &(0x7f0000000500)=""/177) 02:11:32 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f00000002c0)) 02:11:32 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x50, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:32 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x40030000000000]}}, 0x20) 02:11:32 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x7, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:32 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) ioctl$RTC_ALM_READ(r1, 0x80247008, &(0x7f0000000480)) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) setxattr$trusted_overlay_redirect(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='trusted.overlay.redirect\x00', &(0x7f0000000340)='./file0\x00', 0x8, 0x0) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:32 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x20000, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xa, 0x5, 0xfff, 0x3, '\x00', 0x10001}) 02:11:32 executing program 1: setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, &(0x7f0000000440), 0x4) r0 = creat(&(0x7f0000000700)='./bus\x00', 0x0) socketpair$inet_sctp(0x2, 0x1, 0x84, &(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setstatus(r0, 0x4, 0x6100) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000880)={'dummy0\x00', {0x2, 0x40}}) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fallocate(r3, 0x0, 0x0, 0x1000f4) stat(&(0x7f0000000640)='./bus\x00', &(0x7f0000000680)) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000140)='overlay\x00', 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='workdir=./buS,nfs_export=off,smackfstransmute=bcsf0\x00,\x00']) r4 = open(&(0x7f0000000180)='./bus\x00', 0x0, 0x0) sendfile(r3, r4, &(0x7f0000d83ff8), 0x0) r5 = open(&(0x7f0000000180)='./bus\x00', 0x2, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000480)={0x0, 0x77, "74308c59f70a808ff0eceb336b44055a62de6b2f03c43b75ce46416e3c5f36046aa37a76be7a662e14f3a838afe846dee8493980efbee8188035908cc96de6cd9b834437891788a8b6620d1df34f5cd36e30dd3dfb182998c861c1a9eff5611059a6f18347a4a930bb8adb8b806d4e5eda4baf1ee0207a"}, &(0x7f0000000240)=0x7f) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f0000000900)={r6, 0xfffffffffffffffb}, 0x6b6) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000540), &(0x7f0000000500)=0xffffffffffffffd4) write$P9_RWSTAT(r3, &(0x7f0000000280)={0x7, 0x7f, 0x2}, 0x139) ioctl$DRM_IOCTL_DROP_MASTER(r4, 0x641f) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r5, &(0x7f00000002c0)={r4, r5}) setsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000740)={{{@in6=@ipv4={[], [], @loopback}, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0xbe}, {0x3, 0x0, 0x1, 0x0, 0x0, 0x80, 0x2}, {0x401}, 0x0, 0x6e6bba}, {{@in6=@mcast1}, 0x2, @in=@multicast2, 0x3503, 0x0, 0x0, 0x0, 0xae58, 0x6}}, 0xe8) io_submit(0x0, 0x1, &(0x7f0000001840)=[&(0x7f0000001800)={0x0, 0x0, 0x0, 0x7, 0x0, r5, &(0x7f0000001740)="f31743609bfd6b45a9e325f264b14b6cbb79b900c13243db73170ddf99f87944e4014b19487ffbb684117e067a7666b855cce6e7642e6b18298077f4410724dd46cca8872580dfd2de449f39d610ec63e3cdc29b70ce", 0x56, 0x3}]) getsockopt$inet6_mreq(r4, 0x29, 0x15, &(0x7f00000001c0)={@loopback}, &(0x7f0000000200)=0x14) getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r5, 0x84, 0x21, &(0x7f00000005c0), &(0x7f0000000840)=0x4) listxattr(&(0x7f0000000300)='./bus/file0\x00', &(0x7f0000000340)=""/135, 0x87) sendfile(r0, r5, &(0x7f0000d83ff8), 0x8000fffffffe) ioctl$sock_SIOCADDDLCI(0xffffffffffffffff, 0x8980, &(0x7f0000000100)={'bcsf0\x00', 0x3ff}) 02:11:32 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0xb, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:32 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0xeffd]}}, 0x20) 02:11:32 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f00000002c0)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) setsockopt$inet6_group_source_req(r1, 0x29, 0x2b, &(0x7f0000000480)={0x800, {{0xa, 0x4e24, 0x95, @mcast2, 0x3}}, {{0xa, 0x4e24, 0xfffffffffffffffa, @loopback, 0xffff}}}, 0x108) 02:11:32 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)) openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x20000, 0x0) [ 859.616532] overlayfs: unrecognized mount option "smackfstransmute=bcsf0" or missing value 02:11:32 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x2000000]}}, 0x20) 02:11:32 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x30d, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) [ 859.681648] audit: type=1804 audit(1539310292.696:491): pid=31062 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor1" name="/root/syzkaller-testdir064090159/syzkaller.6xB25n/991/bus" dev="sda1" ino=16573 res=1 02:11:32 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x15, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:32 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0xfdef]}}, 0x20) 02:11:32 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f00000002c0)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() pread64(r0, &(0x7f0000000580)=""/185, 0xb9, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$GIO_FONT(r1, 0x4b60, &(0x7f0000000480)=""/251) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) [ 859.761680] audit: type=1804 audit(1539310292.746:492): pid=31051 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor1" name="/root/syzkaller-testdir064090159/syzkaller.6xB25n/991/bus" dev="sda1" ino=16573 res=1 02:11:32 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)) openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x20000, 0x0) 02:11:32 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x30, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) [ 860.057913] audit: type=1804 audit(1539310293.076:493): pid=31062 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor1" name="/root/syzkaller-testdir064090159/syzkaller.6xB25n/991/bus" dev="sda1" ino=16573 res=1 [ 860.065315] overlayfs: unrecognized mount option "smackfstransmute=bcsf0" or missing value [ 860.084768] audit: type=1804 audit(1539310293.076:494): pid=31051 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor1" name="/root/syzkaller-testdir064090159/syzkaller.6xB25n/991/bus" dev="sda1" ino=16573 res=1 [ 860.121824] audit: type=1804 audit(1539310293.116:495): pid=31106 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor1" name="/root/syzkaller-testdir064090159/syzkaller.6xB25n/991/bus" dev="sda1" ino=16573 res=1 02:11:33 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [0x140, 0x1, 0xc0010004]}) 02:11:33 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0xfffffdef]}}, 0x20) 02:11:33 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x25, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:33 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x169, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:33 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x80, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) syz_mount_image$ceph(&(0x7f0000000340)='ceph\x00', &(0x7f0000000480)='./file0\x00', 0x400, 0x1, &(0x7f0000000500)=[{&(0x7f00000004c0)="d2155e2b7ec6b0f2c957ceb7b10b4c87964567a413a8e0c4c3d231557a412bf99bc86fcc7d49c6", 0x27, 0x1}], 0x4, &(0x7f0000000540)='/dev/dsp\x00') r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$EVIOCGEFFECTS(r2, 0x80044584, &(0x7f00000002c0)=""/51) r3 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) ioctl$BLKPBSZGET(r1, 0x127b, &(0x7f0000000300)) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) syz_mount_image$gfs2(&(0x7f0000000580)='gfs2\x00', &(0x7f00000005c0)='./file0\x00', 0x1, 0x3, &(0x7f0000000740)=[{&(0x7f0000000600)="6246d12814c06263896304da7b24db5109bcf1cda82db3dbd27c5bd4b888b34bd7783755a72bb1e10b87127ff10b6a677078bf7a222a796337f73ed3624182f98a74928541e3082b85f8fc4da5a0e2ed", 0x50, 0x7}, {&(0x7f0000000680)="f9077fdafef6bebc1663a61fea1f342753d56d244a928486c7ecc3038eab6e392c2daceeffcce8fb73e0ca9124f984eb8e6a59aa90b62046ece0e9df721e6c03cd4ec9ce9291685d6872cb3c40e68d3d7cfcf232aed06132a4a688edb013391677fcd33580cd606c75eddad347a4bf2d47c0b3659cf859bb5a046f3f99", 0x7d, 0x7}, {&(0x7f0000000700)="5944ca0257d8f51e3e0f688ca9afbfb2ddb8d330c66f3f033a6411c2bae5dfc701f5a2833a05f3753daab1", 0x2b, 0x9}], 0x4, &(0x7f00000007c0)={[{@nobarrier='nobarrier'}], [{@euid_eq={'euid', 0x3d, r4}}, {@euid_gt={'euid>', r4}}, {@obj_type={'obj_type', 0x3d, 'ceph\x00'}}, {@dont_appraise='dont_appraise'}]}) ioctl$sock_SIOCINQ(r3, 0x800448d2, &(0x7f0000000140)) 02:11:33 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)) [ 860.150221] audit: type=1804 audit(1539310293.116:496): pid=31106 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor1" name="/root/syzkaller-testdir064090159/syzkaller.6xB25n/991/bus" dev="sda1" ino=16573 res=1 02:11:33 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x11, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:33 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0xfffffffffffffdef]}}, 0x20) 02:11:33 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)) 02:11:33 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = syz_open_dev$amidi(&(0x7f00000002c0)='/dev/amidi#\x00', 0x9cf5, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000480)={{{@in=@dev, @in=@broadcast}}, {{@in6=@mcast2}, 0x0, @in=@broadcast}}, &(0x7f0000000300)=0xe8) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r2, 0x641f) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r2, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r3, 0x800448d2, &(0x7f0000000140)) [ 860.268969] kvm [31130]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc0010004 data 0x0 02:11:33 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x2e, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:33 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x95, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:33 executing program 1: r0 = userfaultfd(0x0) mlock(&(0x7f000090c000/0x1000)=nil, 0x1000) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x26}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000909000/0x4000)=nil, 0x4000}, 0x1}) madvise(&(0x7f000090b000/0x3000)=nil, 0x3000, 0x4) 02:11:33 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0xf, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:33 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0xeffdffffffffffff]}}, 0x20) 02:11:33 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)) 02:11:33 executing program 0: r0 = syz_open_dev$dspn(&(0x7f0000000580)='/dev/dsp#\x00', 0x0, 0x20001) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000005c0)={{{@in6=@ipv4={[], [], @rand_addr}, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in6=@local}}, &(0x7f00000006c0)=0xe8) sendmsg$xdp(r0, &(0x7f0000000c00)={&(0x7f0000000700)={0x2c, 0x0, r1, 0x3d}, 0x10, &(0x7f0000000b80)=[{&(0x7f0000000740)="d68c3a95e2b6f0de372bcfc0b99b3d134d34d2086562c1cc32c5ab9f4cd72ebb29404e8dd3b17aa805c3b789ac2201a1e6e93b6c0fd0cfccccd943be310139b7f060bb4077b7a1cd0cd466c36d094abfea5f0a7e19738babde68b26e47af9c2eb3859c6c2318afc22b8a6f27ff3a9e8c8816e6af08bd82", 0x77}, {&(0x7f00000007c0)="fec3643b8d803ecd970e25bd3e608b39a923a89e1f6e585919401ebcf5fc4f8d970119ed8848b9660d2104b93e7cd63d828a0e2f18947992f0050ae6e4ce2e1637525f2ef31595425646db0267dfe50476dbdeca7bd2ab2cc8f565e945ec5afa2a11e9802b8e57d7b39d17531a689882ac491104cfa47d59ac2460733a840a01248425241feb5bb441367390b216b8fffe05de70a2f6855b10741dc5a022562f22018bc98940b38088465f6c8bea4e4c866018eb4ba6fe4494c9ab091e0b848061ce14cad1d0c990f772e17a6069da01f0b1", 0xd2}, {&(0x7f00000008c0)="42f8fbcedfab130bc371489505b3dbb79ca41406888a992ad35d7635b09e0c1a2066ddb12efbace94a25e0c96ede0e9c01000862b2f0291b218b2a5811fd5044f2c89e7abd8af9462738e44d09ddb068388cf68aad59ab2e59e16e0a780bb638af7cb3bee990e0588c6f014b8b79ca55fcd68212bfd66b46a155f4a73d5f110b5436b68c413e98cf734148f9ae5e54c81991e7dc45", 0x95}, {&(0x7f0000000980)="b07e388cec40ed6f8f44a0e64e9d84c0cc4173d12884ecaa31ce13248fcec9908f0176818b764417de079c9dcf60a8c5cea197fe0e4996f2c721e342db7fcdbc4ab733b07c3730559b1fa3bc98ac841ce2c7ac39c470664147d08d37617b1ee6b74d410787f71dda8b0a59aa7d69d1061a7d4c6eff5e0abd6bcf3291b1969bf242ef40084fa1f1ef04d0761c6bea4b665c9908158187ccc84360b46b85df7554ef0edc697691e0af82ea3b747283bff5e8fbcee989123707355284dff1742cc753fb9fa7ba13276f53989775a421e4560cc294dc5227a7e5eb", 0xd9}, {&(0x7f0000000a80)="e20140a28316df294ac61756de12bc311a7d59dfdf7453b70b79ed914922cec5", 0x20}, {&(0x7f0000000ac0)="f95badea6ca14c7ec32173ab27fa0246a5283d1639a6d9c93529f651c1ea08dc00970ac4fde0579d8124c3be182e76b398bea539c8e0ba6a59ad205ee379d2c887abd31772dcd8c5699df3ead9a7c4c4ba1644e24499fd62bfad72d241d4ebc7edb56473f64ac9400bbea17db197d5b5a2f0b872c52cac170936404c90", 0x7d}, {&(0x7f0000000b40)="e8be1a7b514d70000043c7dfa6ae7636be4971114194192a31a28558", 0x1c}], 0x7, 0x0, 0x0, 0x4000}, 0x10) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000080)=0x4) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r3, 0x641f) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r3, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) r5 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x1}, &(0x7f0000000480)="7b9e168a1eaecf28a90e37756a909a0e34176ebc159409400a6e246a9c5322a33bc19ff06ead52e52aa67d0b7fb648b197ccfd30c56b83372a2c928f88d19b63b43efeb60e6163747f4ccc40205d9f169185123aeb08644860ac257cd488e8d758135fb908ca191e9e3094188c7164e41f7de0099d4b2733fa58db6fdb9e4df32a0d08efbb26e4420880cfd1605fbc87c690060db2dd6021204aeaf7bccc0c6262f4388376fe9ebf3caf7d5b42f06a92dd92c12f03ee64b5480e9bff6c6db1d9da4e7c3adba6612996cae3aa691c547d6c7f67f11ff3be1c41e88d", 0xdb, 0xfffffffffffffff9) keyctl$describe(0x6, r5, &(0x7f0000000340)=""/43, 0x2b) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r4, 0x800448d2, &(0x7f0000000140)) ioctl$IOC_PR_CLEAR(r0, 0x401070cd, &(0x7f0000000c80)={0x3}) 02:11:33 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x2) r1 = socket(0x1, 0x5, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0, 0x0}, &(0x7f0000000200)=0x5) setregid(0x0, r3) setreuid(0x0, r2) capset(&(0x7f0000000280)={0x19980330}, &(0x7f0000001fe8)={0x20000fffffffc, 0xffffffffffffffff}) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/conn_reuse_mode\x00', 0x2, 0x0) 02:11:33 executing program 4: syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)) 02:11:33 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x100000000000000]}}, 0x20) 02:11:33 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}, 0x13f, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_DESTROY_ID(r1, &(0x7f0000000480)={0x1, 0x10, 0xfa00, {&(0x7f00000002c0), r3}}, 0x18) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:33 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x2b, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:33 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000140)=0xce1, 0x4) ioctl$FICLONERANGE(0xffffffffffffffff, 0x4020940d, &(0x7f00000002c0)={r0}) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fallocate(r0, 0x10, 0x0, 0x1000f2) fsetxattr$trusted_overlay_upper(r0, &(0x7f00000000c0)='trusted.overlay.upper\x00', &(0x7f00000001c0)={0x0, 0xfb, 0xb3, 0x1, 0x2, "998c94edb0930f07bf164ea8538798e3", "1f1ae7af872bfb54cf61ba41be4d01cc7b88c9a36799ea4ab88619719363fc69e40a54cd5600f31e7a42992a803150dc08bc4c8491b1684147a36c7b2bdd785e61eb8f01fcca30a1b5bed53c673f5f4820bf2bde1fe242b6121d9538d6c7431f575dd4c3ba47fdfe756ee660feb5c913217b5e98d13d9314168ff27138d2ebff88e1c1b1094c2c2f18f50388332f02649f9beb94e8c037864f2897351be2"}, 0xb3, 0x1) r2 = open(&(0x7f0000000180)='./bus\x00', 0x4002, 0x0) ioctl$VT_ACTIVATE(r1, 0x5606, 0x0) sendfile(r2, r2, &(0x7f0000d83ff8)=0x2a00, 0x8000fffffffe) 02:11:33 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x3b1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:33 executing program 4: syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)) 02:11:33 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x1000000]}}, 0x20) 02:11:33 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x6, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:33 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(r1, 0x8934, &(0x7f0000000340)={'\x00', 0x1}) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000300)={0x0, 0x18, 0xfa00, {0x1, &(0x7f00000002c0)={0xffffffffffffffff}, 0x13f, 0x1}}, 0x20) write$RDMA_USER_CM_CMD_REJECT(r1, &(0x7f0000000480)={0x9, 0x108, 0xfa00, {r3, 0x82, 't9N', "866cf2034d5820de58ac932e29369c7b377371d9d2c50c80616545a4673afe3c71c3f511d3dd1bf0c6d4eb8956188a9be463c8222609bb267c3281767c228e79c56fc5514541f16a00f558fd61e3e4d895ae1a4354bf56f83475b6ce1a77f7a29b1cedbbd2bd5f1728f3fea61c58ebde6f8d144932c2d1f927f7c2df79a4e1464c84cf948a850a094aa3a851bb9878cc4726852700346c2691e3da99a5cd56dfe707e503925be8f2e139817539f35577ec63f232dec88d007b73999fd1e7b40771c1084fe88da17a65fc3c621a729ab7ec42fdaec9fd973c936de47e4fc19f178f008bad13d8f0fc497a9cc9426a58f0168310e05e295f9f9f0bfce9b3606d13"}}, 0x110) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:33 executing program 4: syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)) [ 860.722599] audit: type=1800 audit(1539310293.736:497): pid=31202 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor1" name="bus" dev="sda1" ino=16565 res=0 02:11:33 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0xf2, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:33 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x400300]}}, 0x20) 02:11:33 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x19, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:33 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000002c0)=[{0x4}, {0x0, 0x3}, {0x6, 0x2}, {0x0, 0xffffffff}, {0xf, 0x4}], 0x5) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:33 executing program 4: perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)) [ 861.185937] audit: type=1800 audit(1539310294.206:498): pid=31261 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor1" name="bus" dev="sda1" ino=16565 res=0 02:11:34 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x3f6, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:34 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x34000]}}, 0x20) 02:11:34 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x2a, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:34 executing program 4: perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)) 02:11:34 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) r1 = syz_open_dev$sndpcmp(&(0x7f00000002c0)='/dev/snd/pcmC#D#p\x00', 0x8000, 0x20000) ioctl$SIOCGIFHWADDR(r1, 0x8927, &(0x7f0000000340)) write$FUSE_LSEEK(r1, &(0x7f0000000300)={0x18, 0xfffffffffffffff5, 0x6, {0x8}}, 0x18) ioctl$KVM_GET_DEVICE_ATTR(r1, 0x4018aee2, &(0x7f00000004c0)={0x0, 0xfffffffffffffffd, 0x3, &(0x7f0000000480)=0x9}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r2, 0x641f) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r2, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r3, 0x800448d2, &(0x7f0000000140)) 02:11:34 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000140)=0xce1, 0x4) ioctl$FICLONERANGE(0xffffffffffffffff, 0x4020940d, &(0x7f00000002c0)={r0}) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fallocate(r0, 0x10, 0x0, 0x1000f2) fsetxattr$trusted_overlay_upper(r0, &(0x7f00000000c0)='trusted.overlay.upper\x00', &(0x7f00000001c0)={0x0, 0xfb, 0xb3, 0x1, 0x2, "998c94edb0930f07bf164ea8538798e3", "1f1ae7af872bfb54cf61ba41be4d01cc7b88c9a36799ea4ab88619719363fc69e40a54cd5600f31e7a42992a803150dc08bc4c8491b1684147a36c7b2bdd785e61eb8f01fcca30a1b5bed53c673f5f4820bf2bde1fe242b6121d9538d6c7431f575dd4c3ba47fdfe756ee660feb5c913217b5e98d13d9314168ff27138d2ebff88e1c1b1094c2c2f18f50388332f02649f9beb94e8c037864f2897351be2"}, 0xb3, 0x1) r2 = open(&(0x7f0000000180)='./bus\x00', 0x4002, 0x0) ioctl$VT_ACTIVATE(r1, 0x5606, 0x0) sendfile(r2, r2, &(0x7f0000d83ff8)=0x2a00, 0x8000fffffffe) 02:11:34 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0xffffffff00000000]}}, 0x20) 02:11:34 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x3, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:34 executing program 4: perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)) 02:11:34 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x39b, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:34 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) lstat(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) stat(&(0x7f0000000540)='./file0\x00', &(0x7f0000000580)) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x800448d2, &(0x7f0000000140)) io_setup(0x6, &(0x7f0000000640)=0x0) io_pgetevents(r2, 0x66, 0x2, &(0x7f0000000680)=[{}, {}], 0x0, 0x0) lsetxattr$security_selinux(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='security.selinux\x00', &(0x7f0000000340)='system_u:object_r:devicekit_disk_exec_t:s0\x00', 0x2b, 0x3) openat$rtc(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/rtc0\x00', 0x200000, 0x0) [ 861.347953] audit: type=1800 audit(1539310294.336:499): pid=31283 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor1" name="bus" dev="sda1" ino=16572 res=0 02:11:34 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)) 02:11:34 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x12, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:34 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000140)=0xce1, 0x4) ioctl$FICLONERANGE(0xffffffffffffffff, 0x4020940d, &(0x7f00000002c0)={r0}) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fallocate(r0, 0x10, 0x0, 0x1000f2) fsetxattr$trusted_overlay_upper(r0, &(0x7f00000000c0)='trusted.overlay.upper\x00', &(0x7f00000001c0)={0x0, 0xfb, 0xb3, 0x1, 0x2, "998c94edb0930f07bf164ea8538798e3", "1f1ae7af872bfb54cf61ba41be4d01cc7b88c9a36799ea4ab88619719363fc69e40a54cd5600f31e7a42992a803150dc08bc4c8491b1684147a36c7b2bdd785e61eb8f01fcca30a1b5bed53c673f5f4820bf2bde1fe242b6121d9538d6c7431f575dd4c3ba47fdfe756ee660feb5c913217b5e98d13d9314168ff27138d2ebff88e1c1b1094c2c2f18f50388332f02649f9beb94e8c037864f2897351be2"}, 0xb3, 0x1) r2 = open(&(0x7f0000000180)='./bus\x00', 0x4002, 0x0) ioctl$VT_ACTIVATE(r1, 0x5606, 0x0) sendfile(r2, r2, &(0x7f0000d83ff8)=0x2a00, 0x8000fffffffe) 02:11:34 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x200000000000000]}}, 0x20) 02:11:34 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x33e, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:34 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)) 02:11:34 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x83, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:34 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() getsockname(r2, &(0x7f00000002c0)=@ax25, &(0x7f0000000340)=0x80) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:34 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0xeffdffff00000000]}}, 0x20) 02:11:34 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x10a, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) [ 861.609874] audit: type=1800 audit(1539310294.606:500): pid=31314 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor1" name="bus" dev="sda1" ino=16569 res=0 02:11:34 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0xeffdffff]}}, 0x20) 02:11:34 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)) 02:11:34 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, &(0x7f00000002c0)={&(0x7f0000003000/0x4000)=nil, 0x4000}, &(0x7f0000000300)=0x10) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:34 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x2, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:35 executing program 1: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000140)=0xce1, 0x4) ioctl$FICLONERANGE(0xffffffffffffffff, 0x4020940d, &(0x7f00000002c0)={r0}) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fallocate(r0, 0x10, 0x0, 0x1000f2) fsetxattr$trusted_overlay_upper(r0, &(0x7f00000000c0)='trusted.overlay.upper\x00', &(0x7f00000001c0)={0x0, 0xfb, 0xb3, 0x1, 0x2, "998c94edb0930f07bf164ea8538798e3", "1f1ae7af872bfb54cf61ba41be4d01cc7b88c9a36799ea4ab88619719363fc69e40a54cd5600f31e7a42992a803150dc08bc4c8491b1684147a36c7b2bdd785e61eb8f01fcca30a1b5bed53c673f5f4820bf2bde1fe242b6121d9538d6c7431f575dd4c3ba47fdfe756ee660feb5c913217b5e98d13d9314168ff27138d2ebff88e1c1b1094c2c2f18f50388332f02649f9beb94e8c037864f2897351be2"}, 0xb3, 0x1) r2 = open(&(0x7f0000000180)='./bus\x00', 0x4002, 0x0) ioctl$VT_ACTIVATE(r1, 0x5606, 0x0) sendfile(r2, r2, &(0x7f0000d83ff8)=0x2a00, 0x8000fffffffe) 02:11:35 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'brou%e\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:35 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x0, "94a7030000e8"}}}, &(0x7f0000b0c000)) 02:11:35 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0xffffffff00000000]}}, 0x20) 02:11:35 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x368, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:35 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f00000002c0)={0x0, 0x1, {0xffffffffffffffff, 0x3, 0x10001, 0x3, 0x2}}) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:35 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f7574650400", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:35 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x40030000000000]}}, 0x20) 02:11:35 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x1d3, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:35 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x0, "94a7030000e8"}}}, &(0x7f0000b0c000)) [ 862.062218] audit: type=1800 audit(1539310295.076:501): pid=31388 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor1" name="bus" dev="sda1" ino=16572 res=0 02:11:35 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f757465000500", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:35 executing program 0: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x2, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', 0x400000, 0x10) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, r0}) keyctl$join(0x1, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000080)=0x4) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r3, 0x641f) openat$vhci(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vhci\x00', 0x8000, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r3, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r4, 0x800448d2, &(0x7f0000000140)) 02:11:35 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r2, 0x1, 0x200000010, &(0x7f0000000040)=0x1, 0x4) sendmsg(r2, &(0x7f0000000180)={&(0x7f00000002c0)=@pppoe={0x18, 0x0, {0x0, @broadcast, 'yam0\x00'}}, 0x80, &(0x7f0000000700), 0x0, &(0x7f0000001c00)=ANY=[]}, 0x0) r3 = syz_open_dev$sndpcmc(&(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00', 0x9f, 0x40) write$UHID_CREATE(r3, &(0x7f0000000340)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f0000000100)=""/40, 0x28, 0xffffffffffff3662, 0x5e4, 0x3, 0x0, 0x2}, 0x120) syz_open_dev$sg(&(0x7f0000000080)='/dev/sg#\x00', 0x9, 0x100) write$P9_RREMOVE(r2, &(0x7f0000000140)={0x7, 0x7b, 0x1}, 0x7) recvmsg(r1, &(0x7f0000001b00)={&(0x7f00000004c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, 0x80, &(0x7f0000000a40), 0x0, &(0x7f0000000b00)=""/4096, 0x1000}, 0x0) 02:11:35 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f757465019800", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:35 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0xfdef]}}, 0x20) 02:11:35 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x0, "94a7030000e8"}}}, &(0x7f0000b0c000)) 02:11:35 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) syz_extract_tcp_res(&(0x7f00000002c0), 0x1, 0x8) write$binfmt_elf64(r1, &(0x7f0000000580)={{0x7f, 0x45, 0x4c, 0x46, 0x4, 0x1, 0x4edd, 0x2, 0x3, 0x3, 0x3, 0x2, 0x2f7, 0x40, 0x24, 0xff, 0x0, 0x38, 0x1, 0x3, 0x2, 0x1f}, [{0x0, 0x40, 0x3ad6d00000000000, 0x8001, 0x5, 0x2, 0x3, 0x40}, {0x7474e557, 0x4, 0x3, 0x1e21, 0x76b, 0x9c, 0xc2, 0x8}], "250f6ad7c0639ff69563eb23c478b47e120b1183876ef3f3acbbe4ef8295f010620316fd0175bf48259d2557d74a21b665a4ad8c065d5bb690b38cea7aecd1926aa97638820fd870566c6c60cb763ce1120d2e0ef5f6b7a7f7db9159dac0e09020b8caef0d8df70c45fd5bbbc54bc12b614ebe4a8159902a7fe04ae577829bd7f2103e737cc57afe159e6a612ab3138566e2805055424635f6d13fb01e5fcef5bd8d8f6ca57e0a46885bf514b1b501b7688ad5d5199f83a51130a8e8ee81e7d16145f3656e89c4a37a2c93bbb0c7c3717cb844f361a4e3ed60c7d2ae72400c9feee38c5c6b00566edce1f64192aa575499cba29e2ef8cb2906048f449b8916ae56d076293aaf8736b5c9a002053468a46d4c14ab2046eedd2197804b935d10dcc55504e00cf2ff37581b45aa0b5688fde2c825a17741f68cd0df2e19d3a5f360d37a0b5c432b687f0a32f6ab85831d7e9cf5681dcb79f3bc7043e71ebc89cdbc16117765de628c9559f9b369d893f5368d7c4c84ee4f5b6a83c56e379c9c0cc21e4902ee9ed50fd68359a81f959c47e96fbac2722313ab9f3a8f29adad4f8d2643f6b0211ab5383f47cd53ad1f8ab7a121f2ad0f4733790c7d3265f6cc8cccb734198a3680046d8f1aed9ebe220d1bd2f06e5e948d2b4acf8e70aa129ebfeb5b209839154a8f0ed566f23471230910a136a7fa44d2a1708c3cd25d63e3ac49eaafc68dd0ff510fc73c2b0d6b95c5caa6f3c5600670f3b0a9e52d3d2be1cf0761205868dd3e0e79444cbe8d645d537e1fad5a539298ea6cd2a577e4130e1c5193fecee6de618a6c6cdd8b92e1f82da2b757975ae4216908ca901721b889c155438d06cd28806b6f891f5c66ac977107e0c72795ffd3d15539513ee835fec8a45839a37a4efaad988108a91d4581bd537266cbd6084bfa8ca08a0f43230b672fb192e5f24481fb83020ba6f0f524e931a0337105a617d25c2f1ad8272e6dff1ad85aebe2ba9c3f40bf09d9ed2b428eb72d05f3640c8f112eec6f65d21541bde40ee22fe2db5908295f6ef9d1d5c5b245523da1e88f5890c504a7a5a353d0f1ffcd2ec6149fc3dde8f8e831e60e19e464b175859ba76f83f620f7e413fcec7d972cece62acf8f34962ad678e8edf3a541841a644cca8222fcd90b1e6c00a469f26c0339b7be92ee5949b49bb977be6570ea5ea06c15d62cb473706dcf2e6b0edbf987cec09594a99fbd94301a26edf266c38fa2b2ed6f6f489120a0a7f909a74dcc35cb08a2f1d209ad5597e8f48c87c586205e44f18ff03a686036c3f1ea751d26ed72281934b47996d280bbc8a628e5cba6fb03bebd75b7f445f2c5ad7ef1a547b1abd6e308a468b628cd42ffc16236a854a66fd10af8aac48477108ac74f50d67708e102e19ee7b245188468b188a754c8a4a105ee05a763ef97a67e2452d88849eec2034490cf0cd2fa52c2dd889320c0dbd55bd33de9662a4d28b39ae59b99cbffbb1cabdd12110d96a33609084f879a4a7bb8fada04259a818b86addf00611c547a965a90f762cc40908f09b40b2914fd7e8960027a951c11ff9c24074f20b1ec706b66e6f3f09f7ed865f336b5cfbfe8d53188445384ead15cfbf6f454861cf880f0fce9b4954fae04054c88c6fa27885da08c5ea5ae253aabf610dd1ac355073da57cfc5d18f3f318bb1f8d2c75bd485649833c7e0aaef338458afc6b73d2732484292dfed750ab9e5c1e86d16d6f47aaaab55edeb9f4110341c766ba704ccef4697fa379b36ea2bd92471ac1b6a14d102dfd6e3e71c1893b8fcfe13a393abbe823017207b20ae08cca6856f30bf94e95dad5a0bfeae5f929c0c2f860ed0ba396719b14fcf33f18786a415213a18c2f0c4a2edac98176e0abe4f3ee1631b67c25d4c0243a721e6c565039f2313e0205e3d22720949e086f946081098139ef289d426749fb62c7031f198188b9c4a54d94e0ee5d06ead5b27ac5e28b62a1b5e9b864661f6e2afdd3bf50a137796eeb68c30212f8c3c0b4bcaea86e3ff5c934de47f08ee6a85a4adeb16a5c80c87964c11c14d2306fce85c32184cafb86b4437eddebf222fa123bc81a2537f0c0fb15846193f471be1e77f8a5a8036b52063977ea9b7dbf0b3451dd058fc88ceddbcf91c0845aba0cdae93193a8086541af28c96645e1760510f27d52e2b8b5ace0343e79a698b8674ca5cf8d0bbc0d9da5b6d0329d7f3d56e7b727f8eb23f8a1b5947b74a16a46d9816b50a240b991288ba96e31ede8168c0e9afa485d6d9a42ded6588214da67882a09c4eb7ba3117a7b2cc5092763f72c67995b3271e814294215c484707f51af26b0efb6baff1d2284c4616a40bd016e148078e883cd3112fdec30a1b33e6a4409ab885a6c2fa19996c266fe1d930a5b8f01444bb85d7a6909c7b367a8f3097cc46b497bd672aba17a65d42d82fac5210f4c5d2815ba7fca459d18b0652f45a7e5e497c4101a8b76dcf496755d7da8060ecc7bfdf230ca667a8f971776fa236e306efdd4166de35042e30c373d80b8d200ce02edb33634dbfef77f13e9816081b3042bc2dcdf24287f5458c2a2d39690b8f8442bab918d7b0dec617be8fc5ef74bf9bb68bf51de68ed8489e5f344e3f9472329e3ea5a7b48cad8ba9b2e5b27884e98d58a183ea7d47c9abf7b8387e11a920a968f53d1961d74c9c1a0dfc822e11260c21bf46a490135e5ac3620857c44ee3e2859f80c13beaeb3d0ab981a8782e4f52c5ddc71e463c97a120561d779dc627502d9935e60df9c9ba539263e28a963ff95a4ccc1dfb3583264f6cff1ee6b43c78b63fc5f2b7046c7f9b51be001b0f6c1c6220aa01d21802f557d16859e6fa5b8a3e7654794fa6244b79887564068bbca7b246c3225949b58d787a65da27db80f1f673097365cb403ff21096ef08657c3ef86b7aebde91e7dd46a050c7c72bc7b1e50facc9f1f3d04b5ecb71492b507b09eec2e17e494b484d6fcf9a707924929fe4a314c3eba387e450d40ae50bee379b7d1eb509b2b71933fff7da560377acbeab842cdeb8809ba1365133cee2dbf6198a14b616f3cd345fc5f201d1f0a993958ae3fed0bfe96b15a4da0665efdb03fe168138a359e681de5be94afa7961ddf3d8aca77b3c33922fc26dfc95fa3e627607e7da4d8db0c61a5cd9c1d6a8f43bf31068de0eb21c91db6d57620a0141c327e46621981af35a7323a731d4e16316faa4af03cb31a0db0d108bc80c9a81b2e13101706e02abcc843d52c91b1cf69ff163382e69b2f5b4ec07f7aafd966e9028bf6d9dc38b0c28930821cce8fffd2b5eb044137780386372e3a9a4bb4615753402e6b85437b13d47913695f1ba08183ad901df87e5e244b9c4df61d16380046fd15b7149d809d44b5828ef880508ce5666a07202b9a22f0a72981dd26143ca58ec69767f56bdd617db638aacca626048c4432d9dc7c2835c1e55b7e146a0354a218ff1d56f8831f964d92845fa621d922ccc38fd2ff7722b8131abb37f62ef26a56c9724c305df89d7faec1e3f1ae7cb6b35014c24da5ce028495befe7cef05db2671d7e221077653d65af2658f53448c765375d830630653ca54faa0330b5dcc87bbd49f7d941fb633e0355d2c1d1e07a66e77e67cc662016913543b15cffea4e2f5619af461c0448f70681b1d2e74658755044c7e78bc3e4c631e7e86c199d8f6a55e58f832dcb544bf39bb591afb3ba575ff7fa5c0cb6c0169a9c7d66bfda819c2438c19b6fbd243ab989ace4820ad2daced7151849d66bef07e7ed8147c6c1e19c5094a18f75bac36fd50e2905af688933786336f924e34caca5fd456c4f1bb5b176e9001ff31ba8c63105d93029ed4653dd78e77c82cd6fce343421fd9ab0e1d5eba4393b62236b97bf3b2c218abac24b5fb55eb715eb1bb9cefa353461e0214bf509692a22e22a1b4c998b648b41a137cd578d261c4f43cb9f015ce34ad9f008813404d48c5e87afc90bd1349e797ff6f98d99f904696fc40d843547e9d854b4753f3de6b2f9e877ee37ed4000532c3e18363111795bbaf107d374facbac7a1d6b48226aaf6b169b134aff56ce3c832597965a904e471c588e1d6872d0b52ac562a3c6e03a099921b7931d582312a005e72e868767b4df284ff84d0d3168609e59e33dab41f828d807e508dff81ae5591c890824631f6f8ea5fa736d088610ed6b29a07e9a5b894e56be15704540eb3d97592dc9e4d28d8a29c10a3911756e802bd74d32c4abace7c34cf288644b32e48f9dd343ae0a313e08f2f5850df42141920d8b76827965b884315a7df8a51dbf13c79cb53878aa0b61fccec5961b3386a75589868af56789c5f11eef101712fd3878a63065cdfa4b1f2bfaf7da0b00a4b9ff5d23c10f457e03286c00a32ed9a0d95f9c1e1f0c55d86fbd384af277609a6028ada65eef0ad14a0d07cdb230e3c7906188879754bac09e5400dc2f39e9dd2d60d856038c5a722b5fff58fd47aca93d3f09e706db3edce3148307a64268b9a52d3a8ad05ebb50ea12df8365b6b8b566416f0190182a00c0740e965f6260cae8afb6c378af02fb34479a27275fe618d7c736574ea0f615bbbd7deff1e175140f22c8eaee1f8c17271e53151bec4445a53411239eb3b394c54484b94a45d78389311d490e716a163c3208a4ed972799a4d906b059df161ba5c9ad9989ae66849813e79fc0e14edb113b3cf8b2dc6f00ff9ec21c43fab3abcde7eea99001ed0e9171b41853c165b9764b5d75a2ac46605a18a6630eecc91468385cdde0c47adeaa3279cf0039179261eb21c38ca3bf3df1fd5eb9e592ba99d2a6f042a7b249650ba53604d61ef473dc6f88af559f30e35ab769eccf635068066097d921520c21e86b25cce0ef432d14c054935ac28080efe64eb3d68b5fc3246f1dab3fdfc4140d98ac0e7cb6b34d5bcfdaccd2e2980861433ff51a94f79118acca7adc522548bc9eb76060d7d2adb8d91590f291e76c3285ba20afbd47dc0f642b847d8c8a9e28e2ef631bc79bcb89de248cd42faee40c815570586e000000afaf012b0e7492c35557911bd31d6cd9bb39e2ea74ebfdedc5ddcc625e6b78ac1b744e6e216c9ae84cc196b7f0d286e8b06042e4c2e66c9c74b5521284ff6ebc7bc05b69d3ede86de58f38ec64954d45c2b655730e838e9646e7b237aa44799f30b0b7deb02a56938b73d9bf5d2c709af1860069babf71edb1d5abd2d05a03afc76762aa6633fae2b7db3afc04e1538062614af80af2d571848934c936b7a2da5d0b570acb6ce0a99d8c9d92e15ca9d02c2cdfec13a7648586104353277751a16c9bfa06cccfb56939993371650722f117f5b7b288fb5287b685be4bafb4b5b24bd0bbe36b4b8c897d108a8f6b1e21feeef7813b2631f0df87e47f8b45c85c3f887483ef44fa8793b354de2f6b693447aad6c66111274c6a09bc964201f8d92a47ab3bd46f98fb20a6b0cbebfe659286ff20803ab26701df0960605a6b95a7cb7d79ba98cc467fada9bdc3d37c9b2b90b520bdf2817d92b17495e917f2704b06f36c4003e9832ba28dd6b893868555b4cc2963944dc129e55597b7d462f8ea5889ab260246b950f391da296d3899d04efd3d1a0ef0c69e03892ada17b529599bed40521f62d99d17eb43897dd0d9299dfc10880aba095eddf84762204d8b3f40c07ed4922588b319bb9af66257ab43c13a0bf18937a02a6cd32658a6d1cd1d8388e12719beaae3cdad8366ad8eccd97616df3b8e63ec3b62c820f705ef3e42911c8a37510f4a4f898b965", [[], [], [], [], [], [], [], []]}, 0x18b0) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) ioctl$KVM_GET_IRQCHIP(r1, 0xc208ae62, &(0x7f0000000480)) 02:11:35 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x355, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:35 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f7574650000000600", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:35 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={r1, 0x28, &(0x7f00000002c0)}, 0x10) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000480)={{{@in6, @in6=@dev}}, {{@in6=@mcast1}, 0x0, @in6}}, &(0x7f0000000340)=0xe8) 02:11:35 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0xe, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863}}}, &(0x7f0000b0c000)) 02:11:35 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0xfffffffffffffdef]}}, 0x20) 02:11:35 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00\x00\x00@\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:35 executing program 1: r0 = perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) r2 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x80000) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000040)={0x7, 0x0, 0x10001, 0x5b8}) ioctl$DRM_IOCTL_AGP_FREE(r2, 0x40206435, &(0x7f0000000080)={0x12, r3, 0x10001, 0x5}) clone(0x0, &(0x7f0000000040), &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)) 02:11:35 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x1c2, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:35 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) restart_syscall() getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000300), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:35 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0xe, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863}}}, &(0x7f0000b0c000)) 02:11:35 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f7574650000000500", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:35 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x200000000000000]}}, 0x20) 02:11:35 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f75746507fffffe00", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:35 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0xe, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863}}}, &(0x7f0000b0c000)) 02:11:35 executing program 1: sched_setattr(0x0, &(0x7f0000000000), 0x0) r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000200)="0a5cc80700305f85715070") r1 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000006c0)=@mangle={'mangle\x00', 0x1f, 0x6, 0x4c8, 0x148, 0x208, 0x2c8, 0x148, 0x3c0, 0x480, 0x480, 0x480, 0x480, 0x480, 0x6, &(0x7f0000000100), {[{{@ip={@remote, @broadcast, 0xffffff00, 0xff, 'bond_slave_1\x00', 'veth1_to_team\x00', {}, {0xff}, 0x1d, 0x1}, 0x0, 0x98, 0xf8}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x800], 0x0, 0x0, 0x5}, {0x9, [0x30187d7c, 0x0, 0x2, 0x0, 0x10001, 0x40], 0x1f, 0x2, 0x7}}}}, {{@ip={@loopback, @dev={0xac, 0x14, 0x14, 0x15}, 0xff, 0xffffffff, 'bcsf0\x00', 'bridge0\x00', {0xff}, {}, 0x4, 0x1, 0x40}, 0x0, 0x98, 0xc0}, @ECN={0x28, 'ECN\x00', 0x0, {0x20, 0x8, 0x3}}}, {{@ip={@empty, @local, 0xffffffff, 0xffffff00, 'team_slave_1\x00', 'syzkaller1\x00', {}, {0xff}, 0xaba7a3bef854b485, 0x1, 0x20}, 0x0, 0x98, 0xc0}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@multicast2, @empty, 0xff, 0xffffffff, 'syzkaller1\x00', 'veth1\x00', {}, {}, 0x0, 0x3, 0x19}, 0x0, 0x98, 0xf8}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @broadcast, 0x4, 0x0, [0x18, 0x21, 0x16, 0x25, 0x40, 0x19, 0x2, 0xb, 0x3e, 0x17, 0x24, 0x0, 0x12, 0x3b, 0x2f], 0x1, 0x3, 0x8}}}, {{@uncond, 0x0, 0x98, 0xc0}, @TTL={0x28, 'TTL\x00', 0x0, {0x1}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x528) r2 = pkey_alloc(0x0, 0x2) pkey_mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, r2) r3 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f00000002c0)="6367726f7525232f634310af4f0000aba0661a08ef2c58e8eee8da0a01ce9dae1140951842b2", 0x2, 0x0) r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0xf96bdc861292cbd8, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x4, &(0x7f00000001c0)={0xffffffffffffffff}, 0x106, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r4, &(0x7f0000000300)={0x15, 0x110, 0xfa00, {r5, 0x81, 0x0, 0x0, 0x0, @in={0x2, 0x4e24, @multicast2}, @in6={0xa, 0x4e24, 0x200, @local}}}, 0x118) ioctl$EVIOCSABS0(r4, 0x401845c0, &(0x7f0000000180)={0x3, 0x7, 0xffff, 0x9, 0x2, 0x9}) syslog(0x2, &(0x7f0000000640)=""/89, 0x59) fsetxattr(r3, &(0x7f0000000040)=@random={'os2.', "6367726f7525232f634310af4f0000aba0661a08ef2c58e8eee8da0a01ce9dae1140951842b2"}, &(0x7f00000000c0)="6367726f7525232f634310af4f0000aba0661a08ef2c58e8eee8da0a01ce9dae1140951842b2", 0x26, 0x0) 02:11:35 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) r2 = openat$cgroup_ro(r0, &(0x7f00000006c0)='cpuacct.usage_user\x00', 0x0, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000680)=r1, 0x4) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f00000004c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="cb000000e1630d6d0e89f41a76674ef677dd6cc6b5b1b389cb657cd2282e2480e226d88255d8ff4c3e9220c941c6856d24c9d65319726717dea06eb5485c8ff65b3d852890e7ecdec665b0873cfd5a9cef978ad804480c7f44c04263cb695640729c47a49ed89d6c9d83c23e8e19a60cfb5bd32da71fd830bcc0919485548806006cba755c9640e33bed45eb61017c93e07d1f0426697ea73e992d4cf440655c149718b17d446a206276ce3b38e4aa4af57b3c4fe8991a17cbab65ddb0817a24c26277c918610a1b94549fc02b7c2d"], &(0x7f00000005c0)=0xd3) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000600)={r3, 0xae8e}, &(0x7f0000000640)=0x8) getegid() getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f00000002c0)={0x0, 0x7, 0xa93c}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000340)={r4, 0x9}, &(0x7f0000000480)=0xc) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000740)) 02:11:35 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0xeffdffff00000000]}}, 0x20) 02:11:35 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0xa4, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:35 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x1000000]}}, 0x20) 02:11:35 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) stat(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000580)='./file0\x00', &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000640)={0x0, 0x0, 0x0}, &(0x7f0000000680)=0xc) setresgid(r3, r4, r5) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f00000002c0)={0x0, 0x200, 0x2, [0x3ff, 0x80]}, &(0x7f0000000300)=0xc) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000340)={r6, 0x401}, &(0x7f0000000480)=0x8) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:35 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000000a000)={0x6, 0x70, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x8000000200000000, 0x7f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000240)=ANY=[@ANYBLOB="aa2a0db944836724d22bf6e64f95f4be8957c0c324c15831e25fb7ad62a23d8bac2e83008d8ccf011d157435789e0b7a2ff3f3017538e2f6534a5e468e5dc1910c34bf8f23b8916672461054631882c5270fcef7a97737861b70026c064a7e9d9f60ba4662096fafbeab5ef24f38ef552728ef9ea5882d92cc1a9a4d0e0f0fe2025b0456faea634a38e5665f13d3351d0c249dcf61a81a9ecf85a7ddb4ef4e610ba30be9474ffaaea70beed1e0c7f7c39b5905bb768d90d61f648c8fcc4f57043af53b91e4a6db21264a45ebbd787e3719ad9b72b41db80000000000000052e1e44b91d55c5cad325f8a15f69d21ab305d573b3ef02af4614baae3d000219b0995584d9dad12759906c590ac296219855cf91f45364a29a4b7010f3fe92856dd7f949e1ea4db27733526ebd1c0f2a67096b01fda5d5610bec27794b12104e05d931e"], &(0x7f0000343ff8)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0) exit_group(0xfffffffc) r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x1, 