x8, 0x3, 0x100}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4f5c8ab4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}]}]}, 0x64}}, 0x4) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) ioctl$FICLONE(r1, 0x40049409, r2) write$binfmt_aout(r3, 0x0, 0x0) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_CONFIG(r3, &(0x7f0000000680)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x14, r5, 0x1, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000) ioctl$RTC_WKALM_RD(r1, 0x80287010, &(0x7f0000000000)) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180)='TIPCv2\x00') sendmsg$TIPC_NL_NET_SET(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="b4000004a0acdb4f4838991c6ba4047706676267031e99235e85d93fa8f162aac81ade43e1b335d00278753e2b3d519b5a04bce8d5d1da00"/67, @ANYRES16=r6, @ANYBLOB="00042bbd7000fcdbdf250f0000005c00050008000100696200002c000200080001000e0000000800030000000000080003000700000008000400ffffff7f08000200000000001c000200080003000700000008000400ff0f00000800020004000000080001006962000044000900080002000104000008000200080000000800010000000000080001000200000008000200ff010000080002000002000008000200010000000800010005000000"], 0xb4}, 0x1, 0x0, 0x0, 0x10}, 0x20000000) [ 774.901303] FAULT_INJECTION: forcing a failure. [ 774.901303] name failslab, interval 1, probability 0, space 0, times 0 [ 774.918714] FAULT_INJECTION: forcing a failure. [ 774.918714] name failslab, interval 1, probability 0, space 0, times 0 [ 774.961830] CPU: 0 PID: 20393 Comm: syz-executor.2 Not tainted 4.14.141 #37 [ 774.969212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 774.978908] Call Trace: [ 774.981527] dump_stack+0x138/0x197 [ 774.985192] should_fail.cold+0x10f/0x159 [ 774.989656] should_failslab+0xdb/0x130 [ 774.993797] kmem_cache_alloc+0x2d7/0x780 [ 774.997969] ? save_stack+0xa9/0xd0 [ 775.002065] get_empty_filp+0x8c/0x3f0 [ 775.006147] path_openat+0x8f/0x3f70 [ 775.009893] ? trace_hardirqs_on+0x10/0x10 [ 775.014317] ? check_preemption_disabled+0x3c/0x250 [ 775.019354] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 775.024061] ? find_held_lock+0x35/0x130 [ 775.028134] ? save_trace+0x290/0x290 [ 775.031957] ? __alloc_fd+0x1d4/0x4a0 [ 775.036173] do_filp_open+0x18e/0x250 [ 775.039986] ? may_open_dev+0xe0/0xe0 [ 775.043801] ? lock_downgrade+0x6e0/0x6e0 [ 775.047964] ? _raw_spin_unlock+0x2d/0x50 [ 775.053090] ? __alloc_fd+0x1d4/0x4a0 [ 775.056936] do_sys_open+0x2c5/0x430 [ 775.060838] ? filp_open+0x70/0x70 [ 775.064403] SyS_open+0x2d/0x40 [ 775.067777] ? do_sys_open+0x430/0x430 [ 775.071690] do_syscall_64+0x1e8/0x640 [ 775.075866] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 775.080750] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 775.085971] RIP: 0033:0x459879 [ 775.089258] RSP: 002b:00007feaaa924c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 775.098041] RAX: ffffffffffffffda RBX: 00007feaaa924c90 RCX: 0000000000459879 [ 775.107838] RDX: 0000000000000000 RSI: 0000000000141043 RDI: 0000000020000100 [ 775.115304] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 775.122673] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feaaa9256d4 [ 775.129954] R13: 00000000004f907f R14: 00000000004dac90 R15: 0000000000000004 [ 775.145765] CPU: 0 PID: 20394 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 775.153098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 12:26:47 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) listxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)=""/60, 0x3c) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) setsockopt$inet6_tcp_int(r2, 0x6, 0x9, &(0x7f0000000180)=0x1, 0x4) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 775.162479] Call Trace: [ 775.165099] dump_stack+0x138/0x197 [ 775.168762] should_fail.cold+0x10f/0x159 [ 775.173115] should_failslab+0xdb/0x130 [ 775.177371] kmem_cache_alloc_node+0x287/0x780 [ 775.182066] ? __dev_queue_xmit+0x1e29/0x25e0 [ 775.186670] __alloc_skb+0x9c/0x500 [ 775.190314] ? skb_scrub_packet+0x4b0/0x4b0 [ 775.194842] ? retint_kernel+0x2d/0x2d [ 775.198743] alloc_skb_with_frags+0x86/0x4b0 [ 775.203210] ? check_preemption_disabled+0x3c/0x250 [ 775.203225] sock_alloc_send_pskb+0x5db/0x740 [ 775.203242] ? sock_wmalloc+0xf0/0xf0 [ 775.203255] ? lock_downgrade+0x6e0/0x6e0 [ 775.203273] packet_sendmsg+0x16c4/0x5a70 [ 775.225660] ? avc_has_perm_noaudit+0x420/0x420 [ 775.230352] ? __might_fault+0x110/0x1d0 [ 775.234566] ? find_held_lock+0x35/0x130 [ 775.238651] ? __might_fault+0x110/0x1d0 [ 775.242734] ? rw_copy_check_uvector+0x1f1/0x290 [ 775.247523] ? packet_notifier+0x760/0x760 [ 775.251781] ? copy_msghdr_from_user+0x292/0x3f0 [ 775.256751] ? selinux_socket_sendmsg+0x36/0x40 [ 775.261442] ? security_socket_sendmsg+0x89/0xb0 [ 775.266379] ? packet_notifier+0x760/0x760 [ 775.270766] sock_sendmsg+0xce/0x110 [ 775.274715] ___sys_sendmsg+0x349/0x840 [ 775.278703] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 775.283595] ? retint_kernel+0x2d/0x2d [ 775.287530] ? trace_hardirqs_on+0x10/0x10 [ 775.291778] ? save_trace+0x290/0x290 [ 775.295769] ? retint_kernel+0x2d/0x2d [ 775.299674] ? __might_fault+0x110/0x1d0 [ 775.303750] ? find_held_lock+0x35/0x130 [ 775.307833] ? __might_fault+0x110/0x1d0 12:26:47 executing program 3: r0 = getpid() r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x40, 0x0) ioctl$TIOCGRS485(r1, 0x542e, &(0x7f0000000080)) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r3, &(0x7f0000000340)=ANY=[], 0xff0e) close(r3) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r4, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) setsockopt$inet6_MCAST_LEAVE_GROUP(r2, 0x29, 0x2d, &(0x7f00000002c0)={0x4, {{0xa, 0x4e21, 0x7, @local, 0x40000000000000}}}, 0x88) splice(r2, 0x0, r3, 0x0, 0x100000000, 0x0) ioctl$TCSETS(r3, 0x5402, &(0x7f0000000380)={0x7, 0x80000000, 0x92d, 0x20, 0x0, 0x5, 0x1, 0x4, 0xffffffff80000000, 0x0, 0x3, 0x8}) write$binfmt_aout(r4, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 775.311929] __sys_sendmmsg+0x152/0x3a0 [ 775.316116] ? SyS_sendmsg+0x50/0x50 [ 775.319861] ? _raw_spin_unlock_irq+0x5e/0x90 [ 775.324384] ? finish_task_switch+0x178/0x650 [ 775.328894] ? finish_task_switch+0x14d/0x650 [ 775.333607] ? switch_mm_irqs_off+0x5e1/0xec0 [ 775.338121] ? __schedule+0x7c0/0x1cd0 [ 775.342033] ? pci_mmcfg_check_reserved+0x150/0x150 [ 775.347072] SyS_sendmmsg+0x35/0x60 [ 775.350715] ? __sys_sendmmsg+0x3a0/0x3a0 [ 775.355102] do_syscall_64+0x1e8/0x640 [ 775.359020] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 775.364040] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 775.369274] RIP: 0033:0x459879 [ 775.372623] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 775.380491] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 775.387775] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 775.395481] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 775.402781] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 12:26:47 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x800, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:26:47 executing program 2 (fault-call:3 fault-nth:3): syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) [ 775.410242] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:26:47 executing program 0: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x0, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r1, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r1, &(0x7f0000000040)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r1, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:26:47 executing program 1 (fault-call:13 fault-nth:45): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 775.566838] FAULT_INJECTION: forcing a failure. [ 775.566838] name failslab, interval 1, probability 0, space 0, times 0 [ 775.568514] FAULT_INJECTION: forcing a failure. [ 775.568514] name failslab, interval 1, probability 0, space 0, times 0 [ 775.603119] CPU: 1 PID: 20435 Comm: syz-executor.2 Not tainted 4.14.141 #37 [ 775.610454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 775.620126] Call Trace: [ 775.622734] dump_stack+0x138/0x197 [ 775.626481] should_fail.cold+0x10f/0x159 [ 775.630745] should_failslab+0xdb/0x130 [ 775.634887] kmem_cache_alloc+0x2d7/0x780 [ 775.639061] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 775.644531] ? check_preemption_disabled+0x3c/0x250 [ 775.649571] selinux_file_alloc_security+0xb4/0x190 [ 775.654889] security_file_alloc+0x6d/0xa0 [ 775.659323] get_empty_filp+0x162/0x3f0 [ 775.663497] path_openat+0x8f/0x3f70 [ 775.667223] ? trace_hardirqs_on+0x10/0x10 [ 775.671477] ? check_preemption_disabled+0x3c/0x250 [ 775.676697] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 775.681375] ? find_held_lock+0x35/0x130 [ 775.685445] ? save_trace+0x290/0x290 [ 775.689343] ? __alloc_fd+0x1d4/0x4a0 [ 775.693159] do_filp_open+0x18e/0x250 [ 775.697065] ? may_open_dev+0xe0/0xe0 [ 775.700892] ? lock_downgrade+0x6e0/0x6e0 [ 775.705069] ? _raw_spin_unlock+0x2d/0x50 [ 775.709227] ? __alloc_fd+0x1d4/0x4a0 [ 775.713225] do_sys_open+0x2c5/0x430 [ 775.716950] ? filp_open+0x70/0x70 [ 775.720506] SyS_open+0x2d/0x40 [ 775.724142] ? do_sys_open+0x430/0x430 [ 775.728043] do_syscall_64+0x1e8/0x640 [ 775.731938] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 775.736969] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 775.742352] RIP: 0033:0x459879 [ 775.745550] RSP: 002b:00007feaaa924c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 775.753586] RAX: ffffffffffffffda RBX: 00007feaaa924c90 RCX: 0000000000459879 12:26:47 executing program 5: getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r1, &(0x7f0000000340)=ANY=[], 