ec9d966f3e8f6eb5d550bd2147d0e2c7f966d46d3dd15594b44f4e58a01d0da3eefcc95601ffda6293e37f125cd9ece5d6570e1e339a49d505b14f813bfb59a38855a6", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, r3}}, 0x120) write$RDMA_USER_CM_CMD_REJECT(r0, &(0x7f0000000200)={0x9, 0x108, 0xfa00, {r3, 0x7f, "241fcc", "14c2976eff28566ac9332cb10339af1516e7096db8f76e930a7c653f3216af5257e4f4ccf6de622e70d7f5b44a2389f34ed1b07bd91575551e38acea6bc09406d8431327028af5f036491b0f74f26eaa2814ca178f947a5349c725ce478536405ada602a8f5ae9dc90d07243ff5a1d3738f0402789cb8e6542907a2c2cf197e997c67a4cebdc396ef081d5a7014b4b92e33761a046baa7765beb261ee30d5698f66f978bdd55a244fbdea2f681a7949970fe71ff3bbda03c7a21e6449087bff15cec7173a8fd6aa031f2e804c6639737611abefbec5cc7b24fbb6afd20d32960b5ceb0a2ab18a3fdb4b74e05694da9a2871e3214db914820a2737371c5e68932"}}, 0x110) write$cgroup_int(r1, &(0x7f0000000080)=0x3, 0x12) 22:04:48 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = getpid() sched_setattr(r4, 0x0, 0x0) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r5 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x4030582a, &(0x7f0000000040)) 22:04:48 executing program 4 (fault-call:10 fault-nth:40): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:04:48 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r4, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, r4, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r4) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r5 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) r6 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) accept4$unix(r6, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) 22:04:48 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuset.memory_pressure\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) [ 692.602148] Bluetooth: hci3 command 0x041b tx timeout 22:04:49 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.stat\x00', 0x26e1, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r0, 0x8040942d, &(0x7f0000000100)) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) syz_open_dev$vcsn(&(0x7f0000000140)='/dev/vcs#\x00', 0x6, 0x20000) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000080)={r0, 0x7, 0x74b0186a}) openat$cgroup_ro(r1, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x0, 0x0) [ 692.673279] FAULT_INJECTION: forcing a failure. [ 692.673279] name failslab, interval 1, probability 0, space 0, times 0 [ 692.684959] CPU: 0 PID: 13710 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 692.692862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 692.702222] Call Trace: [ 692.704827] dump_stack+0x1b2/0x281 [ 692.708490] should_fail.cold+0x10a/0x149 [ 692.712654] should_failslab+0xd6/0x130 [ 692.716646] __kmalloc_track_caller+0x2bc/0x400 [ 692.721351] ? kstrdup_const+0x35/0x60 [ 692.725255] kstrdup+0x36/0x70 [ 692.728477] kstrdup_const+0x35/0x60 [ 692.732376] alloc_vfsmnt+0xe0/0x7f0 [ 692.736114] clone_mnt+0x6c/0xff0 [ 692.739580] copy_tree+0x33e/0xa20 [ 692.743136] copy_mnt_ns+0x167/0xa30 [ 692.746881] ? create_new_namespaces+0x30/0x720 [ 692.751584] ? do_mount+0x2a00/0x2a00 [ 692.755395] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 692.760432] ? kmem_cache_alloc+0x35f/0x3c0 [ 692.764768] create_new_namespaces+0xc9/0x720 [ 692.769273] ? security_capable+0x88/0xb0 [ 692.773431] copy_namespaces+0x27b/0x310 [ 692.777494] copy_process.part.0+0x25f8/0x71c0 [ 692.782080] ? retint_kernel+0x2d/0x2d [ 692.785986] ? __vfs_write+0xec/0x630 [ 692.789807] ? __sanitizer_cov_trace_pc+0x4a/0x50 [ 692.794666] ? __cleanup_sighand+0x40/0x40 [ 692.798904] ? lock_downgrade+0x740/0x740 [ 692.803060] _do_fork+0x184/0xc80 [ 692.806548] ? fork_idle+0x270/0x270 [ 692.810265] ? fput+0xb/0x140 [ 692.813367] ? SyS_write+0x14d/0x210 [ 692.817076] ? SyS_read+0x210/0x210 [ 692.820718] ? __do_page_fault+0x159/0xad0 [ 692.824955] ? do_syscall_64+0x4c/0x640 [ 692.828927] ? sys_vfork+0x20/0x20 [ 692.832488] do_syscall_64+0x1d5/0x640 [ 692.836386] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 692.841573] RIP: 0033:0x466459 [ 692.844762] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 692.852485] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 692.859757] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 692.867032] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 692.874300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 692.881567] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 22:04:49 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000040)={0x80000001, 0x6}, 0x0) getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:04:49 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r1, 0x0) ioctl$VIDIOC_DBG_S_REGISTER(r1, 0x4038564f, &(0x7f0000000000)={{0x3, @addr=0x6d}, 0x8, 0xd0, 0xdc}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) r2 = syz_open_dev$ptys(0xc, 0x3, 0x1) ioctl$F2FS_IOC_PRECACHE_EXTENTS(r2, 0xf50f, 0x0) 22:04:49 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = getpid() sched_setattr(r4, 0x0, 0x0) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r5 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x4030582a, &(0x7f0000000040)) 22:04:49 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x6602752ed852c17f, 0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10010, r1, 0x81c4c000) ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, &(0x7f0000000000)={0x19, 0x5e, 0x1, 0xfffffffe, 0x8}) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) stat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x3) fstat(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xee01, r4, 0x0) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TCXONC(r5, 0x540a, 0x3) fstat(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xee01, r6, 0x0) getresuid(&(0x7f0000000200), &(0x7f0000000240)=0x0, &(0x7f0000000280)) fsetxattr$system_posix_acl(r0, &(0x7f00000000c0)='system.posix_acl_access\x00', &(0x7f00000002c0)={{}, {0x1, 0x4}, [{0x2, 0x1, 0xffffffffffffffff}, {0x2, 0x7, r2}, {0x2, 0x0, r4}, {0x2, 0x0, r6}, {0x2, 0x1, r7}, {0x2, 0x1, 0xee00}], {0x4, 0x2}, [{0x8, 0x2}], {0x10, 0x5}}, 0x5c, 0x1) 22:04:49 executing program 4 (fault-call:10 fault-nth:41): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 693.608635] FAULT_INJECTION: forcing a failure. [ 693.608635] name failslab, interval 1, probability 0, space 0, times 0 [ 693.620362] CPU: 1 PID: 13757 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 693.628291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 693.637665] Call Trace: [ 693.640270] dump_stack+0x1b2/0x281 [ 693.643913] should_fail.cold+0x10a/0x149 [ 693.648074] should_failslab+0xd6/0x130 [ 693.652055] kmem_cache_alloc+0x28e/0x3c0 [ 693.656218] alloc_vfsmnt+0x23/0x7f0 [ 693.660034] clone_mnt+0x6c/0xff0 [ 693.663497] copy_tree+0x33e/0xa20 [ 693.667055] copy_mnt_ns+0x167/0xa30 [ 693.670780] ? create_new_namespaces+0x30/0x720 [ 693.675466] ? do_mount+0x2a00/0x2a00 [ 693.679279] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 693.684307] ? kmem_cache_alloc+0x35f/0x3c0 [ 693.688656] create_new_namespaces+0xc9/0x720 [ 693.693162] ? security_capable+0x88/0xb0 [ 693.697325] copy_namespaces+0x27b/0x310 [ 693.701390] copy_process.part.0+0x25f8/0x71c0 [ 693.705976] ? get_pid_task+0xb8/0x130 [ 693.709867] ? proc_fail_nth_write+0x7b/0x180 [ 693.714366] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 693.719316] ? __cleanup_sighand+0x40/0x40 [ 693.723556] ? lock_downgrade+0x740/0x740 [ 693.728235] _do_fork+0x184/0xc80 [ 693.731931] ? fork_idle+0x270/0x270 [ 693.735632] ? fput+0xb/0x140 [ 693.738747] ? SyS_write+0x14d/0x210 [ 693.742444] ? SyS_read+0x210/0x210 [ 693.746074] ? __do_page_fault+0x159/0xad0 [ 693.750295] ? do_syscall_64+0x4c/0x640 [ 693.754255] ? sys_vfork+0x20/0x20 [ 693.757810] do_syscall_64+0x1d5/0x640 [ 693.761706] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 693.766885] RIP: 0033:0x466459 [ 693.770087] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 693.777779] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 693.785044] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 693.792312] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 693.799594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 693.806888] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 22:04:50 executing program 3: r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x80000, 0x0) r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x5, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x7, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfefb}, 0xffffffffffffffff, 0xa, r1, 0x0) preadv(r1, &(0x7f00000001c0), 0x0, 0x1, 0x6) fanotify_mark(r0, 0xc0, 0x0, r1, &(0x7f0000000080)='./file0\x00') ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0) mkdirat(r1, &(0x7f00000000c0)='./file0\x00', 0x81) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000040)) creat(&(0x7f0000000100)='./file0\x00', 0x83) 22:04:50 executing program 2: semctl$IPC_RMID(0xffffffffffffffff, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) r1 = fork() process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x5, 0x7, 0x0, 0x3f, 0x0, 0x6, 0x0, 0xe, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x2, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1ff, 0x3, @perf_config_ext={0xffff, 0x2}, 0x40, 0x8d82, 0x0, 0x7, 0x1, 0xa5, 0x7}, r1, 0xb, r0, 0x9) r2 = open(&(0x7f0000000000)='./file0\x00', 0x400000, 0xa2) bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000080)={0x0, r2}, 0x10) 22:04:50 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() perf_event_open(&(0x7f00000000c0)={0x5, 0x70, 0x37, 0x2, 0x3, 0x6, 0x0, 0x0, 0x20, 0x8, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x4, 0x4, @perf_config_ext={0x1, 0x1}, 0x6300, 0x8, 0x7fffffff, 0x7, 0x6, 0x0, 0x100}, r0, 0x2, 0xffffffffffffffff, 0x6) openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:04:50 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000080)=0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r1, 0xffffffffffffffff, 0x0, 0xfffffef2, &(0x7f0000000200)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x01\x01\x00\x00\x00\x00\x00\x00\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\x142\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00\x00'}, 0xfffffffffffffff1) r2 = fork() process_vm_writev(r2, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x0, 0x80, 0x9c, 0x7, 0x0, 0x4, 0x10000, 0x4, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x880000, 0x2, @perf_bp={&(0x7f00000000c0), 0x3}, 0x400, 0x10001, 0x2, 0x6, 0xff, 0x1, 0x8}, r2, 0xc, r0, 0x1) ioctl$VIDIOC_S_OUTPUT(r0, 0xc004562f, &(0x7f0000000000)=0x7fff) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) [ 694.164325] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 694.185882] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 694.234074] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 694.287365] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 694.331269] device bridge_slave_1 left promiscuous mode [ 694.353128] bridge0: port 2(bridge_slave_1) entered disabled state [ 694.378719] device bridge_slave_0 left promiscuous mode [ 694.411857] bridge0: port 1(bridge_slave_0) entered disabled state [ 694.454253] device veth1_macvtap left promiscuous mode [ 694.459588] device veth0_macvtap left promiscuous mode [ 694.477426] device veth1_vlan left promiscuous mode [ 694.492118] device veth0_vlan left promiscuous mode [ 694.671522] Bluetooth: hci3 command 0x040f tx timeout [ 694.713148] device hsr_slave_1 left promiscuous mode [ 694.731987] device hsr_slave_0 left promiscuous mode [ 694.759781] team0 (unregistering): Port device team_slave_1 removed [ 694.790685] team0 (unregistering): Port device team_slave_0 removed [ 694.815931] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 694.851908] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 694.915383] bond0 (unregistering): Released all slaves [ 696.753297] Bluetooth: hci3 command 0x0419 tx timeout [ 697.175721] IPVS: ftp: loaded support on port[0] = 21 [ 697.286251] chnl_net:caif_netlink_parms(): no params data found [ 697.343977] bridge0: port 1(bridge_slave_0) entered blocking state [ 697.350550] bridge0: port 1(bridge_slave_0) entered disabled state [ 697.358347] device bridge_slave_0 entered promiscuous mode [ 697.365131] bridge0: port 2(bridge_slave_1) entered blocking state [ 697.372047] bridge0: port 2(bridge_slave_1) entered disabled state [ 697.379051] device bridge_slave_1 entered promiscuous mode [ 697.398893] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 697.409445] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 697.428803] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 697.436496] team0: Port device team_slave_0 added [ 697.442300] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 697.449528] team0: Port device team_slave_1 added [ 697.466619] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 697.473142] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 697.498447] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 697.509472] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 697.515833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 697.541133] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 697.552162] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 697.559452] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 697.582512] device hsr_slave_0 entered promiscuous mode [ 697.588139] device hsr_slave_1 entered promiscuous mode [ 697.594452] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 697.601614] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 697.674297] bridge0: port 2(bridge_slave_1) entered blocking state [ 697.680772] bridge0: port 2(bridge_slave_1) entered forwarding state [ 697.687452] bridge0: port 1(bridge_slave_0) entered blocking state [ 697.693865] bridge0: port 1(bridge_slave_0) entered forwarding state [ 697.725651] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 697.732690] 8021q: adding VLAN 0 to HW filter on device bond0 [ 697.740605] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 697.749966] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 697.757717] bridge0: port 1(bridge_slave_0) entered disabled state [ 697.765483] bridge0: port 2(bridge_slave_1) entered disabled state [ 697.775452] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 697.781662] 8021q: adding VLAN 0 to HW filter on device team0 [ 697.790050] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 697.798537] bridge0: port 1(bridge_slave_0) entered blocking state [ 697.804945] bridge0: port 1(bridge_slave_0) entered forwarding state [ 697.821876] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 697.829492] bridge0: port 2(bridge_slave_1) entered blocking state [ 697.835920] bridge0: port 2(bridge_slave_1) entered forwarding state [ 697.843963] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 697.852438] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 697.862001] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 697.876619] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 697.886829] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 697.897799] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 697.904243] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 697.912342] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 697.919839] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 697.931209] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 697.939825] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 697.946667] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 697.957494] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 698.012323] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 698.022920] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 698.057908] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 698.065273] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 698.072341] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 698.081198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 698.089528] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 698.097067] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 698.106378] device veth0_vlan entered promiscuous mode [ 698.116153] device veth1_vlan entered promiscuous mode [ 698.123226] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 698.132352] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 698.144729] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 698.154330] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 698.163564] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 698.170982] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 698.181141] device veth0_macvtap entered promiscuous mode [ 698.187735] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 698.196684] device veth1_macvtap entered promiscuous mode [ 698.205452] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 698.215602] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 698.224390] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 698.234910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 698.244493] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 698.254295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 698.263488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 698.273325] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 698.282959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 698.292750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 698.301947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 698.311777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 698.322799] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 698.329803] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 698.337174] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 698.345739] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 698.355566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 698.366119] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 698.375524] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 698.385614] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 698.394840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 698.404663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 698.413917] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 698.423743] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 698.433102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 698.442927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 698.453398] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 698.460303] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 698.468840] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 698.477314] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 22:04:54 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r4, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, r4, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r4) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r5 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, 0xffffffffffffffff, 0x0) accept4$unix(0xffffffffffffffff, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) 22:04:54 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = getpid() sched_setattr(r4, 0x0, 0x0) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) 22:04:54 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'ip6gretap0\x00'}) r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r1, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r2, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x0, 0x0, 0x53) close(r2) ioctl$BTRFS_IOC_DEFRAG(r1, 0x50009402, 0x0) 22:04:54 executing program 4 (fault-call:10 fault-nth:42): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:04:54 executing program 3: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000200)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0x30) 22:04:54 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) getpid() openat$uhid(0xffffffffffffff9c, &(0x7f0000000140)='/dev/uhid\x00', 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) r2 = getpid() sched_setscheduler(r2, 0x0, 0x0) r3 = creat(&(0x7f0000000340)='./file0\x00', 0x0) ioctl$FS_IOC_GETFSMAP(r3, 0xc0c0583b, &(0x7f00000001c0)=ANY=[@ANYBLOB="000000002a250000d68ae1ffffff000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff7e0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001080000000000000100008000"/180]) perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x8, 0xff, 0x1, 0x0, 0x1, 0x400, 0xa, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x100, 0x10001}, 0x4020, 0xffffffff, 0x7, 0x9, 0x68, 0x9, 0x2}, r2, 0x4, r3, 0x0) sched_setattr(r2, &(0x7f0000000040)={0x38, 0x5, 0x5, 0xffffff01, 0xfffffffc, 0x4, 0x8, 0x4, 0x2, 0x7fffffff}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:04:55 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r4, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, r4, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r4) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r5 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, 0xffffffffffffffff, 0x0) accept4$unix(0xffffffffffffffff, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) 22:04:55 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x20400, 0x0) openat$cgroup_ro(r1, &(0x7f0000000080)='freezer.parent_freezing\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r2, 0x2401, 0xfbab) [ 698.838955] FAULT_INJECTION: forcing a failure. [ 698.838955] name failslab, interval 1, probability 0, space 0, times 0 [ 698.851037] CPU: 0 PID: 14074 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 698.858937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 698.868299] Call Trace: [ 698.870897] dump_stack+0x1b2/0x281 [ 698.874529] should_fail.cold+0x10a/0x149 [ 698.878683] should_failslab+0xd6/0x130 [ 698.882664] __kmalloc_track_caller+0x2bc/0x400 22:04:55 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000200)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0x30) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, &(0x7f0000000100)={0x1, 0x1, 0x1000, 0x35, &(0x7f0000000000)="158d0fca883ae3f80c810d0734b2b28705bfe3ef87acfe83e03d8a8824a3f28c8bb601c13558c4eb2948a13ce64a22704a3115d5ca", 0x56, 0x0, &(0x7f0000000080)="4e98c9466cec54f28c1a1b6c56ad2b6459193c66cc6be7b78cc86e9f2a21b678520e26a0b0c7202bb693c2827668659f0556b453ac9db8bef9fcf99c3de7034069740ff338bf3718efa59412afc33be826eea45e178a"}) [ 698.887331] ? kstrdup_const+0x35/0x60 [ 698.891226] kstrdup+0x36/0x70 [ 698.894424] kstrdup_const+0x35/0x60 [ 698.898166] alloc_vfsmnt+0xe0/0x7f0 [ 698.901904] clone_mnt+0x6c/0xff0 [ 698.905360] copy_tree+0x33e/0xa20 [ 698.908907] copy_mnt_ns+0x167/0xa30 [ 698.912655] ? create_new_namespaces+0x30/0x720 [ 698.917324] ? do_mount+0x2a00/0x2a00 [ 698.921131] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 698.926155] ? kmem_cache_alloc+0x35f/0x3c0 [ 698.930493] create_new_namespaces+0xc9/0x720 [ 698.934990] ? security_capable+0x88/0xb0 22:04:55 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x412000, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f0000000080)=0x1) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) [ 698.939146] copy_namespaces+0x27b/0x310 [ 698.943214] copy_process.part.0+0x25f8/0x71c0 [ 698.947830] ? trace_hardirqs_on+0x10/0x10 [ 698.952095] ? check_preemption_disabled+0x35/0x240 [ 698.957110] ? check_preemption_disabled+0x35/0x240 [ 698.962217] ? finish_task_switch+0x178/0x610 [ 698.966724] ? __cleanup_sighand+0x40/0x40 [ 698.970980] ? _raw_spin_unlock_irq+0x5a/0x80 [ 698.975572] ? finish_task_switch+0x14d/0x610 [ 698.980070] ? switch_mm_irqs_off+0x2d2/0xeb0 [ 698.984601] _do_fork+0x184/0xc80 [ 698.988095] ? fork_idle+0x270/0x270 [ 698.991979] ? io_schedule_timeout+0x140/0x140 [ 698.996574] ? fput+0xb/0x140 [ 698.999691] ? do_syscall_64+0x4c/0x640 [ 699.003664] ? sys_vfork+0x20/0x20 [ 699.007218] do_syscall_64+0x1d5/0x640 [ 699.011117] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 699.016307] RIP: 0033:0x466459 [ 699.019507] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 699.027241] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 699.034521] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 699.041801] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 699.049079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 699.056379] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 22:04:55 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r1, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r1, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x0, 0x0, 0x53) write(r1, &(0x7f00000000c0)="86a86423be8f078473c665265460c773137583", 0x13) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:04:55 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) 22:04:55 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = getpid() sched_setattr(r4, 0x0, 0x0) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) 22:04:55 executing program 4 (fault-call:10 fault-nth:43): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:04:55 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)=0xffff) r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r1, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000000)={@cgroup=r1, r0, 0x10}, 0x10) 22:04:55 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x28d, &(0x7f0000000200)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b\xe41\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcc)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O\x99\xf0>\xe0.).\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01x\xf7\x1av-9Z\x0e\xd8\xd1\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\xaa\x14DL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5'}, 0x30) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) 22:04:56 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = getpid() sched_setattr(r4, 0x0, 0x0) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r5 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x4030582a, &(0x7f0000000040)) [ 699.846510] FAULT_INJECTION: forcing a failure. [ 699.846510] name failslab, interval 1, probability 0, space 0, times 0 [ 699.858568] CPU: 1 PID: 14128 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 699.866908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 699.876312] Call Trace: [ 699.878913] dump_stack+0x1b2/0x281 [ 699.882557] should_fail.cold+0x10a/0x149 [ 699.886733] should_failslab+0xd6/0x130 [ 699.890724] kmem_cache_alloc+0x28e/0x3c0 [ 699.894907] alloc_vfsmnt+0x23/0x7f0 [ 699.898630] clone_mnt+0x6c/0xff0 [ 699.902135] copy_tree+0x33e/0xa20 [ 699.905698] copy_mnt_ns+0x167/0xa30 [ 699.909434] ? create_new_namespaces+0x30/0x720 [ 699.914202] ? do_mount+0x2a00/0x2a00 [ 699.918014] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 699.923048] ? kmem_cache_alloc+0x35f/0x3c0 [ 699.927389] create_new_namespaces+0xc9/0x720 [ 699.931905] ? security_capable+0x88/0xb0 [ 699.936067] copy_namespaces+0x27b/0x310 [ 699.940134] copy_process.part.0+0x25f8/0x71c0 [ 699.944734] ? get_pid_task+0xb8/0x130 [ 699.948632] ? proc_fail_nth_write+0x7b/0x180 [ 699.953137] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 699.958859] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 699.963634] ? __cleanup_sighand+0x40/0x40 [ 699.967911] ? lock_downgrade+0x740/0x740 [ 699.972070] _do_fork+0x184/0xc80 [ 699.975786] ? fork_idle+0x270/0x270 [ 699.979499] ? fput+0xb/0x140 [ 699.982607] ? SyS_write+0x14d/0x210 [ 699.986324] ? SyS_read+0x210/0x210 [ 699.989957] ? __do_page_fault+0x159/0xad0 [ 699.994199] ? do_syscall_64+0x4c/0x640 [ 699.998176] ? sys_vfork+0x20/0x20 [ 700.001723] do_syscall_64+0x1d5/0x640 [ 700.005623] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 700.010816] RIP: 0033:0x466459 [ 700.014006] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 700.021722] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 700.030250] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 700.037532] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 700.044814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 700.052088] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 22:04:56 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='cachefiles_mark_active\x00', r0}, 0x10) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe, 0x80}, 0x0, 0x0, 0x80004, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x8) pread64(r1, &(0x7f0000000100)=""/144, 0x90, 0x7) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x4030582a, &(0x7f00000000c0)=0x2000000) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r2, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x0, 0x0, 0x53) ioctl$F2FS_IOC_GET_FEATURES(r2, 0x8004f50c, &(0x7f0000000200)) [ 700.594705] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 700.622911] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 700.643210] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 700.649954] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 700.672481] device bridge_slave_1 left promiscuous mode [ 700.688201] bridge0: port 2(bridge_slave_1) entered disabled state [ 700.714883] device bridge_slave_0 left promiscuous mode [ 700.720529] bridge0: port 1(bridge_slave_0) entered disabled state [ 700.747680] device veth1_macvtap left promiscuous mode [ 700.762000] device veth0_macvtap left promiscuous mode [ 700.767386] device veth1_vlan left promiscuous mode [ 700.778190] device veth0_vlan left promiscuous mode [ 700.956640] device hsr_slave_1 left promiscuous mode [ 700.965122] device hsr_slave_0 left promiscuous mode [ 700.982973] team0 (unregistering): Port device team_slave_1 removed [ 700.995959] team0 (unregistering): Port device team_slave_0 removed [ 701.006171] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 701.020209] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 701.087785] bond0 (unregistering): Released all slaves [ 702.184390] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 702.191138] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 702.199210] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 702.205986] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 702.213506] device bridge_slave_1 left promiscuous mode [ 702.218959] bridge0: port 2(bridge_slave_1) entered disabled state [ 702.226577] device bridge_slave_0 left promiscuous mode [ 702.232194] bridge0: port 1(bridge_slave_0) entered disabled state [ 702.240714] device veth1_macvtap left promiscuous mode [ 702.246267] device veth0_macvtap left promiscuous mode [ 702.251644] device veth1_vlan left promiscuous mode [ 702.256681] device veth0_vlan left promiscuous mode [ 702.361182] device hsr_slave_1 left promiscuous mode [ 702.370402] device hsr_slave_0 left promiscuous mode [ 702.384504] team0 (unregistering): Port device team_slave_1 removed [ 702.395118] team0 (unregistering): Port device team_slave_0 removed [ 702.404062] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 702.416543] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 702.441302] bond0 (unregistering): Released all slaves [ 703.425269] IPVS: ftp: loaded support on port[0] = 21 [ 703.523974] chnl_net:caif_netlink_parms(): no params data found [ 703.579131] bridge0: port 1(bridge_slave_0) entered blocking state [ 703.585902] bridge0: port 1(bridge_slave_0) entered disabled state [ 703.596085] device bridge_slave_0 entered promiscuous mode [ 703.603265] bridge0: port 2(bridge_slave_1) entered blocking state [ 703.609936] bridge0: port 2(bridge_slave_1) entered disabled state [ 703.618939] device bridge_slave_1 entered promiscuous mode [ 703.640623] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 703.650177] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 703.670150] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 703.677453] team0: Port device team_slave_0 added [ 703.683574] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 703.690939] team0: Port device team_slave_1 added [ 703.708695] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 703.715340] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 703.741471] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 703.752712] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 703.758972] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 703.784333] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 703.795755] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 703.803457] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 703.825637] device hsr_slave_0 entered promiscuous mode [ 703.831457] device hsr_slave_1 entered promiscuous mode [ 703.837414] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 703.844713] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 703.918326] bridge0: port 2(bridge_slave_1) entered blocking state [ 703.925971] bridge0: port 2(bridge_slave_1) entered forwarding state [ 703.932708] bridge0: port 1(bridge_slave_0) entered blocking state [ 703.939075] bridge0: port 1(bridge_slave_0) entered forwarding state [ 703.968673] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 703.975210] 8021q: adding VLAN 0 to HW filter on device bond0 [ 703.983983] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 703.993922] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 704.000976] bridge0: port 1(bridge_slave_0) entered disabled state [ 704.008545] bridge0: port 2(bridge_slave_1) entered disabled state [ 704.018221] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 704.024504] 8021q: adding VLAN 0 to HW filter on device team0 [ 704.033808] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 704.041665] bridge0: port 1(bridge_slave_0) entered blocking state [ 704.048015] bridge0: port 1(bridge_slave_0) entered forwarding state [ 704.058148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 704.066100] bridge0: port 2(bridge_slave_1) entered blocking state [ 704.072527] bridge0: port 2(bridge_slave_1) entered forwarding state [ 704.089209] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 704.096973] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 704.106943] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 704.120855] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 704.130779] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 704.141742] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 704.148235] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 704.156310] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 704.164204] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 704.178148] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 704.186470] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 704.194140] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 704.207041] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 704.258430] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 704.268904] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 704.303186] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 704.310274] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 704.317337] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 704.326739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 704.335644] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 704.343103] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 704.352465] device veth0_vlan entered promiscuous mode [ 704.360935] device veth1_vlan entered promiscuous mode [ 704.367190] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 704.376706] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 704.387917] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 704.397696] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 704.405612] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 704.413556] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 704.423215] device veth0_macvtap entered promiscuous mode [ 704.429343] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 704.439053] device veth1_macvtap entered promiscuous mode [ 704.447714] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 704.457131] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 704.466497] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 704.476653] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 704.486923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 704.496732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 704.505918] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 704.515785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 704.525383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 704.535181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 704.545692] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 704.553422] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 704.560520] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 704.571232] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 704.580828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 704.590940] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 704.600479] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 704.610624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 704.619876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 704.629684] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 704.638863] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 704.649031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 704.659539] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 704.666559] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 704.674500] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 704.682639] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 22:05:01 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r4, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, r4, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r4) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r5 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, 0xffffffffffffffff, 0x0) accept4$unix(0xffffffffffffffff, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) 22:05:01 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x5) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) r3 = openat$cgroup_ro(r2, &(0x7f00000000c0)='cpuacct.stat\x00', 0x0, 0x0) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r0) vmsplice(0xffffffffffffffff, &(0x7f0000000940)=[{&(0x7f0000000b80)="d691598f795a8e6286585dc6a61ac0a705e14ef2bdea613c5077877723445ad80302c992fd809b65359a7c54566e6709cecb43cc5e7dd400714dc66c55b51ce939ce9e73a7c1e1e8b20e18448cf3d562943592fdeed0be47f0c3daa27a50bc5d51708ac6cb5e769eb3d56130e28f64d21997b6dec8dd424622411ed65a4450e7d787e54041ae17ecff4fc72e8073fec821c4deda34311c8c80d542ec2f364526e012ee5c803dab95ce6c58dcab3109c3a5481b186fc05c46861be109a8486fe287b748e3bda8560cfaaccfdff2aac1a82ed178b9a47426275a8fd00ff306ac97d399903eb450a6b3bf4485e9861590626b239ac61b4a04b9991780d1b4d8890cbb26ab7a49ef19649da271fedd178761c020240cf169e878e2c9e833879f5236bfe720d27bc26471b529d92eb4da5cf2d62181a65ed3488de387517d7c94a9d775af9ec9bb07bece83cadcbc1a7fb17cd2229bb7787577ba3b40015c46a363b5b39e428321c79abcaece9e526fbf7ad250ad4460c688d012540d553e4a10dc321330997e0a395c22ee90ad793e15de254599c5ecd966961d75e92182ec7e710ef91d7ab4fe974b8acab568ed6762f925f451cee24bff69cdbcfb9ba1cc830262dc421195393809b90e46ac54dd47cf11a2020e4469d378738b1b53e6d9e41dc31a482acfbee68e85af475a51fc9a9bfa6be0278fbeb89d3b492fd2c7ec3a20e891f598fb8bafbc571218b11086425ced990c126f8af4047df87a326672c087d75bdcd130b7eb9b7f657c0cce0300e5f705d134b716e1eaa8d568f912eb4f045356cb422a64cf0ecfcd8ca2080b465f055a344fd35a691bb6b8154ed041a87c880e2cb1141107d8fd129906a776074b68960191006d8304ea333546c296ca977ed51a4041e162ed05add061abacb219aafd57fdf7fbde3acd70b5fc022f5bfe17f4e30d6daebb4e482b8e2ead75c1e105448c1a6984bddf3b4da557e23e24c04b967f189941c19d1ca21e2b7e3130551bf99320da737c7f2cfb2c1d07982e2fa699874350f280c078c35349d35ad8ad3e87f8225e00da730e5af2338a8841c17c0c5a3da7cd6a4d6ca8a10c7ef8f5fec630ad0e07bce8f64272f4215958f624e3a5e2efd018e001fe29c85925113468b6a9d49676a4dd12f50e368c00d4af97b990960fe807bd94aaed5a517f287cb16f76f1915d756888a8e64d5d56e094521a2c06ae99c273cdb85829142be7c90a3ca83239a37dfa7fbac7fbcd8e46c93e0a4fb6d30cc2d2f5ba140d64fb9df3bd6e9f56c09f1529f0d18cff4edd3f56898e5a9b21b8ffb9adbd984c711681e0d7d13a909b86e225758a882cea7551d87694a4870f3c311f798d0aecf8c7a1b8f610f8dbe0df2212d4f229f85c768e0e63694b92112a13cf9f6dbca8a55b1c765375405e731cb6889e3562e4d53652cce6a65c02ad21f64b643dc4c2e09bec8267b5cddb3d88a736380a674442d801fa58db0842434740c6a204891f48ffa12707c6e6b32659a391548c1a7daf33092ef783fed3a3545c3262c13d6987889a70aa0399b825cea0a5f8dedabf213eba486543650fed1d0d31bf9ac0975de4983d82ec273e75388ec6f0c6338b9086ec6fa165197a62f08e1979e437d4c9d08f2cc043dc836eeaeead7aca220d1f504aa146143ae181246e24f8bd5d2e075a249e5ce4c2a96f7b211a6f65d3e61db3bffd68e5feeca4ac8dbb2388248fd4617c9d410d9635877cbf350aadc350ae8e923936cb2a391cc142101782c38ba30929a7b960c048890c094d9d0f22b9abd4b61b8e48594dcc21d705d1c9c491924af733d12b33776c32ded586b1e31ca51ebfadcdfe35e6747f4a4553db2893c274095716516e291cb6c4bff29d31a626e02dd1cea04d290419d9630a17e064510a0bb66d7f7c2132a32fcf41bcb471f310ca5cecb75dd65ff239ed11a07fe63e1934b90e96f07316a9060374328ee2f1b6dabd2028ce170e8e188fc51a8f8cb0a1bb55254a39aff007cda00f881ac3d49d7f27e551daec6b76a782586724748d47ccfc11bc06cc3ff78df6ccde0bbb85e8ee76b988ea704232eeefd3c88ee712047cc93a1118378f22a60c75eb84f11d1b2bbaa891c469424a4eb4ef1fbb274c4c814fa7d622ebd832ea32e1a3811168e35fb33613fce20189c6b60b355c94cf2db58eecc8d8f4d3af474d905af6af06e3236ec876b242b39d525862919ddbe446d7b6bdc6d915c696911f377cd3850951826cc062e47f533085632caf45d701435781470effc146baa277996cfbb59aa4d6f25dc981294228ef930d067f940ce0923212ba929b5f072971f878e4c2be3f148c9416d833bb566fa807fd51d6e293dde28407dbf570b11f6d1ce0983ebfbad0b2d8241ddc034d3a2f624cf2a24c6f0e2a2a7e0900ba0c1ba060322746b24790313f77cbf3e94c294d908c76699f1e257163e0c660a9d0f9dfb506531e6efe731e2e538b7b271e3c20f1adbf4dc1ac47ecfe8414325430f8c97f122cda7796eec863e1b8a3104756e3ef3fd2896b8c82bc97f9bc6c5d22a4361bdf1b79478e2b1d74eab57da1606a6ad6b4eaca108380657b5eab3abf73d35c0626e24c6a767f0e82e8fff6d608a7a8a1fa08778e33f93bcd81ab6e8c5d7e22724f68f0abb85ee5caa05bcbe31ebf74415dfd8d0092d7a81d9040ee5c21fd7645f02324b3cb8d5f3047a0061aaa4c7c4c200ba736c8962add0240f5ea8015624638a377b70f64ab83d231df0e4a152984fc44ea48cb703e3254455080321d7cec16bee6b217cbfae1885569f3f3fa2c41e0186560e7009fc830ebe29cf04f9d7f1f6f681f7adb469931f7d5eec260bffa459303c02953996868027c82f5be4ca90c7193eb41d42c3dd87080a8fbb35030a486ba224492ff8469adf79a9d3d22c1fafa57715a033b44826aff9e4c1177feaac72d7ec458652e8c2245a0486de0555aa607e53c3d29f640c8ee850e28c37bc14e2e98ecc527e4a4d3d828c13a884c220c715aeee6304ec963acf753138957cee3371e61464baea3952f7a2a6c4fcf370d047124009f1ed0d3f48bae796007e2cb076b8a824b260a5c679dabca84f920a515f9b834578cc18293256fe342118b0fa5bb0e91acba8293789ab1c1ae9680b1de8e1fbdce07b47e88786fc62a826cabcac64549ddb47323b5701c65f2a425a3d7a5757395b6a164a7390c99569ad0f651fbfd5d5f4d752768870d2f7c9f928353bd91dc2cbd864406c9bc2521999baebd03f96bfeab47d82b8cc49c148357eb3901b276d277505d9743c3eaceaf38639a7596cc661c0be213d0982bc77e52c9352bf2e286b8ba084a63dc695e8d15a867b42c283cad0a721c1e7dd7a8d5a89bc5c486b429089c48e31f7fa42ac71eac77fedcaa7e290b35c1ce9b892f6873482bc6497ebb356320378fe4954204b9021d87f2897cfec90b93685f0b7f87e92f367deb9804332600336f45536c7f01973448f2f301d8382f0ef0a39256917a7cbb5e19f45c4c164e76965925030c940eb27166c7db5f48a2daa976e60b1ba5905e9654a47a24557a3d60bd98b212afcdd99f3ca05197f6964e274f6fdf8f3e48ad6160a9e0317f5535b29c37b478e47dcc1e2ecf0e8003d6c539e6381238578161d5cef34d8601b0cc1f86f0ddf49bbd4b2102523e036233f98792616aed1fa0831451dc659814e0d1d53057260c11568a5f7f8b4beebb368a3f2228126bfea993a9885965151d8b1b18d1ce084c5c62be0a57863993b594e3815da26625c1761dd10118ee00930bd40ddf1288d92fa0c6f01eaead4758a9c07ffdc5eb9daac1e85ac51b7fbcc6b790a191228641d517c72243127da807fe29f4aacd9f8f8b72f1222f2342cb3be42661042de92575b19a1ca564a2ffe245c9a002a9f43b19987fd67106e5ac333d2d8923d6edeee7adfce918a0ca8581bc18e82b4191d2b8c5c692d3932c131989bcbe0a91806a9fe403bbf30c6363c5f7efe7744bcd352ac30bebdbfdd7c2fe8c4f350011bb7ee32148a61eaca8c0aab721e884789503977262c1949708df670a6c0620e9fc3ae3719b8072b12adbbf7c68df05acf7b99065141c3cab49d233c100476543c1ae1abcac8d148704acee4917dfb4e6516037966471802afd8af04dd7a76c2b529e895cecb39e6835fae3a7db6c39a791daa365ccb8d3a567684fa20c9de95c5200451275158201c9892fe2d60e7839f72fdd9bdc4dd66c1b1af1eb1ea899d595be3b0370ceccae4c4d00fdb2c2eb34965c6da078e39b609a061f19d5ae3544adad3d371f725fee04afb7c6a58c94a35ed71d1d2be7811dd4f185b52c5d3c97c1926aec0eb986d56b6443287a5f506123fae75a421cb04f5979b23b8d490d77586143dc3471b3b75c2064d935c51b0b2d610f42b79d4b99d1fe3be717de81378b45d171129e61e62ffe76b531bc7500793a8391d2fc2952e3a931f52e0516ba25db365d8342ec4b2c4ca8f8fbe780777c192f7b917b81620e055dba689ecf92daed1d83b766c3be2d60bdead46a08d619713e0c703d90030049dbb47c0cc45fb3a3312dc54b431e94229fdae22fc6fbc751a9d9bbfe6ee717e7154afba8dd808554919ba534d40f00d0aed46c7b4afffa573558d571e7bbaedf58d50a92d5730dc6fd3390979249a8f2afe099d27321e2576f2591e58edeaaca67476736af1be433efe43f6ef9fec5dbefafa9d72bdc264c055b0e3ddcc8a0a7496a897f8d3a8698ac8177e781524e3cbe7bdc90f201b272f9c3b3a5789863905d9262599c09f9140e0b2bd03d161e53ba54d043201209430a9804e5328ef9498732743c4ef66a181e864dc6088db6a8a120dca251e3ef4f9f41485f40c30d2ad9f72efbf93bf6603a7822b0272923b8bd7ea2ec176495726080444cfecb9e956a2af0f5540411fde2da8de3efbbdfc0c6439382b9bb184308454902f78df0c8e49f21477388a9e10d5666d086739405302d29b08e2ee0bdeaf60d265fd299f01e867bd8a79d9d83b3210c73da1cb5928634414439664eb12bc9ec633df9b1f894bc7e822ec6212769e53b13e75768daad3d56e06fa64ac1cfcc3216db1418b7c60d5842acc09b6150752adbeb2916a1a5fb2c75b32397f338256513471b586e56942a12d5a0aff0a9193612947c481a56031ff7fcfae0173239f2aded1107a408e7b20cdae1a5742f18518abb9ef33c710292c49d71f1527361a3fd15620668e42f6ae91aa945322cd3b3fc169de472040ebc4907269d05a2f2156e4af9275ea0d55d2323a2a966e4721fa5322dc9144b9ce666f5cd3f948eb5d6b736d26410b5f448aa3cde974fa08b88354d23d999c1df87a2bfefa1d95c9fd1e7329479f1bf98cbf942691cfe40a15dd0e58c3257dbf3f084afc00edc90245f9c77db669046034006a4ec0a80def1152f82d11b50d277eb457ef517cb0025e3a9fbfe3e7d24a9e53361f5fbdc5d74000725dbe5c78b3389a341a618d0ba25e712969a096e76af8e01e9c1e99427c9bdf75cef0e084fef669d33b7f81e163bffc4f13f47af62be3ace12e02dd0fc71a8ecacb3edf754b1bedde9012eaad03e552e525b463ca6fb821ffe24099ed3eb48244f649ec5e4c0bf5debcd1b3ff6df792b947a2d420566685953013aac11cec25384684ce2b370187e362de6b4fee85851332b775146bfd9345c60e65d1adc7bdf44ec7b063192979a8e2c2e3690e9ebc8f95b4eb391efdb80ddb54fdc517f50f911554d36706184e25ed8db7c7e85ed5b9c83229d81", 0x1000}], 0x1, 0x3) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r4 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r4, 0x0) ioctl$VT_GETMODE(r3, 0x5601, &(0x7f0000000100)) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x5991780, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_mount_image$tmpfs(&(0x7f0000000140)='tmpfs\x00', &(0x7f0000000180)='./file0\x00', 0x8, 0x9, &(0x7f0000000800)=[{&(0x7f0000000200)="ddc82098c5ddb2e4a85c25854c23d13bd7473830394c43c4c3c80b5b8956690da6236e1fc9f2134315b133f3debc5c8f56966fcb4c08ebcd97d94c", 0x3b, 0x1}, {&(0x7f0000000300)="c089bf3416e22087d2223b919f7f0203c66bf743a7659d5f75c1583c0fd4f123d0423fb7c2bea2035e9c5eddd5087fb55eb2df903d2c9d920532143f13408d110d55266f0c233e21463721fc630a942d3fe8f7b8d23f7be3b952e65f3a30869824e305538186b575d16aa4b42c5fecb0eee8166dc4946a54a69b6c72f5ebbf5c3ec118", 0x83, 0x10d}, {&(0x7f00000003c0)="2748f84ee9ee99919933f2af904c8a4f104eb9d991d596ca3b40741faf1878284eb56f34685db56f7dbf04ae5b838a58f635bc71b7e9f134b8707cf28821364cadcbe51cc3b999fb3482f90cb5452b0248fb8cbab0d25f6de6fbba5c484e174f2efbe9f1d1e701c2ebcd21a7008b480a892a54295f400f38bcefaf4e679980dedb79b56f8c00a0bca27cb0217f44c3a8911bc0dbe3693138804e7a", 0x9b, 0x9}, {&(0x7f0000000280)="8cb631d875432fc619f6a9607e18e6e5ba15b63a3d695fbf599cb4c2a29956d34df84b75", 0x24, 0x5}, {&(0x7f0000000480)="05c68c4dafabac7be984a75c61e605f72a87abb03718a24ae29c1195987422d4567dcb24f17b06a00961142b8dc2bd3d5fb4d33cce942cb771cf74a92e49df07d87ba6d03cf0c28048b292a2bf65e265d501900196f61efd50649d4eaf07d94503783f9c622af27711b80549d93aa2379796b81e51706cd540db6367a8c8b192ffeeea29b45a15fac4b6cc57f13c422fedcf32877ad2f780f470151f672b1391c53e774e064d85ca5d6d4499", 0xac, 0x200}, {&(0x7f0000000540)="d6949ede4b99653bcd5303a37649fe743f932270a8fde228c8d3f2ba1c0ae0c2540c1fa82df943dcd8d1be6a657f81cded7eca74ed277722a5d55239b71588b131c20183d117b57b25f71265a3aa7fd994d7b8808b1adf090c590a3da4468e517616a3bf91e944bcd6a85e33395c9cd3085be102a55bb499f61081b22b864bda502ee531478eb1bd93f5d27d72f4604ddbea53277df3b3cb758000043c853afd7bd9b9391af10d8678b7c9c41032169abbd92350d1eb52c480727dfa30d72c4d501308e4d54d6f9d80d60ea9", 0xcc, 0x7}, {&(0x7f0000000640)="11e8df4857363689649b15322202440394564f004aa1cc8eba3cdf80415364cd17beac569387da2b09ee8c2cbd3bb6e280cdea049eb4535a1db401a9043e8e7e8f130409e22d55753aef2415e491034cbb6bdd80db347d191dbd64056c7c05df7e1514f5fd382020d6b9937a6bbebf66cb36d8f499c9a5619b434040dcdb900211bc8e0764", 0x85, 0x8}, {&(0x7f0000000700)="354920d7583d2e968f2a8b9dcde535614f2c5a80d4f71138bf103367ba46e780288a39", 0x23, 0x1}, {&(0x7f0000000740)="a070ffcb126b05f00669239aa64d0b5947b77416c9c8ae46265f8ae6ff2deb9a2185c6908a35e5a9f7c23ee07753f48b6fe1516fc0692f3d06bcc0626784c6e755c8fbc555c9a853f11c6af900da325bbe36c37dc9510ba848a35486910d91363d0e040a6b5123e5838cb527f80e652d06a1904a3e75765f50b432b40d5b5e6ccddea4498aef57b0b2c79a8616c43f", 0x8f, 0x3ff}], 0x800000, &(0x7f0000000ac0)=ANY=[@ANYBLOB="687567653d6e6576f4ef65722c6d706f6c3d696e7465726c656176653d72656c61746976653a2c687567653d6e657665722c6e725f696e6f6465733d382c687567653d77692f48f0d8d159189c7468696e5f73697a652c7569643d", @ANYRESHEX, @ANYBLOB=',uid>', @ANYRESDEC=0xee01, @ANYBLOB=',\x00']) ioctl$FS_IOC_READ_VERITY_METADATA(r5, 0xc0286687, &(0x7f0000000a80)={0x1, 0x0, 0xd3, &(0x7f0000000980)=""/211}) 22:05:01 executing program 4 (fault-call:10 fault-nth:44): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:01 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x81, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x7, 0x1f, 0x8, 0x40, 0x0, 0x3, 0xb558735e09d39406, 0x6, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x3f, 0x2, @perf_config_ext={0x4, 0x5}, 0x40800, 0x56366cae, 0x4, 0x1, 0x6, 0x64, 0xb9ff}, 0xffffffffffffffff, 0x3, r1, 0x8) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r2, 0x0) r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8) perf_event_open(&(0x7f0000000280)={0x4, 0x70, 0x81, 0x5, 0x1f, 0xd8, 0x0, 0x6, 0x1022, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x40000000, 0x1, @perf_config_ext={0x1000}, 0x8833, 0x5, 0xfffffffa, 0x0, 0x0, 0x7, 0x77}, 0x0, 0x9, r3, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0xff, 0x1f, 0x9, 0x42, 0x0, 0x8, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x7, 0x2, @perf_config_ext={0x6, 0x4}, 0xa0, 0x4, 0x2, 0x1, 0x2, 0x55a, 0x7}, 0xffffffffffffffff, 0xffffffffffffffff, r2, 0x8) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)=0x2) fallocate(r0, 0x10, 0x2, 0x8080) 22:05:01 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = getpid() sched_setattr(r4, 0x0, 0x0) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) 22:05:01 executing program 2: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000040)={0x80000001, 0x6}, 0x0) getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:01 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r4, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, r4, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r4) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r5, 0x0) accept4$unix(r5, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) [ 705.036964] FAULT_INJECTION: forcing a failure. [ 705.036964] name failslab, interval 1, probability 0, space 0, times 0 [ 705.050467] CPU: 1 PID: 14425 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 705.058383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 705.067744] Call Trace: [ 705.070337] dump_stack+0x1b2/0x281 [ 705.073970] should_fail.cold+0x10a/0x149 [ 705.078126] should_failslab+0xd6/0x130 [ 705.082109] __kmalloc_track_caller+0x2bc/0x400 22:05:01 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) r1 = socket(0x11, 0x800000003, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001bc0)=ANY=[@ANYBLOB="3800000024000b0f00"/20, @ANYRES32=r3, @ANYBLOB="00000000ffffffff0000000007000100667100"], 0x38}}, 0x0) r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vcsa\x00', 0x400, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000d80)={'ip_vti0\x00', &(0x7f0000000d00)={'gre0\x00', r3, 0x8, 0x40, 0xff, 0x8, {{0x16, 0x4, 0x3, 0x14, 0x58, 0x65, 0x0, 0x40, 0x2f, 0x0, @remote, @local, {[@timestamp_prespec={0x44, 0x34, 0xad, 0x3, 0x8, [{@rand_addr=0x64010101, 0x7}, {@multicast2, 0x975}, {@rand_addr=0x64010100, 0x5}, {@remote, 0x81}, {@private=0xa010100, 0xc5}, {@empty, 0x6ab027d3}]}, @ssrr={0x89, 0xf, 0xec, [@broadcast, @multicast1, @multicast1]}, @end]}}}}}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x6, &(0x7f0000000080)=@raw=[@map_val={0x18, 0x3, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x8}, @call={0x85, 0x0, 0x0, 0x34}, @jmp={0x5, 0x1, 0x4, 0x6, 0xb, 0x4, 0x10}, @map={0x18, 0x8, 0x1, 0x0, r4}], &(0x7f00000000c0)='syzkaller\x00', 0x568c, 0x57, &(0x7f0000000100)=""/87, 0x41000, 0xa2b15b1e4e2f97a2, [], r5, 0x0, r4, 0x8, &(0x7f0000000200)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000240)={0x4001, 0x4, 0x5, 0x9}, 0x10}, 0x78) r6 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r6, 0x0) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r6, 0x12, 0x2, &(0x7f0000000300)=""/122, &(0x7f0000000380)=0x7a) syz_open_procfs(0x0, &(0x7f0000000000)='net/raw6\x00') ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) [ 705.086809] ? kstrdup_const+0x35/0x60 [ 705.090816] kstrdup+0x36/0x70 [ 705.094015] kstrdup_const+0x35/0x60 [ 705.097763] alloc_vfsmnt+0xe0/0x7f0 [ 705.101493] clone_mnt+0x6c/0xff0 [ 705.104979] copy_tree+0x33e/0xa20 [ 705.108530] copy_mnt_ns+0x167/0xa30 [ 705.112250] ? create_new_namespaces+0x30/0x720 [ 705.116923] ? do_mount+0x2a00/0x2a00 [ 705.120729] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 705.125761] ? kmem_cache_alloc+0x35f/0x3c0 [ 705.130095] create_new_namespaces+0xc9/0x720 [ 705.134599] ? security_capable+0x88/0xb0 [ 705.138813] copy_namespaces+0x27b/0x310 [ 705.142888] copy_process.part.0+0x25f8/0x71c0 [ 705.147487] ? trace_hardirqs_on+0x10/0x10 [ 705.151729] ? check_preemption_disabled+0x35/0x240 [ 705.156748] ? check_preemption_disabled+0x35/0x240 [ 705.161775] ? finish_task_switch+0x178/0x610 [ 705.166284] ? __cleanup_sighand+0x40/0x40 [ 705.171130] ? _raw_spin_unlock_irq+0x5a/0x80 [ 705.175628] ? finish_task_switch+0x14d/0x610 [ 705.180147] ? switch_mm_irqs_off+0x2d2/0xeb0 [ 705.184647] _do_fork+0x184/0xc80 [ 705.188280] ? fork_idle+0x270/0x270 [ 705.192094] ? io_schedule_timeout+0x140/0x140 [ 705.196679] ? fput+0xb/0x140 [ 705.199794] ? do_syscall_64+0x4c/0x640 [ 705.203770] ? sys_vfork+0x20/0x20 [ 705.207308] do_syscall_64+0x1d5/0x640 [ 705.211198] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 705.216391] RIP: 0033:0x466459 [ 705.219575] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 705.227286] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 705.234646] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 705.241922] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 705.249193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 705.256555] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 [ 705.297268] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 22:05:01 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r4, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, r4, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r4) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r5, 0x0) accept4$unix(r5, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) [ 705.488155] Bluetooth: hci2 command 0x0409 tx timeout [ 705.645679] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 22:05:02 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = getpid() sched_setattr(r4, 0x0, 0x0) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x4030582a, &(0x7f0000000040)) 22:05:02 executing program 4 (fault-call:10 fault-nth:45): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:02 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000140)={0x0, 0x1000000000000012}, &(0x7f00000002c0)) r3 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0) tkill(r3, 0x15) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) 22:05:02 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = getpid() sched_setattr(r4, 0x0, 0x0) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r5 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x4030582a, &(0x7f0000000040)) [ 706.114560] FAULT_INJECTION: forcing a failure. [ 706.114560] name failslab, interval 1, probability 0, space 0, times 0 [ 706.126523] CPU: 1 PID: 14475 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 706.134419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 706.143785] Call Trace: [ 706.146389] dump_stack+0x1b2/0x281 [ 706.150026] should_fail.cold+0x10a/0x149 [ 706.154191] should_failslab+0xd6/0x130 [ 706.158187] kmem_cache_alloc+0x28e/0x3c0 [ 706.162347] alloc_vfsmnt+0x23/0x7f0 [ 706.166071] clone_mnt+0x6c/0xff0 [ 706.169558] copy_tree+0x33e/0xa20 [ 706.173111] copy_mnt_ns+0x167/0xa30 [ 706.176847] ? create_new_namespaces+0x30/0x720 [ 706.181519] ? do_mount+0x2a00/0x2a00 [ 706.185325] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 706.190347] ? kmem_cache_alloc+0x35f/0x3c0 [ 706.194696] create_new_namespaces+0xc9/0x720 [ 706.199207] ? security_capable+0x88/0xb0 [ 706.203362] copy_namespaces+0x27b/0x310 [ 706.207427] copy_process.part.0+0x25f8/0x71c0 [ 706.212013] ? get_pid_task+0xb8/0x130 [ 706.215996] ? proc_fail_nth_write+0x7b/0x180 [ 706.220495] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 706.225431] ? __cleanup_sighand+0x40/0x40 [ 706.229665] ? lock_downgrade+0x740/0x740 [ 706.233827] _do_fork+0x184/0xc80 [ 706.237285] ? fork_idle+0x270/0x270 [ 706.241003] ? fput+0xb/0x140 [ 706.244112] ? SyS_write+0x14d/0x210 [ 706.247829] ? SyS_read+0x210/0x210 [ 706.251462] ? __do_page_fault+0x159/0xad0 [ 706.255724] ? do_syscall_64+0x4c/0x640 [ 706.259703] ? sys_vfork+0x20/0x20 [ 706.263252] do_syscall_64+0x1d5/0x640 [ 706.267146] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 706.272364] RIP: 0033:0x466459 [ 706.275550] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 706.283257] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 706.290531] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 706.297813] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 706.305091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 706.312369] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 [ 706.803360] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 706.810109] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 706.850873] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 706.877883] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 706.895660] device bridge_slave_1 left promiscuous mode [ 706.901191] bridge0: port 2(bridge_slave_1) entered disabled state [ 706.932464] device bridge_slave_0 left promiscuous mode [ 706.937992] bridge0: port 1(bridge_slave_0) entered disabled state [ 706.961786] device veth1_macvtap left promiscuous mode [ 706.967130] device veth0_macvtap left promiscuous mode [ 706.981624] device veth1_vlan left promiscuous mode [ 706.986714] device veth0_vlan left promiscuous mode [ 707.142506] device hsr_slave_1 left promiscuous mode [ 707.150658] device hsr_slave_0 left promiscuous mode [ 707.177256] team0 (unregistering): Port device team_slave_1 removed [ 707.187682] team0 (unregistering): Port device team_slave_0 removed [ 707.202575] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 707.218943] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 707.260600] bond0 (unregistering): Released all slaves [ 709.252559] IPVS: ftp: loaded support on port[0] = 21 [ 709.362549] chnl_net:caif_netlink_parms(): no params data found [ 709.413716] bridge0: port 1(bridge_slave_0) entered blocking state [ 709.420126] bridge0: port 1(bridge_slave_0) entered disabled state [ 709.428042] device bridge_slave_0 entered promiscuous mode [ 709.436573] bridge0: port 2(bridge_slave_1) entered blocking state [ 709.443077] bridge0: port 2(bridge_slave_1) entered disabled state [ 709.450177] device bridge_slave_1 entered promiscuous mode [ 709.469332] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 709.478335] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 709.497346] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 709.504573] team0: Port device team_slave_0 added [ 709.513247] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 709.520556] team0: Port device team_slave_1 added [ 709.537252] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 709.543576] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 709.573331] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 709.584868] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 709.591100] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 709.616414] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 709.627085] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 709.634657] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 709.655724] device hsr_slave_0 entered promiscuous mode [ 709.661890] device hsr_slave_1 entered promiscuous mode [ 709.667837] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 709.675095] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 709.745229] bridge0: port 2(bridge_slave_1) entered blocking state [ 709.751762] bridge0: port 2(bridge_slave_1) entered forwarding state [ 709.758367] bridge0: port 1(bridge_slave_0) entered blocking state [ 709.764820] bridge0: port 1(bridge_slave_0) entered forwarding state [ 709.795842] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 709.802915] 8021q: adding VLAN 0 to HW filter on device bond0 [ 709.810910] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 709.820436] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 709.828939] bridge0: port 1(bridge_slave_0) entered disabled state [ 709.836269] bridge0: port 2(bridge_slave_1) entered disabled state [ 709.845999] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 709.852222] 8021q: adding VLAN 0 to HW filter on device team0 [ 709.861042] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 709.868783] bridge0: port 1(bridge_slave_0) entered blocking state [ 709.875233] bridge0: port 1(bridge_slave_0) entered forwarding state [ 709.891810] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 709.899438] bridge0: port 2(bridge_slave_1) entered blocking state [ 709.905845] bridge0: port 2(bridge_slave_1) entered forwarding state [ 709.922570] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 709.930447] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 709.938630] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 709.947159] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 709.955553] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 709.964291] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 709.970322] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 709.985138] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 709.993081] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 