0x0) ioctl$SCSI_IOCTL_GET_IDLUN(r0, 0x5382, &(0x7f0000000080)) openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) 02:11:36 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x2000000]}}, 0x20) 02:11:36 executing program 0: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vsock\x00', 0x200002, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000300)={0xfffffffffffffff7, 0x4000081f, 0x4, r0}) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000080)=0x4) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r2, 0x641f) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) stat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000500)={0xb0, 0x0, 0x8, [{{0x4, 0x1, 0x5, 0x0, 0x13, 0x4, {0x5, 0xfffffffffffffffb, 0x2, 0x5c6, 0x8, 0xffe9, 0x1, 0x1, 0x4, 0x100000001, 0x7, r4, r5, 0xfffffffffffffff9, 0xfffffffeffffffff}}, {0x5, 0x200, 0x3, 0xee, 'em1'}}]}, 0xb0) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r2, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r3, 0x800448d2, &(0x7f0000000140)) 02:11:36 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x11, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a703"}}}, &(0x7f0000b0c000)) 02:11:36 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00\a\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:36 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$l2tp_PPPOL2TP_SO_RECVSEQ(r1, 0x111, 0x2, 0x1, 0x4) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:36 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x75, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:36 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0xfffffdef]}}, 0x20) 02:11:36 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000000a000)={0x6, 0x70, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x8000000200000000, 0x7f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000240)=ANY=[@ANYBLOB="aa2a0db944836724d22bf6e64f95f4be8957c0c324c15831e25fb7ad62a23d8bac2e83008d8ccf011d157435789e0b7a2ff3f3017538e2f6534a5e468e5dc1910c34bf8f23b8916672461054631882c5270fcef7a97737861b70026c064a7e9d9f60ba4662096fafbeab5ef24f38ef552728ef9ea5882d92cc1a9a4d0e0f0fe2025b0456faea634a38e5665f13d3351d0c249dcf61a81a9ecf85a7ddb4ef4e610ba30be9474ffaaea70beed1e0c7f7c39b5905bb768d90d61f648c8fcc4f57043af53b91e4a6db21264a45ebbd787e3719ad9b72b41db80000000000000052e1e44b91d55c5cad325f8a15f69d21ab305d573b3ef02af4614baae3d000219b0995584d9dad12759906c590ac296219855cf91f45364a29a4b7010f3fe92856dd7f949e1ea4db27733526ebd1c0f2a67096b01fda5d5610bec27794b12104e05d931e"], &(0x7f0000343ff8)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0) exit_group(0xfffffffc) r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x1, 0x0) ioctl$SCSI_IOCTL_GET_IDLUN(r0, 0x5382, &(0x7f0000000080)) openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) 02:11:36 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x11, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a703"}}}, &(0x7f0000b0c000)) 02:11:36 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x34000]}}, 0x20) 02:11:36 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x11, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a703"}}}, &(0x7f0000b0c000)) 02:11:36 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) ioctl$sock_SIOCDELDLCI(r1, 0x8981, &(0x7f00000002c0)={'yam0\x00', 0x1}) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:36 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x100000000000000]}}, 0x20) 02:11:36 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x249, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:36 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x13, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000"}}}, &(0x7f0000b0c000)) [ 863.630189] IPVS: ftp: loaded support on port[0] = 21 02:11:36 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x6, 0x80000) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r0, 0x800448d2, &(0x7f0000000100)={0x0, &(0x7f0000000040)}) [ 863.862592] device bridge_slave_1 left promiscuous mode [ 863.868120] bridge0: port 2(bridge_slave_1) entered disabled state [ 863.923014] device bridge_slave_0 left promiscuous mode [ 863.928461] bridge0: port 1(bridge_slave_0) entered disabled state [ 863.986917] team0 (unregistering): Port device team_slave_1 removed [ 863.995512] team0 (unregistering): Port device team_slave_0 removed [ 864.005047] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 864.045005] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 864.145063] bond0 (unregistering): Released all slaves [ 864.561196] bridge0: port 1(bridge_slave_0) entered blocking state [ 864.568116] bridge0: port 1(bridge_slave_0) entered disabled state [ 864.575414] device bridge_slave_0 entered promiscuous mode [ 864.614823] bridge0: port 2(bridge_slave_1) entered blocking state [ 864.621279] bridge0: port 2(bridge_slave_1) entered disabled state [ 864.628631] device bridge_slave_1 entered promiscuous mode [ 864.666347] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 864.703007] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 864.803894] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 864.828633] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 864.944545] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 864.952934] team0: Port device team_slave_0 added [ 864.974586] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 864.981859] team0: Port device team_slave_1 added [ 865.013582] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 865.038262] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 865.061047] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 865.085623] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 865.278423] bridge0: port 2(bridge_slave_1) entered blocking state [ 865.284836] bridge0: port 2(bridge_slave_1) entered forwarding state [ 865.291483] bridge0: port 1(bridge_slave_0) entered blocking state [ 865.297880] bridge0: port 1(bridge_slave_0) entered forwarding state [ 866.011034] 8021q: adding VLAN 0 to HW filter on device bond0 [ 866.080333] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 866.150535] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 866.156941] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 866.164411] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 866.229588] 8021q: adding VLAN 0 to HW filter on device team0 02:11:39 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\a\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:39 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0xeffdffffffffffff]}}, 0x20) 02:11:39 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000100)={0xffffffffffffffff}, 0x0, 0xa}}, 0x20) write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r0, &(0x7f0000000180)={0xb, 0x10, 0xfa00, {&(0x7f0000000040), r1, 0x5}}, 0x18) io_setup(0x40, &(0x7f00000001c0)=0x0) io_cancel(r2, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x6, r0, &(0x7f0000000200)="af7b6d2403e1a9d569c8c8b5473844c37b7b3e0ac2a1f7fdcc21425aede9c785517e27018a53c5221165592955fe16bf03b4a1e891ae16f3c1458b7e166ed35ff881dc52583401aa236dea3a0ea078b43da672c36f9a4af30f624adc7bc388ab6b813cca059f085d71d0d7ba87cab85b2c91bff0e7", 0x75, 0x0, 0x0, 0x1, r0}, &(0x7f00000002c0)) r3 = syz_open_dev$midi(&(0x7f0000000300)='/dev/midi#\x00', 0x8, 0x10400) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000340)={'ip6tnl0\x00', {0x2, 0x4e24, @broadcast}}) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000380)=[{0x2}], 0x1) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f00000003c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x7, @loopback, 0x8}, {0xa, 0x4e23, 0x1, @remote, 0x1}, r1, 0x9}}, 0x48) write$RDMA_USER_CM_CMD_GET_EVENT(r0, &(0x7f00000005c0)={0xc, 0x8, 0xfa00, {&(0x7f0000000440)}}, 0x10) socket$can_raw(0x1d, 0x3, 0x1) ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f0000000600)={{0x2, 0x4e20, @multicast2}, {0x6, @remote}, 0x2, {0x2, 0x4e23, @remote}, 'bcsf0\x00'}) ioctl$sock_ifreq(r3, 0x8927, &(0x7f0000000680)={'bridge0\x00', @ifru_names='ifb0\x00'}) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f00000006c0)={0x15, 0x110, 0xfa00, {r1, 0x0, 0x0, 0x0, 0x0, @ib={0x1b, 0x5, 0x5, {"00b32e1075a450dad40575207a654bc5"}, 0x6fc, 0x4, 0x101}, @in={0x2, 0x4e23, @multicast1}}}, 0x118) r4 = creat(&(0x7f0000000800)='./file0\x00', 0xa0) fsetxattr$trusted_overlay_origin(r4, &(0x7f0000000840)='trusted.overlay.origin\x00', &(0x7f0000000880)='y\x00', 0x2, 0x1) getsockopt$inet6_buf(r0, 0x29, 0x3e, &(0x7f00000008c0)=""/197, &(0x7f00000009c0)=0xc5) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r3, 0xc0305302, &(0x7f0000000a00)={0x7a, 0x80000001, 0x8, 0xffffffff80000001, 0x2, 0x8}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000a40)={[0x633c, 0x5, 0xfffffffffffffff8, 0xaa, 0x5, 0x0, 0x10001, 0x8, 0xfffffffeffffffff, 0x33, 0xb6, 0x0, 0x7, 0x206872be, 0x3, 0x800], 0x5000, 0x1}) ioctl$SIOCGIFHWADDR(r4, 0x8927, &(0x7f0000000b00)) connect$nfc_llcp(r4, &(0x7f0000000b40)={0x27, 0x0, 0x2, 0x4, 0x80000001, 0x977a, "3c750411d25fe0963ea232519de03ba37270606299100add75c5f0b46378f7151992ad0078e4e5a44f17eba6571dcdf57d73373b603efdbf987f7268a7a32b", 0xd}, 0x60) r5 = syz_open_dev$usbmon(&(0x7f0000000bc0)='/dev/usbmon#\x00', 0x0, 0x80) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000c40)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000c00), 0x117, 0x100b}}, 0x20) r6 = add_key$keyring(&(0x7f0000000d40)='keyring\x00', &(0x7f0000000d80)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffa) request_key(&(0x7f0000000c80)='id_resolver\x00', &(0x7f0000000cc0)={'syz', 0x0}, &(0x7f0000000d00)='eth0*posix_acl_access@@systemeth0-$}\x00', r6) timerfd_create(0x7, 0x800) socket$inet(0x2, 0x5, 0x81) setsockopt$inet6_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f0000000dc0), 0x4) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f0000000e00)={@remote, 0x2, 0x3, 0xff, 0x1, 0x80000000, 0x81, 0x8383}, 0x20) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000e40)) 02:11:39 executing program 0: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/rtc0\x00', 0x20000, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, r0}) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000080)=0x4) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r2, 0x641f) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r2, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r3, 0x800448d2, &(0x7f0000000140)) 02:11:39 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x13, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000"}}}, &(0x7f0000b0c000)) 02:11:39 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x1be, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:39 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x891b, &(0x7f00000002c0)={'erspan0\x00', {0x2, 0x4e22}}) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:39 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x13, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000"}}}, &(0x7f0000b0c000)) 02:11:39 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f757465000000000000000100", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:39 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0xeffd]}}, 0x20) 02:11:39 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) syz_open_dev$vcsn(&(0x7f00000002c0)='/dev/vcs#\x00', 0x60000, 0x40200) r1 = dup2(r0, r0) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000300)=0x7) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r2, 0x641f) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r2, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r3, 0x800448d2, &(0x7f0000000140)) 02:11:39 executing program 4 (fault-call:1 fault-nth:0): perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)) 02:11:39 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x33a, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:39 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x2]}}, 0x20) [ 866.865217] FAULT_INJECTION: forcing a failure. [ 866.865217] name failslab, interval 1, probability 0, space 0, times 0 [ 866.876523] CPU: 1 PID: 31932 Comm: syz-executor4 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 866.885033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 866.894406] Call Trace: [ 866.894464] dump_stack+0x244/0x3ab [ 866.900691] ? dump_stack_print_info.cold.2+0x52/0x52 [ 866.905904] should_fail.cold.4+0xa/0x17 [ 866.909976] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 866.915096] ? __wake_up_common_lock+0x1d0/0x330 [ 866.919876] ? __mutex_lock+0x85e/0x16f0 [ 866.923976] ? tun_get_user+0x1db5/0x4250 [ 866.928169] ? mark_held_locks+0x130/0x130 [ 866.932441] ? mutex_trylock+0x2b0/0x2b0 [ 866.936519] ? perf_trace_sched_process_exec+0x860/0x860 [ 866.941987] ? mark_held_locks+0x130/0x130 [ 866.946242] ? mark_held_locks+0x130/0x130 [ 866.950492] ? debug_smp_processor_id+0x1c/0x20 [ 866.955173] ? perf_trace_lock_acquire+0x15b/0x800 [ 866.960132] ? check_preemption_disabled+0x48/0x200 [ 866.965168] __should_failslab+0x124/0x180 [ 866.969422] should_failslab+0x9/0x14 [ 866.973243] kmem_cache_alloc+0x47/0x730 [ 866.973274] ? debug_smp_processor_id+0x1c/0x20 [ 866.973289] ? perf_trace_lock_acquire+0x15b/0x800 [ 866.973311] __build_skb+0xab/0x430 [ 866.973328] ? skb_try_coalesce+0x1b70/0x1b70 [ 866.973348] ? perf_trace_lock+0x7a0/0x7a0 [ 866.986981] ? mark_held_locks+0x130/0x130 [ 866.987002] ? __alloc_pages_nodemask+0xdd0/0xdd0 [ 866.987021] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 866.987040] ? check_preemption_disabled+0x48/0x200 [ 866.995188] __napi_alloc_skb+0x1d1/0x310 [ 866.995214] napi_get_frags+0x67/0x140 [ 866.995237] tun_get_user+0x1e1f/0x4250 [ 867.003694] ? perf_trace_lock_acquire+0x15b/0x800 [ 867.003716] ? aa_file_perm+0x469/0x1060 [ 867.003755] ? tun_net_xmit+0x1c80/0x1c80 [ 867.003777] ? aa_file_perm+0x490/0x1060 [ 867.003802] ? aa_path_link+0x5e0/0x5e0 [ 867.023365] ? tun_get+0x206/0x370 [ 867.023383] ? lock_downgrade+0x900/0x900 [ 867.023406] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 867.023427] ? lock_downgrade+0x900/0x900 [ 867.023457] ? tun_get+0x22d/0x370 [ 867.023477] ? tun_chr_close+0x180/0x180 [ 867.040393] ? common_file_perm+0x236/0x7f0 [ 867.040417] tun_chr_write_iter+0xb9/0x160 [ 867.040449] do_iter_readv_writev+0x8b0/0xa80 [ 867.040470] ? vfs_dedupe_file_range+0x670/0x670 [ 867.052633] ? apparmor_file_permission+0x24/0x30 [ 867.052658] ? rw_verify_area+0x118/0x360 [ 867.052678] do_iter_write+0x185/0x5f0 [ 867.052694] ? dup_iter+0x270/0x270 [ 867.052709] ? proc_cwd_link+0x1d0/0x1d0 [ 867.052732] vfs_writev+0x1f1/0x360 [ 867.052751] ? vfs_iter_write+0xb0/0xb0 [ 867.052773] ? wait_for_completion+0x8a0/0x8a0 [ 867.060459] ? lock_release+0xa10/0xa10 [ 867.060482] ? fsnotify_first_mark+0x350/0x350 [ 867.060504] ? __fsnotify_parent+0xcc/0x420 [ 867.069595] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 867.069614] ? __fdget_pos+0xde/0x200 [ 867.069633] ? __fdget_raw+0x20/0x20 [ 867.153689] ? __sb_end_write+0xd9/0x110 [ 867.153714] do_writev+0x11a/0x310 [ 867.153734] ? vfs_writev+0x360/0x360 [ 867.153757] ? trace_hardirqs_off_caller+0x300/0x300 [ 867.170253] __x64_sys_writev+0x75/0xb0 [ 867.174278] do_syscall_64+0x1b9/0x820 [ 867.178186] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 867.183577] ? syscall_return_slowpath+0x5e0/0x5e0 [ 867.188607] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 867.193474] ? trace_hardirqs_on_caller+0x310/0x310 [ 867.198494] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 867.203503] ? prepare_exit_to_usermode+0x291/0x3b0 [ 867.208506] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 867.213343] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 867.218518] RIP: 0033:0x4573d1 [ 867.221724] Code: 75 14 b8 14 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 54 b5 fb ff c3 48 83 ec 08 e8 1a 2d 00 00 48 89 04 24 b8 14 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 63 2d 00 00 48 89 d0 48 83 c4 08 48 3d 01 [ 867.240637] RSP: 002b:00007fbe4e740ba0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 [ 867.248338] RAX: ffffffffffffffda RBX: 0000000000000014 RCX: 00000000004573d1 [ 867.255591] RDX: 0000000000000001 RSI: 00007fbe4e740bf0 RDI: 00000000000000f0 02:11:40 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) recvmmsg(0xffffffffffffffff, &(0x7f0000001c00)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000800)=""/65, 0x41}], 0x1, &(0x7f0000000a00)=""/181, 0xb5}}], 0x1, 0x0, &(0x7f0000000040)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_LAPIC(r2, 0x8400ae8e, &(0x7f0000000300)={"c5483ba0441a4d6138f091fbf01644a970cb9eeddadec671c488d1186f3158ed9bcef3b7f142ed1649ca4b5797aae6313e1a580dd75016cf51149464996e9d663afd3a4910d1c7d737463de3e590cde6704e66c2447d546fd832683a5aa9c31cc9b00776f2eedff3e84785bf501a30320ff0046a6c640cbf2a5d4a79ce2861583520264abf17cc1f2c152c6be15209646c0ede4bdbd9328350287d0b33b764fcd5575b80d9c0403dd3dddebdcbe2c7e845360a5451a6bd71d319177f965c56a05ac2f92cf65de4d9ceac10ae4a56d3dc6c918343428704ba428a3454bd04d2753f36990a8c05ace5f47031a49076c1a42bc67f5dbb992d290d71ee8a0d6e4c51c4bdad01af05e4d3db4c2915fe251915b2b6ff0cda51c7cba8f9fc41abdfc8b694325cf4fafd01bcd269e9b0aab689991a0b50f6f676da539b12a4e5bec578347e235d4412c6231437f072edada06c5ac871707a2e4ce5d7d578f03c2ff73bbb47fa6103070a74d731bd5c98b1ebf3a5cef9a8c9f055f564d68b245d576b631fc59fa8c06264428d7474280fb7de8372b124ae5a44382a52bf856c2700dc029712a512a9dd65f0e27a826e479587fc399eefc56c80e5842936f3dafd1d6dfe945bc09cc5e92c250274a3efed95bccb3dd52f1e1dd89587567a92877135e0bf0f6a21411b19269f86fb4841bd850f1358ba3951969751c5b8699cef3570f4742454f4236b634ce03a1d2b31445044c5431d122f8ee826db7e83881571352b2b6ff436be9ae553228f37371b8503640c27b9067eb1d1a42670bb47f989c843d95713b2afa0ad514172d80f363c511bcef3867102ca5ed978698c15d389e0546132a20311b5947cad1dc86674e15274a0ab87e5e73be1cd7b385f03d6cbca0ad88f73c1b09a0cde6b3e2f21e2bc083d9ca13a1dac8011783493a109d8c17e5545bd6feb6dbf2b0b106299fc6851b7cdc272e57967572732d4c815e2bcc8f059a3c6eaa566b75b60d86c70bcb32b184da00e84602a082af6eb505fbf1cbe15f614005efc79dd35a4b5b36ca7fe68c33e452c1e486d1df54ca9efae79547474e90ce8b015b92b56d88e98964759ba1838dcba5a5f48741220bdb35335abc8a1a6e42006173e25ebcd00a92a93365fc80807970077790022e90e641a6c8bd88ad5da4c5e53110bb77d891be1edec8aff89e7041d920f6b3adb7a4ee4c69944aa9d6c92b03472b2cf42ad53b5b62bd1aef96a14e8a110ec065c475616c4a720c01a2a35dde3d9e239e28a4da249b3808253a3f39ac4b8a710e6320751d307a18181721ac59762bf46358c6b8414f68662ebaf0d2ee0659c0b10e3e5da89399849f389096d477c6f619c0a0686717b6eb3e3fe71bf936f570d50c5aef795190a967b6d65ae2d218c6d6d8360c487cfd49c9869c6250c56be165ff77538d8cefe44c6d657"}) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000ac0)={"55c990aa4964e82a3ec457f4c7d69681319b32c4fe546fdaa52a7f1ee7a27d5f71fb895c4bf21bf0301d2a160f646d230ecc224077896302fd1e64ad393ef24145492c44f164e53100dc89f52d25895dcd4320f649fc784145767a5224088c492511d0a5d7bb0c0176706c238dfeee9caae8811bc4d2ec92a4a340c091647ae36123d290d72c375af37957c01aa945bdb6a7a6870069350c7c2ac6b9c032e80d8150ec020000baf9447badcc1908d174e06fd466e64e24e3c892ee42a4b31338ad67030baeffa5bfa701c1e7bfbd8fd016d87018d05ab11f9e813877bd9cdf0884cbaabe09190f95550884f8a1e6510f6bbe96f86859597bf89741aea068e55b938ebee9d9bff58478513c4b72edbf79f75431b54743ab05d3980b30b2127cf13bf94beba0828a4bb1848bc1f862fac00698e4bd2f4bde3bb35107056c4147c0ed8d7d588ba03c37b82ea384d1db706a8b46ee351812ad747d1045540a48b542996812548270c5af5d27ff72920bebd8371348c7f55a953e236ac13fe737a81bd9b61e30a5e9c526cf61862f5a0a90963c73febe3b66ab29f17b6da74b7647bcc4e527356d57fa1fe3f3dffab39df7b353eda6b839decb4484939f4fc0c84bda1c964941ccf4db1ca0d2c152fd356ac66441c8b68755d533b416d9f7999678227c7a69db08e997252dd6a38fc458d93fac9f1f14f49b7ca4a0b0c8b538d2f30c34503a0975506ae9004b3e5c3d2469cf4e03d9b79dc1499647b5b680a02bdc56c18782c48120dee663918288f068c49d85355d114cfe0c5d1405cf5e37b181f296fa7dc9ae116fbe220121fe139739226eefce468f27f5d21ab51ef0e26134c5341cf13799003ceb38d4050c2ba1c9e6decc2d11a8f14a6adadd45e615106b5dd4c07093ba114ac55b4e80d1a3545ab6e8fbf796b908ecc244340fc06e4d4bd6e069b7f0232198ab067a709bcdd4d41500e5dc7032e5993f965d4603033fe61cc523937d7345df42b4f1b62c4daf64f6c29eb2f214b88680bfe19252b67719ccea37d19fe3bfb0c8ad0bd6f4a1df532ec9220269453df5144ff48f63c2ad655b8f20db01b3af95c11f4e7de2bd0a47d47b08b620589a33327bef9ee310505c1736510e88b74281f098099c753d30fcf32f31a0521e32407d689b093f24d07049682ff4662b5b94616699fd704589c0edb02cf3e622088c685564b0c166f9f3cdb12dd8a70684ac6e24570191dda2db2b1965d2397a45060f834405b81fa79204e029b7cd93333dfbef669f3e480fd071f5b87e9fdf984dfe176353ed12ea15484366548336f540a5f1e8b9e19bdeb8d71dce9ecf03d09517bc4bcf7be382176e7e12395ee0f795f76695d0d90eee181d300deb89d7098403ac76309e63f6ca3eede1ce57dcd9de56e24610ed5c470d5540e9f50d068ee8a1431bb3216ae99b18"}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000100)="66b91000004066b80000000066ba000000000f30baa000eddb8f05000f89ae6a660f3a22efa80f09f00fc709f20f1ab60d0066b93608000066b80000000066ba008000000f3066b9800000c00f326635000800000f30", 0x56}], 0x1, 0x0, &(0x7f00000000c0), 0x0) setxattr$security_smack_transmute(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000240)='TRUE', 0x4, 0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x40000000000009) syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x80, 0x64000) write$P9_RFSYNC(0xffffffffffffffff, &(0x7f0000000180)={0x7, 0x33, 0x2}, 0x7) r3 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10001}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) splice(r4, &(0x7f0000000280), r3, &(0x7f0000000700), 0x8, 0x0) getsockopt$sock_int(r4, 0x1, 0x4, &(0x7f00000000c0), &(0x7f0000000080)=0x4) 02:11:40 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x25a, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:40 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0xeffdffff]}}, 0x20) 02:11:40 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00\x00\x00?\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:40 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000480)=[{0xa, 0x7ff}, {0x8, 0x7}, {0x7, 0x100000001}, {0x4, 0x1f}, {0x0, 0x1}, {0x2, 0xffffffff}, {0x2, 0x4}, {0x4, 0xe47}, {0x3, 0x1c}, {0x8, 0x312}], 0xa) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) ioctl$sock_bt(r1, 0x9e4e9180ba6dd5e7, &(0x7f00000002c0)="82e3fbaf3586685c4208b24e1793873f648dd3a77035cb08f634afcba9f969e1690d939e6099ead73057a62de427f85b794f79a66c754cc96ea2fb5ec534013adc5b117e239d8191dc03b9") [ 867.262866] RBP: 00000000200c5fe8 R08: 00000000000000f0 R09: 0000000000000000 [ 867.270130] R10: 0000000000000064 R11: 0000000000000293 R12: 00007fbe4e7416d4 [ 867.277385] R13: 00000000004c4843 R14: 00000000004d7b30 R15: 0000000000000004 02:11:40 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f7574650600", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:40 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x400300]}}, 0x20) 02:11:40 executing program 4 (fault-call:1 fault-nth:1): perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)) 02:11:40 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) vmsplice(r0, &(0x7f0000000540)=[{&(0x7f0000000480)="ced844e009e74686fae9aa38cb78748a95d9135dd0ab4dfc4f5b12c433659a7c3bf4267f7c878fda2677e586073f4832bb5760a935ee818bb224ebb4cd8d2be932068441d2f6a7294a531548460afa705f5b75bb0941da71792a07311d3ffaa3a5", 0x61}, {&(0x7f0000000500)}], 0x2, 0x4) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000300)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={0xffffffffffffffff}, 0x13f, 0xe}}, 0x20) write$RDMA_USER_CM_CMD_NOTIFY(r1, &(0x7f0000000340)={0xf, 0x8, 0xfa00, {r3, 0xd}}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) [ 867.446441] kvm: pic: non byte read [ 867.451011] kvm: pic: non byte read 02:11:40 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x1000000]}}, 0x20) [ 867.490481] kvm: pic: non byte read [ 867.509545] kvm: pic: non byte read [ 867.519722] kvm: pic: non byte read [ 867.530258] kvm: pic: non byte read 02:11:40 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)) 02:11:40 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00\x00\x00\x00\x00\x00\x00\a\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) [ 867.551053] kvm: pic: non byte read [ 867.587790] kvm: pic: non byte read [ 867.609255] kvm: pic: non byte read [ 867.623512] kvm: pic: non byte read 02:11:40 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)={0xa, 0x2, 0x914, 0x4000000005, 0x2}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={r1, &(0x7f0000000000), &(0x7f0000000440)}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000240)={r1, 0x28, &(0x7f0000000200)}, 0x10) r2 = syz_open_dev$dspn(&(0x7f00000002c0)='/dev/dsp#\x00', 0x1, 0x80100) ioctl$SG_GET_LOW_DMA(r2, 0x227a, &(0x7f0000000340)) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000140)={r1, &(0x7f0000000000), &(0x7f0000000100)=""/25}, 0x18) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r1, &(0x7f0000000000)='@', &(0x7f0000000180)}, 0x20) ioctl$int_out(r0, 0x2, &(0x7f0000000280)) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={r1, &(0x7f0000000000), &(0x7f0000000100)}, 0x20) lsetxattr$security_capability(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='security.capability\x00', &(0x7f0000000440)=@v2={0x2000000, [{0x0, 0xffff}, {0x3}]}, 0x14, 0x2) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={r1, &(0x7f0000000440), &(0x7f0000000200)}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r1, &(0x7f0000000040), &(0x7f0000000140)}, 0x20) 02:11:40 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dsp\x00', 0x1, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f00000002c0)={{&(0x7f0000ffc000/0x1000)=nil, 0x1000}, 0x1}) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:40 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x350, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:40 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0xfdef]}}, 0x20) 02:11:40 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f757465000000000000019800", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:40 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x200c5ffc, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)) 02:11:41 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(r1, 0x8934, &(0x7f00000002c0)={'gretap0\x00', 0x3}) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000300)={0x0, 0x2}, &(0x7f0000000340)=0x8) getsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000480)={r3, 0x2, 0x2, 0x2}, &(0x7f00000004c0)=0x10) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:41 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x1e3, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:41 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f7574650000019800", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:41 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x7ffff000, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)) 02:11:41 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[@ANYBLOB='inode_readahead_blks=0']) r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x20041, 0xbb) fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000840)='trusted.overlay.redirect\x00', &(0x7f0000000880)='./file0\x00', 0x8, 0x3) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000240)=@mangle={'mangle\x00', 0x1f, 0x6, 0x530, 0x1a8, 0x1a8, 0x1a8, 0x1a8, 0x0, 0x498, 0x498, 0x498, 0x498, 0x498, 0x6, &(0x7f00000001c0), {[{{@ip={@broadcast, @multicast2, 0xffffffff, 0xffffff00, 'bridge_slave_0\x00', 'veth0_to_team\x00', {}, {0xff}, 0x1, 0x2, 0x42}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={0x28, 'rpfilter\x00'}]}, @ECN={0x28, 'ECN\x00', 0x0, {0x10, 0x274}}}, {{@uncond, 0x0, 0x98, 0xc0}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@uncond, 0x0, 0xe8, 0x148, 0x0, {}, [@inet=@rpfilter={0x28, 'rpfilter\x00', 0x0, {0x1}}, @inet=@rpfilter={0x28, 'rpfilter\x00', 0x0, {0x4}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x6, @dev={[], 0x10}, 0x1, 0xc, [0x16, 0x30, 0x3c, 0x9, 0x3a, 0x23, 0x8, 0x1f, 0x6, 0xe, 0x30, 0x2d, 0xb, 0x21, 0x37, 0xc], 0x1, 0x7672, 0x7}}}, {{@ip={@loopback, @rand_addr=0x7, 0xff000000, 0xff, 'syzkaller0\x00', 'bpq0\x00', {0xff}, {}, 0x0, 0x1, 0xc}, 0x0, 0xc0, 0xe8, 0x0, {}, [@common=@icmp={0x28, 'icmp\x00', 0x0, {0xf, 0xffffffff, 0x100, 0x1}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@local, @remote, 0x0, 0x0, 'syz_tun\x00', 'syzkaller1\x00', {}, {}, 0x5c, 0x3, 0x10}, 0x0, 0x98, 0xc0}, @ECN={0x28, 'ECN\x00', 0x0, {0x10, 0xfffffffffffffff7}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x590) ioctl$SG_SET_KEEP_ORPHAN(r0, 0x2287, &(0x7f0000000800)=0x3) 02:11:41 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f7574650000000007fffffe00", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:41 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0xfffffdef]}}, 0x20) 02:11:41 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x2) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) [ 868.117524] EXT4-fs (sda1): re-mounted. Opts: inode_readahead_blks=0 02:11:41 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00\x00\x00\a\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:41 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x2d1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:41 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0xfffffffffffffdef, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)) 02:11:41 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x400300]}}, 0x20) 02:11:41 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f757465000600", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) [ 868.235445] EXT4-fs (sda1): re-mounted. Opts: inode_readahead_blks=0 02:11:41 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000300)={0x1, &(0x7f00000002c0)=[{0x86ea, 0x7, 0x3, 0x800}]}, 0x10) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:41 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[@ANYBLOB='inode_readahead_blks=0']) r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x20041, 0xbb) fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000840)='trusted.overlay.redirect\x00', &(0x7f0000000880)='./file0\x00', 0x8, 0x3) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000240)=@mangle={'mangle\x00', 0x1f, 0x6, 0x530, 0x1a8, 0x1a8, 0x1a8, 0x1a8, 0x0, 0x498, 0x498, 0x498, 0x498, 0x498, 0x6, &(0x7f00000001c0), {[{{@ip={@broadcast, @multicast2, 0xffffffff, 0xffffff00, 'bridge_slave_0\x00', 'veth0_to_team\x00', {}, {0xff}, 0x1, 0x2, 0x42}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={0x28, 'rpfilter\x00'}]}, @ECN={0x28, 'ECN\x00', 0x0, {0x10, 0x274}}}, {{@uncond, 0x0, 0x98, 0xc0}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@uncond, 0x0, 0xe8, 0x148, 0x0, {}, [@inet=@rpfilter={0x28, 'rpfilter\x00', 0x0, {0x1}}, @inet=@rpfilter={0x28, 'rpfilter\x00', 0x0, {0x4}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x6, @dev={[], 0x10}, 0x1, 0xc, [0x16, 0x30, 0x3c, 0x9, 0x3a, 0x23, 0x8, 0x1f, 0x6, 0xe, 0x30, 0x2d, 0xb, 0x21, 0x37, 0xc], 0x1, 0x7672, 0x7}}}, {{@ip={@loopback, @rand_addr=0x7, 0xff000000, 0xff, 'syzkaller0\x00', 'bpq0\x00', {0xff}, {}, 0x0, 0x1, 0xc}, 0x0, 0xc0, 0xe8, 0x0, {}, [@common=@icmp={0x28, 'icmp\x00', 0x0, {0xf, 0xffffffff, 0x100, 0x1}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@local, @remote, 0x0, 0x0, 'syz_tun\x00', 'syzkaller1\x00', {}, {}, 0x5c, 0x3, 0x10}, 0x0, 0x98, 0xc0}, @ECN={0x28, 'ECN\x00', 0x0, {0x10, 0xfffffffffffffff7}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x590) ioctl$SG_SET_KEEP_ORPHAN(r0, 0x2287, &(0x7f0000000800)=0x3) 02:11:41 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x2000000]}}, 0x20) 02:11:41 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0xe, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)) 02:11:41 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f7574650300", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:41 executing program 0: r0 = syz_open_dev$mice(&(0x7f0000000580)='/dev/input/mice\x00', 0x0, 0x200000) setsockopt$RDS_GET_MR(r0, 0x114, 0x2, &(0x7f0000000700)={{&(0x7f00000005c0)=""/212, 0xd4}, &(0x7f00000006c0), 0xe5ccb122b24e96b6}, 0x20) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000080)=0x4) io_setup(0xffff, &(0x7f0000000740)=0x0) io_cancel(r2, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x6, 0xfff, r0, &(0x7f0000000780)="b1431991175787c9abf5404196f3586ff68f47854398adbe6faa6d5473d715638c4f0d1553d73042bc08b3cbc190e69e70c3d23b1af5fc0b4cf3069ef56cf9237410b1992f5e18db7e1170da9cffd35ba8cf8147f82f8ba1b4a6234150d5456181845eee32089c0a75c8be754dca1a0426978758cda37aa283f1f1634ffd0fbceea98c6a7b050b36dec42911b43af25f556c7e2e0219713f930669109fcc4f0a0b25886311b8de4d18c49cd1586d2260fff0c437c45dc4170b34a03da89519", 0xbf, 0xff, 0x0, 0x3, r0}, &(0x7f0000000880)) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r3, 0x641f) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r3, 0x84, 0x13, &(0x7f00000002c0)={0x0, 0x1}, &(0x7f0000000340)=0x8) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r3, 0x84, 0xf, &(0x7f0000000480)={r5, @in={{0x2, 0x4e22, @local}}, 0x6, 0x5, 0xa23d, 0x1f, 0x55}, &(0x7f0000000540)=0x98) socket$inet_smc(0x2b, 0x1, 0x0) ioctl$sock_SIOCADDDLCI(r4, 0x8980, &(0x7f0000000300)={'teql0\x00', 0x8}) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r3, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f00000008c0)={0x56, 0x6, 0x0, 0xbb6, 0xfffffffffffffffb, 0x1}) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r4, 0x800448d2, &(0x7f0000000140)) 02:11:41 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x40030000000000]}}, 0x20) 02:11:41 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0xdf, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:41 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0xfdef, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)) [ 868.527375] EXT4-fs (sda1): re-mounted. Opts: inode_readahead_blks=0 02:11:41 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f757465feffff0700", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:41 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[@ANYBLOB='inode_readahead_blks=0']) r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x20041, 0xbb) fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000840)='trusted.overlay.redirect\x00', &(0x7f0000000880)='./file0\x00', 0x8, 0x3) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000240)=@mangle={'mangle\x00', 0x1f, 0x6, 0x530, 0x1a8, 0x1a8, 0x1a8, 0x1a8, 0x0, 0x498, 0x498, 0x498, 0x498, 0x498, 0x6, &(0x7f00000001c0), {[{{@ip={@broadcast, @multicast2, 0xffffffff, 0xffffff00, 'bridge_slave_0\x00', 'veth0_to_team\x00', {}, {0xff}, 0x1, 0x2, 0x42}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={0x28, 'rpfilter\x00'}]}, @ECN={0x28, 'ECN\x00', 0x0, {0x10, 0x274}}}, {{@uncond, 0x0, 0x98, 0xc0}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@uncond, 0x0, 0xe8, 0x148, 0x0, {}, [@inet=@rpfilter={0x28, 'rpfilter\x00', 0x0, {0x1}}, @inet=@rpfilter={0x28, 'rpfilter\x00', 0x0, {0x4}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x6, @dev={[], 0x10}, 0x1, 0xc, [0x16, 0x30, 0x3c, 0x9, 0x3a, 0x23, 0x8, 0x1f, 0x6, 0xe, 0x30, 0x2d, 0xb, 0x21, 0x37, 0xc], 0x1, 0x7672, 0x7}}}, {{@ip={@loopback, @rand_addr=0x7, 0xff000000, 0xff, 'syzkaller0\x00', 'bpq0\x00', {0xff}, {}, 0x0, 0x1, 0xc}, 0x0, 0xc0, 0xe8, 0x0, {}, [@common=@icmp={0x28, 'icmp\x00', 0x0, {0xf, 0xffffffff, 0x100, 0x1}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@local, @remote, 0x0, 0x0, 'syz_tun\x00', 'syzkaller1\x00', {}, {}, 0x5c, 0x3, 0x10}, 0x0, 0x98, 0xc0}, @ECN={0x28, 'ECN\x00', 0x0, {0x10, 0xfffffffffffffff7}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x590) ioctl$SG_SET_KEEP_ORPHAN(r0, 0x2287, &(0x7f0000000800)=0x3) 02:11:41 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f7574650200", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:41 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0xeffdffff00000000]}}, 0x20) 02:11:41 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x140, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)) 02:11:41 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f757465000000000000000200", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:41 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x2dc, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) [ 868.729587] EXT4-fs (sda1): re-mounted. Opts: inode_readahead_blks=0 02:11:41 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[@ANYBLOB='inode_readahead_blks=0']) r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x20041, 0xbb) fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000840)='trusted.overlay.redirect\x00', &(0x7f0000000880)='./file0\x00', 0x8, 0x3) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000240)=@mangle={'mangle\x00', 0x1f, 0x6, 0x530, 0x1a8, 0x1a8, 0x1a8, 0x1a8, 0x0, 0x498, 0x498, 0x498, 0x498, 0x498, 0x6, &(0x7f00000001c0), {[{{@ip={@broadcast, @multicast2, 0xffffffff, 0xffffff00, 'bridge_slave_0\x00', 'veth0_to_team\x00', {}, {0xff}, 0x1, 0x2, 0x42}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={0x28, 'rpfilter\x00'}]}, @ECN={0x28, 'ECN\x00', 0x0, {0x10, 0x274}}}, {{@uncond, 0x0, 0x98, 0xc0}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@uncond, 0x0, 0xe8, 0x148, 0x0, {}, [@inet=@rpfilter={0x28, 'rpfilter\x00', 0x0, {0x1}}, @inet=@rpfilter={0x28, 'rpfilter\x00', 0x0, {0x4}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x6, @dev={[], 0x10}, 0x1, 0xc, [0x16, 0x30, 0x3c, 0x9, 0x3a, 0x23, 0x8, 0x1f, 0x6, 0xe, 0x30, 0x2d, 0xb, 0x21, 0x37, 0xc], 0x1, 0x7672, 0x7}}}, {{@ip={@loopback, @rand_addr=0x7, 0xff000000, 0xff, 'syzkaller0\x00', 'bpq0\x00', {0xff}, {}, 0x0, 0x1, 0xc}, 0x0, 0xc0, 0xe8, 0x0, {}, [@common=@icmp={0x28, 'icmp\x00', 0x0, {0xf, 0xffffffff, 0x100, 0x1}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@local, @remote, 0x0, 0x0, 'syz_tun\x00', 'syzkaller1\x00', {}, {}, 0x5c, 0x3, 0x10}, 0x0, 0x98, 0xc0}, @ECN={0x28, 'ECN\x00', 0x0, {0x10, 0xfffffffffffffff7}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x590) ioctl$SG_SET_KEEP_ORPHAN(r0, 0x2287, &(0x7f0000000800)=0x3) 02:11:41 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000480)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) syz_open_dev$loop(&(0x7f0000000180)='/dev/loop#\x00', 0x7ff, 0x200) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:41 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f757465000000000000000300", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:41 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0xd, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)) 02:11:41 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00@\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:41 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) setsockopt$netlink_NETLINK_CAP_ACK(r1, 0x10e, 0xa, &(0x7f00000002c0)=0x5, 0x4) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:41 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0xeffdffffffffffff]}}, 0x20) [ 868.935266] EXT4-fs (sda1): re-mounted. Opts: inode_readahead_blks=0 02:11:42 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x223, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)) 02:11:42 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x2f6, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:42 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[@ANYBLOB='inode_readahead_blks=0']) r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x20041, 0xbb) fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000840)='trusted.overlay.redirect\x00', &(0x7f0000000880)='./file0\x00', 0x8, 0x3) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000240)=@mangle={'mangle\x00', 0x1f, 0x6, 0x530, 0x1a8, 0x1a8, 0x1a8, 0x1a8, 0x0, 0x498, 0x498, 0x498, 0x498, 0x498, 0x6, &(0x7f00000001c0), {[{{@ip={@broadcast, @multicast2, 0xffffffff, 0xffffff00, 'bridge_slave_0\x00', 'veth0_to_team\x00', {}, {0xff}, 0x1, 0x2, 0x42}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={0x28, 'rpfilter\x00'}]}, @ECN={0x28, 'ECN\x00', 0x0, {0x10, 0x274}}}, {{@uncond, 0x0, 0x98, 0xc0}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@uncond, 0x0, 0xe8, 0x148, 0x0, {}, [@inet=@rpfilter={0x28, 'rpfilter\x00', 0x0, {0x1}}, @inet=@rpfilter={0x28, 'rpfilter\x00', 0x0, {0x4}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x6, @dev={[], 0x10}, 0x1, 0xc, [0x16, 0x30, 0x3c, 0x9, 0x3a, 0x23, 0x8, 0x1f, 0x6, 0xe, 0x30, 0x2d, 0xb, 0x21, 0x37, 0xc], 0x1, 0x7672, 0x7}}}, {{@ip={@loopback, @rand_addr=0x7, 0xff000000, 0xff, 'syzkaller0\x00', 'bpq0\x00', {0xff}, {}, 0x0, 0x1, 0xc}, 0x0, 0xc0, 0xe8, 0x0, {}, [@common=@icmp={0x28, 'icmp\x00', 0x0, {0xf, 0xffffffff, 0x100, 0x1}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@local, @remote, 0x0, 0x0, 'syz_tun\x00', 'syzkaller1\x00', {}, {}, 0x5c, 0x3, 0x10}, 0x0, 0x98, 0xc0}, @ECN={0x28, 'ECN\x00', 0x0, {0x10, 0xfffffffffffffff7}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x590) 02:11:42 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$RDS_RECVERR(r1, 0x114, 0x5, &(0x7f0000000480)=0x1, 0x4) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) setsockopt$inet6_MCAST_LEAVE_GROUP(r1, 0x29, 0x2d, &(0x7f00000002c0)={0x67, {{0xa, 0x4e21, 0x2, @remote, 0x55d0}}}, 0x88) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:42 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0xeffdffff]}}, 0x20) 02:11:42 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f7574650000000200", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:42 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0xfffffdef, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)) 02:11:42 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f7574650000000300", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:42 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000003c0)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f00000004c0)=0xe8) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) [ 869.136290] EXT4-fs (sda1): re-mounted. Opts: inode_readahead_blks=0 02:11:42 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0xffffffff00000000]}}, 0x20) 02:11:42 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[@ANYBLOB='inode_readahead_blks=0']) r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x20041, 0xbb) fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000840)='trusted.overlay.redirect\x00', &(0x7f0000000880)='./file0\x00', 0x8, 0x3) 02:11:42 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x3bf, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:42 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f757465000300", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:42 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) ioctl$PIO_FONT(r1, 