0xff0e) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r2, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r0, 0x0, r1, 0x0, 0x100000000, 0x0) write$binfmt_aout(r2, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(0x0, 0x1000000000013) [ 775.760879] RDX: 0000000000000000 RSI: 0000000000141043 RDI: 0000000020000100 [ 775.768465] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 775.775895] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feaaa9256d4 [ 775.783268] R13: 00000000004f907f R14: 00000000004dac90 R15: 0000000000000004 [ 775.791085] CPU: 0 PID: 20434 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 775.798708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 775.808424] Call Trace: [ 775.808448] dump_stack+0x138/0x197 12:26:47 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f00000002c0)={0x0, @in={{0x2, 0x4e21, @local}}, 0x4, 0x9}, &(0x7f0000000180)=0x90) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r2, 0x84, 0x23, &(0x7f0000000200)={r4, 0x5}, 0x8) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r3, 0x40106614, &(0x7f0000000000)) ioctl$KVM_SET_BOOT_CPU_ID(r1, 0xae78, &(0x7f0000000080)=0x1) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/policy\x00', 0x0, 0x0) 12:26:47 executing program 2 (fault-call:3 fault-nth:4): syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) [ 775.808467] should_fail.cold+0x10f/0x159 [ 775.808482] should_failslab+0xdb/0x130 [ 775.808494] kmem_cache_alloc_node_trace+0x280/0x770 [ 775.808509] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 775.834029] __kmalloc_node_track_caller+0x3d/0x80 [ 775.839175] __kmalloc_reserve.isra.0+0x40/0xe0 [ 775.839188] __alloc_skb+0xcf/0x500 [ 775.839198] ? skb_scrub_packet+0x4b0/0x4b0 [ 775.839213] ? __local_bh_enable_ip+0x99/0x1a0 [ 775.839225] alloc_skb_with_frags+0x86/0x4b0 [ 775.839238] ? trace_hardirqs_on+0x10/0x10 [ 775.839245] ? __local_bh_enable_ip+0x99/0x1a0 [ 775.839261] sock_alloc_send_pskb+0x5db/0x740 [ 775.861116] ? sock_wmalloc+0xf0/0xf0 [ 775.861133] ? lock_downgrade+0x6e0/0x6e0 [ 775.861154] packet_sendmsg+0x16c4/0x5a70 [ 775.870516] ? avc_has_perm_noaudit+0x420/0x420 [ 775.870536] ? check_preemption_disabled+0x3c/0x250 [ 775.870550] ? retint_kernel+0x2d/0x2d [ 775.870566] ? rw_copy_check_uvector+0x1f1/0x290 [ 775.870584] ? packet_notifier+0x760/0x760 [ 775.870599] ? copy_msghdr_from_user+0x292/0x3f0 [ 775.870611] ? selinux_socket_sendmsg+0x36/0x40 [ 775.920834] ? security_socket_sendmsg+0x89/0xb0 [ 775.925607] ? packet_notifier+0x760/0x760 [ 775.930017] sock_sendmsg+0xce/0x110 [ 775.933883] ___sys_sendmsg+0x349/0x840 [ 775.938035] ? retint_kernel+0x2d/0x2d [ 775.942032] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 775.946924] ? trace_hardirqs_on+0x10/0x10 [ 775.951297] ? check_preemption_disabled+0x3c/0x250 [ 775.956481] ? save_trace+0x290/0x290 [ 775.960592] ? __might_fault+0x110/0x1d0 [ 775.964870] ? find_held_lock+0x35/0x130 [ 775.969223] ? __might_fault+0x110/0x1d0 [ 775.973548] __sys_sendmmsg+0x152/0x3a0 [ 775.977649] ? SyS_sendmsg+0x50/0x50 [ 775.981383] ? lock_downgrade+0x6e0/0x6e0 [ 775.985701] ? __mutex_unlock_slowpath+0x71/0x800 [ 775.990559] ? check_preemption_disabled+0x3c/0x250 [ 775.995776] ? wait_for_completion+0x420/0x420 [ 776.000524] ? __sb_end_write+0xc1/0x100 [ 776.004627] ? SyS_write+0x15e/0x230 [ 776.008551] SyS_sendmmsg+0x35/0x60 [ 776.012543] ? __sys_sendmmsg+0x3a0/0x3a0 [ 776.016744] do_syscall_64+0x1e8/0x640 [ 776.020637] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 776.025487] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 776.031027] RIP: 0033:0x459879 [ 776.034366] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 776.042237] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 776.049613] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 776.057036] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 12:26:48 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) ioctl$KVM_REINJECT_CONTROL(r1, 0xae71, &(0x7f0000000180)) close(r2) ioctl$ASHMEM_PURGE_ALL_CACHES(r1, 0x770a, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000000000)) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) write$P9_RLOCK(r2, &(0x7f0000000080)={0x8, 0x35, 0x2, 0x2}, 0x8) tkill(r0, 0x1000000000013) [ 776.064327] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 776.071622] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 [ 776.168277] FAULT_INJECTION: forcing a failure. [ 776.168277] name failslab, interval 1, probability 0, space 0, times 0 [ 776.180366] CPU: 0 PID: 20456 Comm: syz-executor.2 Not tainted 4.14.141 #37 [ 776.187511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 776.196906] Call Trace: [ 776.199516] dump_stack+0x138/0x197 [ 776.203167] should_fail.cold+0x10f/0x159 [ 776.207337] should_failslab+0xdb/0x130 [ 776.211330] kmem_cache_alloc+0x2d7/0x780 [ 776.215502] __d_alloc+0x2d/0x9f0 [ 776.218966] ? save_trace+0x290/0x290 [ 776.222784] d_alloc+0x4d/0x270 [ 776.226075] d_alloc_parallel+0xe5/0x1800 [ 776.230244] ? lock_downgrade+0x6e0/0x6e0 [ 776.234409] ? __d_lookup_rcu+0x630/0x630 [ 776.238658] ? d_lookup+0xe5/0x240 [ 776.242205] ? d_lookup+0x166/0x240 [ 776.245898] lookup_open+0x493/0x1860 [ 776.249709] ? save_trace+0x290/0x290 [ 776.253528] ? complete_walk+0x1f0/0x1f0 [ 776.257621] path_openat+0xfca/0x3f70 [ 776.261440] ? trace_hardirqs_on+0x10/0x10 [ 776.265686] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 776.271833] ? find_held_lock+0x35/0x130 [ 776.275924] ? save_trace+0x290/0x290 [ 776.279725] ? __alloc_fd+0x1d4/0x4a0 [ 776.283535] do_filp_open+0x18e/0x250 [ 776.287324] ? may_open_dev+0xe0/0xe0 [ 776.291132] ? _raw_spin_unlock+0x2d/0x50 [ 776.295299] ? __alloc_fd+0x1d4/0x4a0 [ 776.299112] do_sys_open+0x2c5/0x430 [ 776.302826] ? filp_open+0x70/0x70 [ 776.306391] SyS_open+0x2d/0x40 [ 776.309661] ? do_sys_open+0x430/0x430 [ 776.313541] do_syscall_64+0x1e8/0x640 [ 776.317421] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 776.322403] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 776.327586] RIP: 0033:0x459879 [ 776.330775] RSP: 002b:00007feaaa924c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 776.338477] RAX: ffffffffffffffda RBX: 00007feaaa924c90 RCX: 0000000000459879 [ 776.345755] RDX: 0000000000000000 RSI: 0000000000141043 RDI: 0000000020000100 [ 776.353030] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 776.360291] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feaaa9256d4 12:26:48 executing program 1 (fault-call:13 fault-nth:46): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:26:48 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x4e23}, 0x1c) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r1, 0x28, 0x6, &(0x7f0000000000), 0x10) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r2, 0xc10c5541, &(0x7f00000002c0)={0x4, 0x1303, 0x65, 0x0, 0x0, [], [], [], 0xb288, 0x834}) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:26:48 executing program 2 (fault-call:3 fault-nth:5): syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) [ 776.367549] R13: 00000000004f907f R14: 00000000004dac90 R15: 0000000000000004 12:26:48 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 776.448934] FAULT_INJECTION: forcing a failure. [ 776.448934] name failslab, interval 1, probability 0, space 0, times 0 [ 776.466837] CPU: 1 PID: 20466 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 776.473995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 776.483362] Call Trace: [ 776.485950] dump_stack+0x138/0x197 [ 776.489571] should_fail.cold+0x10f/0x159 [ 776.493711] should_failslab+0xdb/0x130 [ 776.497672] kmem_cache_alloc_node+0x287/0x780 [ 776.502239] ? __dev_queue_xmit+0x1e29/0x25e0 [ 776.506727] __alloc_skb+0x9c/0x500 [ 776.510336] ? skb_scrub_packet+0x4b0/0x4b0 [ 776.514645] ? __local_bh_enable_ip+0x99/0x1a0 [ 776.519210] alloc_skb_with_frags+0x86/0x4b0 [ 776.523603] ? trace_hardirqs_on+0x10/0x10 [ 776.527817] ? __local_bh_enable_ip+0x99/0x1a0 [ 776.532387] sock_alloc_send_pskb+0x5db/0x740 [ 776.536879] ? sock_wmalloc+0xf0/0xf0 [ 776.540687] ? lock_downgrade+0x6e0/0x6e0 [ 776.544829] packet_sendmsg+0x16c4/0x5a70 [ 776.548962] ? avc_has_perm_noaudit+0x420/0x420 [ 776.553617] ? __might_fault+0x110/0x1d0 [ 776.557666] ? find_held_lock+0x35/0x130 [ 776.561713] ? __might_fault+0x110/0x1d0 [ 776.565762] ? rw_copy_check_uvector+0x1f1/0x290 [ 776.570510] ? packet_notifier+0x760/0x760 [ 776.574731] ? copy_msghdr_from_user+0x292/0x3f0 [ 776.579471] ? selinux_socket_sendmsg+0x36/0x40 [ 776.584227] ? security_socket_sendmsg+0x89/0xb0 [ 776.588965] ? packet_notifier+0x760/0x760 [ 776.593179] sock_sendmsg+0xce/0x110 [ 776.596876] ___sys_sendmsg+0x349/0x840 [ 776.600832] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 776.605576] ? trace_hardirqs_on+0x10/0x10 [ 776.609793] ? save_trace+0x290/0x290 [ 776.613585] ? retint_kernel+0x2d/0x2d [ 776.617460] ? __might_fault+0x110/0x1d0 [ 776.621517] ? find_held_lock+0x35/0x130 [ 776.625559] ? __might_fault+0x110/0x1d0 [ 776.629611] __sys_sendmmsg+0x152/0x3a0 [ 776.633568] ? SyS_sendmsg+0x50/0x50 [ 776.637274] ? lock_downgrade+0x6e0/0x6e0 [ 776.641408] ? __mutex_unlock_slowpath+0x71/0x800 [ 776.646237] ? check_preemption_disabled+0x3c/0x250 [ 776.651239] ? wait_for_completion+0x420/0x420 [ 776.655806] ? __sb_end_write+0xc1/0x100 [ 776.659858] ? SyS_write+0x15e/0x230 [ 776.663557] SyS_sendmmsg+0x35/0x60 [ 776.667164] ? __sys_sendmmsg+0x3a0/0x3a0 [ 776.671297] do_syscall_64+0x1e8/0x640 [ 776.675164] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 776.679995] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 776.685184] RIP: 0033:0x459879 [ 776.688355] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 12:26:48 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x0) [ 