709.999722] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 710.011016] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 710.056379] IPVS: ftp: loaded support on port[0] = 21 [ 710.155284] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 710.219653] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 710.228227] chnl_net:caif_netlink_parms(): no params data found [ 710.277462] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 710.286018] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 710.293164] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 710.303582] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 710.311235] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 710.318971] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 710.328214] device veth0_vlan entered promiscuous mode [ 710.338459] device veth1_vlan entered promiscuous mode [ 710.344978] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 710.351679] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 710.358685] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 710.381875] bridge0: port 1(bridge_slave_0) entered blocking state [ 710.388357] bridge0: port 1(bridge_slave_0) entered disabled state [ 710.396074] device bridge_slave_0 entered promiscuous mode [ 710.404346] bridge0: port 2(bridge_slave_1) entered blocking state [ 710.410731] bridge0: port 2(bridge_slave_1) entered disabled state [ 710.418318] device bridge_slave_1 entered promiscuous mode [ 710.445022] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 710.454510] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 710.476990] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 710.484456] team0: Port device team_slave_0 added [ 710.490468] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 710.498150] team0: Port device team_slave_1 added [ 710.519961] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 710.526291] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 710.551695] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 710.563677] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 710.569931] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 710.596057] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 710.608215] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 710.616183] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 710.640304] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 710.653642] device hsr_slave_0 entered promiscuous mode [ 710.659271] device hsr_slave_1 entered promiscuous mode [ 710.665703] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 710.676534] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 710.684379] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 710.693693] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 710.702145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 710.717756] device veth0_macvtap entered promiscuous mode [ 710.724683] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 710.747799] device veth1_macvtap entered promiscuous mode [ 710.756064] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 710.776838] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 710.787070] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 710.825455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 710.837002] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 710.847365] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 710.857422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 710.866925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 710.877027] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 710.887003] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 710.897105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 710.907385] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 710.915228] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 710.923791] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 710.931095] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 710.938785] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 710.946628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 710.958149] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 710.968780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 710.978077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 710.988448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 710.997887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 711.007708] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 711.017211] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 711.026991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 711.037198] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 711.044555] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 711.052708] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 711.060507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 711.086023] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 711.129773] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 711.136630] 8021q: adding VLAN 0 to HW filter on device bond0 [ 711.146942] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 711.162090] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 711.169328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 711.177897] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 711.187981] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 711.194636] 8021q: adding VLAN 0 to HW filter on device team0 [ 711.204407] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 711.212476] bridge0: port 1(bridge_slave_0) entered blocking state [ 711.218864] bridge0: port 1(bridge_slave_0) entered forwarding state [ 711.242344] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 711.249938] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 711.258374] bridge0: port 2(bridge_slave_1) entered blocking state [ 711.264816] bridge0: port 2(bridge_slave_1) entered forwarding state [ 711.273125] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 711.281022] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 711.296096] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 711.306924] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 711.317036] Bluetooth: hci2 command 0x0409 tx timeout [ 711.319457] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 711.330048] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 711.338477] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 711.346655] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 711.354483] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 711.361904] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 711.376408] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 711.390155] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 711.397698] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 711.404527] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 711.426526] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 711.502830] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 711.513985] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 711.521029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 711.529766] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 711.574574] tmpfs: Bad value 'nevôïer' for mount option 'huge' [ 711.595821] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 711.604065] print_req_error: I/O error, dev loop1, sector 0 [ 711.609337] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 711.617477] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 711.634267] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 711.643323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 711.650593] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 711.658962] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 711.666860] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 711.678192] device veth0_vlan entered promiscuous mode [ 711.696599] device veth1_vlan entered promiscuous mode [ 711.704358] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 711.714713] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 711.730521] tmpfs: Bad value 'nevôïer' for mount option 'huge' [ 711.735363] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready 22:05:08 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:08 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = getpid() sched_setattr(r4, 0x0, 0x0) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x4030582a, &(0x7f0000000040)) 22:05:08 executing program 4 (fault-call:10 fault-nth:46): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:08 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = getpid() sched_setattr(r4, 0x0, 0x0) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r5 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x4030582a, &(0x7f0000000040)) 22:05:08 executing program 3: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000004c0)=0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r1, r0, 0x0, 0x285, &(0x7f0000000200)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F\xae\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42F\xd9#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb2\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00\xca\xad\xf8\x948\x97\x1cIc\xa0\x0391\xa5\xa7\xb7\xa1\x1a'}, 0x30) pipe(&(0x7f0000000100)={0xffffffffffffffff}) r3 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x5208, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_config_ext={0x3, 0x5}, 0x12000, 0x0, 0xffffffff, 0x0, 0x3800000000, 0x0, 0xfeff}, 0x0, 0xa, r3, 0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000140)={0x50002009}) perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x8, 0xf2, 0x81, 0x40, 0x0, 0x1c1, 0x100, 0x4, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0xb38bbaa8ba0b992e, @perf_bp={&(0x7f0000000000), 0x8}, 0x10028, 0x3, 0x1000, 0x6, 0x7389, 0xffffff00, 0x7ff}, 0x0, 0x0, r2, 0x1) [ 711.747631] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 711.755098] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 711.764088] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 711.771137] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 711.779293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 711.788832] print_req_error: I/O error, dev loop1, sector 0 [ 711.810786] device veth0_macvtap entered promiscuous mode [ 711.840730] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready 22:05:08 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0)='nl80211\x00', 0xffffffffffffffff) sendmsg$NL80211_CMD_DEL_PMK(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000280)={&(0x7f0000000700)=ANY=[@ANYBLOB="0100000061d901a2ca64fa56b93176ca0cdabf9b1c4473f5fe66bc555ec1dac9c30faea8fbfdd47248b05398c0fe9dfdf1ee7b117db756067f75229697ed17d45c749a36ee2bd03364e137ba0968eed54204f32bad69f781b4873cf14ab4d6f4dda32177f847a729312035ac98d08055a4db91919de7d36d045484eb1432576fc9648e9760a8da5c0045fbc0ccfece930d0850553dfa2047773154ab6b2270d2ce4d009deab33d63a40f4f1c14e0049ecdd2d8a3", @ANYRES16=r1, @ANYRES32], 0x7c}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x40, r1, 0x0, 0x70bd26, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x1, 0x6b}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x7f}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x77}]}, 0x40}, 0x1, 0x0, 0x0, 0x20048085}, 0x40011) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) [ 711.866080] device veth1_macvtap entered promiscuous mode [ 711.890568] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 711.910943] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 712.146514] FAULT_INJECTION: forcing a failure. [ 712.146514] name failslab, interval 1, probability 0, space 0, times 0 [ 712.151867] Bluetooth: hci3 command 0x0409 tx timeout [ 712.158008] CPU: 1 PID: 14989 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 712.170909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 712.180352] Call Trace: [ 712.182947] dump_stack+0x1b2/0x281 [ 712.186577] should_fail.cold+0x10a/0x149 [ 712.190731] should_failslab+0xd6/0x130 22:05:08 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x4030582a, &(0x7f0000000040)=0x400) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000200)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00') [ 712.194745] kmem_cache_alloc+0x28e/0x3c0 [ 712.198902] alloc_vfsmnt+0x23/0x7f0 [ 712.202616] clone_mnt+0x6c/0xff0 [ 712.206077] copy_tree+0x33e/0xa20 [ 712.209624] copy_mnt_ns+0x167/0xa30 [ 712.213387] ? create_new_namespaces+0x30/0x720 [ 712.218062] ? do_mount+0x2a00/0x2a00 [ 712.221866] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 712.226882] ? kmem_cache_alloc+0x35f/0x3c0 [ 712.231187] create_new_namespaces+0xc9/0x720 [ 712.235672] ? security_capable+0x88/0xb0 [ 712.239847] copy_namespaces+0x27b/0x310 [ 712.243912] copy_process.part.0+0x25f8/0x71c0 [ 712.248498] ? trace_hardirqs_on+0x10/0x10 [ 712.252734] ? retint_kernel+0x2d/0x2d [ 712.256632] ? check_preemption_disabled+0x35/0x240 [ 712.261765] ? check_preemption_disabled+0x35/0x240 [ 712.266816] ? finish_task_switch+0x178/0x610 [ 712.271324] ? __cleanup_sighand+0x40/0x40 [ 712.275563] ? _raw_spin_unlock_irq+0x5a/0x80 [ 712.280100] ? finish_task_switch+0x14d/0x610 [ 712.284604] ? switch_mm_irqs_off+0x2d2/0xeb0 [ 712.289105] _do_fork+0x184/0xc80 [ 712.292563] ? fork_idle+0x270/0x270 [ 712.296278] ? io_schedule_timeout+0x140/0x140 [ 712.300956] ? fput+0xb/0x140 [ 712.304049] ? do_syscall_64+0x4c/0x640 [ 712.308010] ? sys_vfork+0x20/0x20 [ 712.311553] do_syscall_64+0x1d5/0x640 [ 712.315431] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 712.320638] RIP: 0033:0x466459 [ 712.323816] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 712.331523] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 712.338822] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 712.346087] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 712.353470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 712.360736] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 [ 712.373025] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 712.388323] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 712.458218] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 712.521477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 712.533873] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 712.543266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 712.553136] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 712.566249] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 712.576153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 712.585453] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 712.595632] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 712.604952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 712.614901] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 712.626066] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 712.633335] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 712.641082] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 712.649517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 712.661228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 712.696059] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 712.710621] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 712.725685] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 712.735108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 712.745147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 712.755101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 712.770866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 712.780691] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 712.793801] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 712.804438] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 712.813202] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 712.821297] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 712.829741] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 22:05:09 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r4, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, r4, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r4) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r5, 0x0) accept4$unix(r5, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) 22:05:09 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='rdma.current\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp1\x00', 0xc42, 0x0) ioctl$SNDCTL_DSP_POST(r1, 0x5008, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) 22:05:09 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) prlimit64(r0, 0xc, 0x0, &(0x7f0000000040)) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:09 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = getpid() sched_setattr(r4, 0x0, 0x0) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x4030582a, &(0x7f0000000040)) 22:05:09 executing program 4 (fault-call:10 fault-nth:47): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:09 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = getpid() sched_setattr(r4, 0x0, 0x0) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r5 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x4030582a, &(0x7f0000000040)) 22:05:09 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r4, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, r4, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r4) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r5 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) r6 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r6, 0x0) accept4$unix(r6, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) 22:05:09 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, r0, 0x0, 0x286, &(0x7f0000000240)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xd1\xeaN}\xd8\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#a\xb7\xb8\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xceN\x8a\x86e\xcc\xec\xb9j\xb9\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xffk\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xe2a_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xf2\x06\xdc\f\xf1g,\xa3\xf8[\xb8\t\xa8'}, 0x30) r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x2000, 0x0) ioctl$BTRFS_IOC_QGROUP_CREATE(r2, 0x4010942a, &(0x7f0000000200)={0x0, 0x6}) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r1, 0x0) perf_event_open$cgroup(&(0x7f0000000080)={0x4, 0x70, 0x3e, 0xf7, 0x0, 0x2, 0x0, 0x7fff, 0x402, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x9d09, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x824, 0x4, 0x9, 0x1, 0x1, 0x1f, 0xa5}, r1, 0xa, r0, 0x4) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r2, 0x8008f513, &(0x7f0000000500)) 22:05:09 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r4, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, r4, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r4) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r5 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) r6 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r6, 0x0) accept4$unix(r6, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) [ 713.285115] FAULT_INJECTION: forcing a failure. [ 713.285115] name failslab, interval 1, probability 0, space 0, times 0 [ 713.296492] CPU: 1 PID: 15074 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 713.304389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 713.313780] Call Trace: [ 713.316403] dump_stack+0x1b2/0x281 [ 713.320039] should_fail.cold+0x10a/0x149 [ 713.324198] should_failslab+0xd6/0x130 [ 713.328178] __kmalloc_track_caller+0x2bc/0x400 22:05:09 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r4, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, r4, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r4) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r5 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) r6 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r6, 0x0) accept4$unix(r6, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) [ 713.332941] ? kstrdup_const+0x35/0x60 [ 713.336833] ? lock_downgrade+0x740/0x740 [ 713.340987] kstrdup+0x36/0x70 [ 713.344206] kstrdup_const+0x35/0x60 [ 713.347923] alloc_vfsmnt+0xe0/0x7f0 [ 713.351640] clone_mnt+0x6c/0xff0 [ 713.355101] copy_tree+0x33e/0xa20 [ 713.358681] copy_mnt_ns+0x167/0xa30 [ 713.362411] ? create_new_namespaces+0x30/0x720 [ 713.367084] ? do_mount+0x2a00/0x2a00 [ 713.370913] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 713.375935] ? kmem_cache_alloc+0x35f/0x3c0 [ 713.380263] create_new_namespaces+0xc9/0x720 [ 713.384765] ? security_capable+0x88/0xb0 [ 713.388923] copy_namespaces+0x27b/0x310 [ 713.392987] copy_process.part.0+0x25f8/0x71c0 [ 713.397575] ? get_pid_task+0xb8/0x130 [ 713.401467] ? proc_fail_nth_write+0x7b/0x180 [ 713.405965] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 713.410895] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 713.415662] ? __cleanup_sighand+0x40/0x40 [ 713.419899] ? lock_downgrade+0x740/0x740 [ 713.424051] _do_fork+0x184/0xc80 [ 713.427533] ? fork_idle+0x270/0x270 [ 713.431251] ? fput+0xb/0x140 22:05:09 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) r1 = getpid() sched_setscheduler(r1, 0x0, 0x0) r2 = creat(&(0x7f0000000340)='./file0\x00', 0x0) ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f00000001c0)=ANY=[@ANYBLOB="000000002a250000d68ae1ffffff000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff7e0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001080000000000000100008000"/180]) perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x8, 0xff, 0x1, 0x0, 0x1, 0x400, 0xa, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x100, 0x10001}, 0x4020, 0xffffffff, 0x7, 0x9, 0x68, 0x9, 0x2}, r1, 0x4, r2, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000000)={r1, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0x30) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) [ 713.434359] ? SyS_write+0x14d/0x210 [ 713.438073] ? SyS_read+0x210/0x210 [ 713.441703] ? __do_page_fault+0x159/0xad0 [ 713.446066] ? do_syscall_64+0x4c/0x640 [ 713.450046] ? sys_vfork+0x20/0x20 [ 713.453586] do_syscall_64+0x1d5/0x640 [ 713.457487] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 713.462712] RIP: 0033:0x466459 [ 713.465909] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 713.473623] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 713.480895] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 713.488170] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 713.495438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 713.502704] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 [ 713.564140] Bluetooth: hci2 command 0x041b tx timeout 22:05:10 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) perf_event_open(&(0x7f0000000080)={0x3, 0x70, 0x2, 0x1f, 0x3, 0xa5, 0x0, 0x1, 0x23223, 0xc, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x3ff, 0x1, @perf_config_ext={0x4, 0x400}, 0x40010, 0x10001, 0xffffff81, 0x2, 0xbce5, 0xffffffff, 0xcc}, 0x0, 0x1, r1, 0x9) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) 22:05:10 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r2, 0x0) ioctl$LOOP_SET_STATUS(r2, 0x4c02, &(0x7f00000000c0)={0x0, {}, 0x0, {}, 0xc5, 0x3, 0x3, 0x4, "874ee3862a2b88c81a93a93f1f1291acf9484bcf5e28b7b9583d891bc72d1927b0972e6dde86aed8c5d687337413da2cce65dff0795644699d421f7c215a45bc", "26058b215b50658996521c2899bad7ded134ceb0b973c0e4c45da58a52297df5", [0x7ff, 0x1ff]}) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x1, @local, 0x8}, 0x1c) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:10 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) r1 = getpid() sched_setscheduler(r1, 0x0, 0x0) r2 = creat(&(0x7f0000000340)='./file0\x00', 0x0) ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f00000001c0)=ANY=[@ANYBLOB="000000002a250000d68ae1ffffff000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff7e0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001080000000000000100008000"/180]) r3 = perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x8, 0xff, 0x1, 0x0, 0x1, 0x400, 0xa, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x100, 0x10001}, 0x4020, 0xffffffff, 0x7, 0x9, 0x68, 0x9, 0x2}, r1, 0x4, r2, 0x0) openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ocfs2_control\x00', 0x24040, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r1, r3, 0x0, 0xfffffd9b, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xd8Ufa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0x30) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r0) 22:05:10 executing program 4 (fault-call:10 fault-nth:48): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:10 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = getpid() sched_setattr(r4, 0x0, 0x0) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r5 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x4030582a, &(0x7f0000000040)) 22:05:10 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = getpid() sched_setattr(r4, 0x0, 0x0) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r5 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x4030582a, &(0x7f0000000040)) [ 714.083218] FAULT_INJECTION: forcing a failure. [ 714.083218] name failslab, interval 1, probability 0, space 0, times 0 [ 714.094724] CPU: 1 PID: 15129 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 714.102618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 714.111983] Call Trace: [ 714.114576] dump_stack+0x1b2/0x281 [ 714.118204] should_fail.cold+0x10a/0x149 [ 714.122372] should_failslab+0xd6/0x130 [ 714.126377] __kmalloc_track_caller+0x2bc/0x400 [ 714.131056] ? kstrdup_const+0x35/0x60 [ 714.135071] ? lock_downgrade+0x740/0x740 [ 714.139206] kstrdup+0x36/0x70 [ 714.142390] kstrdup_const+0x35/0x60 [ 714.146114] alloc_vfsmnt+0xe0/0x7f0 [ 714.149832] clone_mnt+0x6c/0xff0 [ 714.153291] ? copy_tree+0x27a/0xa20 [ 714.157129] copy_tree+0x33e/0xa20 [ 714.160678] copy_mnt_ns+0x167/0xa30 [ 714.164400] ? create_new_namespaces+0x30/0x720 [ 714.169071] ? do_mount+0x2a00/0x2a00 [ 714.172875] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 714.177895] ? kmem_cache_alloc+0x35f/0x3c0 [ 714.182252] create_new_namespaces+0xc9/0x720 [ 714.186758] ? security_capable+0x88/0xb0 [ 714.190915] copy_namespaces+0x27b/0x310 [ 714.194982] copy_process.part.0+0x25f8/0x71c0 [ 714.199638] ? get_pid_task+0xb8/0x130 [ 714.203531] ? proc_fail_nth_write+0x7b/0x180 [ 714.208031] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 714.212964] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 714.217741] ? __cleanup_sighand+0x40/0x40 [ 714.221984] ? lock_downgrade+0x740/0x740 [ 714.226137] _do_fork+0x184/0xc80 [ 714.229595] ? fork_idle+0x270/0x270 22:05:10 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x3b, @empty, 0x4e22, 0x0, 'sh\x00', 0x39, 0x40, 0x37}, 0x2c) perf_event_open(&(0x7f0000000080)={0x4, 0x70, 0x6, 0x0, 0x5, 0x3f, 0x0, 0x9, 0xa14dc93dea92c67a, 0x2, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x2, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xfffffffffffffff8, 0x6}, 0x800, 0x0, 0x800, 0x3, 0x2, 0x7fffffff, 0x8000}, 0x0, 0x6, r0, 0x8) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r1, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r1, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x0, 0x0, 0x53) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x3) fstat(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xee01, r3, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TCXONC(r4, 0x540a, 0x3) fstat(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xee01, r5, 0x0) mount$9p_fd(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x2000000, &(0x7f0000000200)={'trans=fd,', {'rfdno'}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@aname={'aname', 0x3d, '\\'}}, {@version_9p2000='version=9p2000'}, {@version_u='version=9p2000.u'}, {@privport='privport'}, {@uname={'uname', 0x3d, 'sh\x00'}}], [{@fowner_eq={'fowner'}}, {@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}, {@fowner_gt={'fowner>', r3}}, {@fowner_eq={'fowner'}}, {@context={'context', 0x3d, 'unconfined_u'}}, {@smackfstransmute={'smackfstransmute'}}, {@smackfsroot={'smackfsroot', 0x3d, 'sh\x00'}}, {@uid_gt={'uid>', r5}}]}}) [ 714.233337] ? fput+0xb/0x140 [ 714.236467] ? SyS_write+0x14d/0x210 [ 714.240180] ? SyS_read+0x210/0x210 [ 714.243813] ? do_syscall_64+0x4c/0x640 [ 714.247791] ? sys_vfork+0x20/0x20 [ 714.251335] do_syscall_64+0x1d5/0x640 [ 714.255228] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 714.260438] RIP: 0033:0x466459 [ 714.263626] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 714.271367] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 714.278643] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 714.285925] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 714.293223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 714.300506] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 22:05:11 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) r1 = getpid() sched_setscheduler(r1, 0x0, 0x0) r2 = creat(&(0x7f0000000340)='./file0\x00', 0x0) ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f00000001c0)=ANY=[@ANYBLOB="000000002a250000d68ae1ffffff0003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000061123e817e0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001080000000000000100008000"/178]) perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x8, 0xff, 0x1, 0x0, 0x1, 0x400, 0xa, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x100, 0x10001}, 0x4020, 0xffffffff, 0x7, 0x9, 0x68, 0x9, 0x2}, r1, 0x4, r2, 0x0) r3 = dup2(r0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x5, 0x6, 0x0, 0x88, 0x0, 0x7, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1000, 0x2, @perf_bp={&(0x7f0000000000), 0x9}, 0x8480, 0x7fff, 0x1f, 0x9, 0x8, 0x0, 0x6}, r1, 0xc, r3, 0x2) 22:05:11 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x0, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x1b, 0xd1, 0xeb, 0x2, 0x0, 0x400, 0x2, 0x2, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x4, @perf_bp={&(0x7f0000000040), 0x1}, 0x8, 0x80, 0xa, 0x8, 0x8, 0x9, 0x8}, 0xffffffffffffffff, 0x5, r1, 0x2) r2 = creat(&(0x7f0000000340)='./file0\x00', 0x0) ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f00000001c0)=ANY=[@ANYBLOB="000000002a250000d68ae1ffffff000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff7e0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001080000000000000100008000"/180]) perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x8, 0xff, 0x1, 0x0, 0x1, 0x400, 0xa, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x100, 0x10001}, 0x4020, 0xffffffff, 0x7, 0x9, 0x68, 0x9, 0x2}, r0, 0x4, r2, 0x0) prlimit64(r0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:11 executing program 4 (fault-call:10 fault-nth:49): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 714.877214] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 714.897840] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 714.930573] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 714.983956] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 715.016632] FAULT_INJECTION: forcing a failure. [ 715.016632] name failslab, interval 1, probability 0, space 0, times 0 [ 715.028300] CPU: 1 PID: 15173 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 715.036243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 715.045608] Call Trace: [ 715.048210] dump_stack+0x1b2/0x281 [ 715.051860] should_fail.cold+0x10a/0x149 [ 715.056012] should_failslab+0xd6/0x130 [ 715.059993] kmem_cache_alloc+0x28e/0x3c0 [ 715.064144] alloc_vfsmnt+0x23/0x7f0 [ 715.067860] clone_mnt+0x6c/0xff0 [ 715.071312] ? copy_tree+0x2a0/0xa20 [ 715.075030] copy_tree+0x33e/0xa20 [ 715.078579] copy_mnt_ns+0x167/0xa30 [ 715.082298] ? create_new_namespaces+0x30/0x720 [ 715.086965] ? do_mount+0x2a00/0x2a00 [ 715.090782] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 715.095801] ? kmem_cache_alloc+0x35f/0x3c0 [ 715.100126] create_new_namespaces+0xc9/0x720 [ 715.104747] ? security_capable+0x88/0xb0 [ 715.108904] copy_namespaces+0x27b/0x310 [ 715.112973] copy_process.part.0+0x25f8/0x71c0 [ 715.117565] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 715.122605] ? _raw_spin_unlock_irq+0x5a/0x80 [ 715.127107] ? finish_task_switch+0x178/0x610 [ 715.131607] ? finish_task_switch+0x14d/0x610 [ 715.136193] ? switch_mm_irqs_off+0x2d2/0xeb0 [ 715.140694] ? __schedule+0x893/0x1de0 [ 715.144607] ? __cleanup_sighand+0x40/0x40 [ 715.148934] ? retint_kernel+0x2d/0x2d [ 715.152859] _do_fork+0x184/0xc80 [ 715.156315] ? SyS_write+0x1c6/0x210 [ 715.160028] ? fork_idle+0x270/0x270 [ 715.163756] ? fput+0xb/0x140 [ 715.166868] ? SyS_write+0x14d/0x210 [ 715.170592] ? SyS_read+0x210/0x210 [ 715.174222] ? __do_page_fault+0x159/0xad0 [ 715.178495] ? do_syscall_64+0x4c/0x640 [ 715.182475] ? sys_vfork+0x20/0x20 [ 715.186027] do_syscall_64+0x1d5/0x640 [ 715.189929] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 715.195144] RIP: 0033:0x466459 [ 715.198336] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 715.206053] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 715.213349] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 715.220629] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 715.227918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 715.235194] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 [ 715.289222] device bridge_slave_1 left promiscuous mode [ 715.358715] bridge0: port 2(bridge_slave_1) entered disabled state [ 715.387946] device bridge_slave_0 left promiscuous mode [ 715.402697] bridge0: port 1(bridge_slave_0) entered disabled state [ 715.414474] device veth1_macvtap left promiscuous mode [ 715.434558] device veth0_macvtap left promiscuous mode [ 715.444382] device veth1_vlan left promiscuous mode [ 715.452464] device veth0_vlan left promiscuous mode [ 715.609550] device hsr_slave_1 left promiscuous mode [ 715.620918] device hsr_slave_0 left promiscuous mode [ 715.669245] team0 (unregistering): Port device team_slave_1 removed [ 715.706147] team0 (unregistering): Port device team_slave_0 removed [ 715.721699] Bluetooth: hci2 command 0x040f tx timeout [ 715.727139] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 715.739074] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 715.776763] bond0 (unregistering): Released all slaves [ 717.791521] Bluetooth: hci2 command 0x0419 tx timeout [ 718.063480] IPVS: ftp: loaded support on port[0] = 21 [ 718.172473] chnl_net:caif_netlink_parms(): no params data found [ 718.229882] bridge0: port 1(bridge_slave_0) entered blocking state [ 718.236701] bridge0: port 1(bridge_slave_0) entered disabled state [ 718.245375] device bridge_slave_0 entered promiscuous mode [ 718.252475] bridge0: port 2(bridge_slave_1) entered blocking state [ 718.258860] bridge0: port 2(bridge_slave_1) entered disabled state [ 718.266409] device bridge_slave_1 entered promiscuous mode [ 718.286187] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 718.295634] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 718.316735] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 718.324042] team0: Port device team_slave_0 added [ 718.329681] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 718.337808] team0: Port device team_slave_1 added [ 718.356125] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 718.362607] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 718.388705] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 718.400334] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 718.407138] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 718.433282] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 718.444701] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 718.452556] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 718.474559] device hsr_slave_0 entered promiscuous mode [ 718.480373] device hsr_slave_1 entered promiscuous mode [ 718.487177] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 718.494552] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 718.572678] bridge0: port 2(bridge_slave_1) entered blocking state [ 718.579346] bridge0: port 2(bridge_slave_1) entered forwarding state [ 718.586253] bridge0: port 1(bridge_slave_0) entered blocking state [ 718.592717] bridge0: port 1(bridge_slave_0) entered forwarding state [ 718.624005] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 718.630242] 8021q: adding VLAN 0 to HW filter on device bond0 [ 718.639479] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 718.650008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 718.657535] bridge0: port 1(bridge_slave_0) entered disabled state [ 718.665413] bridge0: port 2(bridge_slave_1) entered disabled state [ 718.675965] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 718.682229] 8021q: adding VLAN 0 to HW filter on device team0 [ 718.690704] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 718.698627] bridge0: port 1(bridge_slave_0) entered blocking state [ 718.705135] bridge0: port 1(bridge_slave_0) entered forwarding state [ 718.722244] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 718.730629] bridge0: port 2(bridge_slave_1) entered blocking state [ 718.737060] bridge0: port 2(bridge_slave_1) entered forwarding state [ 718.745416] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 718.762582] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 718.769739] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 718.777960] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 718.786198] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 718.796535] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 718.802857] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 718.814883] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 718.823006] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 718.829728] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 718.841401] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 718.896624] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 718.906823] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 718.938732] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 718.946916] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 718.954124] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 718.963690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 718.971259] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 718.978406] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 718.987148] device veth0_vlan entered promiscuous mode [ 718.998848] device veth1_vlan entered promiscuous mode [ 719.004962] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 719.015116] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 719.026491] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 719.036979] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 719.044405] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 719.052079] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 719.062245] device veth0_macvtap entered promiscuous mode [ 719.068327] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 719.078113] device veth1_macvtap entered promiscuous mode [ 719.087302] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 719.097298] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 719.106319] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 719.116591] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 719.125792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 719.135621] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 719.145646] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 719.156240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 719.165403] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 719.175182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 719.184344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 719.194269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 719.204734] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 719.211769] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 719.218813] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 719.228572] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 719.237986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 719.248167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 719.257628] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 719.267420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 719.276731] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 719.286895] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 719.296040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 719.305826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 719.315046] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 719.324912] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 719.335098] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 719.342150] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 719.349245] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 719.357431] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 22:05:15 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r4, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, r4, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r4) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000040)) r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r5, 0x0) accept4$unix(r5, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) 22:05:15 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) r1 = getpid() sched_setscheduler(r1, 0x0, 0x0) r2 = creat(&(0x7f0000000340)='./file0\x00', 0x0) r3 = accept4$llc(r0, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000000100)=0x10, 0x800) lseek(r3, 0x8, 0x2) ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f00000001c0)=ANY=[@ANYBLOB="000000002a180000d68ae1ffffff000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff7e0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001080000000000000100008000"/180]) perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x8, 0xff, 0x1, 0x0, 0x1, 0x400, 0xa, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x100, 0x10001}, 0x4020, 0xffffffff, 0x7, 0x9, 0x68, 0x9, 0x2}, r1, 0x4, r2, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r1, 0xffffffffffffffff, 0x0, 0x2e2, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0x30) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) ioctl$VIDIOC_PREPARE_BUF(r2, 0xc058565d, &(0x7f0000000140)={0x4, 0x9, 0x4, 0x2000, 0x20000, {}, {0x3, 0x2, 0xff, 0xff, 0x80, 0x40, "411d1993"}, 0x4d8, 0x2, @offset=0x3, 0x1, 0x0, 0xffffffffffffffff}) writev(r4, &(0x7f00000002c0)=[{&(0x7f0000000280)="0bbf1c", 0x3}], 0x1) 22:05:15 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = getpid() sched_setattr(r4, 0x0, 0x0) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r5 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x4030582a, &(0x7f0000000040)) 22:05:15 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = getpid() sched_setattr(r4, 0x0, 0x0) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r5 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000040)) 22:05:15 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x1655bfb89deafb30, &(0x7f00000000c0)="2af585806d352a18729f358a7191110ddb803cff061dcdeadea89c5412b3b81686f8b93db80248522a339c5deb8d59823673e5f213eac4798220524aa86bae4cd31e9c238384bb30c349e65f19a37b27e33632b12a3dea90117a85f2e4d46e468425bd4aca4f0c50e35db3053cfc9897e9b36eda0e358d144bbb281524fb64caa789f74f8345f82ba4a091ecb43ab77d157fc5d070d903912668c964ac823847a5f8fd716435b27bb547fd4dfdd8ac2ac12c036f4b407f81fc25b48777a3b3824c47d12f578375ca1e526605bc43a483887461e56625dd30144ca7c1f6e3", &(0x7f0000000040), &(0x7f0000000280), &(0x7f0000000300)="b2ad35beb69ab3ff4fa59e754047a6fe8ec0f60f03096932fc7c0661bb1b002a5a5657aac2ad415e2ff6bfccedef4eca9698a1404c4cb072f8b7b4d1a54e88c6a2352c17af581dd4a7157b0371dcedcb9278fd15a047d2bd321413387711ce1d426e49da76567865e30e2a947e90e0b66875f16e50007c3b15b0aa96582238d75ad7") 22:05:15 executing program 4 (fault-call:10 fault-nth:50): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:15 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x8c, 0x8c, 0x40, 0x7, 0x0, 0x0, 0x2, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x3, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x800, 0x0, @perf_config_ext={0x0, 0x2}, 0x100, 0x10000, 0x1f, 0x4, 0x3f, 0x8, 0x4}, 0xffffffffffffffff, 0xe, r1, 0x8) 22:05:15 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r4, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, r4, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r4) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000040)) r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r5, 0x0) accept4$unix(r5, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) [ 719.858630] FAULT_INJECTION: forcing a failure. [ 719.858630] name failslab, interval 1, probability 0, space 0, times 0 [ 719.870454] CPU: 0 PID: 15465 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 719.878360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 719.887840] Call Trace: [ 719.890436] dump_stack+0x1b2/0x281 [ 719.894075] should_fail.cold+0x10a/0x149 [ 719.898233] should_failslab+0xd6/0x130 [ 719.902219] kmem_cache_alloc+0x28e/0x3c0 [ 719.906379] alloc_vfsmnt+0x23/0x7f0 [ 719.910110] clone_mnt+0x6c/0xff0 [ 719.913575] copy_tree+0x33e/0xa20 [ 719.917129] copy_mnt_ns+0x167/0xa30 [ 719.920852] ? create_new_namespaces+0x30/0x720 [ 719.925536] ? do_mount+0x2a00/0x2a00 [ 719.929456] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 719.934477] ? kmem_cache_alloc+0x35f/0x3c0 [ 719.938804] create_new_namespaces+0xc9/0x720 [ 719.943296] ? security_capable+0x88/0xb0 [ 719.947445] copy_namespaces+0x27b/0x310 [ 719.951512] copy_process.part.0+0x25f8/0x71c0 [ 719.956122] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 719.960878] ? __cleanup_sighand+0x40/0x40 [ 719.965110] ? lock_downgrade+0x740/0x740 [ 719.969260] _do_fork+0x184/0xc80 [ 719.972704] ? fork_idle+0x270/0x270 [ 719.976419] ? fput+0xb/0x140 [ 719.979527] ? SyS_write+0x14d/0x210 [ 719.983244] ? SyS_read+0x210/0x210 [ 719.987050] ? do_syscall_64+0x4c/0x640 [ 719.991063] ? sys_vfork+0x20/0x20 [ 719.994607] do_syscall_64+0x1d5/0x640 [ 719.998493] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 720.003694] RIP: 0033:0x466459 22:05:16 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r4, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, r4, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r4) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000040)) r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r5, 0x0) accept4$unix(r5, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) 22:05:16 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000200)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xeb\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfdaf) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) [ 720.006893] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 720.014594] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 720.021871] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 720.029156] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 720.036561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 720.043873] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 [ 720.111663] Bluetooth: hci3 command 0x0409 tx timeout 22:05:16 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDADDIO(r1, 0x4b34, 0x1) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r2, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0xffdfffff) perf_event_open(&(0x7f00000003c0)={0x3, 0x70, 0x2, 0xad, 0x1, 0x32, 0x0, 0x57, 0xc6189, 0x5, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x5, 0x1, @perf_bp={&(0x7f0000000180), 0x1}, 0x8, 0x3, 0x4, 0x6, 0x10000, 0x2, 0x9}, 0x0, 0xe, 0xffffffffffffffff, 0x1a) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r0, 0x0, 0xa5, 0x94, &(0x7f0000000080)="575b9edc04e3f426ab524da97355781ca7ffaacfa891fca65bbb8d2fe380e381a2e1e3f7fe9b24ad5158b456409a2f47b6ab6cb99f2f074501df4d2d114cc47205e3a337cf16b76b6723af8f0d44648cad8e49d7a20c85fa40663c524433038c4359cb7b4d8aad733573d806de857019600b652a552322977fc48855fbca2eda5f5692d4f6ab9c74eea82f314981c1d3af33cacb1ec7159dd14614800035301a1c0109530b", &(0x7f0000000200)=""/148, 0x4, 0x0, 0x12, 0x71, &(0x7f0000000140)="28374d0f8adfe1b6c015218d8bed8af75cc4", &(0x7f00000002c0)="3881933eb1c292471d2e0639a7aead3d878509e59b95180636bf002746cfb134d932eb999648dadffabd6d82e8f1fdaa91b20a1e3a0607e7bb1caeeee33c030ad90395911f1b7aa6a31cfa6deca6c65b6095de4a98945ed81af80e7c9aa76baeae86a0343764e00e7617cada7bf405c03b", 0x0, 0x3}, 0x48) 22:05:16 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = getpid() sched_setattr(r4, 0x0, 0x0) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r5 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x4030582a, &(0x7f0000000040)) 22:05:16 executing program 4 (fault-call:10 fault-nth:51): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:16 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = getpid() sched_setattr(r4, 0x0, 0x0) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r5 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000040)) 22:05:16 executing program 1: syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x2, 0x404002) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) ioctl$LOOP_SET_DIRECT_IO(0xffffffffffffffff, 0x4c08, 0x1) pipe(&(0x7f00000002c0)={0xffffffffffffffff}) r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r1, 0x0) ioctl$LOOP_SET_DIRECT_IO(r1, 0x4c08, 0xf74) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x20100, 0x0) write(r2, &(0x7f0000000300)="98df8b9b76f192a9e05cb19df7f0c5879bf10a0078bc48ed9078363fe3310cc7598b14df7a540743b7627eace918fada685671ea419b9c3545b54d75f7ed68542efbb0c4055cdf0b26768ea4add052bef95bf5a1c6cd420653dbcf65193784bbecad9456da39e54c9a1db34d2a2093d32b2b569ebd2e", 0x76) vmsplice(r0, &(0x7f0000000000), 0x0, 0x0) r3 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r3, 0x0) ioctl$LOOP_GET_STATUS(r3, 0x4c03, &(0x7f0000000380)) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 720.764742] FAULT_INJECTION: forcing a failure. [ 720.764742] name failslab, interval 1, probability 0, space 0, times 0 [ 720.776475] CPU: 1 PID: 15515 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 720.784369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 720.793722] Call Trace: [ 720.796316] dump_stack+0x1b2/0x281 [ 720.799958] should_fail.cold+0x10a/0x149 [ 720.804116] should_failslab+0xd6/0x130 [ 720.809311] kmem_cache_alloc+0x28e/0x3c0 [ 720.813467] alloc_vfsmnt+0x23/0x7f0 [ 720.817359] clone_mnt+0x6c/0xff0 [ 720.820906] copy_tree+0x33e/0xa20 [ 720.824462] copy_mnt_ns+0x167/0xa30 [ 720.828179] ? create_new_namespaces+0x30/0x720 [ 720.832847] ? do_mount+0x2a00/0x2a00 [ 720.836653] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 720.841674] ? kmem_cache_alloc+0x35f/0x3c0 [ 720.845999] create_new_namespaces+0xc9/0x720 [ 720.850495] ? security_capable+0x88/0xb0 [ 720.854648] copy_namespaces+0x27b/0x310 [ 720.858710] copy_process.part.0+0x25f8/0x71c0 [ 720.863298] ? trace_hardirqs_on+0x10/0x10 [ 720.867535] ? check_preemption_disabled+0x35/0x240 [ 720.872573] ? check_preemption_disabled+0x35/0x240 [ 720.877589] ? finish_task_switch+0x178/0x610 [ 720.882111] ? __cleanup_sighand+0x40/0x40 [ 720.886345] ? _raw_spin_unlock_irq+0x5a/0x80 [ 720.890855] ? finish_task_switch+0x14d/0x610 [ 720.895347] ? switch_mm_irqs_off+0x601/0xeb0 [ 720.899873] _do_fork+0x184/0xc80 [ 720.903337] ? fork_idle+0x270/0x270 [ 720.907077] ? io_schedule_timeout+0x140/0x140 [ 720.911658] ? fput+0xb/0x140 [ 720.914790] ? do_syscall_64+0x4c/0x640 [ 720.918761] ? sys_vfork+0x20/0x20 [ 720.922304] do_syscall_64+0x1d5/0x640 [ 720.926197] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 720.931381] RIP: 0033:0x466459 [ 720.934593] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 720.942298] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 720.949565] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 720.956830] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 720.964099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 720.971367] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 22:05:17 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, r0, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0x30) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f0000000000)=0x3) 22:05:17 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) getpid() setrlimit(0xf, &(0x7f00000000c0)={0x9, 0x2}) openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r0, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x800, 0x0) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:17 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = getpid() sched_setattr(r3, 0x0, 0x0) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) 22:05:17 executing program 4 (fault-call:10 fault-nth:52): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:17 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = getpid() sched_setattr(r4, 0x0, 0x0) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r5 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, &(0x7f0000000040)) [ 721.275167] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 721.294581] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 721.363141] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 721.369916] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 721.430000] device bridge_slave_1 left promiscuous mode [ 721.453043] bridge0: port 2(bridge_slave_1) entered disabled state [ 721.484436] device bridge_slave_0 left promiscuous mode [ 721.489971] bridge0: port 1(bridge_slave_0) entered disabled state [ 721.717471] FAULT_INJECTION: forcing a failure. [ 721.717471] name failslab, interval 1, probability 0, space 0, times 0 [ 721.731469] CPU: 0 PID: 15554 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 721.739374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 721.748753] Call Trace: [ 721.751345] dump_stack+0x1b2/0x281 [ 721.754972] should_fail.cold+0x10a/0x149 [ 721.759113] should_failslab+0xd6/0x130 [ 721.763082] kmem_cache_alloc+0x28e/0x3c0 [ 721.767225] alloc_vfsmnt+0x23/0x7f0 [ 721.770948] clone_mnt+0x6c/0xff0 [ 721.774407] copy_tree+0x33e/0xa20 [ 721.777942] copy_mnt_ns+0x167/0xa30 [ 721.781909] ? create_new_namespaces+0x30/0x720 [ 721.786566] ? do_mount+0x2a00/0x2a00 [ 721.790375] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 721.795400] ? kmem_cache_alloc+0x35f/0x3c0 [ 721.799717] create_new_namespaces+0xc9/0x720 [ 721.804203] ? security_capable+0x88/0xb0 [ 721.808345] copy_namespaces+0x27b/0x310 [ 721.812408] copy_process.part.0+0x25f8/0x71c0 [ 721.816999] ? retint_kernel+0x2d/0x2d [ 721.820890] ? __cleanup_sighand+0x40/0x40 [ 721.825128] ? lock_downgrade+0x740/0x740 [ 721.829279] _do_fork+0x184/0xc80 [ 721.832726] ? fork_idle+0x270/0x270 [ 721.836430] ? fput+0xb/0x140 [ 721.839530] ? SyS_write+0x14d/0x210 [ 721.843238] ? SyS_read+0x210/0x210 [ 721.846862] ? __do_page_fault+0x159/0xad0 [ 721.851103] ? do_syscall_64+0x4c/0x640 [ 721.855075] ? sys_vfork+0x20/0x20 [ 721.858621] do_syscall_64+0x1d5/0x640 [ 721.862506] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 721.867687] RIP: 0033:0x466459 [ 721.870866] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 721.878573] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 721.885838] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 721.893099] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 721.900359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 721.907637] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 [ 722.078342] device veth1_macvtap left promiscuous mode [ 722.090504] device veth0_macvtap left promiscuous mode [ 722.103993] device veth1_vlan left promiscuous mode [ 722.117478] device veth0_vlan left promiscuous mode [ 722.452664] device hsr_slave_1 left promiscuous mode [ 722.479262] device hsr_slave_0 left promiscuous mode [ 722.522299] team0 (unregistering): Port device team_slave_1 removed [ 722.533732] team0 (unregistering): Port device team_slave_0 removed [ 722.554099] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 722.581443] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 722.647783] bond0 (unregistering): Released all slaves [ 723.715211] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 723.722297] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 723.729869] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 723.737521] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 723.745407] device bridge_slave_1 left promiscuous mode [ 723.750849] bridge0: port 2(bridge_slave_1) entered disabled state [ 723.758439] device bridge_slave_0 left promiscuous mode [ 723.764556] bridge0: port 1(bridge_slave_0) entered disabled state [ 723.777744] device veth1_macvtap left promiscuous mode [ 723.785775] device veth0_macvtap left promiscuous mode [ 723.791109] device veth1_vlan left promiscuous mode [ 723.799746] device veth0_vlan left promiscuous mode [ 723.886970] device hsr_slave_1 left promiscuous mode [ 723.895586] device hsr_slave_0 left promiscuous mode [ 723.909701] team0 (unregistering): Port device team_slave_1 removed [ 723.920313] team0 (unregistering): Port device team_slave_0 removed [ 723.929784] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 723.940664] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 723.966084] bond0 (unregistering): Released all slaves [ 724.936273] IPVS: ftp: loaded support on port[0] = 21 [ 725.041247] chnl_net:caif_netlink_parms(): no params data found [ 725.094972] bridge0: port 1(bridge_slave_0) entered blocking state [ 725.101859] bridge0: port 1(bridge_slave_0) entered disabled state [ 725.108843] device bridge_slave_0 entered promiscuous mode [ 725.116388] bridge0: port 2(bridge_slave_1) entered blocking state [ 725.122980] bridge0: port 2(bridge_slave_1) entered disabled state [ 725.129919] device bridge_slave_1 entered promiscuous mode [ 725.148127] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 725.157044] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 725.176626] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 725.183824] team0: Port device team_slave_0 added [ 725.189235] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 725.197641] team0: Port device team_slave_1 added [ 725.214125] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 725.220380] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 725.246591] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 725.257872] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 725.264475] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 725.290193] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 725.301626] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 725.308890] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 725.329348] device hsr_slave_0 entered promiscuous mode [ 725.335126] device hsr_slave_1 entered promiscuous mode [ 725.341064] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 725.349040] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 725.420842] bridge0: port 2(bridge_slave_1) entered blocking state [ 725.427239] bridge0: port 2(bridge_slave_1) entered forwarding state [ 725.433956] bridge0: port 1(bridge_slave_0) entered blocking state [ 725.440388] bridge0: port 1(bridge_slave_0) entered forwarding state [ 725.471002] 8021q: adding VLAN 0 to HW filter on device bond0 [ 725.479423] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 725.487935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 725.495964] bridge0: port 1(bridge_slave_0) entered disabled state [ 725.503396] bridge0: port 2(bridge_slave_1) entered disabled state [ 725.513928] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 725.520010] 8021q: adding VLAN 0 to HW filter on device team0 [ 725.529262] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 725.537491] bridge0: port 1(bridge_slave_0) entered blocking state [ 725.544343] bridge0: port 1(bridge_slave_0) entered forwarding state [ 725.562486] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 725.570096] bridge0: port 2(bridge_slave_1) entered blocking state [ 725.576511] bridge0: port 2(bridge_slave_1) entered forwarding state [ 725.584271] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 725.592106] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 725.600180] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 725.609852] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 725.622198] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 725.630094] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 725.638472] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 725.650605] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 725.658535] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 725.665839] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 725.677622] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 725.730018] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 725.739717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 725.768254] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 725.776952] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 725.783941] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 725.796954] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 725.803871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 725.811244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 725.819438] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 725.826439] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 725.835173] device veth0_vlan entered promiscuous mode [ 725.845716] device veth1_vlan entered promiscuous mode [ 725.852061] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 725.860400] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 725.872044] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 725.880695] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 725.887852] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 725.895197] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 725.902908] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 725.910572] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 725.919895] device veth0_macvtap entered promiscuous mode [ 725.930500] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 725.938731] device veth1_macvtap entered promiscuous mode [ 725.945173] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 725.955463] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 725.965010] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 725.973754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 725.983558] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 725.993068] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 726.002865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 726.012092] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 726.022091] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 726.031194] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 726.041214] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 726.051206] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 726.058365] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 726.065542] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 726.073027] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 726.080183] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 726.088233] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 726.097816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 726.108020] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 726.117501] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 726.127268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 726.136445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 726.146216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 726.155659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 726.165434] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 726.175908] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 726.182887] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 726.190114] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 726.198205] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 22:05:22 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r4, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, r4, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r4) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) r5 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) r6 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r6, 0x0) accept4$unix(r6, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) 22:05:22 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) r1 = getpgid(0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r1, 0xffffffffffffffff, 0x0, 0x346, &(0x7f00000004c0)='bdev!)