0x4b61, &(0x7f0000000480)="73f910315aa62e05693f00e25357dbaa27267954af0c3e8f4f639c0d6e6ac3757c2b91b6d1488cb43f805a391f5ae52cc55a2b62752144c9f8337cff3ba0435113ef244ce8fab74c2784cad68871e5f77431085767e25494cb88ec1e3558c8a8b6bc2d3c69b3f53f349c0a42389a3cf19ee5079012c66bbeae398815d89bf46a23ba7eded4b202a91f077e402cdbbaf864be6fa3ddf036d568550d6001fa2ea6a6d9007b85dbbf1cd9ad51dcc522839c2a96df1ccbed092880adf2b0812cc89a4c37ba99558ebf88ed0f58cd19aefcd00ecffe0f73b06df708f432dfbe85494f87ae69ca513951c474d8776de1968aa0424d7f1daf28e5398b79f8b820e6e1b41a34ae8ce8795d69bcfc6304e799749c8eff9ac4d77ee77fdaaea18266b2450eb2c431ee1c6e828b596968c3a5f5c39018f7cd14a8c2acdbb14e3d48e3abc56031d1900a279e33f903eb93d26bbacf466a852eb853520b5718768fd6fb10d4f7b0537e211c04b3ad01eee8eb0ffa908c057bd3397109f19dd44e37e7fadb2ddbb4922902cf0299172a22ffe29c97378da6a204e16adf1f567c2dd7376268c1f9fbbabde53981d554e91642b7f427134bac35aab50f60b118ab0d7848fa7f7f4a9330865f07075a82db4f99e8b1db1c8ccbe64809439cfe52c4c60990248035e7cf4c264923d9111415d6a3e6e68be1092fc0292e13c103c892f97450646e4ef7cea6e49b0285d3ca6b8ab70befa3db91a50895fc0ada7314539486c97b740e96dc2fc8dedd5bb0c54f2d1d19b66361c334c10eb7742052746357872c122b421404eab3ef5bebe22cb0f55e72916766e1323fa79a8cf45c5c015f03aaff0f19423f7bb6895e825775961858e32dd7bbfc1d2aa72e2d5a9302109dfc5756d2700cb89631a581fdbe301e2f885642df07f236e0f49e2414cb924ba6223b83e0e94a7dcaefeddc212b46db47045fa94760362a041224c88e15a0ddd634780fbdcfca08da72146804a0e6b5b650b1e237701d309ac0982572c608bc64647284a545404749c41dbc45451e594306366bdf799aa63ef004395aae7a6a2237a4e0143188e3303bae0ad2dddd75e4d53973e70a788daec3af890cae53785e3b3837b83d28c95fa2ea8bca636024ac629f7877441c65da3e3c8f4b53b9ba810ddb9e00b3e8729e8c60f0c6e4c74cdac568c29ccc85618308621841246da6a9ad7f59731c8016e1cb8f13ea5e18596464eb4374aba742da408d0846013223379abf9573e56dc14e18c49cafe6ed6c7960a14d1963890486abd9682dd86f7f5c776c01074039c3c6ea1c3d570dcf7dde788df6532653cfac824240e77843bd6a1d00707e3e1189a9252e297b3b168fc5c144739f4ad545dc13e41d5aa27435ec9e4a8c101325b0599d909abf8af12abc47010abb33ece24b2a2ffcdb9bc24c307b689e2dd9745563242a850eae9890acda2bccf360debe8de54a0fbbeb89ebee2cd0b8f2329da8130dcbb7e38f89a21246ec135345080e1269e587891c28272d3c8620ae5f14698c236215a060688f5d67f3667f09e3a89bcc9f21f48e77c0c12b29d710939b2c451f0be7eb0b90f85db49d223505c189abddd56a87ffb1ade02edf5f520b87d60ab81de9b80b506040505023f7371a2fcf068de4ef244a44f3a573cd902d6773b77507c54a5a8865decf09d368e873786b61771099b40f2f8189789d0f9566ce8535e1c5975d0f5c154d4bd72b7b5c3b31d85389bc7e4cb38b1d1816e3ac026c768294e1db8ac1a4be42e02a94034905a5f8c1a56651d5974cf7cbe1f305b0b6d23906502722760a509024b0ff6303786788ecb89aaf8b6ec525e9e99bbe69b831a14e4fafa2a03f3ba00f072910623869ab333d7eeb4bee0784ca9259948c52d32f252bcda8756b2d64a866994805535a915dbdc41bca8bc70248089808ec13e34ad672ffd1035b96fa9e11e189214aeff5a817953e83ef3396ec565f5dce212c96699fcde8245e0f7fa657a46f7061154648693c71c6d26d1cef51d6dfaab8bc2ff654c9b77124095c67109a158feb7c1a8d48eab80032125d287cf0e8ff5443fb74626fb20e73936ccdec48b6d7410f133d27c7ca8046f6d5e3bfbc993cab54f675026fa9eac5142c6a31796cb0881750ebc2b94b0a1e1b2a44e76acdc610f0c13519b336cfb410daed1e0846d55c391579eec96bdfe1285000a2ef10edad9d96b168f3b03e513009988933700345cb15bfa8f224d88ddd862d1f1a4fc0bcd5fa46f2c86f160735088e86c64576d87c022c01c790f4a5e79602d63f0d9d687784166c6c5cab7665f3ce3c6876c67af82e5a925e88bdf18766b291447f323457baac8ca61fe1953520aa3f9b686ce08a121df3bbf50f519b96a055b6b8d8fd85775be9c9a401233a60836e5ab98846855c51ebe240783250333378a43541d40a870278537bb15ee6b07f5e81b272aa321866fc61215feea172cb1ff8cf8de2f92dfcf633182ac19647f8daf7d7c90cb1e1da6427b9edde6a88fafa5fe1df68fd1f16361c42b0e9ed24feacd0dd45327167d2cecec265503e8877fcb46e155a921ada114bd8c7f52f74272c1e4b4b1e86f01f6de74064ca6f48207b3635dc7ac760f69b33b4c896d0bdb0c122635466b4979fad449e0663ff01e9818c77fc4911835354233d9a44350b460239438604f0643db11cf8ca719c4fdc6afad12ef71c477e0935fec7f992966ddca2a6b89ce08bf82a78f20ee81a00b304d327ba4010af3deb9b30613db544fc399dbb0b338ee3351f049330c82583681b7746cd6c905cce50bce69c0e2cee451502c57f31c9b39e97b7d76ae5f4d206dfbc50d39e419bb834e5867f6f6e48ca708f6831a22841963868f9ea97dd8698cfbaa18f853ca835a31c98def73ad298940feecc5b838b6701ee1d74c34616a1ee95cf32882ee6ca4180dd35f8bd0b75c0b38cb0246ed042a1dccc1ebeca1233e4c55af79f15fbf38f16d10579f7d9799ae7e7bdf4cbb222b0e73ed2e4c014a41b8ee9744527e9b152e31352173ded1ff2c861d3355e8b721dbf031fc29536ae351226f0249ba2cc31615b4afa7a34d90fdbfd17fa0ddbf0712e0d8ca47fbfb6882b63638d96267dc1998efa44f1a887794a4a0037423cb1047b8fd648d3b81a3b473b2483b8a54fa17cb00a95bcf4bfd1913dc1c59bebef2cd97ad82374df7f899434f9d7ec763f45b7986da0069f12a24728305db05f8e732af4d71a050e9d80296766b71a842b5fdd691d25f860f5f38842e815e18d9318e495ca2f2b6e4b3cca51c3d7e28504bb7ca07c5a73c67422a0077a64a194e22c62e0cbd76b882b6d8f406ea9516ac675b9068db506c3ec2abb8e67a881ef601b4904af6f01f1d3d97bc74fbb13e1e83ff29727c009bfc075f8d41ce5adf9b88014486491a0b5ead361ddbc6650389dbef587f94e37bd62cc815e457615bb0fb371c625b9439baf0f45b778df5a03772425f7a45c623080d9ec80c9172535d4c25fa0f1f945da2a13f0469312ba9690d54215d30c5419bb537ece4015e7f5566b994621a6e5985eb9a3c035dd0d1af4252ba0736abae2bb21304dd1da62e5a1b837c58187a1b9a3e6ca0268410dee4a29a48b318d5f01483b3c349bf49a4fa42ff30d3243a8607b6c3a55af7871b0de50ff80a3f61d70834d014a838d8b811cbb92e685712d7aa5317373a5bb0059c9c7b2e24f3a1f36f9bad6c1e397ebe8a22f6fa49e6a3c9e92a6cc4b14a350b7937cb328fcea429a86e3c84823d2477be3d75d675b6dd6aaad55442a5d4acc773b395d4a41219c15759d6011022a3692d9798b1446c4606aa1282778fe5a71094a268576401d92bc3597f603ac43917db35e62f8db6570074b0fc360c5f001d787b7d5b2b82fe664cdf274c47bf19d2db350d861d86942034fce7a6ff2dbb7b426b8c7e3419cdabea839b7baba42b9fd8b2332b745f229716ae68593db6701e0a63b46320972302832ed31ca39ab7dbef2c5b87bd40546793d907661b85399eaf020dffda3ef3767320da9fb1b4b6461ddb7cad7a418d59dfa1882fb216f04cbc6d45400878b103f1ced59a4d1561a8ecdf3bc8afd5448bdb622223d78fd1b174880998cc996cb31921be9b461f531e4d078117d5727588dd650348c2006584b365f78d9c2cf344bcd4e5cbf8ffedfaea39e1a2821adaac88305decebb5494fd08938018ca4c874c955db68e217f4ad224942b35e6420e6696b05e46bec0257abda6f68ab8e424317c43e3df4572eaba579c003a4358e4d1382ed0302acc2a3beca9d8d1b00f26a5d0d12cc0e60796c667987eec9c84378acdedf12f9915463022b01ad714a722aa4a56664eab009dd5a206db382b4f4d5a3b2334c4dcf4420e9335db8c88291e01cdbc5eb6769f48f0568a6601a488879521d5cedfd82965598608583e425ffb91bf2a6553d58455a583fe99d6872845b426e6efc2e5de4465b8727fee185c5691f8f357bd31134dc0463b8dcccf72f6469dcc71992dd3a50f34cff8b5747598dbdad89ab719ab877507c946fd4aef49d97c40c1027b8f58a8765580696240e3a3825ac6c266a73c372c78371e8306ea1af261a9ca327237de4ed7bd271f29dc95495ef98219063b08521a0d51f88e8fd286c16e402a11ea25f3b4e6425be06e5a6e993fd25a615e04b477be1e96107ac8cdf84a2a1b5710e1eded0fbe092e416d21c3f09d732b93f98e84a8f63c84ae6db90db72c3eadd7258c78b9946812b41a4cafe8afb67a21f65e6c97b4f6cb2c6ecf472b50912e536fa81d6da89d7e462fced98f89219127f07cb9c09d306cd0657744be40bbd665fbe0ca30a349b75078a157b0296e629d372a71ee53f35ed594216e540f10cbfd3ee0263931bb07d9295447c78de4913482c7ffa79cce4a1292f45dd3bc271e764e495cc9cd895b2f65c7d6e49359951e269c33df7dbeabfd9ac6a5973fc082be84b7c60400b44e377c36dc160ac0635607566055144f78b6b3e57eea198871527167caf4cf202cda5c20e380fe3f0ac08dc30edd07ef06a8f25f4d67fa27ef5f6797358f896a1e5d0f2584876baa662a35761822f6011895d71d800aaf5e98a650a0840e60db61b52bb19dedfc9f28672fc18db3fcec4de3ec491ce0127ce1b50da0373e47c31c70fc3ffc08115828f5bb08260a092cd509131dc008299e68c249a19790d44453161bbcde92694158ab0802bc035cf296128b9bd51c8d1db171306c05fe767c1260a3507f25cbae59bb53c84727ddb9429cfbfe2226a0b64aeaba8b1f3de9fbc9dbd1bc59b0a9417cc3fa4ce33351f5cf0f554bb799ca719dfbd6991b21f7da153df68d1d62c9520d4204c04592d472ab95d549a77544dd66738bd64e16c989e754918b803604c50fe65a3baec83fbf6a06569de1e6fb8e98b337e243774048d3aa2b4c2610cea263278cdfce53139054384f71cf4eb9dde244790c3340421fddadde36170223b599a0f86badd606ef6a333cec20de170e894e5be4a7cf0edd5ba7528688ef3b74dbe56a855f55d4583ee43df48a272469690ae2a817e513386e422bd70d5e7b54316250cd4a8dcd59f3c1cf29730bd116197d3881bb506b6fa7b15e3b8385d2073fa8d09d04b9f441a98030ea7bd0b7fa02c9637035efc45cff726bd48eab4832dd3a67744cbc6e55cc2f53157b996b7fa778a3c47d867c094547b1adfce0082c0ed52547876f1556b0a95e64e22c73954f4c222af9764ddb4cd4e91c103459d512e93a8a7debe5149c7a48ef5e3d5e22") 02:11:42 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x6558, "94a7030000e8"}}}, &(0x7f0000b0c000)) [ 869.303717] EXT4-fs (sda1): re-mounted. Opts: inode_readahead_blks=0 02:11:42 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f757465000000000000000400", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:42 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[@ANYBLOB='inode_readahead_blks=0']) openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x20041, 0xbb) 02:11:42 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0xe8, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:42 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f00000002c0)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:42 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x34000]}}, 0x20) 02:11:42 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00\x00\x00\x00\x00\x00\x00?\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:42 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8100, "94a7030000e8"}}}, &(0x7f0000b0c000)) [ 869.460008] EXT4-fs (sda1): re-mounted. Opts: inode_readahead_blks=0 02:11:42 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000340)='/dev/ppp\x00', 0x0, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000480)='/dev/vcsa#\x00', 0x3ff, 0x8e803) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000004c0)={0xfffffffffffffff7, 0x20, 0x1, r1}) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000080)=0x4) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r3, 0x641f) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r5 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r3, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) syz_execute_func(&(0x7f00000002c0)="66430f6d18c461e9ddf2c4e12ddd6fed44dee70f05660f44ea8f8978c1e58b6c12d4c44379631100c4a261a69300000000") ioctl$sock_SIOCINQ(r4, 0x800448d2, &(0x7f0000000140)) 02:11:42 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[@ANYBLOB='inode_readahead_blks=0']) 02:11:42 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0xfffffffffffffdef]}}, 0x20) 02:11:42 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x4305, "94a7030000e8"}}}, &(0x7f0000b0c000)) 02:11:42 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f00000002c0)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:42 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00\x00\x00\x00\x00\x00\x00@\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) [ 869.661334] EXT4-fs (sda1): re-mounted. Opts: inode_readahead_blks=0 02:11:42 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x63, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:42 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x100000000000000]}}, 0x20) 02:11:42 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[@ANYBLOB='inode_readahead_blks=0']) 02:11:42 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) accept4$alg(r0, 0x0, 0x0, 0x80800) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) ioctl$SG_EMULATED_HOST(r1, 0x2203, &(0x7f0000000340)) 02:11:42 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8906, "94a7030000e8"}}}, &(0x7f0000b0c000)) 02:11:42 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r0, 0x641f) ioctl$SNDRV_RAWMIDI_IOCTL_DRAIN(r1, 0x40045731, &(0x7f00000002c0)=0x8000) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f00000006c0)=""/145, &(0x7f0000000300)=0xfffffffffffffc72) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:42 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f757465000000000000000500", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:42 executing program 1: mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[@ANYBLOB='inode_readahead_blks=0']) 02:11:42 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x200000000000000]}}, 0x20) 02:11:42 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8035, "94a7030000e8"}}}, &(0x7f0000b0c000)) 02:11:42 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x2bc, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:43 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x0, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[@ANYBLOB='inode_readahead_blks=0']) 02:11:43 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) prctl$getname(0x10, &(0x7f00000002c0)=""/4) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000300)={0x9c28, 0x10, 0x1, r1}) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:43 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0xeffd]}}, 0x20) 02:11:43 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8848, "94a7030000e8"}}}, &(0x7f0000b0c000)) 02:11:43 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x2]}}, 0x20) 02:11:43 executing program 0: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vga_arbiter\x00', 0x800, 0x0) getpeername$packet(r0, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000340)=0x14) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000080)=0x4) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r2, 0x641f) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r2, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r3, 0x800448d2, &(0x7f0000000140)) 02:11:43 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x0, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[@ANYBLOB='inode_readahead_blks=0']) 02:11:43 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8864, "94a7030000e8"}}}, &(0x7f0000b0c000)) 02:11:43 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x0, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[@ANYBLOB='inode_readahead_blks=0']) 02:11:43 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x131, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:43 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f75746500000000ffffffff00", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:43 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000300)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) socketpair(0x1, 0x807, 0x4, &(0x7f0000000080)) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:43 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x0, 0xfffffdef]}}, 0x20) 02:11:43 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='inode_readahead_blks=0']) 02:11:43 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) ioctl$DRM_IOCTL_DROP_MASTER(0xffffffffffffffff, 0x641f) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000000)={0x0, 0x2b, "4bfaa2c95fcb493ed5d53f6ef256567a51f24833f9ab194b33df3a2a30074de7aa45fa59752572bc1717ef"}, &(0x7f00000002c0)=0x33) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f0000000480)={r3, @in={{0x2, 0x4e22, @multicast2}}, 0xfffffffffffffff7, 0x6d}, &(0x7f0000000300)=0x90) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(0xffffffffffffffff, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r1, 0x800448d2, &(0x7f0000000140)) 02:11:43 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x0, 0xeffdffffffffffff]}}, 0x20) 02:11:43 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8847, "94a7030000e8"}}}, &(0x7f0000b0c000)) 02:11:43 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x3fa, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:43 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) clone(0xe210800, &(0x7f00000002c0)="649bb56b78b369504e4b5943ee9653581be567470707", &(0x7f0000000300), &(0x7f0000000340), &(0x7f0000000480)="c5e7911ba2580affb1164026a389306bcd30f657bb45cf3c3ccc5a466d07fe1519d1d1f4008a13f6a827cfe9727a3c7f2965eeedec9eb4bff429fd0e4f4d89ab75b892634bf03b69143201d721979b673f8e8975b19843920ffa19013cd8f0ba2545e217f7289cc9762b9716cfb3d6cfe9c20313797a884ce2baa262881735f4dd11ddc6cac7a0ee672b8c967393ab3e1fe179cac20cd75aeefddd369e6296d42411a5bd842fdc29f8f682d0cd2f69a4be03a1a400e46f4c8b1434912187dcce90ff76b363197afabdb42c4b5fa0eb0c5596be5dad82e001b0d2146b95e3c65e55d738ce43d66a70819ec3a0d415dda97444ed6903508400ea71e1601f265645ae25f18ee418cc7f95f7c42dfbd53d4161b80f0b30cd5ecad9c24c13db7296db1f083e231c95f24cb4ebd1cd9d22fbecc5c4b56bc862d61e89f3564e1dba546966bda884854c44ce435f8008ece8745b53d168361f40e0d6b4694af76a0c690150b01d00ff8d292e309954257e4e1de4e0b1175d0c7a64ad28b4a4920a101607069af54d343df495b4ef56339eeb85123ac24b1c5c74afde63166d35730948bf8879f8acfac5eff4bca588c1ff7d89d7953b47627262735fdb34020af622b864cd576a015b6a3f6065f0e3ae86d33aa7ad6ba2870058a11bd8785b6e5389567baff0c852ed35639a2cfbcdb734f5ae109c2bac773d362dc0ebd3910cd4cdc0f7f5a72328943357d2e895b6dbba954bc801c63de1cce3484efe2878d1b45e06ee477db3994d16678f138de29e1b79dd7ce71bd405257103fce95e256b48ffdfb23af266cbcf631742973d5ca79d68149857fc11019f6bb48bd64adf03e60bfe3a42e4ed0a8f294091edf590ed819a7736324708d846ceca66fa8adfc12d7c6336b6b1a618e820700cd5f79d170d4790406df587e1ebe9fde9bfb2fea5802896fbcacc25960d98dec41064ee8ecd0f71884d11eea9453d58ffefd6a7c499ef37af1d78523e8b0e2ce98b734bd2bdcdf1a226d06be37be4b6211a07536cc5bcc717b88b316d4ea0460846640ecf02ffc7765d28ba8b5ec490519709316c19cbc9d22241e931a7195f25b76ea35f3b3e727efb974c240c0480e3e61c26d8639763dcc87879a0fa46de06032a74d7719f6a5b8405db601b2d17176128f87881e2d733531fea18dc8fe2859badfffa8026a954f7285c691c546402b4789d7ccdf3aec3bd498bf6196ceb4a839b78dad9234d60f252ef1ed8edf4195339096b601775963f706a256e381b7f52cb587de4286928fb6b1d6e7abe3ffa002b46bad261b0f7fe16790d2e30b840483fbaea8ef484e9cd330245d6ee6e922e5a5c589a3710c2386b12ed376e6b899843fc2513b6d4186134d55fb9efbb549d2f0555e3d4d4f73c1c1e9f21707a6b10713af2574bce02da04a88ee1fe7ea91eb39a82d84abe50ef56d4b5514eb94df71fcb31e9a3a25e0e69a45b941b793b5ab9799981f4a23fd66598a88e4c64e5d4cacaacac9d3f11476bff7af89b61b67e5e99c860c71b194b4d58c8967fc744122fdf2d6d30f2735e0097274f0950ce582cbad3c8401e9efb1a50f19d73264c976b54581219bcb089fa2a57d961bbea72fc6c2c39df1294dda5eb3d343f7c07a735d824e43e945cb114759096723504de7736a17cc4dba31b6137edd29101d6375dd2e323e6fa08f40f171979e2bc8e8b2843a1f58d2fc6cebb3d916f167f5b88be48def2116d4209414458bc02d46614780529a276ed8aca084cbe8029fc904c3a47139d731442edc4fd0a881e5a391d0f17bb1aed4799cf009ab626bfc28f0e0c4267924ad20c61dd0019f3aa4da8239fe464202153bfd661a82f69c00404aea58b37667397c90f4149148c456d7fec2736906974b5f89d79d84e1a3fa4a81b8d2d9bc7283d794206d8b78d26d15f4e449bf8f8360314b447323f40af2f073cfc8bf5113abe1935483e5df51e570d69bd43b7ef76f58529039b249eb768be14e7d4ddcca43a969ab906076a4c56de30a0ad5906bb71e87c9c2d521f79f8d0b2dd71b6c82618d2cc78cb53413693b54ed5daa0d7d2a9b7517f053186642d3f2a03031dc542ee2119bdd9167e6330d395912aa8f667a8adb27466b291d78126316cf5e9520b9fe8f6e776c77dbf24fdbc92f519744d6b135866d22b3a415fa379d7f9a6b09ed714ccd24571a49452f1ea6a64dc9ea20d0b7774cb38885f33e6ec1fc5f71af439b4f4acc0611f2515a234b4fb6e0b3b6bd4e62ee16a8407b07ef027198edc37778ffc4507b94c99e9c35bb51006e685792dcf17bb29054673c97e1975849c9b94117e58a2c65abaea89c1b6960deab479947fcef0cda95a032bd8346af0552f883df0287d94c0ff6ee61dadaf35a5e7bd86e4f2819c873290690d0fcd1b89f92ecfe913c37d5b704751fd6cb03af7e6c414ed1d6a68c768832b20a32decba948233b27cd7df93414e9f3c96303cfcd7d7ccc705fb0d55fb6bd8096db50ee68ac459c22804fd25c6dc5f9e680d72ad2dafbb4a2dd449587e965b5a8f7618006f555f226f804b0ef6cfeacbbd79ef33df65a5cf0a64b48824f0daaf324857ee0ce4174dbbcc873a5dc5475ff149686e087f04bc416a418b1bb661dc7bc798e2207d5898e3386a89df41cd8d07e2347b23d0469097fc2e790f29f7d09e1da251b991da0ad030afd453ef9769637d95a5ef5b6b7226880c875ebf992f4cedfd80817e89d6c8e27d1217d9f0530ec5d3650b2725b6c87797d365a889744b49765ee361008cbca90ec35991dfada808c6518c0de3171b53042c8a78834d8962c274b600fa5c2b7a60861e76ece8645b1d62af19ab364da17597fbff63871074fce0376e7185ce0c655aacd99c78b7c6bcca587341f5f07a24761d978f3d101fd598c6ff7b341681167fec33e531342f4deaaa26a7df28a106b03b36f9edcfda3e3122017e63a820e318b8f7856bd9db3ebe96ba978bb46e5e5fbc84f7b454db9b730ef176eb3308e701af1972f4d1953ce64d33d5be6a0f72abe982bba587ad92d253389d18d508a0c3cb001362357bbb445ec5084fd608b90e073adbb62e5a988adfa34f183288a7319c01f34d2bbbf838eb5564b7b7336784c395ca176c9da10adc9b236bbe82c431bc28033f845230fcd710301748e6af55372210f8222da462e69e8b3cb9e1adbe16143939e3964d77ee4b7fc84df923ba8a4a4e215255b04ceaed0ad4b3e2627405e11d11364519e49ebd5263066b9498eb16e6ab46d250b5f9275c55b96dd694bd6e95fbee4a16bc5ddbec999e7e497e021754885f21e9e16dddd924b6073447ffdb72901d0cd71508eec8835eb676de849001f221e8c1c983f07dc08fb193253b1c225fc1c788c823c93ca4c07c6166970b73016aea95ab3cad56453fb51e687bd34d781e76e17138f807a77c8a90c4b3a5b046aa8c69c8297512c41c5d4216d34f99cdff97c9a10ae36091837414c3e7fedd6f15c39d19b643ee48ef22bd46c69023d2f9a119c5db232bba67ecfbd45ab4f9a25c26a3e98db11b0048f7ba0245ce8c7376b8d293be5210b2c4c5690c7db0438527e016cef6782148abca0c3a947a9d5de626babb7410a3d34b4bb5c71c8f56685bada3fc459e490e0c152eed29cac38fb30d23ddc2dd3e77a8bd99600c41bb1e5eb0bfcdbc57381813ff0567f4ef00b8e37c8499fb181427c52b9f2f47626283041aed0e8379749690c31022b72008b8b9ddb3193cc4e66d3ab428b1bdcb59337f975f4fc89ffe5225d6fc4d9a7d3da831b7d540d2e38c7ee64566599f75c01d535ca70472b65bb0c860a249bc39118a21e94b0082c101c7327abdfe9aca03eda89a0bd79280cf94996b75c4dc5af2af0552aaeb4d8c02595862cda6c88136aa7f8b736cfd783b01c307afc7d46d162e1d186b02af9600f1080106c23c2085bbce0f42b2370e6a433b6cf7050d71fe6e411f1902245b2fd97c124fcfd05e920afa87319756977b62550f7c72f020cedaba8ba97a0d76b592f5bb6b661039c3e6bc586f0a7b4e1af859557cb075457b9fb4ab28ae183c20851137b990b24210530e94c96f8705edc70927a0a411647399c91dfe8bcbd6dd7b02245bfc399ecb4f8b0a92ac419919a0db1148e51f52c6477d9554bc2ab5389dd06e55ff65ee059cca1b99421dac0742861a8d65351205de292a72b0f23b3ab9673e3e27d9bd2c3272e3b3cef1ff819178c69ff91abd2ac5b531632ea1ce248f10fad10dcf4f5c5c9a9bfee698a4d2410f76cb497916fa542061fdab640520b88b53cc636c85b3c1ba86e09578c25a1c4f4b17da11d5ee855297b14d95979feeb74f2fdf03ebe11332de39d04513a31ffc39591560f4308cab134d0cba8252e24f51e3d626e9c22b015e75372c2876fd89b0beb0359cad3a9e8fec2d5c8c01dfbec262fa60b9cba280cb7a1e263985cb4f1d724e0b509ff679c8503d7f2bd93812bfefbd3467cdcf476d1a442a15e5ea91311285c6fc2d7f5caee8558a8010c15d75715527db7025f83d63111463ce4b9cd6d64aee66a7e9184fb5955b32d3cd6d254ad5c798950af81639f62a67d2ca7d7861f647e276e50f26fdf092d86dbc45a1775cc474f0a95c14802bcd9f204a660d486b8a0cf88e1470dbd0c92522b98775cf6abe3a344db1c8656f62c0b5e8182e9c899d7d0fd4ab0587635679898d970c4ab2a414c396205d6e43cd642b38592c130b39f59be766dcca865c476cfc81c9e02296969fb0181f7f4a85f58316eaff18b8433d17df436d6024cd2d197fff9072fbd1ba577b4ae141233bc6cf3c4bb5c8706b5e280cc299cd9f7a561301dd9eed43ad9d5b9a7eaa5fa7d5fb8d2e488e31dfde0242875af0e828bae0a7daa6fc9722be8ae3ead8cbb864a4a4796a17da25e79ba27b25d020eb7b4d34e8e0835666898cffb9b57ee2be3c9b48f9ddf50eca5b3a3b315e28f7a204cc08e2d4efd9749a94133101f0a1d23e89ac7848cd8e8797af8bbb6e3fb1d1abe1053cf1b8bc0cae5a90a9c3a9adb2f97cd167a9d415da057cc4195d78237958aa9c7a1c2657557646c9b082b75ed37963d80a025337056470cfd978c7838b1012f2f43c332b39e35b9552358264c2622b2f897b724d13593890eabf1115cbe450a6ae0e6ab662853df7fed1662403d8e6284a68ca176a83d1bf3fa912fb2ed6bbdbb4868c7a94cb5b4d725aebfb6913b21e750f3a37b44d37dd2907adccb7192928dedc802c6558c9a02e44e5cf28145031de318a64acccbe6bc48179c4f915f0a583372d7ad486a06745fbf04b3f11b5d3ff37fdf5a471d92cf6327ece1f3e6774810c9ce4cbfec3070a79cb423ccd19b1f27405015e3a96c2928db0d8f65dbf9a6ed6be3fe3ae721fb0b3aca2c2e60eaf51d9c78f06fb14017ac1125f430e2b509fd5cf1eeba29d12ce1274b119a4bf7c66f794884d9c59bdaebfa8b44e6651d09550a3ca94c9d96179368d48af58af333c5b497c97c4f0532466a55e348c874de811f142b7d1946cde9c8877852da5068ec73d063f00034dcca9d7ee875a516fb5e17515c90f9895565f06813ffc3be7130eb39f86cec1f734d837b682c65b1f1af7d91a594be3d68e41262d173c0fac3ec8db98e4a995e18071b246f3f6426ab1ddc1fc607e8616e70f63bae735dbbfe2ceedf5ea40e4c8740795beeab967c8d4ddd6eb38510f34c775dcde75f53af5a3c99bcec4a901058f646ab36af6aec18b98709d241dc57aac6b59693c9a01390486b0e3277f51ee4481d3971d101af78f") r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) [ 870.770125] IPVS: ftp: loaded support on port[0] = 21 02:11:43 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[]) [ 870.899876] EXT4-fs (sda1): re-mounted. Opts: [ 870.913599] device bridge_slave_1 left promiscuous mode [ 870.919216] bridge0: port 2(bridge_slave_1) entered disabled state [ 870.943046] device bridge_slave_0 left promiscuous mode [ 870.948557] bridge0: port 1(bridge_slave_0) entered disabled state [ 871.007637] team0 (unregistering): Port device team_slave_1 removed [ 871.018076] team0 (unregistering): Port device team_slave_0 removed [ 871.029485] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 871.064637] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 871.112228] bond0 (unregistering): Released all slaves [ 871.498062] bridge0: port 1(bridge_slave_0) entered blocking state [ 871.504540] bridge0: port 1(bridge_slave_0) entered disabled state [ 871.511675] device bridge_slave_0 entered promiscuous mode [ 871.548022] bridge0: port 2(bridge_slave_1) entered blocking state [ 871.554503] bridge0: port 2(bridge_slave_1) entered disabled state [ 871.561661] device bridge_slave_1 entered promiscuous mode [ 871.597075] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 871.633921] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 871.749721] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 871.777026] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 871.897767] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 871.904954] team0: Port device team_slave_0 added [ 871.926362] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 871.933496] team0: Port device team_slave_1 added [ 871.955489] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 871.984703] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 872.016405] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 872.023864] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 872.031692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 872.055924] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 872.253190] bridge0: port 2(bridge_slave_1) entered blocking state [ 872.259577] bridge0: port 2(bridge_slave_1) entered forwarding state [ 872.266219] bridge0: port 1(bridge_slave_0) entered blocking state [ 872.272567] bridge0: port 1(bridge_slave_0) entered forwarding state [ 873.003490] 8021q: adding VLAN 0 to HW filter on device bond0 [ 873.073165] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 873.141554] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 873.147848] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 873.154975] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 873.226787] 8021q: adding VLAN 0 to HW filter on device team0 02:11:46 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x806, "94a7030000e8"}}}, &(0x7f0000b0c000)) 02:11:46 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x0, 0x400300]}}, 0x20) 02:11:46 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00?\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:46 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x242, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:46 executing program 1 (fault-call:2 fault-nth:0): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[]) 02:11:46 executing program 0: r0 = semget(0x0, 0x7, 0x29) semop(r0, &(0x7f00000002c0)=[{0x4, 0x3, 0x1800}], 0x1) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000080)=0x4) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r2, 0x641f) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r2, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r3, 0x800448d2, &(0x7f0000000140)) [ 873.667294] FAULT_INJECTION: forcing a failure. [ 873.667294] name failslab, interval 1, probability 0, space 0, times 0 [ 873.682670] CPU: 1 PID: 325 Comm: syz-executor1 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 873.691022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 873.700382] Call Trace: [ 873.702994] dump_stack+0x244/0x3ab [ 873.706684] ? dump_stack_print_info.cold.2+0x52/0x52 [ 873.711916] ? lock_downgrade+0x900/0x900 [ 873.716083] should_fail.cold.4+0xa/0x17 [ 873.720155] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 873.725271] ? __f_unlock_pos+0x19/0x20 [ 873.729283] ? lock_downgrade+0x900/0x900 [ 873.733462] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 873.739021] ? proc_fail_nth_write+0x9e/0x210 [ 873.743530] ? proc_cwd_link+0x1d0/0x1d0 [ 873.743548] ? kasan_check_read+0x11/0x20 [ 873.743568] ? do_raw_spin_unlock+0xa7/0x2f0 [ 873.751805] ? fs_reclaim_acquire+0x20/0x20 [ 873.760524] ? lock_downgrade+0x900/0x900 [ 873.764703] ? wait_for_completion+0x8a0/0x8a0 [ 873.769304] ? perf_trace_sched_process_exec+0x860/0x860 [ 873.774769] ? fsnotify+0xf10/0xf10 [ 873.778458] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 873.784016] __should_failslab+0x124/0x180 [ 873.788267] should_failslab+0x9/0x14 [ 873.792073] __kmalloc+0x2e0/0x760 [ 873.795647] ? strncpy_from_user+0x5a0/0x5a0 [ 873.800092] ? fput+0x130/0x1a0 [ 873.803386] ? __x64_sys_memfd_create+0x142/0x4f0 [ 873.808239] __x64_sys_memfd_create+0x142/0x4f0 [ 873.812914] ? memfd_fcntl+0x18b0/0x18b0 [ 873.816999] do_syscall_64+0x1b9/0x820 [ 873.820900] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 873.826283] ? syscall_return_slowpath+0x5e0/0x5e0 [ 873.831233] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 873.836101] ? trace_hardirqs_on_caller+0x310/0x310 [ 873.841132] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 873.846197] ? prepare_exit_to_usermode+0x291/0x3b0 [ 873.851263] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 873.856120] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 873.861314] RIP: 0033:0x457519 02:11:46 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f7574650500", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:46 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/autofs\x00', 0x105080, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffff9c, 0x84, 0xf, &(0x7f0000000480)={0x0, @in6={{0xa, 0x4e20, 0x2, @ipv4={[], [], @rand_addr=0x8}, 0x709}}, 0x3, 0x0, 0x80000000, 0x7, 0x3ff}, &(0x7f0000000300)=0x98) setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r1, 0x84, 0x5, &(0x7f0000000540)={r2, @in={{0x2, 0x4e23, @loopback}}}, 0x84) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r3, 0x641f) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r3, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r4, 0x800448d2, &(0x7f0000000140)) 02:11:46 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f757465980100", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:46 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f757465000000000000000600", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) [ 873.864554] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 873.883477] RSP: 002b:00007fe98cd2fa88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 873.891228] RAX: ffffffffffffffda RBX: 0000000020000100 RCX: 0000000000457519 [ 873.898535] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000004bc74a [ 873.905808] RBP: 000000000072bf00 R08: 0000000000100020 R09: 00000000fbad8001 02:11:46 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x0, 0xeffdffff]}}, 0x20) 02:11:46 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f00000002c0)=0x7) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r0, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) msgget(0x1, 0x20) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) socket(0xb, 0x80005, 0xd34) [ 873.905817] R10: 0000000020000100 R11: 0000000000000246 R12: 00007fe98cd306d4 [ 873.905826] R13: 00000000004c49d1 R14: 00000000004d7d28 R15: 0000000000000003 02:11:47 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x894f, "94a7030000e8"}}}, &(0x7f0000b0c000)) 02:11:47 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f7574650000000100", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:47 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x0, 0xeffd]}}, 0x20) 02:11:47 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0xc9, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:47 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000001580)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000001680)=0x4a) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f00000004c0)=""/145, &(0x7f0000000480)=0x91) getegid() read$FUSE(r1, &(0x7f0000000580), 0x1000) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000300)={0x0, 0x18, 0xfa00, {0x2, &(0x7f00000002c0)={0xffffffffffffffff}, 0x111, 0xf}}, 0x20) write$RDMA_USER_CM_CMD_REJECT(r1, &(0x7f0000000340)={0x9, 0x108, 0xfa00, {r3, 0xda, "a68fad", "3d6c2fd644787278385611babcc8ac15d3ad43529b58a89b6692eb40842b8a6dc4d1b07335887ad2157186a0fbdef68ccffcbe08feba6a1f17dd1eb86d7285f8afbf3e20706c3d8ad61e0f7049d46e4891be3b18c79425c67a498ecc8a249ff90dcf50833dc22f5b1686c52cbdf1d5b12a6ed61c47be7a62a359d0074b5be0adbbdaa9bc6fcba1fcbb27880a25d96ab4125d9cf0f970995fe016885aed22535e28ebc54f905a9e7ef4b7cc119bb7f805780326af278767dd143cb949f9f5a2cc983d589a42bd4db2f0a43d9391223787f37b4e093351ae72d9b4f2d9ec770751bbc9412ac2a7861b1379ba60facf85f51b9eb04d0dabc7fff9ca35bea82f91a8"}}, 0x110) sendmsg$nl_route(r1, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:47 executing program 1 (fault-call:2 fault-nth:1): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[]) 02:11:47 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f7574650000000400", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:47 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7040000e8"}}}, &(0x7f0000b0c000)) 02:11:47 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x0, 0xfffffffffffffdef]}}, 0x20) 02:11:47 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f75746500980100", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) [ 874.190551] FAULT_INJECTION: forcing a failure. [ 874.190551] name failslab, interval 1, probability 0, space 0, times 0 [ 874.227723] CPU: 0 PID: 410 Comm: syz-executor1 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 874.236110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 874.245475] Call Trace: [ 874.248105] dump_stack+0x244/0x3ab [ 874.251781] ? dump_stack_print_info.cold.2+0x52/0x52 [ 874.256990] should_fail.cold.4+0xa/0x17 [ 874.261090] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 874.266217] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 874.271248] ? bpf_prog_kallsyms_find+0xde/0x4a0 [ 874.276029] ? is_bpf_text_address+0xac/0x170 [ 874.280535] ? lock_downgrade+0x900/0x900 [ 874.284698] ? rcu_read_unlock_special+0x1c0/0x1c0 02:11:47 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7060000e8"}}}, &(0x7f0000b0c000)) 02:11:47 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f75746500000500", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) [ 874.289645] ? kasan_check_read+0x11/0x20 [ 874.293805] ? fs_reclaim_acquire+0x20/0x20 [ 874.293820] ? lock_downgrade+0x900/0x900 [ 874.293838] ? expand_files.part.8+0x571/0x9a0 [ 874.293851] ? perf_trace_sched_process_exec+0x860/0x860 [ 874.293866] ? iterate_fd+0x4b0/0x4b0 [ 874.293880] ? __save_stack_trace+0x8d/0xf0 [ 874.293897] __should_failslab+0x124/0x180 [ 874.293911] should_failslab+0x9/0x14 [ 874.293927] kmem_cache_alloc+0x2be/0x730 [ 874.293950] ? shmem_destroy_callback+0xc0/0xc0 [ 874.320538] shmem_alloc_inode+0x1b/0x40 [ 874.320557] alloc_inode+0x63/0x190 [ 874.345154] new_inode_pseudo+0x71/0x1a0 [ 874.349218] ? prune_icache_sb+0x1c0/0x1c0 [ 874.353508] ? _raw_spin_unlock+0x2c/0x50 [ 874.357667] new_inode+0x1c/0x40 [ 874.361054] shmem_get_inode+0xf1/0x920 [ 874.365049] ? shmem_encode_fh+0x340/0x340 [ 874.369292] ? lock_downgrade+0x900/0x900 [ 874.373468] ? lock_release+0xa10/0xa10 [ 874.377483] ? perf_trace_sched_process_exec+0x860/0x860 [ 874.382953] ? usercopy_warn+0x110/0x110 [ 874.387040] __shmem_file_setup.part.50+0x83/0x2a0 [ 874.391995] shmem_file_setup+0x65/0x90 [ 874.395979] __x64_sys_memfd_create+0x2af/0x4f0 [ 874.400654] ? memfd_fcntl+0x18b0/0x18b0 [ 874.404738] do_syscall_64+0x1b9/0x820 [ 874.408629] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 874.414005] ? syscall_return_slowpath+0x5e0/0x5e0 [ 874.418967] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 874.423823] ? trace_hardirqs_on_caller+0x310/0x310 [ 874.428849] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 874.433870] ? prepare_exit_to_usermode+0x291/0x3b0 [ 874.438937] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 874.443792] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 874.448998] RIP: 0033:0x457519 [ 874.452208] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 874.471113] RSP: 002b:00007fe98cd2fa88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 874.478844] RAX: ffffffffffffffda RBX: 0000000020000100 RCX: 0000000000457519 02:11:47 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x0, 0x100000000000000]}}, 0x20) [ 874.486114] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000004bc74a [ 874.493411] RBP: 000000000072bf00 R08: 0000000000100020 R09: 00000000fbad8001 [ 874.500718] R10: 0000000020000100 R11: 0000000000000246 R12: 00007fe98cd306d4 [ 874.508009] R13: 00000000004c49d1 R14: 00000000004d7d28 R15: 0000000000000003 02:11:47 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00\x00\x00\x00\x00\x00\x00\x00\a\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:47 executing program 1 (fault-call:2 fault-nth:2): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[]) 02:11:47 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x21c, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) [ 874.651108] FAULT_INJECTION: forcing a failure. [ 874.651108] name failslab, interval 1, probability 0, space 0, times 0 [ 874.681030] CPU: 0 PID: 451 Comm: syz-executor1 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 874.689374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 874.689395] Call Trace: [ 874.689430] dump_stack+0x244/0x3ab [ 874.704989] ? dump_stack_print_info.cold.2+0x52/0x52 [ 874.710192] should_fail.cold.4+0xa/0x17 [ 874.714260] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 874.714276] ? __kernel_text_address+0xd/0x40 [ 874.714292] ? unwind_get_return_address+0x61/0xa0 [ 874.714308] ? __save_stack_trace+0x8d/0xf0 [ 874.714327] ? save_stack+0xa9/0xd0 [ 874.714341] ? __lockdep_init_map+0x105/0x590 [ 874.714358] ? kasan_kmalloc+0xc7/0xe0 [ 874.745197] ? lockdep_init_map+0x9/0x10 [ 874.749278] ? fs_reclaim_acquire+0x20/0x20 [ 874.753602] ? lock_downgrade+0x900/0x900 [ 874.757750] ? perf_trace_sched_process_exec+0x860/0x860 [ 874.763201] ? lock_release+0xa10/0xa10 [ 874.767167] __should_failslab+0x124/0x180 [ 874.771395] should_failslab+0x9/0x14 [ 874.775204] kmem_cache_alloc+0x2be/0x730 [ 874.779340] ? mpol_shared_policy_init+0x235/0x650 [ 874.784276] ? current_time+0x72/0x1b0 [ 874.788163] __d_alloc+0xc8/0xb90 [ 874.791621] ? shrink_dcache_for_umount+0x2b0/0x2b0 [ 874.796626] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 874.801656] ? ktime_get_coarse_real_ts64+0x22e/0x370 [ 874.806846] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 874.812370] ? timespec64_trunc+0xea/0x180 [ 874.816591] ? inode_init_owner+0x340/0x340 [ 874.820906] ? _raw_spin_unlock+0x2c/0x50 [ 874.825051] ? current_time+0x10b/0x1b0 [ 874.829028] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 874.834563] ? check_preemption_disabled+0x48/0x200 [ 874.839571] ? __lockdep_init_map+0x105/0x590 [ 874.844061] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 874.849603] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 874.855143] d_alloc_pseudo+0x1d/0x30 [ 874.858959] alloc_file_pseudo+0x158/0x3f0 [ 874.863355] ? alloc_file+0x4d0/0x4d0 [ 874.867146] ? usercopy_warn+0x110/0x110 [ 874.871217] __shmem_file_setup.part.50+0x110/0x2a0 [ 874.876237] shmem_file_setup+0x65/0x90 [ 874.880208] __x64_sys_memfd_create+0x2af/0x4f0 [ 874.884866] ? memfd_fcntl+0x18b0/0x18b0 [ 874.888916] do_syscall_64+0x1b9/0x820 [ 874.892788] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 874.898138] ? syscall_return_slowpath+0x5e0/0x5e0 [ 874.903060] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 874.907905] ? trace_hardirqs_on_caller+0x310/0x310 [ 874.912906] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 874.917909] ? prepare_exit_to_usermode+0x291/0x3b0 [ 874.922921] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 874.927757] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 874.932947] RIP: 0033:0x457519 02:11:48 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) r3 = gettid() ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r1, 0xc1105518, &(0x7f0000000480)={{0x9, 0x3, 0xfa5, 0x6d, 'syz1\x00', 0x9}, 0x6, 0x200, 0x2, r3, 0xa, 0x5c0, 'syz0\x00', &(0x7f00000002c0)=['/dev/dsp\x00', '/dev/dsp\x00', '$vboxnet0systemwlan0\'\x00', 'bdev\x00', '/dev/dsp\x00', '/dev/dsp\x00', ']\x00', 'nodev\x00', '/dev/dsp\x00', ']security[\x00'], 0x5b, [], [0x2, 0x7fff, 0xffffffffffffffff, 0x5]}) 02:11:48 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7020000e8"}}}, &(0x7f0000b0c000)) 02:11:48 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f75746500000000000000019800", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:48 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x0, 0xffffffff00000000]}}, 0x20) [ 874.936135] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 874.955021] RSP: 002b:00007fe98cd2fa88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 874.962720] RAX: ffffffffffffffda RBX: 0000000020000100 RCX: 0000000000457519 [ 874.970010] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000004bc74a [ 874.977275] RBP: 000000000072bf00 R08: 0000000000100020 R09: 00000000fbad8001 [ 874.984556] R10: 0000000020000100 R11: 0000000000000246 R12: 00007fe98cd306d4 [ 874.991831] R13: 00000000004c49d1 R14: 00000000004d7d28 R15: 0000000000000003 02:11:48 executing program 1 (fault-call:2 fault-nth:3): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[]) 02:11:48 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x0, 0x200000000000000]}}, 0x20) 02:11:48 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000540)) getsockopt$inet_sctp_SCTP_RECVRCVINFO(r2, 0x84, 0x20, &(0x7f00000002c0), &(0x7f0000000300)=0x4) 02:11:48 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f757465000000000100", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:48 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x39f, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:48 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7038864e8"}}}, &(0x7f0000b0c000)) 02:11:48 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x0, 0x1000000]}}, 0x20) 02:11:48 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00\x00\a\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) [ 875.139585] FAULT_INJECTION: forcing a failure. [ 875.139585] name failslab, interval 1, probability 0, space 0, times 0 02:11:48 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x2a6, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) [ 875.231700] CPU: 0 PID: 487 Comm: syz-executor1 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 875.240092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 875.249459] Call Trace: [ 875.252062] dump_stack+0x244/0x3ab [ 875.255706] ? dump_stack_print_info.cold.2+0x52/0x52 [ 875.260931] should_fail.cold.4+0xa/0x17 [ 875.265010] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 875.265029] ? __kernel_text_address+0xd/0x40 [ 875.265049] ? unwind_get_return_address+0x61/0xa0 02:11:48 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000300)=0xe8) openat$nullb(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/nullb0\x00', 0x8000, 0x0) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getsockopt$inet6_tcp_buf(r1, 0x6, 0x1f, &(0x7f0000000480)=""/116, &(0x7f0000000280)=0x74) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000340)={{&(0x7f0000ffb000/0x4000)=nil, 0x4000}, 0x1}) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) openat$zero(0xffffffffffffff9c, &(0x7f0000000500)='/dev/zero\x00', 0x80, 0x0) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:48 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f757465000300", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) [ 875.274636] ? __save_stack_trace+0x8d/0xf0 [ 875.274659] ? save_stack+0xa9/0xd0 [ 875.274676] ? __lockdep_init_map+0x105/0x590 [ 875.274693] ? kasan_kmalloc+0xc7/0xe0 [ 875.295917] ? lockdep_init_map+0x9/0x10 [ 875.299990] ? fs_reclaim_acquire+0x20/0x20 [ 875.304355] ? lock_downgrade+0x900/0x900 [ 875.308519] ? perf_trace_sched_process_exec+0x860/0x860 [ 875.313981] ? lock_release+0xa10/0xa10 [ 