776.696045] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 776.703295] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 776.710550] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 776.717822] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 776.725090] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 [ 776.820555] FAULT_INJECTION: forcing a failure. [ 776.820555] name failslab, interval 1, probability 0, space 0, times 0 [ 776.837656] CPU: 1 PID: 20480 Comm: syz-executor.2 Not tainted 4.14.141 #37 [ 776.844813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 776.854189] Call Trace: [ 776.856793] dump_stack+0x138/0x197 [ 776.860435] should_fail.cold+0x10f/0x159 [ 776.864592] should_failslab+0xdb/0x130 [ 776.868570] kmem_cache_alloc_trace+0x2e9/0x790 [ 776.873245] vfat_add_entry+0x1d1/0x2600 [ 776.877305] ? save_trace+0x290/0x290 [ 776.881121] ? find_held_lock+0x35/0x130 [ 776.885182] ? current_time+0x16/0xb0 [ 776.889008] ? vfat_revalidate+0x160/0x160 [ 776.893241] ? mark_held_locks+0xb1/0x100 [ 776.897389] ? current_kernel_time64+0xd9/0x230 [ 776.902056] ? trace_hardirqs_on_caller+0x400/0x590 [ 776.907068] ? timespec_trunc+0xb5/0x120 [ 776.911125] ? put_itimerspec64+0x190/0x190 [ 776.915479] vfat_create+0xf9/0x329 [ 776.919106] ? vfat_mkdir+0x3c0/0x3c0 [ 776.922914] ? selinux_inode_create+0x23/0x30 [ 776.927406] ? security_inode_create+0xd0/0x110 [ 776.932074] ? vfat_mkdir+0x3c0/0x3c0 [ 776.935870] lookup_open+0x11a6/0x1860 [ 776.939756] ? save_trace+0x290/0x290 [ 776.943567] ? complete_walk+0x1f0/0x1f0 [ 776.947684] path_openat+0xfca/0x3f70 [ 776.951488] ? trace_hardirqs_on+0x10/0x10 [ 776.955729] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 776.960399] ? find_held_lock+0x35/0x130 [ 776.964458] ? save_trace+0x290/0x290 [ 776.968260] ? __alloc_fd+0x1d4/0x4a0 [ 776.972058] do_filp_open+0x18e/0x250 [ 776.975860] ? may_open_dev+0xe0/0xe0 [ 776.979668] ? _raw_spin_unlock+0x2d/0x50 [ 776.983809] ? __alloc_fd+0x1d4/0x4a0 [ 776.987619] do_sys_open+0x2c5/0x430 [ 776.991329] ? filp_open+0x70/0x70 [ 776.994872] SyS_open+0x2d/0x40 [ 776.998146] ? do_sys_open+0x430/0x430 [ 777.002034] do_syscall_64+0x1e8/0x640 [ 777.005915] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 777.010797] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 777.015992] RIP: 0033:0x459879 12:26:49 executing program 2 (fault-call:3 fault-nth:6): syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:26:49 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) setsockopt$sock_timeval(r3, 0x1, 0x42, &(0x7f0000000080)={r4, r5/1000+30000}, 0x10) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0xf06bc33aa43bb7b4) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) ptrace$setsig(0x4203, r0, 0x9, &(0x7f0000000200)={0x1b, 0x4, 0x5}) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 777.019259] RSP: 002b:00007feaaa924c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 777.026963] RAX: ffffffffffffffda RBX: 00007feaaa924c90 RCX: 0000000000459879 [ 777.034237] RDX: 0000000000000000 RSI: 0000000000141043 RDI: 0000000020000100 [ 777.041518] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 777.048798] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feaaa9256d4 [ 777.056088] R13: 00000000004f907f R14: 00000000004dac90 R15: 0000000000000004 12:26:49 executing program 1 (fault-call:13 fault-nth:47): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:26:49 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 777.204850] FAULT_INJECTION: forcing a failure. [ 777.204850] name failslab, interval 1, probability 0, space 0, times 0 [ 777.219098] FAULT_INJECTION: forcing a failure. [ 777.219098] name failslab, interval 1, probability 0, space 0, times 0 [ 777.222604] CPU: 1 PID: 20501 Comm: syz-executor.2 Not tainted 4.14.141 #37 [ 777.237474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 777.246844] Call Trace: [ 777.249441] dump_stack+0x138/0x197 [ 777.253087] should_fail.cold+0x10f/0x159 [ 777.257337] should_failslab+0xdb/0x130 [ 777.261329] kmem_cache_alloc+0x2d7/0x780 [ 777.265567] vfat_add_entry+0x29c/0x2600 [ 777.270121] ? save_trace+0x290/0x290 [ 777.270133] ? find_held_lock+0x35/0x130 [ 777.270143] ? current_time+0x16/0xb0 [ 777.270153] ? vfat_revalidate+0x160/0x160 [ 777.270161] ? mark_held_locks+0xb1/0x100 [ 777.270172] ? current_kernel_time64+0xd9/0x230 [ 777.270182] ? trace_hardirqs_on_caller+0x400/0x590 [ 777.270193] ? timespec_trunc+0xb5/0x120 [ 777.270202] ? put_itimerspec64+0x190/0x190 [ 777.308216] vfat_create+0xf9/0x329 [ 777.311861] ? vfat_mkdir+0x3c0/0x3c0 [ 777.315684] ? selinux_inode_create+0x23/0x30 [ 777.320188] ? security_inode_create+0xd0/0x110 [ 777.324867] ? vfat_mkdir+0x3c0/0x3c0 [ 777.328675] lookup_open+0x11a6/0x1860 [ 777.332565] ? save_trace+0x290/0x290 [ 777.336388] ? complete_walk+0x1f0/0x1f0 [ 777.340475] path_openat+0xfca/0x3f70 [ 777.344292] ? trace_hardirqs_on+0x10/0x10 [ 777.348541] ? path_lookupat.isra.0+0x7b0/0x7b0 12:26:49 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) r4 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x100, 0x0) ioctl$PIO_FONTRESET(r4, 0x4b6d, 0x0) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 777.353213] ? find_held_lock+0x35/0x130 [ 777.357279] ? save_trace+0x290/0x290 [ 777.361080] ? __alloc_fd+0x1d4/0x4a0 [ 777.364881] do_filp_open+0x18e/0x250 [ 777.368685] ? may_open_dev+0xe0/0xe0 [ 777.372495] ? _raw_spin_unlock+0x2d/0x50 [ 777.376645] ? __alloc_fd+0x1d4/0x4a0 [ 777.380457] do_sys_open+0x2c5/0x430 [ 777.384173] ? filp_open+0x70/0x70 [ 777.387716] SyS_open+0x2d/0x40 [ 777.390997] ? do_sys_open+0x430/0x430 [ 777.394899] do_syscall_64+0x1e8/0x640 [ 777.399133] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 777.403986] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 777.409174] RIP: 0033:0x459879 [ 777.412358] RSP: 002b:00007feaaa924c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 777.420080] RAX: ffffffffffffffda RBX: 00007feaaa924c90 RCX: 0000000000459879 [ 777.427346] RDX: 0000000000000000 RSI: 0000000000141043 RDI: 0000000020000100 [ 777.434700] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 777.441973] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feaaa9256d4 [ 777.449258] R13: 00000000004f907f R14: 00000000004dac90 R15: 0000000000000004 [ 777.462198] CPU: 0 PID: 20502 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 777.469343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 777.478708] Call Trace: [ 777.481327] dump_stack+0x138/0x197 [ 777.484986] should_fail.cold+0x10f/0x159 [ 777.489243] should_failslab+0xdb/0x130 [ 777.493238] kmem_cache_alloc_node_trace+0x280/0x770 [ 777.498357] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 777.503825] __kmalloc_node_track_caller+0x3d/0x80 [ 777.508763] __kmalloc_reserve.isra.0+0x40/0xe0 [ 777.513434] __alloc_skb+0xcf/0x500 [ 777.517064] ? skb_scrub_packet+0x4b0/0x4b0 [ 777.521392] ? __local_bh_enable_ip+0x99/0x1a0 [ 777.525972] alloc_skb_with_frags+0x86/0x4b0 [ 777.530383] ? trace_hardirqs_on+0x10/0x10 [ 777.534618] ? __local_bh_enable_ip+0x99/0x1a0 [ 777.539207] sock_alloc_send_pskb+0x5db/0x740 [ 777.543718] ? sock_wmalloc+0xf0/0xf0 [ 777.547520] ? lock_downgrade+0x6e0/0x6e0 [ 777.551671] packet_sendmsg+0x16c4/0x5a70 [ 777.555825] ? avc_has_perm_noaudit+0x420/0x420 [ 777.560500] ? trace_hardirqs_on_caller+0x400/0x590 [ 777.565521] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 777.570281] ? rw_copy_check_uvector+0x1f1/0x290 [ 777.575056] ? packet_notifier+0x760/0x760 [ 777.579298] ? copy_msghdr_from_user+0x292/0x3f0 [ 777.584055] ? selinux_socket_sendmsg+0x36/0x40 [ 777.588721] ? security_socket_sendmsg+0x89/0xb0 [ 777.593473] ? packet_notifier+0x760/0x760 [ 777.597706] sock_sendmsg+0xce/0x110 [ 777.601417] ___sys_sendmsg+0x349/0x840 [ 777.605402] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 777.610168] ? trace_hardirqs_on+0x10/0x10 [ 777.614403] ? check_preemption_disabled+0x3c/0x250 [ 777.619422] ? save_trace+0x290/0x290 [ 777.623487] ? __might_fault+0x110/0x1d0 [ 777.627637] ? find_held_lock+0x35/0x130 [ 777.631695] ? __might_fault+0x110/0x1d0 [ 777.635774] __sys_sendmmsg+0x152/0x3a0 [ 777.639747] ? SyS_sendmsg+0x50/0x50 [ 777.643465] ? lock_downgrade+0x6e0/0x6e0 [ 777.647632] ? __mutex_unlock_slowpath+0x71/0x800 [ 777.652480] ? check_preemption_disabled+0x3c/0x250 [ 777.657497] ? wait_for_completion+0x420/0x420 [ 777.662083] ? __sb_end_write+0xc1/0x100 [ 777.666132] ? SyS_write+0x15e/0x230 [ 777.669835] SyS_sendmmsg+0x35/0x60 [ 777.673444] ? __sys_sendmmsg+0x3a0/0x3a0 [ 777.677604] do_syscall_64+0x1e8/0x640 [ 777.681476] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 777.686323] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 777.691494] RIP: 0033:0x459879 [ 777.694666] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 12:26:49 executing program 2 (fault-call:3 fault-nth:7): syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:26:49 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:26:49 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x0) [ 777.702367] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 777.709621] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 777.716873] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 777.724127] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 777.731390] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:26:49 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:26:49 executing program 1 (fault-call:13 fault-nth:48): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 777.888727] FAULT_INJECTION: forcing a failure. [ 777.888727] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 777.897112] FAULT_INJECTION: forcing a failure. [ 