-%+wlal\x1ap\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\x96Y4\xd3\xd5\xcdD\x91\x9e\x1b\x972\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00\xb0\x81\t\\j\x9e\xadw\xdea\x05\xd4{4\\\x95\x1b5k\xbd\xde \xe5\xfe#\xbd|\x9d\xe5\xd6H\xb75\xb7\xb7\\\xfc\xad\\\xca\xaa\bW\xb2\xea\x82\x1f,\xf5\xe5U5\x87Z\xec\x16\xa7Pa\x04@*\xf53\x15\xdd\xea+g$\xe5u\xaf\xc5^\x19\xd8\x14\x91\x96\x7f\xc5\x15\xa0@\f\x9dL\xf43\xf0\xcckp\xa1A\x96.T\xab\x83py\xed\aQ\xcb\x1e\xac\xc7\xb2\'\xce\xcd\xe1\x85A+%\x97&~\xe5\xba\xa6\v\xd8\x03\xcc\x15\xbb7\xee\x9a\xac4\xb5\x8c\x00\x88\x18\xf2\xcbm\xfe\xc8\x84\xb9\x97(\xcd\x9b%\xd4\x8e\xbd\x06\x8e\xca\xb3\xf2\xfd\x199\xe6\xed\xe2`\x8f\x8e`\xc2\xb4B\xa3\x9et\xa2\x82\x04=\xbe\xcc'}, 0x30) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)=0x1000000003fffc) 22:05:22 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x5) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:22 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = getpid() sched_setattr(r3, 0x0, 0x0) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) 22:05:22 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000000000)={0x3, 0x0, 0x10001}) ioctl$DRM_IOCTL_AGP_BIND(r0, 0x40106436, &(0x7f0000000080)={r1, 0xfff}) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) 22:05:22 executing program 4 (fault-call:10 fault-nth:53): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:22 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r4, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, r4, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r4) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) r5 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) r6 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r6, 0x0) accept4$unix(r6, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) 22:05:22 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$unix(r0, &(0x7f0000000080)=""/85, 0x55, 0x0, 0x0, 0x0) sendto$unix(r1, &(0x7f0000000100)="6c507678d46752945e243592544a17868c058f9486269dff5e50ef7616b2e4aaad9005411c334ccc10c0446c8ed1cefcab768b1ea9555d7f614c9ef840cd0e294c0b9ac127d7d68bc5f073a804d676ac75ec8971a4e0", 0x56, 0x0, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, r2, 0x0, 0x2dc, &(0x7f0000000200)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00\xfc\x1a@\xff9\xfd\xe0\xe0&\t\n-^\x18\x80F\xa7?\x84\x96\xb4H\xcb\x11\f \x05:\\k\x7f\xe9\x1a\x9f{-P\a\xf6\xf2jD\xfc9\xdf\xe5nxa\x7f\xf6\f\xc9$b\xa43\x01\xe5m\xc6EQE\xb1\xc4\x101\x84h\x02\xf2p\x898 4(z\xc2\x00\x00\x00\x00\x00\x00\x00\x00\x00'}, 0x30) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) 22:05:22 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r4, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, r4, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r4) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) r5 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) r6 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r6, 0x0) accept4$unix(r6, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) 22:05:22 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = getpid() sched_setattr(r3, 0x0, 0x0) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) [ 726.612165] FAULT_INJECTION: forcing a failure. [ 726.612165] name failslab, interval 1, probability 0, space 0, times 0 [ 726.623562] CPU: 1 PID: 15850 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 726.631466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 726.640832] Call Trace: [ 726.643428] dump_stack+0x1b2/0x281 [ 726.647065] should_fail.cold+0x10a/0x149 [ 726.651227] should_failslab+0xd6/0x130 [ 726.655207] __kmalloc_track_caller+0x2bc/0x400 [ 726.659877] ? kstrdup_const+0x35/0x60 [ 726.663764] ? lock_downgrade+0x740/0x740 [ 726.667958] kstrdup+0x36/0x70 [ 726.671160] kstrdup_const+0x35/0x60 [ 726.674879] alloc_vfsmnt+0xe0/0x7f0 [ 726.678602] clone_mnt+0x6c/0xff0 [ 726.682068] copy_tree+0x33e/0xa20 [ 726.685614] copy_mnt_ns+0x167/0xa30 [ 726.689327] ? create_new_namespaces+0x30/0x720 [ 726.693995] ? do_mount+0x2a00/0x2a00 [ 726.697795] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 726.702819] ? kmem_cache_alloc+0x35f/0x3c0 [ 726.707153] create_new_namespaces+0xc9/0x720 [ 726.711649] ? security_capable+0x88/0xb0 [ 726.715802] copy_namespaces+0x27b/0x310 [ 726.719891] copy_process.part.0+0x25f8/0x71c0 [ 726.724478] ? get_pid_task+0xb8/0x130 [ 726.728364] ? proc_fail_nth_write+0x7b/0x180 [ 726.732873] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 726.737815] ? __cleanup_sighand+0x40/0x40 [ 726.742053] ? lock_downgrade+0x740/0x740 [ 726.746209] _do_fork+0x184/0xc80 [ 726.749667] ? fork_idle+0x270/0x270 [ 726.753379] ? fput+0xb/0x140 [ 726.756484] ? SyS_write+0x14d/0x210 [ 726.760200] ? SyS_read+0x210/0x210 [ 726.763823] ? __do_page_fault+0x159/0xad0 [ 726.768057] ? do_syscall_64+0x4c/0x640 [ 726.772030] ? sys_vfork+0x20/0x20 [ 726.775586] do_syscall_64+0x1d5/0x640 [ 726.779475] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 726.784658] RIP: 0033:0x466459 [ 726.787846] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 726.795575] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 726.802844] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 726.810120] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 726.817389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 726.824752] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 22:05:23 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x26e1, 0x0) preadv(r0, &(0x7f0000000140)=[{&(0x7f0000000080)=""/191, 0xbf}, {&(0x7f0000000c40)=""/102400, 0x19000}], 0x2, 0x1, 0xe5e) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, r0, 0x0, 0x354, &(0x7f00000008c0)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863\x8f\xac9\x062\x00\x14I<-j\xfa\x19\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by\a\xa0\x8aN\xb3\xf5\x00B\x84]\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccg\xect\xc2\xc2n^>\x10\b\v\xb3r\xc1\xa8\x85E\x85L|\xe6\xb8wqvdTn\x8bQ\x18\xf2tp+\xd1\xbe\x10\rg\x00\x00\x00\x00\x8c\x1dTi\xafa\xde\x06/ \x93O.\xe5<0\xfa\b\x82dc&\xa2\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\x8bF\x90\v.\xb5\xa1\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\x9f\x1a\x1d\xd6\x0f\x1a\xe3\xe1\xa6\x89\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a\x97(J\x16\x00\x8f\xc7K\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\xf7Q\x9b\b\xa8pA\xb8\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ&\x02\x00\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x02\x00\x00\x00\x00\x00\x00\x00)f\x85\x13}u\xa1%\xbd\xdc\x17>Go\xb7@\x9a@\xc9O\xde\xd2\xc8\x17\x05L>\x18\x97\x84-\xaf\xe0V\xef|l{\xe4\\d\xdd*3X\n\x80\f\xff\x9e\x13\xd9P\x9a\x12K\xd9\x91S\x9e\x92C\x9ap\x12\xc8\xb2\x9a\xc2\xc328\xc9x\x82w\xffsp\x19\xb9.\xcd\xe2q\x80\xa3\xa5\x92\xbe4]\x8eVrzx\xfd\xff\xab\xfc;(\x81p|\x98\xcf\x8d\xb0\xd0)\x1dfs\xa7\b)\x98\xb9\x8e\xd2*@\x92\xde\x1bV\x06\xb6\xe4]\xb9\x89@\x0eB\xf6\xef\t\xbb\xda\'J\xcaU\x9f\x8f\x818\x1d\x10\x7f_O!%\xfd\xde\xd0\x033\xf8\xd1;\x00\xde\xc6n\x1e\xfabCB\x05\r\x9d\t\x00\x00\x00\x00\x00\x00\x00'}, 0x30) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) r1 = socket(0x2a, 0x800, 0x5) ioctl$F2FS_IOC_START_ATOMIC_WRITE(r1, 0xf501, 0x0) 22:05:23 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r4, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, r4, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r4) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r5 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) r6 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r6, 0x0) accept4$unix(r6, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) [ 726.991834] Bluetooth: hci2 command 0x0409 tx timeout 22:05:23 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = getpid() sched_setattr(r4, 0x0, 0x0) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r5 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r5, &(0x7f00000017c0), 0x375, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) socket$nl_route(0x10, 0x3, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x4030582a, &(0x7f0000000040)) 22:05:23 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = getpid() sched_setattr(r3, 0x0, 0x0) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) [ 727.744103] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 727.758186] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 727.775927] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 727.790506] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 727.808596] device bridge_slave_1 left promiscuous mode [ 727.820478] bridge0: port 2(bridge_slave_1) entered disabled state [ 727.837796] device bridge_slave_0 left promiscuous mode [ 727.849774] bridge0: port 1(bridge_slave_0) entered disabled state [ 727.868950] device veth1_macvtap left promiscuous mode [ 727.880809] device veth0_macvtap left promiscuous mode [ 727.891921] device veth1_vlan left promiscuous mode [ 727.903325] device veth0_vlan left promiscuous mode [ 728.093169] device hsr_slave_1 left promiscuous mode [ 728.113007] device hsr_slave_0 left promiscuous mode [ 728.135581] team0 (unregistering): Port device team_slave_1 removed [ 728.149596] team0 (unregistering): Port device team_slave_0 removed [ 728.163834] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 728.196583] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 728.286778] bond0 (unregistering): Released all slaves [ 730.127021] IPVS: ftp: loaded support on port[0] = 21 [ 730.245457] chnl_net:caif_netlink_parms(): no params data found [ 730.297764] bridge0: port 1(bridge_slave_0) entered blocking state [ 730.305033] bridge0: port 1(bridge_slave_0) entered disabled state [ 730.313061] device bridge_slave_0 entered promiscuous mode [ 730.320703] bridge0: port 2(bridge_slave_1) entered blocking state [ 730.327363] bridge0: port 2(bridge_slave_1) entered disabled state [ 730.335264] device bridge_slave_1 entered promiscuous mode [ 730.355573] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 730.365282] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 730.385534] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 730.393081] team0: Port device team_slave_0 added [ 730.398520] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 730.405925] team0: Port device team_slave_1 added [ 730.423431] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 730.430445] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 730.456738] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 730.467752] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 730.474065] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 730.499313] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 730.509979] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 730.518135] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 730.537835] device hsr_slave_0 entered promiscuous mode [ 730.543701] device hsr_slave_1 entered promiscuous mode [ 730.549574] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 730.556676] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 730.625822] bridge0: port 2(bridge_slave_1) entered blocking state [ 730.632199] bridge0: port 2(bridge_slave_1) entered forwarding state [ 730.638787] bridge0: port 1(bridge_slave_0) entered blocking state [ 730.645193] bridge0: port 1(bridge_slave_0) entered forwarding state [ 730.675336] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 730.682156] 8021q: adding VLAN 0 to HW filter on device bond0 [ 730.690694] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 730.699843] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 730.708019] bridge0: port 1(bridge_slave_0) entered disabled state [ 730.715150] bridge0: port 2(bridge_slave_1) entered disabled state [ 730.725078] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 730.731147] 8021q: adding VLAN 0 to HW filter on device team0 [ 730.740712] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 730.748544] bridge0: port 1(bridge_slave_0) entered blocking state [ 730.754995] bridge0: port 1(bridge_slave_0) entered forwarding state [ 730.770099] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 730.778081] bridge0: port 2(bridge_slave_1) entered blocking state [ 730.784482] bridge0: port 2(bridge_slave_1) entered forwarding state [ 730.802192] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 730.809960] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 730.817935] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 730.826937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 730.834766] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 730.844863] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 730.850876] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 730.865261] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 730.872836] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 730.879498] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 730.892695] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 730.950082] IPVS: ftp: loaded support on port[0] = 21 [ 731.012883] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 731.037413] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 731.124452] chnl_net:caif_netlink_parms(): no params data found [ 731.149937] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 731.158365] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 731.165775] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 731.185794] device veth0_vlan entered promiscuous mode [ 731.193356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 731.200774] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 731.208216] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 731.219791] device veth1_vlan entered promiscuous mode [ 731.226054] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 731.237165] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 731.244251] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 731.253114] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 731.260361] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 731.291097] bridge0: port 1(bridge_slave_0) entered blocking state [ 731.298709] bridge0: port 1(bridge_slave_0) entered disabled state [ 731.306582] device bridge_slave_0 entered promiscuous mode [ 731.314144] bridge0: port 2(bridge_slave_1) entered blocking state [ 731.320547] bridge0: port 2(bridge_slave_1) entered disabled state [ 731.328371] device bridge_slave_1 entered promiscuous mode [ 731.344591] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 731.354572] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 731.362132] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 731.369746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 731.388005] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 731.397462] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 731.423924] device veth0_macvtap entered promiscuous mode [ 731.430649] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 731.439027] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 731.446328] team0: Port device team_slave_0 added [ 731.453642] device veth1_macvtap entered promiscuous mode [ 731.460368] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 731.468845] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 731.477048] team0: Port device team_slave_1 added [ 731.500133] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 731.506473] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 731.532021] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 731.543642] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 731.549878] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 731.575631] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 731.587467] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 731.596269] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 731.604369] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 731.627493] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 731.642042] device hsr_slave_0 entered promiscuous mode [ 731.647640] device hsr_slave_1 entered promiscuous mode [ 731.654015] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 731.661594] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 731.677688] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 731.687675] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 731.697759] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 731.708032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 731.717873] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 731.727650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 731.736951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 731.746745] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 731.757065] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 731.764351] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 731.772550] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 731.779775] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 731.787884] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 731.795896] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 731.816734] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 731.826560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 731.836282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 731.846415] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 731.855575] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 731.865348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 731.874804] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 731.885176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 731.895253] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 731.902286] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 731.919119] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 731.927467] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 732.007900] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 732.054565] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 732.060671] 8021q: adding VLAN 0 to HW filter on device bond0 [ 732.070818] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 732.081119] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 732.087942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 732.096062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 732.107018] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 732.113415] 8021q: adding VLAN 0 to HW filter on device team0 [ 732.128393] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 732.136557] bridge0: port 1(bridge_slave_0) entered blocking state [ 732.142958] bridge0: port 1(bridge_slave_0) entered forwarding state [ 732.150507] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 732.166029] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 732.174628] bridge0: port 2(bridge_slave_1) entered blocking state [ 732.181105] bridge0: port 2(bridge_slave_1) entered forwarding state [ 732.191654] Bluetooth: hci2 command 0x0409 tx timeout [ 732.207094] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 732.223560] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 732.230659] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 732.239944] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 732.259281] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 732.269945] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 732.276848] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 732.288465] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 732.295696] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 732.309740] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 732.318275] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 732.324889] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 732.333733] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 732.345608] 8021q: adding VLAN 0 to HW filter on device batadv0 22:05:28 executing program 2 (fault-call:10 fault-nth:0): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:28 executing program 4 (fault-call:10 fault-nth:54): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:28 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = getpid() sched_setattr(r3, 0x0, 0x0) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) 22:05:28 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x1f, 0xffffffffdfffff81}, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_config_ext={0x1, 0xff}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x300000b, 0x11, r0, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r0) r1 = getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) syz_open_procfs(r1, &(0x7f0000000040)='net/psched\x00') write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40884, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0xa, 0x8010, r4, 0x0) fcntl$setstatus(r4, 0x4, 0x40400) perf_event_open(&(0x7f0000000100)={0x7, 0x70, 0x4, 0xcb, 0xfb, 0x2, 0x0, 0xff, 0x61, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3ff, 0x2, @perf_bp={&(0x7f00000000c0), 0xb}, 0x401c0, 0x2, 0x3, 0x2, 0x8, 0x233, 0xfffa}, r1, 0x2, r4, 0x8) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x3, 0x11, 0x0, 0x7, 0x3, 0x8000000000000004}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:28 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = getpid() sched_setattr(r3, 0x0, 0x0) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) [ 732.435273] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 732.445979] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 732.453458] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 732.462791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 732.551191] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 732.558785] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 732.566221] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 732.574260] FAULT_INJECTION: forcing a failure. [ 732.574260] name failslab, interval 1, probability 0, space 0, times 0 [ 732.585828] CPU: 1 PID: 16377 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0 [ 732.593721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 732.603072] Call Trace: [ 732.605668] dump_stack+0x1b2/0x281 [ 732.609297] should_fail.cold+0x10a/0x149 [ 732.613454] should_failslab+0xd6/0x130 [ 732.617429] kmem_cache_alloc_node+0x263/0x410 [ 732.622906] copy_process.part.0+0x17d3/0x71c0 [ 732.627511] ? get_pid_task+0xb8/0x130 [ 732.631401] ? proc_fail_nth_write+0x7b/0x180 [ 732.635934] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 732.640876] ? fsnotify+0x974/0x11b0 [ 732.644588] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 732.649521] ? __cleanup_sighand+0x40/0x40 [ 732.653750] ? lock_downgrade+0x740/0x740 [ 732.657900] ? vfs_write+0x35d/0x4d0 [ 732.661618] _do_fork+0x184/0xc80 [ 732.665073] ? fork_idle+0x270/0x270 [ 732.668798] ? fput+0xb/0x140 [ 732.671913] ? SyS_write+0x14d/0x210 [ 732.675623] ? SyS_read+0x210/0x210 [ 732.679269] ? __do_page_fault+0x159/0xad0 [ 732.683505] ? do_syscall_64+0x4c/0x640 [ 732.688787] ? sys_vfork+0x20/0x20 [ 732.692366] do_syscall_64+0x1d5/0x640 [ 732.696259] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 732.701534] RIP: 0033:0x466459 [ 732.704720] RSP: 002b:00007fd83f2f4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 732.712431] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 732.719707] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 732.726979] RBP: 00007fd83f2f41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 732.734275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 732.741548] R13: 00007ffefefe45cf R14: 00007fd83f2f4300 R15: 0000000000022000 [ 732.750260] FAULT_INJECTION: forcing a failure. [ 732.750260] name failslab, interval 1, probability 0, space 0, times 0 [ 732.762216] CPU: 0 PID: 16384 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 732.770117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 732.779469] Call Trace: [ 732.782054] dump_stack+0x1b2/0x281 [ 732.785686] should_fail.cold+0x10a/0x149 [ 732.789920] should_failslab+0xd6/0x130 [ 732.793887] kmem_cache_alloc+0x28e/0x3c0 [ 732.798985] alloc_vfsmnt+0x23/0x7f0 [ 732.802693] clone_mnt+0x6c/0xff0 [ 732.806145] copy_tree+0x33e/0xa20 [ 732.809681] copy_mnt_ns+0x167/0xa30 [ 732.813392] ? create_new_namespaces+0x30/0x720 [ 732.818052] ? do_mount+0x2a00/0x2a00 [ 732.821843] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 732.826853] ? kmem_cache_alloc+0x35f/0x3c0 [ 732.831165] create_new_namespaces+0xc9/0x720 [ 732.835670] ? security_capable+0x88/0xb0 [ 732.839813] copy_namespaces+0x27b/0x310 [ 732.843868] copy_process.part.0+0x25f8/0x71c0 [ 732.848481] ? get_pid_task+0xb8/0x130 [ 732.852370] ? proc_fail_nth_write+0x7b/0x180 [ 732.856861] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 732.861807] ? __cleanup_sighand+0x40/0x40 [ 732.866037] ? lock_downgrade+0x740/0x740 [ 732.870186] _do_fork+0x184/0xc80 [ 732.873635] ? fork_idle+0x270/0x270 [ 732.877355] ? fput+0xb/0x140 [ 732.880452] ? SyS_write+0x14d/0x210 [ 732.884155] ? SyS_read+0x210/0x210 [ 732.887777] ? __do_page_fault+0x159/0xad0 [ 732.892012] ? do_syscall_64+0x4c/0x640 [ 732.895991] ? sys_vfork+0x20/0x20 [ 732.899562] do_syscall_64+0x1d5/0x640 [ 732.903584] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 732.908966] RIP: 0033:0x466459 [ 732.912154] RSP: 002b:00007f1932689188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 732.919877] RAX: ffffffffffffffda RBX: 000000000056c200 RCX: 0000000000466459 [ 732.927148] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 732.934420] RBP: 00007f19326891d0 R08: ffffffffffffffff R09: 0000000000000000 [ 732.941694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 732.948968] R13: 00007ffeea19aebf R14: 00007f1932689300 R15: 0000000000022000 [ 732.992610] Bluetooth: hci3 command 0x0409 tx timeout [ 733.035504] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 733.056359] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 733.068299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 733.089032] device veth0_vlan entered promiscuous mode [ 733.099661] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 733.107456] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 733.118339] device veth1_vlan entered promiscuous mode [ 733.126153] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready 22:05:29 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) r3 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x2800, 0x0) clock_gettime(0x0, &(0x7f00000071c0)={0x0, 0x0}) recvmmsg(r3, &(0x7f0000007040)=[{{0x0, 0x0, &(0x7f0000003400)=[{&(0x7f00000000c0)=""/136, 0x88}, {&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f0000001300)=""/4096, 0x1000}, {&(0x7f0000000180)=""/27, 0x1b}, {&(0x7f0000002300)=""/221, 0xdd}, {&(0x7f0000000280)}, {&(0x7f0000002400)=""/4096, 0x1000}], 0x7, &(0x7f0000003480)=""/8, 0x8}, 0x6}, {{&(0x7f00000034c0), 0x80, &(0x7f0000003600)=[{&(0x7f0000003540)=""/96, 0x60}, {&(0x7f00000035c0)=""/61, 0x3d}], 0x2, &(0x7f0000003640)=""/4096, 0x1000}, 0x7f}, {{0x0, 0x0, &(0x7f0000005900)=[{&(0x7f0000004640)=""/53, 0x35}, {&(0x7f0000004680)=""/14, 0xe}, {&(0x7f00000046c0)=""/64, 0x40}, {&(0x7f0000004700)=""/113, 0x71}, {&(0x7f0000004780)=""/4096, 0x1000}, {&(0x7f0000005780)=""/4, 0x4}, {&(0x7f00000057c0)}, {&(0x7f0000005800)=""/232, 0xe8}], 0x8, &(0x7f0000005980)=""/131, 0x83}, 0xd9}, {{&(0x7f0000005a40)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, 0x80, &(0x7f0000005b40)=[{&(0x7f0000005ac0)=""/128, 0x80}], 0x1, &(0x7f0000005b80)=""/15, 0xf}, 0xe86}, {{&(0x7f0000005bc0)=@pptp={0x18, 0x2, {0x0, @empty}}, 0x80, &(0x7f0000005ec0)=[{&(0x7f0000005c40)=""/10, 0xa}, {&(0x7f0000005c80)=""/141, 0x8d}, {&(0x7f0000005d40)=""/152, 0x98}, {&(0x7f0000005e00)=""/131, 0x83}], 0x4, &(0x7f0000005f00)=""/36, 0x24}, 0x10001}, {{0x0, 0x0, &(0x7f0000007000)=[{&(0x7f0000005f40)=""/4096, 0x1000}, {&(0x7f0000006f40)=""/115, 0x73}, {&(0x7f0000006fc0)=""/55, 0x37}], 0x3}, 0x3}], 0x6, 0x12100, &(0x7f0000007200)={r4, r5+10000000}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sched_setattr(r0, &(0x7f0000000280)={0x38, 0x1, 0x10000000, 0x2, 0x3ff, 0x7, 0x8, 0xf3f7, 0x3f, 0x8000}, 0x0) [ 733.140746] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 733.164889] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 733.192454] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 733.199685] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 733.212744] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 733.221242] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 733.236972] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 733.252537] device veth0_macvtap entered promiscuous mode [ 733.258886] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 733.270313] device veth1_macvtap entered promiscuous mode [ 733.277390] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready 22:05:29 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = getpid() sched_setattr(r3, 0x0, 0x0) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) [ 733.286621] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 733.296823] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 733.304677] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 733.317023] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 733.328717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 22:05:29 executing program 2 (fault-call:10 fault-nth:1): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:29 executing program 3 (fault-call:10 fault-nth:0): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 733.378878] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 733.420780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 733.441433] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 733.450587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 733.472742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 733.481996] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 733.519446] FAULT_INJECTION: forcing a failure. [ 733.519446] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 733.530761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 733.531287] CPU: 1 PID: 16416 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0 [ 733.543915] FAULT_INJECTION: forcing a failure. [ 733.543915] name failslab, interval 1, probability 0, space 0, times 0 [ 733.549465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 733.549470] Call Trace: [ 733.549488] dump_stack+0x1b2/0x281 [ 733.549502] should_fail.cold+0x10a/0x149 [ 733.549520] __alloc_pages_nodemask+0x22c/0x2720 [ 733.585191] ? __lock_acquire+0x5fc/0x3f20 [ 733.589522] ? trace_hardirqs_on+0x10/0x10 [ 733.593840] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 733.598703] ? __might_fault+0x104/0x1b0 [ 733.602781] cache_grow_begin+0x91/0x630 [ 733.606838] ? check_preemption_disabled+0x35/0x240 [ 733.611853] cache_alloc_refill+0x273/0x350 [ 733.616370] kmem_cache_alloc_node+0x3f5/0x410 [ 733.620955] copy_process.part.0+0x17d3/0x71c0 [ 733.625556] ? get_pid_task+0xb8/0x130 [ 733.629525] ? proc_fail_nth_write+0x7b/0x180 [ 733.634048] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 733.638995] ? fsnotify+0x974/0x11b0 [ 733.642717] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 733.647650] ? __cleanup_sighand+0x40/0x40 [ 733.651878] ? lock_downgrade+0x740/0x740 [ 733.656032] ? vfs_write+0x35d/0x4d0 [ 733.659760] _do_fork+0x184/0xc80 [ 733.663212] ? fork_idle+0x270/0x270 [ 733.666919] ? fput+0xb/0x140 [ 733.670016] ? SyS_write+0x14d/0x210 [ 733.673721] ? SyS_read+0x210/0x210 [ 733.677353] ? __do_page_fault+0x159/0xad0 [ 733.681668] ? do_syscall_64+0x4c/0x640 [ 733.685664] ? sys_vfork+0x20/0x20 [ 733.689201] do_syscall_64+0x1d5/0x640 [ 733.693088] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 733.698269] RIP: 0033:0x466459 [ 733.701469] RSP: 002b:00007fd83f2f4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 733.709190] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 733.716454] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 733.723793] RBP: 00007fd83f2f41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 733.731057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 733.738320] R13: 00007ffefefe45cf R14: 00007fd83f2f4300 R15: 0000000000022000 [ 733.745646] CPU: 0 PID: 16401 Comm: syz-executor.3 Not tainted 4.14.228-syzkaller #0 [ 733.753539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 733.762913] Call Trace: [ 733.765510] dump_stack+0x1b2/0x281 [ 733.769141] should_fail.cold+0x10a/0x149 [ 733.773300] should_failslab+0xd6/0x130 [ 733.777283] kmem_cache_alloc_node+0x263/0x410 [ 733.781873] copy_process.part.0+0x17d3/0x71c0 [ 733.786463] ? get_pid_task+0xb8/0x130 [ 733.790353] ? proc_fail_nth_write+0x7b/0x180 [ 733.794863] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 733.799813] ? fsnotify+0x974/0x11b0 [ 733.803531] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 733.808471] ? __cleanup_sighand+0x40/0x40 [ 733.812717] ? lock_downgrade+0x740/0x740 [ 733.816868] ? vfs_write+0x35d/0x4d0 [ 733.820590] _do_fork+0x184/0xc80 [ 733.824072] ? fork_idle+0x270/0x270 [ 733.827797] ? fput+0xb/0x140 [ 733.830905] ? SyS_write+0x14d/0x210 [ 733.834626] ? SyS_read+0x210/0x210 [ 733.838263] ? __do_page_fault+0x159/0xad0 [ 733.842492] ? do_syscall_64+0x4c/0x640 [ 733.846457] ? sys_vfork+0x20/0x20 [ 733.850154] do_syscall_64+0x1d5/0x640 [ 733.854045] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 733.859365] RIP: 0033:0x466459 [ 733.862612] RSP: 002b:00007fdc76406188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 733.870316] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 733.877802] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 733.885070] RBP: 00007fdc764061d0 R08: ffffffffffffffff R09: 0000000000000000 [ 733.892557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 733.899828] R13: 00007ffe14220b5f R14: 00007fdc76406300 R15: 0000000000022000 [ 733.920917] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 733.937599] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 733.949067] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 733.961213] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 733.969846] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 733.984492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 733.996582] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 734.007110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 734.017051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 734.027291] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 734.037472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 734.047793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 734.057421] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 734.067797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 734.077552] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 734.087836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 734.099145] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 734.107308] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 734.116294] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 734.125391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 734.273263] Bluetooth: hci2 command 0x041b tx timeout [ 734.773938] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 734.789856] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 734.803358] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 734.820358] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 734.832597] device bridge_slave_1 left promiscuous mode [ 734.838124] bridge0: port 2(bridge_slave_1) entered disabled state [ 734.862256] device bridge_slave_0 left promiscuous mode [ 734.871773] bridge0: port 1(bridge_slave_0) entered disabled state [ 734.891575] device veth1_macvtap left promiscuous mode [ 734.896891] device veth0_macvtap left promiscuous mode [ 734.903171] device veth1_vlan left promiscuous mode [ 734.908378] device veth0_vlan left promiscuous mode [ 735.090679] device hsr_slave_1 left promiscuous mode [ 735.099169] device hsr_slave_0 left promiscuous mode [ 735.119688] team0 (unregistering): Port device team_slave_1 removed [ 735.131233] team0 (unregistering): Port device team_slave_0 removed [ 735.140664] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 735.150650] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 735.177734] bond0 (unregistering): Released all slaves [ 736.351810] Bluetooth: hci2 command 0x040f tx timeout [ 737.271663] IPVS: ftp: loaded support on port[0] = 21 [ 737.369851] chnl_net:caif_netlink_parms(): no params data found [ 737.427146] bridge0: port 1(bridge_slave_0) entered blocking state [ 737.434027] bridge0: port 1(bridge_slave_0) entered disabled state [ 737.441011] device bridge_slave_0 entered promiscuous mode [ 737.448465] bridge0: port 2(bridge_slave_1) entered blocking state [ 737.455010] bridge0: port 2(bridge_slave_1) entered disabled state [ 737.462825] device bridge_slave_1 entered promiscuous mode [ 737.481017] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 737.490512] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 737.510915] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 737.518151] team0: Port device team_slave_0 added [ 737.523987] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 737.531080] team0: Port device team_slave_1 added [ 737.549021] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 737.555341] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 737.580643] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 737.591915] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 737.598170] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 737.624222] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 737.635416] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 737.642936] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 737.663890] device hsr_slave_0 entered promiscuous mode [ 737.669522] device hsr_slave_1 entered promiscuous mode [ 737.675768] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 737.683079] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 737.756071] bridge0: port 2(bridge_slave_1) entered blocking state [ 737.762477] bridge0: port 2(bridge_slave_1) entered forwarding state [ 737.769060] bridge0: port 1(bridge_slave_0) entered blocking state [ 737.776525] bridge0: port 1(bridge_slave_0) entered forwarding state [ 737.806009] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 737.812580] 8021q: adding VLAN 0 to HW filter on device bond0 [ 737.821169] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 737.830490] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 737.838024] bridge0: port 1(bridge_slave_0) entered disabled state [ 737.845349] bridge0: port 2(bridge_slave_1) entered disabled state [ 737.856322] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 737.862783] 8021q: adding VLAN 0 to HW filter on device team0 [ 737.871457] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 737.879073] bridge0: port 1(bridge_slave_0) entered blocking state [ 737.885465] bridge0: port 1(bridge_slave_0) entered forwarding state [ 737.901976] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 737.909577] bridge0: port 2(bridge_slave_1) entered blocking state [ 737.916002] bridge0: port 2(bridge_slave_1) entered forwarding state [ 737.925192] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 737.941858] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 737.949111] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 737.958043] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 737.966835] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 737.976059] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 737.982250] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 737.994614] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 738.002231] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 738.008934] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 738.020133] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 738.074899] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 738.084661] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 738.118655] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 738.126103] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 738.134937] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 738.145401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 738.153764] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 738.160601] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 738.170619] device veth0_vlan entered promiscuous mode [ 738.179504] device veth1_vlan entered promiscuous mode [ 738.185803] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 738.195747] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 738.207072] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 738.217004] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 738.224899] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 738.233161] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 738.243894] device veth0_macvtap entered promiscuous mode [ 738.250359] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 738.260565] device veth1_macvtap entered promiscuous mode [ 738.270262] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 738.280244] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 738.289820] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 738.299887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 738.309531] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 738.319358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 738.328706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 738.338561] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 738.347827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 738.357984] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 738.367277] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 738.377384] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 738.387880] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 738.396337] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 738.403890] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 738.412634] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 738.421920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 738.432132] Bluetooth: hci2 command 0x0419 tx timeout [ 738.436426] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 738.447266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 738.458026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 738.467230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 738.477039] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 738.487241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 738.497123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 738.506321] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 738.516560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 738.526752] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 738.533879] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 738.541414] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 738.549248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 22:05:35 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r4, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, r4, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r4) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r5 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) r6 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r6, 0x0) accept4$unix(r6, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) 22:05:35 executing program 4 (fault-call:10 fault-nth:55): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:35 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0xdaa5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) getpid() r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x4180, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000300)={0xb, {'syz1\x00', 'syz1\x00', 'syz1\x00', 0xed, 0x3f, 0x5, 0x4, 0x3, 0x9109, "0e4c98195a4eada2b7b842d65a65a2a5fabc8a30100be5eb995d957ab0b5fe63ab242052c3c0315094d87147839dc5e2b573197c672363fafb402ff551e00a4845c9b0057c9abad1abdaddd452c7a0ab174a9c3872c6daef689fd1646dcbdecbc0113cb546c47a2458035ed8620fdc35d714591d227c54de28d873f1c85989fbd9a9e934b99e6f74a7e1dbc3cba6bb6a38f6482dc2fde1100b22d6301449da6875e6204d24e49349a53bfea7f4b7ea8cbe37e2c3967cac6e6f5e264c8b6db3ba0cdc813ab7a12da41c5a099e3f3e17adbefd30316a26ae492e2bc4f373c92a9d844cb4368bb59aad8cde296392"}}, 0x205) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500)}], 0x1, 0x2) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:35 executing program 3 (fault-call:10 fault-nth:1): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:35 executing program 2 (fault-call:10 fault-nth:2): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:35 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = getpid() sched_setattr(r3, 0x0, 0x0) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) 22:05:35 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r4, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, r4, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r4) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r5 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) r6 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r6, 0x0) accept4$unix(r6, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) [ 738.787269] FAULT_INJECTION: forcing a failure. [ 738.787269] name failslab, interval 1, probability 0, space 0, times 0 [ 738.798866] CPU: 0 PID: 16724 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0 [ 738.806815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 738.816171] Call Trace: [ 738.818757] dump_stack+0x1b2/0x281 [ 738.822449] should_fail.cold+0x10a/0x149 [ 738.826688] should_failslab+0xd6/0x130 [ 738.830657] kmem_cache_alloc+0x28e/0x3c0 [ 738.834803] prepare_creds+0x39/0x490 [ 738.838588] copy_creds+0x72/0x910 [ 738.842128] copy_process.part.0+0x863/0x71c0 [ 738.846737] ? get_pid_task+0xb8/0x130 [ 738.850632] ? proc_fail_nth_write+0x7b/0x180 [ 738.855119] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 738.860233] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 738.865179] ? __cleanup_sighand+0x40/0x40 [ 738.869408] ? lock_downgrade+0x740/0x740 [ 738.873560] ? vfs_write+0x35d/0x4d0 [ 738.877270] _do_fork+0x184/0xc80 [ 738.880712] ? fork_idle+0x270/0x270 [ 738.884446] ? fput+0xb/0x140 [ 738.887560] ? SyS_write+0x14d/0x210 [ 738.891265] ? SyS_read+0x210/0x210 [ 738.894877] ? __do_page_fault+0x159/0xad0 [ 738.899101] ? do_syscall_64+0x4c/0x640 [ 738.903072] ? sys_vfork+0x20/0x20 [ 738.906609] do_syscall_64+0x1d5/0x640 [ 738.910484] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 738.915660] RIP: 0033:0x466459 [ 738.918830] RSP: 002b:00007fd83f2f4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 738.926523] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 738.934650] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 738.941942] RBP: 00007fd83f2f41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 738.949203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 738.956479] R13: 00007ffefefe45cf R14: 00007fd83f2f4300 R15: 0000000000022000 [ 738.982882] FAULT_INJECTION: forcing a failure. [ 738.982882] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 738.994993] CPU: 0 PID: 16729 Comm: syz-executor.3 Not tainted 4.14.228-syzkaller #0 [ 739.002910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 739.012380] Call Trace: [ 739.015066] dump_stack+0x1b2/0x281 [ 739.018708] should_fail.cold+0x10a/0x149 [ 739.023003] __alloc_pages_nodemask+0x22c/0x2720 [ 739.027800] ? trace_hardirqs_on+0x10/0x10 [ 739.032074] ? __might_fault+0x104/0x1b0 [ 739.036178] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 739.041182] ? fs_reclaim_release+0xd0/0x110 [ 739.045593] ? copy_process.part.0+0x17d3/0x71c0 [ 739.050355] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 739.055823] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 739.060964] ? kmem_cache_alloc_node+0x38b/0x410 [ 739.065732] copy_process.part.0+0x265/0x71c0 [ 739.070237] ? get_pid_task+0xb8/0x130 [ 739.074223] ? proc_fail_nth_write+0x7b/0x180 [ 739.078766] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 739.083718] ? fsnotify+0x974/0x11b0 22:05:35 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r4, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, r4, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r4) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r5 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) r6 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r6, 0x0) accept4$unix(r6, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) [ 739.087436] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 739.092378] ? __cleanup_sighand+0x40/0x40 [ 739.096631] ? lock_downgrade+0x740/0x740 [ 739.100788] ? vfs_write+0x35d/0x4d0 [ 739.104550] _do_fork+0x184/0xc80 [ 739.108020] ? fork_idle+0x270/0x270 [ 739.111736] ? fput+0xb/0x140 [ 739.114849] ? SyS_write+0x14d/0x210 [ 739.118647] ? SyS_read+0x210/0x210 [ 739.122297] ? __do_page_fault+0x159/0xad0 [ 739.126542] ? do_syscall_64+0x4c/0x640 [ 739.130500] ? sys_vfork+0x20/0x20 [ 739.134028] do_syscall_64+0x1d5/0x640 [ 739.137902] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 739.143084] RIP: 0033:0x466459 [ 739.146269] RSP: 002b:00007fdc763e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 739.153977] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 739.161237] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 739.168497] RBP: 00007fdc763e51d0 R08: ffffffffffffffff R09: 0000000000000000 [ 739.175756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 739.183020] R13: 00007ffe14220b5f R14: 00007fdc763e5300 R15: 0000000000022000 [ 739.203879] FAULT_INJECTION: forcing a failure. [ 739.203879] name failslab, interval 1, probability 0, space 0, times 0 [ 739.215429] CPU: 0 PID: 16730 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 739.223329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 739.232692] Call Trace: [ 739.235290] dump_stack+0x1b2/0x281 [ 739.238931] should_fail.cold+0x10a/0x149 [ 739.243093] should_failslab+0xd6/0x130 [ 739.247079] kmem_cache_alloc+0x28e/0x3c0 [ 739.251537] alloc_vfsmnt+0x23/0x7f0 [ 739.255295] clone_mnt+0x6c/0xff0 [ 739.258782] copy_tree+0x33e/0xa20 [ 739.262331] copy_mnt_ns+0x167/0xa30 [ 739.266069] ? create_new_namespaces+0x30/0x720 [ 739.270739] ? do_mount+0x2a00/0x2a00 [ 739.274547] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 739.279557] ? kmem_cache_alloc+0x35f/0x3c0 [ 739.283881] create_new_namespaces+0xc9/0x720 [ 739.288370] ? security_capable+0x88/0xb0 [ 739.292518] copy_namespaces+0x27b/0x310 [ 739.296603] copy_process.part.0+0x25f8/0x71c0 [ 739.301189] ? trace_hardirqs_on+0x10/0x10 [ 739.305533] ? lock_downgrade+0x740/0x740 [ 739.309688] ? _raw_spin_unlock_irq+0x24/0x80 [ 739.311457] Bluetooth: hci3 command 0x0409 tx timeout [ 739.314189] ? __cleanup_sighand+0x40/0x40 [ 739.314200] ? lock_downgrade+0x740/0x740 [ 739.314212] ? _raw_spin_unlock_irq+0x24/0x80 [ 739.314227] _do_fork+0x184/0xc80 [ 739.335803] ? fork_idle+0x270/0x270 [ 739.339520] ? io_schedule_timeout+0x140/0x140 [ 739.344182] ? do_syscall_64+0x4c/0x640 [ 739.348158] ? sys_vfork+0x20/0x20 [ 739.351695] do_syscall_64+0x1d5/0x640 [ 739.355706] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 739.361936] RIP: 0033:0x466459 [ 739.365163] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 739.372863] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 739.380148] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 739.387407] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 739.394938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 739.402205] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 22:05:35 executing program 3 (fault-call:10 fault-nth:2): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:35 executing program 2 (fault-call:10 fault-nth:3): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:35 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x40, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:35 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = getpid() sched_setattr(r3, 0x0, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) 22:05:36 executing program 4 (fault-call:10 fault-nth:56): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 739.708139] FAULT_INJECTION: forcing a failure. [ 739.708139] name failslab, interval 1, probability 0, space 0, times 0 [ 739.720652] CPU: 0 PID: 16741 Comm: syz-executor.3 Not tainted 4.14.228-syzkaller #0 [ 739.728660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 739.731588] FAULT_INJECTION: forcing a failure. [ 739.731588] name failslab, interval 1, probability 0, space 0, times 0 [ 739.738112] Call Trace: [ 739.738136] dump_stack+0x1b2/0x281 [ 739.738150] should_fail.cold+0x10a/0x149 [ 739.738167] should_failslab+0xd6/0x130 [ 739.764291] kmem_cache_alloc+0x28e/0x3c0 [ 739.768435] prepare_creds+0x39/0x490 [ 739.772241] copy_creds+0x72/0x910 [ 739.775874] copy_process.part.0+0x863/0x71c0 [ 739.780376] ? get_pid_task+0xb8/0x130 [ 739.784274] ? proc_fail_nth_write+0x7b/0x180 [ 739.788775] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 739.793898] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 739.798846] ? __cleanup_sighand+0x40/0x40 [ 739.803089] ? lock_downgrade+0x740/0x740 [ 739.807237] ? vfs_write+0x35d/0x4d0 [ 739.811483] _do_fork+0x184/0xc80 [ 739.814938] ? fork_idle+0x270/0x270 [ 739.818661] ? fput+0xb/0x140 [ 739.821760] ? SyS_write+0x14d/0x210 [ 739.825484] ? SyS_read+0x210/0x210 [ 739.829127] ? __do_page_fault+0x159/0xad0 [ 739.833366] ? do_syscall_64+0x4c/0x640 [ 739.837332] ? sys_vfork+0x20/0x20 [ 739.840871] do_syscall_64+0x1d5/0x640 [ 739.844756] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 739.849953] RIP: 0033:0x466459 [ 739.853135] RSP: 002b:00007fdc76406188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 739.860929] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 739.868201] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 739.875498] RBP: 00007fdc764061d0 R08: ffffffffffffffff R09: 0000000000000000 [ 739.882771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 739.890127] R13: 00007ffe14220b5f R14: 00007fdc76406300 R15: 0000000000022000 [ 739.897422] CPU: 1 PID: 16760 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0 [ 739.905326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 739.914717] Call Trace: [ 739.917404] dump_stack+0x1b2/0x281 [ 739.921063] should_fail.cold+0x10a/0x149 [ 739.925239] should_failslab+0xd6/0x130 [ 739.929257] kmem_cache_alloc_trace+0x29a/0x3d0 [ 739.933936] aa_alloc_task_context+0x4d/0x90 [ 739.938364] apparmor_cred_prepare+0x1a/0xb0 [ 739.942779] security_prepare_creds+0x76/0xb0 [ 739.947314] prepare_creds+0x2ef/0x490 [ 739.951209] copy_creds+0x72/0x910 [ 739.954796] copy_process.part.0+0x863/0x71c0 [ 739.959303] ? get_pid_task+0xb8/0x130 [ 739.963198] ? proc_fail_nth_write+0x7b/0x180 [ 739.967696] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 739.972633] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 739.977587] ? __cleanup_sighand+0x40/0x40 [ 739.981825] ? lock_downgrade+0x740/0x740 [ 739.985989] ? vfs_write+0x35d/0x4d0 [ 739.989708] _do_fork+0x184/0xc80 [ 739.993166] ? fork_idle+0x270/0x270 [ 739.996884] ? fput+0xb/0x140 [ 739.999989] ? SyS_write+0x14d/0x210 [ 740.003701] ? SyS_read+0x210/0x210 [ 740.007325] ? __do_page_fault+0x159/0xad0 [ 740.011571] ? do_syscall_64+0x4c/0x640 [ 740.015542] ? sys_vfork+0x20/0x20 [ 740.019120] do_syscall_64+0x1d5/0x640 [ 740.023015] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 740.028206] RIP: 0033:0x466459 [ 740.031873] RSP: 002b:00007fd83f2f4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 740.039589] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 740.046873] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 740.054143] RBP: 00007fd83f2f41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 740.061412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 740.068683] R13: 00007ffefefe45cf R14: 00007fd83f2f4300 R15: 0000000000022000 [ 740.185812] FAULT_INJECTION: forcing a failure. [ 740.185812] name failslab, interval 1, probability 0, space 0, times 0 [ 740.197492] CPU: 0 PID: 16773 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 740.205388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 740.214743] Call Trace: [ 740.217341] dump_stack+0x1b2/0x281 [ 740.220979] should_fail.cold+0x10a/0x149 [ 740.225144] should_failslab+0xd6/0x130 [ 740.229129] __kmalloc_track_caller+0x2bc/0x400 [ 740.233909] ? kstrdup_const+0x35/0x60 [ 740.237799] ? lock_downgrade+0x740/0x740 [ 740.241954] kstrdup+0x36/0x70 [ 740.245151] kstrdup_const+0x35/0x60 [ 740.248876] alloc_vfsmnt+0xe0/0x7f0 [ 740.252593] clone_mnt+0x6c/0xff0 [ 740.256075] copy_tree+0x33e/0xa20 [ 740.259628] copy_mnt_ns+0x167/0xa30 [ 740.263354] ? create_new_namespaces+0x30/0x720 [ 740.268025] ? do_mount+0x2a00/0x2a00 [ 740.271831] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 740.276852] ? kmem_cache_alloc+0x35f/0x3c0 [ 740.281189] create_new_namespaces+0xc9/0x720 22:05:36 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x3, 0x424000) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x0, 0x0) r2 = creat(&(0x7f0000000340)='./file0\x00', 0x0) ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f00000001c0)=ANY=[@ANYBLOB="000000002a250000d68ae1ffffff000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff7e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010800"/180]) perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x4, 0x8, 0x51, 0x1, 0x0, 0x1, 0x400, 0xa, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x100, 0x10001}, 0xa0, 0x100000001, 0x7, 0x9, 0xfffffffffffffffd, 0x9, 0x2}, r1, 0x4, r2, 0x0) sched_setattr(r0, &(0x7f0000000100)={0x38, 0x5, 0x38, 0x9, 0xd126, 0x5, 0xd50, 0x5, 0x401, 0x401}, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) openat(r4, &(0x7f00000000c0)='./file0\x00', 0x20000, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x42, 0x4, 0x2, 0x6, 0x80000001, 0x1ff, 0x5, 0x200}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 740.285702] ? security_capable+0x88/0xb0 [ 740.289862] copy_namespaces+0x27b/0x310 [ 740.293973] copy_process.part.0+0x25f8/0x71c0 [ 740.298580] ? get_pid_task+0xb8/0x130 [ 740.302588] ? proc_fail_nth_write+0x7b/0x180 [ 740.307088] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 740.312031] ? __cleanup_sighand+0x40/0x40 [ 740.316290] ? lock_downgrade+0x740/0x740 [ 740.320454] _do_fork+0x184/0xc80 [ 740.323912] ? fork_idle+0x270/0x270 [ 740.327637] ? fput+0xb/0x140 [ 740.330745] ? SyS_write+0x14d/0x210 [ 740.334477] ? SyS_read+0x210/0x210 [ 740.338106] ? __do_page_fault+0x159/0xad0 [ 740.342341] ? do_syscall_64+0x4c/0x640 [ 740.346313] ? sys_vfork+0x20/0x20 [ 740.349861] do_syscall_64+0x1d5/0x640 [ 740.353756] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 740.358954] RIP: 0033:0x466459 [ 740.362138] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 740.369848] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 740.377206] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 740.384478] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 740.391751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 740.399034] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 22:05:36 executing program 3 (fault-call:10 fault-nth:3): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:36 executing program 2 (fault-call:10 fault-nth:4): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:36 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = getpid() sched_setattr(r3, 0x0, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) 22:05:36 executing program 4 (fault-call:10 fault-nth:57): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 740.667848] FAULT_INJECTION: forcing a failure. [ 740.667848] name failslab, interval 1, probability 0, space 0, times 0 [ 740.679655] CPU: 1 PID: 16802 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0 [ 740.687555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 740.689173] FAULT_INJECTION: forcing a failure. [ 740.689173] name failslab, interval 1, probability 0, space 0, times 0 [ 740.699957] Call Trace: [ 740.699981] dump_stack+0x1b2/0x281 [ 740.699995] should_fail.cold+0x10a/0x149 [ 740.700007] should_failslab+0xd6/0x130 [ 740.700019] kmem_cache_alloc+0x28e/0x3c0 [ 740.700031] __delayacct_tsk_init+0x1b/0x80 [ 740.700040] copy_process.part.0+0x1a6a/0x71c0 [ 740.700050] ? get_pid_task+0xb8/0x130 [ 740.700060] ? proc_fail_nth_write+0x7b/0x180 [ 740.700069] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 740.700082] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 740.700094] ? __cleanup_sighand+0x40/0x40 [ 740.700112] ? lock_downgrade+0x740/0x740 [ 740.766346] ? vfs_write+0x35d/0x4d0 [ 740.770060] _do_fork+0x184/0xc80 [ 740.773534] ? fork_idle+0x270/0x270 [ 740.777373] ? fput+0xb/0x140 [ 740.780477] ? SyS_write+0x14d/0x210 [ 740.784191] ? SyS_read+0x210/0x210 [ 740.787857] ? __do_page_fault+0x159/0xad0 [ 740.792213] ? do_syscall_64+0x4c/0x640 [ 740.796213] ? sys_vfork+0x20/0x20 [ 740.799766] do_syscall_64+0x1d5/0x640 [ 740.803666] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 740.808871] RIP: 0033:0x466459 [ 740.812070] RSP: 002b:00007fd83f2f4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 740.819791] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 740.827068] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 740.834511] RBP: 00007fd83f2f41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 