875.317970] ? lock_downgrade+0x900/0x900 [ 875.318010] __should_failslab+0x124/0x180 [ 875.326395] should_failslab+0x9/0x14 [ 875.330227] kmem_cache_alloc+0x2be/0x730 [ 875.334411] ? mpol_shared_policy_init+0x235/0x650 [ 875.339368] ? current_time+0x72/0x1b0 [ 875.343293] __d_alloc+0xc8/0xb90 [ 875.346776] ? shrink_dcache_for_umount+0x2b0/0x2b0 [ 875.351808] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 875.356858] ? ktime_get_coarse_real_ts64+0x22e/0x370 [ 875.362060] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 875.367604] ? timespec64_trunc+0xea/0x180 [ 875.371846] ? inode_init_owner+0x340/0x340 [ 875.376185] ? _raw_spin_unlock+0x2c/0x50 02:11:48 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = fcntl$getown(r2, 0x9) ptrace$pokeuser(0x6, r3, 0x7fff, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000340)=0x43, 0x4) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f00000002c0), &(0x7f0000000300)=0x4) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) [ 875.380338] ? current_time+0x10b/0x1b0 [ 875.384318] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 875.389862] ? check_preemption_disabled+0x48/0x200 [ 875.394899] ? __lockdep_init_map+0x105/0x590 [ 875.399452] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 875.405373] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 875.410929] d_alloc_pseudo+0x1d/0x30 [ 875.414744] alloc_file_pseudo+0x158/0x3f0 [ 875.419001] ? alloc_file+0x4d0/0x4d0 [ 875.422809] ? usercopy_warn+0x110/0x110 [ 875.426882] __shmem_file_setup.part.50+0x110/0x2a0 [ 875.431917] shmem_file_setup+0x65/0x90 [ 875.435921] __x64_sys_memfd_create+0x2af/0x4f0 [ 875.435944] ? memfd_fcntl+0x18b0/0x18b0 [ 875.444671] do_syscall_64+0x1b9/0x820 [ 875.444686] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 875.444703] ? syscall_return_slowpath+0x5e0/0x5e0 [ 875.444726] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 875.444749] ? trace_hardirqs_on_caller+0x310/0x310 [ 875.468756] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 875.473785] ? prepare_exit_to_usermode+0x291/0x3b0 [ 875.478824] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 875.483674] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 875.483687] RIP: 0033:0x457519 [ 875.483703] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 875.483719] RSP: 002b:00007fe98cd2fa88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 875.518706] RAX: ffffffffffffffda RBX: 0000000020000100 RCX: 0000000000457519 02:11:48 executing program 1 (fault-call:2 fault-nth:4): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[]) 02:11:48 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x3ea, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:48 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x0, 0xfdef]}}, 0x20) 02:11:48 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f757465000000000400", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:48 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000580)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) [ 875.525989] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000004bc74a [ 875.533279] RBP: 000000000072bf00 R08: 0000000000100020 R09: 00000000fbad8001 [ 875.540555] R10: 0000000020000100 R11: 0000000000000246 R12: 00007fe98cd306d4 [ 875.547831] R13: 00000000004c49d1 R14: 00000000004d7d28 R15: 0000000000000003 02:11:48 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7038847e8"}}}, &(0x7f0000b0c000)) 02:11:48 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f75746500000600", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:48 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x9e, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) [ 875.638708] FAULT_INJECTION: forcing a failure. [ 875.638708] name failslab, interval 1, probability 0, space 0, times 0 [ 875.686121] CPU: 1 PID: 556 Comm: syz-executor1 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 875.694478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 875.703841] Call Trace: [ 875.706458] dump_stack+0x244/0x3ab [ 875.710123] ? dump_stack_print_info.cold.2+0x52/0x52 [ 875.715345] ? lock_downgrade+0x900/0x900 [ 875.719518] should_fail.cold.4+0xa/0x17 [ 875.723603] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 875.728891] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 875.734015] ? is_bpf_text_address+0xd3/0x170 [ 875.738536] ? kernel_text_address+0x79/0xf0 [ 875.742955] ? __kernel_text_address+0xd/0x40 [ 875.747484] ? unwind_get_return_address+0x61/0xa0 [ 875.752424] ? __save_stack_trace+0x8d/0xf0 [ 875.756785] ? fs_reclaim_acquire+0x20/0x20 [ 875.761119] ? lock_downgrade+0x900/0x900 [ 875.765267] ? kasan_slab_alloc+0x12/0x20 [ 875.765287] ? __x64_sys_memfd_create+0x2af/0x4f0 [ 875.765303] ? perf_trace_sched_process_exec+0x860/0x860 [ 875.765324] __should_failslab+0x124/0x180 [ 875.784014] should_failslab+0x9/0x14 [ 875.784034] kmem_cache_alloc_trace+0x2d7/0x750 [ 875.784050] ? __might_sleep+0x95/0x190 [ 875.784085] apparmor_file_alloc_security+0x17b/0xac0 [ 875.784118] ? apparmor_path_rename+0xcd0/0xcd0 [ 875.792597] ? kasan_kmalloc+0xc7/0xe0 [ 875.806448] ? kasan_slab_alloc+0x12/0x20 [ 875.806466] ? kmem_cache_alloc+0x306/0x730 [ 875.806481] ? d_set_d_op+0x31d/0x410 [ 875.806503] security_file_alloc+0x4c/0xa0 [ 875.814552] __alloc_file+0x12a/0x470 [ 875.830682] ? file_free_rcu+0xd0/0xd0 [ 875.834582] ? d_instantiate+0x79/0xa0 [ 875.838482] ? lock_downgrade+0x900/0x900 [ 875.842660] ? kasan_check_read+0x11/0x20 [ 875.846817] ? do_raw_spin_unlock+0xa7/0x2f0 [ 875.851241] ? do_raw_spin_trylock+0x270/0x270 [ 875.855837] alloc_empty_file+0x72/0x170 [ 875.859908] alloc_file+0x5e/0x4d0 [ 875.863482] ? _raw_spin_unlock+0x2c/0x50 [ 875.867645] alloc_file_pseudo+0x261/0x3f0 [ 875.871897] ? alloc_file+0x4d0/0x4d0 [ 875.875713] ? usercopy_warn+0x110/0x110 [ 875.879798] __shmem_file_setup.part.50+0x110/0x2a0 02:11:48 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030806e8"}}}, &(0x7f0000b0c000)) 02:11:48 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f7574650000000000ffffffff00", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:48 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x0, 0x2]}}, 0x20) 02:11:48 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x0, 0x34000]}}, 0x20) [ 875.884854] shmem_file_setup+0x65/0x90 [ 875.888850] __x64_sys_memfd_create+0x2af/0x4f0 [ 875.893524] ? memfd_fcntl+0x18b0/0x18b0 [ 875.897602] do_syscall_64+0x1b9/0x820 [ 875.901502] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 875.901522] ? syscall_return_slowpath+0x5e0/0x5e0 [ 875.901536] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 875.901558] ? trace_hardirqs_on_caller+0x310/0x310 [ 875.911852] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 875.911870] ? prepare_exit_to_usermode+0x291/0x3b0 [ 875.911889] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 875.911907] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 875.941789] RIP: 0033:0x457519 [ 875.944993] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 875.963899] RSP: 002b:00007fe98cd2fa88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 875.971629] RAX: ffffffffffffffda RBX: 0000000020000100 RCX: 0000000000457519 [ 875.978915] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000004bc74a [ 875.986184] RBP: 000000000072bf00 R08: 0000000000100020 R09: 00000000fbad8001 [ 875.993464] R10: 0000000020000100 R11: 0000000000000246 R12: 00007fe98cd306d4 [ 876.000739] R13: 00000000004c49d1 R14: 00000000004d7d28 R15: 0000000000000003 02:11:49 executing program 1 (fault-call:2 fault-nth:5): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[]) 02:11:49 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x0, 0x40030000000000]}}, 0x20) 02:11:49 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f75746500000000000000000200", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:49 executing program 0: ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000080)=0x4) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r0, 0x641f) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r0, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) getsockopt$ARPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x63, &(0x7f00000002c0)={'HL\x00'}, &(0x7f0000000300)=0x1e) ioctl$sock_SIOCINQ(r1, 0x800448d2, &(0x7f0000000140)) 02:11:49 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7034788e8"}}}, &(0x7f0000b0c000)) 02:11:49 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000002c0)={0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffff9c, 0x84, 0x13, &(0x7f0000000300)={0x0, 0x6c5}, &(0x7f0000000340)=0x8) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000480)={r2, 0x81, 0x952, 0x8, 0x9, 0x6}, &(0x7f00000004c0)=0x14) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r3, 0x641f) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r1, 0x118, 0x1, &(0x7f0000000500)=0xfffffffffffffffc, 0x4) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r3, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r4, 0x800448d2, &(0x7f0000000140)) 02:11:49 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x0, 0xeffdffff00000000]}}, 0x20) [ 876.103825] FAULT_INJECTION: forcing a failure. [ 876.103825] name failslab, interval 1, probability 0, space 0, times 0 [ 876.161554] CPU: 0 PID: 606 Comm: syz-executor1 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 876.169910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 876.179265] Call Trace: [ 876.181904] dump_stack+0x244/0x3ab [ 876.185561] ? dump_stack_print_info.cold.2+0x52/0x52 [ 876.190788] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 876.190841] should_fail.cold.4+0xa/0x17 [ 876.199813] ? current_time+0x72/0x1b0 [ 876.199830] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 876.199854] ? shmem_setattr+0x50e/0xda0 [ 876.212900] ? lock_downgrade+0x900/0x900 [ 876.217057] ? current_time+0x72/0x1b0 [ 876.220955] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 876.226497] ? timespec64_trunc+0xea/0x180 [ 876.230745] ? inode_init_owner+0x340/0x340 [ 876.235083] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 876.240629] ? fsnotify+0x4e5/0xf10 [ 876.244269] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 876.249814] ? fs_reclaim_acquire+0x20/0x20 [ 876.254182] ? lock_downgrade+0x900/0x900 02:11:49 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x278, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:49 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f75746500000000000000000600", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) [ 876.258363] ? perf_trace_sched_process_exec+0x860/0x860 [ 876.263826] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 876.269375] __should_failslab+0x124/0x180 [ 876.273617] should_failslab+0x9/0x14 [ 876.277499] kmem_cache_alloc+0x2be/0x730 [ 876.281671] ? do_sys_ftruncate+0x428/0x550 [ 876.286005] ? lock_downgrade+0x900/0x900 [ 876.290165] getname_flags+0xd0/0x590 [ 876.293987] getname+0x19/0x20 [ 876.297192] do_sys_open+0x383/0x700 [ 876.300915] ? filp_open+0x80/0x80 [ 876.304480] ? trace_hardirqs_off_caller+0x300/0x300 [ 876.309612] ? do_sys_ftruncate+0x449/0x550 [ 876.313955] __x64_sys_open+0x7e/0xc0 [ 876.317773] do_syscall_64+0x1b9/0x820 [ 876.321667] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 876.327040] ? syscall_return_slowpath+0x5e0/0x5e0 [ 876.331977] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 876.336829] ? trace_hardirqs_on_caller+0x310/0x310 [ 876.341856] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 876.346880] ? prepare_exit_to_usermode+0x291/0x3b0 [ 876.351914] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 876.356781] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 876.361990] RIP: 0033:0x411171 [ 876.365193] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 b4 17 00 00 c3 48 83 ec 08 e8 8a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 d3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 876.384107] RSP: 002b:00007fe98cd2fa80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 876.391822] RAX: ffffffffffffffda RBX: 0000000020000110 RCX: 0000000000411171 [ 876.399094] RDX: 00007fe98cd2fafa RSI: 0000000000000002 RDI: 00007fe98cd2faf0 02:11:49 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f00000002c0)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xfffffffffffffe19, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) r3 = getpgrp(0xffffffffffffffff) prctl$setptracer(0x59616d61, r3) unshare(0x40010000) 02:11:49 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x0, 0x2000000]}}, 0x20) [ 876.406368] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 876.413640] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 876.420915] R13: 0000000000000000 R14: 00000000004d7d28 R15: 0000000000000003 02:11:49 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a703800ee8"}}}, &(0x7f0000b0c000)) 02:11:49 executing program 1 (fault-call:2 fault-nth:6): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[]) 02:11:49 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x20e, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:49 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xeffdffffffffffff]}}, 0x20) 02:11:49 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:49 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7038035e8"}}}, &(0x7f0000b0c000)) 02:11:49 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x1000000]}}, 0x20) 02:11:49 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f00000002c0)={r3, 0x1, 0x6, @dev={[], 0x1c}}, 0x10) 02:11:49 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030200e8"}}}, &(0x7f0000b0c000)) [ 876.674770] FAULT_INJECTION: forcing a failure. [ 876.674770] name failslab, interval 1, probability 0, space 0, times 0 [ 876.692445] CPU: 0 PID: 661 Comm: syz-executor1 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 876.700783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 876.700791] Call Trace: [ 876.700816] dump_stack+0x244/0x3ab [ 876.700841] ? dump_stack_print_info.cold.2+0x52/0x52 [ 876.721575] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 876.726527] should_fail.cold.4+0xa/0x17 [ 876.726544] ? current_time+0x72/0x1b0 [ 876.726563] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 876.739629] ? shmem_setattr+0x50e/0xda0 [ 876.743698] ? lock_downgrade+0x900/0x900 [ 876.743718] ? current_time+0x72/0x1b0 [ 876.743752] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 876.751787] ? timespec64_trunc+0xea/0x180 [ 876.761543] ? inode_init_owner+0x340/0x340 [ 876.765882] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 876.771445] ? fsnotify+0x4e5/0xf10 [ 876.775100] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 876.780654] ? fs_reclaim_acquire+0x20/0x20 [ 876.784991] ? lock_downgrade+0x900/0x900 [ 876.789168] ? perf_trace_sched_process_exec+0x860/0x860 [ 876.794638] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 876.800216] __should_failslab+0x124/0x180 [ 876.804499] should_failslab+0x9/0x14 [ 876.808324] kmem_cache_alloc+0x2be/0x730 [ 876.812496] ? do_sys_ftruncate+0x428/0x550 [ 876.816828] ? lock_downgrade+0x900/0x900 [ 876.820987] getname_flags+0xd0/0x590 02:11:49 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f757465000000000500", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:49 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x400300]}}, 0x20) [ 876.824796] getname+0x19/0x20 [ 876.828006] do_sys_open+0x383/0x700 [ 876.831753] ? filp_open+0x80/0x80 [ 876.835338] ? trace_hardirqs_off_caller+0x300/0x300 [ 876.840457] ? do_sys_ftruncate+0x449/0x550 [ 876.844790] __x64_sys_open+0x7e/0xc0 [ 876.848610] do_syscall_64+0x1b9/0x820 [ 876.852504] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 876.857873] ? syscall_return_slowpath+0x5e0/0x5e0 [ 876.862802] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 876.867667] ? trace_hardirqs_on_caller+0x310/0x310 [ 876.872691] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 876.877721] ? prepare_exit_to_usermode+0x291/0x3b0 [ 876.882757] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 876.887603] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 876.892792] RIP: 0033:0x411171 [ 876.895993] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 b4 17 00 00 c3 48 83 ec 08 e8 8a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 d3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 876.915154] RSP: 002b:00007fe98cd2fa80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 02:11:50 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f00000002c0)=0x1) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) io_setup(0x3, &(0x7f0000000480)=0x0) io_submit(r4, 0x4, &(0x7f0000000900)=[&(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, r3, &(0x7f00000004c0)="4f5d01a653b39296d1755114515d615602f29c9ab2eda3af5c75a6b93fa17bbbaeb1a426510429c1b64d8f29b70379d97779b832931c828fd1b26cd5e1a24b43292b771ca2e9744d7e54135dcd44ab23ab509964170bf00e7df20fdf51bbde01274679356b11a349045228ef7a3c74e5effeaad320886d6071e7f65023707aa61984fbec24a3b5dcac53025fbf6bd4cf9783e6d277743508b3ff43e3f0b41467d16e28c1240e91d608c40951a8a76a9b39801d3fa8a6be0e5a0eaa34022515161e1e40cf8b9a0b4f60f420377a850e96e8e48ec3f11c242deac290a6de79590baaf8fd13f5ef62bf7d05358a7989e29299bcfe06", 0xf4, 0x0, 0x0, 0x3, r1}, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x8, r1, &(0x7f0000000600)="f60a6a44eccd4fbec8eb45abbf601ff277dcfbefb7f51188cd0a13a20057f5a7b5e493aaea044b3a63a4ab8374861ae990b16425a2d78dd9493739f3a8c9e41f221bdfc603a632f0c55906e59d67848f33c157d7591d2b968cca4e6b65200183c01ab39ce26bbb7660bfe0d5f44b2c53095611b6575a8d860be214689e4d867716b2f778ba13", 0x86, 0x1, 0x0, 0x2, r1}, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x8, 0x3, r2, &(0x7f0000000700)="96a62a2f06ad3eacb97271e6ee7a7b464633bab47e1a1e012faed02f8cc43cd19542038fb544a1ea09b06a13b6ca28c3748c222ced7256012afc47f1c3701a6ac1a4a9c86b8b45fb3fe4cd8d42b4d5b72c6c94324a0e85ec8dde465e449d793e0c1ecce9fdea1495eefcbc996f17b4af99aedf6b260e5633bb9e8860f5d911d2fb233c9d89dc50e6f6f88d03824ecfd91f2178644d42e4134376061171eaefe829a9ce99943b9afc", 0xa8, 0x8, 0x0, 0x2, 0xffffffffffffff9c}, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, 0x7, r3, &(0x7f0000000800)="bfa7523a7cf391b6242a45766842c69a6f3450d83998088767afe2da087e8b39fdd9c9340e8c844136fac594060ad68858b9122d64c7d35d0b6b3f91ff2258af98268073758e5da3a6e20a49e90fdd65e40b8b1a2eb1815f3527d2e2cde5ca9fb7c0dad3397a0642a5e58b7d838e23fc3d69129a139b17195f3fb81e12faae197788f4f49a16347b10bcd250b5ccc1c2122c40e24989caeea2", 0x99, 0x8, 0x0, 0x2}]) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) stat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000300)) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:50 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0xc8, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) [ 876.922865] RAX: ffffffffffffffda RBX: 0000000020000110 RCX: 0000000000411171 [ 876.930133] RDX: 00007fe98cd2fafa RSI: 0000000000000002 RDI: 00007fe98cd2faf0 [ 876.937399] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 876.944664] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 876.951928] R13: 0000000000000000 R14: 00000000004d7d28 R15: 0000000000000003 02:11:50 executing program 1 (fault-call:2 fault-nth:7): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[]) 02:11:50 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xeffdffff]}}, 0x20) 02:11:50 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030689e8"}}}, &(0x7f0000b0c000)) 02:11:50 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f00000002c0)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) setsockopt$inet_sctp_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f0000000480)={r3, 0x0, 0x5e, "05652a648a5bddb6d55a88e2438b202712bd517763de0f07878d3acc5746c4f7140f973d7341de8b63eb34506882738120377efe2a13cc808c740b039f42cd043a7eeef3a3228cb165dc7c4b875dda0fd820524612d5d2d9fb5bae1f2371"}, 0x66) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) [ 877.128493] IPVS: ftp: loaded support on port[0] = 21 02:11:50 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x34000]}}, 0x20) 02:11:50 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030006e8"}}}, &(0x7f0000b0c000)) 02:11:50 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x68, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) [ 877.218714] FAULT_INJECTION: forcing a failure. [ 877.218714] name failslab, interval 1, probability 0, space 0, times 0 [ 877.287832] CPU: 1 PID: 700 Comm: syz-executor1 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 877.296190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 877.305574] Call Trace: [ 877.308173] dump_stack+0x244/0x3ab [ 877.311930] ? dump_stack_print_info.cold.2+0x52/0x52 [ 877.317124] ? mark_held_locks+0x130/0x130 [ 877.321365] should_fail.cold.4+0xa/0x17 [ 877.325441] ? bpf_prog_kallsyms_find+0xde/0x4a0 [ 877.330200] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 877.335312] ? is_bpf_text_address+0xac/0x170 [ 877.339815] ? lock_downgrade+0x900/0x900 [ 877.343982] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 877.348914] ? kasan_check_read+0x11/0x20 [ 877.353065] ? mark_held_locks+0x130/0x130 [ 877.357307] ? fs_reclaim_acquire+0x20/0x20 [ 877.361632] ? lock_downgrade+0x900/0x900 [ 877.365785] ? perf_trace_sched_process_exec+0x860/0x860 [ 877.371475] ? mark_held_locks+0x130/0x130 [ 877.375721] __should_failslab+0x124/0x180 [ 877.379956] should_failslab+0x9/0x14 [ 877.383760] kmem_cache_alloc+0x2be/0x730 [ 877.387909] ? mark_held_locks+0x130/0x130 [ 877.392168] ? __x64_sys_memfd_create+0x2af/0x4f0 [ 877.397012] __alloc_file+0xa8/0x470 [ 877.400725] ? file_free_rcu+0xd0/0xd0 [ 877.404672] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 877.409704] ? bpf_prog_kallsyms_find+0xde/0x4a0 [ 877.414472] ? is_bpf_text_address+0xac/0x170 [ 877.419042] ? lock_downgrade+0x900/0x900 [ 877.423193] alloc_empty_file+0x72/0x170 [ 877.427276] path_openat+0x170/0x5150 [ 877.431090] ? rcu_softirq_qs+0x20/0x20 [ 877.435065] ? unwind_dump+0x190/0x190 [ 877.438958] ? is_bpf_text_address+0xd3/0x170 [ 877.443473] ? kernel_text_address+0x79/0xf0 [ 877.448019] ? path_lookupat.isra.43+0xc00/0xc00 [ 877.452771] ? unwind_get_return_address+0x61/0xa0 [ 877.457699] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 877.462720] ? expand_files.part.8+0x571/0x9a0 [ 877.467303] ? iterate_fd+0x4b0/0x4b0 [ 877.471133] ? __alloc_fd+0x347/0x6e0 [ 877.474934] ? lock_downgrade+0x900/0x900 [ 877.479091] ? getname+0x19/0x20 [ 877.482470] ? kasan_check_read+0x11/0x20 [ 877.487046] ? do_raw_spin_unlock+0xa7/0x2f0 [ 877.491461] ? do_raw_spin_trylock+0x270/0x270 [ 877.496048] ? __check_object_size+0xb1/0x782 [ 877.500553] ? _raw_spin_unlock+0x2c/0x50 [ 877.504701] ? __alloc_fd+0x347/0x6e0 [ 877.508509] do_filp_open+0x255/0x380 [ 877.512310] ? may_open_dev+0x100/0x100 [ 877.516295] ? get_unused_fd_flags+0x122/0x1a0 [ 877.520878] ? __alloc_fd+0x6e0/0x6e0 [ 877.524691] do_sys_open+0x568/0x700 [ 877.528593] ? filp_open+0x80/0x80 [ 877.532175] ? trace_hardirqs_off_caller+0x300/0x300 [ 877.537277] ? do_sys_ftruncate+0x449/0x550 [ 877.541612] __x64_sys_open+0x7e/0xc0 [ 877.545416] do_syscall_64+0x1b9/0x820 [ 877.549711] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 877.555077] ? syscall_return_slowpath+0x5e0/0x5e0 [ 877.560009] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 877.564850] ? trace_hardirqs_on_caller+0x310/0x310 [ 877.569893] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 877.574950] ? prepare_exit_to_usermode+0x291/0x3b0 [ 877.579969] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 877.584812] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 877.590010] RIP: 0033:0x411171 [ 877.593204] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 b4 17 00 00 c3 48 83 ec 08 e8 8a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 d3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 877.612109] RSP: 002b:00007fe98cd2fa80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 877.619816] RAX: ffffffffffffffda RBX: 0000000020000110 RCX: 0000000000411171 [ 877.627085] RDX: 00007fe98cd2fafa RSI: 0000000000000002 RDI: 00007fe98cd2faf0 02:11:50 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = syz_open_dev$vcsa(&(0x7f00000000c0)='/dev/vcsa#\x00', 0x2, 0x8000) setsockopt$sock_void(r1, 0x1, 0x1b, 0x0, 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r2, 0x641f) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r2, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000100), 0xffffff87, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) getpeername$packet(r2, &(0x7f00000002c0), &(0x7f0000000300)=0x14) ioctl$sock_SIOCINQ(r3, 0x800448d2, &(0x7f0000000140)) [ 877.634484] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 877.642088] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 877.649354] R13: 0000000000000000 R14: 00000000004d7d28 R15: 0000000000000003 [ 877.842591] device bridge_slave_1 left promiscuous mode [ 877.848097] bridge0: port 2(bridge_slave_1) entered disabled state [ 877.882951] device bridge_slave_0 left promiscuous mode [ 877.888364] bridge0: port 1(bridge_slave_0) entered disabled state [ 877.935721] team0 (unregistering): Port device team_slave_1 removed [ 877.944445] team0 (unregistering): Port device team_slave_0 removed [ 877.952955] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 878.005184] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 878.055040] bond0 (unregistering): Released all slaves [ 878.362833] bridge0: port 1(bridge_slave_0) entered blocking state [ 878.369274] bridge0: port 1(bridge_slave_0) entered disabled state [ 878.376980] device bridge_slave_0 entered promiscuous mode [ 878.412102] bridge0: port 2(bridge_slave_1) entered blocking state [ 878.418614] bridge0: port 2(bridge_slave_1) entered disabled state [ 878.426023] device bridge_slave_1 entered promiscuous mode [ 878.460121] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 878.495080] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 878.600771] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 878.637711] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 878.762765] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 878.770094] team0: Port device team_slave_0 added [ 878.793934] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 878.801111] team0: Port device team_slave_1 added [ 878.823814] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 878.862910] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 878.888692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 878.914092] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 879.123041] bridge0: port 2(bridge_slave_1) entered blocking state [ 879.129407] bridge0: port 2(bridge_slave_1) entered forwarding state [ 879.136053] bridge0: port 1(bridge_slave_0) entered blocking state [ 879.142447] bridge0: port 1(bridge_slave_0) entered forwarding state [ 879.150382] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 879.891119] 8021q: adding VLAN 0 to HW filter on device bond0 [ 879.962165] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 880.031977] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 880.038142] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 880.045880] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 880.102383] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 880.116623] 8021q: adding VLAN 0 to HW filter on device team0 02:11:53 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f757465000000000300", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:53 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7034305e8"}}}, &(0x7f0000b0c000)) 02:11:53 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}}, 0x20) 02:11:53 executing program 1 (fault-call:2 fault-nth:8): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[]) 02:11:53 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000480)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000580)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, &(0x7f00000002c0)={'raw\x00', 0x4, [{}, {}, {}, {}]}, 0x68) 02:11:53 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x37e, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:53 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00\x00\x00\x00?\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:53 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x80) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:53 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7038906e8"}}}, &(0x7f0000b0c000)) [ 880.591680] FAULT_INJECTION: forcing a failure. [ 880.591680] name failslab, interval 1, probability 0, space 0, times 0 02:11:53 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x299, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:53 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00\a\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:53 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x40030000000000]}}, 0x20) [ 880.682467] CPU: 0 PID: 1023 Comm: syz-executor1 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 880.690914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 880.700288] Call Trace: [ 880.700320] dump_stack+0x244/0x3ab [ 880.700342] ? dump_stack_print_info.cold.2+0x52/0x52 [ 880.700366] should_fail.cold.4+0xa/0x17 [ 880.700384] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 880.700407] ? is_bpf_text_address+0xd3/0x170 [ 880.725495] ? kernel_text_address+0x79/0xf0 [ 880.729917] ? __kernel_text_address+0xd/0x40 [ 880.734420] ? unwind_get_return_address+0x61/0xa0 [ 880.739398] ? fs_reclaim_acquire+0x20/0x20 [ 880.743734] ? lock_downgrade+0x900/0x900 [ 880.747896] ? perf_trace_sched_process_exec+0x860/0x860 [ 880.753366] __should_failslab+0x124/0x180 [ 880.757620] should_failslab+0x9/0x14 [ 880.761430] kmem_cache_alloc_trace+0x2d7/0x750 [ 880.766117] ? __might_sleep+0x95/0x190 [ 880.770110] apparmor_file_alloc_security+0x17b/0xac0 [ 880.775332] ? apparmor_path_rename+0xcd0/0xcd0 [ 880.780008] ? kasan_kmalloc+0xc7/0xe0 [ 880.783909] ? kasan_slab_alloc+0x12/0x20 [ 880.788061] ? kmem_cache_alloc+0x306/0x730 [ 880.792393] security_file_alloc+0x4c/0xa0 [ 880.796646] __alloc_file+0x12a/0x470 [ 880.800458] ? file_free_rcu+0xd0/0xd0 [ 880.804362] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 880.809391] ? bpf_prog_kallsyms_find+0xde/0x4a0 [ 880.814178] ? is_bpf_text_address+0xac/0x170 [ 880.818684] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 880.824234] ? check_preemption_disabled+0x48/0x200 [ 880.829260] alloc_empty_file+0x72/0x170 [ 880.833330] path_openat+0x170/0x5150 [ 880.837164] ? perf_trace_lock+0x7a0/0x7a0 [ 880.841419] ? is_bpf_text_address+0xd3/0x170 [ 880.845931] ? kernel_text_address+0x79/0xf0 [ 880.850351] ? path_lookupat.isra.43+0xc00/0xc00 [ 880.855169] ? unwind_get_return_address+0x61/0xa0 [ 880.860110] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 880.865142] ? expand_files.part.8+0x571/0x9a0 [ 880.869743] ? iterate_fd+0x4b0/0x4b0 [ 880.873564] ? __alloc_fd+0x347/0x6e0 [ 880.877372] ? lock_downgrade+0x900/0x900 [ 880.881533] ? kasan_check_read+0x11/0x20 [ 880.885695] ? do_raw_spin_unlock+0xa7/0x2f0 [ 880.890111] ? do_raw_spin_trylock+0x270/0x270 [ 880.894704] ? __check_object_size+0xb1/0x782 [ 880.899239] ? _raw_spin_unlock+0x2c/0x50 [ 880.903394] ? __alloc_fd+0x347/0x6e0 [ 880.907211] do_filp_open+0x255/0x380 [ 880.911017] ? may_open_dev+0x100/0x100 [ 880.915012] ? get_unused_fd_flags+0x122/0x1a0 [ 880.919599] ? __alloc_fd+0x6e0/0x6e0 [ 880.923418] do_sys_open+0x568/0x700 [ 880.927147] ? filp_open+0x80/0x80 [ 880.930696] ? trace_hardirqs_off_caller+0x300/0x300 [ 880.935822] ? do_sys_ftruncate+0x449/0x550 [ 880.940169] __x64_sys_open+0x7e/0xc0 [ 880.943983] do_syscall_64+0x1b9/0x820 [ 880.947875] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 880.953249] ? syscall_return_slowpath+0x5e0/0x5e0 [ 880.958183] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 880.963034] ? trace_hardirqs_on_caller+0x310/0x310 [ 880.968060] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 880.973083] ? prepare_exit_to_usermode+0x291/0x3b0 [ 880.978108] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 880.982960] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 880.988174] RIP: 0033:0x411171 [ 880.991396] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 b4 17 00 00 c3 48 83 ec 08 e8 8a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 d3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 881.010316] RSP: 002b:00007fe98cd2fa80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 881.018067] RAX: ffffffffffffffda RBX: 0000000020000110 RCX: 0000000000411171 [ 881.025350] RDX: 00007fe98cd2fafa RSI: 0000000000000002 RDI: 00007fe98cd2faf0 [ 881.032639] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 881.039919] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 881.047201] R13: 0000000000000000 R14: 00000000004d7d28 R15: 0000000000000003 02:11:54 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f757465000200", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:54 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xeffdffff00000000]}}, 0x20) 02:11:54 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) ioctl$SNDRV_CTL_IOCTL_POWER_STATE(r0, 0x800455d1, &(0x7f0000000300)) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$bt_l2cap_L2CAP_CONNINFO(r1, 0x6, 0x2, &(0x7f00000002c0)={0x2, 0x3984, 0x8, 0x1}, 0x6) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000340)) 02:11:54 executing program 1 (fault-call:2 fault-nth:9): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[]) 02:11:54 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f75746500000000000000000500", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:54 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x3fd, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:54 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xeffd]}}, 0x20) 02:11:54 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000340)='/dev/audio\x00', 0x400, 0x0) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000480)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000580)=0xffffffffffffff83) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:54 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030800e8"}}}, &(0x7f0000b0c000)) 02:11:54 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00\x00\x00\x00\x00\x00\x00\x00?\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:54 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00\x00@\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:54 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xfffffdef]}}, 0x20) 02:11:54 executing program 0: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/attr/current\x00', 0x2, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000300)={0x401, 0x0, 0x8, 0x23, 0x3}) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000080)=0x4) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r2, 0x641f) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r2, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) r4 = msgget$private(0x0, 0x0) msgctl$MSG_STAT(r4, 0xb, &(0x7f0000000480)=""/188) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r3, 0x800448d2, &(0x7f0000000140)) 02:11:54 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0xe1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) [ 881.365852] FAULT_INJECTION: forcing a failure. [ 881.365852] name failslab, interval 1, probability 0, space 0, times 0 [ 881.460061] CPU: 0 PID: 1116 Comm: syz-executor1 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 881.468527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 881.477880] Call Trace: [ 881.480488] dump_stack+0x244/0x3ab [ 881.484152] ? dump_stack_print_info.cold.2+0x52/0x52 [ 881.489359] ? mark_held_locks+0x130/0x130 [ 881.493609] should_fail.cold.4+0xa/0x17 [ 881.497689] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 881.502803] ? down_write_nested+0x130/0x130 02:11:54 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030608e8"}}}, &(0x7f0000b0c000)) [ 881.502819] ? down_read+0x120/0x120 [ 881.502839] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 881.502859] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 881.516529] ? lock_acquire+0x1ed/0x520 [ 881.516544] ? lo_ioctl+0x8e/0x1d60 [ 881.516563] ? lock_release+0xa10/0xa10 [ 881.516577] ? perf_trace_sched_process_exec+0x860/0x860 [ 881.516604] ? fs_reclaim_acquire+0x20/0x20 [ 881.543508] ? lock_downgrade+0x900/0x900 [ 881.547669] ? perf_trace_sched_process_exec+0x860/0x860 [ 881.553132] __should_failslab+0x124/0x180 [ 881.557373] should_failslab+0x9/0x14 [ 881.561189] kmem_cache_alloc_trace+0x2d7/0x750 [ 881.565873] __kthread_create_on_node+0x137/0x540 [ 881.570741] ? loop_get_status64+0x140/0x140 [ 881.575187] ? kthread_parkme+0xb0/0xb0 [ 881.579195] ? ksys_dup3+0x680/0x680 [ 881.582919] ? __lockdep_init_map+0x105/0x590 [ 881.587427] ? __lockdep_init_map+0x105/0x590 [ 881.591941] ? loop_get_status64+0x140/0x140 [ 881.596373] kthread_create_on_node+0xb1/0xe0 [ 881.600874] ? __kthread_create_on_node+0x540/0x540 [ 881.605899] ? kasan_check_read+0x11/0x20 [ 881.610058] lo_ioctl+0x7f6/0x1d60 [ 881.613610] ? lo_rw_aio+0x1ef0/0x1ef0 [ 881.617505] blkdev_ioctl+0x9ac/0x2010 [ 881.621402] ? blkpg_ioctl+0xc10/0xc10 [ 881.625312] ? lock_downgrade+0x900/0x900 [ 881.629495] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 881.634460] ? save_stack+0x43/0xd0 [ 881.638098] ? __kasan_slab_free+0x102/0x150 [ 881.642515] ? __fget+0x4d1/0x740 [ 881.645994] ? ksys_dup3+0x680/0x680 [ 881.649756] block_ioctl+0xee/0x130 [ 881.653390] ? blkdev_fallocate+0x400/0x400 [ 881.657740] do_vfs_ioctl+0x1de/0x1720 [ 881.661637] ? trace_hardirqs_on+0xbd/0x310 [ 881.665966] ? ioctl_preallocate+0x300/0x300 [ 881.670407] ? __fget_light+0x2e9/0x430 [ 881.674404] ? fget_raw+0x20/0x20 [ 881.677885] ? putname+0xf2/0x130 [ 881.681345] ? kmem_cache_free+0x21a/0x290 [ 881.685607] ? putname+0xf7/0x130 [ 881.689088] ? do_sys_open+0x3ac/0x700 [ 881.692992] ? security_file_ioctl+0x94/0xc0 [ 881.697424] ksys_ioctl+0xa9/0xd0 [ 881.700903] __x64_sys_ioctl+0x73/0xb0 [ 881.704801] do_syscall_64+0x1b9/0x820 [ 881.708697] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 881.714079] ? syscall_return_slowpath+0x5e0/0x5e0 [ 881.719015] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 881.723865] ? trace_hardirqs_on_caller+0x310/0x310 [ 881.728888] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 881.733918] ? prepare_exit_to_usermode+0x291/0x3b0 [ 881.738942] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 881.743807] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 881.749004] RIP: 0033:0x457387 [ 881.752205] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 881.771132] RSP: 002b:00007fe98cd2fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 881.778847] RAX: ffffffffffffffda RBX: 0000000020000110 RCX: 0000000000457387 [ 881.786120] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 881.793391] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 881.800666] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 881.807945] R13: 0000000000000000 R14: 00000000004d7d28 R15: 0000000000000003 02:11:54 executing program 1 (fault-call:2 fault-nth:10): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[]) 02:11:54 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f75746500019800", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:54 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) ioctl$TUNDETACHFILTER(r1, 0x401054d6, 0x0) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000300)='IPVS\x00') sendmsg$IPVS_CMD_GET_INFO(r0, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x5008000}, 0xc, &(0x7f0000000340)={&(0x7f0000000480)={0x9c, r5, 0x218, 0x70bd2b, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x40}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x4}, @IPVS_CMD_ATTR_DAEMON={0x40, 0x3, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x5}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote}]}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x7f}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}]}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xff}]}, 0x9c}, 0x1, 0x0, 0x0, 0x8004}, 0x40000) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) r6 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r7 = getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) r8 = gettid() ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000002940)=0x0) sendmsg$netlink(r1, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002900)=[{&(0x7f0000000580)={0x13c, 0x28, 0xc00, 0x70bd25, 0x25dfdbfe, "", [@nested={0x4}, @nested={0x80, 0x6d, [@generic="368425d36072811e4d5a69c031945183654d53899d158cdefd3beb0ef8eeae9945fdb847be3bbca72779b2241b1b5cbedb1931b93e738542f22168d12979589c24aba93ed53f18ff17ffe43734a2e529206da62d7666940ee8160646d99db753", @generic="44b5e39e2e6047ac", @typed={0x14, 0x6c, @ipv6=@mcast1}]}, @generic="0844606ded8bcdca8bebc2773451896c16a2a1d248433bd4a8b11736fe721d5b8d66a4718a5ad5fa66628fabe5aeb67877e0aeed3904fc21628be0777ddd54f3056983e304bc1ea004d6f0b2630fb2bb058ab4bd99776d59ecb3289fa1ac387754ef085fccebbd4612ba9d4922729f9423474598470f11c42eed43227eb88c6cd78864cd964acd3da141b9f5e325d793cba3cd8f7653516e71526c3964b8c5e825a77f6f5f7e"]}, 0x13c}, {&(0x7f00000006c0)={0x2114, 0x42, 0x320, 0x70bd26, 0x25dfdbfc, "", [@generic="0c08c339015566e830e41ca40990a444fae108f37300fe5dd39136bcb4cdb38db568992da2fef37cab869719620a94b904306e2e830fbb33643f56591c30c2ae7bb33746f6cda74451672143e7ed3d2a5a9651e6ae7420349149cc499e5c4c9029c6c721344f359eb5d503b7fab729969e166dbcf3a03c38af895f4b58212fb6c38e1b76d05de80dd1c7b89b772ed9096730", @generic="fac6ccb9cb8e5fab2cd6af487a8aeee3b3e067f4a78a24107b88b0ab7e5562f0b90a624abeb16e64b3c75a697499d32a75a54d69e1fb365731cbc06ec41ddd1e3da5bbec90d2201f1c5dbc4264f0a8f8cbe0538fa43c095b0c3011a1f0f83144e1a73add62da3db21fd6270f0c40ef232d5fb8306f517caf471e7efd7b6b9897509b31c2bf0f53ea6ac62969ce427a75924d58c693c3cb0d373200e03f06afb981fc2f67ba7e85c8fc4f92724ceeaaeb2a3734e5885b71b6db0bdbdf35f1aacb38c0c9ad22909a9c8312e9d3986c91fead8b2019c97e6e2ec77cba37573c2db542384ba4fbaea16e4ebbae9fe2cc505a220083e5a549faf48139be8ecc52f92563338e151627258803fba39453f3077f158332e25b6c61a7ef68aa57f992c0ec56d13bf45b4bfbaf6b5083170e0d00479f7082d92b6c9fa869afe9bdf455105007ca9852d265de3b144f6bc444b5cf402df060c176448fba968ab6a9f68c904aa40357a77fac9cd647ca76245b8d4254b7813b5e24a87285c2319b56fc50636ddcbacc90b9d41e12f9145c1f3f34617bbd272ffd668d9ec93ebc349abb3a7bdf2d57357d6e13332b8cb4abdef5b76a23709a3b98b60af65f5427bc8057fae134dff99dee591010041b6d18e3a36ff2003121f0adcac69a2b41c70ccbdb8ce091fc0b5fb25085323ce2553223d084df2ca8bfe4d23c1511ab0308c0de0d104f60155565c33cff652ab630b571c61248c6cda884f5365a0f13c62d553ae539a17ca049157caea50abef48091711f1ac61021f48611f81346b2d802ef9a84ca01a083d7200c3976c5c0d81f7377d86a256d38159c600a6ddd0d141db79c558f79ca06f9a92b50d6f0bc9046d23133e470432a0bf8ff31a3bc175ff875f579bd7efb5e19cbfa10930d264d1c9a10efcf7ad9122924ad8bef2b50ddb982203c1c529e217813bfcf86acba26fafe988b643246c080e6daba786e3f5b9e569cd626fc4ccaab789e73f4bd15367c36c9c0461d0f93972a0c3fd6bf58229a6a934f3c06429b63e3b0bc1db104f16a31da0d560172de55d1f3751b93696fe2367229803e6028d8279e51c2dd0dfa957a0dcdb7fc7a984a3bed1eadb541369210ea6271de81869656a686d1f69225b000eea676374f08c062defa1dd3d23aafb7e8ad4dd009486c9982bf9982956e86a1d166d52423a107bdc555336b47f996ae3fcad19089a0c72bb28830f6e008b8b10a8f5d0e8e4d39dc0598b27ee0243b9dccc3f4d1c61566ff544b2d532868e20f84037a041d6ce1f3f666af3b76d536d98e65ff1f82a4ab7bf6136a2b3f9f497ec7d60c5c808e823a8a045f414345dda3f4251baed74a18286586564fb609d2c2b22a187ab3cd06099d46e67a7f46d1d2321924b4f9c96027e3e05ee8b96c7eb9a9c8b0b8c36acb614a3d5ae7efc02605ec1588352fc914d34006a8461f1e1ac02b2993a3aefb6471dda947213134b715d207afecdb73353995fe2fb2d1ae4e75b35a557110a37744206c21fc375a327bdc7a8607345a6872b2642c59b5276dd2886c8c7979c82d3fd597d044859d2e65aee2b5363a7806caf9c4bb5d2277ae07755213985e3225bd620c9743bd0e5ef2974331d9aed863b58aaaa2707260b5acbce68905f2bb9b77f86892e02c2a577c944e041b88f58dee2c6d2c70139549aeb1f98a6d5898400c8664f177405c57e5d3574fd6637a37ad8a60f41bd189170ed7d9965fd8e243185a09436eaeaf7fc73c6fa814d9cd99001930530cc79be1e1c20293fec723ed0eb3d30cafc672ef9ff6c61b4eda3c7e8a31d1e9150de9bebf915147cff6b0b0ee8db875e8a2be74b7975225e06d597303e4d2675d58ae6b80d61825be80729d42796bbd87d46b19e2c4f060980d748727003e1e25eea28c0c88327cf8e6892c5be8cef796c8985edffc08abeca251f0cb909874dd3e1a183b3366de30cf85b3f4e9a779fc93b487996ae730951ff588cc4434022a696d0f4c980e7b81e26f3b42afa77d74ab22179d590ab7934d5f541d3791ea274eb3cb29e26a7327bc8fb2524460d87369a9448978828a140e1fc3f395b65bd180f80e61753066de249d563d463cded43f0d27e3d1ccaa5d743fe29763875d6bd790bf03cab674c581bbc08f67c96bcae1fd756f47c12215a3739fe4211dfe4c4f0ff1b77602239bdd5c76088f90122d5aea8db3e5adff1e190ed81675e4072cf2748026e1afcdd9ae7463104aca4ce6a42a809e9afacd1e88e09a8123d75477f45325c3ab75a92403d8d5d1645a250de515a778211168abc2fa5c6c62911517b4e3598a0990ab59e707c2cd75d7b9a612f62fea43e252b9a304be49f218594aabe2293bf3c05840389639a93965303a859be9ebc71f15afdc4ae2eea6dc01339c18f5a00ae683305c7b9e2ab507d570c47d197a0c98a1aea0c25aac16ffbefbea18b1b9db8b1be84633dd26ff2cf918e0deeba5a5a60a15b78752e1e7e8ad5135f4b9e3ca5bd19d1810b7da00f56789952f0d5452cfd1fdba0ea9edfd93397f5f2bab2669d22f7aade37f254912953fa9a6f5c50fc5d98715150a016984abe4b672f9648d7c0cd8015d26321fb952b6db713bbc968ac4a6a647757d409dd61382850c42a02df9944275ee4d542f861aeae4f31c89c6c38361816307a34e7033f6a4d439ca69e05e5b72e9e925d87ab7d5299af0dd2f7019b35b0aa7a0dc3512547d76060368a0d32c414737b4b0a02eb6c4c5ee2c545866b4bfbe39e7578a1fdc11a7711d4417fc3808a6cabc9d72c9cbfbf8f1a8b6d326814c462ec229e5138bddb94ce1eac8703354b7445490fc52af72b21ca00b203addcfff215a02576286ef2b84b32027ed85f2ca0289655d58744d9213ed81ef1ffd6d2dee6beb1db63d6158f0bec6f68e8d6d60ed4ed607a329a4b424a9f3e63d9a71d715dba4e41538b7076af675a4fd246c52503e4759ebf1de56cb3038d98118e4f58aba7c252a479b7506730b4f456267d7dc46ac68b811f7f55304c2439c08e15a106b537cd52adb9c691fad61a0dfd889f297b57ccb1d8458bae6c988fa6d34885ece2d046c2b564f7ca0aa081e8d166b5471ecc3d93cd51c1000d08728b3c6c26a0f09279482db887063d5795b3f8a9123940d647034838ac98286efdaf79575095cd2b527ad25850282530fbb2d441abc067cd0f70abbc7fc2f34a46c75f29da95daedba734d9aea6dcf94c58d0167838868b3cdcfe6fdaf3a3c9d0033767e170df8a98fa7169ed9dfa71b14b9a9c98e3f5405be13356db64895f749751e81a77ed0cd1f2bcda5d8fafc4dc2d717798d741d5bdc4f3235dad10018b5c84774d3938eb998ee0abc2212602d6f191cfbff5802106ba5954efc7d545080a530b55d470802bc8e3bd1e5e25333df1808806a3220092257c1fa1ab2ff83477b5e9d9f277439a323d17e8e536f2a289579466a81821e3e0dd6713e6066451ae660394abf24800455e4818bc3ef964c99ea114179a9623117975f712362758dadda391347104405b1408bd543263e54b4ce07e9ae1d6898a5047156231f26dc31638ebba983b8f257580c1ca64cf07d1aebc2a525afddc916cfac8dafb356001188f50608f11aa19eea5e1f837bbc6090cde329e0e515464f5695b9553cd983397e1cb5b0cda54e6beeda2bc4f51cfa8eb082c6e08e95e80646ff7fe9bd0ffbafc7099f2da993844b41ea711ce38ee104f4e79d79e96430ddb72bfb0a21521d35fbfbd2be09dd7431cb244ad8dccd39578b4f9a3ab7723546c98e1c8520b71d763579de2480716cadd84899721d3f558e3073a183ad02e8c1193e2191e0f73ba6e4c1e21243d4b2a7b526e86f156aab3153ddfda585a01123d539b1d7f82956dabf9b1806a166c4ded15de17bf98c838b2679529eaedcf5edf6cc3a31ebb5d527fd43f4dc8e642b5e09fc4b60d3911fbd9818d5da75c14cbfb9191c19aecf8ba987127395b81925e6cf46a2caf74919f8ba9b2e46ef481de9c786f637e2695bd9e81e78e70c37801897a6cdde96389c677b19dd1d8ddd25ea286e9d1f0f4be449b88b2891ce391935a1215d3f8e729cfd175a91f7d177536b48e124bdb9e3b267830bf59613790b577c810b9215461bb6ff7a2b36c3c7e0b99f717cd0d0263257d922ce6af7c69df2fca27918d2f38e24ffb2edeb806cb09ee3a319998ad2f7acf31417204d45e0f38d3b4081bf40105892d429e432bf8a47e6b1a43cbf960febf6a12505a8322e5cf5cb2c151bc7315f5b29dd480fd3ce86c8ec00d0ff3107d228c590c6c84200d75c852f995c044b5e6e67d576eabc6201df385ca1a5ee878fe6e2d7fa6a8a27313144ed0bbffb5975cac88c1d07f930bd46406a153084f6e421ddd24e9ae4f96e75acda2c66371e19d1d1cc964fa4dc8499fdd9dd056269ffe636c360d670247df63514ea1f8c56d01c5db0c87f974fd8d22ec110958e9415f21d53931283064dc95874906a1a74704aacfcdaab69b851ed35d6387ba88f99c3b53af8ec0233df83cb4661fddab4e2eaa0035d00efdce4e26c8c3618ce93552e8ed0878f04b7f28954b00d187bd7fc94908e00948e13a81f783571e3dc761c44758233b1b6e1457c318a80f9f8fd9b3b80ebdc87ed88f7db12505ccc293d66d9294e6db97c8196cf625e2e1044cf4855ca594dd9b1032a157e17009097bb3010407a294b9d542728b7a7620c412feb5de4885daa7bae0c7af31cd52516c60900e2cf3d83ccd8021b27bc6391b4102d5d846c812b90d2f03aafdeb5d24b6f0b6dd6ae4afa7af2e680d55ead7e25200218bc013922232fed97125eb3a9ab25dde28ff368e1958e1f2f84e9c859bf874eb1106432db207cddc4bf906709b5e45c9ec383f9023b825008bb147c61080ffaa3a0c2b8c601fc5c4e20ea55bde2246d7e1341d1861a158e064fac1ab8b5cbbaafc076b1fed27ff0e3be1269e0dad35af88a26a1799fd590291b1a5ac80f8375867fac45fba26080c6e9126aa73c40c6bdf9ebe3a315e0859a543b23405a4e2d29b714ceca7a1b6549e8fbe8f117e1b25c7cfa9683baa48055560fd640a0f05e044a34acd8c5e54ad8dce457081c3d169c82ea309fd8c8a3c7970828ac66761132de2adf11525390ee2bf8bb94a99648e2fe5b34c33c682f755a493aba2d99cd63334d89076c7cd22eed87049c05b506e4e0b67bb349546122842e0ebf0310f0a67e9d0b521252c46f899a2a5d5093b91c935eff27d48ee27a9eec06ae27cfc63e6b59d3adeeb01c4dd28829dedb07f6217701a928fa8ff281531b09d204b230cb2eebb168d5e2f7acd75041994cdbbdc803539944f5203949684e7c84655b1e07e564d21b31f1c2c60f5385f34799572ac16898582f81f44c0d5b10356c1f3b76c156ecc3700ac2f2268a43e1e3af7cac0a4e93d3727ca4ca09e61454d9048652ea7d8f24a752c4088ad7f3a2c6bd34c3967df653ca1b517c635dee5ff5a76897785f622e18c0a3b617f3d441e9cd4f4a713be44b92e922f34c4a08f053e1fc034c4c34e5d6567dad9c6ad9d2755dba1ded5c99165b83a589c65f8355bbe112eb7d3e50e75145cf543f694325851c21d375bc20d82a146dec2bfd3bde7d7df14d89148a8ffac4b9924954be420d233d9cdcb6444ea0d540f1ac80064efedd10a232a033cc48d82714d016c4a507e294b0ce87cd56f6f5027c96afb9f1209b8cce2c463eb9b1c2f4f8e9cf482268c1e9e18bee670d9d91fa7dda7bc49df3324d07fd7a3e9a548bc015266308f259c98d4", @typed={0x1004, 0x6c, @binary="9adae4f3d22cc4d7643736052dc73d6ff38240d00899bf72efa378bef12d59ff3364c43a47fec79a8c44ad24a9ede051aa0cc6552835bf2880eae5af7e14b342e9016f7065f40065e6708330bff254b10e2164e690de2cfef9a66abd3bd62bb8ac2c361f4528a356f0b966c726e2d57af82c27d95d5bdce29b0051d666c6805b99ba64f0ffe44cd732bcb0289e4d781d574b660ffa8bdd7b6f82a3a13eb741edbebda9670ea55bdb0bb72f42e78a11c0c0405c20168ae638d10a9faab42eec5c7c5f889135dc9e9efb9bb549c06b10d0a94d9a8102d2b6e0348a43d93d4e06d6ff23ef0453b6f9c55cda9dfdd06045a9fa5e963b4099693291a570d133030451da49a94bc2a7a1bb2e9d0aaf862efda8fd56b665280bc0142968cccc89148f83c4a463bf2655ba73910cd0d8b32a8d8d78c9d67051d0834992ac886ef95af036139dc3336a9602f7282d1908172352d27de0cc2f154e32388cb0bc23cf2138a1425687928e68d0767425e6f36aba1157237f786f87248edff7a5d12cfc05c7d5d56eb69f5e537dbe6fa53cb355a30b9ff76eae0c04bd290606c4ece4ed3fdc7e5b770c9ad3bdd93be0d65d7d68eb546843995f883dd837c093450fcca8dfc06d7fd16e14f4fc995c4c2e00e3a0496045ae3e7cbfecf7ea2140427a77089429f8a7886272134a7ab68c8024686e883327a933fdbdcfb8fae3d2b1e9b8c6d0c53597cb69ba6644d52dc01316bed39f4d54cf0494b6333f7c102a7ec5d31a81cd0fb1b52299298cf75b3158b75a687e97b610e2427b7d0dc6934cb1b3ae8070746cc19d995647f4ba29914faedbd52ae916d3ac72afbe986670870a3e43eb2b54edac62d39e5bd925966fc2b5eaea0c902b2482278f2b4edbc01aece4d820c4ba45bbe8bac06e4ebe1b23a5c97a19dd5772e19bc4ded41e7cfda85454bbc709e6f4a066df130104230f768af5acd741f1eba0bf5e9c7900bcd3e14b94985493a3009479b9a4b0e02e277af90c36ae7d5ab89aa7aacc6fd0de345c9e0466aa21a4fa00132f7ca439cf1cdef06a19c581b180430e985cfef0c5e9393022621faf76f1e4539a0c622b93059a02f3d043d7918575f4ec7f454c7ca73860becbecbffccab45796c993d2dd78ace0c7863f2a52775d4c37256bdf6c2ce57531f5a96f5496d900e7963176d3236deaaf840ec51a6ecb58d8daefb1264bce0221e1dfd97bc45f7cf734565f54950e92b9c472e8d4514363c7fcaa1bee4eff3b8f3eff7a9054d087414ee5e6c16dcdebc59803ae52330e92590b91f19851c7ac14c3d40a136a10a5cf2f75d716a52ac15c6cde19db63d56c96f462333cb0bf33adc5ce10e233422852ec05497730f9c83eff5365ebc7800de940c83fc026cc4c26093b76532f2650460920ed8f4eda98515a0ab6c09b68af1f333ace3fd6e1cad55858a1000df850a96b19d82ca6c096ad8a4e7418b98b43dbd7e499eb274ba9ce9cb003451056e408e07bdea8c9d639445f144d05aa09311782c17df31dba2758d01a6823f9ffbfbf4a6fe696f9ac0add9f7edc96fdcad7bdb74e2c5aa5d457a27555d3fbb13a35133e1ec5dee65fe5c0f4802c2e4bc8f4322b73d2707e13d466d34640f8850766fcf088a2771fa7b695f7bc9630a1371303be5bac790d1e80994508771a14d0a7e8a1ff4b1a29a17588e9edbe21e61782548dc7dc479eaf69054898320788c5a80af1ce87c9ac72751d98d15e3c07b569b77e3be00a911ddda05fc30eaaa7b03bce578f875ae4cc96c640e693e834cbea2e1b289ceb37a32f531863f0ab600247c220375dddb660d777ad99498da0cd56ec226bd5ab0df1552f011ef275ad3244e88cb813c1662058e07c190abbdfb700b177b05a130467db9fee81b84805bd38adbbbc9199d10e25401d52cce96708971bbd3b35d0cf29ce6cfd4ff4cd7b5164e31fe2e232f4a7c828e54de65871a526b4588b9a6d17471eb0adb47cf7e2a35fbec6fd514b1c5fdb5aa5fe98b755d13e8b68d0f5ce5d95d8ac3e67112d0aa11faa35352ecfe7f8ce05a70b22e6e66ca981d8522697e92cc25667c2698281630eb6aaed1c715631692d77316c844aec8da4b50cbcd6c8e702b31c1262b30c8ef6b89d64fc4ed77ce275a30d1541b83a09475f4927d82291e05a9b4bf9fef8da9a1aa4f23f4216f9ff9c32323f5380cd983c2553740d9de90e9c45bd7c7cd0c92043f16ce206a4d62f54836709b9f6ba1c85b1cb783a8eb247611cf36c3ae22ffe0ad16440a8ee9db835a9a54154b1b4dc6be889fc687b9ce47d99bf52d9e1b7b103359568db9066d759ba7267ad59bf2c3cc8b9ce097d9e7564d9e892f7ae56ae063037336343508b7dc4fbb9270013bae28043f16f0543b7ac740d2192b7149089fa4e66ee7a6773782a1bfd0ff7e25ed6f8618fd4a33f9a435a7b06d4201b7fe79f9e310df7ceedb7d794f0b44b75963a2a7d5d9a852a973c73b729f28bb0e87d2d5784dc7d7f7df970b24303ea2091b5134ade0a6d5816287d1b2829126023ab46ab64517a9719c9485a6ce0157a2e28e1803addf17fff48346539c71928d78a0aad1d20801206a66ea3f9843239809e7ed276742382778f179111b16a3189731438265c0625798748afdba105cc5e19326d4f784b1df1d0989a50a256f877fda34667b2c852149117e34cf3a737a3d36e0a4075cce596d877ace714e09da7b8f5db7a342ad57ef27ee4a471afaf0725b78b4b38ca1ff07afe7c43bfe439c1769e11ddc37d2a84d4fe41f7899a4f2f4dc5301e361849d370c71fe979605cc57db9db93847c6c67809140d3787a47d0d8723a0c4854157e9a6b548cd258aa335c377bc879f960843c3b0c6f7ec3ca3c514d2225e172562cbc6181e04ea40acac7ea4219c6023b5dbe33a0010e96bbe2fbfd6d424d7d3cee818cb1dced432431d915fef2900e5bac7679a1e983b3a6cd8d97c783e60882c623b9d057061228f21e037a204ef105f71b9c2dd2caeb7478e8bd3b1148ede67f15d342aed47ba0e6020c71af66724bb92303d7edd06fef359c511754059bd6ef594e93601cbcc77a953f5110e54cfc3a193f8066decffd2358846d1509e771369be5ea1e86a1adb9d88af83439d683549a1f40d0f474c1a4aa009a7a585f61a71d93501ad8404b5264e32d0baf9cefa28ee32fcd42388c988e3788e41022f2d04169243882ce284e010fa69d5099df934395257b8ce6128cb3a029eacebdb10cf94a5d9e2693545436a0b411a048e5ce56d75e90d73002e1c3287a17bd059d7fb8393a74222916a3819a2e7a391b6af3c5167c662863da5e5c57729877baa698202ea29375349c24fbe51ba40166857c37d6fcd44127a4dd0669e1858da7072d7536c457e52b0e1fbf93218c8be007b0c76f3f22c34faac8c883464fa1e57194ee893c9f07f8477a3f4a6f38d418a27d5dfd481792563d65f867b6c53467c38b52aa5132d11058713791aaca1c2e61f97f4ac18c2353ffc7ec46da708057c754ec346fe327edecbf48f0684d42ab73f2be01e043c110e41ec16f23a3d89532c8193aca44aedfe0458d69b2bd0ee6a1e44e250d95e732d54e058c5bde686f895992bfd9e55fc5a8892bc57dec68f841850b3a41e63875c2a21967beea29e91c559676c0d8f134f6809a9ebbfe93296d1d10f80db3ee69f9ee16bca676ce4e9a055f1aa24fbed2963696d71fec92d83fe2d32c9d21574070ed721e0bfc16579241deb8b64b784cf16bc84982a887c804c5611638d3eea00d0a1c2cd66e09c8ce893c794c2d66e88083dec675d75efd92e80d9073bf52adc6d51107cd554057dec5362d544e2aba485c69738804b6395fde287f7d1c1d4588412e72a3f2b803ad76ccc1f89508c33a02d35df640e2cc11ea57c4223f531722891060446de8199acd415261fd00888a795e138009efd5cf4c079aa1a914ab0239c9fb7fbba4801d3cca3943933695ecaed8fdc195b5ecc32379d390cd59216a5289c53fd64bcaa05f195b551a2783c8278546726e87198caa38c64302107ecd84b72282cc2186faae863431908117b7fbfebc5af60faee2dd9b84952f36d15f4ad6bfc2eea943e5392d31cac4b4ac94a78d262fab45fb26e9193d498e7b7b2db594436040ad2548bcff9c8a5afc04438fa44ba60f8974bb94a0b9e074904046ddda505fed910495b217b024e8f4efd2c1ba2cabcfbcc6d4159b33029676cf984ec54bf915abbe67d415edd762472c6548d54fff2fd3c0b375e50ce3bce5b28b03861aac982653600074936329389b9162d37f9819858a97f8ca896af3533dee83e114d8b470b36121f659cd72b96c1c3aca73c69ce905799c878bc666e6365cd8f4b36e41ec7c40af58e8b6b8ba45e0b342f1128282bfbd5e60f99f172a0ba28997a9e94b04bae1a6e5030af1e2f0c35bee69df91b2c36b48d393ca18c35765bd87599bc2659908749d7469f4f5de5b8a1054ab2be6ebc9f0746f170339774ead0e4c1159956151bd5fda153bc271fbc7535041f46a1b4258b50d4f79c4f6f35a4b4bc1755e23791aae42089f472777ddb5fa3df2c5d1e768dfb5d17b2864dd44dfc629c2264e07b2ce517e7ae2673b619748f381deb084c9eb4dc0c50355378174abbd09f7a14aefef32394aa466366acafcf10b95b83c6e90e753b6d7ff71a369a0d5d9706450ce261fd895ae9c9957f76a188feed09289a17476eab842ae4aad6e667f9f977c465d8021ce2920383035eaf4500efe6797747a280acfdccef013865ffb9c1d8dfeb1c1f69fa0b585009d17b2d920d406e94086ad1e9ce52a8c576e258411d0003582172701adaf053ebb49ee50ae28bd81472e41c3156030e450502af7f5864be24cc9893f87029fd4f481bb9972220b8a83a2dc26b98ff6b3ead61c637a64c9c98de69dd0917bf1f116a541d1244001149f44723f71a6714e9c77e9e736aa0a1499aa798628bd0c6b6b0f726ebe4d3821f018e0faf50f1dcfa4f888a1a6276d836675a8bdca46e4dccd1bbb477db336eaa8d0a6c98aeb4311bb29e9830f2a6a531eb4d047a5a9c02cd0156f919f457aeb0128b54e6446eb5ea2f180c44e55a5a77779d6bd171d8a839aac9d3940520d6252403c0781b523be4ae2821aa46efedb2bd7a360a6613fa270ab9fe486341557871bb54add8e39671476cc238c81f5fd420df9668bb81ff4001d0a0f8a8b6c87c1487d0d370a87f9f1298bdbcdefd8156afee6fc09f61373d663d3adb7b2e5acdcebe1b44a298c367edeccbf5453c8f08e8e93bf177ceae41dca67cf27e5ad9d5d58ff6028f639794bb268a76b2cb49e880939671dcc3182a347a2cfd2ff9b7e84b1adb3fd766a1ab87d6808cf100a97fb0553a36bf1d7701fe6edf3bce8802391b5ef6cb4bda130278f91196bf7cee52db170edf102c8f80cf81caf54f7934a08f030f9ac83eea0f2f9d896e0a7f8483d80a298b69fa783a696725e75d21f90f5373fd9134e9fff2f58b595db8a42fd948c8ae16db71fedbb3ced17d2e1dd8ec27e8e7b601705a94245841049d6023b7760b063e776e631d12d05baf31e0b9771b8f8b1a83a03cd63679da9a607d1c907e317a72e703abce4e57a99d934874c909208b6d9d7e626f9355f6fca44b0976ed28b8169d02a294e30b7ec935b3c09773bad30a541094252424f799f271b30b48459ad102d34f4c33a0317d028aefccccacc4fc74eb181d2ce3f98561ee2e7480df034b59c4b5f9b7317db2adb9a8e3ad82b0c3262a4c2473c49675786b20d0a2f8680e8a6"}, @typed={0x8, 0x73, @str='\x00'}, @generic="516470f5df52595f0b2df4827658b6b9ee59b0646896e419c8e8611d7a98a8d36f4c7c2f371885e25685059df50920f72a6c1beaa033481275ebcd3a5615ccb0c9db17a4bffd423c34fb4392c634242143d5beb2d72456c3c204632daf15aad3d58922"]}, 0x2114}, {&(0x7f0000002800)={0xf4, 0x32, 0x400, 0x70bd28, 0x25dfdbfc, "", [@nested={0xe4, 0x6, [@generic="0fb22434f3af17187956d2991ae5a4df9c38b2231d6810a2373f9f1b54446e89587f1670a239e9c5360a5f5d51d9040caedc78329291b79727261d4e15d006a83e18fab3c6d545dac187e5a57bf64a3bcabed229c13b5e41d3c93d68336b2ef2cc291dce9842891d46c28caf0c704d05230f66098fae772120fa6a3e10cce20f0c947762070eaec5e5f4ac12c5b252f5dd90dea13573cf21d3a6d7196c38a6efb1c3eeb4c0e68a7f448e326922f3010505e73af509aac7c12852fbac040b2a17f7a39d3e28471895a8d6d3335314f4d5873dec748b73b7", @typed={0x8, 0x21, @fd=r3}]}]}, 0xf4}], 0x3, &(0x7f0000002980)=[@rights={0x30, 0x1, 0x1, [r3, r6, r6, r2, r6, r0, r0]}, @cred={0x20, 0x1, 0x2, r8, r4, r7}, @cred={0x20, 0x1, 0x2, r9, r4, r7}, @rights={0x20, 0x1, 0x1, [r6, r1, r6]}], 0x90, 0x20040090}, 0x4080) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:54 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdef]}}, 0x20) 02:11:54 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f757465000600", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:54 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f00000002c0)=0x2, 0x4) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:54 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7036488e8"}}}, &(0x7f0000b0c000)) 02:11:55 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x293, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:55 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x100000000000000]}}, 0x20) 02:11:55 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) write(r1, &(0x7f0000000480)="101a806f1aeef49613417deb9c19c1f3482f418ccb7bd17a79b3130f16c176f2507779febb5c625f79368520428e1fbcaa6afa18cbb286ad7300027bbf62cc422ca66c719b362d2ed193376e1efe9f6d39249ed2ab56ac364a7cb52e59af5942818ada4cd89763de8ede2a7f3907abf2081957578f828ac10f34e1aa65f8e7d4740af1806f747b00277faa7e40487931d8b581f65a5ff9e6e029fb3111ae1ff17d318b0c9a12db03ac4afae0faaa2836133277f3720cb6f0c6143f1a039eb281b72782d354d82ab924d734855bafc7bcce42c80a3d4e38c2501eea12b40704e802b99dbff656b52cb84646", 0xeb) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) [ 881.989489] FAULT_INJECTION: forcing a failure. [ 881.989489] name failslab, interval 1, probability 0, space 0, times 0 [ 882.057895] CPU: 0 PID: 1171 Comm: syz-executor1 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 882.066344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 882.075703] Call Trace: [ 882.078343] dump_stack+0x244/0x3ab [ 882.082006] ? dump_stack_print_info.cold.2+0x52/0x52 [ 882.087217] should_fail.cold.4+0xa/0x17 [ 882.091295] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 882.096411] ? pick_next_task_fair+0xa05/0x1b30 [ 882.101094] ? rcu_qs+0x23/0x110 02:11:55 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x200000000000000]}}, 0x20) 02:11:55 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xfffffffffffffcb2) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) getsockopt$sock_buf(r2, 0x1, 0x3f, &(0x7f0000000480)=""/228, &(0x7f00000002c0)=0xe4) getsockopt$inet_mreqn(r3, 0x0, 0x24, &(0x7f0000000300), &(0x7f0000000340)=0xc) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) [ 882.101112] ? rcu_note_context_switch+0x7d3/0x2150 [ 882.101134] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 882.109506] ? run_rebalance_domains+0x500/0x500 [ 882.109523] ? debug_smp_processor_id+0x1c/0x20 [ 882.109545] ? perf_trace_lock_acquire+0x15b/0x800 [ 882.129430] ? rcu_softirq_qs+0x20/0x20 [ 882.133472] ? fs_reclaim_acquire+0x20/0x20 [ 882.137807] ? lock_downgrade+0x900/0x900 [ 882.141969] ? perf_trace_sched_process_exec+0x860/0x860 [ 882.147433] ? enqueue_entity+0x34b/0x20d0 [ 882.151698] __should_failslab+0x124/0x180 [ 882.155981] should_failslab+0x9/0x14 [ 882.159797] kmem_cache_alloc+0x2be/0x730 [ 882.163957] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 882.168983] __kernfs_new_node+0x127/0x8d0 [ 882.173231] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 882.178005] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 882.183552] ? perf_trace_lock+0x7a0/0x7a0 [ 882.187797] ? debug_smp_processor_id+0x1c/0x20 [ 882.192486] ? perf_trace_lock_acquire+0x15b/0x800 [ 882.197430] ? perf_trace_lock+0x7a0/0x7a0 [ 882.197458] ? trace_hardirqs_on+0xbd/0x310 [ 882.197477] ? kasan_check_read+0x11/0x20 [ 882.206032] ? enqueue_task_fair+0x24d/0xa50 [ 882.206048] ? enqueue_entity+0x20d0/0x20d0 [ 882.206069] kernfs_new_node+0x95/0x120 [ 882.206089] kernfs_create_dir_ns+0x4d/0x160 [ 882.227322] internal_create_group+0x5fc/0xd80 [ 882.231924] ? remove_files.isra.1+0x190/0x190 [ 882.236509] ? up_write+0x7b/0x220 [ 882.240057] ? down_write_nested+0x130/0x130 [ 882.244499] ? down_read+0x120/0x120 [ 882.248232] sysfs_create_group+0x1f/0x30 [ 882.252391] lo_ioctl+0x1307/0x1d60 [ 882.256031] ? lo_rw_aio+0x1ef0/0x1ef0 [ 882.259926] blkdev_ioctl+0x9ac/0x2010 [ 882.263820] ? blkpg_ioctl+0xc10/0xc10 [ 882.267726] ? lock_downgrade+0x900/0x900 [ 882.271887] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 882.271912] ? save_stack+0x43/0xd0 [ 882.280473] ? __kasan_slab_free+0x102/0x150 [ 882.280494] ? __fget+0x4d1/0x740 [ 882.280513] ? ksys_dup3+0x680/0x680 [ 882.292083] block_ioctl+0xee/0x130 [ 882.295730] ? blkdev_fallocate+0x400/0x400 [ 882.300067] do_vfs_ioctl+0x1de/0x1720 [ 882.303965] ? trace_hardirqs_on+0xbd/0x310 [ 882.308313] ? ioctl_preallocate+0x300/0x300 [ 882.312762] ? __fget_light+0x2e9/0x430 [ 882.316753] ? fget_raw+0x20/0x20 [ 882.320237] ? putname+0xf2/0x130 [ 882.323725] ? kmem_cache_free+0x21a/0x290 [ 882.327965] ? putname+0xf7/0x130 [ 882.331430] ? do_sys_open+0x3ac/0x700 [ 882.335342] ? security_file_ioctl+0x94/0xc0 [ 882.339759] ksys_ioctl+0xa9/0xd0 [ 882.343226] __x64_sys_ioctl+0x73/0xb0 [ 882.347129] do_syscall_64+0x1b9/0x820 [ 882.351073] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 882.356453] ? syscall_return_slowpath+0x5e0/0x5e0 [ 882.361391] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 882.366236] ? trace_hardirqs_on_caller+0x310/0x310 [ 882.371239] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 882.376241] ? prepare_exit_to_usermode+0x291/0x3b0 [ 882.381250] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 882.386079] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 882.391273] RIP: 0033:0x457387 [ 882.394462] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 882.413552] RSP: 002b:00007fe98cd2fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 882.421248] RAX: ffffffffffffffda RBX: 0000000020000110 RCX: 0000000000457387 [ 882.428504] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 882.435757] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 882.443032] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 882.450285] R13: 0000000000000000 R14: 00000000004d7d28 R15: 0000000000000003 [ 882.462862] EXT4-fs (sda1): re-mounted. Opts: 02:11:55 executing program 1 (fault-call:2 fault-nth:11): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[]) 02:11:55 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f757465000000000007fffffe00", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:55 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000]}}, 0x20) 02:11:55 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7034888e8"}}}, &(0x7f0000b0c000)) 02:11:55 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x111, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:55 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f00000002c0)=[@in6={0xa, 0x4e23, 0x8001, @remote, 0x8}, @in={0x2, 0xffff, @rand_addr=0x27}], 0x2c) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:55 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f75746500000000000000000100", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:55 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a703003fe8"}}}, &(0x7f0000b0c000)) 02:11:55 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xfdef]}}, 0x20) 02:11:55 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) ioctl$sock_inet_SIOCADDRT(r3, 0x890b, &(0x7f0000000300)={0x80000001, {0x2, 0x4e20, @multicast2}, {0x2, 0x4e20, @remote}, {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1f}}, 0x8, 0x101, 0x101, 0x4, 0x4f, &(0x7f00000002c0)='ipddp0\x00', 0x9, 0x1ff, 0x7}) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) [ 882.566510] FAULT_INJECTION: forcing a failure. [ 882.566510] name failslab, interval 1, probability 0, space 0, times 0 02:11:55 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00\x00\x00\x00\a\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) [ 882.618220] CPU: 1 PID: 1237 Comm: syz-executor1 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 882.626682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 882.636050] Call Trace: [ 882.636079] dump_stack+0x244/0x3ab [ 882.636104] ? dump_stack_print_info.cold.2+0x52/0x52 [ 882.642300] ? radix_tree_tag_set+0x3d0/0x3d0 [ 882.642322] should_fail.cold.4+0xa/0x17 [ 882.642341] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 882.661664] ? __save_stack_trace+0x8d/0xf0 [ 882.666004] ? lock_acquire+0x1ed/0x520 [ 882.669993] ? kernfs_activate+0x8e/0x2c0 [ 882.674154] ? lock_release+0xa10/0xa10 [ 882.678148] ? perf_trace_sched_process_exec+0x860/0x860 [ 882.683625] ? fs_reclaim_acquire+0x20/0x20 [ 882.687953] ? lock_downgrade+0x900/0x900 [ 882.692114] ? perf_trace_sched_process_exec+0x860/0x860 [ 882.697584] __should_failslab+0x124/0x180 [ 882.701854] should_failslab+0x9/0x14 [ 882.705847] kmem_cache_alloc+0x2be/0x730 [ 882.710012] ? kasan_check_read+0x11/0x20 [ 882.714173] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 882.719203] __kernfs_new_node+0x127/0x8d0 [ 882.723474] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 882.728246] ? kasan_check_write+0x14/0x20 [ 882.732492] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 882.737459] ? __kernfs_new_node+0x697/0x8d0 [ 882.741889] ? wait_for_completion+0x8a0/0x8a0 [ 882.746485] ? kasan_check_write+0x14/0x20 [ 882.750727] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 882.755665] ? _raw_spin_unlock_irq+0x60/0x80 [ 882.760195] ? __schedule+0x168b/0x21d0 [ 882.764179] ? wait_for_completion+0x8a0/0x8a0 [ 882.768784] ? mutex_unlock+0xd/0x10 [ 882.772505] ? kernfs_activate+0x21a/0x2c0 [ 882.776752] kernfs_new_node+0x95/0x120 [ 882.780738] __kernfs_create_file+0x5a/0x340 [ 882.785158] sysfs_add_file_mode_ns+0x222/0x530 [ 882.789845] internal_create_group+0x3df/0xd80 [ 882.794452] ? remove_files.isra.1+0x190/0x190 [ 882.799036] ? up_write+0x7b/0x220 [ 882.802612] ? down_write_nested+0x130/0x130 [ 882.807026] ? down_read+0x120/0x120 [ 882.810766] sysfs_create_group+0x1f/0x30 [ 882.814921] lo_ioctl+0x1307/0x1d60 [ 882.818560] ? lo_rw_aio+0x1ef0/0x1ef0 [ 882.822480] blkdev_ioctl+0x9ac/0x2010 [ 882.826401] ? blkpg_ioctl+0xc10/0xc10 [ 882.830302] ? lock_downgrade+0x900/0x900 [ 882.834475] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 882.839423] ? save_stack+0x43/0xd0 [ 882.843066] ? __kasan_slab_free+0x102/0x150 [ 882.847486] ? __fget+0x4d1/0x740 [ 882.850951] ? ksys_dup3+0x680/0x680 [ 882.854703] block_ioctl+0xee/0x130 [ 882.858345] ? blkdev_fallocate+0x400/0x400 [ 882.862689] do_vfs_ioctl+0x1de/0x1720 [ 882.866600] ? trace_hardirqs_on+0xbd/0x310 [ 882.870951] ? ioctl_preallocate+0x300/0x300 [ 882.875377] ? __fget_light+0x2e9/0x430 [ 882.879382] ? fget_raw+0x20/0x20 [ 882.882849] ? putname+0xf2/0x130 [ 882.886315] ? kmem_cache_free+0x21a/0x290 [ 882.890567] ? putname+0xf7/0x130 [ 882.894054] ? do_sys_open+0x3ac/0x700 [ 882.897969] ? security_file_ioctl+0x94/0xc0 [ 882.902412] ksys_ioctl+0xa9/0xd0 [ 882.906171] __x64_sys_ioctl+0x73/0xb0 [ 882.910091] do_syscall_64+0x1b9/0x820 [ 882.913996] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 882.919378] ? syscall_return_slowpath+0x5e0/0x5e0 [ 882.924318] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 882.929173] ? trace_hardirqs_on_caller+0x310/0x310 [ 882.934205] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 882.939263] ? prepare_exit_to_usermode+0x291/0x3b0 [ 882.944320] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 882.949202] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 882.954426] RIP: 0033:0x457387 [ 882.957639] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 882.976567] RSP: 002b:00007fe98cd2fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 882.984289] RAX: ffffffffffffffda RBX: 0000000020000110 RCX: 0000000000457387 [ 882.991569] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 882.998847] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 883.006121] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 02:11:56 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f757465000000000600", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) [ 883.013490] R13: 0000000000000000 R14: 00000000004d7d28 R15: 0000000000000003 02:11:56 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x27a, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) [ 883.154468] EXT4-fs (sda1): re-mounted. Opts: 02:11:56 executing program 1 (fault-call:2 fault-nth:12): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[]) 02:11:56 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00\x00\x00\x00@\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:56 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a, 0xfa00, {0x0, &(0x7f0000000000), 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2]}}, 0x20) 02:11:56 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000480)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xffffffffffffffad) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:56 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x3dc, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) [ 883.272587] FAULT_INJECTION: forcing a failure. [ 883.272587] name failslab, interval 1, probability 0, space 0, times 0 [ 883.284054] CPU: 0 PID: 1293 Comm: syz-executor1 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 883.292480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 883.301837] Call Trace: [ 883.304455] dump_stack+0x244/0x3ab [ 883.308101] ? dump_stack_print_info.cold.2+0x52/0x52 [ 883.313309] should_fail.cold.4+0xa/0x17 [ 883.317383] ? fault_create_debugfs_attr+0x1f0/0x1f0 02:11:56 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$bt_hidp(0x1f, 0x3, 0x6) tee(r0, r1, 0x4f, 0x1) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000080)=0x4) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dsp\x00', 0x1, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r3, 0x641f) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r3, 0x84, 0x13, &(0x7f0000000000)=0x1000, 0x4) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r3, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r4, 0x800448d2, &(0x7f0000000140)) [ 883.322498] ? lock_release+0xa10/0xa10 [ 883.326484] ? perf_trace_sched_process_exec+0x860/0x860 [ 883.331952] ? __mutex_lock+0x85e/0x16f0 [ 883.336030] ? node_tag_clear+0xc2/0x1c0 [ 883.340107] ? kernfs_activate+0x8e/0x2c0 [ 883.344279] ? fs_reclaim_acquire+0x20/0x20 [ 883.348632] ? lock_downgrade+0x900/0x900 [ 883.352794] ? __mutex_lock+0x85e/0x16f0 [ 883.356875] ? perf_trace_sched_process_exec+0x860/0x860 [ 883.362338] ? kernfs_activate+0x21a/0x2c0 [ 883.366594] __should_failslab+0x124/0x180 [ 883.370841] should_failslab+0x9/0x14 [ 883.374658] kmem_cache_alloc+0x2be/0x730 [ 883.378826] ? lock_downgrade+0x900/0x900 [ 883.382988] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 883.388021] __kernfs_new_node+0x127/0x8d0 [ 883.392275] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 883.397032] ? kasan_check_write+0x14/0x20 [ 883.401273] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 883.406187] ? wait_for_completion+0x8a0/0x8a0 [ 883.410764] ? wait_for_completion+0x8a0/0x8a0 [ 883.415352] ? kasan_check_write+0x14/0x20 [ 883.419575] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 883.424503] ? mutex_unlock+0xd/0x10 [ 883.428205] ? kernfs_activate+0x21a/0x2c0 [ 883.432449] ? kernfs_walk_and_get_ns+0x340/0x340 [ 883.437283] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 883.442805] ? kernfs_link_sibling+0x1d2/0x3b0 [ 883.447375] kernfs_new_node+0x95/0x120 [ 883.451339] __kernfs_create_file+0x5a/0x340 [ 883.455739] sysfs_add_file_mode_ns+0x222/0x530 [ 883.460412] internal_create_group+0x3df/0xd80 [ 883.464993] ? remove_files.isra.1+0x190/0x190 [ 883.469561] ? up_write+0x7b/0x220 [ 883.473085] ? down_write_nested+0x130/0x130 [ 883.477479] ? down_read+0x120/0x120 [ 883.481182] sysfs_create_group+0x1f/0x30 [ 883.485317] lo_ioctl+0x1307/0x1d60 [ 883.488928] ? lo_rw_aio+0x1ef0/0x1ef0 [ 883.492832] blkdev_ioctl+0x9ac/0x2010 [ 883.496706] ? blkpg_ioctl+0xc10/0xc10 [ 883.500628] ? lock_downgrade+0x900/0x900 [ 883.504790] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 883.509738] ? save_stack+0x43/0xd0 [ 883.513360] ? __kasan_slab_free+0x102/0x150 [ 883.517785] ? __fget+0x4d1/0x740 [ 883.521226] ? ksys_dup3+0x680/0x680 [ 883.524946] block_ioctl+0xee/0x130 [ 883.528573] ? blkdev_fallocate+0x400/0x400 [ 883.532904] do_vfs_ioctl+0x1de/0x1720 [ 883.536783] ? trace_hardirqs_on+0xbd/0x310 [ 883.541092] ? ioctl_preallocate+0x300/0x300 [ 883.545503] ? __fget_light+0x2e9/0x430 [ 883.549466] ? fget_raw+0x20/0x20 [ 883.552903] ? putname+0xf2/0x130 [ 883.556356] ? kmem_cache_free+0x21a/0x290 [ 883.560581] ? putname+0xf7/0x130 [ 883.564047] ? do_sys_open+0x3ac/0x700 [ 883.567937] ? security_file_ioctl+0x94/0xc0 [ 883.572337] ksys_ioctl+0xa9/0xd0 [ 883.575811] __x64_sys_ioctl+0x73/0xb0 [ 883.579689] do_syscall_64+0x1b9/0x820 [ 883.583573] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 883.588940] ? syscall_return_slowpath+0x5e0/0x5e0 [ 883.593855] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 883.598697] ? trace_hardirqs_on_caller+0x310/0x310 [ 883.603704] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 883.608718] ? prepare_exit_to_usermode+0x291/0x3b0 [ 883.613738] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 883.618591] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 883.623801] RIP: 0033:0x457387 [ 883.627017] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 883.645927] RSP: 002b:00007fe98cd2fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 883.653622] RAX: ffffffffffffffda RBX: 0000000020000110 RCX: 0000000000457387 [ 883.660876] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 02:11:56 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a703000de8"}}}, &(0x7f0000b0c000)) 02:11:56 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x1e6, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:56 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x200000a0) 02:11:56 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f75746500000300", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:56 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f757465000400", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) [ 883.668128] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 883.675398] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 883.682680] R13: 0000000000000000 R14: 00000000004d7d28 R15: 0000000000000003 [ 883.707918] EXT4-fs (sda1): re-mounted. Opts: 02:11:56 executing program 1 (fault-call:2 fault-nth:13): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[]) 02:11:56 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00\x00\x00\x00\x00\x00\x00\x00@\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:56 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x5) 02:11:56 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) 02:11:56 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030600e8"}}}, &(0x7f0000b0c000)) 02:11:56 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f75746500000000000000000400", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:11:56 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x807ff, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) [ 883.872830] FAULT_INJECTION: forcing a failure. [ 883.872830] name failslab, interval 1, probability 0, space 0, times 0 [ 883.930984] CPU: 1 PID: 1338 Comm: syz-executor1 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 883.939445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 883.948803] Call Trace: [ 883.951412] dump_stack+0x244/0x3ab [ 883.955070] ? dump_stack_print_info.cold.2+0x52/0x52 [ 883.960281] should_fail.cold.4+0xa/0x17 [ 883.964352] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 883.969478] ? lock_release+0xa10/0xa10 [ 883.973488] ? perf_trace_sched_process_exec+0x860/0x860 [ 883.978961] ? __mutex_lock+0x85e/0x16f0 [ 883.983032] ? node_tag_clear+0xc2/0x1c0 [ 883.987105] ? kernfs_activate+0x8e/0x2c0 [ 883.991328] ? fs_reclaim_acquire+0x20/0x20 [ 883.995671] ? lock_downgrade+0x900/0x900 [ 883.999831] ? __mutex_lock+0x85e/0x16f0 [ 884.003910] ? perf_trace_sched_process_exec+0x860/0x860 [ 884.009372] ? kernfs_activate+0x21a/0x2c0 [ 884.013625] __should_failslab+0x124/0x180 [ 884.017880] should_failslab+0x9/0x14 [ 884.021706] kmem_cache_alloc+0x2be/0x730 [ 884.025869] ? lock_downgrade+0x900/0x900 [ 884.030064] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 884.035132] __kernfs_new_node+0x127/0x8d0 [ 884.039383] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 884.044154] ? kasan_check_write+0x14/0x20 [ 884.048402] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 884.053346] ? wait_for_completion+0x8a0/0x8a0 [ 884.057945] ? wait_for_completion+0x8a0/0x8a0 [ 884.062536] ? kasan_check_write+0x14/0x20 [ 884.066784] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 884.071730] ? mutex_unlock+0xd/0x10 [ 884.075468] ? kernfs_activate+0x21a/0x2c0 [ 884.079711] ? kernfs_walk_and_get_ns+0x340/0x340 [ 884.084566] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 884.090114] ? kernfs_link_sibling+0x1d2/0x3b0 [ 884.094710] kernfs_new_node+0x95/0x120 [ 884.098703] __kernfs_create_file+0x5a/0x340 [ 884.103126] sysfs_add_file_mode_ns+0x222/0x530 [ 884.107809] internal_create_group+0x3df/0xd80 [ 884.112406] ? remove_files.isra.1+0x190/0x190 [ 884.117004] ? up_write+0x7b/0x220 [ 884.120560] ? down_write_nested+0x130/0x130 [ 884.124981] ? down_read+0x120/0x120 02:11:57 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f7574650007fffffe00", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) [ 884.128716] sysfs_create_group+0x1f/0x30 [ 884.132878] lo_ioctl+0x1307/0x1d60 [ 884.136515] ? lo_rw_aio+0x1ef0/0x1ef0 [ 884.140409] blkdev_ioctl+0x9ac/0x2010 [ 884.144313] ? blkpg_ioctl+0xc10/0xc10 [ 884.148211] ? lock_downgrade+0x900/0x900 [ 884.152387] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 884.157333] ? save_stack+0x43/0xd0 [ 884.160970] ? __kasan_slab_free+0x102/0x150 [ 884.165429] ? __fget+0x4d1/0x740 [ 884.168920] ? ksys_dup3+0x680/0x680 [ 884.172650] block_ioctl+0xee/0x130 [ 884.176284] ? blkdev_fallocate+0x400/0x400 [ 884.180613] do_vfs_ioctl+0x1de/0x1720 [ 884.184518] ? trace_hardirqs_on+0xbd/0x310 [ 884.188855] ? ioctl_preallocate+0x300/0x300 [ 884.193282] ? __fget_light+0x2e9/0x430 [ 884.197273] ? fget_raw+0x20/0x20 [ 884.200734] ? putname+0xf2/0x130 [ 884.204197] ? kmem_cache_free+0x21a/0x290 [ 884.208460] ? putname+0xf7/0x130 [ 884.211924] ? do_sys_open+0x3ac/0x700 [ 884.215823] ? security_file_ioctl+0x94/0xc0 [ 884.220256] ksys_ioctl+0xa9/0xd0 [ 884.223729] __x64_sys_ioctl+0x73/0xb0 [ 884.227629] do_syscall_64+0x1b9/0x820 [ 884.231524] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 884.236904] ? syscall_return_slowpath+0x5e0/0x5e0 [ 884.241841] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 884.246684] ? trace_hardirqs_on_caller+0x310/0x310 [ 884.251691] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 884.256698] ? prepare_exit_to_usermode+0x291/0x3b0 [ 884.261707] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 884.266552] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 884.271728] RIP: 0033:0x457387 [ 884.274911] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 884.293823] RSP: 002b:00007fe98cd2fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 884.301530] RAX: ffffffffffffffda RBX: 0000000020000110 RCX: 0000000000457387 [ 884.308794] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 884.316078] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 884.323342] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 02:11:57 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x6d, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:11:57 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f00000002c0)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:57 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f00000000c0)) 02:11:57 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030d00e8"}}}, &(0x7f0000b0c000)) [ 884.330606] R13: 0000000000000000 R14: 00000000004d7d28 R15: 0000000000000003 [ 884.340803] EXT4-fs (sda1): re-mounted. Opts: 02:11:57 executing program 1 (fault-call:2 fault-nth:14): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[]) 02:11:57 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000240)='cpuset\x00') preadv(r3, &(0x7f0000000480), 0x10000000000001ed, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/snapshot\x00', 0x8000, 0x0) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r3, 0x40042409, 0x1) 02:11:57 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhci\x00', 0x4000, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x2a, &(0x7f0000000100)={0x3, {{0xa, 0x4e24, 0x3}}}, 0x88) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r3 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r3, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000080)={0x2, 0x1a}, 0x20) 02:11:57 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7038848e8"}}}, &(0x7f0000b0c000)) [ 884.525544] FAULT_INJECTION: forcing a failure. [ 884.525544] name failslab, interval 1, probability 0, space 0, times 0 [ 884.553676] CPU: 0 PID: 1396 Comm: syz-executor1 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 884.562117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 884.571502] Call Trace: [ 884.574105] dump_stack+0x244/0x3ab [ 884.577756] ? dump_stack_print_info.cold.2+0x52/0x52 [ 884.582975] should_fail.cold.4+0xa/0x17 [ 884.587056] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 884.592174] ? lock_release+0xa10/0xa10 [ 884.596160] ? perf_trace_sched_process_exec+0x860/0x860 [ 884.601632] ? __mutex_lock+0x85e/0x16f0 [ 884.605701] ? node_tag_clear+0xc2/0x1c0 [ 884.609786] ? kernfs_activate+0x8e/0x2c0 [ 884.613950] ? fs_reclaim_acquire+0x20/0x20 [ 884.618285] ? lock_downgrade+0x900/0x900 02:11:57 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f75746500feffff0700", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) [ 884.622453] ? __mutex_lock+0x85e/0x16f0 [ 884.626527] ? perf_trace_sched_process_exec+0x860/0x860 [ 884.631988] ? kernfs_activate+0x21a/0x2c0 [ 884.636240] __should_failslab+0x124/0x180 [ 884.640487] should_failslab+0x9/0x14 [ 884.644304] kmem_cache_alloc+0x2be/0x730 [ 884.645051] IPVS: ftp: loaded support on port[0] = 21 [ 884.648469] ? lock_downgrade+0x900/0x900 [ 884.648489] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 884.648510] __kernfs_new_node+0x127/0x8d0 [ 884.667559] ? kernfs_dop_revalidate+0x3c0/0x3c0 02:11:57 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000280)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r0, 0x408c5333, &(0x7f00000002c0)={0x7ff, 0x7, 0x81, 'queue1\x00', 0x5188}) r1 = socket$inet6(0xa, 0x1000000000006, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) openat$userio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/userio\x00', 0x2000, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = getpid() capget(&(0x7f00000000c0)={0x20071026, r5}, &(0x7f0000000140)={0x2, 0x3, 0xdd, 0x4, 0x7}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, 0xffffffffffffffff, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000100)={0x7, 0x47, 0x2}, 0x7) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000002a40)={{{@in6=@mcast2, @in6=@loopback}}, {{@in6=@dev}, 0x0, @in=@multicast1}}, &(0x7f0000002980)=0xe8) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000440)={'syz1'}, 0x1200e) r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_GET_XSAVE(r6, 0x9000aea4, &(0x7f0000000680)) openat$null(0xffffffffffffff9c, &(0x7f0000000180)='/dev/null\x00', 0x40, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r7 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) bind$bt_rfcomm(r7, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) r8 = syz_open_procfs(r5, &(0x7f0000000200)='net/protocols\x00') write$P9_RVERSION(r8, &(0x7f0000000240)={0x13, 0x65, 0xffff, 0x3, 0x6, '9P2000'}, 0x13) write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000080)={0x2, 0x1a}, 0x20) ioctl$KVM_SET_CLOCK(r4, 0x4030ae7b, &(0x7f00000001c0)={0xf2}) 02:11:57 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x19a, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) [ 