740.841975] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 740.849291] R13: 00007ffefefe45cf R14: 00007fd83f2f4300 R15: 0000000000022000 [ 740.856595] CPU: 0 PID: 16805 Comm: syz-executor.3 Not tainted 4.14.228-syzkaller #0 [ 740.864663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 740.874119] Call Trace: [ 740.876744] dump_stack+0x1b2/0x281 [ 740.880386] should_fail.cold+0x10a/0x149 [ 740.885065] should_failslab+0xd6/0x130 [ 740.889057] kmem_cache_alloc+0x28e/0x3c0 [ 740.893213] prepare_creds+0x39/0x490 [ 740.897017] copy_creds+0x72/0x910 [ 740.900562] copy_process.part.0+0x863/0x71c0 [ 740.905064] ? get_pid_task+0xb8/0x130 [ 740.908949] ? proc_fail_nth_write+0x7b/0x180 [ 740.913448] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 740.918502] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 740.923439] ? __cleanup_sighand+0x40/0x40 [ 740.927682] ? lock_downgrade+0x740/0x740 [ 740.931833] ? vfs_write+0x35d/0x4d0 [ 740.935564] _do_fork+0x184/0xc80 [ 740.939029] ? fork_idle+0x270/0x270 [ 740.942746] ? fput+0xb/0x140 [ 740.946045] ? SyS_write+0x14d/0x210 [ 740.949762] ? SyS_read+0x210/0x210 [ 740.953412] ? __do_page_fault+0x159/0xad0 [ 740.957646] ? do_syscall_64+0x4c/0x640 [ 740.961625] ? sys_vfork+0x20/0x20 [ 740.965176] do_syscall_64+0x1d5/0x640 [ 740.969071] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 740.974529] RIP: 0033:0x466459 [ 740.977726] RSP: 002b:00007fdc763c4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 740.985434] RAX: ffffffffffffffda RBX: 000000000056c0b0 RCX: 0000000000466459 [ 740.992704] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 740.999978] RBP: 00007fdc763c41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 741.007362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 22:05:37 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, &(0x7f00000003c0)={0x0, {}, 0x0, {}, 0x8, 0x4, 0x1, 0x1f, "2caac387e8a685e8286c70a8ec4c9e62b6771fc78cb14ec5123f1f165615fb27d0bddc94269b4f2c48700312f23505efc63ec287b795ac3614febc45541a5537", "ac265a07435c0236e11b0684e6c537e37eebcf42cc9fccb2dee50f1502ad429b", [0x80000000]}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000500)}, {&(0x7f0000000140)="f0ff8bfca84d1f103d61f1ad4c55d010fe565a020cc8f06be23aec1fb21b8cc46a8e06b526a23db94864066bbfccc6773418f6a54862c3b1c00aaf66e798046d52316d668e59090b5ee1c310e74f4f357fa4", 0x52}, {&(0x7f0000000740)="09d03e6b8da9810db2ec4dc964f2635bea93b91b31f7766635c777f759e26749a5b96ff74218e7881c7d84d2fe9e2527a6d0e0ba5dbd2794b13d3ef0b4a2d548afbae6e4171f7a372e7f477f041b2f5c05e1e1601f0816807031d33afd6ae5f89fabe2d33673717fea8de179431f8c21977cf09d6e639efd6928a40ff88fe0caae44a63ad04f0084b411ba417caf779875961bc4ff79f556", 0x98}], 0x3, 0x0) vmsplice(r0, &(0x7f00000004c0)=[{&(0x7f0000000540)="9bddc26be5298eec8501000000e9f6c963811a9d72089c322e6d6cd0b671ce97ae6bc46f9536b76c2d6e8d1b8f199f33448c4e45e6f342d1fc4942b24c1e49c81639e3e33d468110000000003ed8183527677a8aaf0e4900f5cd8a0c16db0b20513078188c8ac9db6abe0b7d058c5705579e0be9c76115d431cc2fd420f4e6a370ced0b7b113189435c4d818f63d7029073ec1bfb2fe4f157432f52319c36ef834f4b0b3567df4522f06a8211c85ede486c8da84dbb33adb7613baa63aa1eafcdc7e7a0de6da6400005becd54ceca6c5ad0808cf95bff02962be0e5fb144870b7de4a2f8241e1070252aff4ccf2c0a8c", 0xf0}], 0x1, 0xc) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0xf85) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e23, @multicast1}, 0x10) getrlimit(0xe, &(0x7f0000000500)) sendto$inet(r3, 0x0, 0x0, 0x40047fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0x85}}, 0x10) sendto$inet(r3, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x0, 0x0, 0x53) readv(r3, &(0x7f0000000280)=[{&(0x7f0000000640)=""/250, 0xfa}, {&(0x7f0000000300)=""/188, 0xbc}], 0x2) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 741.014640] R13: 00007ffe14220b5f R14: 00007fdc763c4300 R15: 0000000000022000 [ 741.137877] FAULT_INJECTION: forcing a failure. [ 741.137877] name failslab, interval 1, probability 0, space 0, times 0 [ 741.149441] CPU: 0 PID: 16817 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 741.157348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 741.166706] Call Trace: [ 741.169297] dump_stack+0x1b2/0x281 [ 741.172955] should_fail.cold+0x10a/0x149 [ 741.177110] should_failslab+0xd6/0x130 [ 741.181191] kmem_cache_alloc+0x28e/0x3c0 [ 741.185376] alloc_vfsmnt+0x23/0x7f0 [ 741.189091] clone_mnt+0x6c/0xff0 [ 741.192556] copy_tree+0x33e/0xa20 [ 741.196107] copy_mnt_ns+0x167/0xa30 [ 741.199825] ? create_new_namespaces+0x30/0x720 [ 741.204506] ? do_mount+0x2a00/0x2a00 [ 741.208328] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 741.213438] ? kmem_cache_alloc+0x35f/0x3c0 [ 741.217769] create_new_namespaces+0xc9/0x720 [ 741.222407] copy_namespaces+0x27b/0x310 [ 741.226477] copy_process.part.0+0x25f8/0x71c0 [ 741.231071] ? __schedule+0x893/0x1de0 [ 741.234980] ? retint_kernel+0x2d/0x2d [ 741.238895] ? __cleanup_sighand+0x40/0x40 [ 741.243146] _do_fork+0x184/0xc80 [ 741.246612] ? fork_idle+0x270/0x270 [ 741.250335] ? fput+0xb/0x140 [ 741.253447] ? SyS_write+0x14d/0x210 [ 741.257168] ? SyS_read+0x210/0x210 [ 741.260806] ? do_syscall_64+0x4c/0x640 [ 741.264785] ? sys_vfork+0x20/0x20 [ 741.268330] do_syscall_64+0x1d5/0x640 [ 741.272236] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 741.277438] RIP: 0033:0x466459 [ 741.280648] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 741.288361] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 741.295634] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 741.303434] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 741.310840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 741.318142] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 [ 741.474866] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 741.494587] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 741.514660] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 741.522743] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 741.551659] device bridge_slave_1 left promiscuous mode [ 741.557227] bridge0: port 2(bridge_slave_1) entered disabled state [ 741.572726] device bridge_slave_0 left promiscuous mode [ 741.592586] bridge0: port 1(bridge_slave_0) entered disabled state [ 741.605500] device veth1_macvtap left promiscuous mode [ 741.610917] device veth0_macvtap left promiscuous mode [ 741.617783] device veth1_vlan left promiscuous mode [ 741.623715] device veth0_vlan left promiscuous mode [ 741.763340] device hsr_slave_1 left promiscuous mode [ 741.778291] device hsr_slave_0 left promiscuous mode [ 741.797619] team0 (unregistering): Port device team_slave_1 removed [ 741.820358] team0 (unregistering): Port device team_slave_0 removed [ 741.847496] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 741.863635] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 741.916339] bond0 (unregistering): Released all slaves [ 744.213655] IPVS: ftp: loaded support on port[0] = 21 [ 744.339352] chnl_net:caif_netlink_parms(): no params data found [ 744.393743] bridge0: port 1(bridge_slave_0) entered blocking state [ 744.400258] bridge0: port 1(bridge_slave_0) entered disabled state [ 744.407913] device bridge_slave_0 entered promiscuous mode [ 744.414918] bridge0: port 2(bridge_slave_1) entered blocking state [ 744.421301] bridge0: port 2(bridge_slave_1) entered disabled state [ 744.429165] device bridge_slave_1 entered promiscuous mode [ 744.448980] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 744.458018] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 744.478659] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 744.485960] team0: Port device team_slave_0 added [ 744.492704] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 744.499811] team0: Port device team_slave_1 added [ 744.518058] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 744.524406] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 744.549829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 744.560802] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 744.567319] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 744.593121] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 744.604055] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 744.611429] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 744.633155] device hsr_slave_0 entered promiscuous mode [ 744.638792] device hsr_slave_1 entered promiscuous mode [ 744.645080] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 744.652306] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 744.725139] bridge0: port 2(bridge_slave_1) entered blocking state [ 744.731581] bridge0: port 2(bridge_slave_1) entered forwarding state [ 744.738207] bridge0: port 1(bridge_slave_0) entered blocking state [ 744.744626] bridge0: port 1(bridge_slave_0) entered forwarding state [ 744.780341] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 744.786920] 8021q: adding VLAN 0 to HW filter on device bond0 [ 744.796739] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 744.806315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 744.814165] bridge0: port 1(bridge_slave_0) entered disabled state [ 744.820778] bridge0: port 2(bridge_slave_1) entered disabled state [ 744.830720] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 744.837084] 8021q: adding VLAN 0 to HW filter on device team0 [ 744.846158] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 744.853901] bridge0: port 1(bridge_slave_0) entered blocking state [ 744.860350] bridge0: port 1(bridge_slave_0) entered forwarding state [ 744.869820] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 744.877803] bridge0: port 2(bridge_slave_1) entered blocking state [ 744.884195] bridge0: port 2(bridge_slave_1) entered forwarding state [ 744.901853] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 744.909617] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 744.918664] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 744.928513] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 744.940105] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 744.951197] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 744.957374] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 744.965890] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 744.978755] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 744.986867] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 744.993654] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 745.005933] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 745.059376] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 745.069055] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 745.101295] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 745.109077] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 745.117187] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 745.126771] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 745.135431] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 745.142683] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 745.151600] device veth0_vlan entered promiscuous mode [ 745.159984] device veth1_vlan entered promiscuous mode [ 745.166615] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 745.175600] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 745.188202] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 745.197636] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 745.205977] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 745.213662] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 745.225810] device veth0_macvtap entered promiscuous mode [ 745.231917] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 745.240099] device veth1_macvtap entered promiscuous mode [ 745.249626] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 745.259096] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 745.268057] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 745.278188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 745.287421] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 745.297372] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 745.306602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 745.316564] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 745.325754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 745.335597] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 745.344799] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 745.354585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 745.365761] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 745.373390] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 745.380437] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 745.390256] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 745.402446] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 745.412402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 745.422774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 745.433453] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 745.444431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 745.455193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 745.464784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 745.475101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 745.484659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 745.494945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 745.505368] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 745.512889] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 745.520296] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 745.529767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 22:05:42 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r4, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, r4, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r4) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r5 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) r6 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r6, 0x0) accept4$unix(r6, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) 22:05:42 executing program 2 (fault-call:10 fault-nth:5): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:42 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = getpid() sched_setattr(r3, 0x0, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) 22:05:42 executing program 3 (fault-call:10 fault-nth:4): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:42 executing program 4 (fault-call:10 fault-nth:58): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:42 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) ioctl$BLKBSZSET(r0, 0x40081271, &(0x7f0000000040)=0x6) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0xa0128580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:42 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r4, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, r4, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r4) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r5 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) r6 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r6, 0x0) accept4$unix(r6, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) [ 745.781843] FAULT_INJECTION: forcing a failure. [ 745.781843] name failslab, interval 1, probability 0, space 0, times 0 [ 745.793533] CPU: 0 PID: 17101 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0 [ 745.801417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 745.810794] Call Trace: [ 745.813392] dump_stack+0x1b2/0x281 [ 745.817027] should_fail.cold+0x10a/0x149 [ 745.821201] should_failslab+0xd6/0x130 [ 745.825189] kmem_cache_alloc+0x28e/0x3c0 [ 745.829345] __delayacct_tsk_init+0x1b/0x80 [ 745.833669] copy_process.part.0+0x1a6a/0x71c0 [ 745.838258] ? get_pid_task+0xb8/0x130 [ 745.842147] ? proc_fail_nth_write+0x7b/0x180 [ 745.846675] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 745.851700] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 745.856640] ? __cleanup_sighand+0x40/0x40 [ 745.860898] ? lock_downgrade+0x740/0x740 [ 745.863150] FAULT_INJECTION: forcing a failure. [ 745.863150] name failslab, interval 1, probability 0, space 0, times 0 [ 745.865046] ? vfs_write+0x35d/0x4d0 [ 745.865071] _do_fork+0x184/0xc80 [ 745.883392] ? fork_idle+0x270/0x270 [ 745.887096] ? fput+0xb/0x140 [ 745.890190] ? SyS_write+0x14d/0x210 [ 745.894072] ? SyS_read+0x210/0x210 [ 745.897691] ? __do_page_fault+0x159/0xad0 [ 745.901914] ? do_syscall_64+0x4c/0x640 [ 745.905879] ? sys_vfork+0x20/0x20 [ 745.909410] do_syscall_64+0x1d5/0x640 [ 745.913298] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 745.918479] RIP: 0033:0x466459 [ 745.921659] RSP: 002b:00007fd83f2f4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 745.929357] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 745.936615] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 745.943889] RBP: 00007fd83f2f41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 745.951153] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 745.958417] R13: 00007ffefefe45cf R14: 00007fd83f2f4300 R15: 0000000000022000 [ 745.965691] CPU: 1 PID: 17105 Comm: syz-executor.3 Not tainted 4.14.228-syzkaller #0 [ 745.973584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 745.982941] Call Trace: [ 745.985543] dump_stack+0x1b2/0x281 [ 745.989171] should_fail.cold+0x10a/0x149 [ 745.993319] should_failslab+0xd6/0x130 [ 745.997315] kmem_cache_alloc_trace+0x29a/0x3d0 [ 746.002003] aa_alloc_task_context+0x4d/0x90 [ 746.006424] apparmor_cred_prepare+0x1a/0xb0 [ 746.010835] security_prepare_creds+0x76/0xb0 [ 746.015345] prepare_creds+0x2ef/0x490 [ 746.019326] copy_creds+0x72/0x910 [ 746.022873] copy_process.part.0+0x863/0x71c0 [ 746.027370] ? get_pid_task+0xb8/0x130 [ 746.031263] ? proc_fail_nth_write+0x7b/0x180 [ 746.035766] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 746.040706] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 746.045651] ? __cleanup_sighand+0x40/0x40 [ 746.049896] ? lock_downgrade+0x740/0x740 [ 746.054063] ? vfs_write+0x35d/0x4d0 [ 746.057784] _do_fork+0x184/0xc80 [ 746.061259] ? fork_idle+0x270/0x270 [ 746.064969] ? fput+0xb/0x140 [ 746.068075] ? SyS_write+0x14d/0x210 [ 746.071785] ? SyS_read+0x210/0x210 [ 746.075410] ? __do_page_fault+0x159/0xad0 [ 746.079647] ? do_syscall_64+0x4c/0x640 [ 746.083618] ? sys_vfork+0x20/0x20 [ 746.087428] do_syscall_64+0x1d5/0x640 [ 746.091320] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 746.092053] FAULT_INJECTION: forcing a failure. [ 746.092053] name failslab, interval 1, probability 0, space 0, times 0 [ 746.096787] RIP: 0033:0x466459 [ 746.096793] RSP: 002b:00007fdc763c4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 746.096809] RAX: ffffffffffffffda RBX: 000000000056c0b0 RCX: 0000000000466459 [ 746.126109] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 746.133371] RBP: 00007fdc763c41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 746.140629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 746.147902] R13: 00007ffe14220b5f R14: 00007fdc763c4300 R15: 0000000000022000 [ 746.155267] CPU: 0 PID: 17110 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 746.163153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 746.172512] Call Trace: [ 746.175107] dump_stack+0x1b2/0x281 [ 746.178739] should_fail.cold+0x10a/0x149 22:05:42 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r4, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, r4, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r5 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) r6 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r6, 0x0) accept4$unix(r6, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) [ 746.182896] should_failslab+0xd6/0x130 [ 746.186876] kmem_cache_alloc+0x28e/0x3c0 [ 746.191033] alloc_vfsmnt+0x23/0x7f0 [ 746.194835] clone_mnt+0x6c/0xff0 [ 746.198296] copy_tree+0x33e/0xa20 [ 746.201847] copy_mnt_ns+0x167/0xa30 [ 746.205584] ? create_new_namespaces+0x30/0x720 [ 746.210256] ? do_mount+0x2a00/0x2a00 [ 746.214058] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 746.219080] ? kmem_cache_alloc+0x35f/0x3c0 [ 746.223407] create_new_namespaces+0xc9/0x720 [ 746.227923] ? security_capable+0x88/0xb0 [ 746.232075] copy_namespaces+0x27b/0x310 [ 746.236139] copy_process.part.0+0x25f8/0x71c0 [ 746.240724] ? get_pid_task+0xb8/0x130 [ 746.244635] ? proc_fail_nth_write+0x7b/0x180 [ 746.249153] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 746.254097] ? __cleanup_sighand+0x40/0x40 [ 746.258351] ? lock_downgrade+0x740/0x740 [ 746.262506] _do_fork+0x184/0xc80 [ 746.265962] ? fork_idle+0x270/0x270 [ 746.269676] ? fput+0xb/0x140 [ 746.272789] ? SyS_write+0x14d/0x210 [ 746.276505] ? SyS_read+0x210/0x210 [ 746.280131] ? __do_page_fault+0x159/0xad0 [ 746.284367] ? do_syscall_64+0x4c/0x640 [ 746.288411] ? sys_vfork+0x20/0x20 [ 746.291996] do_syscall_64+0x1d5/0x640 [ 746.295877] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 746.301093] RIP: 0033:0x466459 [ 746.304272] RSP: 002b:00007f1932689188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 746.312139] RAX: ffffffffffffffda RBX: 000000000056c200 RCX: 0000000000466459 [ 746.319397] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 746.326741] RBP: 00007f19326891d0 R08: ffffffffffffffff R09: 0000000000000000 [ 746.334004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 746.341271] R13: 00007ffeea19aebf R14: 00007f1932689300 R15: 0000000000022000 [ 746.353887] Bluetooth: hci3 command 0x0409 tx timeout 22:05:42 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) write(r1, &(0x7f0000000100)="9d671f538165daadd0022ed5570834098237fede3178aba2bc7bb94e41200d02cdc03987e7432db6f3645d0045661df816dbbf8b49d47f7afb16db83604024bc223ff7", 0x43) r2 = fork() process_vm_writev(r2, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) sched_setattr(r2, &(0x7f0000000180)={0x38, 0x2, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x7fff}, 0x0) r3 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dlm-control\x00', 0x0, 0x0) fcntl$setpipe(r3, 0x407, 0x4) fcntl$getownex(r0, 0x10, &(0x7f0000000040)={0x0, 0x0}) sched_setattr(r4, &(0x7f00000000c0)={0x38, 0x3, 0x2, 0x8, 0x0, 0x8, 0x5, 0x6, 0xfffffff9, 0x7ff}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) write$UHID_CREATE2(r3, &(0x7f0000000300)={0xb, {'syz1\x00', 'syz1\x00', 'syz1\x00', 0x88, 0x9c7, 0xbd, 0x7, 0xfffffff7, 0x1000, "81a3022cf161c7f368c83822ca9875ea5fb6b27991844d83472d42caf888de89cfd712fca072becb54c1e0e666df148dd8f02489c343944dfc6e3d363ab329f87214c910c3ce0782e54ba7c159edb9c9d7ac4feb75479b821da73e4462b873d9f152f2d74933e410c57625320a6dcfbf5d9d66c3827fe54f8dc7c46aa42072bc8f85a67f90399343"}}, 0x1a0) 22:05:42 executing program 2 (fault-call:10 fault-nth:6): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:42 executing program 3 (fault-call:10 fault-nth:5): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:42 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) getpid() fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) 22:05:43 executing program 4 (fault-call:10 fault-nth:59): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 746.687384] FAULT_INJECTION: forcing a failure. [ 746.687384] name failslab, interval 1, probability 0, space 0, times 0 [ 746.699285] CPU: 0 PID: 17143 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0 [ 746.707183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 746.716549] Call Trace: [ 746.719145] dump_stack+0x1b2/0x281 [ 746.722783] should_fail.cold+0x10a/0x149 [ 746.726938] should_failslab+0xd6/0x130 [ 746.730917] kmem_cache_alloc+0x28e/0x3c0 [ 746.735072] copy_process.part.0+0x3e0b/0x71c0 [ 746.739667] ? get_pid_task+0xb8/0x130 [ 746.743564] ? proc_fail_nth_write+0x7b/0x180 [ 746.749023] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 746.753972] ? __cleanup_sighand+0x40/0x40 [ 746.758219] ? lock_downgrade+0x740/0x740 [ 746.762382] _do_fork+0x184/0xc80 [ 746.765881] ? fork_idle+0x270/0x270 [ 746.769601] ? fput+0xb/0x140 [ 746.772711] ? SyS_write+0x14d/0x210 [ 746.776448] ? SyS_read+0x210/0x210 [ 746.780076] ? __do_page_fault+0x159/0xad0 [ 746.784318] ? do_syscall_64+0x4c/0x640 [ 746.788297] ? sys_vfork+0x20/0x20 [ 746.791841] do_syscall_64+0x1d5/0x640 [ 746.795744] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 746.800933] RIP: 0033:0x466459 [ 746.804149] RSP: 002b:00007fd83f2f4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 746.811862] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 746.819136] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 746.826413] RBP: 00007fd83f2f41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 746.833687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 746.840960] R13: 00007ffefefe45cf R14: 00007fd83f2f4300 R15: 0000000000022000 [ 746.930900] FAULT_INJECTION: forcing a failure. [ 746.930900] name failslab, interval 1, probability 0, space 0, times 0 [ 746.942333] CPU: 0 PID: 17136 Comm: syz-executor.3 Not tainted 4.14.228-syzkaller #0 [ 746.950236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 746.953279] FAULT_INJECTION: forcing a failure. [ 746.953279] name failslab, interval 1, probability 0, space 0, times 0 [ 746.959599] Call Trace: [ 746.973367] dump_stack+0x1b2/0x281 [ 746.976989] should_fail.cold+0x10a/0x149 [ 746.981134] should_failslab+0xd6/0x130 [ 746.985105] kmem_cache_alloc+0x28e/0x3c0 [ 746.989247] copy_fs_struct+0x43/0x2d0 [ 746.993131] copy_process.part.0+0x3da8/0x71c0 [ 746.997719] ? _raw_spin_unlock_irq+0x24/0x80 [ 747.002216] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 747.007240] ? _raw_spin_unlock_irq+0x5a/0x80 [ 747.012258] ? finish_task_switch+0x178/0x610 [ 747.016774] ? finish_task_switch+0x14d/0x610 [ 747.021546] ? switch_mm_irqs_off+0x601/0xeb0 [ 747.026046] ? __cleanup_sighand+0x40/0x40 [ 747.030277] ? lock_downgrade+0x740/0x740 [ 747.034447] _do_fork+0x184/0xc80 [ 747.037903] ? fork_idle+0x270/0x270 [ 747.041616] ? fput+0xb/0x140 [ 747.044726] ? SyS_write+0x14d/0x210 [ 747.048447] ? SyS_read+0x210/0x210 [ 747.053896] ? do_syscall_64+0x4c/0x640 [ 747.057865] ? sys_vfork+0x20/0x20 [ 747.061507] do_syscall_64+0x1d5/0x640 [ 747.065394] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 747.070581] RIP: 0033:0x466459 [ 747.073789] RSP: 002b:00007fdc76406188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 747.081508] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 747.088862] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 747.096126] RBP: 00007fdc764061d0 R08: ffffffffffffffff R09: 0000000000000000 [ 747.103476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 747.110744] R13: 00007ffe14220b5f R14: 00007fdc76406300 R15: 0000000000022000 [ 747.118088] CPU: 1 PID: 17157 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 747.126026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 747.135382] Call Trace: [ 747.137976] dump_stack+0x1b2/0x281 [ 747.141609] should_fail.cold+0x10a/0x149 [ 747.145762] should_failslab+0xd6/0x130 [ 747.149775] kmem_cache_alloc+0x28e/0x3c0 [ 747.153952] alloc_vfsmnt+0x23/0x7f0 [ 747.157694] clone_mnt+0x6c/0xff0 [ 747.161143] copy_tree+0x33e/0xa20 [ 747.164679] copy_mnt_ns+0x167/0xa30 [ 747.168380] ? create_new_namespaces+0x30/0x720 [ 747.173075] ? do_mount+0x2a00/0x2a00 [ 747.176877] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 747.181905] ? kmem_cache_alloc+0x35f/0x3c0 [ 747.186252] create_new_namespaces+0xc9/0x720 [ 747.190825] ? security_capable+0x88/0xb0 [ 747.195163] copy_namespaces+0x27b/0x310 [ 747.199264] copy_process.part.0+0x25f8/0x71c0 [ 747.203842] ? get_pid_task+0xb8/0x130 [ 747.207721] ? proc_fail_nth_write+0x7b/0x180 [ 747.212206] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 747.218320] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 747.223063] ? __cleanup_sighand+0x40/0x40 [ 747.227311] ? lock_downgrade+0x740/0x740 [ 747.231454] _do_fork+0x184/0xc80 [ 747.234921] ? fork_idle+0x270/0x270 [ 747.238665] ? fput+0xb/0x140 [ 747.241764] ? SyS_write+0x14d/0x210 [ 747.245500] ? SyS_read+0x210/0x210 [ 747.249210] ? __do_page_fault+0x159/0xad0 [ 747.253427] ? do_syscall_64+0x4c/0x640 [ 747.257396] ? sys_vfork+0x20/0x20 [ 747.261018] do_syscall_64+0x1d5/0x640 [ 747.264903] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 747.270084] RIP: 0033:0x466459 [ 747.273268] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 747.281748] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 747.289017] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 747.296312] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 747.303570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 747.310825] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 22:05:43 executing program 3 (fault-call:10 fault-nth:6): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:43 executing program 2 (fault-call:10 fault-nth:7): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:43 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) getpid() fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) 22:05:43 executing program 4 (fault-call:10 fault-nth:60): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:43 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x0, 0x0) r2 = creat(&(0x7f0000000340)='./file0\x00', 0x0) ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f00000001c0)=ANY=[@ANYBLOB="000000002a250000d68ae1ffffff000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff7e0000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001080000000000000100008000"/180]) perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x8, 0xff, 0x1, 0x0, 0x1, 0x400, 0xa, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x100, 0x10001}, 0x4020, 0xffffffff, 0x7, 0x9, 0x68, 0x9, 0x2}, r1, 0x4, r2, 0x0) sched_setattr(0xffffffffffffffff, &(0x7f0000000180)={0x38, 0x2, 0x26, 0x6, 0x1, 0xf5, 0x9, 0x100000000, 0x4f2e, 0x421c61eb}, 0x0) prlimit64(r1, 0x6, &(0x7f0000000040)={0x3, 0x1}, &(0x7f0000000140)) socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f00000000c0)={{0xa, 0x4e24, 0x9, @local, 0x5d6}, {0xa, 0x4e20, 0x6, @private2, 0x1}, 0x8, [0x7, 0xf, 0x7, 0x20, 0x6, 0x1f, 0x10000, 0x400]}, 0x5c) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 747.605373] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 747.629885] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 747.637483] FAULT_INJECTION: forcing a failure. [ 747.637483] name failslab, interval 1, probability 0, space 0, times 0 [ 747.649016] CPU: 1 PID: 17178 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0 [ 747.656908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 747.666257] Call Trace: [ 747.668943] dump_stack+0x1b2/0x281 [ 747.672579] should_fail.cold+0x10a/0x149 [ 747.676731] should_failslab+0xd6/0x130 [ 747.680710] kmem_cache_alloc+0x28e/0x3c0 [ 747.684860] copy_process.part.0+0x3e0b/0x71c0 [ 747.689443] ? get_pid_task+0xb8/0x130 [ 747.693333] ? proc_fail_nth_write+0x7b/0x180 [ 747.697831] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 747.702776] ? __cleanup_sighand+0x40/0x40 [ 747.707007] ? lock_downgrade+0x740/0x740 [ 747.711185] _do_fork+0x184/0xc80 [ 747.714641] ? fork_idle+0x270/0x270 [ 747.718371] ? fput+0xb/0x140 [ 747.721480] ? SyS_write+0x14d/0x210 [ 747.725214] ? SyS_read+0x210/0x210 [ 747.728841] ? __do_page_fault+0x159/0xad0 [ 747.733082] ? do_syscall_64+0x4c/0x640 [ 747.737067] ? sys_vfork+0x20/0x20 [ 747.740607] do_syscall_64+0x1d5/0x640 [ 747.744505] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 747.749711] RIP: 0033:0x466459 [ 747.752901] RSP: 002b:00007fd83f2f4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 747.760635] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 747.767910] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 747.775202] RBP: 00007fd83f2f41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 747.782471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 747.789744] R13: 00007ffefefe45cf R14: 00007fd83f2f4300 R15: 0000000000022000 [ 747.798308] FAULT_INJECTION: forcing a failure. [ 747.798308] name failslab, interval 1, probability 0, space 0, times 0 [ 747.810241] CPU: 0 PID: 17169 Comm: syz-executor.3 Not tainted 4.14.228-syzkaller #0 [ 747.818141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 747.827492] Call Trace: [ 747.830090] dump_stack+0x1b2/0x281 [ 747.833725] should_fail.cold+0x10a/0x149 [ 747.837880] should_failslab+0xd6/0x130 [ 747.841863] kmem_cache_alloc+0x28e/0x3c0 [ 747.846016] copy_process.part.0+0x3e0b/0x71c0 [ 747.850600] ? get_pid_task+0xb8/0x130 [ 747.854487] ? proc_fail_nth_write+0x7b/0x180 [ 747.858984] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 747.863929] ? __cleanup_sighand+0x40/0x40 [ 747.868181] ? lock_downgrade+0x740/0x740 [ 747.872355] _do_fork+0x184/0xc80 [ 747.875808] ? fork_idle+0x270/0x270 [ 747.879528] ? fput+0xb/0x140 [ 747.882633] ? SyS_write+0x14d/0x210 [ 747.886344] ? SyS_read+0x210/0x210 [ 747.889967] ? __do_page_fault+0x159/0xad0 [ 747.894201] ? do_syscall_64+0x4c/0x640 [ 747.898173] ? sys_vfork+0x20/0x20 [ 747.901734] do_syscall_64+0x1d5/0x640 [ 747.905644] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 747.910841] RIP: 0033:0x466459 [ 747.914033] RSP: 002b:00007fdc76406188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 747.921744] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 747.925651] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 747.929008] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 747.929015] RBP: 00007fdc764061d0 R08: ffffffffffffffff R09: 0000000000000000 [ 747.929020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 747.929029] R13: 00007ffe14220b5f R14: 00007fdc76406300 R15: 0000000000022000 [ 748.026242] FAULT_INJECTION: forcing a failure. [ 748.026242] name failslab, interval 1, probability 0, space 0, times 0 [ 748.037816] CPU: 0 PID: 17198 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 748.043443] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 748.045705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 748.045711] Call Trace: [ 748.045732] dump_stack+0x1b2/0x281 [ 748.045749] should_fail.cold+0x10a/0x149 [ 748.045766] should_failslab+0xd6/0x130 [ 748.045791] __kmalloc_track_caller+0x2bc/0x400 [ 748.080531] ? kstrdup_const+0x35/0x60 [ 748.084446] ? lock_downgrade+0x740/0x740 [ 748.088623] kstrdup+0x36/0x70 [ 748.091821] kstrdup_const+0x35/0x60 [ 748.095535] alloc_vfsmnt+0xe0/0x7f0 [ 748.099254] clone_mnt+0x6c/0xff0 [ 748.102715] copy_tree+0x33e/0xa20 [ 748.106285] copy_mnt_ns+0x167/0xa30 [ 748.110007] ? create_new_namespaces+0x30/0x720 [ 748.114687] ? do_mount+0x2a00/0x2a00 [ 748.118521] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 748.123547] ? kmem_cache_alloc+0x35f/0x3c0 [ 748.127878] create_new_namespaces+0xc9/0x720 [ 748.132383] ? security_capable+0x88/0xb0 [ 748.136540] copy_namespaces+0x27b/0x310 [ 748.140608] copy_process.part.0+0x25f8/0x71c0 [ 748.145191] ? _raw_spin_unlock_irq+0x24/0x80 [ 748.149690] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 748.154709] ? _raw_spin_unlock_irq+0x5a/0x80 [ 748.159200] ? finish_task_switch+0x178/0x610 [ 748.163689] ? finish_task_switch+0x14d/0x610 [ 748.168180] ? switch_mm_irqs_off+0x2d2/0xeb0 [ 748.172685] ? __cleanup_sighand+0x40/0x40 [ 748.176920] ? lock_downgrade+0x740/0x740 [ 748.181066] _do_fork+0x184/0xc80 [ 748.184523] ? fork_idle+0x270/0x270 [ 748.188233] ? fput+0xb/0x140 [ 748.191360] ? SyS_write+0x14d/0x210 [ 748.195072] ? SyS_read+0x210/0x210 [ 748.198700] ? do_syscall_64+0x4c/0x640 [ 748.202675] ? sys_vfork+0x20/0x20 [ 748.206224] do_syscall_64+0x1d5/0x640 [ 748.210123] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 748.215314] RIP: 0033:0x466459 [ 748.218499] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 748.226205] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 748.233478] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 748.240747] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 748.248019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 748.255374] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 22:05:44 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) preadv(r1, &(0x7f00000004c0)=[{&(0x7f0000000040)=""/18, 0x12}, {&(0x7f00000000c0)=""/141, 0x8d}, {&(0x7f0000000180)=""/6, 0x6}, {&(0x7f0000000300)=""/90, 0x5a}, {&(0x7f0000000380)=""/184, 0xb8}, {&(0x7f0000000440)=""/79, 0x4f}], 0x6, 0x2a, 0x1) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 748.378213] device bridge_slave_1 left promiscuous mode [ 748.453480] bridge0: port 2(bridge_slave_1) entered disabled state [ 748.508991] device bridge_slave_0 left promiscuous mode [ 748.528239] bridge0: port 1(bridge_slave_0) entered disabled state [ 748.569985] device veth1_macvtap left promiscuous mode [ 748.610130] device veth0_macvtap left promiscuous mode [ 748.630614] device veth1_vlan left promiscuous mode [ 748.660761] device veth0_vlan left promiscuous mode [ 748.856493] device hsr_slave_1 left promiscuous mode [ 748.868057] device hsr_slave_0 left promiscuous mode [ 748.889128] team0 (unregistering): Port device team_slave_1 removed [ 748.904759] team0 (unregistering): Port device team_slave_0 removed [ 748.925801] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 748.940332] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 748.985338] bond0 (unregistering): Released all slaves [ 751.336471] IPVS: ftp: loaded support on port[0] = 21 [ 751.447744] chnl_net:caif_netlink_parms(): no params data found [ 751.503229] bridge0: port 1(bridge_slave_0) entered blocking state [ 751.509723] bridge0: port 1(bridge_slave_0) entered disabled state [ 751.517232] device bridge_slave_0 entered promiscuous mode [ 751.524503] bridge0: port 2(bridge_slave_1) entered blocking state [ 751.530905] bridge0: port 2(bridge_slave_1) entered disabled state [ 751.538487] device bridge_slave_1 entered promiscuous mode [ 751.559580] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 751.568374] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 751.588981] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 751.596846] team0: Port device team_slave_0 added [ 751.602655] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 751.609760] team0: Port device team_slave_1 added [ 751.628237] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 751.634569] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 751.660242] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 751.671969] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 751.678207] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 751.703691] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 751.714737] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 751.722343] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 751.744864] device hsr_slave_0 entered promiscuous mode [ 751.750534] device hsr_slave_1 entered promiscuous mode [ 751.756755] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 751.764035] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 751.836758] bridge0: port 2(bridge_slave_1) entered blocking state [ 751.843154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 751.849752] bridge0: port 1(bridge_slave_0) entered blocking state [ 751.856257] bridge0: port 1(bridge_slave_0) entered forwarding state [ 751.887254] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 751.894263] 8021q: adding VLAN 0 to HW filter on device bond0 [ 751.903076] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 751.912200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 751.919325] bridge0: port 1(bridge_slave_0) entered disabled state [ 751.926214] bridge0: port 2(bridge_slave_1) entered disabled state [ 751.937163] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 751.943628] 8021q: adding VLAN 0 to HW filter on device team0 [ 751.952465] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 751.960198] bridge0: port 1(bridge_slave_0) entered blocking state [ 751.966696] bridge0: port 1(bridge_slave_0) entered forwarding state [ 751.977314] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 751.985091] bridge0: port 2(bridge_slave_1) entered blocking state [ 751.991826] bridge0: port 2(bridge_slave_1) entered forwarding state [ 752.014035] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 752.023128] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 752.030638] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 752.038789] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 752.048492] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 752.055087] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 752.066076] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 752.076679] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 752.084885] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 752.091844] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 752.104398] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 752.161827] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 752.171627] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 752.204284] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 752.212460] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 752.219012] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 752.229395] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 752.237193] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 752.245018] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 752.254829] device veth0_vlan entered promiscuous mode [ 752.264026] device veth1_vlan entered promiscuous mode [ 752.269873] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 752.278956] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 752.292626] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 752.302831] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 752.310242] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 752.317907] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 752.327699] device veth0_macvtap entered promiscuous mode [ 752.334365] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 752.344063] device veth1_macvtap entered promiscuous mode [ 752.354565] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 752.364628] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 752.374072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 752.384483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 752.393861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 752.404153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 752.413329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 752.423390] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 752.432596] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 752.442824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 752.452008] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 752.461978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 752.473079] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 752.481569] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 752.489751] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 752.499825] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 752.509196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 752.519613] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 752.529100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 752.539275] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 752.548483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 752.558469] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 752.567847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 752.577616] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 752.586853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 752.596833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 752.608387] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 752.615420] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 752.622637] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 752.630932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 22:05:49 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r4, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, r4, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r5 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) r6 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r6, 0x0) accept4$unix(r6, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) 22:05:49 executing program 3 (fault-call:10 fault-nth:7): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:49 executing program 2 (fault-call:10 fault-nth:8): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:49 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) getpid() fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) 22:05:49 executing program 4 (fault-call:10 fault-nth:61): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:49 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0xffffffff) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) poll(&(0x7f0000000200)=[{}, {r3, 0x40}], 0x2, 0x1000) close(r2) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:49 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r4, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, r4, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r5 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) r6 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r6, 0x0) accept4$unix(r6, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) [ 752.841600] FAULT_INJECTION: forcing a failure. [ 752.841600] name failslab, interval 1, probability 0, space 0, times 0 [ 752.853132] CPU: 0 PID: 17488 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0 [ 752.861150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 752.870515] Call Trace: [ 752.873115] dump_stack+0x1b2/0x281 [ 752.874195] FAULT_INJECTION: forcing a failure. [ 752.874195] name failslab, interval 1, probability 0, space 0, times 0 [ 752.876844] should_fail.cold+0x10a/0x149 [ 752.876859] should_failslab+0xd6/0x130 [ 752.876878] kmem_cache_alloc+0x28e/0x3c0 [ 752.900304] create_new_namespaces+0x30/0x720 [ 752.904809] ? security_capable+0x88/0xb0 [ 752.906248] FAULT_INJECTION: forcing a failure. [ 752.906248] name failslab, interval 1, probability 0, space 0, times 0 [ 752.908964] copy_namespaces+0x27b/0x310 [ 752.908977] copy_process.part.0+0x25f8/0x71c0 [ 752.908994] ? get_pid_task+0xb8/0x130 [ 752.932758] ? proc_fail_nth_write+0x7b/0x180 [ 752.937250] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 752.942181] ? __cleanup_sighand+0x40/0x40 [ 752.946429] ? lock_downgrade+0x740/0x740 [ 752.950577] _do_fork+0x184/0xc80 [ 752.954031] ? fork_idle+0x270/0x270 [ 752.957765] ? fput+0xb/0x140 [ 752.960877] ? SyS_write+0x14d/0x210 [ 752.964581] ? SyS_read+0x210/0x210 [ 752.968200] ? __do_page_fault+0x159/0xad0 [ 752.972426] ? do_syscall_64+0x4c/0x640 [ 752.977202] ? sys_vfork+0x20/0x20 [ 752.980738] do_syscall_64+0x1d5/0x640 [ 752.984630] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 752.991638] RIP: 0033:0x466459 [ 752.994817] RSP: 002b:00007fd83f2f4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 753.002538] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 753.010257] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 753.017525] RBP: 00007fd83f2f41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 753.024795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 753.032062] R13: 00007ffefefe45cf R14: 00007fd83f2f4300 R15: 0000000000022000 [ 753.039449] CPU: 1 PID: 17493 Comm: syz-executor.3 Not tainted 4.14.228-syzkaller #0 [ 753.047350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 753.056755] Call Trace: [ 753.059351] dump_stack+0x1b2/0x281 [ 753.062991] should_fail.cold+0x10a/0x149 [ 753.067145] should_failslab+0xd6/0x130 [ 753.071258] kmem_cache_alloc+0x28e/0x3c0 [ 753.075425] copy_process.part.0+0x1cca/0x71c0 [ 753.080109] ? get_pid_task+0xb8/0x130 [ 753.084097] ? proc_fail_nth_write+0x7b/0x180 [ 753.088581] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 753.093605] ? __cleanup_sighand+0x40/0x40 [ 753.097841] ? lock_downgrade+0x740/0x740 [ 753.101992] _do_fork+0x184/0xc80 [ 753.105524] ? fork_idle+0x270/0x270 [ 753.109257] ? fput+0xb/0x140 [ 753.112367] ? SyS_write+0x14d/0x210 [ 753.116665] ? SyS_read+0x210/0x210 [ 753.120296] ? __do_page_fault+0x159/0xad0 [ 753.124629] ? do_syscall_64+0x4c/0x640 [ 753.128610] ? sys_vfork+0x20/0x20 [ 753.132244] do_syscall_64+0x1d5/0x640 [ 753.136674] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 753.141911] RIP: 0033:0x466459 [ 753.145106] RSP: 002b:00007fdc763e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 753.152838] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 753.160127] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 753.167408] RBP: 00007fdc763e51d0 R08: ffffffffffffffff R09: 0000000000000000 [ 753.174794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 753.182079] R13: 00007ffe14220b5f R14: 00007fdc763e5300 R15: 0000000000022000 [ 753.190639] CPU: 0 PID: 17494 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 753.198542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 753.209037] Call Trace: [ 753.211623] dump_stack+0x1b2/0x281 [ 753.215374] should_fail.cold+0x10a/0x149 [ 753.219523] should_failslab+0xd6/0x130 [ 753.223595] kmem_cache_alloc+0x28e/0x3c0 [ 753.227747] alloc_vfsmnt+0x23/0x7f0 [ 753.231657] clone_mnt+0x6c/0xff0 [ 753.235109] copy_tree+0x33e/0xa20 [ 753.238640] copy_mnt_ns+0x167/0xa30 [ 753.243146] ? create_new_namespaces+0x30/0x720 [ 753.247818] ? do_mount+0x2a00/0x2a00 [ 753.251797] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 753.256847] ? kmem_cache_alloc+0x35f/0x3c0 [ 753.262409] create_new_namespaces+0xc9/0x720 [ 753.266919] ? security_capable+0x88/0xb0 [ 753.271298] copy_namespaces+0x27b/0x310 [ 753.275385] copy_process.part.0+0x25f8/0x71c0 [ 753.279965] ? get_pid_task+0xb8/0x130 [ 753.283951] ? proc_fail_nth_write+0x7b/0x180 [ 753.288444] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 753.293374] ? __cleanup_sighand+0x40/0x40 [ 753.297653] ? lock_downgrade+0x740/0x740 [ 753.301832] _do_fork+0x184/0xc80 [ 753.305300] ? fork_idle+0x270/0x270 [ 753.309094] ? fput+0xb/0x140 [ 753.312304] ? SyS_write+0x14d/0x210 [ 753.316173] ? SyS_read+0x210/0x210 [ 753.320177] ? __do_page_fault+0x159/0xad0 [ 753.324415] ? do_syscall_64+0x4c/0x640 [ 753.328393] ? sys_vfork+0x20/0x20 [ 753.331981] do_syscall_64+0x1d5/0x640 [ 753.335865] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 753.341044] RIP: 0033:0x466459 [ 753.344238] RSP: 002b:00007f19326cb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 753.352139] RAX: ffffffffffffffda RBX: 000000000056c0b0 RCX: 0000000000466459 [ 753.359675] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 753.366953] RBP: 00007f19326cb1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 753.374210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 753.381479] R13: 00007ffeea19aebf R14: 00007f19326cb300 R15: 0000000000022000 22:05:49 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r2, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r3, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r3) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r4 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r5, 0x0) accept4$unix(r5, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) [ 753.395102] Bluetooth: hci3 command 0x0409 tx timeout 22:05:49 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000040)=0x3) openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r3 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r3, 0x0) fcntl$setstatus(r3, 0x4, 0x40000) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x70, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:50 executing program 3 (fault-call:10 fault-nth:8): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:50 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setattr(0x0, 0x0, 0x0) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) 22:05:50 executing program 4 (fault-call:10 fault-nth:62): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:50 executing program 2 (fault-call:10 fault-nth:9): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 753.781649] FAULT_INJECTION: forcing a failure. [ 753.781649] name failslab, interval 1, probability 0, space 0, times 0 [ 753.793034] CPU: 1 PID: 17538 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0 [ 753.798961] FAULT_INJECTION: forcing a failure. [ 753.798961] name failslab, interval 1, probability 0, space 0, times 0 [ 753.800923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 753.800928] Call Trace: [ 753.800951] dump_stack+0x1b2/0x281 [ 753.800967] should_fail.cold+0x10a/0x149 [ 753.800987] should_failslab+0xd6/0x130 [ 753.836541] kmem_cache_alloc_trace+0x29a/0x3d0 [ 753.841768] alloc_mnt_ns+0xd4/0x440 [ 753.845487] ? fs_reclaim_release+0xd0/0x110 [ 753.849990] copy_mnt_ns+0xe5/0xa30 [ 753.853637] ? create_new_namespaces+0x30/0x720 [ 753.858312] ? do_mount+0x2a00/0x2a00 [ 753.862112] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 753.867144] ? kmem_cache_alloc+0x35f/0x3c0 [ 753.871481] create_new_namespaces+0xc9/0x720 [ 753.875988] ? security_capable+0x88/0xb0 [ 753.880153] copy_namespaces+0x27b/0x310 [ 753.884226] copy_process.part.0+0x25f8/0x71c0 [ 753.887336] FAULT_INJECTION: forcing a failure. [ 753.887336] name failslab, interval 1, probability 0, space 0, times 0 [ 753.888814] ? get_pid_task+0xb8/0x130 [ 753.888834] ? proc_fail_nth_write+0x7b/0x180 [ 753.888851] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 753.913399] ? __cleanup_sighand+0x40/0x40 [ 753.917640] ? lock_downgrade+0x740/0x740 [ 753.921806] _do_fork+0x184/0xc80 [ 753.925281] ? fork_idle+0x270/0x270 [ 753.928999] ? fput+0xb/0x140 [ 753.932099] ? SyS_write+0x14d/0x210 [ 753.935804] ? SyS_read+0x210/0x210 [ 753.939442] ? __do_page_fault+0x159/0xad0 [ 753.943689] ? do_syscall_64+0x4c/0x640 [ 753.947659] ? sys_vfork+0x20/0x20 [ 753.951217] do_syscall_64+0x1d5/0x640 [ 753.955115] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 753.960476] RIP: 0033:0x466459 [ 753.963654] RSP: 002b:00007fd83f2f4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 753.971357] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 753.978621] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 753.985892] RBP: 00007fd83f2f41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 753.993262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 754.000617] R13: 00007ffefefe45cf R14: 00007fd83f2f4300 R15: 0000000000022000 [ 754.007900] CPU: 0 PID: 17525 Comm: syz-executor.3 Not tainted 4.14.228-syzkaller #0 [ 754.015796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 754.025267] Call Trace: [ 754.027885] dump_stack+0x1b2/0x281 [ 754.031539] should_fail.cold+0x10a/0x149 [ 754.035687] should_failslab+0xd6/0x130 [ 754.039669] kmem_cache_alloc+0x28e/0x3c0 [ 754.043832] create_new_namespaces+0x30/0x720 [ 754.048334] ? security_capable+0x88/0xb0 [ 754.052490] copy_namespaces+0x27b/0x310 [ 754.056556] copy_process.part.0+0x25f8/0x71c0 [ 754.061144] ? get_pid_task+0xb8/0x130 [ 754.065039] ? proc_fail_nth_write+0x7b/0x180 [ 754.069539] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 754.074484] ? __cleanup_sighand+0x40/0x40 [ 754.078751] ? lock_downgrade+0x740/0x740 [ 754.082902] _do_fork+0x184/0xc80 [ 754.086361] ? fork_idle+0x270/0x270 [ 754.090080] ? fput+0xb/0x140 [ 754.093186] ? SyS_write+0x14d/0x210 [ 754.096903] ? SyS_read+0x210/0x210 [ 754.100533] ? __do_page_fault+0x159/0xad0 [ 754.104770] ? do_syscall_64+0x4c/0x640 [ 754.108767] ? sys_vfork+0x20/0x20 [ 754.112307] do_syscall_64+0x1d5/0x640 [ 754.116199] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 754.121396] RIP: 0033:0x466459 [ 754.124582] RSP: 002b:00007fdc76406188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 754.132292] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 754.139568] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 754.146871] RBP: 00007fdc764061d0 R08: ffffffffffffffff R09: 0000000000000000 [ 754.154150] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 754.161445] R13: 00007ffe14220b5f R14: 00007fdc76406300 R15: 0000000000022000 [ 754.170023] CPU: 1 PID: 17544 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 754.177927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 754.187286] Call Trace: [ 754.189884] dump_stack+0x1b2/0x281 [ 754.193524] should_fail.cold+0x10a/0x149 [ 754.197682] should_failslab+0xd6/0x130 [ 754.201667] __kmalloc_track_caller+0x2bc/0x400 [ 754.206373] ? kstrdup_const+0x35/0x60 [ 754.210265] ? lock_downgrade+0x740/0x740 [ 754.214419] kstrdup+0x36/0x70 [ 754.217793] kstrdup_const+0x35/0x60 [ 754.221512] alloc_vfsmnt+0xe0/0x7f0 [ 754.225235] clone_mnt+0x6c/0xff0 [ 754.228734] copy_tree+0x33e/0xa20 [ 754.232315] copy_mnt_ns+0x167/0xa30 [ 754.236042] ? create_new_namespaces+0x30/0x720 [ 754.240735] ? do_mount+0x2a00/0x2a00 [ 754.244536] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 754.249670] ? kmem_cache_alloc+0x35f/0x3c0 [ 754.254004] create_new_namespaces+0xc9/0x720 [ 754.259318] ? security_capable+0x88/0xb0 [ 754.263484] copy_namespaces+0x27b/0x310 [ 754.267747] copy_process.part.0+0x25f8/0x71c0 [ 754.272315] ? get_pid_task+0xb8/0x130 [ 754.276190] ? proc_fail_nth_write+0x7b/0x180 [ 754.280686] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 754.285622] ? __cleanup_sighand+0x40/0x40 [ 754.289863] ? lock_downgrade+0x740/0x740 [ 754.294546] _do_fork+0x184/0xc80 [ 754.297984] ? fork_idle+0x270/0x270 [ 754.301684] ? fput+0xb/0x140 [ 754.304785] ? SyS_write+0x14d/0x210 [ 754.308504] ? SyS_read+0x210/0x210 [ 754.312116] ? __do_page_fault+0x159/0xad0 [ 754.316337] ? do_syscall_64+0x4c/0x640 [ 754.320296] ? sys_vfork+0x20/0x20 [ 754.323820] do_syscall_64+0x1d5/0x640 [ 754.327804] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 754.332979] RIP: 0033:0x466459 [ 754.336160] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 754.343857] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 754.351632] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 754.358884] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 754.366151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 754.373423] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 22:05:50 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r2, 0x0) write$UHID_DESTROY(r2, &(0x7f0000000040), 0x4) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:50 executing program 3 (fault-call:10 fault-nth:9): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:50 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setattr(0x0, 0x0, 0x0) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) 22:05:50 executing program 2 (fault-call:10 fault-nth:10): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:51 executing program 4 (fault-call:10 fault-nth:63): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 754.661667] FAULT_INJECTION: forcing a failure. [ 754.661667] name failslab, interval 1, probability 0, space 0, times 0 [ 754.673113] CPU: 0 PID: 17570 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0 [ 754.681006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 754.690181] FAULT_INJECTION: forcing a failure. [ 754.690181] name failslab, interval 1, probability 0, space 0, times 0 [ 754.690363] Call Trace: [ 754.704130] dump_stack+0x1b2/0x281 [ 754.707754] should_fail.cold+0x10a/0x149 [ 754.711897] should_failslab+0xd6/0x130 [ 754.715866] kmem_cache_alloc+0x28e/0x3c0 [ 754.720018] alloc_vfsmnt+0x23/0x7f0 [ 754.723740] clone_mnt+0x6c/0xff0 [ 754.727203] ? ida_simple_get+0x112/0x190 [ 754.731343] copy_tree+0xd6/0xa20 [ 754.734790] ? copy_mnt_ns+0x102/0xa30 [ 754.738677] copy_mnt_ns+0x167/0xa30 [ 754.742411] ? create_new_namespaces+0x30/0x720 [ 754.747073] ? do_mount+0x2a00/0x2a00 [ 754.750865] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 754.756407] ? kmem_cache_alloc+0x35f/0x3c0 [ 754.760734] create_new_namespaces+0xc9/0x720 [ 754.765338] ? security_capable+0x88/0xb0 [ 754.769501] copy_namespaces+0x27b/0x310 [ 754.773569] copy_process.part.0+0x25f8/0x71c0 [ 754.778155] ? get_pid_task+0xb8/0x130 [ 754.782044] ? proc_fail_nth_write+0x7b/0x180 [ 754.786545] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 754.791526] ? __cleanup_sighand+0x40/0x40 [ 754.795766] ? lock_downgrade+0x740/0x740 [ 754.799951] _do_fork+0x184/0xc80 [ 754.803405] ? fork_idle+0x270/0x270 [ 754.807144] ? fput+0xb/0x140 [ 754.810253] ? SyS_write+0x14d/0x210 [ 754.813968] ? SyS_read+0x210/0x210 [ 754.817594] ? __do_page_fault+0x159/0xad0 [ 754.821827] ? do_syscall_64+0x4c/0x640 [ 754.825800] ? sys_vfork+0x20/0x20 [ 754.829338] do_syscall_64+0x1d5/0x640 [ 754.833239] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 754.838425] RIP: 0033:0x466459 [ 754.841612] RSP: 002b:00007fd83f2f4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 754.849406] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 754.856674] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 754.863956] RBP: 00007fd83f2f41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 754.871231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 754.878498] R13: 00007ffefefe45cf R14: 00007fd83f2f4300 R15: 0000000000022000 [ 754.888236] FAULT_INJECTION: forcing a failure. [ 754.888236] name failslab, interval 1, probability 0, space 0, times 0 [ 754.899547] CPU: 1 PID: 17579 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 754.907426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 754.916784] Call Trace: [ 754.919377] dump_stack+0x1b2/0x281 [ 754.923012] should_fail.cold+0x10a/0x149 [ 754.927177] should_failslab+0xd6/0x130 [ 754.931177] __kmalloc_track_caller+0x2bc/0x400 [ 754.935869] ? kstrdup_const+0x35/0x60 [ 754.939760] ? lock_downgrade+0x740/0x740 [ 754.943914] kstrdup+0x36/0x70 [ 754.947111] kstrdup_const+0x35/0x60 [ 754.950826] alloc_vfsmnt+0xe0/0x7f0 [ 754.954539] clone_mnt+0x6c/0xff0 [ 754.957999] copy_tree+0x33e/0xa20 [ 754.961548] copy_mnt_ns+0x167/0xa30 [ 754.965266] ? create_new_namespaces+0x30/0x720 [ 754.969942] ? do_mount+0x2a00/0x2a00 [ 754.973747] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 754.978917] ? kmem_cache_alloc+0x35f/0x3c0 [ 754.983238] create_new_namespaces+0xc9/0x720 [ 754.987732] ? security_capable+0x88/0xb0 [ 754.991886] copy_namespaces+0x27b/0x310 [ 754.995982] copy_process.part.0+0x25f8/0x71c0 [ 755.000569] ? get_pid_task+0xb8/0x130 [ 755.004453] ? proc_fail_nth_write+0x7b/0x180 [ 755.008948] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 755.013894] ? __cleanup_sighand+0x40/0x40 [ 755.018133] ? lock_downgrade+0x740/0x740 [ 755.022285] _do_fork+0x184/0xc80 [ 755.025743] ? fork_idle+0x270/0x270 [ 755.029467] ? fput+0xb/0x140 [ 755.032566] ? SyS_write+0x14d/0x210 [ 755.036277] ? SyS_read+0x210/0x210 [ 755.039903] ? __do_page_fault+0x159/0xad0 [ 755.044135] ? do_syscall_64+0x4c/0x640 [ 755.048119] ? sys_vfork+0x20/0x20 [ 755.051659] do_syscall_64+0x1d5/0x640 [ 755.055556] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 755.060739] RIP: 0033:0x466459 [ 755.063921] RSP: 002b:00007f1932689188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 755.071625] RAX: ffffffffffffffda RBX: 000000000056c200 RCX: 0000000000466459 [ 755.078893] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 755.086176] RBP: 00007f19326891d0 R08: ffffffffffffffff R09: 0000000000000000 [ 755.093441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 755.100711] R13: 00007ffeea19aebf R14: 00007f1932689300 R15: 0000000000022000 [ 755.108086] CPU: 0 PID: 17573 Comm: syz-executor.3 Not tainted 