884.672322] ? kasan_check_write+0x14/0x20 [ 884.676569] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 884.681509] ? wait_for_completion+0x8a0/0x8a0 [ 884.686109] ? wait_for_completion+0x8a0/0x8a0 [ 884.690704] ? kasan_check_write+0x14/0x20 [ 884.694956] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 884.699896] ? mutex_unlock+0xd/0x10 [ 884.699913] ? kernfs_activate+0x21a/0x2c0 [ 884.699934] ? kernfs_walk_and_get_ns+0x340/0x340 [ 884.712708] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 884.718267] ? kernfs_link_sibling+0x1d2/0x3b0 [ 884.722863] kernfs_new_node+0x95/0x120 [ 884.726855] __kernfs_create_file+0x5a/0x340 [ 884.731273] sysfs_add_file_mode_ns+0x222/0x530 [ 884.735962] internal_create_group+0x3df/0xd80 [ 884.740591] ? remove_files.isra.1+0x190/0x190 [ 884.745177] ? up_write+0x7b/0x220 [ 884.748729] ? down_write_nested+0x130/0x130 [ 884.753144] ? down_read+0x120/0x120 [ 884.756879] sysfs_create_group+0x1f/0x30 [ 884.761037] lo_ioctl+0x1307/0x1d60 [ 884.764685] ? lo_rw_aio+0x1ef0/0x1ef0 [ 884.768584] blkdev_ioctl+0x9ac/0x2010 [ 884.772510] ? blkpg_ioctl+0xc10/0xc10 [ 884.776404] ? lock_downgrade+0x900/0x900 [ 884.780573] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 884.785517] ? save_stack+0x43/0xd0 [ 884.789163] ? __kasan_slab_free+0x102/0x150 [ 884.793590] ? __fget+0x4d1/0x740 [ 884.797058] ? ksys_dup3+0x680/0x680 [ 884.800791] block_ioctl+0xee/0x130 [ 884.804427] ? blkdev_fallocate+0x400/0x400 [ 884.808766] do_vfs_ioctl+0x1de/0x1720 [ 884.812666] ? trace_hardirqs_on+0xbd/0x310 [ 884.816999] ? ioctl_preallocate+0x300/0x300 [ 884.821412] ? __fget_light+0x2e9/0x430 [ 884.825399] ? fget_raw+0x20/0x20 [ 884.828856] ? putname+0xf2/0x130 [ 884.832321] ? kmem_cache_free+0x21a/0x290 [ 884.836565] ? putname+0xf7/0x130 [ 884.840032] ? do_sys_open+0x3ac/0x700 [ 884.843932] ? security_file_ioctl+0x94/0xc0 [ 884.848353] ksys_ioctl+0xa9/0xd0 [ 884.851818] __x64_sys_ioctl+0x73/0xb0 [ 884.855725] do_syscall_64+0x1b9/0x820 [ 884.859637] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 884.865013] ? syscall_return_slowpath+0x5e0/0x5e0 [ 884.869947] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 884.874797] ? trace_hardirqs_on_caller+0x310/0x310 [ 884.879821] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 884.884849] ? prepare_exit_to_usermode+0x291/0x3b0 [ 884.889878] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 884.894748] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 884.899941] RIP: 0033:0x457387 [ 884.903143] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 884.922052] RSP: 002b:00007fe98cd2fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 884.929787] RAX: ffffffffffffffda RBX: 0000000020000110 RCX: 0000000000457387 [ 884.937061] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 884.944335] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 884.951611] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 884.958881] R13: 0000000000000000 R14: 00000000004d7d28 R15: 0000000000000003 [ 884.975484] EXT4-fs (sda1): re-mounted. Opts: 02:11:58 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f00000002c0)) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:11:58 executing program 1 (fault-call:2 fault-nth:15): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[]) 02:11:58 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) write$apparmor_exec(r1, &(0x7f00000002c0)={'exec ', '/dev/dsp\x00'}, 0xe) 02:11:58 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030081e8"}}}, &(0x7f0000b0c000)) 02:11:58 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000200000089, 0x8000) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) syz_mount_image$bfs(&(0x7f00000000c0)='bfs\x00', &(0x7f0000000100)='./file0\x00', 0x2, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000140)="ce683083c7df01cf433c47c1f7139ee68e8462f0bb68411f3250776d84e5f4ee85c4c20b03c58c8125b6f82217ecc4c5cacae7203edc431e9cb12070df70f047b50c9671946c6bb6ea339cba2b97ff2bf4fc9d9d4363550fcb04ab87270881", 0x5f, 0x7}], 0x10a0, 0x0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3, 0x2}}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) signalfd(r1, &(0x7f0000000200)={0x7}, 0x8) [ 885.164979] FAULT_INJECTION: forcing a failure. [ 885.164979] name failslab, interval 1, probability 0, space 0, times 0 02:11:58 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x105, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) [ 885.222478] CPU: 0 PID: 1425 Comm: syz-executor1 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 885.230930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 885.240292] Call Trace: [ 885.242896] dump_stack+0x244/0x3ab [ 885.246541] ? dump_stack_print_info.cold.2+0x52/0x52 [ 885.251756] should_fail.cold.4+0xa/0x17 [ 885.255830] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 885.260947] ? lock_release+0xa10/0xa10 [ 885.264959] ? perf_trace_sched_process_exec+0x860/0x860 [ 885.270426] ? __mutex_lock+0x85e/0x16f0 [ 885.274535] ? node_tag_clear+0xc2/0x1c0 [ 885.278619] ? kernfs_activate+0x8e/0x2c0 [ 885.282790] ? fs_reclaim_acquire+0x20/0x20 [ 885.287130] ? lock_downgrade+0x900/0x900 [ 885.291293] ? __mutex_lock+0x85e/0x16f0 [ 885.295366] ? perf_trace_sched_process_exec+0x860/0x860 [ 885.300832] ? kernfs_activate+0x21a/0x2c0 [ 885.305081] __should_failslab+0x124/0x180 [ 885.309332] should_failslab+0x9/0x14 [ 885.313151] kmem_cache_alloc+0x2be/0x730 [ 885.317318] ? lock_downgrade+0x900/0x900 [ 885.321486] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 885.326518] __kernfs_new_node+0x127/0x8d0 [ 885.330768] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 885.335536] ? kasan_check_write+0x14/0x20 [ 885.339786] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 885.344728] ? wait_for_completion+0x8a0/0x8a0 [ 885.349325] ? wait_for_completion+0x8a0/0x8a0 [ 885.353920] ? kasan_check_write+0x14/0x20 [ 885.358160] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 885.363101] ? mutex_unlock+0xd/0x10 [ 885.366822] ? kernfs_activate+0x21a/0x2c0 [ 885.371064] ? kernfs_walk_and_get_ns+0x340/0x340 [ 885.375916] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 885.381473] ? kernfs_link_sibling+0x1d2/0x3b0 [ 885.386076] kernfs_new_node+0x95/0x120 [ 885.390066] __kernfs_create_file+0x5a/0x340 [ 885.394489] sysfs_add_file_mode_ns+0x222/0x530 [ 885.399174] internal_create_group+0x3df/0xd80 [ 885.403776] ? remove_files.isra.1+0x190/0x190 [ 885.408366] ? up_write+0x7b/0x220 [ 885.411914] ? down_write_nested+0x130/0x130 [ 885.416335] ? down_read+0x120/0x120 [ 885.420073] sysfs_create_group+0x1f/0x30 [ 885.424231] lo_ioctl+0x1307/0x1d60 [ 885.427874] ? lo_rw_aio+0x1ef0/0x1ef0 [ 885.431768] blkdev_ioctl+0x9ac/0x2010 [ 885.435675] ? blkpg_ioctl+0xc10/0xc10 [ 885.439574] ? lock_downgrade+0x900/0x900 [ 885.443745] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 885.448693] ? save_stack+0x43/0xd0 [ 885.452347] ? __kasan_slab_free+0x102/0x150 [ 885.456791] ? __fget+0x4d1/0x740 [ 885.460262] ? ksys_dup3+0x680/0x680 [ 885.464000] block_ioctl+0xee/0x130 [ 885.467636] ? blkdev_fallocate+0x400/0x400 [ 885.471965] do_vfs_ioctl+0x1de/0x1720 [ 885.475865] ? trace_hardirqs_on+0xbd/0x310 [ 885.480198] ? ioctl_preallocate+0x300/0x300 [ 885.484616] ? __fget_light+0x2e9/0x430 [ 885.488601] ? fget_raw+0x20/0x20 [ 885.492064] ? putname+0xf2/0x130 [ 885.495527] ? kmem_cache_free+0x21a/0x290 [ 885.499767] ? putname+0xf7/0x130 [ 885.503252] ? do_sys_open+0x3ac/0x700 [ 885.507147] ? security_file_ioctl+0x94/0xc0 [ 885.511570] ksys_ioctl+0xa9/0xd0 [ 885.515035] __x64_sys_ioctl+0x73/0xb0 [ 885.518994] do_syscall_64+0x1b9/0x820 [ 885.522906] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 885.528282] ? syscall_return_slowpath+0x5e0/0x5e0 [ 885.533217] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 885.538087] ? trace_hardirqs_on_caller+0x310/0x310 [ 885.543115] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 885.548144] ? prepare_exit_to_usermode+0x291/0x3b0 [ 885.553188] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 885.558048] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 885.563238] RIP: 0033:0x457387 [ 885.566445] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 885.585355] RSP: 002b:00007fe98cd2fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 885.593073] RAX: ffffffffffffffda RBX: 0000000020000110 RCX: 0000000000457387 [ 885.600350] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 885.607622] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 885.614895] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 02:11:58 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000002c0)=0xe, 0x4) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) [ 885.622172] R13: 0000000000000000 R14: 00000000004d7d28 R15: 0000000000000003 [ 885.641861] EXT4-fs (sda1): re-mounted. Opts: 02:11:58 executing program 1 (fault-call:2 fault-nth:16): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[]) 02:11:58 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030543e8"}}}, &(0x7f0000b0c000)) [ 885.752676] device bridge_slave_1 left promiscuous mode [ 885.773236] bridge0: port 2(bridge_slave_1) entered disabled state [ 885.823275] device bridge_slave_0 left promiscuous mode [ 885.828781] bridge0: port 1(bridge_slave_0) entered disabled state [ 885.844543] FAULT_INJECTION: forcing a failure. [ 885.844543] name failslab, interval 1, probability 0, space 0, times 0 [ 885.868848] CPU: 1 PID: 1465 Comm: syz-executor1 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 885.877331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 885.886699] Call Trace: [ 885.889331] dump_stack+0x244/0x3ab [ 885.892997] ? dump_stack_print_info.cold.2+0x52/0x52 [ 885.898238] should_fail.cold.4+0xa/0x17 [ 885.902322] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 885.907449] ? lock_release+0xa10/0xa10 [ 885.911454] ? perf_trace_sched_process_exec+0x860/0x860 [ 885.916938] ? __mutex_lock+0x85e/0x16f0 [ 885.921004] ? node_tag_clear+0xc2/0x1c0 [ 885.925072] ? kernfs_activate+0x8e/0x2c0 [ 885.929247] ? fs_reclaim_acquire+0x20/0x20 [ 885.933581] ? lock_downgrade+0x900/0x900 [ 885.937752] ? __mutex_lock+0x85e/0x16f0 [ 885.941828] ? perf_trace_sched_process_exec+0x860/0x860 [ 885.947285] ? kernfs_activate+0x21a/0x2c0 [ 885.951554] __should_failslab+0x124/0x180 [ 885.955822] should_failslab+0x9/0x14 [ 885.959647] kmem_cache_alloc+0x2be/0x730 [ 885.963813] ? lock_downgrade+0x900/0x900 [ 885.967972] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 885.973001] __kernfs_new_node+0x127/0x8d0 [ 885.977252] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 885.982012] ? kasan_check_write+0x14/0x20 [ 885.986288] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 885.991241] ? wait_for_completion+0x8a0/0x8a0 [ 885.995857] ? wait_for_completion+0x8a0/0x8a0 [ 886.000469] ? kasan_check_write+0x14/0x20 [ 886.004712] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 886.009656] ? mutex_unlock+0xd/0x10 [ 886.013377] ? kernfs_activate+0x21a/0x2c0 [ 886.017637] ? kernfs_walk_and_get_ns+0x340/0x340 [ 886.022517] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 886.028059] ? kernfs_link_sibling+0x1d2/0x3b0 [ 886.032657] kernfs_new_node+0x95/0x120 [ 886.036667] __kernfs_create_file+0x5a/0x340 [ 886.041093] sysfs_add_file_mode_ns+0x222/0x530 [ 886.045781] internal_create_group+0x3df/0xd80 [ 886.050384] ? remove_files.isra.1+0x190/0x190 [ 886.054971] ? up_write+0x7b/0x220 [ 886.058517] ? down_write_nested+0x130/0x130 [ 886.062937] ? down_read+0x120/0x120 [ 886.066671] sysfs_create_group+0x1f/0x30 [ 886.070827] lo_ioctl+0x1307/0x1d60 [ 886.074476] ? lo_rw_aio+0x1ef0/0x1ef0 [ 886.078408] blkdev_ioctl+0x9ac/0x2010 [ 886.082358] ? blkpg_ioctl+0xc10/0xc10 [ 886.086254] ? lock_downgrade+0x900/0x900 [ 886.090449] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 886.095397] ? save_stack+0x43/0xd0 [ 886.099031] ? __kasan_slab_free+0x102/0x150 [ 886.103461] ? __fget+0x4d1/0x740 [ 886.106931] ? ksys_dup3+0x680/0x680 [ 886.110668] block_ioctl+0xee/0x130 [ 886.114311] ? blkdev_fallocate+0x400/0x400 [ 886.118660] do_vfs_ioctl+0x1de/0x1720 [ 886.122562] ? trace_hardirqs_on+0xbd/0x310 [ 886.126901] ? ioctl_preallocate+0x300/0x300 [ 886.131321] ? __fget_light+0x2e9/0x430 [ 886.135321] ? fget_raw+0x20/0x20 [ 886.138785] ? putname+0xf2/0x130 [ 886.142260] ? kmem_cache_free+0x21a/0x290 [ 886.146507] ? putname+0xf7/0x130 [ 886.149992] ? do_sys_open+0x3ac/0x700 [ 886.153895] ? security_file_ioctl+0x94/0xc0 [ 886.158338] ksys_ioctl+0xa9/0xd0 [ 886.161803] __x64_sys_ioctl+0x73/0xb0 [ 886.165705] do_syscall_64+0x1b9/0x820 [ 886.169605] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 886.174981] ? syscall_return_slowpath+0x5e0/0x5e0 [ 886.179919] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 886.184772] ? trace_hardirqs_on_caller+0x310/0x310 [ 886.189814] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 886.194844] ? prepare_exit_to_usermode+0x291/0x3b0 [ 886.199879] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 886.204739] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 886.209938] RIP: 0033:0x457387 [ 886.213176] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 886.232101] RSP: 002b:00007fe98cd2fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 886.239839] RAX: ffffffffffffffda RBX: 0000000020000110 RCX: 0000000000457387 [ 886.247132] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 886.254422] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 886.261750] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 886.269052] R13: 0000000000000000 R14: 00000000004d7d28 R15: 0000000000000003 [ 886.288092] EXT4-fs (sda1): re-mounted. Opts: [ 886.320077] team0 (unregistering): Port device team_slave_1 removed [ 886.341681] team0 (unregistering): Port device team_slave_0 removed [ 886.373844] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 886.409924] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 886.474290] bond0 (unregistering): Released all slaves [ 886.885986] bridge0: port 1(bridge_slave_0) entered blocking state [ 886.892540] bridge0: port 1(bridge_slave_0) entered disabled state [ 886.899858] device bridge_slave_0 entered promiscuous mode [ 886.935295] bridge0: port 2(bridge_slave_1) entered blocking state [ 886.941733] bridge0: port 2(bridge_slave_1) entered disabled state [ 886.949042] device bridge_slave_1 entered promiscuous mode [ 886.985337] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 887.020944] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 887.136263] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 887.164960] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 887.277587] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 887.284667] team0: Port device team_slave_0 added [ 887.305933] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 887.313209] team0: Port device team_slave_1 added [ 887.337712] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 887.361142] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 887.385403] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 887.419909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 887.612410] bridge0: port 2(bridge_slave_1) entered blocking state [ 887.618778] bridge0: port 2(bridge_slave_1) entered forwarding state [ 887.625481] bridge0: port 1(bridge_slave_0) entered blocking state [ 887.631828] bridge0: port 1(bridge_slave_0) entered forwarding state [ 887.639295] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 888.355857] 8021q: adding VLAN 0 to HW filter on device bond0 [ 888.425165] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 888.492582] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 888.498683] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 888.506429] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 888.553061] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 888.580314] 8021q: adding VLAN 0 to HW filter on device team0 02:12:02 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f757465000500", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:12:02 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) r3 = add_key$keyring(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) r4 = add_key(&(0x7f00000004c0)='logon\x00', &(0x7f0000000500)={'syz', 0x2}, &(0x7f0000000540)="b486668490f95493a6fd64650abe2c1662148c5c3498a595a9f978c537a3fad041c8cfa860a1ed209901fce0fd6ef7b0661afb86d97f80ea8109ff57289906f2bb767cefa47d2c7c9a2da8f526b02e33d5b6595886a3442ceaef663e7997d9d86aa174997b311e4d5f", 0x69, 0xffffffffffffffff) keyctl$search(0xa, r3, &(0x7f0000000340)='cifs.spnego\x00', &(0x7f0000000480)={'syz', 0x1}, r4) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:12:02 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000180)=0x14) bind$bt_hci(r2, &(0x7f00000001c0)={0x1f, r3, 0x3}, 0xc) get_mempolicy(&(0x7f00000000c0), &(0x7f0000000100), 0x2, &(0x7f0000ffd000/0x3000)=nil, 0x4) 02:12:02 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x2, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:12:02 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030e80e8"}}}, &(0x7f0000b0c000)) 02:12:02 executing program 1 (fault-call:2 fault-nth:17): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[]) [ 889.049563] FAULT_INJECTION: forcing a failure. [ 889.049563] name failslab, interval 1, probability 0, space 0, times 0 [ 889.064896] CPU: 0 PID: 1786 Comm: syz-executor1 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 889.073314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 889.082669] Call Trace: [ 889.082697] dump_stack+0x244/0x3ab [ 889.082731] ? dump_stack_print_info.cold.2+0x52/0x52 [ 889.082760] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 02:12:02 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f75746500000000000000000300", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:12:02 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f757465000000019800", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:12:02 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f757465000000000200", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) [ 889.088961] should_fail.cold.4+0xa/0x17 [ 889.103735] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 889.108851] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 889.114392] ? wake_up_klogd+0x11a/0x180 [ 889.118480] ? console_device+0xc0/0xc0 [ 889.122474] ? vprintk_emit+0x322/0x930 [ 889.126493] ? __down_trylock_console_sem+0x151/0x1f0 [ 889.131699] ? vprintk_emit+0x268/0x930 [ 889.135697] ? wake_up_klogd+0x180/0x180 [ 889.139805] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 889.145359] ? kernfs_link_sibling+0x1d2/0x3b0 02:12:02 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00\x00?\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:12:02 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f75746500000000000400", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) [ 889.149962] ? fs_reclaim_acquire+0x20/0x20 [ 889.154299] ? lock_downgrade+0x900/0x900 [ 889.158472] ? perf_trace_sched_process_exec+0x860/0x860 [ 889.163935] ? vprintk_default+0x28/0x30 [ 889.168013] __should_failslab+0x124/0x180 [ 889.172263] should_failslab+0x9/0x14 [ 889.176090] kmem_cache_alloc_trace+0x2d7/0x750 [ 889.180795] kobject_uevent_env+0x2f3/0x101e [ 889.185225] kobject_uevent+0x1f/0x24 [ 889.189046] lo_ioctl+0x1385/0x1d60 [ 889.192687] ? lo_rw_aio+0x1ef0/0x1ef0 [ 889.196594] blkdev_ioctl+0x9ac/0x2010 02:12:02 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00\x00\x00\x00\x00@\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) [ 889.200498] ? blkpg_ioctl+0xc10/0xc10 [ 889.204397] ? lock_downgrade+0x900/0x900 [ 889.208564] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 889.213528] ? save_stack+0x43/0xd0 [ 889.217186] ? __kasan_slab_free+0x102/0x150 [ 889.221607] ? __fget+0x4d1/0x740 [ 889.225091] ? ksys_dup3+0x680/0x680 [ 889.228823] block_ioctl+0xee/0x130 [ 889.232480] ? blkdev_fallocate+0x400/0x400 [ 889.236824] do_vfs_ioctl+0x1de/0x1720 [ 889.240730] ? trace_hardirqs_on+0xbd/0x310 [ 889.245062] ? ioctl_preallocate+0x300/0x300 [ 889.249499] ? __fget_light+0x2e9/0x430 [ 889.253506] ? fget_raw+0x20/0x20 [ 889.256971] ? putname+0xf2/0x130 [ 889.260452] ? kmem_cache_free+0x21a/0x290 [ 889.264692] ? putname+0xf7/0x130 [ 889.268196] ? do_sys_open+0x3ac/0x700 [ 889.272119] ? security_file_ioctl+0x94/0xc0 [ 889.276535] ksys_ioctl+0xa9/0xd0 [ 889.279998] __x64_sys_ioctl+0x73/0xb0 [ 889.283897] do_syscall_64+0x1b9/0x820 [ 889.287793] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 889.293167] ? syscall_return_slowpath+0x5e0/0x5e0 [ 889.298100] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 889.302949] ? trace_hardirqs_on_caller+0x310/0x310 [ 889.308000] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 889.313028] ? prepare_exit_to_usermode+0x291/0x3b0 [ 889.318061] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 889.322913] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 889.328107] RIP: 0033:0x457387 [ 889.331311] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 02:12:02 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = dup3(r1, r1, 0x80000) setsockopt$IP_VS_SO_SET_DEL(r2, 0x0, 0x484, &(0x7f00000000c0)={0x2c, @local, 0x7, 0x1, 'wlc\x00', 0x10, 0x4, 0x7e}, 0x2c) r3 = fcntl$dupfd(r0, 0x0, r0) getsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f0000000100)={{{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in6=@remote}}, &(0x7f0000000200)=0xe8) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000000300)={{{@in6=@remote, @in6=@mcast2, 0x4e24, 0x8, 0x4e20, 0x0, 0xa, 0x80, 0x80, 0x2c, r4, r5}, {0x9, 0x5, 0x6, 0x7, 0x2, 0x5, 0x5, 0x3}, {0x8, 0x800, 0x798efcce}, 0x5, 0x6e6bb1, 0x1, 0x1, 0x1, 0x3}, {{@in6=@mcast1, 0x4d5, 0x3b}, 0xa, @in=@loopback, 0x3500, 0x1, 0x3, 0xb8e, 0x9, 0xb44, 0x1f}}, 0xe8) bind$bt_rfcomm(r3, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0x4) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000080)={0x2, 0x1a}, 0x20) 02:12:02 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() r4 = semget(0x2, 0x3, 0x200) statfs(&(0x7f0000000340)='./file0\x00', &(0x7f0000000480)=""/67) readahead(r2, 0xffffffffffffffff, 0x8) semctl$GETALL(r4, 0x0, 0xd, &(0x7f00000002c0)=""/12) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000600)={r1, 0x10, &(0x7f00000005c0)={&(0x7f0000000580)=""/44, 0x2c, 0xffffffffffffffff}}, 0x10) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000680)={r1, 0x10, &(0x7f0000000640)={&(0x7f0000000500)=""/124, 0x7c, r5}}, 0x10) ioctl$sock_SIOCINQ(r3, 0x800448d2, &(0x7f0000000300)) [ 889.350228] RSP: 002b:00007fe98cd2fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 889.357926] RAX: ffffffffffffffda RBX: 0000000020000110 RCX: 0000000000457387 [ 889.365179] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 889.372453] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 889.379730] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 889.386992] R13: 0000000000000000 R14: 00000000004d7d28 R15: 0000000000000003 [ 889.425122] EXT4-fs (sda1): re-mounted. Opts: 02:12:02 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7033580e8"}}}, &(0x7f0000b0c000)) 02:12:02 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x385, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:12:02 executing program 1 (fault-call:2 fault-nth:18): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[]) 02:12:02 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000300)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={0xffffffffffffffff}, 0x2, 0xf}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000480)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x7, @ipv4={[], [], @local}, 0x1}, {0xa, 0x4e23, 0x7, @loopback, 0x3}, r4, 0x10000}}, 0x48) uname(&(0x7f0000000340)) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:12:02 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x800000000000004) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet6(0xa, 0x1, 0x0) getsockopt$inet6_buf(r1, 0x29, 0x31, &(0x7f0000c86000), &(0x7f0000000000)=0xfffffd62) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = socket$inet6(0xa, 0x1000000000002, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000140)='/dev/vcs#\x00', 0x6, 0x40) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, &(0x7f0000000180)={&(0x7f0000ffa000/0x3000)=nil, 0x3000}, &(0x7f00000001c0)=0x10) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x40000) write$P9_RLINK(r2, &(0x7f00000000c0)={0x7, 0x47, 0x1}, 0x7) ioctl(r3, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r5 = fcntl$dupfd(r2, 0x0, r2) bind$bt_rfcomm(r5, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000080)={0x2, 0x1a}, 0x20) [ 889.567617] FAULT_INJECTION: forcing a failure. [ 889.567617] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 889.579568] CPU: 1 PID: 1851 Comm: syz-executor1 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 889.588232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 889.597709] Call Trace: [ 889.600315] dump_stack+0x244/0x3ab [ 889.603965] ? dump_stack_print_info.cold.2+0x52/0x52 [ 889.609164] ? up+0xea/0x1c0 [ 889.612203] should_fail.cold.4+0xa/0x17 [ 889.616308] ? kasan_check_read+0x11/0x20 [ 889.616326] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 889.616348] ? console_unlock+0x832/0x1160 [ 889.625597] ? lock_downgrade+0x900/0x900 [ 889.625619] ? mark_held_locks+0x130/0x130 [ 889.625636] ? vprintk_emit+0x33d/0x930 [ 889.642204] ? trace_hardirqs_off_caller+0x300/0x300 [ 889.647350] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 889.652909] ? llist_add_batch+0x106/0x170 [ 889.657168] ? check_preemption_disabled+0x48/0x200 [ 889.662202] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 889.667783] ? should_fail+0x22d/0xd01 [ 889.671677] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 889.677228] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 889.682340] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 889.687880] ? wake_up_klogd+0x11a/0x180 [ 889.691952] __alloc_pages_nodemask+0x34b/0xdd0 [ 889.696627] ? __down_trylock_console_sem+0x151/0x1f0 [ 889.701867] ? __alloc_pages_slowpath+0x2de0/0x2de0 [ 889.706887] ? vprintk_emit+0x268/0x930 [ 889.710878] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 889.716422] ? kernfs_link_sibling+0x1d2/0x3b0 [ 889.721023] ? fs_reclaim_acquire+0x20/0x20 [ 889.725358] ? lock_downgrade+0x900/0x900 [ 889.729531] ? trace_hardirqs_off+0xb8/0x310 [ 889.733952] cache_grow_begin+0xa5/0x8c0 [ 889.738023] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 889.743573] kmem_cache_alloc_trace+0x684/0x750 [ 889.748261] kobject_uevent_env+0x2f3/0x101e [ 889.752682] kobject_uevent+0x1f/0x24 [ 889.756520] lo_ioctl+0x1385/0x1d60 [ 889.760175] ? lo_rw_aio+0x1ef0/0x1ef0 [ 889.764072] blkdev_ioctl+0x9ac/0x2010 [ 889.767966] ? blkpg_ioctl+0xc10/0xc10 [ 889.771868] ? lock_downgrade+0x900/0x900 [ 889.776030] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 889.780975] ? save_stack+0x43/0xd0 [ 889.784606] ? __kasan_slab_free+0x102/0x150 [ 889.789025] ? __fget+0x4d1/0x740 [ 889.792491] ? ksys_dup3+0x680/0x680 [ 889.796233] block_ioctl+0xee/0x130 [ 889.799867] ? blkdev_fallocate+0x400/0x400 [ 889.804196] do_vfs_ioctl+0x1de/0x1720 [ 889.808099] ? trace_hardirqs_on+0xbd/0x310 [ 889.812460] ? ioctl_preallocate+0x300/0x300 [ 889.816889] ? __fget_light+0x2e9/0x430 [ 889.820872] ? fget_raw+0x20/0x20 [ 889.824332] ? putname+0xf2/0x130 [ 889.827799] ? kmem_cache_free+0x21a/0x290 [ 889.832049] ? putname+0xf7/0x130 [ 889.835528] ? do_sys_open+0x3ac/0x700 [ 889.839427] ? security_file_ioctl+0x94/0xc0 [ 889.843855] ksys_ioctl+0xa9/0xd0 [ 889.847319] __x64_sys_ioctl+0x73/0xb0 [ 889.851224] do_syscall_64+0x1b9/0x820 [ 889.855125] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 889.860505] ? syscall_return_slowpath+0x5e0/0x5e0 [ 889.865451] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 889.870308] ? trace_hardirqs_on_caller+0x310/0x310 [ 889.875338] ? prepare_exit_to_usermode+0x291/0x3b0 [ 889.880368] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 889.885237] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 889.890434] RIP: 0033:0x457387 [ 889.893650] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 02:12:02 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0xfffffffffffffff7, 0x20, 0x1, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = getpgid(0x0) fstat(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) r5 = getegid() setsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000340)={r3, r4, r5}, 0xc) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) 02:12:02 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030002e8"}}}, &(0x7f0000b0c000)) 02:12:03 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x2f9, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:12:03 executing program 0: ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f00000004c0)={0x100, 0x20, 0x2, 0xffffffffffffff9c}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000080)=0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f00000002c0)={0x2, 0x800c, 0x100000000, 0x5, 0x0}, &(0x7f0000000300)=0x10) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000340)=@assoc_value={r3, 0x9}, &(0x7f0000000480)=0x8) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000180)={{{@in=@multicast2, @in6=@local}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000280)=0xe8) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000380)=""/145, &(0x7f0000000440)=0x91) getegid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x3}, 0x48881) ioctl$sock_SIOCINQ(r2, 0x800448d2, &(0x7f0000000140)) [ 889.912556] RSP: 002b:00007fe98cd2fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 889.920283] RAX: ffffffffffffffda RBX: 0000000020000110 RCX: 0000000000457387 [ 889.927563] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 889.934836] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 889.942116] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 889.949393] R13: 0000000000000000 R14: 00000000004d7d28 R15: 0000000000000003 [ 890.028804] EXT4-fs (sda1): re-mounted. Opts: 02:12:03 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f75746500000000000500", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:12:03 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) fdatasync(r2) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) 02:12:03 executing program 1 (fault-call:2 fault-nth:19): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[]) 02:12:03 executing program 0: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x0}) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)="2f67726f75702e73746174003c23fb572a1f0294e6f378b41ad54b4d9d9a1f63f8785ad188a7e1c88875e05b18a4cb3a9cd12dcea440d899c22c652b3a471b4a7fa2f3fdf6e034d804e5f0df4b1dee483b157624c59c0100e89e6a357c000000", 0x2761, 0x0) 02:12:03 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) ioctl$NBD_CLEAR_SOCK(r2, 0xab04) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) 02:12:03 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x1d1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) [ 890.247609] FAULT_INJECTION: forcing a failure. [ 890.247609] name failslab, interval 1, probability 0, space 0, times 0 [ 890.286791] CPU: 1 PID: 1892 Comm: syz-executor1 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 890.295967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 890.305945] Call Trace: [ 890.308551] dump_stack+0x244/0x3ab [ 890.312196] ? dump_stack_print_info.cold.2+0x52/0x52 [ 890.317406] ? is_bpf_text_address+0xd3/0x170 [ 890.321918] should_fail.cold.4+0xa/0x17 [ 890.325990] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 890.331119] ? save_stack+0xa9/0xd0 [ 890.334757] ? save_stack+0x43/0xd0 [ 890.338387] ? kasan_kmalloc+0xc7/0xe0 [ 890.342284] ? kmem_cache_alloc_trace+0x152/0x750 [ 890.347136] ? kobject_uevent_env+0x2f3/0x101e [ 890.351727] ? kobject_uevent+0x1f/0x24 [ 890.355710] ? lo_ioctl+0x1385/0x1d60 [ 890.359522] ? blkdev_ioctl+0x9ac/0x2010 [ 890.363593] ? block_ioctl+0xee/0x130 [ 890.367416] ? do_vfs_ioctl+0x1de/0x1720 [ 890.371493] ? ksys_ioctl+0xa9/0xd0 [ 890.375125] ? __x64_sys_ioctl+0x73/0xb0 [ 890.379200] ? do_syscall_64+0x1b9/0x820 [ 890.383277] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 890.383302] ? fs_reclaim_acquire+0x20/0x20 [ 890.383323] ? lock_downgrade+0x900/0x900 [ 890.393000] ? perf_trace_sched_process_exec+0x860/0x860 [ 890.393013] ? kasan_check_read+0x11/0x20 [ 890.393037] ? do_raw_spin_unlock+0xa7/0x2f0 [ 890.411200] __should_failslab+0x124/0x180 [ 890.411228] should_failslab+0x9/0x14 [ 890.419260] __kmalloc+0x2e0/0x760 [ 890.419285] ? kobject_get_path+0xc2/0x1b0 [ 890.427042] ? kmem_cache_alloc_trace+0x31f/0x750 [ 890.427067] kobject_get_path+0xc2/0x1b0 [ 890.435966] kobject_uevent_env+0x314/0x101e [ 890.439138] IPVS: ftp: loaded support on port[0] = 21 [ 890.440387] kobject_uevent+0x1f/0x24 [ 890.449368] lo_ioctl+0x1385/0x1d60 [ 890.453007] ? lo_rw_aio+0x1ef0/0x1ef0 [ 890.453023] blkdev_ioctl+0x9ac/0x2010 [ 890.453041] ? blkpg_ioctl+0xc10/0xc10 [ 890.464684] ? lock_downgrade+0x900/0x900 [ 890.468838] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 890.473783] ? save_stack+0x43/0xd0 [ 890.477427] ? __kasan_slab_free+0x102/0x150 [ 890.481862] ? __fget+0x4d1/0x740 [ 890.485331] ? ksys_dup3+0x680/0x680 [ 890.489092] block_ioctl+0xee/0x130 [ 890.492737] ? blkdev_fallocate+0x400/0x400 02:12:03 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) syslog(0x6fbde145, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000100)={0x2, 0xfffffffffffffc71, 0xfa00, {0x2}}, 0x20) 02:12:03 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000001c0)={{&(0x7f00000000c0)=""/166, 0xa6}, &(0x7f0000000180), 0x28}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) 02:12:03 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x2ba, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) [ 890.497077] do_vfs_ioctl+0x1de/0x1720 [ 890.500988] ? trace_hardirqs_on+0xbd/0x310 [ 890.505329] ? ioctl_preallocate+0x300/0x300 [ 890.509750] ? __fget_light+0x2e9/0x430 [ 890.513735] ? fget_raw+0x20/0x20 [ 890.517194] ? putname+0xf2/0x130 [ 890.520665] ? kmem_cache_free+0x21a/0x290 [ 890.524908] ? putname+0xf7/0x130 [ 890.524927] ? do_sys_open+0x3ac/0x700 [ 890.524946] ? security_file_ioctl+0x94/0xc0 [ 890.532283] ksys_ioctl+0xa9/0xd0 [ 890.540128] __x64_sys_ioctl+0x73/0xb0 [ 890.544212] do_syscall_64+0x1b9/0x820 [ 890.548120] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 890.553516] ? syscall_return_slowpath+0x5e0/0x5e0 [ 890.558485] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 890.563348] ? trace_hardirqs_on_caller+0x310/0x310 [ 890.568377] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 890.573385] ? prepare_exit_to_usermode+0x291/0x3b0 [ 890.578401] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 890.583257] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 890.588470] RIP: 0033:0x457387 [ 890.591662] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 890.610564] RSP: 002b:00007fe98cd2fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 890.618284] RAX: ffffffffffffffda RBX: 0000000020000110 RCX: 0000000000457387 [ 890.625561] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 890.633093] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 890.640551] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 02:12:03 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030008e8"}}}, &(0x7f0000b0c000)) 02:12:03 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x30e, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:12:03 executing program 0: [ 890.647825] R13: 0000000000000000 R14: 00000000004d7d28 R15: 0000000000000003 [ 890.705766] device bridge_slave_1 left promiscuous mode [ 890.706094] EXT4-fs (sda1): re-mounted. Opts: [ 890.711307] bridge0: port 2(bridge_slave_1) entered disabled state [ 890.784714] device bridge_slave_0 left promiscuous mode [ 890.795469] bridge0: port 1(bridge_slave_0) entered disabled state [ 890.854696] team0 (unregistering): Port device team_slave_1 removed [ 890.863830] team0 (unregistering): Port device team_slave_0 removed [ 890.872099] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 890.905306] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 890.954119] bond0 (unregistering): Released all slaves [ 891.478135] bridge0: port 1(bridge_slave_0) entered blocking state [ 891.484883] bridge0: port 1(bridge_slave_0) entered disabled state [ 891.492038] device bridge_slave_0 entered promiscuous mode [ 891.543794] bridge0: port 2(bridge_slave_1) entered blocking state [ 891.550173] bridge0: port 2(bridge_slave_1) entered disabled state [ 891.557255] device bridge_slave_1 entered promiscuous mode [ 891.579374] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 891.613996] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 891.683608] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 891.711255] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 891.813047] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 891.820803] team0: Port device team_slave_0 added [ 891.841202] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 891.848547] team0: Port device team_slave_1 added [ 891.870630] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 891.893524] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 891.917782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 891.940652] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 892.147076] bridge0: port 2(bridge_slave_1) entered blocking state [ 892.153456] bridge0: port 2(bridge_slave_1) entered forwarding state [ 892.160010] bridge0: port 1(bridge_slave_0) entered blocking state [ 892.166381] bridge0: port 1(bridge_slave_0) entered forwarding state [ 892.173489] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 892.877333] 8021q: adding VLAN 0 to HW filter on device bond0 [ 892.947698] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 893.016476] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 893.022803] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 893.029871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 893.037432] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 893.109579] 8021q: adding VLAN 0 to HW filter on device team0 02:12:06 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f75746500000000000100", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:12:06 executing program 0: 02:12:06 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r1 = syz_open_dev$dmmidi(&(0x7f00000003c0)='/dev/dmmidi#\x00', 0x7, 0x4000) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000640)={0x0, @in6={{0xa, 0x4e22, 0xfffffffffffffff8, @mcast1, 0x4}}, 0x2, 0xffffffff}, &(0x7f0000000400)=0x90) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000700)={r2, 0x5}, 0x8) r3 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r3, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) linkat(r3, &(0x7f0000001980)='./file0\x00', r3, &(0x7f0000002a40)='./file0\x00', 0x1400) setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000740)=0xfffffffffffffff7, 0x4) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000080)={0x2, 0x1a}, 0x20) getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r3, 0x84, 0x7, &(0x7f0000000340), &(0x7f0000000380)=0x4) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000300)='IPVS\x00') sendmsg$IPVS_CMD_GET_INFO(r3, &(0x7f0000000480)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB="cc000000994c879c55b650e97a040499f3e2d73696dfcec2478f00bf155bff2f1d91f18621e19c2910bece67e35b6c1d06b8e251b4cd615ef53c0fa9fab39c2345fa34dc6f2a21bc62feb46bbc031ef3ca847a276e97e11a276d0191872f3adc8989d7349feea558531af0d9db332105fea53b620e13456145baaa0df62f600570d0054577ca3cdc663f50d05ee24140781c3906a01349c34408c20426fdd3549f252ab8b286e0c4ac9ec2fa40", @ANYRES16=r4, @ANYBLOB="01002bbd7000fedbdf250f0000003800030008000500000000000800040000100000140002007465616d5f736c6176655f3100000000080003000100000008000300010000000800040000000000180001000c0006006c626c630000000008000500000000006000030008000500ac141415140002007663616e3000000000000000000000001400020062707130000000000000000000000000080001000000000008000100010000001400020062726964676530000000000000000000080007004e200000"], 0xcc}, 0x1, 0x0, 0x0, 0x4080}, 0x40000) connect(r1, &(0x7f0000000780)=@nl=@unspec, 0x80) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000800)={'vcan0\x00', 0x0}) sendmsg$xdp(r3, &(0x7f0000002a00)={&(0x7f0000000840)={0x2c, 0x1, r5, 0x2b}, 0x10, &(0x7f00000029c0)=[{&(0x7f0000000880)="6d48c592f11fee355ad83f0347c0bc1626d0dcfb9fadb279da7b82082c9f09e74c221f17b0c94351c267a19ec9e16a4ab62d6cd72e91e54f5dd1c33fbc5c192bb7c1f158905dc1ed74fef10394c6c9a5887cc8169c8e01403bc92e1a29f8b025233aba1e1df65b6ffa7af868aa4e70f7a0ec5a462c16d5e2850c3e6749852add7437f805f01988dcb6e69d71b2aa75493708157db34b0312b0f3ff3bd8ee686aed4c62c32f7c57972f1c7a2e77689b2abb787d6d262f267630fb3d3618f5724bd4132592c849b65b4dc41b26a7eb0e5635cb", 