4.14.228-syzkaller #0 [ 755.115979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 755.125331] Call Trace: [ 755.128192] dump_stack+0x1b2/0x281 [ 755.132007] should_fail.cold+0x10a/0x149 [ 755.136173] should_failslab+0xd6/0x130 [ 755.140161] kmem_cache_alloc_trace+0x29a/0x3d0 [ 755.144897] alloc_mnt_ns+0xd4/0x440 [ 755.148611] ? fs_reclaim_release+0xd0/0x110 [ 755.153022] copy_mnt_ns+0xe5/0xa30 [ 755.156683] ? create_new_namespaces+0x30/0x720 [ 755.161367] ? do_mount+0x2a00/0x2a00 [ 755.165167] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 755.170183] ? kmem_cache_alloc+0x35f/0x3c0 [ 755.174509] create_new_namespaces+0xc9/0x720 [ 755.179007] ? security_capable+0x88/0xb0 [ 755.183177] copy_namespaces+0x27b/0x310 [ 755.187271] copy_process.part.0+0x25f8/0x71c0 [ 755.191856] ? get_pid_task+0xb8/0x130 [ 755.195741] ? proc_fail_nth_write+0x7b/0x180 [ 755.200237] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 755.205177] ? __cleanup_sighand+0x40/0x40 [ 755.209410] ? lock_downgrade+0x740/0x740 [ 755.213561] _do_fork+0x184/0xc80 [ 755.217014] ? fork_idle+0x270/0x270 [ 755.220726] ? fput+0xb/0x140 [ 755.223833] ? SyS_write+0x14d/0x210 [ 755.227543] ? SyS_read+0x210/0x210 [ 755.231166] ? __do_page_fault+0x159/0xad0 [ 755.235399] ? do_syscall_64+0x4c/0x640 [ 755.239375] ? sys_vfork+0x20/0x20 [ 755.242918] do_syscall_64+0x1d5/0x640 [ 755.246811] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 755.252018] RIP: 0033:0x466459 [ 755.255203] RSP: 002b:00007fdc763e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 755.262916] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 755.270191] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 755.277462] RBP: 00007fdc763e51d0 R08: ffffffffffffffff R09: 0000000000000000 [ 755.284735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 755.292008] R13: 00007ffe14220b5f R14: 00007fdc763e5300 R15: 0000000000022000 [ 755.346279] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 755.360491] batman_adv: batadv0: Removing interface: batadv_slave_0 22:05:51 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 755.398724] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 755.503587] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 755.543364] device bridge_slave_1 left promiscuous mode [ 755.565364] bridge0: port 2(bridge_slave_1) entered disabled state [ 755.579994] device bridge_slave_0 left promiscuous mode [ 755.605893] bridge0: port 1(bridge_slave_0) entered disabled state [ 755.626168] device veth1_macvtap left promiscuous mode [ 755.636881] device veth0_macvtap left promiscuous mode [ 755.651487] device veth1_vlan left promiscuous mode [ 755.660698] device veth0_vlan left promiscuous mode [ 755.875918] device hsr_slave_1 left promiscuous mode [ 755.890988] device hsr_slave_0 left promiscuous mode [ 755.919984] team0 (unregistering): Port device team_slave_1 removed [ 755.949591] team0 (unregistering): Port device team_slave_0 removed [ 755.977635] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 755.988759] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 756.022956] bond0 (unregistering): Released all slaves [ 757.634442] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 757.641181] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 757.649173] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 757.655919] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 757.663475] device bridge_slave_1 left promiscuous mode [ 757.668966] bridge0: port 2(bridge_slave_1) entered disabled state [ 757.677069] device bridge_slave_0 left promiscuous mode [ 757.682777] bridge0: port 1(bridge_slave_0) entered disabled state [ 757.691280] device veth1_macvtap left promiscuous mode [ 757.696690] device veth0_macvtap left promiscuous mode [ 757.702267] device veth1_vlan left promiscuous mode [ 757.707416] device veth0_vlan left promiscuous mode [ 757.788506] device hsr_slave_1 left promiscuous mode [ 757.796823] device hsr_slave_0 left promiscuous mode [ 757.810550] team0 (unregistering): Port device team_slave_1 removed [ 757.820708] team0 (unregistering): Port device team_slave_0 removed [ 757.830051] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 757.840502] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 757.865135] bond0 (unregistering): Released all slaves [ 758.447121] IPVS: ftp: loaded support on port[0] = 21 [ 758.541245] chnl_net:caif_netlink_parms(): no params data found [ 758.594284] bridge0: port 1(bridge_slave_0) entered blocking state [ 758.600710] bridge0: port 1(bridge_slave_0) entered disabled state [ 758.608714] device bridge_slave_0 entered promiscuous mode [ 758.616032] bridge0: port 2(bridge_slave_1) entered blocking state [ 758.622702] bridge0: port 2(bridge_slave_1) entered disabled state [ 758.629692] device bridge_slave_1 entered promiscuous mode [ 758.647179] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 758.656686] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 758.676958] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 758.684308] team0: Port device team_slave_0 added [ 758.689750] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 758.697207] team0: Port device team_slave_1 added [ 758.713590] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 758.719896] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 758.745861] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 758.757151] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 758.763543] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 758.789092] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 758.799941] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 758.807649] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 758.827316] device hsr_slave_0 entered promiscuous mode [ 758.833370] device hsr_slave_1 entered promiscuous mode [ 758.839542] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 758.847382] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 758.916781] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 758.945868] 8021q: adding VLAN 0 to HW filter on device bond0 [ 758.954326] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 758.963396] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 758.969522] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 758.977386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 758.986753] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 758.993268] 8021q: adding VLAN 0 to HW filter on device team0 [ 759.001161] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 759.008840] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 759.016991] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 759.024853] bridge0: port 1(bridge_slave_0) entered blocking state [ 759.031240] bridge0: port 1(bridge_slave_0) entered forwarding state [ 759.038915] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 759.047807] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 759.055193] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 759.063164] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 759.070701] bridge0: port 2(bridge_slave_1) entered blocking state [ 759.077176] bridge0: port 2(bridge_slave_1) entered forwarding state [ 759.093168] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 759.105440] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 759.119359] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 759.135688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 759.147307] IPVS: ftp: loaded support on port[0] = 21 [ 759.155952] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 759.163792] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 759.172797] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 759.180657] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 759.200600] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 759.210454] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 759.225426] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 759.233545] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 759.241154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 759.249538] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 759.263265] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 759.275695] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 759.283418] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 759.291873] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 759.297887] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 759.327428] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 759.335602] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 759.343107] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 759.350350] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 759.425475] chnl_net:caif_netlink_parms(): no params data found [ 759.435977] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 759.518703] bridge0: port 1(bridge_slave_0) entered blocking state [ 759.526281] bridge0: port 1(bridge_slave_0) entered disabled state [ 759.534558] device bridge_slave_0 entered promiscuous mode [ 759.543601] bridge0: port 2(bridge_slave_1) entered blocking state [ 759.550008] bridge0: port 2(bridge_slave_1) entered disabled state [ 759.558660] device bridge_slave_1 entered promiscuous mode [ 759.573584] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 759.589151] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 759.598570] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 759.616963] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 759.633736] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 759.641074] team0: Port device team_slave_0 added [ 759.650269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 759.659174] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 759.668249] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 759.675834] team0: Port device team_slave_1 added [ 759.700722] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 759.707084] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 759.733646] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 759.745960] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 759.753053] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 759.778943] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 759.790988] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 759.799019] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 759.814398] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 759.824106] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 759.830703] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 759.848435] device hsr_slave_0 entered promiscuous mode [ 759.854339] device hsr_slave_1 entered promiscuous mode [ 759.860782] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 759.869644] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 759.878031] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 759.885957] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 759.894161] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 759.901111] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 759.908559] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 759.926564] device veth0_vlan entered promiscuous mode [ 759.945681] device veth1_vlan entered promiscuous mode [ 760.016297] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 760.025744] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 760.034119] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 760.043261] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 760.053678] device veth0_macvtap entered promiscuous mode [ 760.059938] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 760.071304] device veth1_macvtap entered promiscuous mode [ 760.079117] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 760.090405] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 760.099658] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 760.107991] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 760.119730] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 760.129788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 760.139623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 760.149605] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 760.158920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 760.168694] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 760.177879] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 760.187661] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 760.191630] Bluetooth: hci2 command 0x0409 tx timeout [ 760.198038] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 760.208912] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 760.218554] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 760.226170] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 760.233422] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 760.241048] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 760.250678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 760.261146] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 760.270741] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 760.280924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 760.290162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 760.301606] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 760.312419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 760.322227] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 760.332391] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 760.339266] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 760.348542] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 760.356632] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 760.401170] 8021q: adding VLAN 0 to HW filter on device bond0 [ 760.415175] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 760.425404] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 760.433102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 760.440158] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 760.455620] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 760.461845] 8021q: adding VLAN 0 to HW filter on device team0 [ 760.470791] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 760.478749] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 760.487677] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 760.495813] bridge0: port 1(bridge_slave_0) entered blocking state [ 760.502224] bridge0: port 1(bridge_slave_0) entered forwarding state [ 760.513003] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 760.526286] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 760.534069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 760.542564] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 760.550235] bridge0: port 2(bridge_slave_1) entered blocking state [ 760.556627] bridge0: port 2(bridge_slave_1) entered forwarding state [ 760.566005] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 760.573626] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 760.584586] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 760.594462] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 760.605107] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 760.613460] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 760.621231] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 760.630450] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 760.640575] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 760.648580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 760.658048] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 760.670365] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 760.680908] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 760.689140] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 760.701017] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 760.708788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 760.716960] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 760.727672] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 760.734051] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 760.748399] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready 22:05:57 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r2, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r3, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r3) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r4 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r5, 0x0) accept4$unix(r5, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) 22:05:57 executing program 2 (fault-call:10 fault-nth:11): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:57 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setattr(0x0, 0x0, 0x0) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) 22:05:57 executing program 3 (fault-call:10 fault-nth:10): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:57 executing program 4 (fault-call:10 fault-nth:64): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 760.757943] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 760.772729] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 760.779492] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 760.797642] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 760.906431] FAULT_INJECTION: forcing a failure. [ 760.906431] name failslab, interval 1, probability 0, space 0, times 0 [ 760.918351] CPU: 1 PID: 18070 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0 [ 760.926247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 760.935609] Call Trace: [ 760.938206] dump_stack+0x1b2/0x281 [ 760.940480] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 760.941837] should_fail.cold+0x10a/0x149 [ 760.941851] should_failslab+0xd6/0x130 [ 760.941863] kmem_cache_alloc_trace+0x29a/0x3d0 [ 760.941875] alloc_mnt_ns+0xd4/0x440 [ 760.949720] FAULT_INJECTION: forcing a failure. [ 760.949720] name failslab, interval 1, probability 0, space 0, times 0 [ 760.952934] ? fs_reclaim_release+0xd0/0x110 [ 760.952947] copy_mnt_ns+0xe5/0xa30 [ 760.952961] ? create_new_namespaces+0x30/0x720 [ 760.952970] ? do_mount+0x2a00/0x2a00 [ 760.952980] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 760.952995] ? kmem_cache_alloc+0x35f/0x3c0 [ 760.971239] FAULT_INJECTION: forcing a failure. [ 760.971239] name failslab, interval 1, probability 0, space 0, times 0 [ 760.976491] create_new_namespaces+0xc9/0x720 [ 760.976504] ? security_capable+0x88/0xb0 [ 760.976516] copy_namespaces+0x27b/0x310 [ 760.976528] copy_process.part.0+0x25f8/0x71c0 [ 760.976539] ? get_pid_task+0xb8/0x130 [ 761.034599] ? proc_fail_nth_write+0x7b/0x180 [ 761.039118] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 761.044069] ? __cleanup_sighand+0x40/0x40 [ 761.048337] ? lock_downgrade+0x740/0x740 [ 761.052495] _do_fork+0x184/0xc80 [ 761.055962] ? fork_idle+0x270/0x270 [ 761.059704] ? fput+0xb/0x140 [ 761.062818] ? SyS_write+0x14d/0x210 [ 761.066532] ? SyS_read+0x210/0x210 [ 761.070180] ? __do_page_fault+0x159/0xad0 [ 761.074416] ? do_syscall_64+0x4c/0x640 [ 761.078753] ? sys_vfork+0x20/0x20 [ 761.082334] do_syscall_64+0x1d5/0x640 [ 761.086234] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 761.091580] RIP: 0033:0x466459 [ 761.094770] RSP: 002b:00007fd83f2f4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 22:05:57 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r2, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r3, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r3) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r4 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r5, 0x0) accept4$unix(r5, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) [ 761.102485] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 761.109757] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 761.117031] RBP: 00007fd83f2f41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 761.124388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 761.131658] R13: 00007ffefefe45cf R14: 00007fd83f2f4300 R15: 0000000000022000 [ 761.138956] CPU: 0 PID: 18076 Comm: syz-executor.3 Not tainted 4.14.228-syzkaller #0 [ 761.146876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 761.156237] Call Trace: [ 761.158829] dump_stack+0x1b2/0x281 [ 761.162474] should_fail.cold+0x10a/0x149 [ 761.166632] should_failslab+0xd6/0x130 [ 761.170616] kmem_cache_alloc+0x28e/0x3c0 [ 761.174781] copy_process.part.0+0x1cca/0x71c0 [ 761.179378] ? get_pid_task+0xb8/0x130 [ 761.183270] ? proc_fail_nth_write+0x7b/0x180 [ 761.187766] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 761.192750] ? __cleanup_sighand+0x40/0x40 [ 761.197017] ? lock_downgrade+0x740/0x740 [ 761.202240] _do_fork+0x184/0xc80 22:05:57 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, r4, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r4) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r5 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) r6 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r6, 0x0) accept4$unix(r6, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) [ 761.205701] ? fork_idle+0x270/0x270 [ 761.209426] ? fput+0xb/0x140 [ 761.212545] ? SyS_write+0x14d/0x210 [ 761.216322] ? SyS_read+0x210/0x210 [ 761.219948] ? __do_page_fault+0x159/0xad0 [ 761.224187] ? do_syscall_64+0x4c/0x640 [ 761.228177] ? sys_vfork+0x20/0x20 [ 761.231723] do_syscall_64+0x1d5/0x640 [ 761.235619] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 761.240814] RIP: 0033:0x466459 [ 761.244006] RSP: 002b:00007fdc763e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 761.251807] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 761.259083] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 761.259632] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 761.266354] RBP: 00007fdc763e51d0 R08: ffffffffffffffff R09: 0000000000000000 [ 761.266360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 761.266366] R13: 00007ffe14220b5f R14: 00007fdc763e5300 R15: 0000000000022000 [ 761.271575] CPU: 0 PID: 18077 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 761.303396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 761.312759] Call Trace: [ 761.315354] dump_stack+0x1b2/0x281 [ 761.318988] should_fail.cold+0x10a/0x149 [ 761.323147] should_failslab+0xd6/0x130 [ 761.324037] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 761.327136] __kmalloc_track_caller+0x2bc/0x400 [ 761.327147] ? kstrdup_const+0x35/0x60 [ 761.327157] ? lock_downgrade+0x740/0x740 [ 761.327169] kstrdup+0x36/0x70 [ 761.327178] kstrdup_const+0x35/0x60 [ 761.327190] alloc_vfsmnt+0xe0/0x7f0 [ 761.357871] clone_mnt+0x6c/0xff0 [ 761.361343] copy_tree+0x33e/0xa20 [ 761.364946] copy_mnt_ns+0x167/0xa30 [ 761.368677] ? create_new_namespaces+0x30/0x720 [ 761.373361] ? do_mount+0x2a00/0x2a00 [ 761.377190] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 761.377893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 761.382223] ? kmem_cache_alloc+0x35f/0x3c0 [ 761.382236] create_new_namespaces+0xc9/0x720 [ 761.382248] ? security_capable+0x88/0xb0 [ 761.382261] copy_namespaces+0x27b/0x310 22:05:57 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, r4, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r4) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r5 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) r6 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r6, 0x0) accept4$unix(r6, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) [ 761.382273] copy_process.part.0+0x25f8/0x71c0 [ 761.382285] ? get_pid_task+0xb8/0x130 [ 761.382295] ? proc_fail_nth_write+0x7b/0x180 [ 761.382303] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 761.382321] ? __cleanup_sighand+0x40/0x40 [ 761.382330] ? lock_downgrade+0x740/0x740 [ 761.382343] _do_fork+0x184/0xc80 [ 761.382355] ? fork_idle+0x270/0x270 [ 761.382366] ? fput+0xb/0x140 [ 761.382375] ? SyS_write+0x14d/0x210 [ 761.382392] ? SyS_read+0x210/0x210 [ 761.450753] ? __do_page_fault+0x159/0xad0 [ 761.454997] ? do_syscall_64+0x4c/0x640 [ 761.458972] ? sys_vfork+0x20/0x20 [ 761.462519] do_syscall_64+0x1d5/0x640 [ 761.466417] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 761.471606] RIP: 0033:0x466459 [ 761.474794] RSP: 002b:00007f19326cb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 761.482510] RAX: ffffffffffffffda RBX: 000000000056c0b0 RCX: 0000000000466459 [ 761.489789] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 761.497076] RBP: 00007f19326cb1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 761.504355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 761.511633] R13: 00007ffeea19aebf R14: 00007f19326cb300 R15: 0000000000022000 [ 761.527371] Bluetooth: hci3 command 0x0409 tx timeout [ 761.618390] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 761.629902] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 761.639993] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready 22:05:58 executing program 2 (fault-call:10 fault-nth:12): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:05:58 executing program 3 (fault-call:10 fault-nth:11): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 761.670096] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready 22:05:58 executing program 4 (fault-call:10 fault-nth:65): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 761.758547] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 761.769172] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 761.813161] device veth0_vlan entered promiscuous mode [ 761.821651] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 761.829261] FAULT_INJECTION: forcing a failure. [ 761.829261] name failslab, interval 1, probability 0, space 0, times 0 [ 761.841314] CPU: 1 PID: 18113 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0 [ 761.849306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 761.858844] Call Trace: [ 761.861458] dump_stack+0x1b2/0x281 [ 761.865100] should_fail.cold+0x10a/0x149 [ 761.869263] should_failslab+0xd6/0x130 [ 761.873276] __kmalloc_track_caller+0x2bc/0x400 [ 761.878048] ? kstrdup_const+0x35/0x60 [ 761.881950] ? lock_downgrade+0x740/0x740 [ 761.886113] kstrdup+0x36/0x70 [ 761.889345] kstrdup_const+0x35/0x60 [ 761.893079] alloc_vfsmnt+0xe0/0x7f0 [ 761.896807] clone_mnt+0x6c/0xff0 [ 761.900275] ? is_subdir+0x223/0x390 [ 761.904009] copy_tree+0x33e/0xa20 [ 761.907575] copy_mnt_ns+0x167/0xa30 [ 761.911314] ? create_new_namespaces+0x30/0x720 [ 761.915999] ? do_mount+0x2a00/0x2a00 [ 761.919813] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 761.924853] ? kmem_cache_alloc+0x35f/0x3c0 [ 761.929194] create_new_namespaces+0xc9/0x720 [ 761.933710] ? security_capable+0x88/0xb0 [ 761.937879] copy_namespaces+0x27b/0x310 [ 761.942951] copy_process.part.0+0x25f8/0x71c0 [ 761.947557] ? get_pid_task+0xb8/0x130 [ 761.951461] ? proc_fail_nth_write+0x7b/0x180 [ 761.955974] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 761.960947] ? __cleanup_sighand+0x40/0x40 [ 761.965221] ? lock_downgrade+0x740/0x740 [ 761.969419] _do_fork+0x184/0xc80 [ 761.972892] ? fork_idle+0x270/0x270 [ 761.976616] ? fput+0xb/0x140 [ 761.979731] ? SyS_write+0x14d/0x210 [ 761.983458] ? SyS_read+0x210/0x210 [ 761.987093] ? __do_page_fault+0x159/0xad0 [ 761.991342] ? do_syscall_64+0x4c/0x640 [ 761.995328] ? sys_vfork+0x20/0x20 [ 761.998884] do_syscall_64+0x1d5/0x640 [ 762.002782] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 762.007992] RIP: 0033:0x466459 [ 762.011185] RSP: 002b:00007fd83f2f4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 762.018899] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 762.026174] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 762.033479] RBP: 00007fd83f2f41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 762.040858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 762.048200] R13: 00007ffefefe45cf R14: 00007fd83f2f4300 R15: 0000000000022000 [ 762.056510] FAULT_INJECTION: forcing a failure. [ 762.056510] name failslab, interval 1, probability 0, space 0, times 0 [ 762.067872] CPU: 0 PID: 18109 Comm: syz-executor.3 Not tainted 4.14.228-syzkaller #0 [ 762.068660] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 762.075773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 762.075779] Call Trace: [ 762.075802] dump_stack+0x1b2/0x281 [ 762.075821] should_fail.cold+0x10a/0x149 [ 762.075836] should_failslab+0xd6/0x130 [ 762.075851] kmem_cache_alloc+0x28e/0x3c0 [ 762.110363] alloc_vfsmnt+0x23/0x7f0 [ 762.114090] clone_mnt+0x6c/0xff0 [ 762.117550] ? is_subdir+0x223/0x390 [ 762.121269] copy_tree+0x33e/0xa20 [ 762.124819] copy_mnt_ns+0x167/0xa30 [ 762.128554] ? create_new_namespaces+0x30/0x720 [ 762.133228] ? do_mount+0x2a00/0x2a00 [ 762.137049] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 762.142078] ? kmem_cache_alloc+0x35f/0x3c0 [ 762.146535] create_new_namespaces+0xc9/0x720 [ 762.152001] ? security_capable+0x88/0xb0 [ 762.156166] copy_namespaces+0x27b/0x310 [ 762.160236] copy_process.part.0+0x25f8/0x71c0 [ 762.164826] ? get_pid_task+0xb8/0x130 [ 762.168725] ? proc_fail_nth_write+0x7b/0x180 [ 762.173224] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 762.178169] ? __cleanup_sighand+0x40/0x40 [ 762.182407] ? lock_downgrade+0x740/0x740 [ 762.186560] _do_fork+0x184/0xc80 [ 762.190015] ? fork_idle+0x270/0x270 [ 762.193733] ? fput+0xb/0x140 [ 762.196848] ? SyS_write+0x14d/0x210 [ 762.200566] ? SyS_read+0x210/0x210 [ 762.204206] ? __do_page_fault+0x159/0xad0 [ 762.208446] ? do_syscall_64+0x4c/0x640 [ 762.212424] ? sys_vfork+0x20/0x20 [ 762.215967] do_syscall_64+0x1d5/0x640 [ 762.219869] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 762.225058] RIP: 0033:0x466459 [ 762.228245] RSP: 002b:00007fdc76406188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 762.235956] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 762.243234] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 762.250510] RBP: 00007fdc764061d0 R08: ffffffffffffffff R09: 0000000000000000 [ 762.257842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 762.265119] R13: 00007ffe14220b5f R14: 00007fdc76406300 R15: 0000000000022000 [ 762.292259] device veth1_vlan entered promiscuous mode [ 762.321208] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 762.388461] FAULT_INJECTION: forcing a failure. [ 762.388461] name failslab, interval 1, probability 0, space 0, times 0 [ 762.399962] CPU: 1 PID: 18126 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 762.407859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 762.417218] Call Trace: [ 762.419818] dump_stack+0x1b2/0x281 [ 762.423463] should_fail.cold+0x10a/0x149 [ 762.427640] should_failslab+0xd6/0x130 [ 762.431627] kmem_cache_alloc+0x28e/0x3c0 [ 762.435790] alloc_vfsmnt+0x23/0x7f0 [ 762.439510] clone_mnt+0x6c/0xff0 [ 762.442972] copy_tree+0x33e/0xa20 [ 762.446520] copy_mnt_ns+0x167/0xa30 [ 762.450241] ? create_new_namespaces+0x30/0x720 [ 762.454934] ? do_mount+0x2a00/0x2a00 [ 762.458745] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 762.463778] ? kmem_cache_alloc+0x35f/0x3c0 [ 762.468107] create_new_namespaces+0xc9/0x720 [ 762.472625] ? security_capable+0x88/0xb0 [ 762.476792] copy_namespaces+0x27b/0x310 [ 762.480853] copy_process.part.0+0x25f8/0x71c0 [ 762.485458] ? finish_task_switch+0x178/0x610 [ 762.489967] ? _raw_spin_unlock_irq+0x24/0x80 [ 762.494477] ? __cleanup_sighand+0x40/0x40 [ 762.498722] _do_fork+0x184/0xc80 [ 762.502182] ? fork_idle+0x270/0x270 [ 762.505899] ? retint_kernel+0x2d/0x2d [ 762.509793] ? SyS_read+0x210/0x210 [ 762.513425] ? do_syscall_64+0x4c/0x640 [ 762.517396] ? sys_vfork+0x20/0x20 [ 762.520937] do_syscall_64+0x1d5/0x640 [ 762.524834] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 762.530031] RIP: 0033:0x466459 [ 762.533222] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 762.541053] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 762.548330] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 762.555691] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 762.563010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 762.570460] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 [ 762.695258] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 762.729066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 762.746717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 762.777340] device veth0_macvtap entered promiscuous mode [ 762.801218] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 762.839954] device veth1_macvtap entered promiscuous mode [ 762.859737] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 762.882926] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 762.910111] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 762.929999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 762.950336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 762.970670] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 762.990947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 763.011255] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 763.031676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 763.040852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 763.071491] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 763.080639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 763.111377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 763.132264] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 763.139301] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 763.147853] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 763.156770] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 763.164990] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 763.176472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 763.190927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 763.201035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 763.210768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 763.220667] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 763.230059] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 763.240719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 763.250428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 763.261160] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 763.270793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 763.281126] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 763.294410] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 763.301604] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 763.308275] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 763.316832] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 763.377619] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 763.384852] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 763.395033] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 763.401814] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 763.409292] device bridge_slave_1 left promiscuous mode [ 763.415753] bridge0: port 2(bridge_slave_1) entered disabled state [ 763.423822] device bridge_slave_0 left promiscuous mode [ 763.429298] bridge0: port 1(bridge_slave_0) entered disabled state [ 763.439589] device veth1_macvtap left promiscuous mode [ 763.445019] device veth0_macvtap left promiscuous mode [ 763.450320] device veth1_vlan left promiscuous mode [ 763.455441] device veth0_vlan left promiscuous mode [ 763.537216] device hsr_slave_1 left promiscuous mode [ 763.545562] device hsr_slave_0 left promiscuous mode [ 763.552668] Bluetooth: hci3 command 0x041b tx timeout [ 763.560834] team0 (unregistering): Port device team_slave_1 removed [ 763.571574] team0 (unregistering): Port device team_slave_0 removed [ 763.580481] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 763.591734] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 763.618037] bond0 (unregistering): Released all slaves 22:06:00 executing program 3 (fault-call:10 fault-nth:12): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:00 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) r2 = getpid() sched_setattr(r2, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) 22:06:00 executing program 2 (fault-call:10 fault-nth:13): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:00 executing program 4 (fault-call:10 fault-nth:66): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:00 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() r1 = syz_open_procfs(r0, &(0x7f0000000040)='net/ip_tables_targets\x00') ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0x9) openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x800, 0x1d4) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001bc0)=ANY=[@ANYBLOB="3800000024000b0f00"/20, @ANYRES32, @ANYBLOB="00000000ffffffff0000000007000100667100"], 0x38}}, 0x0) r4 = socket(0x11, 0x800000003, 0x0) r5 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001bc0)=ANY=[@ANYBLOB="3800000024000b0f00"/20, @ANYRES32=r6, @ANYBLOB="00000000ffffffff0000000007000100667100"], 0x38}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=@RTM_DELMDB={0x58, 0x55, 0x200, 0x70bd28, 0x25dfdbfc, {}, [@MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x0, 0x0, 0x2, {@ip4=@multicast1, 0x105ba}}}, @MDBA_SET_ENTRY={0x20, 0x1, {r6, 0x1, 0x2, 0x3, {@ip4=@private=0xa010102, 0x8edd}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x104}, 0x40000) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 763.781400] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 763.813549] FAULT_INJECTION: forcing a failure. [ 763.813549] name failslab, interval 1, probability 0, space 0, times 0 [ 763.824938] CPU: 1 PID: 18180 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0 [ 763.832836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 763.842193] Call Trace: [ 763.844794] dump_stack+0x1b2/0x281 [ 763.848420] should_fail.cold+0x10a/0x149 [ 763.852564] should_failslab+0xd6/0x130 [ 763.856536] __kmalloc_track_caller+0x2bc/0x400 [ 763.861218] ? kstrdup_const+0x35/0x60 [ 763.865144] ? lock_downgrade+0x740/0x740 [ 763.869294] kstrdup+0x36/0x70 [ 763.872497] kstrdup_const+0x35/0x60 [ 763.876216] alloc_vfsmnt+0xe0/0x7f0 [ 763.879931] clone_mnt+0x6c/0xff0 [ 763.883384] ? is_subdir+0x223/0x390 [ 763.887104] copy_tree+0x33e/0xa20 [ 763.890650] copy_mnt_ns+0x167/0xa30 [ 763.894384] ? create_new_namespaces+0x30/0x720 [ 763.899094] ? do_mount+0x2a00/0x2a00 [ 763.902899] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 763.907916] ? kmem_cache_alloc+0x35f/0x3c0 [ 763.912248] create_new_namespaces+0xc9/0x720 [ 763.916750] ? security_capable+0x88/0xb0 [ 763.920926] copy_namespaces+0x27b/0x310 [ 763.925005] copy_process.part.0+0x25f8/0x71c0 [ 763.929592] ? get_pid_task+0xb8/0x130 [ 763.933479] ? proc_fail_nth_write+0x7b/0x180 [ 763.937975] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 763.942921] ? __cleanup_sighand+0x40/0x40 [ 763.947189] ? lock_downgrade+0x740/0x740 [ 763.951377] _do_fork+0x184/0xc80 [ 763.954855] ? fork_idle+0x270/0x270 [ 763.958571] ? fput+0xb/0x140 [ 763.961676] ? SyS_write+0x14d/0x210 [ 763.965389] ? SyS_read+0x210/0x210 [ 763.969016] ? __do_page_fault+0x159/0xad0 [ 763.973248] ? do_syscall_64+0x4c/0x640 [ 763.977224] ? sys_vfork+0x20/0x20 [ 763.980770] do_syscall_64+0x1d5/0x640 [ 763.984667] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 763.989966] RIP: 0033:0x466459 [ 763.993179] RSP: 002b:00007fd83f2f4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 764.000889] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 764.009374] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 764.016643] RBP: 00007fd83f2f41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 764.023919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 764.031415] R13: 00007ffefefe45cf R14: 00007fd83f2f4300 R15: 0000000000022000 [ 764.040920] FAULT_INJECTION: forcing a failure. [ 764.040920] name failslab, interval 1, probability 0, space 0, times 0 [ 764.052852] CPU: 0 PID: 18182 Comm: syz-executor.3 Not tainted 4.14.228-syzkaller #0 [ 764.060751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 764.070113] Call Trace: [ 764.072744] dump_stack+0x1b2/0x281 [ 764.076384] should_fail.cold+0x10a/0x149 [ 764.080540] should_failslab+0xd6/0x130 [ 764.084524] kmem_cache_alloc+0x28e/0x3c0 [ 764.088677] alloc_vfsmnt+0x23/0x7f0 [ 764.092398] clone_mnt+0x6c/0xff0 [ 764.095865] ? is_subdir+0x223/0x390 [ 764.099589] copy_tree+0x33e/0xa20 [ 764.103571] copy_mnt_ns+0x167/0xa30 [ 764.107300] ? create_new_namespaces+0x30/0x720 [ 764.111977] ? do_mount+0x2a00/0x2a00 [ 764.115787] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 764.120811] ? kmem_cache_alloc+0x35f/0x3c0 [ 764.125141] create_new_namespaces+0xc9/0x720 [ 764.129641] ? security_capable+0x88/0xb0 [ 764.133797] copy_namespaces+0x27b/0x310 [ 764.137865] copy_process.part.0+0x25f8/0x71c0 [ 764.142504] ? get_pid_task+0xb8/0x130 [ 764.146484] ? proc_fail_nth_write+0x7b/0x180 [ 764.151073] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 764.156018] ? __cleanup_sighand+0x40/0x40 [ 764.160271] ? lock_downgrade+0x740/0x740 [ 764.164431] _do_fork+0x184/0xc80 [ 764.167894] ? fork_idle+0x270/0x270 [ 764.171703] ? fput+0xb/0x140 [ 764.174806] ? SyS_write+0x14d/0x210 [ 764.178524] ? SyS_read+0x210/0x210 [ 764.182155] ? __do_page_fault+0x159/0xad0 [ 764.186393] ? do_syscall_64+0x4c/0x640 [ 764.190369] ? sys_vfork+0x20/0x20 [ 764.193914] do_syscall_64+0x1d5/0x640 [ 764.197836] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 764.203024] RIP: 0033:0x466459 [ 764.206222] RSP: 002b:00007fdc763e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 764.213969] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 764.221273] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 764.228548] RBP: 00007fdc763e51d0 R08: ffffffffffffffff R09: 0000000000000000 [ 764.235848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 764.243144] R13: 00007ffe14220b5f R14: 00007fdc763e5300 R15: 0000000000022000 [ 764.259867] FAULT_INJECTION: forcing a failure. [ 764.259867] name failslab, interval 1, probability 0, space 0, times 0 [ 764.271535] CPU: 1 PID: 18185 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 764.280124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 764.289482] Call Trace: [ 764.292077] dump_stack+0x1b2/0x281 [ 764.295713] should_fail.cold+0x10a/0x149 [ 764.299899] should_failslab+0xd6/0x130 [ 764.303880] kmem_cache_alloc+0x28e/0x3c0 [ 764.308035] alloc_vfsmnt+0x23/0x7f0 [ 764.311753] clone_mnt+0x6c/0xff0 [ 764.315215] copy_tree+0x33e/0xa20 [ 764.318765] copy_mnt_ns+0x167/0xa30 [ 764.322480] ? create_new_namespaces+0x30/0x720 [ 764.327417] ? do_mount+0x2a00/0x2a00 [ 764.331222] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 764.336242] ? kmem_cache_alloc+0x35f/0x3c0 [ 764.340566] create_new_namespaces+0xc9/0x720 [ 764.345062] ? security_capable+0x88/0xb0 [ 764.349216] copy_namespaces+0x27b/0x310 [ 764.353281] copy_process.part.0+0x25f8/0x71c0 [ 764.357865] ? get_pid_task+0xb8/0x130 [ 764.361758] ? proc_fail_nth_write+0x7b/0x180 [ 764.366250] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 764.371278] ? __cleanup_sighand+0x40/0x40 [ 764.375533] ? lock_downgrade+0x740/0x740 [ 764.379702] _do_fork+0x184/0xc80 [ 764.383175] ? fork_idle+0x270/0x270 [ 764.386895] ? fput+0xb/0x140 [ 764.390023] ? SyS_write+0x14d/0x210 [ 764.393741] ? SyS_read+0x210/0x210 [ 764.397420] ? __do_page_fault+0x159/0xad0 [ 764.401658] ? do_syscall_64+0x4c/0x640 [ 764.405630] ? sys_vfork+0x20/0x20 [ 764.409171] do_syscall_64+0x1d5/0x640 [ 764.413063] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 764.418251] RIP: 0033:0x466459 [ 764.421439] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 764.429161] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 764.436432] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 764.443705] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 764.450981] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 764.458248] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 22:06:01 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) r2 = getpid() sched_setattr(r2, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) 22:06:01 executing program 2 (fault-call:10 fault-nth:14): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:01 executing program 3 (fault-call:10 fault-nth:13): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 764.618443] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 764.771512] FAULT_INJECTION: forcing a failure. [ 764.771512] name failslab, interval 1, probability 0, space 0, times 0 [ 764.782945] CPU: 1 PID: 18205 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0 [ 764.790858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 764.800235] Call Trace: [ 764.802836] dump_stack+0x1b2/0x281 [ 764.806558] should_fail.cold+0x10a/0x149 [ 764.810719] should_failslab+0xd6/0x130 [ 764.814708] __kmalloc_track_caller+0x2bc/0x400 [ 764.819382] ? kstrdup_const+0x35/0x60 [ 764.823277] ? lock_downgrade+0x740/0x740 [ 764.827433] kstrdup+0x36/0x70 [ 764.830689] kstrdup_const+0x35/0x60 [ 764.834412] alloc_vfsmnt+0xe0/0x7f0 [ 764.838137] clone_mnt+0x6c/0xff0 [ 764.841609] copy_tree+0x33e/0xa20 [ 764.845170] copy_mnt_ns+0x167/0xa30 [ 764.848924] ? create_new_namespaces+0x30/0x720 [ 764.853620] ? do_mount+0x2a00/0x2a00 [ 764.857432] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 764.862464] ? kmem_cache_alloc+0x35f/0x3c0 [ 764.866823] create_new_namespaces+0xc9/0x720 [ 764.871329] ? security_capable+0x88/0xb0 [ 764.875495] copy_namespaces+0x27b/0x310 [ 764.879569] copy_process.part.0+0x25f8/0x71c0 [ 764.884202] ? get_pid_task+0xb8/0x130 [ 764.890101] ? proc_fail_nth_write+0x7b/0x180 [ 764.894610] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 764.901389] ? __cleanup_sighand+0x40/0x40 [ 764.905636] ? lock_downgrade+0x740/0x740 [ 764.909796] _do_fork+0x184/0xc80 [ 764.913290] ? fork_idle+0x270/0x270 [ 764.917037] ? fput+0xb/0x140 [ 764.920149] ? SyS_write+0x14d/0x210 [ 764.923892] ? SyS_read+0x210/0x210 [ 764.927528] ? __do_page_fault+0x159/0xad0 [ 764.931776] ? do_syscall_64+0x4c/0x640 [ 764.935763] ? sys_vfork+0x20/0x20 [ 764.939309] do_syscall_64+0x1d5/0x640 [ 764.943203] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 764.948485] RIP: 0033:0x466459 [ 764.951677] RSP: 002b:00007fd83f2f4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 764.959397] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 764.966679] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 764.973960] RBP: 00007fd83f2f41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 764.981240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 764.988699] R13: 00007ffefefe45cf R14: 00007fd83f2f4300 R15: 0000000000022000 [ 764.997174] FAULT_INJECTION: forcing a failure. [ 764.997174] name failslab, interval 1, probability 0, space 0, times 0 [ 765.009850] CPU: 1 PID: 18198 Comm: syz-executor.3 Not tainted 4.14.228-syzkaller #0 [ 765.017771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 765.027233] Call Trace: [ 765.029837] dump_stack+0x1b2/0x281 [ 765.033472] should_fail.cold+0x10a/0x149 [ 765.037667] should_failslab+0xd6/0x130 [ 765.041654] kmem_cache_alloc+0x28e/0x3c0 [ 765.045851] alloc_vfsmnt+0x23/0x7f0 [ 765.049579] clone_mnt+0x6c/0xff0 [ 765.053086] copy_tree+0x33e/0xa20 [ 765.056671] copy_mnt_ns+0x167/0xa30 [ 765.060395] ? create_new_namespaces+0x30/0x720 [ 765.065076] ? do_mount+0x2a00/0x2a00 [ 765.068973] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 765.074390] ? kmem_cache_alloc+0x35f/0x3c0 [ 765.078750] create_new_namespaces+0xc9/0x720 [ 765.083357] ? security_capable+0x88/0xb0 [ 765.087521] copy_namespaces+0x27b/0x310 [ 765.092122] copy_process.part.0+0x25f8/0x71c0 [ 765.096741] ? get_pid_task+0xb8/0x130 [ 765.100678] ? proc_fail_nth_write+0x7b/0x180 [ 765.105208] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 765.110158] ? __cleanup_sighand+0x40/0x40 [ 765.114404] ? lock_downgrade+0x740/0x740 [ 765.118572] _do_fork+0x184/0xc80 [ 765.122040] ? fork_idle+0x270/0x270 [ 765.125763] ? fput+0xb/0x140 [ 765.128876] ? SyS_write+0x14d/0x210 [ 765.132599] ? SyS_read+0x210/0x210 [ 765.136234] ? __do_page_fault+0x159/0xad0 [ 765.140488] ? do_syscall_64+0x4c/0x640 [ 765.144469] ? sys_vfork+0x20/0x20 [ 765.148034] do_syscall_64+0x1d5/0x640 [ 765.151947] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 765.158837] RIP: 0033:0x466459 [ 765.162061] RSP: 002b:00007fdc76406188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 765.169865] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 765.177232] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 765.184534] RBP: 00007fdc764061d0 R08: ffffffffffffffff R09: 0000000000000000 [ 765.191991] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 765.199282] R13: 00007ffe14220b5f R14: 00007fdc76406300 R15: 0000000000022000 [ 765.636887] Bluetooth: hci3 command 0x040f tx timeout [ 767.711729] Bluetooth: hci3 command 0x0419 tx timeout [ 768.132358] IPVS: ftp: loaded support on port[0] = 21 [ 768.281181] chnl_net:caif_netlink_parms(): no params data found [ 768.336872] bridge0: port 1(bridge_slave_0) entered blocking state [ 768.344282] bridge0: port 1(bridge_slave_0) entered disabled state [ 768.351225] device bridge_slave_0 entered promiscuous mode [ 768.359737] bridge0: port 2(bridge_slave_1) entered blocking state [ 768.366531] bridge0: port 2(bridge_slave_1) entered disabled state [ 768.374371] device bridge_slave_1 entered promiscuous mode [ 768.393576] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 768.403686] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 768.423860] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 768.432113] team0: Port device team_slave_0 added [ 768.437531] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 768.445078] team0: Port device team_slave_1 added [ 768.462084] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 768.468367] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 768.494484] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 768.505897] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 768.512282] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 768.538170] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 768.549037] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 768.556672] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 768.577815] device hsr_slave_0 entered promiscuous mode [ 768.583741] device hsr_slave_1 entered promiscuous mode [ 768.589761] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 768.597467] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 768.668286] bridge0: port 2(bridge_slave_1) entered blocking state [ 768.674696] bridge0: port 2(bridge_slave_1) entered forwarding state [ 768.681514] bridge0: port 1(bridge_slave_0) entered blocking state [ 768.687870] bridge0: port 1(bridge_slave_0) entered forwarding state [ 768.720706] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 768.727813] 8021q: adding VLAN 0 to HW filter on device bond0 [ 768.736877] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 768.746319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 768.754389] bridge0: port 1(bridge_slave_0) entered disabled state [ 768.771540] bridge0: port 2(bridge_slave_1) entered disabled state [ 768.782235] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 768.788337] 8021q: adding VLAN 0 to HW filter on device team0 [ 768.798259] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 768.806062] bridge0: port 1(bridge_slave_0) entered blocking state [ 768.812476] bridge0: port 1(bridge_slave_0) entered forwarding state [ 768.822608] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 768.830288] bridge0: port 2(bridge_slave_1) entered blocking state [ 768.836850] bridge0: port 2(bridge_slave_1) entered forwarding state [ 768.851480] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 768.859674] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 768.871553] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 768.882066] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 768.892010] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 768.902950] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 768.908976] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 768.922888] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 768.930202] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 768.937486] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 768.947947] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 769.003094] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 769.014189] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 769.048357] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 769.056012] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 769.063119] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 769.073075] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 769.080541] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 769.088110] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 769.097057] device veth0_vlan entered promiscuous mode [ 769.107431] device veth1_vlan entered promiscuous mode [ 769.113743] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 769.122867] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 769.134364] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 769.144650] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 769.152405] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 769.159599] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 769.169325] device veth0_macvtap entered promiscuous mode [ 769.175960] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 769.185551] device veth1_macvtap entered promiscuous mode [ 769.194229] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 769.205654] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 769.215056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 769.225326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 769.234886] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 769.245596] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 769.254797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 769.264692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 769.275002] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 769.284990] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 769.294165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 769.303982] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 769.315036] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 769.322616] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 769.329631] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 769.338774] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 769.348543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 769.358388] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 769.367635] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 769.377461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 769.386786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 769.396561] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 769.405839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 769.415741] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 769.425056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 769.435476] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 769.446224] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 769.453194] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 769.460219] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 769.468338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 22:06:05 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, r4, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r4) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r5 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, &(0x7f0000000040)) r6 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r6, 0x0) accept4$unix(r6, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) 22:06:05 executing program 4 (fault-call:10 fault-nth:67): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:05 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r2, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x0, 0x0, 0x53) vmsplice(r2, &(0x7f00000014c0)=[{&(0x7f00000000c0)="7d58cfa5596e37e6932dc625fc697280f1335b65c8f7f1a0df0be18d4685c729a9d4d8f407253239904943db7e1c5cdde4abe6635921e8b18e54e6cf0578831dc966228aadfbc848ac6b51a3687295792e24997ec145d7cf4c2e03365f4172ec15d6293a3b46c545d12fc8a46fdee99164c1ca7b6d206ca1958d027a9b12225639b160739e", 0x85}, {&(0x7f0000000300)="60a2c5ed11384dd9afca126c3a0c8685d1898369b0a05e5e3e6fb2296f44da6f8b7586c07ab0fe95d899717fa766e7bfe028b7f25cf2dd6b79ec8233efb077d3c3bf10f95d089f11f0903b93032a81faa9f463734e5261a5565383487ed36827dd28b10bb9cbe74798e2bfde9a75d2a04b04ba2d697f894b0cd9e0cb2ab517a4e4c1cc8966627ddd2b1f91af6860eb900fdd3d52ebd65c6f44ab6e4a119bb9a3b0734aa3a32ed35b140e2796af", 0xad}, {&(0x7f00000003c0)="860ad1afb131abdb36773d2015338d95a01962a9b0f6c9f99d799e1c1eda9371c3ceea6ec76bacfe9e26127b37ab11763264af688cb0b3967e00fa1867d0e0276b14428e10500958e4fd8b25cfa90e39c127f7e34a5b8ba3b51d7bc0aacf5661ae448dc31c664b252a50eadcf844771c29ccea14d6b9a47ce1", 0x79}, {&(0x7f0000000180)="922266e4481fc2e4a8e3bbc285c1fa65230a9d319dfb6debcba45e07a2180159e1fbf68e0265f8271bc4f9bb47e44363ed02c9ef5ab2b759c08df8b5bc", 0x3d}, {&(0x7f0000000440)="57456333cb08a2fcdf06ac64570ed02a0707b0495a57d325df3715d132f7911569b10293527b889fedaf68d6742a1a8b190c2b54906167fe08396b4b39b81ba8f3b435707d4d0cde7170bd3f3a19be57eb3b693ecbb3fec923d8c14de55e597019835c9131b9472c17e57c46516d1ff88a55c0269e8af3e7d83aeb9e31fa8bdb72294bf08214f1f6ee53d95d6b57f4013d9a0a7171aef0c0ab6d2eee04ca61e447b75b9c8ea8f7fc5ccd795509d7a729bc721803cd00e8f536b1df7949c4ceab22d014c34b2d034a5548a6ba520bd018835868381311c431c2927520834f3c678590ab33bf9f7608feedfa98b8038ba00eb1a95731c7520960689da98659517d6f74879b78de1b68f91eeb37256f76a1cf32b4eea952c81cacdd9c85fec98e7890efc7907111492f17bca28fbeb52a81c6e184c6536275e5a78dc05966b0bd1eb69b07d548f4d4b55069dec29ebc019a7c5bdb12992f59c5a959b75521f9f859ccbddbb54286e06749ac23ce27c529842631284153fd43ae8e95c2a766e21c885876e5d003dcdcdfbe35aa3049a0449c762bcdfc63ccb79524c2afee6b93eda4cfa113907b425ea1f15748646541eb7618d44cfbb6f052a8f326c616cfa8f3c5034fe4dbd1b76faf60e3b07e9f5c3f065633474628fb958ffb09df24ba4c2338e9647fd34c55a0d482cceb591d0e750b1193c96d5bb683c0648990b0b533c335706512589cbe8b6e6fab8ec8f970364ac1e791b16763f2f1229e9bcdcd03ac08c43616fd0e6c377100679f2246f82eb2832e21648cdffc15d476c345a7bf0f0b7dbc6f862b4b8a90a9a048083eaa14ab207f8a6287ff4d9443491f9b0ed14759dfdf8fa71b3b2b38cc56be0f64f22300617d07350c16acc09f5f7e56c5b9db933528c47abddc9d315df76b37d1816e369584ca76326bdae5182981e3e965483850ac9c4b4a70aa2905e201e90729ead8df38dfdf447a0c8179b3a52ec2beb205f975667db4fe1c6a8e6f6d1884eea07e1ac4758365c59f47ea4c81e1782a38b130a223c95a19f184e3d4674a7baf4e61d2f3d6f0823c164b42b0baef247ef3bcc36c30571652b3df8ededf9a875c5c7fa88868df5884b4c2204f25d88cc81c581ad6abdcde6bad483ac858edd99e1c30612c6e2a0fd29efa04768722728360b4422e61e00302e8fa02ce0e7c48325f1dbd2713a14d7e55ebf94649cf628f28841fa81a0340a36746b32e80450a8573178b94ce39fae458d71568dcbcd9f36bb4ef280e79475645c37c42ee3c0cef3aa174b9ef17dd32c144be1e50d2e78f9f24d19c59126a06202b4ef7ec20a0eaffc4932cbe357aa3355482bd3722e3ff83b696bbee226624e2552d9d81ccf3ec43d93621b7ba7bf8acaaff5117d3fba177f9f40095796042a45d7d957dcb82bcc7afddfd9f879511af164692c3d2dd68531d02e6845133e0de07a38b151f3110f50b911067e64868fba60655f5ae437a2160cf8c643a97c73415a5d0cdc435cbcf728c611cd3d874fba85219ec133afcd60595e0ffbb80afa720c6efcfa531e78e71470b9bbc9786c34d84927fc3b00b68d082cf7fb060d9ecc597880f433f99d9ea6bb15a8266339589e54efc4d48b78e374da191dca53156593fb58b22b508a5eee2108c9a58436b193a408795fb1bfbb85ee4401b6368c36ae507268e7dfb3bc0a45cfee012b79b63746e93fbf1e843dfa323d4da71a6dc01aa41cd9c1407ffe4349df1fa3812e481b5abf44685cf7f7802fa9c7496192909a26b88e8556ad70c7dbe76c7e43b27bd87fe796631caf5185b7948e9f7403ab4f8487ccbfcc8413256e1c6c8cc3f6158bb48b9d7dee415ee80f88d1ce464d38916736d799de3f93c244410caff370f1f6227b245ef6d7dff15af2a77edcaf9de7db96467c2885ea9f96bd182f896fbe9d180dff42425a452de7763b20f4a66522b632d061f0d8b1158eaafd834149b0d14bc609b0c5cf2f3c0168d39ed147cd0523e3bd6eb64e8ef63bccba0ae432b5acfc7d8fda516bce71c43f0909d413e6de848bccfc85b39b8df72858e99b853bdb12fd6881ea57f5b68be5f3f847afe4e92f5b39e8064ffce73715ccebec97ef26a86fea78f7fbbef0c421738507ed661c4a3e70036c070f332f11279a7585de728f23d6f78f48fa9a8d6d1e0cd056676b5741e1950308f88451aafc38c2d94bd72306a5fcb7f7fd7ed44042cedae958ff53c14adc421bd4b0f37b30914910fd2da2d47691a14dded3cb9bd700ca4948cb4dff33402b71c5afdb437c0889ce03f71418c42d016a6608f7ebd0562d69d9e75e69f110419303662455eab1a0af16ca720127081416d5a9ebd2547a0682a40dee2819567dbce7e55dce965ade9bdcfe93e5176d2c26a7dcf63784b505664f14a9f6d09e4348804f2b8008817618ec200670c6cdb312bbb885f22e667867dea45c0731622f78fea0cc241c6721904e39c8f42fc560e9c4d6f054e01ff1523bea7f6a9b4af346e9eff99dd707cbb9710a14b39e31b3278cfd8720c75e16ac343ee4e81ba6bb3b43305a7b7e4986969dbe5496f1002931032ab19f4206a692f3ffe3fcc7f67cb64b375de3e3c3ed2304a3ae983997c439abf46abac4a223d9bb23e63159cd4f2215aacb380a1ab34621c8b2e4524fff7cf77d4459d2e01c351d987ee0c880a1148fc4255468945c42f58e62ebe7ef51907b12ef0614310ed9407e0159aaf547a7e929fae87247eaf878c6891277103e5dae42d8053d72fa6c83a884ea614ff316b64e8a1e670e14b4035722a93912e8986667c566a0fd37db3b9262d6e2c7a674284a6383756fb029391a6a65c7f7214eb4f019afb2fdaefe95622d8652d603efd00093ba6fd452b6ff2857ff34fca6c1c8ae2f0297ab1ba2980595e1b023f54eb58415d01a52e34277472c4d7a05feb0e1df264e63b5e97b7fbd098e7ef75016283a407e7b3eae85b99c6fce65cff22ba70f58c178fba1533f4ee22eab959ed37ccb0582553a28024c3a47bd38e91639bc9317e944ea712ab1890a94895558e80149183092a5b9680c30af24dd7088ae9364046823338da532595fbdc829fb26517e8e2fa76d420c06e34277eb4c43168bb4b5c1e93c9133c3c6c5bc62a281f3fd7986541dc7410e63a7b1491762aa592fae2a6a648477feab51b123b98ab5fbfe9abda018519c4ea5ada399def6ee7c2e141cb7fd8bf25437273273cc45a4192402bebffa91897bed394734f38f0cbbbcd638187f653a91dba91f389d88452700f43e27841dc3f7d29e865caf7346b1074b76344682bab1f6d35e5dbf998efd61ae0342a5955627b548b13953dfe114ed289f209e7c80da7028f70b196906dc1b909d2fc934a5225d540270606ecd2bc0f3fbdce07bd65c3121126363e414697a171e8622cb810ee9061ffba4a2965c12c2e86a474938ad57f03d772b4a26c3d5f157f83c10568258e0f189559c53972abc3942c1cb36fd2fed24ac453a6e58b156eccfecac82b2fc76ab17fc522f896141d3593429fc5ea6e28889d9b8773a1d450282feb0d76d8d1e4d99030b2b310eed90d1d1273adccca6f74e9f26aec79618fc8f0fe8746b2ab039b983fa93525c0c17fc22f50e1d247223a884e6a5b2fa46e49f2694293de8fe42585b8610ab9ec65aef14bbf8ff9a4565692455f77f0b7acefb93f6bbf3dc51392654d0d833ed7b4dc6305483fb89d2cf141f67bfc11580d2ff04e1338002d8283bf7b03acf8a3a9334dae4d74d37f335c2a465bd72afe6d4062fc3ce5da36d7e9c7962950638a055724c0c46f0cbe2949ef2f4b8be96533163a8e5cee249c7cea3371d75ddd33ec2c0e3ed6395d14b0f9d2ef47fd062204e8e7ce9dd832777aa5d855b642afbc93021ba5dd7343c071b247d454a20d2897275fefd82089f5617660a62671aae21bd35c67c6609b6eccc05c2fe317cbf9d0d383f132341c01f1ee28ad23d2a7c5beae5cb911c4831e07c9c6c15ee80dbd25025c3640371b4e5cb3b0b3f3fc55114a15923ae82c48faa11fbd301821f464c766340b10a9e9d3ddf446002c215831822cc77864ae32b1ed4f56bf8fa0c46ac3b4867c9c07124d117c2a31c137c975da942643f830f392200c5b44ce73bb3c86227429edcb9dbce5fe545eb16b4ce261b1a88ea75b52101bb2e35f85ff6a44be30b079233fc497d2be86ee409a5e72583dfd039c03f1b40c2d80c3df9917e706e8c05990fc0e9e3cb6ffbfc1040d45e0d2efa53460ea449eb1e31a9b4ee320a5f52fd3b5cb03a5c02bfc713a15ce3bae3b9bf379aea08cccd32a031363d0c0619f9462d0eceeaa87611a226955c38e8dfdf037610432ef4bb541cf93aee71591bd7925e5418cedd0878fe8b9f4fd2bf3b944fcfc2ba543d6f94f382695d1a6397a019fb1c1fd2cd431506fe4280fcd72e579a7b9dc745947c6e6b0eca683e7fa732b4fbf165a354d868efff5b46085ea85e4d65d6f4e358899ca948cf0dc38bfcdfd68d6d7bfd7b7a5c5bc4f876021ea786d33b9e66ff4137743b3d5a223f9d11bf0134ee52165a28000f1e2c4d71f202135f9b8dcdcf18913b402ea52f36ba1488c113c9c307337cca98370d73dc11a54970ecd637b42fb66fd5a97ec027a8643ce2c8b0f96c22d65470d6affd8e977c9b6f343c18a2deeb05b48fd237b0251e9caf8e19e4a1d77ff450260f097bced70dd6a9b2e009fa45950611f7078c77775cc8d0f937cad94240bf812426b7a18ad6356982902fd9f175ce38ac61d955253a81d1d852007b936a075aad177ed7996e2c7004c2fcaed31613387af21e0a0f6d7abdbd6dd664870740a83936b4295572c3d13423561ff1348ece80271868846bc250d78bdaae8394dbd91e202264e5107e6951fd161f775d6dddd43ec28871e847edda3ba4ce959776fd52dd3a625999355c280960eb4f8408f91a72e9ad4a69ed201cb2aed6db444763ab4c7cd00c78c84412f2e517f921077f72c13c3e38f7d84d96b2061404fc4aec6e3ce632c2ed17687dd1fb27511c4cd0dd54397192843da3207595ceb759e9be35b95d33f4fec66fcd253574af7c3259c77d79da5adca6d67aacc3d56a41912662cb6589a671b00eefad71a5e783fa747f5631070478018219ccec3299c8996f85901cbd1ee4622cbbd12ecdbe439b3d87a91d98c0ef8b3b4eff7b62b0853cb894b3dafdd912d38b00ec5291c894007b86aa9fdff0f7c127fa03005e88efb01e1e52e653fcc42b950b3bb94a43772745362893ba14ff1b8a8924ca69347e5ba05ed105f0d00c63e5a51fc0113d00a64165815ce1951e8536c1db6e49543f73543f22d1820b97dfb414f00b2873749d16616ed869bfe2f625b0107e6f6444f60fe584dfe3c51c3376b495f33d883029a50e9dca07e1d42205ba843c1337502a791e4f564b94f22fbb60ef8e36fa07789edd6c7371ccb6028022d468a24f47b33fdd938f2f13cbb98d1e3edc8a353feb0fe68a73c9b6993a60f84bc057fa585a9a61fdedbd9273ac3daabc9bd7384e586b9745b53b49be627c116da89ec20e69aa36f367e4a697894e1b58f9c107c69733b0112b425aa1e3dcb2cbb594d2782524a23e5c1aa6265153b819ed01d447286c8fe7a80b8e8ea5f3e71ba75ca44ac1c45ca4f02d28316f205d85d3ad7f57b6c6a27ceb155e4aca11437b7457287da8df7819aaa26468efc96a17fb5f7dd2fdf38b578b55eddde8a73fff9e9ebd4f5dab3683d3bd8a2e4c5822c62fe5bcd222da3eb81d51dc0cfa0da2596488c50f3d7c7248f02", 0x1000}, {&(0x7f0000001440)="05a1f2b7f8ba7404934ebf7fc90a572223c7e0fc6597b416b13db5a4c7fea850a257317ec51d356b735f119d1b826fc09503f1442d176802c593cdccd46b6ddf1a842f3731164373937feab7f8041c016dca3407b5321120c8e24f479ba2a101e2fa146d2581af4683117b0ddc2c14d7e03e", 0x72}], 0x6, 0x1) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f0000000fc0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000f80)={&(0x7f0000000f00)={0x4c, 0x0, 0x200, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_P2P_OPPPS={0x5, 0xa3, 0x1}, @NL80211_ATTR_BSS_SHORT_PREAMBLE={0x5, 0x1d, 0x9}, @NL80211_ATTR_BSS_CTS_PROT={0x5, 0x1c, 0x2}, @NL80211_ATTR_P2P_OPPPS={0x5}, @NL80211_ATTR_P2P_OPPPS={0x5}, @NL80211_ATTR_BSS_SHORT_SLOT_TIME={0x5, 0x1e, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x2000c851}, 0x4000) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000002100)={&(0x7f0000002040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000020c0)={&(0x7f0000002080)={0x2c, 0x0, 0x4, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x2, 0x12}}}}, [@NL80211_ATTR_KEY_DEFAULT={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) creat(&(0x7f0000000040)='./file0\x00', 0x2) 22:06:05 executing program 3 (fault-call:10 fault-nth:14): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:05 executing program 2 (fault-call:10 fault-nth:15): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:05 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) r2 = getpid() sched_setattr(r2, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) 22:06:06 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", 0x0, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, 0x0, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r4 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r5, 0x0) accept4$unix(r5, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) [ 769.714127] FAULT_INJECTION: forcing a failure. [ 769.714127] name failslab, interval 1, probability 0, space 0, times 0 [ 769.728109] CPU: 0 PID: 18490 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0 [ 769.736018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 769.745377] Call Trace: [ 769.747974] dump_stack+0x1b2/0x281 [ 769.751602] should_fail.cold+0x10a/0x149 [ 769.755746] should_failslab+0xd6/0x130 [ 769.760499] __kmalloc_track_caller+0x2bc/0x400 [ 769.765163] ? kstrdup_const+0x35/0x60 [ 769.769042] ? lock_downgrade+0x740/0x740 [ 769.773273] kstrdup+0x36/0x70 [ 769.776470] kstrdup_const+0x35/0x60 [ 769.780175] alloc_vfsmnt+0xe0/0x7f0 [ 769.783908] clone_mnt+0x6c/0xff0 [ 769.787369] copy_tree+0x33e/0xa20 [ 769.790904] copy_mnt_ns+0x167/0xa30 [ 769.794622] ? create_new_namespaces+0x30/0x720 [ 769.799295] ? do_mount+0x2a00/0x2a00 [ 769.803102] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 769.808153] ? kmem_cache_alloc+0x35f/0x3c0 [ 769.812479] create_new_namespaces+0xc9/0x720 [ 769.816982] ? security_capable+0x88/0xb0 [ 769.821164] copy_namespaces+0x27b/0x310 [ 769.825252] copy_process.part.0+0x25f8/0x71c0 [ 769.829874] ? get_pid_task+0xb8/0x130 [ 769.833765] ? proc_fail_nth_write+0x7b/0x180 [ 769.838266] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 769.843212] ? __cleanup_sighand+0x40/0x40 [ 769.847457] ? lock_downgrade+0x740/0x740 [ 769.851604] _do_fork+0x184/0xc80 [ 769.855044] ? fork_idle+0x270/0x270 [ 769.858746] ? fput+0xb/0x140 [ 769.862188] ? SyS_write+0x14d/0x210 [ 769.865908] ? SyS_read+0x210/0x210 [ 769.869568] ? __do_page_fault+0x159/0xad0 [ 769.873801] ? do_syscall_64+0x4c/0x640 [ 769.877778] ? sys_vfork+0x20/0x20 [ 769.881326] do_syscall_64+0x1d5/0x640 [ 769.885247] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 769.890441] RIP: 0033:0x466459 [ 769.893632] RSP: 002b:00007fd83f2f4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 769.901340] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 22:06:06 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", 0x0, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, 0x0, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r4 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r5, 0x0) accept4$unix(r5, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) [ 769.908603] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 769.915853] RBP: 00007fd83f2f41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 769.923112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 769.930403] R13: 00007ffefefe45cf R14: 00007fd83f2f4300 R15: 0000000000022000 [ 769.954463] FAULT_INJECTION: forcing a failure. [ 769.954463] name failslab, interval 1, probability 0, space 0, times 0 [ 769.965845] CPU: 0 PID: 18492 Comm: syz-executor.3 Not tainted 4.14.228-syzkaller #0 [ 769.973730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 769.983080] Call Trace: [ 769.985673] dump_stack+0x1b2/0x281 [ 769.989311] should_fail.cold+0x10a/0x149 [ 769.993468] should_failslab+0xd6/0x130 [ 769.997451] __kmalloc_track_caller+0x2bc/0x400 [ 770.002121] ? kstrdup_const+0x35/0x60 [ 770.006011] ? lock_downgrade+0x740/0x740 [ 770.010161] kstrdup+0x36/0x70 [ 770.013378] kstrdup_const+0x35/0x60 [ 770.017093] alloc_vfsmnt+0xe0/0x7f0 [ 770.020813] clone_mnt+0x6c/0xff0 [ 770.024271] copy_tree+0x33e/0xa20 [ 770.027832] copy_mnt_ns+0x167/0xa30 [ 770.031563] ? create_new_namespaces+0x30/0x720 [ 770.036236] ? do_mount+0x2a00/0x2a00 [ 770.040081] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 770.045107] ? kmem_cache_alloc+0x35f/0x3c0 [ 770.049444] create_new_namespaces+0xc9/0x720 [ 770.053947] ? security_capable+0x88/0xb0 [ 770.058106] copy_namespaces+0x27b/0x310 [ 770.062176] copy_process.part.0+0x25f8/0x71c0 [ 770.066766] ? get_pid_task+0xb8/0x130 [ 770.070654] ? proc_fail_nth_write+0x7b/0x180 [ 770.075153] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 770.080202] ? __cleanup_sighand+0x40/0x40 [ 770.084425] ? lock_downgrade+0x740/0x740 [ 770.089081] _do_fork+0x184/0xc80 [ 770.092530] ? fork_idle+0x270/0x270 [ 770.096245] ? fput+0xb/0x140 [ 770.099410] ? SyS_write+0x14d/0x210 [ 770.103530] ? SyS_read+0x210/0x210 [ 770.107151] ? __do_page_fault+0x159/0xad0 [ 770.111466] ? do_syscall_64+0x4c/0x640 [ 770.115435] ? sys_vfork+0x20/0x20 [ 770.118962] do_syscall_64+0x1d5/0x640 [ 770.122861] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 770.128043] RIP: 0033:0x466459 [ 770.131212] RSP: 002b:00007fdc763e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 770.138951] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 770.146305] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 770.153574] RBP: 00007fdc763e51d0 R08: ffffffffffffffff R09: 0000000000000000 [ 770.160925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 770.168185] R13: 00007ffe14220b5f R14: 00007fdc763e5300 R15: 0000000000022000 [ 770.194822] Bluetooth: hci2 command 0x0409 tx timeout [ 770.195057] FAULT_INJECTION: forcing a failure. [ 770.195057] name failslab, interval 1, probability 0, space 0, times 0 22:06:06 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", 0x0, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, 0x0, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r4 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r5, 0x0) accept4$unix(r5, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) [ 770.211645] CPU: 0 PID: 18502 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 770.219550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 770.228903] Call Trace: [ 770.231507] dump_stack+0x1b2/0x281 [ 770.235774] should_fail.cold+0x10a/0x149 [ 770.239941] should_failslab+0xd6/0x130 [ 770.243929] __kmalloc_track_caller+0x2bc/0x400 [ 770.248600] ? kstrdup_const+0x35/0x60 [ 770.252488] ? lock_downgrade+0x740/0x740 [ 770.256644] kstrdup+0x36/0x70 [ 770.259849] kstrdup_const+0x35/0x60 [ 770.263586] alloc_vfsmnt+0xe0/0x7f0 [ 770.267302] clone_mnt+0x6c/0xff0 [ 770.270758] copy_tree+0x33e/0xa20 [ 770.274315] copy_mnt_ns+0x167/0xa30 [ 770.278131] ? create_new_namespaces+0x30/0x720 [ 770.282825] ? do_mount+0x2a00/0x2a00 [ 770.286631] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 770.291655] ? kmem_cache_alloc+0x35f/0x3c0 [ 770.295998] create_new_namespaces+0xc9/0x720 [ 770.300516] ? security_capable+0x88/0xb0 [ 770.305192] copy_namespaces+0x27b/0x310 [ 770.309268] copy_process.part.0+0x25f8/0x71c0 [ 770.313868] ? get_pid_task+0xb8/0x130 [ 770.317759] ? proc_fail_nth_write+0x7b/0x180 [ 770.322267] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 770.327215] ? __cleanup_sighand+0x40/0x40 [ 770.331454] ? lock_downgrade+0x740/0x740 [ 770.335613] _do_fork+0x184/0xc80 [ 770.339072] ? fork_idle+0x270/0x270 [ 770.342823] ? fput+0xb/0x140 [ 770.345931] ? SyS_write+0x14d/0x210 [ 770.349665] ? SyS_read+0x210/0x210 [ 770.353296] ? __do_page_fault+0x159/0xad0 [ 770.357539] ? do_syscall_64+0x4c/0x640 [ 770.361537] ? sys_vfork+0x20/0x20 [ 770.365082] do_syscall_64+0x1d5/0x640 [ 770.368974] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 770.374163] RIP: 0033:0x466459 [ 770.377349] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 770.385409] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 770.392681] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 770.399991] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 770.407274] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 770.414543] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 22:06:06 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() sched_setattr(r2, 0x0, 0x0) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) 22:06:06 executing program 2 (fault-call:10 fault-nth:16): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:06 executing program 3 (fault-call:10 fault-nth:15): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:06 executing program 4 (fault-call:10 fault-nth:68): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:06 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000440)={0x0, {}, 0x0, {}, 0x4, 0x3, 0x16, 0xd, "7ef9054ca7b7391a711e7782fc4a5fa814f9e3c5db8937f594779398ff2fe33ca2c7df4172c6cbd0f892a6209be7967a56fee2a2ff8705db90550de938adb743", "d49c2915521ab203a60580803731340cdede1cf9e436223feb85e7d46c74d5c4", [0xfff, 0x5]}) r1 = getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) r4 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r4, 0x0) write$UHID_CREATE2(r4, &(0x7f0000000300)={0xb, {'syz0\x00', 'syz1\x00', 'syz0\x00', 0xb, 0x8800, 0xfffffeff, 0x4, 0x6226d6f7, 0x8f21, "70a3fbe02386ff140f27c1"}}, 0x123) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(r1, &(0x7f0000000200)={0x38, 0x5, 0x1, 0x0, 0x3, 0x3f}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 770.627358] FAULT_INJECTION: forcing a failure. [ 770.627358] name failslab, interval 1, probability 0, space 0, times 0 [ 770.639676] CPU: 0 PID: 18529 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0 [ 770.647571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 770.656929] Call Trace: [ 770.659551] dump_stack+0x1b2/0x281 [ 770.663186] should_fail.cold+0x10a/0x149 [ 770.667339] should_failslab+0xd6/0x130 [ 770.671339] kmem_cache_alloc+0x28e/0x3c0 [ 770.675486] alloc_vfsmnt+0x23/0x7f0 [ 770.679193] clone_mnt+0x6c/0xff0 [ 770.682647] copy_tree+0x33e/0xa20 [ 770.688745] copy_mnt_ns+0x167/0xa30 [ 770.692467] ? create_new_namespaces+0x30/0x720 [ 770.697243] ? do_mount+0x2a00/0x2a00 [ 770.701047] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 770.706094] ? kmem_cache_alloc+0x35f/0x3c0 [ 770.710458] create_new_namespaces+0xc9/0x720 [ 770.714957] ? security_capable+0x88/0xb0 [ 770.719116] copy_namespaces+0x27b/0x310 [ 770.723227] copy_process.part.0+0x25f8/0x71c0 [ 770.727844] ? get_pid_task+0xb8/0x130 [ 770.731730] ? proc_fail_nth_write+0x7b/0x180 [ 770.736221] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 770.741169] ? __cleanup_sighand+0x40/0x40 [ 770.745400] ? lock_downgrade+0x740/0x740 [ 770.749552] _do_fork+0x184/0xc80 [ 770.753000] ? fork_idle+0x270/0x270 [ 770.756707] ? fput+0xb/0x140 [ 770.759801] ? SyS_write+0x14d/0x210 [ 770.763503] ? SyS_read+0x210/0x210 [ 770.767134] ? __do_page_fault+0x159/0xad0 [ 770.771359] ? do_syscall_64+0x4c/0x640 [ 770.775325] ? sys_vfork+0x20/0x20 [ 770.778864] do_syscall_64+0x1d5/0x640 [ 770.782752] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 770.787936] RIP: 0033:0x466459 [ 770.791113] RSP: 002b:00007fd83f2f4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 770.798813] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 770.806082] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 770.813341] RBP: 00007fd83f2f41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 770.821814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 770.829077] R13: 00007ffefefe45cf R14: 00007fd83f2f4300 R15: 0000000000022000 [ 770.889296] FAULT_INJECTION: forcing a failure. [ 770.889296] name failslab, interval 1, probability 0, space 0, times 0 [ 770.901007] CPU: 0 PID: 18524 Comm: syz-executor.3 Not tainted 4.14.228-syzkaller #0 [ 770.908905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 770.918553] Call Trace: [ 770.921163] dump_stack+0x1b2/0x281 [ 770.924802] should_fail.cold+0x10a/0x149 [ 770.928956] should_failslab+0xd6/0x130 [ 770.932952] __kmalloc_track_caller+0x2bc/0x400 [ 770.937627] ? kstrdup_const+0x35/0x60 [ 770.941546] ? lock_downgrade+0x740/0x740 [ 770.945696] kstrdup+0x36/0x70 [ 770.948905] kstrdup_const+0x35/0x60 [ 770.952620] alloc_vfsmnt+0xe0/0x7f0 [ 770.956364] clone_mnt+0x6c/0xff0 [ 770.959819] ? is_subdir+0x223/0x390 [ 770.963535] copy_tree+0x33e/0xa20 [ 770.967082] copy_mnt_ns+0x167/0xa30 [ 770.970807] ? create_new_namespaces+0x30/0x720 [ 770.975482] ? do_mount+0x2a00/0x2a00 [ 770.979294] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 770.984315] ? kmem_cache_alloc+0x35f/0x3c0 [ 770.988646] create_new_namespaces+0xc9/0x720 [ 770.993148] ? security_capable+0x88/0xb0 [ 770.997301] copy_namespaces+0x27b/0x310 [ 771.001456] copy_process.part.0+0x25f8/0x71c0 [ 771.006044] ? get_pid_task+0xb8/0x130 [ 771.009930] ? proc_fail_nth_write+0x7b/0x180 [ 771.014425] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 771.019371] ? __cleanup_sighand+0x40/0x40 [ 771.023704] ? lock_downgrade+0x740/0x740 [ 771.027856] _do_fork+0x184/0xc80 [ 771.031318] ? fork_idle+0x270/0x270 [ 771.035059] ? fput+0xb/0x140 [ 771.038162] ? SyS_write+0x14d/0x210 [ 771.041874] ? SyS_read+0x210/0x210 [ 771.045535] ? __do_page_fault+0x159/0xad0 [ 771.049781] ? do_syscall_64+0x4c/0x640 [ 771.053756] ? sys_vfork+0x20/0x20 [ 771.057327] do_syscall_64+0x1d5/0x640 [ 771.061216] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 771.066401] RIP: 0033:0x466459 [ 771.069587] RSP: 002b:00007fdc76406188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 771.077299] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 771.084565] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 771.091830] RBP: 00007fdc764061d0 R08: ffffffffffffffff R09: 0000000000000000 [ 771.099094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 771.106384] R13: 00007ffe14220b5f R14: 00007fdc76406300 R15: 0000000000022000 [ 771.127063] FAULT_INJECTION: forcing a failure. [ 771.127063] name failslab, interval 1, probability 0, space 0, times 0 [ 771.138984] CPU: 1 PID: 18546 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 771.146881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 771.157190] Call Trace: [ 771.159784] dump_stack+0x1b2/0x281 [ 771.163418] should_fail.cold+0x10a/0x149 [ 771.167569] should_failslab+0xd6/0x130 [ 771.171548] kmem_cache_alloc+0x28e/0x3c0 [ 771.175696] alloc_vfsmnt+0x23/0x7f0 [ 771.179408] clone_mnt+0x6c/0xff0 [ 771.182857] ? copy_tree+0x67c/0xa20 [ 771.186569] copy_tree+0x33e/0xa20 [ 771.190112] copy_mnt_ns+0x167/0xa30 [ 771.193829] ? create_new_namespaces+0x30/0x720 [ 771.198504] ? do_mount+0x2a00/0x2a00 [ 771.202342] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 771.207386] ? kmem_cache_alloc+0x35f/0x3c0 [ 771.211750] create_new_namespaces+0xc9/0x720 [ 771.216252] ? security_capable+0x88/0xb0 [ 771.220412] copy_namespaces+0x27b/0x310 [ 771.224491] copy_process.part.0+0x25f8/0x71c0 [ 771.229079] ? get_pid_task+0xb8/0x130 [ 771.232990] ? proc_fail_nth_write+0x7b/0x180 [ 771.237497] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 771.242446] ? __cleanup_sighand+0x40/0x40 [ 771.246677] ? lock_downgrade+0x740/0x740 [ 771.250827] _do_fork+0x184/0xc80 [ 771.254289] ? fork_idle+0x270/0x270 [ 771.258002] ? fput+0xb/0x140 [ 771.261110] ? SyS_write+0x14d/0x210 [ 771.264820] ? SyS_read+0x210/0x210 [ 771.268443] ? __do_page_fault+0x159/0xad0 [ 771.272677] ? do_syscall_64+0x4c/0x640 [ 771.276646] ? sys_vfork+0x20/0x20 [ 771.280180] do_syscall_64+0x1d5/0x640 [ 771.284073] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 771.289271] RIP: 0033:0x466459 [ 771.292461] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 771.300167] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 771.307445] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 771.314722] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 771.322004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 771.329285] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 22:06:07 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() sched_setattr(r2, 0x0, 0x0) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) 22:06:07 executing program 3 (fault-call:10 fault-nth:16): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:07 executing program 4 (fault-call:10 fault-nth:69): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:07 executing program 2 (fault-call:10 fault-nth:17): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 771.583465] FAULT_INJECTION: forcing a failure. [ 771.583465] name failslab, interval 1, probability 0, space 0, times 0 [ 771.595163] CPU: 1 PID: 18566 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0 [ 771.603063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 771.612427] Call Trace: [ 771.615045] dump_stack+0x1b2/0x281 [ 771.618674] should_fail.cold+0x10a/0x149 [ 771.622826] should_failslab+0xd6/0x130 [ 771.626817] kmem_cache_alloc+0x28e/0x3c0 [ 771.630989] alloc_vfsmnt+0x23/0x7f0 [ 771.634707] clone_mnt+0x6c/0xff0 [ 771.638175] copy_tree+0x33e/0xa20 [ 771.641721] copy_mnt_ns+0x167/0xa30 [ 771.645440] ? create_new_namespaces+0x30/0x720 [ 771.650106] ? do_mount+0x2a00/0x2a00 [ 771.653902] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 771.658917] ? kmem_cache_alloc+0x35f/0x3c0 [ 771.663240] create_new_namespaces+0xc9/0x720 [ 771.667759] ? security_capable+0x88/0xb0 [ 771.671913] copy_namespaces+0x27b/0x310 [ 771.675976] copy_process.part.0+0x25f8/0x71c0 [ 771.680583] ? get_pid_task+0xb8/0x130 [ 771.684500] ? proc_fail_nth_write+0x7b/0x180 [ 771.689002] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 771.693947] ? __cleanup_sighand+0x40/0x40 [ 771.698181] ? lock_downgrade+0x740/0x740 [ 771.702334] _do_fork+0x184/0xc80 [ 771.705794] ? fork_idle+0x270/0x270 [ 771.709536] ? fput+0xb/0x140 [ 771.712638] ? SyS_write+0x14d/0x210 [ 771.716350] ? SyS_read+0x210/0x210 [ 771.719974] ? __do_page_fault+0x159/0xad0 [ 771.724578] ? do_syscall_64+0x4c/0x640 [ 771.728572] ? sys_vfork+0x20/0x20 [ 771.732112] do_syscall_64+0x1d5/0x640 [ 771.736005] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 771.741192] RIP: 0033:0x466459 [ 771.744373] RSP: 002b:00007fd83f2f4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 771.752107] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 771.759636] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 771.766901] RBP: 00007fd83f2f41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 771.774168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 771.781438] R13: 00007ffefefe45cf R14: 00007fd83f2f4300 R15: 0000000000022000 [ 771.793919] FAULT_INJECTION: forcing a failure. [ 771.793919] name failslab, interval 1, probability 0, space 0, times 0 [ 771.805504] CPU: 0 PID: 18570 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 771.813492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 771.822845] Call Trace: [ 771.825440] dump_stack+0x1b2/0x281 [ 771.829084] should_fail.cold+0x10a/0x149 [ 771.833249] should_failslab+0xd6/0x130 [ 771.837224] kmem_cache_alloc+0x28e/0x3c0 [ 771.841381] alloc_vfsmnt+0x23/0x7f0 [ 771.845094] clone_mnt+0x6c/0xff0 [ 771.848546] copy_tree+0x33e/0xa20 [ 771.852110] copy_mnt_ns+0x167/0xa30 [ 771.856180] ? create_new_namespaces+0x30/0x720 [ 771.860850] ? do_mount+0x2a00/0x2a00 [ 771.864651] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 771.869668] ? kmem_cache_alloc+0x35f/0x3c0 [ 771.874017] create_new_namespaces+0xc9/0x720 [ 771.878531] ? security_capable+0x88/0xb0 [ 771.882727] copy_namespaces+0x27b/0x310 [ 771.886788] copy_process.part.0+0x25f8/0x71c0 [ 771.891389] ? get_pid_task+0xb8/0x130 [ 771.895307] ? proc_fail_nth_write+0x7b/0x180 [ 771.899797] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 771.904754] ? __cleanup_sighand+0x40/0x40 [ 771.908984] ? lock_downgrade+0x740/0x740 [ 771.913139] _do_fork+0x184/0xc80 [ 771.916595] ? fork_idle+0x270/0x270 [ 771.920337] ? fput+0xb/0x140 [ 771.923466] ? SyS_write+0x14d/0x210 [ 771.927182] ? SyS_read+0x210/0x210 [ 771.930906] ? __do_page_fault+0x159/0xad0 [ 771.935143] ? do_syscall_64+0x4c/0x640 [ 771.939118] ? sys_vfork+0x20/0x20 [ 771.943471] do_syscall_64+0x1d5/0x640 [ 771.947395] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 771.952590] RIP: 0033:0x466459 [ 771.955788] RSP: 002b:00007f19326cb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 771.963504] RAX: ffffffffffffffda RBX: 000000000056c0b0 RCX: 0000000000466459 [ 771.970772] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 771.978040] RBP: 00007f19326cb1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 771.985312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 771.992632] R13: 00007ffeea19aebf R14: 00007f19326cb300 R15: 0000000000022000 [ 772.003890] FAULT_INJECTION: forcing a failure. [ 772.003890] name failslab, interval 1, probability 0, space 0, times 0 [ 772.015859] CPU: 0 PID: 18572 Comm: syz-executor.3 Not tainted 4.14.228-syzkaller #0 [ 772.023757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 772.033109] Call Trace: [ 772.035755] dump_stack+0x1b2/0x281 [ 772.039384] should_fail.cold+0x10a/0x149 [ 772.043535] should_failslab+0xd6/0x130 [ 772.047511] __kmalloc_track_caller+0x2bc/0x400 [ 772.052198] ? kstrdup_const+0x35/0x60 [ 772.056086] ? lock_downgrade+0x740/0x740 [ 772.060236] kstrdup+0x36/0x70 [ 772.063436] kstrdup_const+0x35/0x60 [ 772.067150] alloc_vfsmnt+0xe0/0x7f0 [ 772.070863] clone_mnt+0x6c/0xff0 [ 772.074409] copy_tree+0x33e/0xa20 [ 772.077960] copy_mnt_ns+0x167/0xa30 [ 772.081765] ? create_new_namespaces+0x30/0x720 [ 772.086436] ? do_mount+0x2a00/0x2a00 [ 772.090275] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 772.095336] ? kmem_cache_alloc+0x35f/0x3c0 [ 772.099663] create_new_namespaces+0xc9/0x720 [ 772.104168] ? security_capable+0x88/0xb0 [ 772.108331] copy_namespaces+0x27b/0x310 [ 772.112402] copy_process.part.0+0x25f8/0x71c0 [ 772.117463] ? get_pid_task+0xb8/0x130 [ 772.121354] ? proc_fail_nth_write+0x7b/0x180 [ 772.125857] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 772.130803] ? __cleanup_sighand+0x40/0x40 [ 772.135219] ? lock_downgrade+0x740/0x740 [ 772.139379] _do_fork+0x184/0xc80 [ 772.142844] ? fork_idle+0x270/0x270 [ 772.146563] ? fput+0xb/0x140 [ 772.149668] ? SyS_write+0x14d/0x210 [ 772.153385] ? SyS_read+0x210/0x210 [ 772.157010] ? __do_page_fault+0x159/0xad0 [ 772.161253] ? do_syscall_64+0x4c/0x640 [ 772.165230] ? sys_vfork+0x20/0x20 [ 772.168777] do_syscall_64+0x1d5/0x640 [ 772.172763] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 772.177978] RIP: 0033:0x466459 [ 772.181162] RSP: 002b:00007fdc763e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 772.188972] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 772.196247] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 772.203524] RBP: 00007fdc763e51d0 R08: ffffffffffffffff R09: 0000000000000000 [ 772.210798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 772.218074] R13: 00007ffe14220b5f R14: 00007fdc763e5300 R15: 0000000000022000 22:06:08 executing program 2 (fault-call:10 fault-nth:18): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:08 executing program 4 (fault-call:10 fault-nth:70): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 772.511995] FAULT_INJECTION: forcing a failure. [ 772.511995] name failslab, interval 1, probability 0, space 0, times 0 [ 772.523281] CPU: 0 PID: 18585 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0 [ 772.531188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 772.540553] Call Trace: [ 772.543150] dump_stack+0x1b2/0x281 [ 772.546782] should_fail.cold+0x10a/0x149 [ 772.550935] should_failslab+0xd6/0x130 [ 772.554918] __kmalloc_track_caller+0x2bc/0x400 [ 772.559604] ? kstrdup_const+0x35/0x60 [ 772.563494] ? lock_downgrade+0x740/0x740 [ 772.567656] kstrdup+0x36/0x70 [ 772.570848] kstrdup_const+0x35/0x60 [ 772.574708] alloc_vfsmnt+0xe0/0x7f0 [ 772.578432] clone_mnt+0x6c/0xff0 [ 772.581912] copy_tree+0x33e/0xa20 [ 772.585459] copy_mnt_ns+0x167/0xa30 [ 772.589179] ? create_new_namespaces+0x30/0x720 [ 772.593856] ? do_mount+0x2a00/0x2a00 [ 772.597751] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 772.602767] ? kmem_cache_alloc+0x35f/0x3c0 [ 772.607095] create_new_namespaces+0xc9/0x720 [ 772.611687] ? security_capable+0x88/0xb0 [ 772.615846] copy_namespaces+0x27b/0x310 [ 772.619907] copy_process.part.0+0x25f8/0x71c0 [ 772.624521] ? get_pid_task+0xb8/0x130 [ 772.628413] ? proc_fail_nth_write+0x7b/0x180 [ 772.632910] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 772.637874] ? __cleanup_sighand+0x40/0x40 [ 772.642133] ? lock_downgrade+0x740/0x740 [ 772.646295] _do_fork+0x184/0xc80 [ 772.649753] ? fork_idle+0x270/0x270 [ 772.653468] ? fput+0xb/0x140 [ 772.656576] ? SyS_write+0x14d/0x210 [ 772.660313] ? SyS_read+0x210/0x210 [ 772.663940] ? __do_page_fault+0x159/0xad0 [ 772.668712] ? do_syscall_64+0x4c/0x640 [ 772.672709] ? sys_vfork+0x20/0x20 [ 772.676254] do_syscall_64+0x1d5/0x640 [ 772.680146] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 772.685330] RIP: 0033:0x466459 [ 772.688512] RSP: 002b:00007fd83f2f4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 772.696223] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 772.703493] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 772.710767] RBP: 00007fd83f2f41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 772.718036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 772.725304] R13: 00007ffefefe45cf R14: 00007fd83f2f4300 R15: 0000000000022000 [ 772.742198] FAULT_INJECTION: forcing a failure. [ 772.742198] name failslab, interval 1, probability 0, space 0, times 0 [ 772.753806] CPU: 1 PID: 18587 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 772.761702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 772.771063] Call Trace: [ 772.773659] dump_stack+0x1b2/0x281 [ 772.777289] should_fail.cold+0x10a/0x149 [ 772.781444] should_failslab+0xd6/0x130 [ 772.785427] __kmalloc_track_caller+0x2bc/0x400 [ 772.790192] ? kstrdup_const+0x35/0x60 [ 772.794088] kstrdup+0x36/0x70 [ 772.797279] kstrdup_const+0x35/0x60 [ 772.800993] alloc_vfsmnt+0xe0/0x7f0 [ 772.804707] clone_mnt+0x6c/0xff0 [ 772.808164] copy_tree+0x33e/0xa20 [ 772.811709] copy_mnt_ns+0x167/0xa30 [ 772.815424] ? create_new_namespaces+0x30/0x720 [ 772.820092] ? do_mount+0x2a00/0x2a00 [ 772.823920] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 772.829027] ? kmem_cache_alloc+0x35f/0x3c0 [ 772.833352] create_new_namespaces+0xc9/0x720 [ 772.837851] ? security_capable+0x88/0xb0 [ 772.842002] copy_namespaces+0x27b/0x310 [ 772.846076] copy_process.part.0+0x25f8/0x71c0 [ 772.850688] ? get_pid_task+0xb8/0x130 [ 772.854601] ? proc_fail_nth_write+0x7b/0x180 [ 772.859097] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 772.864034] ? __cleanup_sighand+0x40/0x40 [ 772.868270] ? lock_downgrade+0x740/0x740 [ 772.872446] _do_fork+0x184/0xc80 [ 772.875902] ? fork_idle+0x270/0x270 [ 772.879660] ? fput+0xb/0x140 [ 772.882764] ? SyS_write+0x14d/0x210 [ 772.886497] ? SyS_read+0x210/0x210 [ 772.890125] ? __do_page_fault+0x159/0xad0 [ 772.894357] ? do_syscall_64+0x4c/0x640 [ 772.898353] ? sys_vfork+0x20/0x20 [ 772.901919] do_syscall_64+0x1d5/0x640 [ 772.905871] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 772.911064] RIP: 0033:0x466459 [ 772.914269] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 772.921984] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 772.929251] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 772.936518] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 772.943785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 772.951047] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 [ 773.042835] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 773.050290] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 773.069514] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 773.077158] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 773.130513] device bridge_slave_1 left promiscuous mode [ 773.147645] bridge0: port 2(bridge_slave_1) entered disabled state [ 773.172194] device bridge_slave_0 left promiscuous mode [ 773.187506] bridge0: port 1(bridge_slave_0) entered disabled state [ 773.209257] device veth1_macvtap left promiscuous mode [ 773.220021] device veth0_macvtap left promiscuous mode [ 773.232805] device veth1_vlan left promiscuous mode [ 773.245522] device veth0_vlan left promiscuous mode [ 773.507374] device hsr_slave_1 left promiscuous mode [ 773.527291] device hsr_slave_0 left promiscuous mode [ 773.560130] team0 (unregistering): Port device team_slave_1 removed [ 773.584564] team0 (unregistering): Port device team_slave_0 removed [ 773.614978] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 773.651383] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 773.717015] bond0 (unregistering): Released all slaves [ 774.854745] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 774.861611] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 774.869012] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 774.876614] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 774.884501] device bridge_slave_1 left promiscuous mode [ 774.889975] bridge0: port 2(bridge_slave_1) entered disabled state [ 774.897582] device bridge_slave_0 left promiscuous mode [ 774.903519] bridge0: port 1(bridge_slave_0) entered disabled state [ 774.913403] device veth1_macvtap left promiscuous mode [ 774.919523] device veth0_macvtap left promiscuous mode [ 774.925033] device veth1_vlan left promiscuous mode [ 774.930103] device veth0_vlan left promiscuous mode [ 775.033865] device hsr_slave_1 left promiscuous mode [ 775.044311] device hsr_slave_0 left promiscuous mode [ 775.072741] team0 (unregistering): Port device team_slave_1 removed [ 775.083808] team0 (unregistering): Port device team_slave_0 removed [ 775.095669] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 775.107324] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 775.138302] bond0 (unregistering): Released all slaves [ 775.657846] IPVS: ftp: loaded support on port[0] = 21 [ 775.748238] chnl_net:caif_netlink_parms(): no params data found [ 775.801523] bridge0: port 1(bridge_slave_0) entered blocking state [ 775.808269] bridge0: port 1(bridge_slave_0) entered disabled state [ 775.817581] device bridge_slave_0 entered promiscuous mode [ 775.824622] bridge0: port 2(bridge_slave_1) entered blocking state [ 775.831005] bridge0: port 2(bridge_slave_1) entered disabled state [ 775.838541] device bridge_slave_1 entered promiscuous mode [ 775.857520] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 775.866445] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 775.885515] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 775.893999] team0: Port device team_slave_0 added [ 775.899420] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 775.906785] team0: Port device team_slave_1 added [ 775.923744] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 775.930016] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 775.957093] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 775.968124] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 775.974452] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 776.000471] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 776.011787] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 776.019270] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 776.042608] device hsr_slave_0 entered promiscuous mode [ 776.048340] device hsr_slave_1 entered promiscuous mode [ 776.054799] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 776.062088] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 776.132360] bridge0: port 2(bridge_slave_1) entered blocking state [ 776.138863] bridge0: port 2(bridge_slave_1) entered forwarding state [ 776.145733] bridge0: port 1(bridge_slave_0) entered blocking state [ 776.152265] bridge0: port 1(bridge_slave_0) entered forwarding state [ 776.163640] bridge0: port 1(bridge_slave_0) entered disabled state [ 776.170571] bridge0: port 2(bridge_slave_1) entered disabled state [ 776.201937] 8021q: adding VLAN 0 to HW filter on device bond0 [ 776.227477] IPVS: ftp: loaded support on port[0] = 21 [ 776.235510] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 776.248928] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 776.258069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 776.265979] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 776.276048] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 776.282894] 8021q: adding VLAN 0 to HW filter on device team0 [ 776.315288] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 776.325873] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 776.334050] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 776.342992] bridge0: port 1(bridge_slave_0) entered blocking state [ 776.349338] bridge0: port 1(bridge_slave_0) entered forwarding state [ 776.365110] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 776.375872] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 776.383145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 776.390893] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 776.399723] bridge0: port 2(bridge_slave_1) entered blocking state [ 776.406324] bridge0: port 2(bridge_slave_1) entered forwarding state [ 776.413808] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 776.434739] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 776.442349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 776.455234] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 776.463608] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 776.473215] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 776.483540] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 776.492383] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 776.499402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 776.508022] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 776.564133] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 776.595591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 776.603470] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 776.612967] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 776.620624] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 776.633029] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 776.639069] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 776.650851] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 776.659323] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 776.671132] chnl_net:caif_netlink_parms(): no params data found [ 776.700716] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 776.717158] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 776.723764] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 776.730904] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 776.744848] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 776.786271] bridge0: port 1(bridge_slave_0) entered blocking state [ 776.793724] bridge0: port 1(bridge_slave_0) entered disabled state [ 776.800700] device bridge_slave_0 entered promiscuous mode [ 776.809294] bridge0: port 2(bridge_slave_1) entered blocking state [ 776.816079] bridge0: port 2(bridge_slave_1) entered disabled state [ 776.823674] device bridge_slave_1 entered promiscuous mode [ 776.856163] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 776.866694] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 776.891826] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 776.899069] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 776.906662] team0: Port device team_slave_0 added [ 776.912508] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 776.919794] team0: Port device team_slave_1 added [ 776.941639] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 776.949411] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 776.956003] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 776.982921] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 776.994980] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 777.003310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 777.013208] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 777.019578] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 777.045524] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 777.056545] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 777.064807] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 777.071451] Bluetooth: hci2 command 0x0409 tx timeout [ 777.093091] device hsr_slave_0 entered promiscuous mode [ 777.099378] device hsr_slave_1 entered promiscuous mode [ 777.105953] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 777.114717] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 777.128691] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 777.137151] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 777.144266] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 777.168917] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 777.178789] device veth0_vlan entered promiscuous mode [ 777.190741] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 777.198479] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 777.206550] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 777.214157] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 777.230033] device veth1_vlan entered promiscuous mode [ 777.259513] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 777.278673] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 777.291062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 777.302212] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 777.322434] device veth0_macvtap entered promiscuous mode [ 777.328583] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 777.346548] device veth1_macvtap entered promiscuous mode [ 777.353131] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 777.369121] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 777.380101] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 777.392751] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 777.403198] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 777.413085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 777.423867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 777.434155] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 777.443444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 777.453246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 777.462493] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 777.472300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 777.482774] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 777.489759] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 777.499477] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 777.507053] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 777.515953] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 777.524406] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 777.533258] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 777.544330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 777.554034] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 777.564124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 777.573323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 777.583188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 777.592944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 777.602763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 777.613042] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 777.619937] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 777.631678] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 777.639385] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 777.678663] 8021q: adding VLAN 0 to HW filter on device bond0 [ 777.688466] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 777.699631] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 777.706930] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 777.715439] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 777.727360] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 777.733827] 8021q: adding VLAN 0 to HW filter on device team0 [ 777.743032] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 777.752647] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 777.760583] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 777.770147] bridge0: port 1(bridge_slave_0) entered blocking state [ 777.776594] bridge0: port 1(bridge_slave_0) entered forwarding state [ 777.784588] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 777.794433] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 777.804891] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 777.813944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 777.822260] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 777.829846] bridge0: port 2(bridge_slave_1) entered blocking state [ 777.836239] bridge0: port 2(bridge_slave_1) entered forwarding state [ 777.843824] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 777.855597] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 777.864253] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 777.879351] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 777.887271] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 777.895441] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 777.905906] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 777.914410] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 777.921718] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 777.929400] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 777.940556] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 777.950590] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 777.959150] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 777.970721] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 777.979337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 777.988719] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 777.998777] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 778.005252] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 778.020091] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready 22:06:14 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r3, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, r3, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r3) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r4 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r5, 0x0) accept4$unix(r5, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) 22:06:14 executing program 3 (fault-call:10 fault-nth:17): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:14 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() sched_setattr(r2, 0x0, 0x0) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) 22:06:14 executing program 4 (fault-call:10 fault-nth:71): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:14 executing program 2 (fault-call:10 fault-nth:19): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 778.028862] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 778.049933] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 778.057782] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 778.069886] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 778.200056] FAULT_INJECTION: forcing a failure. [ 778.200056] name failslab, interval 1, probability 0, space 0, times 0 [ 778.211762] CPU: 1 PID: 19061 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0 [ 778.219681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 778.229134] Call Trace: [ 778.231709] dump_stack+0x1b2/0x281 [ 778.235321] should_fail.cold+0x10a/0x149 [ 778.239480] should_failslab+0xd6/0x130 [ 778.243457] kmem_cache_alloc+0x28e/0x3c0 [ 778.247602] alloc_vfsmnt+0x23/0x7f0 [ 778.251349] clone_mnt+0x6c/0xff0 [ 778.254863] copy_tree+0x33e/0xa20 [ 778.258409] copy_mnt_ns+0x167/0xa30 [ 778.262111] ? create_new_namespaces+0x30/0x720 [ 778.266771] ? do_mount+0x2a00/0x2a00 [ 778.270603] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 778.275789] ? kmem_cache_alloc+0x35f/0x3c0 [ 778.280118] create_new_namespaces+0xc9/0x720 [ 778.284602] ? security_capable+0x88/0xb0 [ 778.288758] copy_namespaces+0x27b/0x310 [ 778.292927] copy_process.part.0+0x25f8/0x71c0 [ 778.297495] ? get_pid_task+0xb8/0x130 [ 778.301369] ? proc_fail_nth_write+0x7b/0x180 [ 778.305903] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 778.310855] ? __cleanup_sighand+0x40/0x40 [ 778.315078] ? lock_downgrade+0x740/0x740 [ 778.320535] _do_fork+0x184/0xc80 [ 778.324028] ? fork_idle+0x270/0x270 [ 778.327725] ? fput+0xb/0x140 [ 778.330842] ? SyS_write+0x14d/0x210 [ 778.334540] ? SyS_read+0x210/0x210 [ 778.338931] ? do_syscall_64+0x4c/0x640 [ 778.343326] ? sys_vfork+0x20/0x20 [ 778.346959] do_syscall_64+0x1d5/0x640 [ 778.350865] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 778.356043] RIP: 0033:0x466459 [ 778.359225] RSP: 002b:00007fd83f2f4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 778.366919] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 778.374170] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 778.381422] RBP: 00007fd83f2f41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 778.388673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 778.397169] R13: 00007ffefefe45cf R14: 00007fd83f2f4300 R15: 0000000000022000 [ 778.419122] Bluetooth: hci3 command 0x0409 tx timeout [ 778.428087] FAULT_INJECTION: forcing a failure. [ 778.428087] name failslab, interval 1, probability 0, space 0, times 0 [ 778.440778] CPU: 0 PID: 19065 Comm: syz-executor.3 Not tainted 4.14.228-syzkaller #0 [ 778.446608] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 778.448673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 778.448680] Call Trace: [ 778.448702] dump_stack+0x1b2/0x281 [ 778.459206] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 778.464994] should_fail.cold+0x10a/0x149 [ 778.465009] should_failslab+0xd6/0x130 [ 778.465021] kmem_cache_alloc+0x28e/0x3c0 [ 778.465033] alloc_vfsmnt+0x23/0x7f0 [ 778.465042] clone_mnt+0x6c/0xff0 [ 778.465055] copy_tree+0x33e/0xa20 [ 778.465071] copy_mnt_ns+0x167/0xa30 [ 778.465083] ? create_new_namespaces+0x30/0x720 [ 778.465091] ? do_mount+0x2a00/0x2a00 [ 778.465102] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 778.465112] ? kmem_cache_alloc+0x35f/0x3c0 [ 778.465124] create_new_namespaces+0xc9/0x720 [ 778.465134] ? security_capable+0x88/0xb0 [ 778.465146] copy_namespaces+0x27b/0x310 [ 778.465159] copy_process.part.0+0x25f8/0x71c0 [ 778.465170] ? get_pid_task+0xb8/0x130 [ 778.465181] ? proc_fail_nth_write+0x7b/0x180 [ 778.465190] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 778.465207] ? __cleanup_sighand+0x40/0x40 [ 778.465218] ? lock_downgrade+0x740/0x740 [ 778.465232] _do_fork+0x184/0xc80 [ 778.465244] ? fork_idle+0x270/0x270 [ 778.465255] ? fput+0xb/0x140 [ 778.465265] ? SyS_write+0x14d/0x210 [ 778.465274] ? SyS_read+0x210/0x210 [ 778.465285] ? __do_page_fault+0x159/0xad0 [ 778.465295] ? do_syscall_64+0x4c/0x640 [ 778.465303] ? sys_vfork+0x20/0x20 [ 778.465314] do_syscall_64+0x1d5/0x640 [ 778.465337] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 778.465345] RIP: 0033:0x466459 [ 778.465350] RSP: 002b:00007fdc763e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 778.468197] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 778.471583] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 778.471589] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 778.471594] RBP: 00007fdc763e51d0 R08: ffffffffffffffff R09: 0000000000000000 [ 778.471599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 778.471604] R13: 00007ffe14220b5f R14: 00007fdc763e5300 R15: 0000000000022000 [ 778.473776] FAULT_INJECTION: forcing a failure. [ 778.473776] name failslab, interval 1, probability 0, space 0, times 0 [ 778.484360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 778.484963] CPU: 0 PID: 19070 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 778.617639] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 778.623473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 778.623478] Call Trace: [ 778.623498] dump_stack+0x1b2/0x281 [ 778.623514] should_fail.cold+0x10a/0x149 [ 778.623527] should_failslab+0xd6/0x130 [ 778.623539] kmem_cache_alloc+0x28e/0x3c0 [ 778.623550] alloc_vfsmnt+0x23/0x7f0 [ 778.623560] clone_mnt+0x6c/0xff0 [ 778.623572] copy_tree+0x33e/0xa20 [ 778.623588] copy_mnt_ns+0x167/0xa30 [ 778.623601] ? create_new_namespaces+0x30/0x720 [ 778.623610] ? do_mount+0x2a00/0x2a00 [ 778.623620] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 778.623630] ? kmem_cache_alloc+0x35f/0x3c0 [ 778.623641] create_new_namespaces+0xc9/0x720 [ 778.623652] ? security_capable+0x88/0xb0 [ 778.623664] copy_namespaces+0x27b/0x310 [ 778.623676] copy_process.part.0+0x25f8/0x71c0 [ 778.623687] ? get_pid_task+0xb8/0x130 [ 778.623697] ? proc_fail_nth_write+0x7b/0x180 [ 778.623707] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 778.623727] ? __cleanup_sighand+0x40/0x40 [ 778.623738] ? lock_downgrade+0x740/0x740 [ 778.623750] _do_fork+0x184/0xc80 [ 778.623762] ? fork_idle+0x270/0x270 [ 778.623776] ? fput+0xb/0x140 [ 778.638121] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 778.643294] ? SyS_write+0x14d/0x210 [ 778.643304] ? SyS_read+0x210/0x210 [ 778.643315] ? __do_page_fault+0x159/0xad0 [ 778.643326] ? do_syscall_64+0x4c/0x640 [ 778.643335] ? sys_vfork+0x20/0x20 [ 778.643344] do_syscall_64+0x1d5/0x640 [ 778.643359] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 778.643367] RIP: 0033:0x466459 [ 778.643372] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 778.643382] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 778.643387] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 778.643392] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 778.643397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 778.643402] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 [ 778.896965] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 778.917224] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 778.924413] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 778.932263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 778.942106] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 778.949648] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 778.958741] device veth0_vlan entered promiscuous mode [ 778.978026] device veth1_vlan entered promiscuous mode [ 779.008815] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 779.032083] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 779.055600] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 779.066724] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 779.086665] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 779.096863] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 779.105864] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 779.115472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 779.126816] device veth0_macvtap entered promiscuous mode [ 779.134073] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 779.143923] device veth1_macvtap entered promiscuous mode [ 779.150108] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 779.157411] Bluetooth: hci2 command 0x041b tx timeout [ 779.164083] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 779.178907] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 779.187741] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 779.198592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 779.208190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 779.218565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 779.228603] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 779.239383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 779.249121] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 779.258934] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 779.268151] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 779.278497] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 779.288773] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 779.296094] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 779.303363] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 779.310847] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 779.318309] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 779.326218] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 779.337747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 779.348693] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 779.358006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 779.368069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 779.377352] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 779.387212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 779.396529] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 779.406535] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 779.415785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 779.425622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 779.436041] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 779.443211] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 779.450119] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 779.458068] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 22:06:16 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}]}, &(0x7f0000000180)=0x10) r3 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0xf, &(0x7f00000000c0)={r4, @in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, &(0x7f00000001c0)=0x9c) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000040)={0x200, 0x20a, 0x2, 0x100, r4}, 0x10) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:16 executing program 2 (fault-call:10 fault-nth:20): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:16 executing program 4 (fault-call:10 fault-nth:72): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:16 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r3, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, r3, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r3) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r4 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r5, 0x0) accept4$unix(r5, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) 22:06:16 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() sched_setattr(r2, 0x0, 0x0) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) 22:06:16 executing program 3 (fault-call:10 fault-nth:18): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:16 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r3, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f00000002c0)={{r2}, r3, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r3) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r4 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r5, 0x0) accept4$unix(r5, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) 22:06:16 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r2, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r3, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f00000002c0)={{}, r3, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r3) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r4 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r5, 0x0) accept4$unix(r5, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) [ 779.877771] FAULT_INJECTION: forcing a failure. [ 779.877771] name failslab, interval 1, probability 0, space 0, times 0 [ 779.889185] CPU: 0 PID: 19141 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0 [ 779.897076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 779.906605] Call Trace: [ 779.909227] dump_stack+0x1b2/0x281 [ 779.912894] should_fail.cold+0x10a/0x149 [ 779.917057] should_failslab+0xd6/0x130 [ 779.921079] __kmalloc_track_caller+0x2bc/0x400 [ 779.925752] ? kstrdup_const+0x35/0x60 [ 779.929647] ? lock_downgrade+0x740/0x740 [ 779.933805] kstrdup+0x36/0x70 [ 779.937039] kstrdup_const+0x35/0x60 [ 779.940764] alloc_vfsmnt+0xe0/0x7f0 [ 779.944485] clone_mnt+0x6c/0xff0 [ 779.947955] copy_tree+0x33e/0xa20 [ 779.951507] copy_mnt_ns+0x167/0xa30 [ 779.955233] ? create_new_namespaces+0x30/0x720 [ 779.959910] ? do_mount+0x2a00/0x2a00 [ 779.963719] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 779.968742] ? kmem_cache_alloc+0x35f/0x3c0 [ 779.973071] create_new_namespaces+0xc9/0x720 22:06:16 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r2, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r3, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f00000002c0)={{}, r3, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r3) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r4 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r5, 0x0) accept4$unix(r5, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) [ 779.977593] ? security_capable+0x88/0xb0 [ 779.981815] copy_namespaces+0x27b/0x310 [ 779.985905] copy_process.part.0+0x25f8/0x71c0 [ 779.990614] ? get_pid_task+0xb8/0x130 [ 779.994550] ? proc_fail_nth_write+0x7b/0x180 [ 779.999065] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 780.004016] ? __cleanup_sighand+0x40/0x40 [ 780.008260] ? lock_downgrade+0x740/0x740 [ 780.012421] _do_fork+0x184/0xc80 [ 780.015883] ? fork_idle+0x270/0x270 [ 780.019626] ? fput+0xb/0x140 [ 780.022749] ? SyS_write+0x14d/0x210 [ 780.026503] ? SyS_read+0x210/0x210 [ 780.030142] ? __do_page_fault+0x159/0xad0 [ 780.034423] ? do_syscall_64+0x4c/0x640 [ 780.038408] ? sys_vfork+0x20/0x20 [ 780.041974] do_syscall_64+0x1d5/0x640 [ 780.045875] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 780.051150] RIP: 0033:0x466459 [ 780.054349] RSP: 002b:00007fd83f2f4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 780.063024] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 780.070290] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 780.077647] RBP: 00007fd83f2f41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 780.084921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 780.092196] R13: 00007ffefefe45cf R14: 00007fd83f2f4300 R15: 0000000000022000 [ 780.131517] FAULT_INJECTION: forcing a failure. [ 780.131517] name failslab, interval 1, probability 0, space 0, times 0 [ 780.143029] CPU: 0 PID: 19155 Comm: syz-executor.3 Not tainted 4.14.228-syzkaller #0 [ 780.150929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 780.160292] Call Trace: [ 780.162898] dump_stack+0x1b2/0x281 [ 780.166543] should_fail.cold+0x10a/0x149 [ 780.170712] should_failslab+0xd6/0x130 [ 780.174702] __kmalloc_track_caller+0x2bc/0x400 [ 780.179383] ? kstrdup_const+0x35/0x60 [ 780.183271] ? lock_downgrade+0x740/0x740 [ 780.187437] kstrdup+0x36/0x70 [ 780.190627] kstrdup_const+0x35/0x60 [ 780.194346] alloc_vfsmnt+0xe0/0x7f0 [ 780.198059] clone_mnt+0x6c/0xff0 [ 780.201542] copy_tree+0x33e/0xa20 [ 780.205091] copy_mnt_ns+0x167/0xa30 [ 780.208821] ? create_new_namespaces+0x30/0x720 [ 780.213502] ? do_mount+0x2a00/0x2a00 [ 780.217313] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 780.222350] ? kmem_cache_alloc+0x35f/0x3c0 [ 780.226684] create_new_namespaces+0xc9/0x720 22:06:16 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r2, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r3, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f00000002c0)={{}, r3, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r3) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r4 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r5, 0x0) accept4$unix(r5, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) [ 780.231220] ? security_capable+0x88/0xb0 [ 780.235383] copy_namespaces+0x27b/0x310 [ 780.239453] copy_process.part.0+0x25f8/0x71c0 [ 780.244222] ? _raw_spin_unlock_irq+0x24/0x80 [ 780.248733] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 780.253767] ? _raw_spin_unlock_irq+0x5a/0x80 [ 780.258282] ? finish_task_switch+0x178/0x610 [ 780.262798] ? finish_task_switch+0x14d/0x610 [ 780.267314] ? switch_mm_irqs_off+0x601/0xeb0 [ 780.271836] ? __cleanup_sighand+0x40/0x40 [ 780.276631] ? lock_downgrade+0x740/0x740 [ 780.280819] _do_fork+0x184/0xc80 [ 780.284468] ? fork_idle+0x270/0x270 [ 780.288372] ? fput+0xb/0x140 [ 780.291487] ? SyS_write+0x14d/0x210 [ 780.295206] ? SyS_read+0x210/0x210 [ 780.298839] ? __do_page_fault+0x159/0xad0 [ 