0xd2}, {&(0x7f0000000980)="fafd2cc7d626f93db6e4020888237cf6c2a591976c7eed20b7bb3cf0e293c5c72379d4857a9f3f878745067e6b713925dbec34286692f657510c2994b4d7c652067aed64786a318a69a1593f36ffaa6383081f97e034645ae06c6b46415f2fc0aa7ce0740862d67b380b8c07182b2142ea95044327553d672bf3fa46df2ef2e9188dfbc9fe87c83733b46efedc97b9ef78c12246396e697d370cf68668f5642b1426bb756a4bfdae2119acd3062cab168bf8d7626257585ba78074a1b83fbb0a17175b31560bc82a6430550ee3a7d778f48694e6592cb558e066d4d1accf3d9aeb65e77d4745e25043c674e7c54d8bd280998faa6633b660a4f3dec176c473221a5cf169259231c13adf1a715db2022452c2987384ac50149b7d7c8ff56536816307be89d17d04cab133989f83e7731433cb7da8e988dd83bc4b7b62009285cd51be39e70cc3b968f10bdc9eb8331a9c8c630cb22b75b477e8ba642a59fa74e12877238e15b73bf3a9ce3bf9be5f67462bdd619e8b974fcffa1a2147f1548c09727908b46149106ac1fd61420c712012d74ee7d40902cf89f44ada3fdad73666a2f19b9ec8429b09861f5819a680a52e6e65e923160914df186bcfda40de5a3cfcda55a825a114b474d238359311d018cb048b5a23599f8ef30ab9d1d7fa44657934c15e147355ae0906890f8ccaec34f55b5f6275b0ef31c03b6761410b7aa1a7631e9be8cd7c3b8a826715ba7cb58cabf713d7069744db3683172286db664d2765738b73bf843f7d066ac8f2b895b3d8fa36db0300f46c66dcef111df00ea33aaafb79e61fa1d2f507208f87925bcf83ac0bfd03336ba4774741a7934d75159ab82be3d925b36a5beac2ec4ed5f13686b90e900d03d8f3afe5bf1d8c83278bbfff63db3dca1fd71400988db82b7967f6a7a16e4757a06176eb92161ad2c4268dc5b2603e3a8c392b4e8a113e853ab96fc2897bd22c9c7c75f2659978d5414fab4edaf185ec844ceba572e706612145d2001d7dfe62093fa86f19176486fbe8a5c6ce8ae2ec91d3426108956991eabc269b7afbcd7ef18dba008cf204f1f6015bb1d0c9ad735e104b6d0f6e8eec2205997fc581f3412923bcff2320547586cca4072869e2cec1a90c8b92faca5d535ad4bb4bccb8281865a552d7179730528118c0777e20e6513833dbc3b45ea8c38e3cc95462ac9c7f46c6d3c99753fbb5752b7516309034f4a58491b89e5a9571c8d7332caf8f293a4ee8d77ab8528457543d4442e00d11ce89274885430400975a573da84c641a4edb239062991f3ef8cb252f8fae3201c0926d52894a49346f508a9978ded6f2b275f38f78e30bb266633193509e330e20454bb1eb23f9e01b6c2d0ced6589d5bc7e670dec643c926b94bedab57fc60ecccb3d09b125898498d3368d9bd78cb175851d1da0e36da0f78daec23a433d688777ac12193373aa1f656744d4e7d2c252767c1a484f4ce9291edfef28ea2307f69df6f435b631248e51d130614bc2825cb4b3c55d69f50ec3cd8f961a60400dd6216b2e6164e1846448dc7722ed2e101712749a3c05bfd84a6bf25b653c3029d80ac82de983130987606c3f4d1cc7d4102b299bb43f7ac1e3982d4abe9f6f1469b75453a06c70e7372f4e742046e0027e34661659a23412a3d20552b68e6c06ed43e3431fea2b7b0d7b77302d92e19da537d9affa1d98be4a0908b57c5103895d0d5fb67bc6b8fde8ec1c3f235da20b01d02b0ace77a7206cdb6c91e82b30a8acd07eff9aa58fb6fa623b6049fcd7677043b6cf1fccf84dab2699e9eed91219eaa0d3a72ede69a85a674f373d0d6fd9e4fd6a12ab9209b4f9cab4413559d4570e3d1cef024fb16e2efb1efc6d264d2c469e0d100b993c2d0d34189fba433753559f16bc5ac7fadfcbe9690a91e7de319b9121f8216655d785bff9ad41d0618c21627f8309caf2e1dde3eab7dc587d594d940aec4e3df999d52c6795a82feb897e1cb6bb967f9cce1bb754791776c7877a0e0a2c6a379dc36850f0c6f2402c323ab10f2acab74bf7a1e09c59b5632bec4db317acda73e5e0f139f08d61bdc7d54329c9924e55b20987213c34650c7b3dd745e5d96ece4b0f5126315f1f306e70952918b14dd3783e7bc31814dd4d457e84d061e199b9e487811f91cb0e7bfd97f9de95401a6901679d35bf11c7c4cbc58edd2f4c8a3a91cf0b8bfa9fd6711b901f30ae5535a473252127d7a1a6be2e90d5754a09533ee21d02edd6d37b33351af783a8be35951ed50043c2b37746f5acd972bcb6a0c867f26c7aaba34dce5065a948a33b2b9410753ded03cd951492b3039d7dc8d356b31b00bdd312a2005f74f744893fa2806287eba65cc9e06bb2483d32e114258b8d609baa4e6fd957849ea9e63d6b904bbc010b45c713b320514344af4c4c2f8a909562933b0196e58d04f715e1002fee7c6d415e783eaa2992d7006cc57ed2c81695a2b46cfbd4d521e4f52c988646deb5833f9f9b52a50032eca5fb3f715481e61b118016cfa24a5433c2671381cbc435f203f850bf5def18a3cfd38d905db2274b70a6eb3c62cb4d29d3ed93ab1343377abc27ca1efd787c1d614b3a7dcddcc4df008db8bfccd767db615475e4afe2f4dc7f3e4d1fd0529aa55dad53c78b2de3c9fb992db08c8a60df4cac1aeb950970c15abcb1e9b0bca83563135a4fcd35480a3ff12e3927696ba1f11f8d801784c4e2171fb94039f02ca512045495d8dfad70bb0346160c17bf07e754ee3cdb206b584a04b4df56b789202fcade5fd2e52342c004f309e415ac72a6c4325516216c6d794d4b185a143fda9901012f3e28875299a8f3216e95b210f3b7285bfd6f96314df72e83729b5c9cf3ff5802bee3a11ed330668d93d1326d9eb5260a299f7987fcadd9cc32ce37a1e6d913eef4b0a5262cf486b27d24c55bcd9966dbe50fbcaf6caddb5149dd09256eb8c701795e5389a1ee86ea4e6ce912477afc8851451b40a319a2960d1255ebabc2350f9e936a76fc11095b9aceea9484f3ee6d308c9580ffbbaaf474584feebd7cf9a42526d87b4c555c885acc4dc865126890f4405a6a311693d4f856fa40173b28e0bff9a1c6cfedf335746e0a2429bac38a2af6b5adb37db7be5d01c4987aa40a8f044213d8d2f5a801aea71d3268d3050af3e25b602fc4d2881d76c8af10248c06abca3d6c2a4d5fee18b988361e2240a4afa0b072f9f572d38c20def043d5cc4ee68bcf31dc9c6607dbf73a0682316be94e7ae5ac639b431aaee415761dea015594b935db1b37ae6fb1bfd22eb6c8d943dd711ee684a53231db0ffbc6c8921738a3fba55e63d9a9af266bc2ff51063e0ee02ee193293c402ceb81598e0d86eb500a37612cc0b9e945e161451753bf4300d3d3866d6f4dd0674bb372b96711834b1f58d70627eaf80dc0c28122dc51270ce85da095a317735901d7eaaf14a08f356cb9205af8ead660ac5f315b948d20d7c3b4d621051c0dc3870f1468d27c824eb80dc0b047e02e4449bde11045948fa09875046d9484df59be57dc8146c222d33f3ced9a525dfdf9f28818b9cf9da4a48a70ac548ce48e99de455f9a3b73b719845c106b76400b7eeb4b27c6443112a86e51e41936917bbcbf64176ad060903ecf72bca5b156a4272f5a56bc3b504017770127af2867500883f19a6b30b8f7176c64c3b78f77c6a0c78e20ef7ef0ed15a73a2df355925c1b4b8207b6ffaa09fcf1824cb5c38fc9d3fd1deff743349115f083bf5dd999861b1318022cf167ae38b178fab261f5ff4e8b110f3f52cdec685bdc0744b4023b41ebc9e7f0dba353a16a3be641832a02c2c5eae931291028e07b88f9c4749a81e372014bdd1dca9cbf6b2d2ad2320f78a89271a3985bc0e9b3da4d8ebf6bf2d5a29d98ab9f8d3e38b5c771f050c2f00d3a260c1f4193ae52161499a61fb1e532f64fecc92ff5f77d639e2c367b427f190207e86a8955fefde210390ac4e92dfe6980afe4a16a4fc117eb8229b60fdf932a64dd977f3dd66a83202ad2ec6a83dfc29ef70a67e0c856ece2b46e52fc885568c20b28b98e715ca7b81cd7bdac014b53c0a57f63c54a3ed4a0766b098fbb993812868889e76b945777d62fb05007a977b813940ce2448926cf255fdb95880838dbe646b9f5caab8ba9d05f7e579327db5d87d7d7d26a059064013a6b1d5db261adaec839f71ab133cf4cce0f7ec456ed431f78f7b814613318dcb4b97e5de06244b8199f9c61cb7093f19a991f0276c45b042b0baade0c090cb253b6aa630096651fbb88f0b44a21126707946835490e1210bb33e223e4bfd035f49f098845de5581475ebd16cf4017744e3c985043a1121c503c05d74db5f0d0e952a51772472662c02936faef598cefefbe3bee395181405edd425faaaabf0dc5254a677dd14ab6b1d904846ce15c8e09fa368a2133ae21a6632c458ae004c9884efdb880369fe86bc495d8f3ad26848fa29a0b78589c29f059ea78a963c9347ce006f52fd8d20fcfd05c235c0127f6d48842e5908c2976517671ece217f06d87eef51e33ee6a7e7756c8c07facca91f48ffd7a78fde4b464c7e40017a3b61c02929e4798540b3316bc2b492a52b7d73a8d520479f37a47e50a064a997de88da3fc8f1f5102d56a447dd8974767e513f607b8e5a5eb5f4d0f972b4455b55cf8a98bbe6af80ff8fb42e4440a036047c9f969398a6cb8e0a15e652859d63a6e4247804b11f8d513b6b5acfdef8a28037f9055447bba0fe0d2014d686fafb6cb7d40b2ae48295f5ea182f18c9576be43662c770b7d5eccbe14e6a7d182e80a0e93094c79508d291c18aafb6229289b1a0f8e727cfc2101e6838ad61356efde2f503b9e822d35dc3633a92d3055fbca8e9c20e664e6b7cdd0dd76af98b20f3eb69549d111984e5397512fdfe7ce949b34c72a34ef4171f494e9e23da107942022369a844b97b28b836d3e4b3278588e7ae5cd539948bf51679f3ff900b570f97716b3cf165b3c55dac100dad5b1d6424d480bfb8fb6fbae8aad4116e7de27ab69207f13656a475299288606b1dd7825022b07274f15573c2e71f3faf9a63e1c3cfb8277c61aecb070f940fac6f4c9692c08db6783c2d553da3ec1608b09f997da56353ab944111f2e9c5af202b290c21ed212a8e7f8573b7019d56414715446f3380536ff515bb34d0572a4bea1c3007f5ccfa29cbcf19f466d55b0d2b0df186c03613389ee434863a7adc0d003b07ccd1f0e778dbc7fb71d9411eb8ddbffbbd853c26a4ee1b7028482b77a3404946cccbf907f5b32ccfc743db55c2572af9864bd1627ed6f7811dc00ae781594b4baa5b2d93590c3f04eb574c728c4dcdc22c2f7c5d449c820926036709c1c5db697ef4c9ff5b4a7e765cc2b3871c7b8c9c6afd4360119c3a5652d010309d6678bf23c5eb07d8ddd682c07fef06a07c8812e4204bea66fe869626f452d1f4423f8f5f47689d57b400d67f8560446455f71b2f7d0056a86d4c4abbe1ebc9af7d271dfabd05eed205f30706c3d3386375868ecbac85ed012e0084f37b3fe196f18d19b10eda13fc16b093c55ac6b9bfe94dc3142c6dc1bb394920456fc19529f5dd8e297fc59a6af43fd241b65f5152f80ba7cfa0ed1bdc0b61bde58a0869d80049a422205cacde7acae75176b2a89fc1d0fa2ffd60b09d0e95ce8141f3818864d0dc9a7f32f92240f715f9567d6c1cf0572e40ae1505b63c5a026825ea1f87dbfa66abfe3de2aba0096f16fd6e6084f2c9c6c2d381db08e02", 0x1000}, {&(0x7f0000001980)}, {&(0x7f00000019c0)="405b53fd8eda0926428bb8394f103fa5106a87ae28d7e2fb154069ec99454a23e36056fc130f5857ee2f39d002af3e2ed4b41d700ba745a031b796e728f830daf81ba2befa03cb942182834e590034a4781f7edaff2ae4c45868b2ca99f344e464af7e6a18c2f0aee5691c37c12aadf7c0ad340d9792646759ae1c7a3695a73290c8fe083a1e2d5fdd89e86c43175ca45c99f4b239cc3713eac0632bc07558f8c8c043d94f0cb6b9b517f18cf72d059b0ed54b8e7a283bc91e4360fc7b8a0fe82ac01e8efecf79a8c6c289a3556ad00bc865667acd0926b8806757d4064227a7c57f8140031958dd17e27dbdba934a2fd37c7b7ebd814e2c0c71031a7426511a0ce398682cbdb879e25afe6fbd6c583192eff3b8bba402f696ba9c953afe885439c5252d60020c72bf058f1e60616e0effbf8219f3d9e3a1200fc19906724c5b8b8b4c0cbdaa9cfa47181d6213606af792c1e252933105e558c7e8b1505d090a0b0311bb38afa872a1c194b9c8895d4cace6dec06fd6685f964ecc8b7dee49f11bb9a328842168e0a8671514d03bdcec92017af6d93f89b434a135a68affb15377cd789f8398ba57721a31cf69f3fc8f5030acfea1adddc899be66293ff64774b3df715b7b1b67fd352880b5a8e7260d7d07f16155dbeb2c3d58c6df9f6fbc7069a047fd7626afd5fc7d8c723afc58572880fc7c4ed4d6189433c1d55e4131cb336dbf9e83874e36d9bae71a869eaf4e381c86973f38c789623f42138ef684de7fa0b89babea362605071931fc10bf5759acaa300eb15e6f385f2b117d0159eccda52942fcd2049ea2b6003070ec7a9b8727f77945da5a2bfc4198d55e1f80aa52e6bf702c9d574871100138c18f021a7593b13a921babbdb20bad2eff12ac41ad03e2f1d0c82e568ed01fce3bbc1d1ea63829aed0cac299983e4f3e0d0115d50834c075f9a4d4ab36b7f08fa6bfa32a72f6a878ca685c13c024e5cac3aed8613fcf9bc5c0915bc232b5f62854edee0722e8ed09ede083c1ab52a2b64b4f19b6d57c0f2b7f823bc8b625c50af7fb1418095e5381caae3a999660a94ce893f420176b594b88058e8c2f86c0b90363dc40a07efc3ac6bf516d7a39b663a49587da0e56ab8567b8e08d4bece2987d5e024d43e51a85a5d2a3b68e5ddb207424b885d7dbedad49668f7652b51de5a5c8312d694924e6c34afe1010a5d17557c207877f1f902437fe543d85fbb05541b6511399469f7b142e94ed030da53b364ae43ce09ac0123c9f8d6ac241290d8f6e20ab00301cd6cbb4694e66506a25418717a8a9f245e6596dc409b2b6a0639e78f8a796ea8654a7ff8a2c721e6840ecb0c9af2e84b1e12773dafed454dead5421fa84471d8f0b9b29f1f211fe4173179edf09c1c511722b55c02c29c06773f1273cabb75073e96b09376f6aeccc5009a84f8ce681fed6198506acb4c7301340e5234551c469fbf965cd274b96af00af4ad7901f12d977562ebc8795faef5f4acaa204e100b7006052e51de611cb82083acf6bed8be391ab54a89f341acf161dcc7be005d4573c82207e23a9138b7b26d793649b29e7a76e1281d8caf7c0571306113fa405b7d05cfe87b77dc80f3f4cc694d0b451e24a654a5599f41d3fa24bf6a13de88acbcec39a0fc6c9ed53a70fe95aee512a7218a8cf520b056681db12bc239fd0a16c8bc1b498c14a4a8bfe831f224b8d565ab3f1fe47fb3d73572ad0efcb3f42e0be44fcd2308d098282dec00062a7872a0f60d3ca8080c230cd7c2f34bc8542eb74e13dedef596b78fe747506fc45df78c66c8d3fb46e275a7b730fadd3c1828ff9c83e7599c6d19992f3c118466214ed892a8d552800dc41be03ed9d52fa790d1bc757daf067d938b13baf64807881f12b37839b1a9c43ac1bc27d1c53d8c9400cae3fe6ee3effde67b8a912ed934c5f20e04111acaea96acc8ede021734e39763ae67c07ffb12815b64ed9ae11f954f8b1e893c8cd2a360618d9e4e13d7b6ced7871d0801e3f7d03db3c6037b7919d53814355210627ce7d3f96f4116c33875103563a7e062b0d7dbd89d1943a2bf60c6a48a16f21dbdfba0cdb4d432bc912dd16fe285ec4a08e3ae8d74b42babda03f2fbe48a3df3ce3390124ce0ac63d7a401db143c19e6d12c560e0346dc667888d2ce4e02f6a10f0bdc9dec6dae933066cc6d6c186c268d8f9b6824d85c01463470213b19746e1bb047e614bc9d8e80a4f925537f473aff1db4d5a1cca713c08a80461d1806192840aca363ec0f38c8f4da9740bb0b85890ffc256bcca93a5ac71725334692a3062ff1a89dcc573f57b55a19460f38f744596a7cd9b6933746bc0fbadc244715f501e1a62f8f9fc21f4c50eb716e5a73e46fe269c76db90162996083dcc6a836fec7e65a8041e4814d7112bb34b476ba760762fad003a5b2ed201d7f48e47faa5a702fefdfae58e8a8763122a311cd6fe6cc3aec9349a5e60e747837b9371fe1674885fa8316f11436a5d1b695f35006e122daa0fca6cffd8d4abdaaab67481f4d520868ca26e6ad08e4149382e7c341eb9a0a5fbc0fb83cea8b19be6cb313a99ae4b96b57ef189ee104796df46ca67df09e8e07e7766425b89004cdf0d3ff0a6acc9ae3095e52eaff346cbd330c71719227b521aa6031efb18e6167d6f42932e004830bd23f8e2cc95490569bcd0c643d9823b2c0e42f6c2de1e0e76e6e0f1538035c58192cb00c4462846694cc8b214da73d900ab00821b34b84d4878c0b9d1f003160861b4583426f47a069ca05a814667f906c6ed530e06d5153cce1622025439641fde737884950ce843fc7df922cb5d51c8ac0ceee373395ba5f2fe470d0475ad93ba7205bb5e5fc9540bb1b16b1a4fb4bfeff8f0bea6fba0709a655cceeb41c4ae1126a07739e8020518bc9f9f6292aa5810ec9a50ece889ea97404803c8c67bf34efcc4a69bcfafb4458fd1c8c48712e1f829bf2a1d4005df7316075b181b0dae893d93cc9b96b190909bad037c0db9d2ae6c4ca72d102bbbf29ad817d6ec5a28e58f461567dfccd80421bb6c27b6da7e42e40d5613a75cc700f3b2714847f376f5e72af1126073366b6a90e33edd9fe24c1407097c5a8a27f9ae5b461f94aa07c1ae9d0158de2c48f921194ad1b269d2d30559f4b5a947be6fc6e0bd8060e1d5cc4ad2ce63a87986304d9a7798fbf6ff7901f7e45580aaaa887dcd5930e5b05ac2a83ee3b881f0729baa2c9dfb2b12246f5a983f41668d85ce8f119de98ff7c8de280dd7cfc2aefbb7f61cbd450afec4d87c55727901dc805d136246926180a54daf6711c3ff02bb077e4eb4d7679fb09d9d6dbbfe1f4b333643964641143f5441196d298738a9650483841988c21ac81b791668686631780522807233f29a5c41094ccaf866485a2836a991c88ce81b24795deec703c688093ebb59a7ce7c497fccd22dadaa76a39168d2cc5a38c66aed3832b3f16f3f70766c013dbcdd0e35c76ab3fa50382dbaef10c78dc171bf400ae0a9a5f77f5b9b8b9c5f1993026f8dcbc5c1ff3dcb03048f260aba4fbb9cf018b31db0ec622f606721a11abd6e7d99ba89c63e0cabf9f7734a82a7cd09e66b5b44b3639bf5da6933457c2c91113383d8c78ebf23cb6d1a3619106805d286cea6213614bce4ff6d01d9f860e6a91acd485100fa8f6145d8fe46363d93f43a2cb23c92ea5b2f9505b94e7b433a750b4a329348cc0bb77346f4e7beb09605d41f5d41c8041527a933ca61526f6b4d603bfebbf040406a6b5a24a4b1f304ee5abb48db6a29b37250efaa704a726834802717e92ff9be66c81c17eaf78fe0caa074732ef6ff6da389e9b998c3fad767d74fa870f4ce4ab2ffd01c237f8d4b66bfbca21411e10a7bf42055c728ae6a1b9aa4df41060185b4475fbd46f886d06d70b271d91bd5969a82140841a75302432282d743b420216fa89acb0814dfe84d40c9adc183329896c3f3a5ce90a24c6711b809e8560c41c83ec39a4c905ddf0af4068932cc44587b89cce126d690c8e7b8531988ff99cd366b2fbaac51916ced9883cf3035568b3a0bde46cbaf7713544efcc4e1104b7c5b9220afe5dc767e5c996a94cad29a22994d31d6068598309dcea2376b2997d6b4136129d72e976a5a1238a8543e79422ceac87d86eb54549583985aaffd2e18c63d585de93511e9f7f51dc485952e08f9a9fe5fbe2148a4101ee18de0587e3807089e7d3db24cbcf23fe2c8bee95d248c2b05029c95a37fe5c2f0c5eeef0a5752d62c570f68e12b4236bf2e2d3fcd054c4c509e789090455cb6f07f43f6b9800d3e237cdb0e019bc8ae0fbb19f7a58f50e02ef6dc35d1acf683183461bbe37ac641b3046d4c5213fba71ca8a38e4d8b9d53ca5ff96633504e88cfcc5b220a0f6b7018f2fbd1164c65e7c1062739ec0bfc96d2515bb70effda77530d957e420285217f18d9736c8109bfaa418854bc4146b4c5762c027d97a1d072222389f6658fb3834ae67e8b7ac76c74d37d7fe67cc621253b2248053085176a89a94ecdda97f5e91eb3c48f488ec245d4fd9a585dbdcbf696d93c6f96e54227b10d41a0d57c30aed60e6eb75e782f6c3355f46d95e13ac2ffcfad1d9a1d2e2eaeb8ff39b79fe65fb9b48faa81da911bcc2008928ca84270aca171c125bb795ea84e16ee33cd58543b8608715ae5c12a1f7643645d09f6f7cc40d5e56963184680afd832688f30fc42765981485ca3252c5652b66f7ee6a77a3d0bb66daea0865daea503f1c2fd1101587046a0d0f10aa8d820c894917f885aaa4ee3597ee8cf14ca575b4ba48761da763baf5c40a4251490d816d8c678c74db97bbfd392b1c982a7949674701a5f121679e1788ba869a4fe77e261ff5c94aa11774763231a75fdc3173d1ce7f5ebc18cb3a4f2d918e6aacf0fc9f7d6664ca4be3ad7e3978b9726e53906a3efee7bdc735fbabc304fe6f283a7644a22be06b55b96af551d2a66c75cfdcb21b94264aa1e571777ac55d672ed223166925863e6a508e4401562fbcbc95e1158c9f09069d1c35bc92ac93dd44d6c2fe7edcba8126cdeac8179d75f0a77e47b6b55a864357e8d82d79955d0f579fd0cce83943398e819d9670b5d69140b50aa09359b4db6d32e3708a46dcea39d7bba504e238b8991f8b59357c1704eaf91b0c5d2b4fc6368abeabc078e93d90c6fd6bc2bd38e3e1047d8a5df58e886d07442dd2a898d349a0b9fbb8abf6a6d10e51033d84a7a587859da30015b74b4c6f8774de2085f808b37c3ad5af410ad37af1339b3ba5747889bb38f6a2c267c2901124f29558f26282abbd19331dd1f7b917a4d68b55497eef0e75c9ca2720a7c7a1cf40db608fd23d71166b191fdd447337a9142ee7d86e223979c8f06ef8fc1aafcc96c8b6717ab345163025b37e95611abdf14b0977996315a310b427a4b25fe41ac289c91b681142d24b0e61ab4fed58a5ca628a823d28c17a005c80499f4b3b4acb4e34df818929ba3f81729991c9ddd524ba637ef28a443e281f3060cca7baf87b8925f11821353ab6471e0e69203eecaccda713d394e154dc44e1f43b14ed865fd1815f497a1903558f4753ee986e3c1c3d1f3ba3050794e5c011d091224e6e330e94bc2c8befabb310bf45ce58f9d18cd6a52f9df6e9142861a08daf482fac7b11594dd7337e7f4238f40c7443fe9e8c7e0a338a1d80e5e935cc474a41215fa67b7c77b11c0796304f65760725eec0c4092501a646b4a3471278fc0eb845052973eb00a4a871660b565b1ae9f8ba", 0x1000}], 0x4, 0x0, 0x0, 0x4800}, 0x400d0) ioctl$EVIOCREVOKE(r3, 0x40044591, &(0x7f00000000c0)=0x2) ioctl$KVM_SET_FPU(r3, 0x41a0ae8d, &(0x7f0000000100)={[], 0xfffffffffffffffa, 0x3, 0x8, 0x0, 0x8, 0x3000, 0x1000, [], 0x5}) 02:12:06 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x1c7, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:12:06 executing program 1 (fault-call:2 fault-nth:20): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[]) 02:12:06 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030006e8"}}}, &(0x7f0000b0c000)) [ 893.553242] FAULT_INJECTION: forcing a failure. [ 893.553242] name failslab, interval 1, probability 0, space 0, times 0 [ 893.585319] CPU: 1 PID: 2225 Comm: syz-executor1 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 893.593755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 893.603116] Call Trace: [ 893.605731] dump_stack+0x244/0x3ab [ 893.609384] ? dump_stack_print_info.cold.2+0x52/0x52 [ 893.609419] should_fail.cold.4+0xa/0x17 [ 893.618671] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 893.623795] ? __save_stack_trace+0x8d/0xf0 [ 893.628153] ? save_stack+0xa9/0xd0 [ 893.631784] ? save_stack+0x43/0xd0 [ 893.635414] ? kasan_kmalloc+0xc7/0xe0 [ 893.639318] ? kasan_slab_alloc+0x12/0x20 [ 893.643484] ? kmem_cache_alloc_node+0x144/0x730 [ 893.648255] ? __alloc_skb+0x114/0x770 [ 893.652158] ? alloc_uevent_skb+0x84/0x1da [ 893.656396] ? kobject_uevent_env+0xa52/0x101e [ 893.660988] ? kobject_uevent+0x1f/0x24 [ 893.664967] ? lo_ioctl+0x1385/0x1d60 [ 893.668795] ? blkdev_ioctl+0x9ac/0x2010 [ 893.672885] ? block_ioctl+0xee/0x130 [ 893.676697] ? do_vfs_ioctl+0x1de/0x1720 [ 893.680767] ? __x64_sys_ioctl+0x73/0xb0 [ 893.684839] ? fs_reclaim_acquire+0x20/0x20 [ 893.689172] ? lock_downgrade+0x900/0x900 [ 893.693335] ? perf_trace_sched_process_exec+0x860/0x860 [ 893.698806] ? lock_downgrade+0x900/0x900 02:12:06 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f75746500000300", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:12:06 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f7574650000980100", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:12:06 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r2, 0x810c5701, &(0x7f00000000c0)) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) 02:12:06 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f7574650000feffff0700", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:12:06 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x199, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) [ 893.702971] __should_failslab+0x124/0x180 [ 893.707232] should_failslab+0x9/0x14 [ 893.711052] kmem_cache_alloc_node_trace+0x270/0x740 [ 893.716162] ? kasan_unpoison_shadow+0x35/0x50 [ 893.720756] ? kasan_kmalloc+0xc7/0xe0 [ 893.724666] __kmalloc_node_track_caller+0x3c/0x70 [ 893.729622] __kmalloc_reserve.isra.40+0x41/0xe0 [ 893.734404] __alloc_skb+0x150/0x770 [ 893.738139] ? netdev_alloc_frag+0x1f0/0x1f0 [ 893.742563] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 893.747504] ? pointer+0x990/0x990 02:12:06 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x18, 0xfa00, {0x2, &(0x7f0000000000), 0x0, 0x20000000000000}}, 0x20) 02:12:06 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f7574650000000000000000000400", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) [ 893.751054] ? device_get_devnode+0x2d0/0x2d0 [ 893.755563] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 893.760596] ? netlink_has_listeners+0x2cb/0x4a0 [ 893.765365] ? netlink_tap_init_net+0x3d0/0x3d0 [ 893.770045] alloc_uevent_skb+0x84/0x1da [ 893.774119] kobject_uevent_env+0xa52/0x101e [ 893.778552] kobject_uevent+0x1f/0x24 [ 893.782370] lo_ioctl+0x1385/0x1d60 [ 893.786021] ? lo_rw_aio+0x1ef0/0x1ef0 [ 893.789919] blkdev_ioctl+0x9ac/0x2010 [ 893.793825] ? blkpg_ioctl+0xc10/0xc10 [ 893.797727] ? lock_downgrade+0x900/0x900 [ 893.801900] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 893.806842] ? save_stack+0x43/0xd0 [ 893.810487] ? __kasan_slab_free+0x102/0x150 [ 893.814916] ? __fget+0x4d1/0x740 [ 893.818386] ? ksys_dup3+0x680/0x680 [ 893.822119] block_ioctl+0xee/0x130 [ 893.825756] ? blkdev_fallocate+0x400/0x400 [ 893.830086] do_vfs_ioctl+0x1de/0x1720 [ 893.833983] ? trace_hardirqs_on+0xbd/0x310 [ 893.838322] ? ioctl_preallocate+0x300/0x300 [ 893.842745] ? __fget_light+0x2e9/0x430 [ 893.846749] ? fget_raw+0x20/0x20 [ 893.850230] ? putname+0xf2/0x130 [ 893.853701] ? kmem_cache_free+0x21a/0x290 [ 893.857948] ? putname+0xf7/0x130 [ 893.861419] ? do_sys_open+0x3ac/0x700 [ 893.865332] ? security_file_ioctl+0x94/0xc0 [ 893.869749] ksys_ioctl+0xa9/0xd0 [ 893.873211] __x64_sys_ioctl+0x73/0xb0 [ 893.877120] do_syscall_64+0x1b9/0x820 [ 893.881011] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 893.886369] ? syscall_return_slowpath+0x5e0/0x5e0 [ 893.891287] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 893.896131] ? trace_hardirqs_on_caller+0x310/0x310 [ 893.901134] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 893.906138] ? prepare_exit_to_usermode+0x291/0x3b0 [ 893.911142] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 893.915974] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 893.921147] RIP: 0033:0x457387 [ 893.924344] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 893.943234] RSP: 002b:00007fe98cd2fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 02:12:07 executing program 0: 02:12:07 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f7574650000000000000000019800", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:12:07 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) syz_open_dev$usbmon(&(0x7f0000000140)='/dev/usbmon#\x00', 0x7, 0x2) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) r2 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x8, 0x40) ioctl$TIOCLINUX6(r2, 0x541c, &(0x7f0000000100)={0x6, 0xffffffff}) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r3 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r3, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000080)={0x2, 0x1a}, 0x20) [ 893.950932] RAX: ffffffffffffffda RBX: 0000000020000110 RCX: 0000000000457387 [ 893.958187] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 893.965449] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 893.972711] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 893.979982] R13: 0000000000000000 R14: 00000000004d7d28 R15: 0000000000000003 [ 893.991858] EXT4-fs (sda1): re-mounted. Opts: 02:12:07 executing program 1 (fault-call:2 fault-nth:21): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[]) 02:12:07 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x3d6, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:12:07 executing program 0: 02:12:07 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f75746500000000000007fffffe00", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:12:07 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3, 0x101}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000000c0)={0x2, 0xfffffffffffffff1, 0xfa00, {0x0, &(0x7f0000000000), 0x2, 0x3}}, 0x20) 02:12:07 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a703000de8"}}}, &(0x7f0000b0c000)) 02:12:07 executing program 0: 02:12:07 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f757465000000000000ffffffff00", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:12:07 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x238, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) [ 894.198392] FAULT_INJECTION: forcing a failure. [ 894.198392] name failslab, interval 1, probability 0, space 0, times 0 [ 894.234011] CPU: 0 PID: 2318 Comm: syz-executor1 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 894.242458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 894.251821] Call Trace: [ 894.254434] dump_stack+0x244/0x3ab [ 894.258096] ? dump_stack_print_info.cold.2+0x52/0x52 [ 894.263303] should_fail.cold.4+0xa/0x17 [ 894.267373] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 894.272500] ? save_stack+0xa9/0xd0 [ 894.276140] ? kasan_kmalloc+0xc7/0xe0 [ 894.280041] ? kasan_slab_alloc+0x12/0x20 [ 894.284202] ? kmem_cache_alloc_node+0x144/0x730 [ 894.288975] ? __alloc_skb+0x114/0x770 [ 894.292867] ? alloc_uevent_skb+0x84/0x1da [ 894.297107] ? kobject_uevent_env+0xa52/0x101e [ 894.301698] ? kobject_uevent+0x1f/0x24 [ 894.305712] ? blkdev_ioctl+0x9ac/0x2010 [ 894.309814] ? block_ioctl+0xee/0x130 [ 894.313628] ? do_vfs_ioctl+0x1de/0x1720 [ 894.317697] ? __x64_sys_ioctl+0x73/0xb0 [ 894.321779] ? fs_reclaim_acquire+0x20/0x20 [ 894.326116] ? lock_downgrade+0x900/0x900 [ 894.330276] ? perf_trace_sched_process_exec+0x860/0x860 [ 894.335740] ? lock_downgrade+0x900/0x900 [ 894.339905] __should_failslab+0x124/0x180 [ 894.344153] should_failslab+0x9/0x14 02:12:07 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x10041000000004, &(0x7f0000000640)="153f6234488dd25d766070925df93154c4d923777fdb7e5947c88fa7e1cd04c748fd7bdb5e4d8ec6a2122afe234a4fce7ba7db5645bb8ef26ebcae38faef48dc43ebda06b58568e40571fe4dad926b834215157ebd80364385b8ba09b58da145f9f612543dea5076a2e3496757e0df9704bd2d6ec89ed798b04dd9aca11233f0748dab479e4a5f1c20f35a4e0bc54ca65f5a36f3b993fa551f95394598131ac9941bfedb36b26d59b1543f7e80998836d95b6e564fefcd9b2359b1d7c6eef638c5daede62316da42683f79082195bf1e55b7ae41a2b60528222e4a939360d25cf5708b226ff26b1ba4c6") ioctl$VT_SETMODE(r1, 0x5602, &(0x7f00000000c0)={0x6, 0x7ff, 0x7, 0x9, 0x2}) r2 = fcntl$dupfd(r0, 0x0, r0) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS(r2, 0xc0385720, &(0x7f0000000000)={0x1, {0x0, 0x1c9c380}, 0x1, 0x3}) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000100)={"00ebe041cee7648960e06809cdbe1dabfa1dacc38bedf48400e44ab3acbb8fdbe9caa1e4112287c0bb0ad8a4d02fcc1780f8e362a532c65d46e972adc4cfbe4ab1d4b4a321c91b4fa128682dad56c0cacc8ff76d27c206527526fd50c5edd3904930d1b57ea65a64b1cb568b135faed41ca868c29e51735d01d5355a39d688b3e556a156d0b64e28be25c1b86b83f384cf56ac24f4828c990ba1500b2ac5b251e6ce5ebbf94f0a17b2c59db10b2277f2624543dc765de05010f39c6c47d97ec97cd61224a5f070709bb07eee6e06da44423413c3eb133eb46b58136bbc24affa81f58c0d665ff558dbd7fef9a2b06dc0a409786d78094d90ecfa73186b2d690adf6027a48679a0249f37aaebf317cd94a6ac66f19a1cbe9707e023a1fdd93360aa98a92bcdbf771204e5cd8080f305d1fd49701d6188d4a3c7523b27094737f10640bded88a7d90d11e9318426c0de778fb6fd278e226ec4c10733bf88c83fb984fac3f30029172d83f5b5e7e8e7bff95ba2ebaabd4f53ef738a7465b0633ed777a4ed0bb6be274665957926d51051b4535a8f9203fc1efdc8fb651f7c1a9fb6e674c7fdb093b29c6636b2bf4959f4263150438d7bfaeb335d89b159ae805a05989c1a7ae7c21ce33a5dcbc7a50c672ea0701d4534a4ed1b31f79bb843a79ae72518f3b6cefbf525c5f5103f8c442da834838b5d26f3cd7cce6db1c0a4ed57ba88f75ae335a7e5057511233e2d146b5370365e04416233fcc649c4bd8a246c7a4897161ae7d56e1355e355f4625fededd17adecd7d2193ba2b3d77ad5c1e49a1165c2dbe3e65852363cffe24c2bb2dc68cd42007f0b65dfc8f9b3cbaa27237de626ff8cc0ff2accea52911017ea57439d631bd4fe0f5ae1712cea861a277c3a9c4fd87fccc440f0efa4b2e44947c7bbed05b07933d7d1b6d30d7423df5945a028908fdb15b1f4bc026302812763de46b46dee1eec0b6e527c3638678ad1de93e560205c233d65e9cffb414c4b95d5477ad005fb9cb5b201db86fb8059e2ec04c8442c7edfb83ccac41f3af063c372c6a3ed13ce8385b9500c616003b043e961377923e85ad300b7f426c1fbde31bdfba00ccd3d04115f7f6f8117d6a17acdee82a825a03f4b1d2cfad443833c46569aeaf5c5b022e258ad96b684e1118125a6fe35e88442d727a6e922a36195dcadfedab8ec9a6c88cf5721ed6e769512cc60d27b478a78191dbfc34398730d16f07de8bc86192e8cd8ab4afc8ca0fdbb1061ed2805c8b0e5807b3fde04f2855a849c0f3341be985a1e8d6603673378bcc6e81ff8d498f3a168b2d57615c69fed40be9b987308bd4cae30cc75af0b0dbb5f769650ad1e217d7e4691d794b6e606c1645e142acc31187c5d226731ac527f835cc1b9b0c1677f3a285b232958d15efe213a614d4cbea198095a7a6132c20dced12"}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x18, 0xfa00, {0x8, &(0x7f0000000500)}}, 0x20) 02:12:07 executing program 0: 02:12:07 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f00000000c0)={0x0, 0x861, 0x101, 0x8, 0x7fffffff}) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x6}, 0x1c) sendmmsg(r2, &(0x7f0000000100)=[{{&(0x7f0000001240)=@un=@file={0x0, './file0\x00'}, 0x80, &(0x7f0000000300), 0x0, &(0x7f0000000180)}}, {{0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f00000000c0)=[{0x10, 0x29, 0x5}], 0x10}}], 0x2, 0x0) r3 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r3, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3, 0x0, 0x0, 0x1ff}}, 0xa) bind$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x400, @mcast1, 0x4}, 0x1c) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000080)={0x2, 0x1a}, 0x20) [ 894.347972] kmem_cache_alloc_node_trace+0x270/0x740 [ 894.353077] ? kasan_unpoison_shadow+0x35/0x50 [ 894.357665] ? kasan_kmalloc+0xc7/0xe0 [ 894.361574] __kmalloc_node_track_caller+0x3c/0x70 [ 894.366518] __kmalloc_reserve.isra.40+0x41/0xe0 [ 894.371286] __alloc_skb+0x150/0x770 [ 894.375017] ? netdev_alloc_frag+0x1f0/0x1f0 [ 894.379447] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 894.384388] ? device_get_devnode+0x2d0/0x2d0 [ 894.388887] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 894.393893] ? netlink_has_listeners+0x2cb/0x4a0 [ 894.398650] ? netlink_tap_init_net+0x3d0/0x3d0 [ 894.403347] alloc_uevent_skb+0x84/0x1da [ 894.407395] kobject_uevent_env+0xa52/0x101e [ 894.411790] kobject_uevent+0x1f/0x24 [ 894.415578] lo_ioctl+0x1385/0x1d60 [ 894.419193] ? lo_rw_aio+0x1ef0/0x1ef0 [ 894.423068] blkdev_ioctl+0x9ac/0x2010 [ 894.426959] ? blkpg_ioctl+0xc10/0xc10 [ 894.430835] ? lock_downgrade+0x900/0x900 [ 894.434976] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 894.439908] ? save_stack+0x43/0xd0 [ 894.443538] ? __kasan_slab_free+0x102/0x150 [ 894.447935] ? __fget+0x4d1/0x740 [ 894.451384] ? ksys_dup3+0x680/0x680 [ 894.455090] block_ioctl+0xee/0x130 [ 894.458705] ? blkdev_fallocate+0x400/0x400 [ 894.463019] do_vfs_ioctl+0x1de/0x1720 [ 894.466896] ? trace_hardirqs_on+0xbd/0x310 [ 894.471204] ? ioctl_preallocate+0x300/0x300 [ 894.475620] ? __fget_light+0x2e9/0x430 [ 894.479595] ? fget_raw+0x20/0x20 [ 894.483043] ? putname+0xf2/0x130 [ 894.486484] ? kmem_cache_free+0x21a/0x290 [ 894.490707] ? putname+0xf7/0x130 [ 894.494155] ? do_sys_open+0x3ac/0x700 [ 894.498031] ? security_file_ioctl+0x94/0xc0 [ 894.502429] ksys_ioctl+0xa9/0xd0 [ 894.505880] __x64_sys_ioctl+0x73/0xb0 [ 894.509756] do_syscall_64+0x1b9/0x820 [ 894.513630] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 894.518993] ? syscall_return_slowpath+0x5e0/0x5e0 [ 894.523923] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 894.528759] ? trace_hardirqs_on_caller+0x310/0x310 [ 894.533766] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 894.538771] ? prepare_exit_to_usermode+0x291/0x3b0 [ 894.543774] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 894.548605] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 894.553802] RIP: 0033:0x457387 [ 894.556984] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 894.575889] RSP: 002b:00007fe98cd2fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 894.583582] RAX: ffffffffffffffda RBX: 0000000020000110 RCX: 0000000000457387 [ 894.590837] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 894.598091] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 894.605344] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 894.612597] R13: 0000000000000000 R14: 00000000004d7d28 R15: 0000000000000003 [ 894.631426] EXT4-fs (sda1): re-mounted. Opts: 02:12:07 executing program 1 (fault-call:2 fault-nth:22): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[]) 02:12:07 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x23b, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:12:07 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f75746500000000000600", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:12:07 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x3, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) 02:12:07 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000100)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x0, 0x200005f0, 0x20000620], 0x0, &(0x7f00000000c0), &(0x7f00000005c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000020000000000000000000000000000000000e8ffffffffffffff000000000000000000feffffff00000000000000000000e0ff0000000000000000000000000000000000000000000000000000190000000000feffffff010000000900000000000000000064756d6d7930000001000000000000007465616d5f736c6176655f300000000073797a6b616c6c656230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000004d0225510000000000000e00e700e0000000e0000000180100003830325f33000000000000000000003f6ddf8812affc418fc20000000000000000000000000000000800000000000000000000000000000074696d6500cf070000000000000000000000000000000000000000000000000018000000000000000000002071277bd86e690400000000eeff010000736e61740000000000000000000000000000000000000000000000000000000010000000000000000000000000000000fdff0000"]}, 0x220) 02:12:07 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)={0x86ddffff00000000}) [ 894.738265] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 02:12:07 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00\x00\x00\x00\x00?\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) [ 894.784297] FAULT_INJECTION: forcing a failure. [ 894.784297] name failslab, interval 1, probability 0, space 0, times 0 [ 894.803034] CPU: 1 PID: 2363 Comm: syz-executor1 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 894.811479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 894.820835] Call Trace: [ 894.820861] dump_stack+0x244/0x3ab [ 894.820882] ? dump_stack_print_info.cold.2+0x52/0x52 [ 894.820903] ? lock_downgrade+0x900/0x900 [ 894.820926] should_fail.cold.4+0xa/0x17 [ 894.840533] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 894.845662] ? rcu_softirq_qs+0x20/0x20 [ 894.849646] ? unwind_dump+0x190/0x190 [ 894.853558] ? is_bpf_text_address+0xd3/0x170 [ 894.858079] ? __kernel_text_address+0xd/0x40 [ 894.862590] ? unwind_get_return_address+0x61/0xa0 [ 894.867528] ? __save_stack_trace+0x8d/0xf0 [ 894.871873] ? fs_reclaim_acquire+0x20/0x20 [ 894.876213] ? lock_downgrade+0x900/0x900 [ 894.880384] ? kobject_uevent+0x1f/0x24 [ 894.884374] ? perf_trace_sched_process_exec+0x860/0x860 [ 894.889844] ? do_vfs_ioctl+0x1de/0x1720 [ 894.893916] ? ksys_ioctl+0xa9/0xd0 [ 894.897556] ? __x64_sys_ioctl+0x73/0xb0 [ 894.901628] ? do_syscall_64+0x1b9/0x820 [ 894.905699] ? fs_reclaim_acquire+0x20/0x20 [ 894.910040] __should_failslab+0x124/0x180 [ 894.914286] should_failslab+0x9/0x14 [ 894.918112] kmem_cache_alloc+0x2be/0x730 [ 894.922288] skb_clone+0x1bb/0x500 [ 894.925864] ? skb_split+0x11e0/0x11e0 [ 894.929758] ? __sanitizer_cov_trace_cmp4+0x16/0x20 02:12:07 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)={0x88470000}) 02:12:07 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_SIOCOUTQ(r0, 0x5411, &(0x7f00000000c0)) r1 = socket$inet6(0xa, 0x1000000000042, 0x7f) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000200)='/dev/qat_adf_ctl\x00', 0x200000, 0x0) ioctl$RTC_PLL_SET(r2, 0x40207012, &(0x7f0000000240)={0x101, 0xc5, 0x6, 0x30000, 0x1, 0x400, 0x80000001}) r3 = fcntl$dupfd(r0, 0x406, r1) bind$bt_rfcomm(r3, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) fsetxattr$security_ima(r3, &(0x7f0000000100)='security.ima\x00', &(0x7f0000000140)=@md5={0x1, "6709df79ebd687ee30962fe4090f5e51"}, 0x11, 0x1) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000001c0)={0x2, 0x18, 0xfa00, {0x3, &(0x7f0000000180), 0x0, 0x2}}, 0x20) write$apparmor_current(r3, &(0x7f0000000080)=@profile={'changeprofile ', 'security.ima\x00'}, 0x1b) 02:12:07 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) write$cgroup_int(r0, &(0x7f0000000100), 0xff08) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000280)) write$binfmt_elf64(r0, &(0x7f0000000500)=ANY=[@ANYBLOB="7f454c4600000000000000004737849b9c3c56345aa191a2bf1786000000400000000000000000000040000000000000000000000000000000000000000000380000000000b384000000000000000000000000000000007d23a82cf8090770beec000000000000000000000031b889afce991d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009ddbb503a5da5808a3fd400000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000004595"], 0xf9) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x20001001}) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000000)={0x0, 0x8}) 02:12:07 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x2ee, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:12:07 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) r2 = syz_open_dev$admmidi(&(0x7f0000000080)='/dev/admmidi#\x00', 0x9d17, 0x0) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r2, 0x84, 0x1e, &(0x7f00000000c0)=0x4, 0x4) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r3 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r3, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000100)={0x2, 0xe845fff2d2fbfa79}, 0x20) [ 894.934788] ? netlink_trim+0x1b4/0x380 [ 894.938779] ? netlink_skb_destructor+0x210/0x210 [ 894.943644] netlink_broadcast_filtered+0x110f/0x1680 [ 894.948856] ? __netlink_sendskb+0xd0/0xd0 [ 894.953114] ? pointer+0x990/0x990 [ 894.956674] ? device_get_devnode+0x2d0/0x2d0 [ 894.961196] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 894.966756] ? refcount_inc_not_zero_checked+0x1e5/0x2f0 [ 894.972239] ? refcount_add_not_zero_checked+0x330/0x330 [ 894.977714] ? netlink_has_listeners+0x2cb/0x4a0 [ 894.982491] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 894.987530] netlink_broadcast+0x3a/0x50 [ 894.991611] kobject_uevent_env+0xa83/0x101e [ 894.996039] kobject_uevent+0x1f/0x24 [ 894.999855] lo_ioctl+0x1385/0x1d60 [ 895.003502] ? lo_rw_aio+0x1ef0/0x1ef0 [ 895.007402] blkdev_ioctl+0x9ac/0x2010 [ 895.011341] ? blkpg_ioctl+0xc10/0xc10 [ 895.015249] ? lock_downgrade+0x900/0x900 [ 895.019415] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 895.024382] ? save_stack+0x43/0xd0 [ 895.028018] ? __kasan_slab_free+0x102/0x150 [ 895.032461] ? __fget+0x4d1/0x740 [ 895.035938] ? ksys_dup3+0x680/0x680 [ 895.039675] block_ioctl+0xee/0x130 [ 895.043321] ? blkdev_fallocate+0x400/0x400 [ 895.047660] do_vfs_ioctl+0x1de/0x1720 [ 895.051557] ? trace_hardirqs_on+0xbd/0x310 [ 895.055891] ? ioctl_preallocate+0x300/0x300 [ 895.060310] ? __fget_light+0x2e9/0x430 [ 895.064293] ? fget_raw+0x20/0x20 [ 895.067756] ? putname+0xf2/0x130 [ 895.071229] ? kmem_cache_free+0x21a/0x290 [ 895.075478] ? putname+0xf7/0x130 [ 895.078945] ? do_sys_open+0x3ac/0x700 [ 895.082844] ? security_file_ioctl+0x94/0xc0 [ 895.087269] ksys_ioctl+0xa9/0xd0 [ 895.090736] __x64_sys_ioctl+0x73/0xb0 [ 895.094640] do_syscall_64+0x1b9/0x820 [ 895.098539] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 895.103912] ? syscall_return_slowpath+0x5e0/0x5e0 [ 895.108846] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 895.113699] ? trace_hardirqs_on_caller+0x310/0x310 [ 895.118723] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 895.123753] ? prepare_exit_to_usermode+0x291/0x3b0 [ 895.128782] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 895.133638] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 895.138831] RIP: 0033:0x457387 [ 895.142034] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 895.160944] RSP: 002b:00007fe98cd2fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 895.168691] RAX: ffffffffffffffda RBX: 0000000020000110 RCX: 0000000000457387 [ 895.175966] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 895.183244] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 895.190516] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 895.197791] R13: 0000000000000000 R14: 00000000004d7d28 R15: 0000000000000003 [ 895.218291] EXT4-fs (sda1): re-mounted. Opts: 02:12:08 executing program 1 (fault-call:2 fault-nth:23): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[]) 02:12:08 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_netdev_private(r0, 0x89f2, &(0x7f00000000c0)="2e56ffbf3406719bd25b091c13695f633335cee08e012a02b8a0cfe03d9e564fc880fc0eaa7ad529aaf701743a8a4c4fb63ba5129cb25c478bad1a9255797b5d25d6e42d2f0ad197737ad1547e02f40f981175075905813cef35af7015cfb18ee724832d6688f397cf5fe0668c942354c2bc4e5aa066163bc4d656b73acf046f940e755dd50b6883bf95674739ee177bc082c9dd3a7f2769937c5237a6cba0def9f5d1c0e5d67d768e8b1b8bbe170418cf765b77fe9b20264540a41c48d8c3d11dac10e250adb6c709813659caa7cf7e9ddb59752d775be55cb071ef6d24e9ea18f87a1181c329d012f95a0d032c01d36565a20e8da9a8c914f5ad5092a8586d05dbd717f0df5c842c739dc53830b262e46e1f37416b2867161e8219c17190ed4fa95c5ad67be8f1be9fe44cc4612b1efb2b39c3c859499c40751895bc8edb113d231eb950d26ea08497b64fdaa77b6393453352ee7d027fff7d594a40548ae33f2f4159106864d3010a27a7670b613ed162d3a7e3faf9a500317fa11ec04d82c322eba70593b246d6bea399593b858504d36fe40b13cd0b8e261d32766d9942cdb1008bf638f554f86dd303937d0383bf705531914e5c49c3944553b9a34e9ff737aaa5ea73300c4522d3ae51fee36740324c2a8ae0dea7cd3efec5b455e4e9ca435a0e331ab747585ff31f72939fb229240fd8d8233f9d392206d106528426f611037d0e7f2bd5f9a22e8d9c158b52751ea124ca2c9e5726622cdfc5002174ce00697661325ef8958c5af107aabb9282f0a5eacbd1dacd052718944dea99cf65640f29cd09c1d26d0bcddb70fdd93f2b697a52432fec724b18849e1b27b5a9b9930468586018d5db089a6cb4a0b8bd190e0fcf5b3a6b1d73d1ea6445bd5b2abfce707e22b923a49d02a6b92c6a0f03be6834875a61da3df4f050f913d499ab5ce9019eeedcab4086607a9c356b7d315442b859917774e58aa7dee8d3440beaa8429ebcb984e62ca9a3fad1e8dcf7115c46914a0c01aef4e39cd90e7d566d7775b5902235f3649d3d358537b3cbd1a46b9321948d5a844bc4ab969aeb137299a7fbe4f4af569acd2954aec5e90b6b539c518901192fa570159ebf766560e6a8fe8501f1d281f3a7d85dbcf787947fbe4f277696eebd17baa8077bc816f094d38bfd0127aef4a2edc660351bc14fbdfe3408739dd375d2d5c71a5c6083c96ade1b03806b319fb319e5e9debdcfcd899a17d9ca46d380c72ff35d225cde448e08677568e54b432b29bc581eaec571db5656f89238d86b56631ab6986247087c4d27dc21845ac8015ed5aa3f2ba08e372df08f3bf01bf15cabbee0aabbf1bf4fbd60959cc8c2f54a76efb14f45f43583dd4d7cea82b6b329e75d28451891355fba3347ed96ddbe4884b28636324a03db724ae49a9c3502fef3c35a68fba54c0e9e566c1f17cd82ae7cb997ae2918ef97320afd2c76430c9f5d616fa8676838aa638a47f77474493ceb92e94c107448c727db4bb08bd2b028c1e5d722704c6b7e4901aa35a9b1a605701a9c26ee5cb6a2bdf79ad5da4bed92db10cd313b6e4575b4103786811cfe4acc78f5a8f9760f1be0fdbc284b98d0f7da7b12c9a3bef041579a81502c7831795cbb4e4f290699d710f80c6033b726113151d4ec6b995f4041ba65225f42993ec36fe791085f2047a7b6a22e65b4473a4d775a485a535638f1c0f5f8945034c638b3584c5e5ca97d68cb7064f8032d13bd47da1594024f5f42acbdfa0c3bda57c7e903e27183a1381d2368ce47f8b8fb3c7503804907e3ae385b4c838979e14384533ef69e67237e62e00ec5b08e416838249780826e23da3f74a8bae6fa2a3848015c419043604906a91b910375233e1f876cf7c966e2c03ddd6c6de57e374e65f66a0fd53c1d10e9dc233fc20336f1ca1bb0371102cf4f4ab9dc8f8530e5bbbb30be921b47da98120699389fb1c26f606a376c0d595db81a65feaefbcc8b77d037370950373dae917e10183eea8fec22633716651a9b6c630dfa340e275913d79186f0adba575e75492e03f5d4146e05decc4814d2caff63aa370d60056860203755171728dcf050ca8a3bcb151863ba95d6b52ba3eab2e4dd3356b03c2f57cf156589db06dea5b63a3ef6d278913e717d81662a7900ef5ffa45ed280ffa17d0e6b52f21d83e109ec8973c9e7ad58c0164fefae75eb6e0dff87dd788a6d8b857e973dc74b7f10127bc5e2a7199241195714675d3c5a31b7d4e97b26fc2bea8f1a6be9f41cd42540b217708a3e77d2a11c05f66b5224abb6656fb3a0c45b1b3aa62cada4f0099015948e652d391d0431c2ad826fa53f13d2359fe0dade9edad0149b747e15621849365158a81abf54d5ca75aa856bcb586b03bb4bac9e4efff06be8a25731cbd5964fee3d47ffcb93423a4c3c25ef2300b6eadcfaf1ff41ee0e6fb86c5be24edaafc20d382a530fd43dc3300f9d6086a338bd11bb7b4fd8e751e09e400bcc47bfaaaf03d670dd64d60a9a401d1223b471f601c5c9d386cb655ae590e8ac64ac1a7a50229aaa16f4a488e2a2f108278112fd094c02b8dd2410e405ab15c5691db1eab4f5d75dab6b996ff32ff08dfc41733aee4b66b664cf1ebfb9953b8f874fdc13ee51cdfaa27befa1df42608a6257b7ab057a50081842b027e50b7fdced8a0ad9c741cacc84eadead742e24c4973dbd9750202cc4cfdc91944786b68695b9cf8e73eeb0283d0270c356e4180aec4175e62ffd3fb09b8fa5a44c7b72fe473cc9f63d37a76bd00d6ba1bb7f69c27426c0712408e680564b77564e237df09398b431108e66f60e1637f4b1d68941f1bdc0710fbcece4f31a8cd7b133d513013b6fbb29ce959a143e9b1d9561f4a1a5731de08a5244c8f67e925f23095af8b7a99bc698e1f52714cdabc347aa2235c904a2452dd0f8ab00ad06b7fe44247385e6861fa5bd08c40a636fca3160fdd004044bffcdfa60db1090d89ac65bbdb0ebd69cd6eecda89e4f88a63687d007d31f9645dbb83d345efa53e8ee1d32448e0e4351a424794437b57102c677c4a9f5b84b87fa51a4ca453a10605d44b1e57043a740295d42c7366710f5f8a8bed3e2d0d7619467ef15bc4417818b2f30d834df1192380da0777e386e30b1ba32d6c522e2f33f65f0e86bc6fb3811ce591459dc143c550f89261fad5a7d4a03d083232fb76ae9d101693584d8f65c9026549eb40a0706d26855079447e0475d5bc930de69a67366756b33e9143f06f647b9366d7b195dceb7aa448489b0dcab6f2f4a1bc85086a393e3e46902dc1b8ba4060474a3b46442560b5baad4dac9f80dd184fa292f43215128489cf1c55058817cca27b3beeb03946b4e3ff6ab62eae36de1655ddcae9cb8a12f59a4d39bd7708c6c8f2a0095fe42e75b53aedcdb910e3a6c0f21406ae02732116bd65508719d8a03137a364cf0290265a0c380637d353fe1b1b6e22e64c4093bf585c0bf9de43e6b32bceb4ff635e9c83823c960dd9fcb3a8c96bc97b25db89fb0e89615cd2a1fb44f2dbcca8120cd6d469598ac3ff32dbb9789ab8c853c5df5fc4eeec4c0ca5728dcff45eed89129a647f5ac5d30a83140e029f036f41218f08749fc3cc2c05a006da86fd3bb1dd14b3154b5fa76600a3d5d2dfc3d66a547f08ffbe00f00195fc2d2cff971050a89f20a90f78df204e5f7c23524b4213f4afe6637bc9c0dcd20e2c069e45911c6fb4c87380f5ab25d23223d3594493d585d51bcd245de6c35dc258b0124758081efb5ed05781b45f9a64571317f3e76f6fde7f85a56db2fb581c0529530f617e8fb4c84dba086797f6d8e175f69f44750f41306896e46bf3af61bc85e8dd0fc1d6248b4abbc588f95c74df17898a37d2a94d41c2111d6a3121dc98dde3ae110f6957e00c3af0dda672fc80fd7181e6f4b65f78da6f2ed5e25636162e7a308df4c62c506f2379773a4bd38003e93bdddee4d6dcdd980cb9e08ed105272520dd77b80416eb80ba66f99857cf360e7c5d49379a836696684439ab9d6418982fbc68cc4f55b0d35e3df933c7f8a4da9ca726e401edb00fd87a446a3aa01d94bf71c8636ef36567f09e7c6fdff5c66dd4ace7cfad450b63f05a27b83909d46936300e79cd1eb6daee14d9b8ff7edeb87c809747648c8c910f3cf4c0e2af93595b1947242a8ccd3144ee9014a8bf981d852474031883e4a2bf907f6398541c64a7d88b29f2409b1fc492a1d2c5b79a4fd2a899d3ccbed984783d90c025678021e96f65475e872f90ca2e4dd8e2cfade391b184318014455dc20ab547a33423624083761b116cb0e0a70129e072518450617dcd878684ad7a1d58ba21ffff4eb8e89f3b7a67581874a5e5b594369a71f0a045b900b4129f4cdc8d07f5dc49ab02b68f69200c03ddf1596777146415ffd1608282482b13449c206ae36bc197ec02c726b9c048804776e2e3fe59783c3f20030193576ce29228331ca41d75ba7cc4a9858afb82c2906b0a565acb8e0ce9983fa1848d82cdddb7cbefa9d6e52c7e75c8cc2936680e9b04702f8b543c0601df9c6e0df60b8d0796f120c09f40ae5dddaea19328cb8c04da4de563b1876cae61f87d5e6145c064f90588f0632b75c9e1a8dac695329c165a38d7d7f518387e740958de44c7e42d9c42c6876add0b22bc45104038f9cdce4dc459008e28182bc2a6b693b84c7902944c9ab18b9cf83a62602253f113d13f730217b42e011688d8efbb4888bc296a36ded707922d147d2001b0af10e0c04d902a83ff0476dabb2ce8ab45c998e6730bc73bbead2a938f305f5549ae999a37bd135bb6b7ebc48027dfa60a909d2519542fc271cf5e9f625ffe7bba976d57624d8f2db5fbecabc8f921f2bd247fe958f8af4302f72fa6a51955a86dd3e332a03bf5c42371ce89071b1defb02a23181d747fb599c5f4599ac15164d27bea71f4f7356e90a095061c328a9671416dd7eff534759e9dba5cd6e49106f62c80fb9a530ddf40efe2092d45623f222b21be2e25972d97baa4ab92da8e507d08d09415728ad3da2f297529a8e1b91359bcdd6f8ede43bd99e2457cd29b32df86f8e898c627ed6d764236470c0bf9f51fb0ec55b8b093d7da96823871475502a70febba34642cafe961daf70fd186e13024251d0f9ae0caa238993cfcb05fc6573549c71a0df01b30ffafe4f0ad2cddd03246155415cd7db5b63a7c68c61a2172e9b599bf3ae557a769d09003a5b77c6eaa0da43eda9723924597ae7e888b12c9285cdab1602657670d2f78069cd7f099e727cec1a6d830e408bb8ccf41d7b0f9ab6b8eff577d0e1101347a9ec2e4bc3e5e7d992814d98b055a11cbc5b81592f404fe42f94b8e402ca9a3f51686159479f95db36643b7b5261c607ff6128b768a3abdc39f542281d4c0a58a2e499b478895d82b07934b721bdd8653d84a75e1dfe5c0b7bd7341f4440691a6744ffa9325465de19e4f175198ec0b18f0e7d28f27bcc6478e908888f01215f741ca259aca8b3d87fcfbec968df584973d1f12bedafdf373e2699b6ef3bb635ce3b2431713d037dd13b4be7bb82839114412011ef0a172b9176bcafc7ecc3f136c230fa3dd9c53eb7896417784bce7f091b355c75d2ef79dcfc1da9c996c01c49629cd54abb09b67a2ed1ed482fa9d5fd75ce58589341ee4e11c5c8f1ca989e36b754b674d1fc4bfbec2c94c6db16494781a7c7b2996c0ca2956c9d577b1220aedb7753911dd5df6f23d4e8670d24fbc4abef3e977ab9999a82b662984b0237b9de6c2") r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) 