780.303096] ? do_syscall_64+0x4c/0x640 [ 780.307078] ? sys_vfork+0x20/0x20 [ 780.310633] do_syscall_64+0x1d5/0x640 [ 780.314539] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 780.319734] RIP: 0033:0x466459 [ 780.323064] RSP: 002b:00007fdc763e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 780.331323] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 780.338624] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 780.345910] RBP: 00007fdc763e51d0 R08: ffffffffffffffff R09: 0000000000000000 [ 780.353190] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 780.360563] R13: 00007ffe14220b5f R14: 00007fdc763e5300 R15: 0000000000022000 [ 780.380299] FAULT_INJECTION: forcing a failure. [ 780.380299] name failslab, interval 1, probability 0, space 0, times 0 [ 780.391782] CPU: 0 PID: 19156 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 780.399683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 780.409051] Call Trace: [ 780.411650] dump_stack+0x1b2/0x281 [ 780.415292] should_fail.cold+0x10a/0x149 [ 780.419550] should_failslab+0xd6/0x130 [ 780.424509] kmem_cache_alloc+0x28e/0x3c0 [ 780.428705] alloc_vfsmnt+0x23/0x7f0 [ 780.431697] Bluetooth: hci3 command 0x041b tx timeout [ 780.432434] clone_mnt+0x6c/0xff0 [ 780.432450] copy_tree+0x33e/0xa20 [ 780.432468] copy_mnt_ns+0x167/0xa30 [ 780.432483] ? create_new_namespaces+0x30/0x720 [ 780.432494] ? do_mount+0x2a00/0x2a00 [ 780.456866] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 780.461898] ? kmem_cache_alloc+0x35f/0x3c0 [ 780.466235] create_new_namespaces+0xc9/0x720 [ 780.470740] ? security_capable+0x88/0xb0 [ 780.474902] copy_namespaces+0x27b/0x310 [ 780.478976] copy_process.part.0+0x25f8/0x71c0 [ 780.483574] ? get_pid_task+0xb8/0x130 [ 780.487574] ? proc_fail_nth_write+0x7b/0x180 [ 780.492082] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 780.497033] ? __cleanup_sighand+0x40/0x40 [ 780.501273] ? lock_downgrade+0x740/0x740 [ 780.505426] _do_fork+0x184/0xc80 [ 780.509000] ? fork_idle+0x270/0x270 [ 780.512723] ? fput+0xb/0x140 [ 780.515833] ? SyS_write+0x14d/0x210 [ 780.519685] ? SyS_read+0x210/0x210 [ 780.523305] ? __do_page_fault+0x159/0xad0 [ 780.527542] ? do_syscall_64+0x4c/0x640 [ 780.531508] ? sys_vfork+0x20/0x20 [ 780.535139] do_syscall_64+0x1d5/0x640 [ 780.539034] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 780.544224] RIP: 0033:0x466459 [ 780.547412] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 780.555208] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 780.562487] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 780.569758] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 780.577047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 780.584342] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 22:06:17 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() sched_setattr(r2, 0x0, 0x0) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) 22:06:17 executing program 3 (fault-call:10 fault-nth:19): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:17 executing program 2 (fault-call:10 fault-nth:21): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:17 executing program 4 (fault-call:10 fault-nth:73): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 780.818676] FAULT_INJECTION: forcing a failure. [ 780.818676] name failslab, interval 1, probability 0, space 0, times 0 [ 780.830718] CPU: 1 PID: 19178 Comm: syz-executor.3 Not tainted 4.14.228-syzkaller #0 [ 780.838629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 780.847997] Call Trace: [ 780.850598] dump_stack+0x1b2/0x281 [ 780.854243] should_fail.cold+0x10a/0x149 [ 780.858409] should_failslab+0xd6/0x130 [ 780.862392] kmem_cache_alloc+0x28e/0x3c0 [ 780.866552] alloc_vfsmnt+0x23/0x7f0 [ 780.870297] clone_mnt+0x6c/0xff0 [ 780.873774] copy_tree+0x33e/0xa20 [ 780.877339] copy_mnt_ns+0x167/0xa30 [ 780.881066] ? create_new_namespaces+0x30/0x720 [ 780.885766] ? do_mount+0x2a00/0x2a00 [ 780.889878] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 780.894949] ? kmem_cache_alloc+0x35f/0x3c0 [ 780.899296] create_new_namespaces+0xc9/0x720 [ 780.903794] ? security_capable+0x88/0xb0 [ 780.907965] copy_namespaces+0x27b/0x310 [ 780.912023] copy_process.part.0+0x25f8/0x71c0 22:06:17 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x7f, 0xa4680) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) r1 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x7f, 0x80) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0) socket$inet6(0xa, 0x0, 0x0) r2 = fork() process_vm_writev(r2, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) sched_setattr(r2, &(0x7f00000000c0)={0x38, 0x6, 0x8, 0xc5b, 0x8, 0x7, 0x6, 0x88, 0xfffffffc, 0x9}, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000001c0)=ANY=[@ANYBLOB="000000002a250000d68ae1ffffff000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff7e0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001080000000000000100008000"/180]) perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x8, 0xff, 0x1, 0x0, 0x1, 0x400, 0xa, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x100, 0x10001}, 0x4020, 0xffffffff, 0x7, 0x9, 0x68, 0x9, 0x2}, 0x0, 0x4, 0xffffffffffffffff, 0x0) ptrace$getregset(0x4204, 0x0, 0x4, &(0x7f0000000280)={&(0x7f0000000100)=""/129, 0x81}) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 780.916622] ? get_pid_task+0xb8/0x130 [ 780.920514] ? proc_fail_nth_write+0x7b/0x180 [ 780.925053] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 780.930012] ? __cleanup_sighand+0x40/0x40 [ 780.934260] ? lock_downgrade+0x740/0x740 [ 780.938429] _do_fork+0x184/0xc80 [ 780.941895] ? fork_idle+0x270/0x270 [ 780.945623] ? fput+0xb/0x140 [ 780.948777] ? SyS_write+0x14d/0x210 [ 780.952499] ? SyS_read+0x210/0x210 [ 780.956134] ? __do_page_fault+0x159/0xad0 [ 780.960409] ? do_syscall_64+0x4c/0x640 [ 780.964410] ? sys_vfork+0x20/0x20 [ 780.967959] do_syscall_64+0x1d5/0x640 [ 780.971859] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 780.977054] RIP: 0033:0x466459 [ 780.980241] RSP: 002b:00007fdc76406188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 780.987954] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 780.995245] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 781.002518] RBP: 00007fdc764061d0 R08: ffffffffffffffff R09: 0000000000000000 [ 781.009818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 781.017095] R13: 00007ffe14220b5f R14: 00007fdc76406300 R15: 0000000000022000 [ 781.026773] FAULT_INJECTION: forcing a failure. [ 781.026773] name failslab, interval 1, probability 0, space 0, times 0 [ 781.038152] CPU: 0 PID: 19202 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0 [ 781.046066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 781.055511] Call Trace: [ 781.058106] dump_stack+0x1b2/0x281 [ 781.061742] should_fail.cold+0x10a/0x149 [ 781.065897] should_failslab+0xd6/0x130 [ 781.069881] kmem_cache_alloc+0x28e/0x3c0 [ 781.074039] alloc_vfsmnt+0x23/0x7f0 [ 781.077755] clone_mnt+0x6c/0xff0 [ 781.081240] copy_tree+0x33e/0xa20 [ 781.084792] copy_mnt_ns+0x167/0xa30 [ 781.088508] ? create_new_namespaces+0x30/0x720 [ 781.093175] ? do_mount+0x2a00/0x2a00 [ 781.097007] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 781.102036] ? kmem_cache_alloc+0x35f/0x3c0 [ 781.106367] create_new_namespaces+0xc9/0x720 [ 781.110888] ? security_capable+0x88/0xb0 [ 781.115042] copy_namespaces+0x27b/0x310 [ 781.119108] copy_process.part.0+0x25f8/0x71c0 [ 781.123699] ? get_pid_task+0xb8/0x130 [ 781.127717] ? proc_fail_nth_write+0x7b/0x180 [ 781.132213] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 781.137189] ? __cleanup_sighand+0x40/0x40 [ 781.141426] ? lock_downgrade+0x740/0x740 [ 781.145668] _do_fork+0x184/0xc80 [ 781.149134] ? fork_idle+0x270/0x270 [ 781.152860] ? fput+0xb/0x140 [ 781.156058] ? SyS_write+0x14d/0x210 [ 781.159875] ? SyS_read+0x210/0x210 [ 781.163508] ? __do_page_fault+0x159/0xad0 [ 781.168819] ? do_syscall_64+0x4c/0x640 [ 781.172820] ? sys_vfork+0x20/0x20 [ 781.176368] do_syscall_64+0x1d5/0x640 [ 781.180265] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 781.185455] RIP: 0033:0x466459 [ 781.188817] RSP: 002b:00007fd83f2f4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 781.196553] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 781.203940] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 781.211260] RBP: 00007fd83f2f41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 781.218537] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 781.225810] R13: 00007ffefefe45cf R14: 00007fd83f2f4300 R15: 0000000000022000 [ 781.351843] FAULT_INJECTION: forcing a failure. [ 781.351843] name failslab, interval 1, probability 0, space 0, times 0 [ 781.363416] CPU: 0 PID: 19208 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 781.371309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 781.380672] Call Trace: [ 781.383273] dump_stack+0x1b2/0x281 [ 781.386953] should_fail.cold+0x10a/0x149 [ 781.391109] should_failslab+0xd6/0x130 [ 781.395094] __kmalloc_track_caller+0x2bc/0x400 [ 781.399763] ? kstrdup_const+0x35/0x60 [ 781.403655] kstrdup+0x36/0x70 [ 781.406853] kstrdup_const+0x35/0x60 [ 781.410572] alloc_vfsmnt+0xe0/0x7f0 [ 781.414293] clone_mnt+0x6c/0xff0 [ 781.417749] copy_tree+0x33e/0xa20 [ 781.421294] copy_mnt_ns+0x167/0xa30 [ 781.425013] ? create_new_namespaces+0x30/0x720 [ 781.429818] ? do_mount+0x2a00/0x2a00 [ 781.433626] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 781.438650] ? kmem_cache_alloc+0x35f/0x3c0 [ 781.442982] create_new_namespaces+0xc9/0x720 [ 781.447482] ? security_capable+0x88/0xb0 [ 781.451916] copy_namespaces+0x27b/0x310 [ 781.455982] copy_process.part.0+0x25f8/0x71c0 [ 781.460565] ? retint_kernel+0x2d/0x2d [ 781.464456] ? trace_hardirqs_on+0x10/0x10 [ 781.468698] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 781.473727] ? check_preemption_disabled+0x35/0x240 [ 781.478755] ? check_preemption_disabled+0x35/0x240 [ 781.483809] ? finish_task_switch+0x178/0x610 [ 781.488325] ? __cleanup_sighand+0x40/0x40 [ 781.492576] ? _raw_spin_unlock_irq+0x5a/0x80 [ 781.497081] ? finish_task_switch+0x14d/0x610 [ 781.501583] ? switch_mm_irqs_off+0x2d2/0xeb0 [ 781.506094] _do_fork+0x184/0xc80 [ 781.509724] ? fork_idle+0x270/0x270 [ 781.513633] ? io_schedule_timeout+0x140/0x140 [ 781.518252] ? fput+0xb/0x140 [ 781.521421] ? do_syscall_64+0x4c/0x640 [ 781.525533] ? sys_vfork+0x20/0x20 [ 781.529365] do_syscall_64+0x1d5/0x640 [ 781.534099] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 781.540754] RIP: 0033:0x466459 [ 781.544577] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 781.553525] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 781.560804] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 781.568082] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 781.575453] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 781.582753] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 22:06:18 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() sched_setattr(r2, 0x0, 0x0) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) 22:06:18 executing program 2 (fault-call:10 fault-nth:22): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:18 executing program 3 (fault-call:10 fault-nth:20): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:18 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) r2 = fork() process_vm_writev(r2, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x7, 0x101, 0x5, 0x6, 0xd62, 0x100000000, 0x2, 0x10000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = socket$pppoe(0x18, 0x1, 0x0) read(r3, &(0x7f00000000c0)=""/125, 0x7d) [ 781.886678] FAULT_INJECTION: forcing a failure. [ 781.886678] name failslab, interval 1, probability 0, space 0, times 0 [ 781.898233] CPU: 0 PID: 19230 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0 [ 781.906137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 781.915585] Call Trace: [ 781.918188] dump_stack+0x1b2/0x281 [ 781.921826] should_fail.cold+0x10a/0x149 [ 781.925985] should_failslab+0xd6/0x130 [ 781.929972] __kmalloc_track_caller+0x2bc/0x400 [ 781.934650] ? kstrdup_const+0x35/0x60 [ 781.938549] ? lock_downgrade+0x740/0x740 [ 781.942707] kstrdup+0x36/0x70 [ 781.945907] kstrdup_const+0x35/0x60 [ 781.949648] alloc_vfsmnt+0xe0/0x7f0 [ 781.953454] clone_mnt+0x6c/0xff0 [ 781.956919] copy_tree+0x33e/0xa20 [ 781.960482] copy_mnt_ns+0x167/0xa30 [ 781.964205] ? create_new_namespaces+0x30/0x720 [ 781.968966] ? do_mount+0x2a00/0x2a00 [ 781.972776] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 781.978009] ? kmem_cache_alloc+0x35f/0x3c0 [ 781.982339] create_new_namespaces+0xc9/0x720 [ 781.986930] ? security_capable+0x88/0xb0 [ 781.991261] copy_namespaces+0x27b/0x310 [ 781.995328] copy_process.part.0+0x25f8/0x71c0 [ 781.999922] ? get_pid_task+0xb8/0x130 [ 782.003814] ? proc_fail_nth_write+0x7b/0x180 [ 782.008323] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 782.013288] ? __cleanup_sighand+0x40/0x40 [ 782.017622] ? lock_downgrade+0x740/0x740 [ 782.021790] _do_fork+0x184/0xc80 [ 782.025255] ? fork_idle+0x270/0x270 [ 782.029074] ? fput+0xb/0x140 [ 782.032191] ? SyS_write+0x14d/0x210 [ 782.035919] ? SyS_read+0x210/0x210 [ 782.039560] ? __do_page_fault+0x159/0xad0 [ 782.043844] ? do_syscall_64+0x4c/0x640 [ 782.047844] ? sys_vfork+0x20/0x20 [ 782.051398] do_syscall_64+0x1d5/0x640 [ 782.055324] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 782.060517] RIP: 0033:0x466459 [ 782.063709] RSP: 002b:00007fd83f2f4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 782.071428] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 782.078710] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 782.086016] RBP: 00007fd83f2f41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 782.093301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 782.100931] R13: 00007ffefefe45cf R14: 00007fd83f2f4300 R15: 0000000000022000 [ 782.123776] FAULT_INJECTION: forcing a failure. [ 782.123776] name failslab, interval 1, probability 0, space 0, times 0 [ 782.135133] CPU: 0 PID: 19218 Comm: syz-executor.3 Not tainted 4.14.228-syzkaller #0 [ 782.143081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 782.152879] Call Trace: [ 782.155484] dump_stack+0x1b2/0x281 [ 782.159138] should_fail.cold+0x10a/0x149 [ 782.163306] should_failslab+0xd6/0x130 [ 782.167293] __kmalloc_track_caller+0x2bc/0x400 [ 782.172061] ? kstrdup_const+0x35/0x60 [ 782.175969] ? lock_downgrade+0x740/0x740 [ 782.180332] kstrdup+0x36/0x70 [ 782.183544] kstrdup_const+0x35/0x60 [ 782.187282] alloc_vfsmnt+0xe0/0x7f0 [ 782.191006] clone_mnt+0x6c/0xff0 [ 782.194465] copy_tree+0x33e/0xa20 [ 782.198017] copy_mnt_ns+0x167/0xa30 [ 782.201740] ? create_new_namespaces+0x30/0x720 [ 782.206533] ? do_mount+0x2a00/0x2a00 [ 782.210340] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 782.215374] ? kmem_cache_alloc+0x35f/0x3c0 [ 782.219742] create_new_namespaces+0xc9/0x720 [ 782.224347] ? security_capable+0x88/0xb0 [ 782.228597] copy_namespaces+0x27b/0x310 [ 782.232670] copy_process.part.0+0x25f8/0x71c0 [ 782.237262] ? get_pid_task+0xb8/0x130 [ 782.241165] ? proc_fail_nth_write+0x7b/0x180 [ 782.245665] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 782.250616] ? __cleanup_sighand+0x40/0x40 [ 782.254867] ? lock_downgrade+0x740/0x740 [ 782.259053] _do_fork+0x184/0xc80 [ 782.262522] ? fork_idle+0x270/0x270 [ 782.266252] ? fput+0xb/0x140 [ 782.269402] ? SyS_write+0x14d/0x210 [ 782.273513] ? SyS_read+0x210/0x210 [ 782.277144] ? __do_page_fault+0x159/0xad0 [ 782.281383] ? do_syscall_64+0x4c/0x640 [ 782.285356] ? sys_vfork+0x20/0x20 [ 782.288902] do_syscall_64+0x1d5/0x640 [ 782.292798] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 782.297987] RIP: 0033:0x466459 [ 782.301178] RSP: 002b:00007fdc76406188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 782.308972] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 782.316252] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 782.323532] RBP: 00007fdc764061d0 R08: ffffffffffffffff R09: 0000000000000000 [ 782.330811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 22:06:18 executing program 4 (fault-call:10 fault-nth:74): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:18 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x80000) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x400, 0x0) write(r1, &(0x7f00000000c0)="8c1d45b3c365933706344c2f4e552ed8e6be1b92a46bdfff4a5f321698d7c3948c1091eb9f947178310e48d447cd36c16b670d0889cbe6fcad315b30e77ed80f17e926febe2144911309cbd2a2fc68ecd795f2e6c7257ca6c85eeda6d16fb89fe1dbac3d61017db1de00c74edb98532af442054428e750af32fd88a0a339c4eefd59c53b73dc07f83efe88c49a670ee0c7a1711d2ea17c478014dc25c94f7769d267cd33cad2c5922faafd1d943063038a76ef86e02b97d37c74ae676ca9a3fa3e4658ad26d1b4c607fa17f8694fb9b09ede74d8e0b299a78358cbee0298b171d57506000000", 0xe6) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3, 0x0, 0xb, 0x800000000000}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 782.338084] R13: 00007ffe14220b5f R14: 00007fdc76406300 R15: 0000000000022000 [ 782.531457] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 782.578266] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 782.589849] FAULT_INJECTION: forcing a failure. [ 782.589849] name failslab, interval 1, probability 0, space 0, times 0 [ 782.601439] CPU: 1 PID: 19261 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 782.609335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 782.618799] Call Trace: [ 782.621414] dump_stack+0x1b2/0x281 [ 782.625049] should_fail.cold+0x10a/0x149 [ 782.629195] should_failslab+0xd6/0x130 [ 782.633173] kmem_cache_alloc+0x28e/0x3c0 [ 782.637359] copy_pid_ns+0x1b2/0xa60 [ 782.641165] ? copy_ipcs+0x44/0x3f0 [ 782.644794] create_new_namespaces+0x25f/0x720 [ 782.649561] copy_namespaces+0x27b/0x310 [ 782.653625] copy_process.part.0+0x25f8/0x71c0 [ 782.658216] ? trace_hardirqs_on+0x10/0x10 [ 782.662449] ? retint_kernel+0x2d/0x2d [ 782.666345] ? check_preemption_disabled+0x35/0x240 [ 782.671388] ? check_preemption_disabled+0x35/0x240 [ 782.676416] ? finish_task_switch+0x178/0x610 [ 782.680925] ? __cleanup_sighand+0x40/0x40 [ 782.685183] ? _raw_spin_unlock_irq+0x5a/0x80 [ 782.689774] ? finish_task_switch+0x14d/0x610 [ 782.694365] ? switch_mm_irqs_off+0x2d2/0xeb0 [ 782.698873] _do_fork+0x184/0xc80 [ 782.702331] ? fork_idle+0x270/0x270 [ 782.706048] ? io_schedule_timeout+0x140/0x140 [ 782.710642] ? fput+0xb/0x140 [ 782.713761] ? do_syscall_64+0x4c/0x640 [ 782.717737] ? sys_vfork+0x20/0x20 [ 782.721307] do_syscall_64+0x1d5/0x640 [ 782.725207] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 782.730399] RIP: 0033:0x466459 [ 782.733595] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 782.741309] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 782.748583] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 782.756051] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 782.763325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 782.770687] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 [ 782.889476] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 782.929495] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 782.963533] device bridge_slave_1 left promiscuous mode [ 782.974563] bridge0: port 2(bridge_slave_1) entered disabled state [ 782.983675] device bridge_slave_0 left promiscuous mode [ 782.989205] bridge0: port 1(bridge_slave_0) entered disabled state [ 783.031977] device veth1_macvtap left promiscuous mode [ 783.037319] device veth0_macvtap left promiscuous mode [ 783.061434] device veth1_vlan left promiscuous mode [ 783.066560] device veth0_vlan left promiscuous mode [ 783.349179] device hsr_slave_1 left promiscuous mode [ 783.375364] device hsr_slave_0 left promiscuous mode [ 783.413561] team0 (unregistering): Port device team_slave_1 removed [ 783.435831] team0 (unregistering): Port device team_slave_0 removed [ 783.459319] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 783.481432] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 783.567341] bond0 (unregistering): Released all slaves [ 784.903604] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 784.910338] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 784.919063] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 784.925860] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 784.933630] device bridge_slave_1 left promiscuous mode [ 784.939215] bridge0: port 2(bridge_slave_1) entered disabled state [ 784.946796] device bridge_slave_0 left promiscuous mode [ 784.952428] bridge0: port 1(bridge_slave_0) entered disabled state [ 784.960882] device veth1_macvtap left promiscuous mode [ 784.967163] device veth0_macvtap left promiscuous mode [ 784.972571] device veth1_vlan left promiscuous mode [ 784.977620] device veth0_vlan left promiscuous mode [ 785.057609] device hsr_slave_1 left promiscuous mode [ 785.065458] device hsr_slave_0 left promiscuous mode [ 785.078070] team0 (unregistering): Port device team_slave_1 removed [ 785.088675] team0 (unregistering): Port device team_slave_0 removed [ 785.100519] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 785.114205] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 785.147639] bond0 (unregistering): Released all slaves [ 785.724661] IPVS: ftp: loaded support on port[0] = 21 [ 785.814862] chnl_net:caif_netlink_parms(): no params data found [ 785.865907] bridge0: port 1(bridge_slave_0) entered blocking state [ 785.873293] bridge0: port 1(bridge_slave_0) entered disabled state [ 785.880309] device bridge_slave_0 entered promiscuous mode [ 785.887764] bridge0: port 2(bridge_slave_1) entered blocking state [ 785.894289] bridge0: port 2(bridge_slave_1) entered disabled state [ 785.901182] device bridge_slave_1 entered promiscuous mode [ 785.920195] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 785.929568] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 785.949568] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 785.956779] team0: Port device team_slave_0 added [ 785.962580] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 785.969650] team0: Port device team_slave_1 added [ 785.987041] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 785.993389] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 786.019794] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 786.031195] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 786.038043] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 786.063713] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 786.075092] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 786.082743] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 786.104221] device hsr_slave_0 entered promiscuous mode [ 786.110115] device hsr_slave_1 entered promiscuous mode [ 786.116767] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 786.124615] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 786.211142] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 786.215991] IPVS: ftp: loaded support on port[0] = 21 [ 786.372396] chnl_net:caif_netlink_parms(): no params data found [ 786.409136] 8021q: adding VLAN 0 to HW filter on device bond0 [ 786.419391] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 786.437573] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 786.444412] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 786.453841] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 786.467594] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 786.474206] 8021q: adding VLAN 0 to HW filter on device team0 [ 786.504630] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 786.511878] bridge0: port 1(bridge_slave_0) entered blocking state [ 786.518255] bridge0: port 1(bridge_slave_0) entered disabled state [ 786.526106] device bridge_slave_0 entered promiscuous mode [ 786.533029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 786.542652] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 786.550227] bridge0: port 1(bridge_slave_0) entered blocking state [ 786.556765] bridge0: port 1(bridge_slave_0) entered forwarding state [ 786.564180] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 786.572310] bridge0: port 2(bridge_slave_1) entered blocking state [ 786.578867] bridge0: port 2(bridge_slave_1) entered disabled state [ 786.586629] device bridge_slave_1 entered promiscuous mode [ 786.612849] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 786.624042] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 786.631281] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 786.639398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 786.647725] bridge0: port 2(bridge_slave_1) entered blocking state [ 786.654227] bridge0: port 2(bridge_slave_1) entered forwarding state [ 786.663161] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 786.674838] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 786.681914] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 786.699478] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 786.715272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 786.723988] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 786.732282] team0: Port device team_slave_0 added [ 786.738078] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 786.746620] team0: Port device team_slave_1 added [ 786.753268] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 786.762167] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 786.769834] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 786.782074] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 786.804202] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 786.812204] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 786.818454] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 786.846884] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 786.857775] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 786.866125] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 786.875947] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 786.884228] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 786.890495] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 786.916335] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 786.926567] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 786.934398] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 786.945161] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 786.953260] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 786.960834] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 786.968443] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 786.977816] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 786.984446] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 786.991670] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 787.020573] device hsr_slave_0 entered promiscuous mode [ 787.026660] device hsr_slave_1 entered promiscuous mode [ 787.035876] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 787.043694] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 787.060856] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 787.083572] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 787.095748] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 787.103015] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 787.158191] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 787.173320] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 787.224397] 8021q: adding VLAN 0 to HW filter on device bond0 [ 787.235309] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 787.245081] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 787.255645] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 787.262006] 8021q: adding VLAN 0 to HW filter on device team0 [ 787.268246] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 787.276875] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 787.286823] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 787.297388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 787.305744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 787.314268] bridge0: port 1(bridge_slave_0) entered blocking state [ 787.320615] bridge0: port 1(bridge_slave_0) entered forwarding state [ 787.329168] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 787.338020] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 787.345350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 787.353401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 787.361043] bridge0: port 2(bridge_slave_1) entered blocking state [ 787.367482] bridge0: port 2(bridge_slave_1) entered forwarding state [ 787.377342] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 787.386211] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 787.394468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 787.405464] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 787.413554] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 787.425925] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 787.434141] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 787.443161] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 787.452609] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 787.463692] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 787.470685] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 787.480339] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 787.481657] Bluetooth: hci2 command 0x0409 tx timeout [ 787.489081] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 787.500999] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 787.509393] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 787.519640] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 787.531856] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 787.538734] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 787.546815] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 787.554488] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 787.562112] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 787.571569] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 787.578535] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 787.585583] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 787.595114] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 787.601142] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 787.615255] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 787.625155] device veth0_vlan entered promiscuous mode [ 787.631759] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 787.639166] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 787.647866] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 787.655277] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 787.666112] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 787.677264] device veth1_vlan entered promiscuous mode [ 787.683933] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 787.691292] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 787.698804] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 787.707554] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 787.714974] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 787.725510] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 787.738519] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 787.750593] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 787.763784] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 787.770963] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 787.780055] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 787.788414] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 787.798818] device veth0_macvtap entered promiscuous mode [ 787.806587] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 787.817632] device veth1_macvtap entered promiscuous mode [ 787.824913] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 787.835168] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 787.846566] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 787.857145] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 787.867708] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 787.877100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 787.887079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 787.896284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 787.906261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 787.915467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 787.925401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 787.935810] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 787.942967] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 787.952195] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 787.959456] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 787.966838] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 787.974673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 787.984241] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 787.991614] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 788.001858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 788.010955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 788.021052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 788.030252] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 788.040497] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 788.049893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 788.059671] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 788.069689] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 788.077107] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 788.085841] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 788.093896] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 788.110303] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 788.127112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 788.135941] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 788.179421] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 788.186910] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 788.194160] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 788.205735] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 788.212701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 788.220204] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 788.228432] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 788.235656] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 788.245159] device veth0_vlan entered promiscuous mode [ 788.256035] device veth1_vlan entered promiscuous mode [ 788.262601] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 788.273768] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 788.276659] Bluetooth: hci3 command 0x0409 tx timeout [ 788.289159] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 788.300147] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 788.308036] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 788.316526] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 788.326475] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 788.334334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 788.346400] device veth0_macvtap entered promiscuous mode [ 788.353670] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 788.364399] device veth1_macvtap entered promiscuous mode [ 788.373264] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 788.383695] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 788.394059] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 788.403561] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 788.413367] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 788.422736] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 788.432900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 788.442277] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 788.452575] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 788.452756] Bluetooth: hci0 command 0x0406 tx timeout [ 788.461737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 788.461742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 788.461755] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 788.461759] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 788.462912] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 788.513465] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 788.522385] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 788.529668] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 788.545564] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 788.555051] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 788.563984] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 788.574266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 788.583716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 788.594093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 788.603554] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 788.613360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 788.622562] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 788.632484] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 788.642240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 788.652019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 788.662536] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 788.669428] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 788.677470] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready 22:06:25 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r1, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r2, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f00000002c0)={{}, r2, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r2) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, 0x0, 0x0, r0, 0x0) r3 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x4030582a, &(0x7f0000000040)) r4 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r4, 0x0) accept4$unix(r4, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) 22:06:25 executing program 3 (fault-call:10 fault-nth:21): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:25 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() sched_setattr(r2, 0x0, 0x0) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) 22:06:25 executing program 2 (fault-call:10 fault-nth:23): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:25 executing program 4 (fault-call:10 fault-nth:75): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 788.685961] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 22:06:25 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r1, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r2, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f00000002c0)={{}, r2, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r2) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, 0x0, 0x0, r0, 0x0) r3 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x4030582a, &(0x7f0000000040)) r4 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r4, 0x0) accept4$unix(r4, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) [ 788.796622] FAULT_INJECTION: forcing a failure. [ 788.796622] name failslab, interval 1, probability 0, space 0, times 0 [ 788.808215] CPU: 1 PID: 19754 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0 [ 788.816107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 788.825462] Call Trace: [ 788.828060] dump_stack+0x1b2/0x281 [ 788.831690] should_fail.cold+0x10a/0x149 [ 788.835842] should_failslab+0xd6/0x130 [ 788.839827] __kmalloc_track_caller+0x2bc/0x400 [ 788.844496] ? kstrdup_const+0x35/0x60 [ 788.848385] ? lock_downgrade+0x740/0x740 [ 788.852536] kstrdup+0x36/0x70 [ 788.855733] kstrdup_const+0x35/0x60 [ 788.859622] alloc_vfsmnt+0xe0/0x7f0 [ 788.863547] clone_mnt+0x6c/0xff0 [ 788.867007] copy_tree+0x33e/0xa20 [ 788.870582] copy_mnt_ns+0x167/0xa30 [ 788.874303] ? create_new_namespaces+0x30/0x720 [ 788.878991] ? do_mount+0x2a00/0x2a00 [ 788.882802] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 788.887852] ? kmem_cache_alloc+0x35f/0x3c0 [ 788.892177] create_new_namespaces+0xc9/0x720 [ 788.896674] ? security_capable+0x88/0xb0 [ 788.900829] copy_namespaces+0x27b/0x310 [ 788.904895] copy_process.part.0+0x25f8/0x71c0 [ 788.909486] ? get_pid_task+0xb8/0x130 [ 788.913400] ? proc_fail_nth_write+0x7b/0x180 [ 788.917901] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 788.922937] ? __cleanup_sighand+0x40/0x40 [ 788.927174] ? lock_downgrade+0x740/0x740 [ 788.931331] _do_fork+0x184/0xc80 [ 788.934878] ? fork_idle+0x270/0x270 [ 788.938625] ? fput+0xb/0x140 [ 788.941732] ? SyS_write+0x14d/0x210 22:06:25 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r1, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r2, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f00000002c0)={{}, r2, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r2) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, 0x0, 0x0, r0, 0x0) r3 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x4030582a, &(0x7f0000000040)) r4 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r4, 0x0) accept4$unix(r4, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) [ 788.945450] ? SyS_read+0x210/0x210 [ 788.949080] ? __do_page_fault+0x159/0xad0 [ 788.953317] ? do_syscall_64+0x4c/0x640 [ 788.957297] ? sys_vfork+0x20/0x20 [ 788.960840] do_syscall_64+0x1d5/0x640 [ 788.964740] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 788.969937] RIP: 0033:0x466459 [ 788.973146] RSP: 002b:00007fd83f2f4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 788.980864] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 788.988140] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 788.995415] RBP: 00007fd83f2f41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 789.002687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 789.009964] R13: 00007ffefefe45cf R14: 00007fd83f2f4300 R15: 0000000000022000 [ 789.038685] FAULT_INJECTION: forcing a failure. [ 789.038685] name failslab, interval 1, probability 0, space 0, times 0 [ 789.050233] CPU: 1 PID: 19775 Comm: syz-executor.3 Not tainted 4.14.228-syzkaller #0 [ 789.058123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 789.067503] Call Trace: [ 789.070113] dump_stack+0x1b2/0x281 [ 789.073744] should_fail.cold+0x10a/0x149 [ 789.077902] should_failslab+0xd6/0x130 [ 789.081880] __kmalloc_track_caller+0x2bc/0x400 [ 789.086564] ? kstrdup_const+0x35/0x60 [ 789.090437] kstrdup+0x36/0x70 [ 789.093620] kstrdup_const+0x35/0x60 [ 789.097331] alloc_vfsmnt+0xe0/0x7f0 [ 789.101044] clone_mnt+0x6c/0xff0 [ 789.104536] copy_tree+0x33e/0xa20 [ 789.108094] copy_mnt_ns+0x167/0xa30 [ 789.111827] ? create_new_namespaces+0x30/0x720 [ 789.116504] ? do_mount+0x2a00/0x2a00 [ 789.120299] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 789.125328] ? kmem_cache_alloc+0x35f/0x3c0 [ 789.129633] create_new_namespaces+0xc9/0x720 [ 789.134121] ? security_capable+0x88/0xb0 [ 789.138263] copy_namespaces+0x27b/0x310 [ 789.142345] copy_process.part.0+0x25f8/0x71c0 [ 789.146923] ? _raw_spin_unlock_irq+0x24/0x80 [ 789.151513] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 789.156534] ? _raw_spin_unlock_irq+0x5a/0x80 [ 789.161033] ? finish_task_switch+0x178/0x610 [ 789.165533] ? finish_task_switch+0x14d/0x610 [ 789.170136] ? switch_mm_irqs_off+0x601/0xeb0 [ 789.174650] ? __cleanup_sighand+0x40/0x40 [ 789.178895] ? lock_downgrade+0x740/0x740 [ 789.183059] _do_fork+0x184/0xc80 [ 789.186507] ? fork_idle+0x270/0x270 [ 789.190212] ? fput+0xb/0x140 [ 789.193336] ? SyS_write+0x14d/0x210 [ 789.197045] ? SyS_read+0x210/0x210 [ 789.200663] ? __do_page_fault+0x159/0xad0 [ 789.204884] ? do_syscall_64+0x4c/0x640 [ 789.208934] ? sys_vfork+0x20/0x20 [ 789.212472] do_syscall_64+0x1d5/0x640 [ 789.216368] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 789.221556] RIP: 0033:0x466459 [ 789.224761] RSP: 002b:00007fdc763e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 789.232478] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 789.239745] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 789.247008] RBP: 00007fdc763e51d0 R08: ffffffffffffffff R09: 0000000000000000 [ 789.254267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 789.261540] R13: 00007ffe14220b5f R14: 00007fdc763e5300 R15: 0000000000022000 [ 789.283192] FAULT_INJECTION: forcing a failure. [ 789.283192] name failslab, interval 1, probability 0, space 0, times 0 [ 789.294846] CPU: 0 PID: 19777 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 789.302736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 789.312090] Call Trace: [ 789.314683] dump_stack+0x1b2/0x281 [ 789.318317] should_fail.cold+0x10a/0x149 [ 789.322468] should_failslab+0xd6/0x130 [ 789.326474] kmem_cache_alloc_trace+0x29a/0x3d0 [ 789.331139] ? kmem_cache_alloc+0x35f/0x3c0 [ 789.335461] copy_pid_ns+0x1f8/0xa60 [ 789.339178] ? copy_ipcs+0x44/0x3f0 [ 789.342831] create_new_namespaces+0x25f/0x720 [ 789.347509] copy_namespaces+0x27b/0x310 [ 789.351578] copy_process.part.0+0x25f8/0x71c0 [ 789.356200] ? get_pid_task+0xb8/0x130 [ 789.360093] ? proc_fail_nth_write+0x7b/0x180 [ 789.364593] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 789.369543] ? __cleanup_sighand+0x40/0x40 [ 789.373779] ? lock_downgrade+0x740/0x740 [ 789.377934] _do_fork+0x184/0xc80 [ 789.381395] ? fork_idle+0x270/0x270 [ 789.385112] ? fput+0xb/0x140 22:06:25 executing program 0: r0 = fork() r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r1, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r2, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f00000002c0)={{}, r2, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, &(0x7f00000000c0)=r2) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, 0xffffffffffffffff, 0xb3eb8000) process_vm_writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x4030582a, &(0x7f0000000040)) r4 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r4, 0x0) accept4$unix(r4, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) 22:06:25 executing program 0: r0 = fork() r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r1, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r2, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f00000002c0)={{}, r2, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, &(0x7f00000000c0)=r2) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, 0xffffffffffffffff, 0xb3eb8000) process_vm_writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x4030582a, &(0x7f0000000040)) r4 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r4, 0x0) accept4$unix(r4, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) [ 789.388224] ? SyS_write+0x14d/0x210 [ 789.391949] ? SyS_read+0x210/0x210 [ 789.395573] ? __do_page_fault+0x159/0xad0 [ 789.399805] ? do_syscall_64+0x4c/0x640 [ 789.403780] ? sys_vfork+0x20/0x20 [ 789.407322] do_syscall_64+0x1d5/0x640 [ 789.411301] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 789.416494] RIP: 0033:0x466459 [ 789.419680] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 789.427391] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 789.434796] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 789.442060] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 789.449326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 789.456584] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 22:06:25 executing program 3 (fault-call:10 fault-nth:22): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:25 executing program 2 (fault-call:10 fault-nth:24): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 789.571861] Bluetooth: hci2 command 0x041b tx timeout [ 789.691814] FAULT_INJECTION: forcing a failure. [ 789.691814] name failslab, interval 1, probability 0, space 0, times 0 [ 789.703216] CPU: 0 PID: 19807 Comm: syz-executor.3 Not tainted 4.14.228-syzkaller #0 [ 789.711122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 789.720566] Call Trace: [ 789.723177] dump_stack+0x1b2/0x281 [ 789.726806] should_fail.cold+0x10a/0x149 [ 789.731126] should_failslab+0xd6/0x130 [ 789.735096] __kmalloc_track_caller+0x2bc/0x400 [ 789.740286] ? kstrdup_const+0x35/0x60 [ 789.744259] ? lock_downgrade+0x740/0x740 [ 789.748404] kstrdup+0x36/0x70 [ 789.751600] kstrdup_const+0x35/0x60 [ 789.755304] alloc_vfsmnt+0xe0/0x7f0 [ 789.759010] clone_mnt+0x6c/0xff0 [ 789.762475] copy_tree+0x33e/0xa20 [ 789.766016] copy_mnt_ns+0x167/0xa30 [ 789.769730] ? create_new_namespaces+0x30/0x720 [ 789.774392] ? do_mount+0x2a00/0x2a00 [ 789.778186] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 789.783212] ? kmem_cache_alloc+0x35f/0x3c0 [ 789.787548] create_new_namespaces+0xc9/0x720 [ 789.792039] ? security_capable+0x88/0xb0 [ 789.796185] copy_namespaces+0x27b/0x310 [ 789.800243] copy_process.part.0+0x25f8/0x71c0 [ 789.804835] ? get_pid_task+0xb8/0x130 [ 789.808717] ? proc_fail_nth_write+0x7b/0x180 [ 789.813206] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 789.818167] ? __cleanup_sighand+0x40/0x40 [ 789.822415] ? lock_downgrade+0x740/0x740 [ 789.826561] _do_fork+0x184/0xc80 [ 789.830012] ? fork_idle+0x270/0x270 [ 789.833720] ? fput+0xb/0x140 [ 789.836823] ? SyS_write+0x14d/0x210 [ 789.840530] ? SyS_read+0x210/0x210 [ 789.844149] ? __do_page_fault+0x159/0xad0 [ 789.848377] ? do_syscall_64+0x4c/0x640 [ 789.852343] ? sys_vfork+0x20/0x20 [ 789.855876] do_syscall_64+0x1d5/0x640 [ 789.859765] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 789.864996] RIP: 0033:0x466459 [ 789.868185] RSP: 002b:00007fdc763e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 789.876003] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 789.883270] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 789.890538] RBP: 00007fdc763e51d0 R08: ffffffffffffffff R09: 0000000000000000 [ 789.897814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 789.905074] R13: 00007ffe14220b5f R14: 00007fdc763e5300 R15: 0000000000022000 [ 789.914771] FAULT_INJECTION: forcing a failure. [ 789.914771] name failslab, interval 1, probability 0, space 0, times 0 [ 789.926238] CPU: 0 PID: 19808 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0 [ 789.934144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 789.943517] Call Trace: [ 789.946110] dump_stack+0x1b2/0x281 [ 789.949744] should_fail.cold+0x10a/0x149 [ 789.953902] should_failslab+0xd6/0x130 [ 789.957881] __kmalloc_track_caller+0x2bc/0x400 [ 789.962550] ? kstrdup_const+0x35/0x60 [ 789.966437] ? lock_downgrade+0x740/0x740 [ 789.970587] kstrdup+0x36/0x70 [ 789.973782] kstrdup_const+0x35/0x60 [ 789.977504] alloc_vfsmnt+0xe0/0x7f0 [ 789.981221] clone_mnt+0x6c/0xff0 [ 789.984679] copy_tree+0x33e/0xa20 [ 789.988228] copy_mnt_ns+0x167/0xa30 [ 789.991953] ? create_new_namespaces+0x30/0x720 [ 789.996626] ? do_mount+0x2a00/0x2a00 [ 790.000429] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 790.005465] ? kmem_cache_alloc+0x35f/0x3c0 [ 790.009807] create_new_namespaces+0xc9/0x720 [ 790.014307] ? security_capable+0x88/0xb0 [ 790.018461] copy_namespaces+0x27b/0x310 [ 790.022526] copy_process.part.0+0x25f8/0x71c0 [ 790.027116] ? get_pid_task+0xb8/0x130 [ 790.031009] ? proc_fail_nth_write+0x7b/0x180 [ 790.035507] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 790.040447] ? __cleanup_sighand+0x40/0x40 [ 790.044697] ? lock_downgrade+0x740/0x740 [ 790.048855] _do_fork+0x184/0xc80 [ 790.052323] ? fork_idle+0x270/0x270 [ 790.056045] ? fput+0xb/0x140 [ 790.059152] ? SyS_write+0x14d/0x210 [ 790.062870] ? SyS_read+0x210/0x210 [ 790.066491] ? __do_page_fault+0x159/0xad0 [ 790.070722] ? do_syscall_64+0x4c/0x640 [ 790.074688] ? sys_vfork+0x20/0x20 [ 790.078236] do_syscall_64+0x1d5/0x640 [ 790.082134] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 790.087322] RIP: 0033:0x466459 [ 790.090507] RSP: 002b:00007fd83f2f4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 790.098288] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 790.105543] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 790.112803] RBP: 00007fd83f2f41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 790.120091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 790.127370] R13: 00007ffefefe45cf R14: 00007fd83f2f4300 R15: 0000000000022000 [ 790.352171] Bluetooth: hci3 command 0x041b tx timeout 22:06:26 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) socket$inet6(0xa, 0x800, 0x2ba9a157) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x2, 0x2, 0xe4, 0x1ff, 0x4, 0x7ff, 0xfc, 0x3}, 0x0) 22:06:26 executing program 4 (fault-call:10 fault-nth:76): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:26 executing program 3 (fault-call:10 fault-nth:23): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:26 executing program 2 (fault-call:10 fault-nth:25): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:26 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() sched_setattr(r2, 0x0, 0x0) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) [ 790.588775] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 790.607150] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 790.639474] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 790.655561] FAULT_INJECTION: forcing a failure. [ 790.655561] name failslab, interval 1, probability 0, space 0, times 0 [ 790.667179] CPU: 1 PID: 19843 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0 [ 790.675073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 790.684428] Call Trace: [ 790.687023] dump_stack+0x1b2/0x281 [ 790.690676] should_fail.cold+0x10a/0x149 [ 790.694832] should_failslab+0xd6/0x130 [ 790.698814] kmem_cache_alloc+0x28e/0x3c0 [ 790.702985] alloc_vfsmnt+0x23/0x7f0 [ 790.706836] clone_mnt+0x6c/0xff0 [ 790.710486] copy_tree+0x33e/0xa20 [ 790.714047] copy_mnt_ns+0x167/0xa30 [ 790.717769] ? create_new_namespaces+0x30/0x720 [ 790.722621] ? do_mount+0x2a00/0x2a00 [ 790.726429] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 790.731449] ? kmem_cache_alloc+0x35f/0x3c0 [ 790.735785] create_new_namespaces+0xc9/0x720 [ 790.740298] ? security_capable+0x88/0xb0 [ 790.744559] copy_namespaces+0x27b/0x310 [ 790.748666] copy_process.part.0+0x25f8/0x71c0 [ 790.753260] ? get_pid_task+0xb8/0x130 [ 790.757187] ? proc_fail_nth_write+0x7b/0x180 [ 790.761697] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 790.766653] ? __cleanup_sighand+0x40/0x40 [ 790.770898] ? lock_downgrade+0x740/0x740 [ 790.775063] _do_fork+0x184/0xc80 [ 790.778536] ? fork_idle+0x270/0x270 [ 790.782262] ? fput+0xb/0x140 [ 790.785374] ? SyS_write+0x14d/0x210 [ 790.789115] ? SyS_read+0x210/0x210 [ 790.792745] ? __do_page_fault+0x159/0xad0 [ 790.796985] ? do_syscall_64+0x4c/0x640 [ 790.800959] ? sys_vfork+0x20/0x20 [ 790.804873] do_syscall_64+0x1d5/0x640 [ 790.808772] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 790.813983] RIP: 0033:0x466459 [ 790.817197] RSP: 002b:00007fd83f2f4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 790.824939] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 790.832474] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 790.839773] RBP: 00007fd83f2f41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 790.847051] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 790.854335] R13: 00007ffefefe45cf R14: 00007fd83f2f4300 R15: 0000000000022000 [ 790.862892] FAULT_INJECTION: forcing a failure. [ 790.862892] name failslab, interval 1, probability 0, space 0, times 0 [ 790.870733] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 790.874845] CPU: 1 PID: 19834 Comm: syz-executor.3 Not tainted 4.14.228-syzkaller #0 [ 790.888954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 790.898307] Call Trace: [ 790.900907] dump_stack+0x1b2/0x281 [ 790.904544] should_fail.cold+0x10a/0x149 [ 790.908700] should_failslab+0xd6/0x130 [ 790.912681] kmem_cache_alloc+0x28e/0x3c0 [ 790.916831] alloc_vfsmnt+0x23/0x7f0 [ 790.920552] clone_mnt+0x6c/0xff0 [ 790.924015] copy_tree+0x33e/0xa20 [ 790.927561] copy_mnt_ns+0x167/0xa30 [ 790.931276] ? create_new_namespaces+0x30/0x720 [ 790.936170] ? do_mount+0x2a00/0x2a00 [ 790.939975] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 790.945021] ? kmem_cache_alloc+0x35f/0x3c0 [ 790.949351] create_new_namespaces+0xc9/0x720 [ 790.953881] ? security_capable+0x88/0xb0 [ 790.958035] copy_namespaces+0x27b/0x310 [ 790.962098] copy_process.part.0+0x25f8/0x71c0 [ 790.966685] ? get_pid_task+0xb8/0x130 [ 790.970574] ? proc_fail_nth_write+0x7b/0x180 [ 790.975073] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 790.980035] ? __cleanup_sighand+0x40/0x40 [ 790.984282] ? lock_downgrade+0x740/0x740 [ 790.988443] _do_fork+0x184/0xc80 [ 790.991910] ? fork_idle+0x270/0x270 [ 790.995625] ? fput+0xb/0x140 [ 790.998729] ? SyS_write+0x14d/0x210 [ 791.002544] ? SyS_read+0x210/0x210 [ 791.006173] ? __do_page_fault+0x159/0xad0 [ 791.010511] ? do_syscall_64+0x4c/0x640 [ 791.014491] ? sys_vfork+0x20/0x20 [ 791.018056] do_syscall_64+0x1d5/0x640 [ 791.022060] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 791.027344] RIP: 0033:0x466459 [ 791.030723] RSP: 002b:00007fdc76406188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 791.038464] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 791.045834] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 791.053120] RBP: 00007fdc764061d0 R08: ffffffffffffffff R09: 0000000000000000 [ 791.060400] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 791.067677] R13: 00007ffe14220b5f R14: 00007fdc76406300 R15: 0000000000022000 [ 791.093283] device bridge_slave_1 left promiscuous mode [ 791.194947] FAULT_INJECTION: forcing a failure. [ 791.194947] name failslab, interval 1, probability 0, space 0, times 0 [ 791.197545] bridge0: port 2(bridge_slave_1) entered disabled state [ 791.206394] CPU: 1 PID: 19854 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 791.220563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 791.229981] Call Trace: [ 791.232661] dump_stack+0x1b2/0x281 [ 791.236301] should_fail.cold+0x10a/0x149 [ 791.240473] should_failslab+0xd6/0x130 [ 791.244466] kmem_cache_alloc+0x28e/0x3c0 [ 791.248624] alloc_vfsmnt+0x23/0x7f0 [ 791.252345] vfs_kern_mount.part.0+0x27/0x470 [ 791.256852] kern_mount_data+0x51/0xb0 [ 791.260752] pid_ns_prepare_proc+0x1a/0x80 [ 791.265008] alloc_pid+0xa11/0xc90 [ 791.268592] copy_process.part.0+0x27c6/0x71c0 [ 791.273182] ? trace_hardirqs_on+0x10/0x10 [ 791.277463] ? check_preemption_disabled+0x35/0x240 [ 791.282486] ? check_preemption_disabled+0x35/0x240 [ 791.287508] ? finish_task_switch+0x178/0x610 22:06:27 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setscheduler(r0, 0x1, &(0x7f0000000040)=0x1) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 791.292018] ? __cleanup_sighand+0x40/0x40 [ 791.296258] ? _raw_spin_unlock_irq+0x5a/0x80 [ 791.300852] ? finish_task_switch+0x14d/0x610 [ 791.305364] ? switch_mm_irqs_off+0x2d2/0xeb0 [ 791.310018] _do_fork+0x184/0xc80 [ 791.313579] ? fork_idle+0x270/0x270 [ 791.317299] ? io_schedule_timeout+0x140/0x140 [ 791.321907] ? fput+0xb/0x140 [ 791.325037] ? do_syscall_64+0x4c/0x640 [ 791.329014] ? sys_vfork+0x20/0x20 [ 791.332821] do_syscall_64+0x1d5/0x640 [ 791.336727] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 791.341915] RIP: 0033:0x466459 [ 791.345122] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 791.352838] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 791.360142] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 791.367505] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 791.374863] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 791.382167] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 22:06:27 executing program 3 (fault-call:10 fault-nth:24): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:27 executing program 4 (fault-call:10 fault-nth:77): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:27 executing program 2 (fault-call:10 fault-nth:26): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 791.418452] device bridge_slave_0 left promiscuous mode [ 791.523349] bridge0: port 1(bridge_slave_0) entered disabled state [ 791.596281] device veth1_macvtap left promiscuous mode [ 791.619070] FAULT_INJECTION: forcing a failure. [ 791.619070] name failslab, interval 1, probability 0, space 0, times 0 [ 791.621712] device veth0_macvtap left promiscuous mode [ 791.630719] CPU: 1 PID: 19880 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0 [ 791.643535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 791.652884] Call Trace: [ 791.655480] dump_stack+0x1b2/0x281 [ 791.659124] should_fail.cold+0x10a/0x149 [ 791.663276] should_failslab+0xd6/0x130 [ 791.667273] kmem_cache_alloc+0x28e/0x3c0 [ 791.671420] alloc_vfsmnt+0x23/0x7f0 [ 791.675131] clone_mnt+0x6c/0xff0 [ 791.678594] copy_tree+0x33e/0xa20 [ 791.682164] copy_mnt_ns+0x167/0xa30 [ 791.684038] device veth1_vlan left promiscuous mode [ 791.685896] ? create_new_namespaces+0x30/0x720 [ 791.685907] ? do_mount+0x2a00/0x2a00 [ 791.685919] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 791.685930] ? kmem_cache_alloc+0x35f/0x3c0 [ 791.685941] create_new_namespaces+0xc9/0x720 [ 791.714033] ? security_capable+0x88/0xb0 [ 791.718218] copy_namespaces+0x27b/0x310 [ 791.722282] copy_process.part.0+0x25f8/0x71c0 [ 791.726863] ? get_pid_task+0xb8/0x130 [ 791.730754] ? proc_fail_nth_write+0x7b/0x180 [ 791.735252] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 791.735483] device veth0_vlan left promiscuous mode [ 791.740186] ? __cleanup_sighand+0x40/0x40 [ 791.740198] ? lock_downgrade+0x740/0x740 [ 791.740214] _do_fork+0x184/0xc80 [ 791.740230] ? fork_idle+0x270/0x270 [ 791.760760] ? fput+0xb/0x140 [ 791.763868] ? SyS_write+0x14d/0x210 [ 791.767588] ? SyS_read+0x210/0x210 [ 791.771214] ? __do_page_fault+0x159/0xad0 [ 791.775454] ? do_syscall_64+0x4c/0x640 [ 791.779433] ? sys_vfork+0x20/0x20 [ 791.783015] do_syscall_64+0x1d5/0x640 [ 791.786939] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 791.792137] RIP: 0033:0x466459 [ 791.795354] RSP: 002b:00007fd83f2f4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 791.803071] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 791.810370] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 791.817639] RBP: 00007fd83f2f41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 791.825521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 791.832794] R13: 00007ffefefe45cf R14: 00007fd83f2f4300 R15: 0000000000022000 [ 791.851754] FAULT_INJECTION: forcing a failure. [ 791.851754] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 791.852019] FAULT_INJECTION: forcing a failure. [ 791.852019] name failslab, interval 1, probability 0, space 0, times 0 [ 791.863752] CPU: 0 PID: 19884 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 791.883306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 791.892680] Call Trace: [ 791.895273] dump_stack+0x1b2/0x281 [ 791.898932] should_fail.cold+0x10a/0x149 [ 791.903078] __alloc_pages_nodemask+0x22c/0x2720 [ 791.907837] ? finish_task_switch+0x178/0x610 [ 791.912325] ? switch_mm_irqs_off+0x2d2/0xeb0 [ 791.916840] ? pcpu_alloc+0xbe0/0xf50 [ 791.920653] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 791.925577] ? check_preemption_disabled+0x35/0x240 [ 791.930595] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 791.936041] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 791.941138] alloc_pages_current+0x155/0x260 [ 791.945539] ? __lockdep_init_map+0x100/0x560 [ 791.950028] get_zeroed_page+0x19/0x50 [ 791.953906] mount_fs+0x1c7/0x2a0 [ 791.957371] vfs_kern_mount.part.0+0x5b/0x470 [ 791.961871] kern_mount_data+0x51/0xb0 [ 791.965755] pid_ns_prepare_proc+0x1a/0x80 [ 791.969982] alloc_pid+0xa11/0xc90 [ 791.973619] copy_process.part.0+0x27c6/0x71c0 [ 791.978191] ? get_pid_task+0xb8/0x130 [ 791.982077] ? proc_fail_nth_write+0x7b/0x180 [ 791.986563] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 791.991507] ? __cleanup_sighand+0x40/0x40 [ 791.995732] ? lock_downgrade+0x740/0x740 [ 791.999875] _do_fork+0x184/0xc80 [ 792.003323] ? fork_idle+0x270/0x270 [ 792.007030] ? fput+0xb/0x140 [ 792.010125] ? SyS_write+0x14d/0x210 [ 792.013845] ? SyS_read+0x210/0x210 [ 792.017463] ? __do_page_fault+0x159/0xad0 [ 792.021688] ? do_syscall_64+0x4c/0x640 [ 792.025652] ? sys_vfork+0x20/0x20 [ 792.029198] do_syscall_64+0x1d5/0x640 [ 792.033175] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 792.038358] RIP: 0033:0x466459 [ 792.041625] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 792.049326] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 792.056762] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 792.064035] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 792.071307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 792.078571] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 [ 792.085853] CPU: 1 PID: 19889 Comm: syz-executor.3 Not tainted 4.14.228-syzkaller #0 [ 792.093745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 792.103098] Call Trace: [ 792.105695] dump_stack+0x1b2/0x281 [ 792.109336] should_fail.cold+0x10a/0x149 [ 792.113493] should_failslab+0xd6/0x130 [ 792.117475] __kmalloc_track_caller+0x2bc/0x400 [ 792.122234] ? kstrdup_const+0x35/0x60 [ 792.126127] ? lock_downgrade+0x740/0x740 [ 792.130279] kstrdup+0x36/0x70 [ 792.133489] kstrdup_const+0x35/0x60 [ 792.137204] alloc_vfsmnt+0xe0/0x7f0 [ 792.141123] clone_mnt+0x6c/0xff0 [ 792.144583] copy_tree+0x33e/0xa20 [ 792.148130] copy_mnt_ns+0x167/0xa30 [ 792.151846] ? create_new_namespaces+0x30/0x720 [ 792.156516] ? do_mount+0x2a00/0x2a00 [ 792.160315] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 792.165347] ? kmem_cache_alloc+0x35f/0x3c0 [ 792.169691] create_new_namespaces+0xc9/0x720 [ 792.174189] ? security_capable+0x88/0xb0 [ 792.178350] copy_namespaces+0x27b/0x310 [ 792.182414] copy_process.part.0+0x25f8/0x71c0 [ 792.186997] ? trace_hardirqs_on+0x10/0x10 [ 792.191233] ? lock_downgrade+0x740/0x740 [ 792.195383] ? _raw_spin_unlock_irq+0x24/0x80 [ 792.199913] ? __cleanup_sighand+0x40/0x40 [ 792.204145] ? lock_downgrade+0x740/0x740 [ 792.208339] ? _raw_spin_unlock_irq+0x24/0x80 [ 792.212842] _do_fork+0x184/0xc80 [ 792.216393] ? fork_idle+0x270/0x270 [ 792.220109] ? io_schedule_timeout+0x140/0x140 [ 792.224725] ? do_syscall_64+0x4c/0x640 [ 792.228726] ? sys_vfork+0x20/0x20 [ 792.232268] do_syscall_64+0x1d5/0x640 [ 792.236169] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 792.241359] RIP: 0033:0x466459 [ 792.244547] RSP: 002b:00007fdc763e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 792.252279] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 792.259550] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 792.266823] RBP: 00007fdc763e51d0 R08: ffffffffffffffff R09: 0000000000000000 [ 792.274093] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 792.281370] R13: 00007ffe14220b5f R14: 00007fdc763e5300 R15: 0000000000022000 [ 792.431636] Bluetooth: hci3 command 0x040f tx timeout [ 792.570328] device hsr_slave_1 left promiscuous mode [ 792.577590] device hsr_slave_0 left promiscuous mode [ 792.590036] team0 (unregistering): Port device team_slave_1 removed [ 792.601778] team0 (unregistering): Port device team_slave_0 removed [ 792.610763] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 792.621519] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 792.646965] bond0 (unregistering): Released all slaves [ 794.511707] Bluetooth: hci3 command 0x0419 tx timeout [ 794.697927] IPVS: ftp: loaded support on port[0] = 21 [ 794.847573] chnl_net:caif_netlink_parms(): no params data found [ 794.901797] bridge0: port 1(bridge_slave_0) entered blocking state [ 794.908218] bridge0: port 1(bridge_slave_0) entered disabled state [ 794.916840] device bridge_slave_0 entered promiscuous mode [ 794.926009] bridge0: port 2(bridge_slave_1) entered blocking state [ 794.932509] bridge0: port 2(bridge_slave_1) entered disabled state [ 794.939382] device bridge_slave_1 entered promiscuous mode [ 794.957035] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 794.966026] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 794.986692] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 794.993887] team0: Port device team_slave_0 added [ 794.999242] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 795.007818] team0: Port device team_slave_1 added [ 795.025666] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 795.031994] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 795.058005] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 795.070042] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 795.077017] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 795.102808] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 795.113742] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 795.121089] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 795.142832] device hsr_slave_0 entered promiscuous mode [ 795.148458] device hsr_slave_1 entered promiscuous mode [ 795.155069] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 795.162829] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 795.233348] bridge0: port 2(bridge_slave_1) entered blocking state [ 795.239818] bridge0: port 2(bridge_slave_1) entered forwarding state [ 795.246499] bridge0: port 1(bridge_slave_0) entered blocking state [ 795.252918] bridge0: port 1(bridge_slave_0) entered forwarding state [ 795.283837] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 795.289934] 8021q: adding VLAN 0 to HW filter on device bond0 [ 795.298563] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 795.307651] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 795.315748] bridge0: port 1(bridge_slave_0) entered disabled state [ 795.322785] bridge0: port 2(bridge_slave_1) entered disabled state [ 795.332668] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 795.338732] 8021q: adding VLAN 0 to HW filter on device team0 [ 795.349156] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 795.356994] bridge0: port 1(bridge_slave_0) entered blocking state [ 795.363409] bridge0: port 1(bridge_slave_0) entered forwarding state [ 795.373826] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 795.381829] bridge0: port 2(bridge_slave_1) entered blocking state [ 795.388179] bridge0: port 2(bridge_slave_1) entered forwarding state [ 795.408296] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 795.418251] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 795.429842] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 795.437707] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 795.446202] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 795.454002] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 795.461707] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 795.469679] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 795.476877] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 795.489763] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 795.498272] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 795.505060] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 795.514961] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 795.570111] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 795.579615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 795.608025] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 795.615513] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 795.623574] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 795.634226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 795.642102] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 795.648897] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 795.657926] device veth0_vlan entered promiscuous mode [ 795.666934] device veth1_vlan entered promiscuous mode [ 795.673185] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 795.682355] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 795.694959] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 795.704254] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 795.711832] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 795.719242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 795.728660] device veth0_macvtap entered promiscuous mode [ 795.735615] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 795.744583] device veth1_macvtap entered promiscuous mode [ 795.753915] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 795.763507] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 795.772155] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 795.782593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 795.792101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 795.802904] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 795.812699] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 795.822518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 795.831737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 795.841763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 795.850898] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 795.860729] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 795.871145] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 795.878958] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 795.886636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 795.895909] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 795.907560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 795.917697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 795.926918] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 795.936925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 795.946866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 795.956755] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 795.965933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 795.975720] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 795.984900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 795.994699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 796.005147] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 796.012287] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 796.019369] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 796.027206] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 22:06:32 executing program 0: r0 = fork() r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r1, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r2, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f00000002c0)={{}, r2, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, &(0x7f00000000c0)=r2) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, 0xffffffffffffffff, 0xb3eb8000) process_vm_writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x4030582a, &(0x7f0000000040)) r4 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r4, 0x0) accept4$unix(r4, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) 22:06:32 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() sched_setattr(r2, 0x0, 0x0) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) 22:06:32 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x4d8800, 0x0) ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000300)={0x0, {}, 0x0, {}, 0x3, 0x12, 0x1, 0x10, "2c9cc1d1424c099c5225b769a6b99763c87e40c2efb8b58a369447fd1c10376c349ff307ad5b14e7519f398d86e7f7e323abf1b5e16a864a8f77c47b1ccd4609", "8b10ab306cc08f07005cc3787b13f376aef61bafd5430097059d9bb021fb3a04", [0xffffffffffff4408, 0x1]}) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) getpid() r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r1, 0x0) r2 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r2) openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x400, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:32 executing program 2 (fault-call:10 fault-nth:27): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:32 executing program 3 (fault-call:10 fault-nth:25): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:32 executing program 4 (fault-call:10 fault-nth:78): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:32 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r3, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f00000002c0)={{}, r3, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r3) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r4 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r5, 0x0) accept4$unix(r5, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) [ 796.249850] FAULT_INJECTION: forcing a failure. [ 796.249850] name failslab, interval 1, probability 0, space 0, times 0 [ 796.261356] CPU: 0 PID: 20168 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0 [ 796.269323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 796.278665] Call Trace: [ 796.281241] dump_stack+0x1b2/0x281 [ 796.284874] should_fail.cold+0x10a/0x149 [ 796.289033] should_failslab+0xd6/0x130 [ 796.293018] kmem_cache_alloc+0x28e/0x3c0 [ 796.297256] alloc_vfsmnt+0x23/0x7f0 [ 796.300980] clone_mnt+0x6c/0xff0 [ 796.304515] copy_tree+0x33e/0xa20 [ 796.308260] copy_mnt_ns+0x167/0xa30 [ 796.311987] ? create_new_namespaces+0x30/0x720 [ 796.316661] ? do_mount+0x2a00/0x2a00 [ 796.320514] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 796.325540] ? kmem_cache_alloc+0x35f/0x3c0 [ 796.329874] create_new_namespaces+0xc9/0x720 [ 796.334378] ? security_capable+0x88/0xb0 [ 796.338532] copy_namespaces+0x27b/0x310 [ 796.342635] copy_process.part.0+0x25f8/0x71c0 [ 796.347228] ? get_pid_task+0xb8/0x130 [ 796.351149] ? proc_fail_nth_write+0x7b/0x180 [ 796.355648] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 796.360675] ? __cleanup_sighand+0x40/0x40 [ 796.364907] ? lock_downgrade+0x740/0x740 [ 796.369061] _do_fork+0x184/0xc80 [ 796.372520] ? fork_idle+0x270/0x270 [ 796.376296] ? fput+0xb/0x140 [ 796.379406] ? SyS_write+0x14d/0x210 [ 796.383145] ? SyS_read+0x210/0x210 [ 796.386866] ? __do_page_fault+0x159/0xad0 [ 796.391102] ? do_syscall_64+0x4c/0x640 [ 796.395106] ? sys_vfork+0x20/0x20 [ 796.398637] do_syscall_64+0x1d5/0x640 [ 796.402558] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 796.407793] RIP: 0033:0x466459 [ 796.410993] RSP: 002b:00007fd83f2f4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 796.418705] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 796.425993] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 796.433290] RBP: 00007fd83f2f41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 796.440612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 796.447973] R13: 00007ffefefe45cf R14: 00007fd83f2f4300 R15: 0000000000022000 [ 796.456948] FAULT_INJECTION: forcing a failure. [ 796.456948] name failslab, interval 1, probability 0, space 0, times 0 [ 796.468337] CPU: 1 PID: 20176 Comm: syz-executor.3 Not tainted 4.14.228-syzkaller #0 [ 796.476231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 796.485590] Call Trace: [ 796.488217] dump_stack+0x1b2/0x281 [ 796.491856] should_fail.cold+0x10a/0x149 [ 796.496009] should_failslab+0xd6/0x130 [ 796.499988] kmem_cache_alloc+0x28e/0x3c0 [ 796.504145] alloc_vfsmnt+0x23/0x7f0 [ 796.507895] clone_mnt+0x6c/0xff0 [ 796.511357] copy_tree+0x33e/0xa20 [ 796.514908] copy_mnt_ns+0x167/0xa30 [ 796.518631] ? create_new_namespaces+0x30/0x720 [ 796.523301] ? do_mount+0x2a00/0x2a00 [ 796.527104] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 796.532125] ? kmem_cache_alloc+0x35f/0x3c0 [ 796.536451] create_new_namespaces+0xc9/0x720 [ 796.540947] ? security_capable+0x88/0xb0 [ 796.545104] copy_namespaces+0x27b/0x310 [ 796.549197] copy_process.part.0+0x25f8/0x71c0 [ 796.553784] ? get_pid_task+0xb8/0x130 [ 796.557690] ? proc_fail_nth_write+0x7b/0x180 [ 796.562183] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 796.567111] ? __cleanup_sighand+0x40/0x40 [ 796.571337] ? lock_downgrade+0x740/0x740 [ 796.575485] _do_fork+0x184/0xc80 [ 796.578965] ? fork_idle+0x270/0x270 [ 796.582737] ? fput+0xb/0x140 [ 796.585865] ? SyS_write+0x14d/0x210 [ 796.589572] ? SyS_read+0x210/0x210 [ 796.593180] ? __do_page_fault+0x159/0xad0 [ 796.597400] ? do_syscall_64+0x4c/0x640 [ 796.601383] ? sys_vfork+0x20/0x20 [ 796.604923] do_syscall_64+0x1d5/0x640 [ 796.608815] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 796.613998] RIP: 0033:0x466459 [ 796.617187] RSP: 002b:00007fdc763e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 796.624905] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 796.632164] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 796.639423] RBP: 00007fdc763e51d0 R08: ffffffffffffffff R09: 0000000000000000 22:06:33 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r3, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f00000002c0)={{}, r3, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r3) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r4 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r5, 0x0) accept4$unix(r5, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) [ 796.646686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 796.653947] R13: 00007ffe14220b5f R14: 00007fdc763e5300 R15: 0000000000022000 [ 796.690523] FAULT_INJECTION: forcing a failure. [ 796.690523] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 796.703835] CPU: 1 PID: 20177 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 796.711724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 796.721086] Call Trace: [ 796.723699] dump_stack+0x1b2/0x281 [ 796.727359] should_fail.cold+0x10a/0x149 [ 796.732137] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 796.737512] __alloc_pages_nodemask+0x22c/0x2720 [ 796.742275] ? depot_save_stack+0x10d/0x3f0 [ 796.746609] ? __lock_acquire+0x5fc/0x3f20 [ 796.750855] ? copy_namespaces+0x27b/0x310 [ 796.755096] ? copy_process.part.0+0x25f8/0x71c0 [ 796.759922] ? _do_fork+0x184/0xc80 [ 796.763546] ? do_syscall_64+0x1d5/0x640 [ 796.767607] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 796.772964] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 796.777806] ? __schedule+0x893/0x1de0 [ 796.781709] ? io_schedule_timeout+0x140/0x140 [ 796.786306] ? ___preempt_schedule+0x16/0x18 [ 796.790702] ? preempt_schedule_common+0x45/0xc0 [ 796.795451] cache_grow_begin+0x91/0x630 [ 796.799529] ? check_preemption_disabled+0x35/0x240 [ 796.804554] cache_alloc_refill+0x273/0x350 [ 796.808904] kmem_cache_alloc_trace+0x340/0x3d0 [ 796.813599] copy_pid_ns+0x1f8/0xa60 [ 796.817323] ? copy_ipcs+0x44/0x3f0 [ 796.820985] create_new_namespaces+0x25f/0x720 [ 796.825604] copy_namespaces+0x27b/0x310 [ 796.829682] copy_process.part.0+0x25f8/0x71c0 [ 796.834310] ? get_pid_task+0xb8/0x130 [ 796.838212] ? proc_fail_nth_write+0x7b/0x180 [ 796.842721] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 796.847679] ? __cleanup_sighand+0x40/0x40 [ 796.851932] ? lock_downgrade+0x740/0x740 [ 796.856126] _do_fork+0x184/0xc80 [ 796.859599] ? fork_idle+0x270/0x270 [ 796.863327] ? fput+0xb/0x140 [ 796.866431] ? SyS_write+0x14d/0x210 [ 796.870138] ? SyS_read+0x210/0x210 [ 796.873763] ? __do_page_fault+0x159/0xad0 [ 796.878020] ? do_syscall_64+0x4c/0x640 [ 796.881992] ? sys_vfork+0x20/0x20 [ 796.885525] do_syscall_64+0x1d5/0x640 [ 796.889401] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 796.894579] RIP: 0033:0x466459 [ 796.897774] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 796.905754] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 796.913034] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 796.920310] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 796.927583] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 796.935553] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 [ 796.955164] Bluetooth: hci2 command 0x0409 tx timeout 22:06:33 executing program 4 (fault-call:10 fault-nth:79): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:33 executing program 3 (fault-call:10 fault-nth:26): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:33 executing program 2 (fault-call:10 fault-nth:28): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:33 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() sched_setattr(r2, 0x0, 0x0) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) 22:06:33 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000140)=0x0) sched_setattr(r3, &(0x7f0000000180)={0x38, 0x5, 0x3d, 0x1f, 0xef6, 0xc1ae, 0x1, 0x3, 0x5, 0x3f}, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendto$inet6(r0, &(0x7f00000000c0)="f25453c7425def37c027bb937964363d125f4924f58622c55397a2ff79cf7b43e72c73afa314e14c8f45af3aa7d044f01422e465684f95a117fc6b85d0e4c20f2b6ceef0066f18b8c2357672f0b1d6d446c23906", 0x54, 0x8040, &(0x7f0000000040)={0xa, 0x4e21, 0x40, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0xa6}, 0x1c) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000280)='/dev/uinput\x00', 0x802, 0x0) dup2(r1, r4) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 797.208813] FAULT_INJECTION: forcing a failure. [ 797.208813] name failslab, interval 1, probability 0, space 0, times 0 [ 797.220369] CPU: 1 PID: 20213 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0 [ 797.228289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 797.237646] Call Trace: [ 797.240256] dump_stack+0x1b2/0x281 [ 797.243909] should_fail.cold+0x10a/0x149 [ 797.248074] should_failslab+0xd6/0x130 [ 797.252061] __kmalloc_track_caller+0x2bc/0x400 [ 797.256766] ? kstrdup_const+0x35/0x60 [ 797.260663] ? lock_downgrade+0x740/0x740 [ 797.264819] kstrdup+0x36/0x70 [ 797.268020] kstrdup_const+0x35/0x60 [ 797.271739] alloc_vfsmnt+0xe0/0x7f0 [ 797.275454] clone_mnt+0x6c/0xff0 [ 797.278924] copy_tree+0x33e/0xa20 [ 797.282472] copy_mnt_ns+0x167/0xa30 [ 797.286192] ? create_new_namespaces+0x30/0x720 [ 797.290860] ? do_mount+0x2a00/0x2a00 [ 797.294657] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 797.299684] ? kmem_cache_alloc+0x35f/0x3c0 [ 797.304003] create_new_namespaces+0xc9/0x720 [ 797.308493] ? security_capable+0x88/0xb0 [ 797.312666] copy_namespaces+0x27b/0x310 [ 797.316728] copy_process.part.0+0x25f8/0x71c0 [ 797.321326] ? get_pid_task+0xb8/0x130 [ 797.325210] ? proc_fail_nth_write+0x7b/0x180 [ 797.329718] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 797.334658] ? __cleanup_sighand+0x40/0x40 [ 797.338916] ? lock_downgrade+0x740/0x740 [ 797.343087] _do_fork+0x184/0xc80 [ 797.346540] ? fork_idle+0x270/0x270 [ 797.350258] ? fput+0xb/0x140 [ 797.353360] ? SyS_write+0x14d/0x210 [ 797.357068] ? SyS_read+0x210/0x210 [ 797.360705] ? __do_page_fault+0x159/0xad0 [ 797.364947] ? do_syscall_64+0x4c/0x640 [ 797.368918] ? sys_vfork+0x20/0x20 [ 797.372455] do_syscall_64+0x1d5/0x640 [ 797.376360] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 797.381653] RIP: 0033:0x466459 [ 797.385268] RSP: 002b:00007fd83f2f4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 797.393147] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 797.400671] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 797.407933] RBP: 00007fd83f2f41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 797.415209] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 797.422470] R13: 00007ffefefe45cf R14: 00007fd83f2f4300 R15: 0000000000022000 [ 797.445966] FAULT_INJECTION: forcing a failure. [ 797.445966] name failslab, interval 1, probability 0, space 0, times 0 [ 797.457423] CPU: 0 PID: 20202 Comm: syz-executor.3 Not tainted 4.14.228-syzkaller #0 [ 797.465413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 797.474975] Call Trace: [ 797.477598] dump_stack+0x1b2/0x281 [ 797.481211] should_fail.cold+0x10a/0x149 [ 797.485355] should_failslab+0xd6/0x130 [ 797.489322] __kmalloc_track_caller+0x2bc/0x400 [ 797.493982] ? kstrdup_const+0x35/0x60 [ 797.497865] kstrdup+0x36/0x70 [ 797.501040] kstrdup_const+0x35/0x60 [ 797.504740] alloc_vfsmnt+0xe0/0x7f0 [ 797.508446] clone_mnt+0x6c/0xff0 [ 797.511911] copy_tree+0x33e/0xa20 [ 797.515497] copy_mnt_ns+0x167/0xa30 [ 797.519214] ? create_new_namespaces+0x30/0x720 [ 797.523890] ? do_mount+0x2a00/0x2a00 [ 797.527693] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 797.532712] ? kmem_cache_alloc+0x35f/0x3c0 [ 797.537035] create_new_namespaces+0xc9/0x720 [ 797.541533] ? security_capable+0x88/0xb0 [ 797.545726] copy_namespaces+0x27b/0x310 [ 797.549780] copy_process.part.0+0x25f8/0x71c0 [ 797.554354] ? finish_task_switch+0x178/0x610 [ 797.558892] ? finish_task_switch+0x14d/0x610 [ 797.563385] ? switch_mm_irqs_off+0x601/0xeb0 [ 797.567890] ? __schedule+0x893/0x1de0 [ 797.571784] ? __cleanup_sighand+0x40/0x40 [ 797.576023] ? lock_downgrade+0x740/0x740 [ 797.580163] _do_fork+0x184/0xc80 [ 797.583618] ? fork_idle+0x270/0x270 [ 797.587333] ? fput+0xb/0x140 [ 797.590458] ? SyS_write+0x14d/0x210 [ 797.594186] ? SyS_read+0x210/0x210 [ 797.597818] ? __do_page_fault+0x159/0xad0 [ 797.602230] ? do_syscall_64+0x4c/0x640 [ 797.606923] ? sys_vfork+0x20/0x20 [ 797.610529] do_syscall_64+0x1d5/0x640 [ 797.614874] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 797.620270] RIP: 0033:0x466459 [ 797.623571] RSP: 002b:00007fdc76406188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 797.631381] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 797.638832] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 797.646310] RBP: 00007fdc764061d0 R08: ffffffffffffffff R09: 0000000000000000 [ 797.653570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 797.660845] R13: 00007ffe14220b5f R14: 00007fdc76406300 R15: 0000000000022000 [ 797.675824] FAULT_INJECTION: forcing a failure. [ 797.675824] name failslab, interval 1, probability 0, space 0, times 0 [ 797.687279] CPU: 0 PID: 20218 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 797.695186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 797.704639] Call Trace: [ 797.707219] dump_stack+0x1b2/0x281 [ 797.710854] should_fail.cold+0x10a/0x149 [ 797.715018] should_failslab+0xd6/0x130 [ 797.718998] kmem_cache_alloc+0x28e/0x3c0 [ 797.723145] alloc_vfsmnt+0x23/0x7f0 [ 797.726858] vfs_kern_mount.part.0+0x27/0x470 [ 797.731360] kern_mount_data+0x51/0xb0 [ 797.735250] pid_ns_prepare_proc+0x1a/0x80 [ 797.739487] alloc_pid+0xa11/0xc90 [ 797.743057] copy_process.part.0+0x27c6/0x71c0 [ 797.747641] ? get_pid_task+0xb8/0x130 [ 797.751530] ? proc_fail_nth_write+0x7b/0x180 [ 797.756027] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 797.760991] ? __cleanup_sighand+0x40/0x40 [ 797.765226] ? lock_downgrade+0x740/0x740 [ 797.769467] _do_fork+0x184/0xc80 [ 797.773011] ? fork_idle+0x270/0x270 [ 797.776727] ? fput+0xb/0x140 [ 797.779856] ? SyS_write+0x14d/0x210 [ 797.783577] ? SyS_read+0x210/0x210 [ 797.787227] ? __do_page_fault+0x159/0xad0 [ 797.791465] ? do_syscall_64+0x4c/0x640 [ 797.795438] ? sys_vfork+0x20/0x20 [ 797.798980] do_syscall_64+0x1d5/0x640 [ 797.802879] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 797.808097] RIP: 0033:0x466459 [ 797.811287] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 797.818997] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 797.826356] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 797.833634] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 797.840912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 797.848272] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 22:06:34 executing program 4 (fault-call:10 fault-nth:80): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:34 executing program 3 (fault-call:10 fault-nth:27): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:34 executing program 2 (fault-call:10 fault-nth:29): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:34 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() sched_setattr(r2, 0x0, 0x0) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) [ 798.094022] FAULT_INJECTION: forcing a failure. [ 798.094022] name failslab, interval 1, probability 0, space 0, times 0 [ 798.105825] CPU: 0 PID: 20243 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0 [ 798.113728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 798.123080] Call Trace: [ 798.125681] dump_stack+0x1b2/0x281 [ 798.129340] should_fail.cold+0x10a/0x149 [ 798.133494] should_failslab+0xd6/0x130 [ 798.137470] kmem_cache_alloc+0x28e/0x3c0 [ 798.141631] alloc_vfsmnt+0x23/0x7f0 [ 798.145349] clone_mnt+0x6c/0xff0 [ 798.148809] copy_tree+0x33e/0xa20 [ 798.152364] copy_mnt_ns+0x167/0xa30 [ 798.156088] ? create_new_namespaces+0x30/0x720 [ 798.160851] ? do_mount+0x2a00/0x2a00 [ 798.164726] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 798.169776] ? kmem_cache_alloc+0x35f/0x3c0 [ 798.174105] create_new_namespaces+0xc9/0x720 [ 798.178606] ? security_capable+0x88/0xb0 [ 798.182759] copy_namespaces+0x27b/0x310 [ 798.186856] copy_process.part.0+0x25f8/0x71c0 22:06:34 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) getpid() vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 798.191453] ? get_pid_task+0xb8/0x130 [ 798.195432] ? proc_fail_nth_write+0x7b/0x180 [ 798.199930] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 798.204882] ? __cleanup_sighand+0x40/0x40 [ 798.209146] ? lock_downgrade+0x740/0x740 [ 798.213328] _do_fork+0x184/0xc80 [ 798.216790] ? fork_idle+0x270/0x270 [ 798.220509] ? fput+0xb/0x140 [ 798.223619] ? SyS_write+0x14d/0x210 [ 798.227334] ? SyS_read+0x210/0x210 [ 798.230991] ? __do_page_fault+0x159/0xad0 [ 798.235226] ? do_syscall_64+0x4c/0x640 [ 798.239221] ? sys_vfork+0x20/0x20 [ 798.242765] do_syscall_64+0x1d5/0x640 [ 798.246662] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 798.251855] RIP: 0033:0x466459 [ 798.255048] RSP: 002b:00007fd83f2f4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 798.262762] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 798.270030] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 798.277305] RBP: 00007fd83f2f41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 798.284666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 798.292215] R13: 00007ffefefe45cf R14: 00007fd83f2f4300 R15: 0000000000022000 [ 798.314587] FAULT_INJECTION: forcing a failure. [ 798.314587] name failslab, interval 1, probability 0, space 0, times 0 [ 798.326077] CPU: 1 PID: 20231 Comm: syz-executor.3 Not tainted 4.14.228-syzkaller #0 [ 798.333976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 798.343340] Call Trace: [ 798.345973] dump_stack+0x1b2/0x281 [ 798.349612] should_fail.cold+0x10a/0x149 [ 798.353773] should_failslab+0xd6/0x130 [ 798.357761] kmem_cache_alloc+0x28e/0x3c0 [ 798.361920] alloc_vfsmnt+0x23/0x7f0 [ 798.365647] clone_mnt+0x6c/0xff0 [ 798.369113] copy_tree+0x33e/0xa20 [ 798.372668] copy_mnt_ns+0x167/0xa30 [ 798.376603] ? create_new_namespaces+0x30/0x720 [ 798.381303] ? do_mount+0x2a00/0x2a00 [ 798.385113] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 798.390129] ? kmem_cache_alloc+0x35f/0x3c0 [ 798.394444] create_new_namespaces+0xc9/0x720 [ 798.398956] copy_namespaces+0x27b/0x310 [ 798.403015] copy_process.part.0+0x25f8/0x71c0 [ 798.407714] ? get_pid_task+0xb8/0x130 [ 798.411617] ? proc_fail_nth_write+0x7b/0x180 [ 798.416124] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 798.421158] ? __cleanup_sighand+0x40/0x40 [ 798.425385] ? lock_downgrade+0x740/0x740 [ 798.429524] _do_fork+0x184/0xc80 [ 798.433082] ? fork_idle+0x270/0x270 [ 798.436889] ? fput+0xb/0x140 [ 798.439979] ? SyS_write+0x14d/0x210 [ 798.443694] ? SyS_read+0x210/0x210 [ 798.447315] ? __do_page_fault+0x159/0xad0 [ 798.451536] ? do_syscall_64+0x4c/0x640 [ 798.455507] ? sys_vfork+0x20/0x20 [ 798.459081] do_syscall_64+0x1d5/0x640 [ 798.462984] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 798.468205] RIP: 0033:0x466459 [ 798.471379] RSP: 002b:00007fdc76406188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 798.479092] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 798.486378] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 798.493649] RBP: 00007fdc764061d0 R08: ffffffffffffffff R09: 0000000000000000 [ 798.500972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 798.508240] R13: 00007ffe14220b5f R14: 00007fdc76406300 R15: 0000000000022000 [ 798.532583] FAULT_INJECTION: forcing a failure. [ 798.532583] name failslab, interval 1, probability 0, space 0, times 0 [ 798.546231] CPU: 0 PID: 20257 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 798.554131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 798.563484] Call Trace: [ 798.566086] dump_stack+0x1b2/0x281 [ 798.569717] should_fail.cold+0x10a/0x149 [ 798.573867] should_failslab+0xd6/0x130 [ 798.577846] __kmalloc+0x2c1/0x400 [ 798.581388] ? __list_lru_init+0x67/0x710 [ 798.585538] __list_lru_init+0x67/0x710 [ 798.589517] sget_userns+0x504/0xc10 [ 798.593227] ? put_filp+0x90/0x90 [ 798.596691] ? set_anon_super+0x20/0x20 [ 798.600664] ? proc_get_inode+0x620/0x620 [ 798.604814] mount_ns+0x65/0x180 [ 798.608182] mount_fs+0x92/0x2a0 [ 798.611551] vfs_kern_mount.part.0+0x5b/0x470 [ 798.616076] kern_mount_data+0x51/0xb0 [ 798.619960] pid_ns_prepare_proc+0x1a/0x80 [ 798.624191] alloc_pid+0xa11/0xc90 [ 798.627737] copy_process.part.0+0x27c6/0x71c0 [ 798.632317] ? get_pid_task+0xb8/0x130 [ 798.636198] ? proc_fail_nth_write+0x7b/0x180 [ 798.640688] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 798.645627] ? __cleanup_sighand+0x40/0x40 [ 798.649870] ? lock_downgrade+0x740/0x740 [ 798.654041] _do_fork+0x184/0xc80 [ 798.657502] ? fork_idle+0x270/0x270 [ 798.661221] ? fput+0xb/0x140 [ 798.664328] ? SyS_write+0x14d/0x210 [ 798.668043] ? SyS_read+0x210/0x210 [ 798.671676] ? __do_page_fault+0x159/0xad0 [ 798.675942] ? do_syscall_64+0x4c/0x640 [ 798.679917] ? sys_vfork+0x20/0x20 [ 798.683463] do_syscall_64+0x1d5/0x640 [ 798.687359] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 798.692551] RIP: 0033:0x466459 [ 798.695737] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 798.703475] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 798.710743] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 798.718022] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 798.725314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 798.732582] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 22:06:35 executing program 3 (fault-call:10 fault-nth:28): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 799.014169] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 799.020906] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 799.030770] FAULT_INJECTION: forcing a failure. [ 799.030770] name failslab, interval 1, probability 0, space 0, times 0 [ 799.042229] CPU: 1 PID: 20265 Comm: syz-executor.3 Not tainted 4.14.228-syzkaller #0 [ 799.050124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 799.059488] Call Trace: [ 799.062088] dump_stack+0x1b2/0x281 [ 799.065721] should_fail.cold+0x10a/0x149 [ 799.069872] should_failslab+0xd6/0x130 [ 799.073851] __kmalloc_track_caller+0x2bc/0x400 [ 799.078525] ? kstrdup_const+0x35/0x60 [ 799.082418] ? lock_downgrade+0x740/0x740 [ 799.086571] kstrdup+0x36/0x70 [ 799.089768] kstrdup_const+0x35/0x60 [ 799.093512] alloc_vfsmnt+0xe0/0x7f0 [ 799.097231] clone_mnt+0x6c/0xff0 [ 799.100700] copy_tree+0x33e/0xa20 [ 799.104330] copy_mnt_ns+0x167/0xa30 [ 799.108032] ? create_new_namespaces+0x30/0x720 [ 799.112686] ? do_mount+0x2a00/0x2a00 [ 799.116625] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 799.121632] ? kmem_cache_alloc+0x35f/0x3c0 [ 799.125947] create_new_namespaces+0xc9/0x720 [ 799.130513] ? security_capable+0x88/0xb0 [ 799.134745] copy_namespaces+0x27b/0x310 [ 799.138809] copy_process.part.0+0x25f8/0x71c0 [ 799.143391] ? get_pid_task+0xb8/0x130 [ 799.147264] ? proc_fail_nth_write+0x7b/0x180 [ 799.152011] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 799.156945] ? __cleanup_sighand+0x40/0x40 [ 799.161170] ? lock_downgrade+0x740/0x740 [ 799.165307] _do_fork+0x184/0xc80 [ 799.168758] ? fork_idle+0x270/0x270 [ 799.172466] ? fput+0xb/0x140 [ 799.175586] ? SyS_write+0x14d/0x210 [ 799.179380] ? SyS_read+0x210/0x210 [ 799.183030] ? __do_page_fault+0x159/0xad0 [ 799.187247] ? do_syscall_64+0x4c/0x640 [ 799.191210] ? sys_vfork+0x20/0x20 [ 799.194827] do_syscall_64+0x1d5/0x640 [ 799.198702] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 799.203912] RIP: 0033:0x466459 [ 799.207080] RSP: 002b:00007fdc76406188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 799.214784] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 799.222039] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 799.229322] RBP: 00007fdc764061d0 R08: ffffffffffffffff R09: 0000000000000000 [ 799.236597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 799.243956] R13: 00007ffe14220b5f R14: 00007fdc76406300 R15: 0000000000022000 [ 799.259717] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 799.301462] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 799.339965] device bridge_slave_1 left promiscuous mode [ 799.354511] bridge0: port 2(bridge_slave_1) entered disabled state [ 799.363065] device bridge_slave_0 left promiscuous mode [ 799.368685] bridge0: port 1(bridge_slave_0) entered disabled state [ 799.380054] device veth1_macvtap left promiscuous mode [ 799.386235] device veth0_macvtap left promiscuous mode [ 799.393280] device veth1_vlan left promiscuous mode [ 799.398438] device veth0_vlan left promiscuous mode [ 799.579177] device hsr_slave_1 left promiscuous mode [ 799.608394] device hsr_slave_0 left promiscuous mode [ 799.637762] team0 (unregistering): Port device team_slave_1 removed [ 799.655500] team0 (unregistering): Port device team_slave_0 removed [ 799.672759] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 799.691706] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 799.788040] bond0 (unregistering): Released all slaves [ 801.975278] IPVS: ftp: loaded support on port[0] = 21 [ 802.086989] chnl_net:caif_netlink_parms(): no params data found [ 802.142785] bridge0: port 1(bridge_slave_0) entered blocking state [ 802.149365] bridge0: port 1(bridge_slave_0) entered disabled state [ 802.157236] device bridge_slave_0 entered promiscuous mode [ 802.164762] bridge0: port 2(bridge_slave_1) entered blocking state [ 802.171147] bridge0: port 2(bridge_slave_1) entered disabled state [ 802.178668] device bridge_slave_1 entered promiscuous mode [ 802.198663] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 802.207586] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 802.228165] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 802.235592] team0: Port device team_slave_0 added [ 802.241045] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 802.248573] team0: Port device team_slave_1 added [ 802.266691] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 802.273157] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 802.299643] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 802.310668] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 802.317024] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 802.342359] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 802.354442] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 802.362438] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 802.386335] device hsr_slave_0 entered promiscuous mode [ 802.392510] device hsr_slave_1 entered promiscuous mode [ 802.398485] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 802.405780] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 802.488710] bridge0: port 2(bridge_slave_1) entered blocking state [ 802.495140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 802.501848] bridge0: port 1(bridge_slave_0) entered blocking state [ 802.508226] bridge0: port 1(bridge_slave_0) entered forwarding state [ 802.540188] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 802.547226] 8021q: adding VLAN 0 to HW filter on device bond0 [ 802.556895] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 802.566319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 802.573770] bridge0: port 1(bridge_slave_0) entered disabled state [ 802.580362] bridge0: port 2(bridge_slave_1) entered disabled state [ 802.590667] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 802.596903] 8021q: adding VLAN 0 to HW filter on device team0 [ 802.605559] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 802.613513] bridge0: port 1(bridge_slave_0) entered blocking state [ 802.619872] bridge0: port 1(bridge_slave_0) entered forwarding state [ 802.640971] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 802.651092] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 802.662695] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 802.669361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 802.677626] bridge0: port 2(bridge_slave_1) entered blocking state [ 802.684127] bridge0: port 2(bridge_slave_1) entered forwarding state [ 802.691735] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 802.699326] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 802.707186] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 802.714775] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 802.722594] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 802.729559] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 802.741106] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 802.749934] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 802.757867] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 802.769968] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 802.827216] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 802.838927] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 802.870131] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 802.877946] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 802.885032] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 802.894812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 802.902987] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 802.909929] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 802.920287] device veth0_vlan entered promiscuous mode [ 802.929210] device veth1_vlan entered promiscuous mode [ 802.935410] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 802.945827] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 802.956950] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 802.967811] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 802.975579] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 802.983187] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 802.997105] device veth0_macvtap entered promiscuous mode [ 803.003488] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 803.012624] device veth1_macvtap entered promiscuous mode [ 803.021141] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 803.030935] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 803.040135] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 803.050487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 803.060659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 803.070765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 803.080044] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 803.089868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 803.099107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 803.109020] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 803.118244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 803.128101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 803.138490] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 803.147620] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 803.157830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 803.167361] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 803.177165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 803.186649] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 803.196411] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 803.205837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 803.215641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 803.224840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 803.234620] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 803.244992] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 803.252594] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 803.259708] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 803.269018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 803.277377] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready 22:06:39 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x305, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r3, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f00000002c0)={{}, r3, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r3) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r4 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r5, 0x0) accept4$unix(r5, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) 22:06:39 executing program 2 (fault-call:10 fault-nth:30): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:39 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() sched_setattr(r2, 0x0, 0x0) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) 22:06:39 executing program 4 (fault-call:10 fault-nth:81): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:39 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0x6, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x4}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:06:39 executing program 3 (fault-call:10 fault-nth:29): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 803.481240] FAULT_INJECTION: forcing a failure. [ 803.481240] name failslab, interval 1, probability 0, space 0, times 0 [ 803.493784] CPU: 1 PID: 20546 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0 [ 803.501682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 803.511041] Call Trace: [ 803.513659] dump_stack+0x1b2/0x281 [ 803.517296] should_fail.cold+0x10a/0x149 [ 803.521451] should_failslab+0xd6/0x130 [ 803.525428] __kmalloc_track_caller+0x2bc/0x400 [ 803.530100] ? kstrdup_const+0x35/0x60 [ 803.534001] ? lock_downgrade+0x740/0x740 [ 803.538170] kstrdup+0x36/0x70 [ 803.541391] kstrdup_const+0x35/0x60 [ 803.545105] alloc_vfsmnt+0xe0/0x7f0 [ 803.548844] clone_mnt+0x6c/0xff0 [ 803.552305] copy_tree+0x33e/0xa20 [ 803.555854] copy_mnt_ns+0x167/0xa30 [ 803.559588] ? create_new_namespaces+0x30/0x720 [ 803.564252] ? do_mount+0x2a00/0x2a00 [ 803.568058] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 803.573077] ? kmem_cache_alloc+0x35f/0x3c0 [ 803.577403] create_new_namespaces+0xc9/0x720 [ 803.581897] ? security_capable+0x88/0xb0 [ 803.586410] copy_namespaces+0x27b/0x310 [ 803.590474] copy_process.part.0+0x25f8/0x71c0 [ 803.595071] ? get_pid_task+0xb8/0x130 [ 803.598964] ? proc_fail_nth_write+0x7b/0x180 [ 803.603461] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 803.608422] ? __cleanup_sighand+0x40/0x40 [ 803.612666] ? lock_downgrade+0x740/0x740 [ 803.616828] _do_fork+0x184/0xc80 [ 803.620315] ? fork_idle+0x270/0x270 [ 803.624061] ? fput+0xb/0x140 [ 803.627174] ? SyS_write+0x14d/0x210 22:06:39 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r2, 0x890b, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r3, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f00000002c0)={{}, r3, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r3) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r4 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r5, 0x0) accept4$unix(r5, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) 22:06:39 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r2, 0x890b, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r3, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f00000002c0)={{}, r3, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r3) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r4 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r5, 0x0) accept4$unix(r5, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) [ 803.630913] ? SyS_read+0x210/0x210 [ 803.634645] ? __do_page_fault+0x159/0xad0 [ 803.638903] ? do_syscall_64+0x4c/0x640 [ 803.642878] ? sys_vfork+0x20/0x20 [ 803.646422] do_syscall_64+0x1d5/0x640 [ 803.650326] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 803.655514] RIP: 0033:0x466459 [ 803.658708] RSP: 002b:00007fd83f2f4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 803.666418] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 803.673734] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 22:06:40 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r2, 0x890b, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r3, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f00000002c0)={{}, r3, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r3) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r4 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r5, 0x0) accept4$unix(r5, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) [ 803.681096] RBP: 00007fd83f2f41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 803.688368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 803.695642] R13: 00007ffefefe45cf R14: 00007fd83f2f4300 R15: 0000000000022000 [ 803.714035] FAULT_INJECTION: forcing a failure. [ 803.714035] name failslab, interval 1, probability 0, space 0, times 0 [ 803.725450] CPU: 1 PID: 20554 Comm: syz-executor.3 Not tainted 4.14.228-syzkaller #0 [ 803.733347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 803.742728] Call Trace: [ 803.745326] dump_stack+0x1b2/0x281 [ 803.748961] should_fail.cold+0x10a/0x149 [ 803.753119] should_failslab+0xd6/0x130 [ 803.757096] kmem_cache_alloc+0x28e/0x3c0 [ 803.761247] alloc_vfsmnt+0x23/0x7f0 [ 803.764959] clone_mnt+0x6c/0xff0 [ 803.768411] copy_tree+0x33e/0xa20 [ 803.771956] copy_mnt_ns+0x167/0xa30 [ 803.775716] ? create_new_namespaces+0x30/0x720 22:06:40 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x55, @private2, 0x7}, 0x1c) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 803.780380] ? do_mount+0x2a00/0x2a00 [ 803.784181] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 803.789195] ? kmem_cache_alloc+0x35f/0x3c0 [ 803.793519] create_new_namespaces+0xc9/0x720 [ 803.798030] ? security_capable+0x88/0xb0 [ 803.802196] copy_namespaces+0x27b/0x310 [ 803.806268] copy_process.part.0+0x25f8/0x71c0 [ 803.807243] Bluetooth: hci5 command 0x0406 tx timeout [ 803.810858] ? get_pid_task+0xb8/0x130 [ 803.810874] ? proc_fail_nth_write+0x7b/0x180 [ 803.824419] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 803.829364] ? __cleanup_sighand+0x40/0x40 [ 803.833611] ? lock_downgrade+0x740/0x740 [ 803.837773] _do_fork+0x184/0xc80 [ 803.841238] ? fork_idle+0x270/0x270 [ 803.844966] ? fput+0xb/0x140 [ 803.848074] ? SyS_write+0x14d/0x210 [ 803.851795] ? SyS_read+0x210/0x210 [ 803.855424] ? __do_page_fault+0x159/0xad0 [ 803.859749] ? do_syscall_64+0x4c/0x640 [ 803.863749] ? sys_vfork+0x20/0x20 [ 803.867385] do_syscall_64+0x1d5/0x640 [ 803.871374] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 803.876571] RIP: 0033:0x466459 22:06:40 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r2, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x0, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r3, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f00000002c0)={{}, r3, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r3) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r4 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r5, 0x0) accept4$unix(r5, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) [ 803.879762] RSP: 002b:00007fdc763c4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 803.887478] RAX: ffffffffffffffda RBX: 000000000056c0b0 RCX: 0000000000466459 [ 803.894750] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 803.902025] RBP: 00007fdc763c41d0 R08: ffffffffffffffff R09: 0000000000000000 [ 803.909297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 803.916609] R13: 00007ffe14220b5f R14: 00007fdc763c4300 R15: 0000000000022000 [ 803.941729] FAULT_INJECTION: forcing a failure. [ 803.941729] name failslab, interval 1, probability 0, space 0, times 0 [ 803.953642] CPU: 1 PID: 20568 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 803.961567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 803.970930] Call Trace: [ 803.973524] dump_stack+0x1b2/0x281 [ 803.977189] should_fail.cold+0x10a/0x149 [ 803.981343] should_failslab+0xd6/0x130 [ 803.985341] __kmalloc+0x2c1/0x400 [ 803.988879] ? register_shrinker+0x1ab/0x220 [ 803.993293] register_shrinker+0x1ab/0x220 [ 803.997529] sget_userns+0x9aa/0xc10 [ 804.001352] ? put_filp+0x90/0x90 [ 804.004812] ? set_anon_super+0x20/0x20 [ 804.008815] ? proc_get_inode+0x620/0x620 [ 804.013053] mount_ns+0x65/0x180 [ 804.016427] mount_fs+0x92/0x2a0 [ 804.019895] vfs_kern_mount.part.0+0x5b/0x470 [ 804.024398] kern_mount_data+0x51/0xb0 [ 804.028293] pid_ns_prepare_proc+0x1a/0x80 [ 804.032984] alloc_pid+0xa11/0xc90 [ 804.036543] copy_process.part.0+0x27c6/0x71c0 [ 804.041139] ? get_pid_task+0xb8/0x130 [ 804.045036] ? proc_fail_nth_write+0x7b/0x180 [ 804.049537] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 804.054482] ? __cleanup_sighand+0x40/0x40 [ 804.058718] ? lock_downgrade+0x740/0x740 [ 804.062879] _do_fork+0x184/0xc80 [ 804.066377] ? fork_idle+0x270/0x270 [ 804.070095] ? fput+0xb/0x140 [ 804.073210] ? SyS_write+0x14d/0x210 [ 804.076972] ? SyS_read+0x210/0x210 [ 804.080601] ? __do_page_fault+0x159/0xad0 [ 804.084837] ? do_syscall_64+0x4c/0x640 [ 804.088813] ? sys_vfork+0x20/0x20 22:06:40 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r2, 0x890b, &(0x7f00000012c0)={0x0, @l2tp={0x2, 0x0, @empty}, @llc={0x1a, 0x0, 0x5, 0x6, 0x2, 0x1, @random="b7e029395de4"}, @nl=@unspec, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth0_macvtap\x00', 0x4, 0x10000000000000}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000001640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001ac0)={"6cc3e040ce2f7ef8cb505ce038b3ebf1", r3, 0x0, {0x1, 0x7}, {0x0, 0x2}, 0x83, [0xf43, 0xd0, 0x0, 0x8, 0x8, 0x6f, 0x2, 0x7, 0x1, 0x6, 0x2da, 0x57, 0x4, 0x9, 0x7]}) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f00000002c0)={{}, r3, 0x18, @inherit={0x50, &(0x7f0000000140)={0x0, 0x1, 0x20, 0x1, {0x1, 0x8001, 0x2, 0x0, 0x6f1}, [0xfffffffffffffbf7]}}, @subvolid=0x1d41954a}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r3) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0xb3eb8000) process_vm_writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x9, 0xd4, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdeff}, r1, 0x0, r0, 0x0) r4 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x26e1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x283, &(0x7f0000000780)='bdev!)-%+wlan\x00p\x00\x00\x01\x00Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW;F.\xdf$\xee\x18\x0e\xad\xa1\xfcN\x88`\xbbj\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\r\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa3\xf52)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8\x00\x00\x00\x00\x00\xcbxak\x9f-\xee\x8d\xd4\xc42\xa7\xe1#\\B\xb9\xdf\xd8\xda\xa8k\x8eV\xeau\r\x017\xb66\xb1\x00\x1a!\xb5\xc9\xd5\x06\xf2\xd5\xf8\xc3\xea\xcdZ+\xcd\xa2\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xdd6\x8d\xd0\x01\x05\x19\xc9(\xb5\xe6^\xb0\xf1\xdd4\x16\xcc\x9f\x01j\xf7Q\xdf\x985\xc3F\x04\xfb\x10\xd8\x0e\x1f!-\x04d\xfb\x13q\x7f\xfb\xb9\x81\xe8\x7f\xe9\x01\xd3\xd0\x88a\xd09-\xf5\xf6\xca\x9c\"\xec\xc4\xd4\x950*\x91PDL\xd5@\xcda_\xdb\xebff\xafd\xb7z\x1d\x99\xbd\xc6P\xfa\x99\x04$\xb2\xcf0#\x84\x91\f\xf4\x17m\a-Gr)\x7f\x92-M\x19IQ%&\xed\xe90\xc0k\xd3\"\xee\xe7\xa4\xd84d$\t\xa9\n\x90\x1dE\xb2\xb2\x00\x1c\x97A\xde\xf8\xe2W%\xe9\xca\xd5\xf58)f\x85\x13|u\xa1%\xbd\xcf\xfe \x99\xb0C\xf5\xf2\xbf\x96el\x00'}, 0xfecf) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r5, 0x0) accept4$unix(r5, &(0x7f0000000200)=@abs, &(0x7f0000000100)=0x6e, 0x800) [ 804.092377] do_syscall_64+0x1d5/0x640 [ 804.096279] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 804.101468] RIP: 0033:0x466459 [ 804.104653] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 804.112540] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 804.119812] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 804.127083] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 804.134349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 804.141617] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 [ 804.159180] Bluetooth: hci2 command 0x0409 tx timeout [ 804.194003] ================================================================== [ 804.201758] BUG: KASAN: use-after-free in put_pid_ns+0xf6/0x110 [ 804.207836] Read of size 8 at addr ffff88804a3c7190 by task syz-executor.4/20568 [ 804.215365] [ 804.217013] CPU: 0 PID: 20568 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 804.224892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 804.234336] Call Trace: [ 804.236947] dump_stack+0x1b2/0x281 [ 804.240581] print_address_description.cold+0x54/0x1d3 [ 804.245864] kasan_report_error.cold+0x8a/0x191 [ 804.250536] ? put_pid_ns+0xf6/0x110 [ 804.254257] __asan_report_load8_noabort+0x68/0x70 [ 804.259190] ? put_pid_ns+0xf6/0x110 [ 804.262909] put_pid_ns+0xf6/0x110 [ 804.266453] free_nsproxy+0xf7/0x1f0 [ 804.270168] switch_task_namespaces+0x8f/0xb0 [ 804.274672] copy_process.part.0+0x4118/0x71c0 [ 804.279314] ? get_pid_task+0xb8/0x130 [ 804.283210] ? proc_fail_nth_write+0x7b/0x180 [ 804.287714] ? proc_tgid_io_accounting+0x7a0/0x7a0 22:06:40 executing program 1: syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x1f, 0xffffffffffffff81}, 0x0) getpid() openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uhid\x00', 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r1, 0x0) setsockopt$inet6_MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f0000000280)={0x6, 0x1, 0x80, 0x9, 0x7fffffff}, 0xc) write(r0, &(0x7f0000000340), 0x41395527) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, 0x0, 0x8, 0x101, 0x0, 0x0, {0x0, 0x0, 0xa}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x11}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @gre}, @CTA_TIMEOUT_L3PROTO={0x6}]}, 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x80) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x81, 0x6, 0xd4, 0x0, 0x8000, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeff}, 0xffffffffffffffff, 0xa, r2, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500)}], 0x1, 0x10) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x20120580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 804.292663] ? __cleanup_sighand+0x40/0x40 [ 804.296908] ? lock_downgrade+0x740/0x740 [ 804.301066] _do_fork+0x184/0xc80 [ 804.304548] ? fork_idle+0x270/0x270 [ 804.308267] ? fput+0xb/0x140 [ 804.311368] ? SyS_write+0x14d/0x210 [ 804.315086] ? SyS_read+0x210/0x210 [ 804.318744] ? __do_page_fault+0x159/0xad0 [ 804.323015] ? do_syscall_64+0x4c/0x640 [ 804.326992] ? sys_vfork+0x20/0x20 [ 804.330537] do_syscall_64+0x1d5/0x640 [ 804.334432] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 804.339622] RIP: 0033:0x466459 [ 804.342808] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 804.350617] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 804.358000] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 804.365273] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 804.372544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 804.379818] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 [ 804.387103] [ 804.388739] Allocated by task 20568: [ 804.392463] kasan_kmalloc+0xeb/0x160 [ 804.396268] kmem_cache_alloc+0x124/0x3c0 [ 804.400411] copy_pid_ns+0x1b2/0xa60 [ 804.404141] create_new_namespaces+0x25f/0x720 [ 804.408732] copy_namespaces+0x27b/0x310 [ 804.412783] copy_process.part.0+0x25f8/0x71c0 [ 804.417363] _do_fork+0x184/0xc80 [ 804.420840] do_syscall_64+0x1d5/0x640 [ 804.425054] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 804.430237] [ 804.431851] Freed by task 17: [ 804.434944] kasan_slab_free+0xc3/0x1a0 [ 804.438938] kmem_cache_free+0x7c/0x2b0 [ 804.442898] rcu_process_callbacks+0x780/0x1180 [ 804.448083] __do_softirq+0x24d/0x9ff [ 804.451869] [ 804.453489] The buggy address belongs to the object at ffff88804a3c6958 [ 804.453489] which belongs to the cache pid_namespace of size 2264 [ 804.466433] The buggy address is located 2104 bytes inside of [ 804.466433] 2264-byte region [ffff88804a3c6958, ffff88804a3c7230) [ 804.478478] The buggy address belongs to the page: [ 804.483394] page:ffffea000128f180 count:1 mapcount:0 mapping:ffff88804a3c6000 index:0x0 compound_mapcount: 0 [ 804.493443] flags: 0xfff00000008100(slab|head) [ 804.498006] raw: 00fff00000008100 ffff88804a3c6000 0000000000000000 0000000100000003 [ 804.505884] raw: ffffea000136d620 ffff8880b1063748 ffff88823a25ac40 0000000000000000 [ 804.513741] page dumped because: kasan: bad access detected [ 804.519425] [ 804.521046] Memory state around the buggy address: [ 804.525971] ffff88804a3c7080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 804.533311] ffff88804a3c7100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 804.540742] >ffff88804a3c7180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 804.548092] ^ [ 804.551962] ffff88804a3c7200: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 804.559599] ffff88804a3c7280: fc fc fc fc fc fc 00 00 00 00 00 00 00 00 00 00 [ 804.566951] ================================================================== [ 804.574301] Disabling lock debugging due to kernel taint [ 804.580754] Kernel panic - not syncing: panic_on_warn set ... [ 804.580754] [ 804.588141] CPU: 0 PID: 20568 Comm: syz-executor.4 Tainted: G B 4.14.228-syzkaller #0 [ 804.597228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 804.606622] Call Trace: [ 804.609211] dump_stack+0x1b2/0x281 [ 804.612937] panic+0x1f9/0x42d [ 804.616132] ? add_taint.cold+0x16/0x16 [ 804.620113] ? ___preempt_schedule+0x16/0x18 [ 804.624526] kasan_end_report+0x43/0x49 [ 804.628503] kasan_report_error.cold+0xa7/0x191 [ 804.633172] ? put_pid_ns+0xf6/0x110 [ 804.636886] __asan_report_load8_noabort+0x68/0x70 [ 804.641846] ? put_pid_ns+0xf6/0x110 [ 804.645552] put_pid_ns+0xf6/0x110 [ 804.649076] free_nsproxy+0xf7/0x1f0 [ 804.652945] switch_task_namespaces+0x8f/0xb0 [ 804.657422] copy_process.part.0+0x4118/0x71c0 [ 804.661990] ? get_pid_task+0xb8/0x130 [ 804.665873] ? proc_fail_nth_write+0x7b/0x180 [ 804.670348] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 804.675258] ? __cleanup_sighand+0x40/0x40 [ 804.679471] ? lock_downgrade+0x740/0x740 [ 804.683617] _do_fork+0x184/0xc80 [ 804.687049] ? fork_idle+0x270/0x270 [ 804.690747] ? fput+0xb/0x140 [ 804.694000] ? SyS_write+0x14d/0x210 [ 804.697704] ? SyS_read+0x210/0x210 [ 804.701321] ? __do_page_fault+0x159/0xad0 [ 804.705539] ? do_syscall_64+0x4c/0x640 [ 804.709493] ? sys_vfork+0x20/0x20 [ 804.713066] do_syscall_64+0x1d5/0x640 [ 804.716958] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 804.722137] RIP: 0033:0x466459 [ 804.725319] RSP: 002b:00007f19326aa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 804.733019] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 [ 804.740270] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000020120580 [ 804.747628] RBP: 00007f19326aa1d0 R08: ffffffffffffffff R09: 0000000000000000 [ 804.754876] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 804.762125] R13: 00007ffeea19aebf R14: 00007f19326aa300 R15: 0000000000022000 [ 804.770026] Kernel Offset: disabled [ 804.776349] Rebooting in 86400 seconds..