02:12:08 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f75746500000500", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:12:08 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)={0x8035}) 02:12:08 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) write$cgroup_int(r0, &(0x7f0000000100), 0xff08) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000280)) write$binfmt_elf64(r0, &(0x7f0000000500)=ANY=[@ANYBLOB="7f454c4600000000000000004737849b9c3c56345aa191a2bf1786000000400000000000000000000040000000000000000000000000000000000000000000380000000000b384000000000000000000000000000000007d23a82cf8090770beec000000000000000000000031b889afce991d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009ddbb503a5da5808a3fd400000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000004595"], 0xf9) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x20001001}) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000000)={0x0, 0x8}) 02:12:08 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x3ac, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:12:08 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f75746500000400", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:12:08 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x117, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) [ 895.438883] FAULT_INJECTION: forcing a failure. [ 895.438883] name failslab, interval 1, probability 0, space 0, times 0 [ 895.466996] CPU: 0 PID: 2431 Comm: syz-executor1 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 895.475460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 895.484823] Call Trace: [ 895.487429] dump_stack+0x244/0x3ab [ 895.491081] ? dump_stack_print_info.cold.2+0x52/0x52 [ 895.496281] ? lo_ioctl+0xe6/0x1d60 [ 895.499931] should_fail.cold.4+0xa/0x17 [ 895.504007] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 895.509120] ? blkpg_ioctl+0xc10/0xc10 [ 895.513044] ? lock_downgrade+0x900/0x900 [ 895.517221] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 895.522173] ? save_stack+0x43/0xd0 [ 895.525821] ? __kasan_slab_free+0x102/0x150 [ 895.530262] ? __fget+0x4d1/0x740 [ 895.533759] ? fs_reclaim_acquire+0x20/0x20 [ 895.538096] ? lock_downgrade+0x900/0x900 [ 895.542490] ? perf_trace_sched_process_exec+0x860/0x860 [ 895.547960] ? block_ioctl+0xee/0x130 [ 895.551776] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 895.557329] __should_failslab+0x124/0x180 [ 895.561574] should_failslab+0x9/0x14 [ 895.565385] kmem_cache_alloc+0x2be/0x730 [ 895.569554] ? fget_raw+0x20/0x20 [ 895.573019] getname_flags+0xd0/0x590 [ 895.576833] do_mkdirat+0xc5/0x310 [ 895.580388] ? __ia32_sys_mknod+0xb0/0xb0 [ 895.584548] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 895.589928] ? trace_hardirqs_off_caller+0x300/0x300 [ 895.595042] ? ksys_ioctl+0x81/0xd0 [ 895.598678] __x64_sys_mkdir+0x5c/0x80 [ 895.602587] do_syscall_64+0x1b9/0x820 [ 895.606483] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 895.611858] ? syscall_return_slowpath+0x5e0/0x5e0 [ 895.616792] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 895.621644] ? trace_hardirqs_on_caller+0x310/0x310 [ 895.626666] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 895.631726] ? prepare_exit_to_usermode+0x291/0x3b0 02:12:08 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) write$cgroup_int(r0, &(0x7f0000000100), 0xff08) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000280)) write$binfmt_elf64(r0, &(0x7f0000000500)=ANY=[@ANYBLOB="7f454c4600000000000000004737849b9c3c56345aa191a2bf1786000000400000000000000000000040000000000000000000000000000000000000000000380000000000b384000000000000000000000000000000007d23a82cf8090770beec000000000000000000000031b889afce991d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009ddbb503a5da5808a3fd400000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000004595"], 0xf9) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x20001001}) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000000)={0x0, 0x8}) 02:12:08 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x356, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:12:08 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x25e, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:12:08 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) write$cgroup_int(r0, &(0x7f0000000100), 0xff08) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000280)) write$binfmt_elf64(r0, &(0x7f0000000500)=ANY=[@ANYBLOB="7f454c4600000000000000004737849b9c3c56345aa191a2bf1786000000400000000000000000000040000000000000000000000000000000000000000000380000000000b384000000000000000000000000000000007d23a82cf8090770beec000000000000000000000031b889afce991d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009ddbb503a5da5808a3fd400000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000004595"], 0xf9) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x20001001}) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000000)={0x0, 0x8}) [ 895.636768] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 895.641632] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 895.646831] RIP: 0033:0x456957 [ 895.650041] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 895.668950] RSP: 002b:00007fe98cd2fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 895.676664] RAX: ffffffffffffffda RBX: 0000000020000110 RCX: 0000000000456957 [ 895.683943] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000080 [ 895.691217] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 895.698489] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 895.705761] R13: 0000000000000000 R14: 00000000004d7d28 R15: 0000000000000003 02:12:08 executing program 1 (fault-call:2 fault-nth:24): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[]) 02:12:08 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f7574650000000000000000000100", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:12:08 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x4, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) 02:12:08 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)={0x3f000000}) 02:12:08 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x2e4, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:12:08 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f75746500000000000200", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:12:08 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) write$cgroup_int(r0, &(0x7f0000000100), 0xff08) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000280)) write$binfmt_elf64(r0, &(0x7f0000000500)=ANY=[@ANYBLOB="7f454c4600000000000000004737849b9c3c56345aa191a2bf1786000000400000000000000000000040000000000000000000000000000000000000000000380000000000b384000000000000000000000000000000007d23a82cf8090770beec000000000000000000000031b889afce991d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009ddbb503a5da5808a3fd400000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000004595"], 0xf9) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000000)={0x0, 0x8}) 02:12:08 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x1) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) sendmsg$kcm(r2, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001400)=[{&(0x7f00000000c0)="12deafa0dc76377b46261320e1b1ef7e8f0733a21a507a3009fdb0e6eaebdebb28422d9ca5ef8592472d6a5ea0af12d0d61b", 0x32}, {&(0x7f0000000100)="2c79f6336b7ab86d815126273551393836f81592c910fb69fe05012235be", 0x1e}, {&(0x7f0000000140)="1c3e0820ceddf72a6aaa43a4920104b05ac226b6b2c9568750a4462bd95eb4f6c1189585ec834c0738af8c7cd533a8fe74f5f0258af478b67593084ed331de8d0d033ab6b8d0", 0x46}, {&(0x7f00000001c0)="ae9912465626f1aa8597bd5003b983f9a31971b63e4168393097eb26373bffa5c0795b1b0f5fa19278ca3f626db80f561995b5939f4b555822af8dd19e795b3f815b4b323f3cf2bd7496bc6105315789c06300e9a9a8f92ac04f5a76af93b2e43a00294619edbf70f301afbc4df9cf017a723e885395f2fc4d0fbf1f71d447f4a733b6239321116205a693376da98a40013cfc03d326d33821d9cfc3428aa8425d43f1f94657f777eed813513b702af5931b6b3ce2dfac86f2a9b70f6edd074d1c52ba21c907602deecd30dd952485bbf23333b6a7f8467b805cf141f05152823c3ad3205df6f116d4d67083dff62e71d41d7f38398f8cb0b70d", 0xfa}, {&(0x7f00000002c0)="d28c6b330fc0770d4222a00e212b582a8a61dec4aa18de85699315b9287559a3ee311a3b1b9e2d9d2ed31c8ff7f41a1dd50ac07f5c13c81dd3f6cb60cd75effed55afc74ed17af30ff22b13ea739c1ef835a779c1177f5bb23a76809dbe4db26c4ef1a520dd1b14e3d2114a73c78f0367abd09ae1078da6824da76e62d128d1943eb0c4f00e311d710e0b1f037866bb90a7d725bd0b866460fbef725bc40368f9fecdf2fe8b22b5e3a026654390bc94d12eb1d65494b13f2fe356632a627c926f15b5d0772ca0c18591728cd18bcd8f01fcc85dd24855c3c1a819137eb7e16c8810241e33460cf5b967dd8c2aec750e29f63235858f9d63f8a6fe74a3f5128f061485598096fb8706f87a143811dff5ec0d78d8d68cdafe8545e61a92ff0084f55f40b21683c1ae336c4553c70db3eaf2b3fd56066f4fde193f0ebb115e37866250db94dfc3246711b47ecbc85576967b44aee05c3c1488ebe0d26ecf55f090b627d0911ae57ce1cadcd2dffc72ce794aabe9234c3c30ff2b67752ab9262b02b351f7d820a2c873a0ab7534125908045299a04a10593835c2d6902607d0825e41449fecea602f8a239cd338de11d4667e728ac422fd25bd45864c3b6aeafba5dfff7261e8e8f6501b26f2867e26274c2f5f2d6d046fa1ea20b5565378d382ead381373b99347197e4d7d8737cb23ebc052c1037ee03833f62fcf9fb292710ada8ae1c1664a513f2d36015ec05d918d991b57dc70044652981df67a4afb908bdc660df4e0488a96b649824c2ed90d852cd510e63f551fe41229b145b22db1cb8f02ae7c0f338652f3d2aac4c22298c36f9596e2d7cd346bd6fdccfef9bf7b193cf3207efdc63bcf8ab15f1b48174d8a936c4141b4298ddd38afc286567520d0d6c5c4f9aed2f1603ec6d207499fac808536f69fda96d24a5a31d61721b6148e55a0260ff2b9b5c4827edfa8aa9a3ff8a83f8be60f459cbd1b49a1d60f71bd440b57017bb914e12099f56d0bff2f9fe5341a08a5369669f889dc2855567a707cb8ae0242d6b357d22f83bd459dbef8f1382aaa6e4471f98d293d44a3437802b38aac31f1ec300b976df99624d8bd5bbe1cc5a8460ab15e433e629d3404e727b77ef4795f4e3b115fabb045c39207d481aaa9ebea1865a4c6b137dab938acf0d5062f17f41b9f257a7b900273f3797d946bf32507d4090ac6dc63baf404134b8924b7ea2eec4686a4da5d9f107f16bfdad91381ade6ca752323e812084b381f9cdf887862a9f1437013fd05fff732b3d0fb159a2560a3cfd2f42eb1841c2d1713a592ef439c0cdc4365a11d929d78207c43a08e2bd3b301438290a4cb9d0aa34a5a26489d956714b86ae876a19d3b5851eec9ea363e7c24d4d61148189d61dfcb1b54988baf631da402402f6a7ae6fab5a552b3a4476a36b3ff98851ec2a5e3dd0582287815466a9bc7f670d18461be6a9ab3597421be8cdff0d2bc4cd38778b9be13ebc6d59a175ff6ae8b0417665beaac71ca49a54959b36a00157c51ca3681b9be1da57d5f7f23132ebf11855c98b028c83395d453d21caa4b2fb4056583581e4cb58c51254938fcdec17a5195a0e4a47b945a3332981ec2d1d8ea0b10a29b40e70861f571612c6ca53540e258bd4c72f06eb7b8c9d55699c542b72ca9fe43d3aa92aa59e7f5c3a49ff373a6b5f087a83b74c611d178b24132a0165219925c70641e8bf10f838cf4e2acece2ea9437b69b68fdc622444d682d6fcd16be0b2f16b3c398082fdd629aa91891b84ae1640111f4732182ad78d5d95850208f755056cb62a55dfc2fb932df412fb8019e8c1c916838beb20485e469cc7f4342a5c9c19c2e128803df25d55dddbc7b736dadd4c7b9225c3e92a13c1f03e17f87e21498aeb3a1fdfc1c89362846b23b49bc6eab632c611777eda96058d1028a870f225d59ba1fc5e0eb3f16416f08726124a01dc693c03eb069879b9913c562784c1fd91edae296449144cf07946af2df914c452cd120c79a371264475f6dedd22ec47b89e48a56de4450e79c393631aa3d6937f9b166b363add2265f93f886f23e153e936a600d97765210e042202d11f36c70f21104556732a67406eaf725028774bf2ffe12ee0a92584a6d2c66ffca8f0744b1d8233bd802d2914c2e35bfd05d86f7f1559080fec61319f36cf6c9400cb9f0e4f635595e40b149d7aade3a5b4cf8b3652efea0d36b6f6e5b0a6aba9c939393abd26d8facd7b6371d757b1d5b3e88026c5369867ae295e16b897ec7793d87664b52fb0b34b01b21bc4609581f26c2f0d4dc42a88112b59fd029566348f1aad5b6cedbde51c0db12d28d438feb1be2b4098d685a55105f35269e2a2cbe62f990a467802cf0f7fc44e484e53528614a0b62d14f8047bd4b402359e4c98582568cae1eb9de29faee9b17513f9bb4025cb5ec86038bfc9caab1e7dae58d27d6e390d3ee9d92a6b53823e8ca4d31cfad335378530776b6939f4ca947cd50e24ef9652ee7b7dbc3612c1d8d25590ffd0d62b2d65b310a319ba77184bfd4eaaf5705c26bb86661f8b00745ba09be0f5c9d7d1d0e6fe844dcea3494f6c38dc9ce9303941b62f520e420d39dde292128c6cbaa465644db9d6d0f725f4faf2dc6ffbf4099f6e075eb34f2b86e3abca90e3dc99353c9f0b0f83aeee3fb63ecff0bf6ab4353590d9af5ad07f71e6c4f6d980812b34704c957debd779638ef8e09b6fc98efaa6d2ceaa7ecf64c7e39081db10ed2fba84445657d48792e248b97bf2ff1960cae38c3e9c66df01ea31225e36cd9a8e0b046cee499c969102f0b1fc3a1bf55202249acc4b3f5843744c4ad3c5eda46af016bb584e124ea843fb853bd2dc21cf26025981ba1adc9f7e6ab17359f7ea7c98349b83e951f1448c857c356044d66445c633d0e95b804c206057d46c629c495992cccc5fdd84bc1e887db37d002c80d6f2e13c54f77835f3b7fede98f50435332932d5000b33d6b41ca4528ebb7ce105b1e7a80b39f40a0be8d856efd2386b631ef876173b1470cabda3185ea1bf6b9774afe4a0f38ec38baa542265b57ef5fa98257ad6e601d765329d60a0a2c9ca55f1a715903b674aeb4ae6bac64f5859b5cfdd6b3648a81d8b707b8d097ee963946fb3f51992d649bea6b94f0de56b387e18b7a6c6bd92290eecd69892c5e837e967e22ad355aa47be3bd4eaeafbca2092ab0b20719c454ba5ee2eed9fac1d4d75369ebe274d9202f69c39e88e58e0d2754327418625ff9091b3f8fe1ba22d43478a2039667900eb05f19965f0b07a91c31e267c90b3162b5a9e0eb0a6e9d0d556987c95f6bb3106fa9b3d50c077d361b85c335897ce217cf09834c3dccdd4aa881194b081461e05bf867245525f91981e7b75085b24f46b2257e62701e54294822ea56e95924b98dc7b59940e1889813c8e7324326f96d812e7e320bf5ee5a847a0b7878918e34ba547c4afed1d5d6e2fba4f50ec61329d3fe63db31ac24351f913c73c2e75742f01373b1c70d6082ea0237ab388c87105ffed66a9fe78a9907e0ee256f1972d041fd3e3b01913e11cb8260d5016badf0dd6b72c705ab47ab4c77579a59f31010d3f36600a0e8cdbc7c1b99cf692bed0744ba0183cd7a7b9bbc5f181b3b86527d9c1c4122fcba6302847b47869d60d0a03dbb7edd371f6028cc66dda61bbe8f69a67a571d4ae5b44c0fc11f0bab8355384f27fd7003cf236f96411eded63745dafd7a21b8ebbb73a7cef23a57e02828aaa8b2bcbd28a28c3e76e524c6e63db6114cb8a2c42999e3eac275efaf53c1a5e6a115a2ec6943a9950841dbac81bba959a8001b67c25c38418d18a85c782ccefa768599a436b6a0e532017624a9ad07b3e86183d2d95432da670e199de7742f64eecb44f99ce2031af9340181ba7179bfcb0540fdc5f7d6e9438a389b94d037e8236ad349452e2de371e5f3b9d9b7df5ca48bd61f2cfa30e3074a4e0bffe475e8c8dbac37978f7f0603785bea68978f88f2af4ef261242d027c47da848614a9e26b6985ca4f5a3de299029df4bcf7054c83fb0a2d8cf3c169527c18e5c0df134ac7896831170bb98ba078ac017f84a485a213c6855592dc4bc4c9b6374036304ff53d0a02730e90a72070f5d1bf7136d809c2481cc92f4ba96f584cedd117a06cbb2da3ad33c6a73853493e4e1b07d1149055ebaff3e779c51bcb77642964d278632b4c59339fa7e1c3a763b071da0c29f3dda9eeca30d021cce951fbd6f8f4b9d966c3f3f02d7e7afd516403f70b2dbc2ba36484da247b16e2e16644a8b4defaee49374bf2b3515a644f03b02c2204f23ca0b5d21b1a0410df15db027fece0b35a086707cb51304f7544bd10f2562766fc3c8d7345f81169083b249377f0a8ef86c91aeed9ecbe35e36a6d4a9ef9e5ebdfaaa5875c8d6c0965f9d89e6069e8e2b7f6c30fd9d49e0ee1aa1672d8d0f0e63e2e89091ae5c836a73a47162c6d8ce83fa4969300d12d98abdce4f1be93b3cc6b376006bcd610142267f693319011749488a07f3b2957170f4dff67ab618146e6124aed92e713b6f97255ead2713f213c8dc5ee7e175710073aaa4e9c6e3fcff384e43815a64775d3fdff44d89984b5dbaf9bd291576e4606f1b037388d0940717b2bec8dd31840efec01b8c49cf2cfd1ce90cec784ba8358be8ee8ff520e87fb09b0f9a82af5df730cab7cddfb1d7a77d644eb88bc003711553984b086a0c914deda405cfd2b975e8ee2a58421bb15314036295648120b9e09bddf04f1b073f4c7c6dfe5afd501bf1b05011ad5e20855b3f3eab58a71deee59b2b2563fc68c6e8d15f00a0ab7a6582fb515564eb9b8c2ea66209999ebccaf0224b0adbcf57f988e96f8b72dd4a9df85616b0668761e36f101af61fab9aa17c05cb28a36dc956f9eb62c72fc93aa942732bf47beab48cf4f4462f94b73b42ea674d56e76f6e13402131b805b621bd9bd72eb84ccbe350dfd865747a54e67e5c9cebeb50e728e7724cc6402dc00dd9f53de814fd8f9c46e15285eb3340c6c8a2e3b1cbf96b18224bc7d84b6414ad64fcf23b74dd2ca71b34863e4994f0cb886d6bc1d56e925105721c50f1c59ddcd216350107ca440792fd8d2cb6eda7829e9c391d9b1b1dde6b896c5104dd15ff5ec054e6594e2eb9ebc2c13b993370a3950c3cc32241ec71fa80a860f05ba9a50f3c95b329e37f22094d595e0413a5a2cea163fa86c7db4b5f54f5eab19ab03f407d3959ca155ac7c48b27d6fe47663b8144dd00065eb5356c9db785e3ccd031ea3f05fbd1c7219938b33ad9001110b7455ab9a0b9037a5e97759595e47c2821bee76bca042fb5f3585cb9613edaef30ef8beaf307e3798296c6d03422e57ba71cfdc5c004fc682061717a3078e5af40f2a9ebb89e3d01fe0d7b803ba46c7eb05dedf180d8dffb7ee0fe9aafb9b0d515110f91dbf268ca2bdf59781788be0c4dfb6861a95b6db9e01c0f2f356668a9fe4bfd19b899d86e4b1f55bc5609f861b6815eb7b5676a381afb549658d950855b8b47aed4eb7a26ae7a86d26bbe388177d45fc3fa92e41993ff5edf60fcb05f2aca62d4d0bb93f0007ff6f15f2dd6dd2b8bbcdbbc4ca2793e6f62b78b4f42bb6a1fec4b3998d52c8a0430f92621fba7722d31a4eead547f4a80abdc52ee8adabf17756a2b6fde2ff8721a024b79ab8b864a40bc1f05a4af067d4dd7af2f8328e311d13276a5d387af8c41cc44e41c258d3935a29b598f556cf1a6e1d653ce702d1322c8fe6372b5cf2a4cd441604210489375d", 0x1000}, {&(0x7f00000012c0)="8f19ef2f1b1afc06ba7b1aac53b4878483e0ecf023052b57fe292b0f82e5a28be4c1afbb7beec81ed948aaa88545d0a4286916268c57f53267683e389d53eb62974b52c71db97895", 0x48}, {&(0x7f0000001340)="9650073aec2825a56b32cd1bcee0dea487d7323b2082141d2f0c51c00af0419e54021995925451f060bafd1268a9d31310f63dcaaff9b830dfd23a83cd5696bb7c4ca66c76a80e4b7cbb3cc6855321a3a64c2a477c79f185cd56c8259a2af4c7e69f4c72099d669db390cccae983fe9fbbd28841edef03945db78165f2f5e5a37ae3b32d6e0effe6b63288939dfb269604b3afc9bf09b4c3aa418ba8c4a47a6c20635a8fa1", 0xa5}], 0x7, 0x0, 0x0, 0x8010}, 0x4000000) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) [ 895.839767] FAULT_INJECTION: forcing a failure. [ 895.839767] name failslab, interval 1, probability 0, space 0, times 0 [ 895.901612] CPU: 0 PID: 2465 Comm: syz-executor1 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 895.910057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 895.919409] Call Trace: [ 895.922021] dump_stack+0x244/0x3ab [ 895.925670] ? dump_stack_print_info.cold.2+0x52/0x52 [ 895.930872] ? save_stack+0xa9/0xd0 [ 895.934510] should_fail.cold.4+0xa/0x17 [ 895.938579] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 895.943692] ? mark_held_locks+0x130/0x130 [ 895.947943] ? lock_downgrade+0x900/0x900 [ 895.952100] ? lock_release+0xa10/0xa10 [ 895.956084] ? mem_cgroup_handle_over_high+0x150/0x150 [ 895.961402] ? __lockdep_init_map+0x105/0x590 [ 895.965905] ? memcg_kmem_put_cache+0x1f3/0x300 [ 895.970590] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 895.975646] ? ext4_get_group_desc+0x1c6/0x2c0 [ 895.980243] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 895.985792] ? perf_trace_sched_process_exec+0x860/0x860 [ 895.991250] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 895.996277] ? map_id_range_down+0x1ee/0x430 [ 896.000701] __should_failslab+0x124/0x180 [ 896.004948] should_failslab+0x9/0x14 [ 896.008760] kmem_cache_alloc+0x2be/0x730 [ 896.012924] jbd2__journal_start+0x1e7/0xa80 [ 896.017340] ? perf_trace_sched_process_exec+0x860/0x860 [ 896.022805] ? jbd2_write_access_granted.part.8+0x410/0x410 [ 896.028524] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 896.034069] ? __might_sleep+0x95/0x190 [ 896.038053] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 896.043601] __ext4_journal_start_sb+0x1a0/0x5e0 [ 896.048364] ? __ext4_new_inode+0x3885/0x65a0 [ 896.052870] ? ext4_journal_abort_handle.isra.5+0x260/0x260 [ 896.058588] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 896.064136] ? find_next_zero_bit+0x111/0x140 [ 896.068643] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 896.073677] __ext4_new_inode+0x3885/0x65a0 [ 896.078015] ? do_syscall_64+0x1b9/0x820 [ 896.082088] ? ext4_free_inode+0x1a10/0x1a10 [ 896.086507] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 896.091545] ? bpf_prog_kallsyms_find+0xde/0x4a0 [ 896.096321] ? is_bpf_text_address+0xac/0x170 [ 896.100833] ? lock_downgrade+0x900/0x900 [ 896.104999] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 896.109939] ? kasan_check_read+0x11/0x20 [ 896.114102] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 896.119392] ? rcu_softirq_qs+0x20/0x20 [ 896.123375] ? unwind_dump+0x190/0x190 [ 896.127273] ? is_bpf_text_address+0xd3/0x170 [ 896.131779] ? kernel_text_address+0x79/0xf0 [ 896.136197] ? __kernel_text_address+0xd/0x40 [ 896.140704] ? unwind_get_return_address+0x61/0xa0 [ 896.145649] ? __save_stack_trace+0x8d/0xf0 [ 896.149992] ? save_stack+0xa9/0xd0 [ 896.153634] ? save_stack+0x43/0xd0 [ 896.157268] ? __kasan_slab_free+0x102/0x150 [ 896.161681] ? kasan_slab_free+0xe/0x10 [ 896.165684] ? kmem_cache_free+0x83/0x290 [ 896.169852] ? putname+0xf2/0x130 [ 896.173309] ? filename_create+0x2b2/0x5b0 [ 896.177553] ? do_mkdirat+0xda/0x310 [ 896.181270] ? __x64_sys_mkdir+0x5c/0x80 [ 896.185338] ? do_syscall_64+0x1b9/0x820 [ 896.189407] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 896.194791] ? trace_hardirqs_off+0xb8/0x310 [ 896.199204] ? kasan_check_read+0x11/0x20 [ 896.203358] ? do_raw_spin_unlock+0xa7/0x2f0 [ 896.207778] ? trace_hardirqs_on+0x310/0x310 [ 896.212202] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 896.217758] ? __dquot_initialize+0x629/0xdd0 [ 896.222265] ? trace_hardirqs_off+0xb8/0x310 [ 896.226687] ? dquot_get_next_dqblk+0x180/0x180 [ 896.231369] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 896.236916] ? common_perm+0x1f6/0x7b0 [ 896.240818] ? check_preemption_disabled+0x48/0x200 [ 896.245849] ext4_mkdir+0x2e1/0xe60 [ 896.249494] ? ext4_init_dot_dotdot+0x510/0x510 [ 896.254183] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 896.259742] ? security_inode_permission+0xd2/0x100 [ 896.264772] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 896.270316] ? security_inode_mkdir+0xe8/0x120 [ 896.274910] vfs_mkdir+0x42e/0x6b0 [ 896.278474] do_mkdirat+0x27a/0x310 [ 896.282116] ? __ia32_sys_mknod+0xb0/0xb0 [ 896.286271] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 896.291647] ? trace_hardirqs_off_caller+0x300/0x300 [ 896.296758] ? ksys_ioctl+0x81/0xd0 [ 896.300397] __x64_sys_mkdir+0x5c/0x80 [ 896.304301] do_syscall_64+0x1b9/0x820 [ 896.308193] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 896.313570] ? syscall_return_slowpath+0x5e0/0x5e0 [ 896.318513] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 896.323370] ? trace_hardirqs_on_caller+0x310/0x310 [ 896.328393] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 896.333419] ? prepare_exit_to_usermode+0x291/0x3b0 [ 896.338468] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 896.343325] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 896.348518] RIP: 0033:0x456957 [ 896.351729] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 896.370637] RSP: 002b:00007fe98cd2fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 896.378354] RAX: ffffffffffffffda RBX: 0000000020000110 RCX: 0000000000456957 [ 896.385641] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000080 [ 896.392940] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 896.400230] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 896.407505] R13: 0000000000000000 R14: 00000000004d7d28 R15: 0000000000000003 02:12:09 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) write$cgroup_int(r0, &(0x7f0000000100), 0xff08) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000280)) write$binfmt_elf64(r0, &(0x7f0000000500)=ANY=[@ANYBLOB="7f454c4600000000000000004737849b9c3c56345aa191a2bf1786000000400000000000000000000040000000000000000000000000000000000000000000380000000000b384000000000000000000000000000000007d23a82cf8090770beec000000000000000000000031b889afce991d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009ddbb503a5da5808a3fd400000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000004595"], 0xf9) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000000)={0x0, 0x8}) 02:12:09 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)={0x6488}) 02:12:09 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) r3 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x1b49, 0x400000) fsetxattr$security_smack_entry(r3, &(0x7f0000000100)='security.SMACK64IPOUT\x00', &(0x7f0000000140)='\x00', 0x1, 0x3) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) 02:12:09 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x49, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) [ 896.518644] EXT4-fs error (device sda1) in __ext4_new_inode:933: Out of memory 02:12:09 executing program 1 (fault-call:2 fault-nth:25): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[]) 02:12:09 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)={0xffffa888}) 02:12:09 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) write$cgroup_int(r0, &(0x7f0000000100), 0xff08) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000280)) write$binfmt_elf64(r0, &(0x7f0000000500)=ANY=[@ANYBLOB="7f454c4600000000000000004737849b9c3c56345aa191a2bf1786000000400000000000000000000040000000000000000000000000000000000000000000380000000000b384000000000000000000000000000000007d23a82cf8090770beec000000000000000000000031b889afce991d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009ddbb503a5da5808a3fd400000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000004595"], 0xf9) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000000)={0x0, 0x8}) 02:12:09 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) getsockname(r2, &(0x7f00000000c0)=@sco, &(0x7f0000000140)=0x80) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) 02:12:09 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)={0x88caffff00000000}) [ 896.686580] FAULT_INJECTION: forcing a failure. [ 896.686580] name failslab, interval 1, probability 0, space 0, times 0 [ 896.766592] CPU: 0 PID: 2511 Comm: syz-executor1 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 896.775047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 896.784401] Call Trace: [ 896.787018] dump_stack+0x244/0x3ab [ 896.790660] ? dump_stack_print_info.cold.2+0x52/0x52 [ 896.795860] ? __kernel_text_address+0xd/0x40 [ 896.800363] ? unwind_get_return_address+0x61/0xa0 [ 896.805298] should_fail.cold.4+0xa/0x17 [ 896.809370] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 896.814493] ? save_stack+0xa9/0xd0 [ 896.818131] ? save_stack+0x43/0xd0 [ 896.821762] ? kasan_kmalloc+0xc7/0xe0 [ 896.825655] ? __kmalloc_track_caller+0x157/0x760 [ 896.830507] ? memdup_user+0x2c/0xa0 [ 896.834224] ? strndup_user+0x77/0xd0 [ 896.838034] ? ksys_mount+0x3c/0x140 [ 896.841764] ? do_syscall_64+0x1b9/0x820 [ 896.845837] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 896.851213] ? trace_hardirqs_on+0x310/0x310 [ 896.855629] ? debug_check_no_obj_freed+0x305/0x58d [ 896.860653] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 896.866201] ? check_preemption_disabled+0x48/0x200 [ 896.871223] ? trace_hardirqs_on+0xbd/0x310 [ 896.875559] ? fs_reclaim_acquire+0x20/0x20 [ 896.879889] ? lock_downgrade+0x900/0x900 [ 896.884058] ? perf_trace_sched_process_exec+0x860/0x860 [ 896.889534] ? lock_release+0xa10/0xa10 [ 896.893523] ? perf_trace_sched_process_exec+0x860/0x860 [ 896.898987] __should_failslab+0x124/0x180 [ 896.903229] should_failslab+0x9/0x14 [ 896.907042] __kmalloc_track_caller+0x2d1/0x760 [ 896.911726] ? strncpy_from_user+0x5a0/0x5a0 [ 896.916140] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 896.921684] ? strndup_user+0x77/0xd0 [ 896.925501] memdup_user+0x2c/0xa0 [ 896.929046] strndup_user+0x77/0xd0 [ 896.932681] ksys_mount+0x73/0x140 [ 896.936233] __x64_sys_mount+0xbe/0x150 [ 896.940215] do_syscall_64+0x1b9/0x820 [ 896.944107] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 896.949493] ? syscall_return_slowpath+0x5e0/0x5e0 [ 896.954431] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 896.959294] ? trace_hardirqs_on_caller+0x310/0x310 [ 896.964317] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 896.969349] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 896.974896] ? prepare_exit_to_usermode+0x291/0x3b0 [ 896.979925] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 896.984775] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 896.989970] RIP: 0033:0x459f8a [ 896.993178] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 897.012087] RSP: 002b:00007fe98cd2fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 897.019803] RAX: ffffffffffffffda RBX: 00007fe98cd2fb30 RCX: 0000000000459f8a [ 897.027075] RDX: 00007fe98cd2fad0 RSI: 0000000020000080 RDI: 00007fe98cd2faf0 [ 897.034352] RBP: 0000000020000080 R08: 00007fe98cd2fb30 R09: 00007fe98cd2fad0 [ 897.041628] R10: 0000000000100020 R11: 0000000000000206 R12: 0000000000000004 [ 897.048905] R13: 0000000000100020 R14: 00000000004d7d28 R15: 0000000000000003 [ 897.262900] device bridge_slave_1 left promiscuous mode [ 897.268451] bridge0: port 2(bridge_slave_1) entered disabled state [ 897.323045] device bridge_slave_0 left promiscuous mode [ 897.328561] bridge0: port 1(bridge_slave_0) entered disabled state [ 897.424606] team0 (unregistering): Port device team_slave_1 removed [ 897.444482] team0 (unregistering): Port device team_slave_0 removed [ 897.464119] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 897.506194] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 897.590227] bond0 (unregistering): Released all slaves [ 898.885653] IPVS: ftp: loaded support on port[0] = 21 [ 899.466774] bridge0: port 1(bridge_slave_0) entered blocking state [ 899.473429] bridge0: port 1(bridge_slave_0) entered disabled state [ 899.480746] device bridge_slave_0 entered promiscuous mode [ 899.517066] bridge0: port 2(bridge_slave_1) entered blocking state [ 899.523907] bridge0: port 2(bridge_slave_1) entered disabled state [ 899.531173] device bridge_slave_1 entered promiscuous mode [ 899.567891] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 899.620197] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 899.731019] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 899.771162] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 899.943658] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 899.951054] team0: Port device team_slave_0 added [ 899.989395] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 899.997477] team0: Port device team_slave_1 added [ 900.034647] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 900.071412] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 900.108992] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 900.148498] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 900.514597] bridge0: port 2(bridge_slave_1) entered blocking state [ 900.520991] bridge0: port 2(bridge_slave_1) entered forwarding state [ 900.527709] bridge0: port 1(bridge_slave_0) entered blocking state [ 900.534091] bridge0: port 1(bridge_slave_0) entered forwarding state [ 900.547429] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 901.342379] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 901.962132] 8021q: adding VLAN 0 to HW filter on device bond0 [ 902.089362] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 902.214741] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 902.220878] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 902.235269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 902.353147] 8021q: adding VLAN 0 to HW filter on device team0 02:12:16 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f75746500000000000300", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:12:16 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8916, &(0x7f0000000000)="153f623448080000006070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) splice(r0, &(0x7f00000000c0), r0, &(0x7f0000000100), 0x4287, 0x8) 02:12:16 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) write$cgroup_int(r0, &(0x7f0000000100), 0xff08) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000280)) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x20001001}) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000000)={0x0, 0x8}) 02:12:16 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)={0x8035000000000000}) 02:12:16 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x1cf, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) 02:12:16 executing program 1 (fault-call:2 fault-nth:26): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000002640)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)="0000000080", &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x100020, &(0x7f0000000180)=ANY=[]) 02:12:16 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00\x00\x00\x00\x00\a\x00', 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) [ 903.157590] FAULT_INJECTION: forcing a failure. [ 903.157590] name failslab, interval 1, probability 0, space 0, times 0 [ 903.169876] CPU: 1 PID: 2843 Comm: syz-executor1 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 903.178298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 903.178306] Call Trace: [ 903.178342] dump_stack+0x244/0x3ab [ 903.193904] ? dump_stack_print_info.cold.2+0x52/0x52 [ 903.199114] ? filename_lookup+0x39a/0x520 [ 903.203362] ? user_path_at_empty+0x40/0x50 [ 903.207698] ? do_mount+0x180/0x1d90 [ 903.211503] ? ksys_mount+0x12d/0x140 [ 903.215319] ? do_syscall_64+0x1b9/0x820 [ 903.219393] should_fail.cold.4+0xa/0x17 [ 903.223483] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 903.228601] ? mntput+0x74/0xa0 [ 903.231893] ? trace_hardirqs_off+0xb8/0x310 [ 903.236311] ? trace_hardirqs_on+0x310/0x310 [ 903.240732] ? debug_check_no_obj_freed+0x305/0x58d [ 903.245761] ? check_preemption_disabled+0x48/0x200 [ 903.250787] ? trace_hardirqs_on+0xbd/0x310 02:12:16 executing program 2: ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000000c0)=""/40) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000700)=@broute={"62726f757465000007fffffe00", 0x20, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0x70, 0xb8, 0x108, [@limit={'limit\x00', 0x20}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) 02:12:16 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x1a}, 0x20) ioctl$SG_GET_VERSION_NUM(r2, 0x2282, &(0x7f00000000c0)) 02:12:16 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) write$cgroup_int(r0, &(0x7f0000000100), 0xff08) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000280)) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x20001001}) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000000)={0x0, 0x8}) [ 903.255121] ? putname+0xf2/0x130 [ 903.258593] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 903.264151] ? fs_reclaim_acquire+0x20/0x20 [ 903.268495] ? lock_downgrade+0x900/0x900 [ 903.272655] ? filename_lookup+0x39f/0x520 [ 903.276910] ? perf_trace_sched_process_exec+0x860/0x860 [ 903.282376] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 903.287932] __should_failslab+0x124/0x180 [ 903.292174] should_failslab+0x9/0x14 [ 903.295988] kmem_cache_alloc_trace+0x2d7/0x750 [ 903.300673] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 903.306235] vfs_new_fs_context+0x5e/0x77c [ 903.310493] ? ns_capable_common+0x13f/0x170 [ 903.314920] do_mount+0xb70/0x1d90 [ 903.318484] ? copy_mount_string+0x40/0x40 [ 903.322732] ? kasan_unpoison_shadow+0x35/0x50 [ 903.327323] ? kasan_kmalloc+0xc7/0xe0 [ 903.331233] ? kmem_cache_alloc_trace+0x31f/0x750 [ 903.336086] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 903.341631] ? _copy_from_user+0xdf/0x150 [ 903.345802] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 903.351348] ? copy_mount_options+0x315/0x430 [ 903.355855] ksys_mount+0x12d/0x140 [ 903.359498] __x64_sys_mount+0xbe/0x150 [ 903.363496] do_syscall_64+0x1b9/0x820 [ 903.367391] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 903.372764] ? syscall_return_slowpath+0x5e0/0x5e0 [ 903.377705] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 903.382561] ? trace_hardirqs_on_caller+0x310/0x310 [ 903.387590] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 903.392796] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 903.398342] ? prepare_exit_to_usermode+0x291/0x3b0 [ 903.403494] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 903.408991] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 903.414188] RIP: 0033:0x459f8a [ 903.417404] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 903.436323] RSP: 002b:00007fe98cd2fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 903.444056] RAX: ffffffffffffffda RBX: 00007fe98cd2fb30 RCX: 0000000000459f8a 02:12:16 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) write$cgroup_int(r0, &(0x7f0000000100), 0xff08) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000280)) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x20001001}) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000000)={0x0, 0x8}) 02:12:16 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000fcdfe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x40001, 0x0) process_vm_readv(r1, &(0x7f0000fca000)=[{&(0x7f0000000000)=""/249, 0xf9}], 0x31b, &(0x7f0000fcafa0)=[{&(0x7f0000309fb2)=""/145, 0xfffffe9b}], 0x7b, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) [ 903.451335] RDX: 00007fe98cd2fad0 RSI: 0000000020000080 RDI: 00007fe98cd2faf0 [ 903.459512] RBP: 0000000020000080 R08: 00007fe98cd2fb30 R09: 00007fe98cd2fad0 [ 903.466793] R10: 0000000000100020 R11: 0000000000000206 R12: 0000000000000004 [ 903.474787] R13: 0000000000100020 R14: 00000000004d7d28 R15: 0000000000000003 02:12:16 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x14, &(0x7f00000c5fe8)={@local, @random="1ae230c0b61f", [], {@generic={0x8863, "94a7030000e8"}}}, &(0x7f0000b0c000)={0x806000000000000}) [ 903.505930] BUG: unable to handle kernel paging request at fffffffffffffff4 [ 903.511089] kobject: 'loop5' (00000000615b071b): kobject_uevent_env [ 903.513681] PGD 926d067 P4D 926d067 PUD 926f067 PMD 0 [ 903.513714] Oops: 0000 [#1] PREEMPT SMP KASAN [ 903.513729] CPU: 1 PID: 2843 Comm: syz-executor1 Not tainted 4.19.0-rc7-next-20181011+ #92 [ 903.513737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 903.513757] RIP: 0010:do_mount+0xb98/0x1d90 [ 903.513769] Code: 06 00 48 89 c2 48 89 c3 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 8a 11 00 00 48 b8 00 00 00 00 00 fc ff df <4c> 8b 33 49 8d 7e 18 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 5e 11 [ 903.513777] RSP: 0018:ffff880182dc7c28 EFLAGS: 00010246 [ 903.513790] RAX: dffffc0000000000 RBX: fffffffffffffff4 RCX: ffffc9000eb00000 [ 903.513800] RDX: 1ffffffffffffffe RSI: ffffffff81e08e2c RDI: ffffffff89703f00 [ 903.513809] RBP: ffff880182dc7db0 R08: ffff8801bb878240 R09: fffffbfff1287122 [ 903.513818] R10: fffffbfff1287122 R11: ffffffff89438913 R12: ffff8801d9bf4c30 [ 903.513827] R13: ffff8801c9fb6ac0 R14: ffff8801c9fb6ac0 R15: ffff8801d289cdc0 [ 903.513839] FS: 00007fe98cd30700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000 [ 903.513849] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 903.513858] CR2: fffffffffffffff4 CR3: 00000001c0aa0000 CR4: 00000000001426e0 [ 903.513868] Call Trace: [ 903.513888] ? copy_mount_string+0x40/0x40 [ 903.513902] ? kasan_unpoison_shadow+0x35/0x50 [ 903.513921] ? kasan_kmalloc+0xc7/0xe0 [ 903.520608] kobject: 'loop5' (00000000615b071b): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 903.525613] ? kmem_cache_alloc_trace+0x31f/0x750 [ 903.525633] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 903.525651] ? _copy_from_user+0xdf/0x150 [ 903.525672] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 903.542108] kobject: 'loop4' (00000000407126f2): kobject_uevent_env [ 903.548148] ? copy_mount_options+0x315/0x430 [ 903.548166] ksys_mount+0x12d/0x140 [ 903.548182] __x64_sys_mount+0xbe/0x150 [ 903.548210] do_syscall_64+0x1b9/0x820 [ 903.548238] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 903.708976] ? syscall_return_slowpath+0x5e0/0x5e0 [ 903.713914] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 903.718766] ? trace_hardirqs_on_caller+0x310/0x310 [ 903.723798] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 903.728833] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 903.734395] ? prepare_exit_to_usermode+0x291/0x3b0 [ 903.739427] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 903.744291] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 903.749482] RIP: 0033:0x459f8a [ 903.752683] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 903.771586] RSP: 002b:00007fe98cd2fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 903.779306] RAX: ffffffffffffffda RBX: 00007fe98cd2fb30 RCX: 0000000000459f8a [ 903.786582] RDX: 00007fe98cd2fad0 RSI: 0000000020000080 RDI: 00007fe98cd2faf0 [ 903.793855] RBP: 0000000020000080 R08: 00007fe98cd2fb30 R09: 00007fe98cd2fad0 [ 903.801136] R10: 0000000000100020 R11: 0000000000000206 R12: 0000000000000004 [ 903.808411] R13: 0000000000100020 R14: 00000000004d7d28 R15: 0000000000000003 [ 903.815709] Modules linked in: [ 903.818915] CR2: fffffffffffffff4 [ 903.822380] ---[ end trace 8b072319bb2a4803 ]--- [ 903.827153] RIP: 0010:do_mount+0xb98/0x1d90 [ 903.831487] Code: 06 00 48 89 c2 48 89 c3 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 8a 11 00 00 48 b8 00 00 00 00 00 fc ff df <4c> 8b 33 49 8d 7e 18 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 5e 11 [ 903.850394] RSP: 0018:ffff880182dc7c28 EFLAGS: 00010246 [ 903.855768] RAX: dffffc0000000000 RBX: fffffffffffffff4 RCX: ffffc9000eb00000 [ 903.863043] RDX: 1ffffffffffffffe RSI: ffffffff81e08e2c RDI: ffffffff89703f00 [ 903.870317] RBP: ffff880182dc7db0 R08: ffff8801bb878240 R09: fffffbfff1287122 [ 903.877588] R10: fffffbfff1287122 R11: ffffffff89438913 R12: ffff8801d9bf4c30 [ 903.884862] R13: ffff8801c9fb6ac0 R14: ffff8801c9fb6ac0 R15: ffff8801d289cdc0 [ 903.892146] FS: 00007fe98cd30700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000 [ 903.900376] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 903.906263] CR2: fffffffffffffff4 CR3: 00000001c0aa0000 CR4: 00000000001426e0 [ 903.913537] Kernel panic - not syncing: Fatal exception [ 903.919800] Kernel Offset: disabled [ 903.923460] Rebooting in 86400 seconds..