777.897112] name failslab, interval 1, probability 0, space 0, times 0 [ 777.900580] CPU: 1 PID: 20529 Comm: syz-executor.2 Not tainted 4.14.141 #37 [ 777.900588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 777.900594] Call Trace: [ 777.900615] dump_stack+0x138/0x197 [ 777.900632] should_fail.cold+0x10f/0x159 [ 777.900647] __alloc_pages_nodemask+0x1d6/0x7a0 [ 777.900659] ? __alloc_pages_slowpath+0x2930/0x2930 [ 777.900685] cache_grow_begin+0x80/0x400 [ 777.900708] kmem_cache_alloc+0x6a6/0x780 [ 777.956845] vfat_add_entry+0x29c/0x2600 [ 777.960928] ? save_trace+0x290/0x290 [ 777.964743] ? find_held_lock+0x35/0x130 [ 777.968811] ? current_time+0x16/0xb0 [ 777.972616] ? vfat_revalidate+0x160/0x160 [ 777.976862] ? mark_held_locks+0xb1/0x100 [ 777.981013] ? current_kernel_time64+0xd9/0x230 [ 777.985686] ? trace_hardirqs_on_caller+0x400/0x590 [ 777.990703] ? timespec_trunc+0xb5/0x120 [ 777.994768] ? put_itimerspec64+0x190/0x190 [ 777.999095] vfat_create+0xf9/0x329 [ 778.002722] ? vfat_mkdir+0x3c0/0x3c0 [ 778.006588] ? selinux_inode_create+0x23/0x30 [ 778.011092] ? security_inode_create+0xd0/0x110 [ 778.015777] ? vfat_mkdir+0x3c0/0x3c0 [ 778.019586] lookup_open+0x11a6/0x1860 [ 778.023474] ? save_trace+0x290/0x290 [ 778.027286] ? complete_walk+0x1f0/0x1f0 [ 778.031354] path_openat+0xfca/0x3f70 [ 778.035238] ? trace_hardirqs_on+0x10/0x10 [ 778.039478] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 778.044149] ? find_held_lock+0x35/0x130 [ 778.048207] ? save_trace+0x290/0x290 [ 778.052006] ? __alloc_fd+0x1d4/0x4a0 [ 778.055804] do_filp_open+0x18e/0x250 [ 778.059602] ? may_open_dev+0xe0/0xe0 [ 778.063413] ? _raw_spin_unlock+0x2d/0x50 [ 778.067556] ? __alloc_fd+0x1d4/0x4a0 [ 778.071364] do_sys_open+0x2c5/0x430 [ 778.075080] ? filp_open+0x70/0x70 [ 778.078717] SyS_open+0x2d/0x40 [ 778.082001] ? do_sys_open+0x430/0x430 [ 778.085891] do_syscall_64+0x1e8/0x640 [ 778.089783] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 778.094631] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 778.099821] RIP: 0033:0x459879 [ 778.103002] RSP: 002b:00007feaaa924c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 778.110711] RAX: ffffffffffffffda RBX: 00007feaaa924c90 RCX: 0000000000459879 [ 778.117974] RDX: 0000000000000000 RSI: 0000000000141043 RDI: 0000000020000100 [ 778.125238] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 778.132500] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feaaa9256d4 12:26:50 executing program 2 (fault-call:3 fault-nth:8): syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) [ 778.139769] R13: 00000000004f907f R14: 00000000004dac90 R15: 0000000000000004 [ 778.147063] CPU: 0 PID: 20530 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 778.154181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 778.163552] Call Trace: [ 778.166160] dump_stack+0x138/0x197 [ 778.169813] should_fail.cold+0x10f/0x159 [ 778.174040] should_failslab+0xdb/0x130 [ 778.178021] kmem_cache_alloc_node+0x287/0x780 [ 778.182596] ? __dev_queue_xmit+0x1e29/0x25e0 12:26:50 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r1, 0xc0485661, &(0x7f0000000200)={0x4, 0x1, @raw_data=[0x9, 0x9, 0x80, 0x5, 0x200, 0x40, 0xffffffffffffab64, 0x272f5935, 0x0, 0x4, 0x0, 0xa59, 0x3, 0x4, 0x9, 0x9]}) tkill(r0, 0x1000000000013) [ 778.187095] __alloc_skb+0x9c/0x500 [ 778.190723] ? skb_scrub_packet+0x4b0/0x4b0 [ 778.195056] ? __local_bh_enable_ip+0x99/0x1a0 [ 778.199632] alloc_skb_with_frags+0x86/0x4b0 [ 778.204112] ? retint_kernel+0x2d/0x2d [ 778.208003] sock_alloc_send_pskb+0x5db/0x740 [ 778.212523] ? sock_wmalloc+0xf0/0xf0 [ 778.216334] ? lock_downgrade+0x6e0/0x6e0 [ 778.220493] packet_sendmsg+0x16c4/0x5a70 [ 778.224644] ? avc_has_perm_noaudit+0x420/0x420 [ 778.229329] ? __might_fault+0x110/0x1d0 [ 778.233410] ? find_held_lock+0x35/0x130 [ 778.237474] ? __might_fault+0x110/0x1d0 [ 778.237490] ? rw_copy_check_uvector+0x1f1/0x290 [ 778.246286] ? packet_notifier+0x760/0x760 [ 778.246304] ? copy_msghdr_from_user+0x292/0x3f0 [ 778.246321] ? selinux_socket_sendmsg+0x36/0x40 [ 778.259951] ? security_socket_sendmsg+0x89/0xb0 [ 778.264819] ? packet_notifier+0x760/0x760 [ 778.269057] sock_sendmsg+0xce/0x110 [ 778.274526] ___sys_sendmsg+0x349/0x840 [ 778.278500] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 778.283265] ? trace_hardirqs_on_caller+0x400/0x590 [ 778.288278] ? trace_hardirqs_on+0x10/0x10 [ 778.292506] ? check_preemption_disabled+0x3c/0x250 [ 778.297515] ? retint_kernel+0x2d/0x2d [ 778.301392] ? save_trace+0x290/0x290 [ 778.305179] ? __might_fault+0x110/0x1d0 [ 778.309228] ? find_held_lock+0x35/0x130 [ 778.313272] ? __might_fault+0x110/0x1d0 [ 778.317326] __sys_sendmmsg+0x152/0x3a0 [ 778.321309] ? SyS_sendmsg+0x50/0x50 [ 778.325030] ? lock_downgrade+0x6e0/0x6e0 [ 778.329179] ? __mutex_unlock_slowpath+0x71/0x800 [ 778.334009] ? check_preemption_disabled+0x3c/0x250 [ 778.339007] ? wait_for_completion+0x420/0x420 [ 778.343571] ? __sb_end_write+0xc1/0x100 [ 778.347644] ? SyS_write+0x15e/0x230 [ 778.351356] SyS_sendmmsg+0x35/0x60 [ 778.354967] ? __sys_sendmmsg+0x3a0/0x3a0 [ 778.359109] do_syscall_64+0x1e8/0x640 [ 778.363011] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 778.367855] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 778.373036] RIP: 0033:0x459879 [ 778.376219] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 778.383922] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 12:26:50 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) ioctl$TIOCMIWAIT(r1, 0x545c, 0x0) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:26:50 executing program 4: r0 = getpid() r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x200, 0x0) ioctl$KVM_SET_CLOCK(r1, 0x4030ae7b, &(0x7f0000000080)={0xffffffff00000001, 0xfb}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r3, &(0x7f0000000340)=ANY=[], 0xff0e) close(r3) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r4, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r2, 0x0, r3, 0x0, 0x100000000, 0x0) write$binfmt_aout(r4, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:26:50 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 778.391177] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 778.398452] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 778.405717] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 778.412976] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:26:50 executing program 1 (fault-call:13 fault-nth:49): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 778.509238] Unknown ioctl 1076932219 [ 778.565405] FAULT_INJECTION: forcing a failure. [ 778.565405] name failslab, interval 1, probability 0, space 0, times 0 [ 778.571954] FAULT_INJECTION: forcing a failure. [ 778.571954] name failslab, interval 1, probability 0, space 0, times 0 [ 778.585790] CPU: 0 PID: 20561 Comm: syz-executor.2 Not tainted 4.14.141 #37 [ 778.595231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 778.604597] Call Trace: [ 778.607198] dump_stack+0x138/0x197 [ 778.610846] should_fail.cold+0x10f/0x159 [ 778.615002] should_failslab+0xdb/0x130 [ 778.618987] kmem_cache_alloc+0x2d7/0x780 [ 778.623151] ? lock_downgrade+0x6e0/0x6e0 [ 778.627316] ? fat_i_callback+0x30/0x30 [ 778.631299] fat_alloc_inode+0x1c/0x60 [ 778.635191] alloc_inode+0x64/0x180 [ 778.638850] new_inode_pseudo+0x19/0xf0 [ 778.642822] new_inode+0x1f/0x40 [ 778.646189] fat_build_inode+0x124/0x293 [ 778.650253] vfat_create+0x1ae/0x329 [ 778.653968] ? vfat_mkdir+0x3c0/0x3c0 [ 778.657770] ? security_inode_create+0xd0/0x110 [ 778.662431] ? vfat_mkdir+0x3c0/0x3c0 [ 778.666226] lookup_open+0x11a6/0x1860 [ 778.670143] ? save_trace+0x290/0x290 [ 778.673950] ? complete_walk+0x1f0/0x1f0 [ 778.678020] path_openat+0xfca/0x3f70 [ 778.681819] ? trace_hardirqs_on+0x10/0x10 [ 778.686060] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 778.690721] ? find_held_lock+0x35/0x130 [ 778.694779] ? save_trace+0x290/0x290 [ 778.698578] ? __alloc_fd+0x1d4/0x4a0 [ 778.702376] do_filp_open+0x18e/0x250 [ 778.706171] ? may_open_dev+0xe0/0xe0 [ 778.709979] ? _raw_spin_unlock+0x2d/0x50 [ 778.714125] ? __alloc_fd+0x1d4/0x4a0 [ 778.717934] do_sys_open+0x2c5/0x430 [ 778.721648] ? filp_open+0x70/0x70 [ 778.725188] SyS_open+0x2d/0x40 [ 778.728462] ? do_sys_open+0x430/0x430 [ 778.732346] do_syscall_64+0x1e8/0x640 [ 778.736238] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 778.741085] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 778.746270] RIP: 0033:0x459879 [ 778.749453] RSP: 002b:00007feaaa924c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 778.757157] RAX: ffffffffffffffda RBX: 00007feaaa924c90 RCX: 0000000000459879 [ 778.764423] RDX: 0000000000000000 RSI: 0000000000141043 RDI: 0000000020000100 [ 778.771686] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 778.779035] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feaaa9256d4 [ 778.786297] R13: 00000000004f907f R14: 00000000004dac90 R15: 0000000000000004 [ 778.793589] CPU: 1 PID: 20562 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 778.800714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 778.810088] Call Trace: [ 778.812735] dump_stack+0x138/0x197 12:26:50 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x0) [ 778.816372] should_fail.cold+0x10f/0x159 [ 778.820531] should_failslab+0xdb/0x130 [ 778.824518] kmem_cache_alloc_node_trace+0x280/0x770 [ 778.829630] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 778.835098] __kmalloc_node_track_caller+0x3d/0x80 [ 778.835115] __kmalloc_reserve.isra.0+0x40/0xe0 [ 778.835125] __alloc_skb+0xcf/0x500 [ 778.835134] ? skb_scrub_packet+0x4b0/0x4b0 [ 778.844726] ? trace_hardirqs_on_caller+0x400/0x590 [ 778.844743] alloc_skb_with_frags+0x86/0x4b0 [ 778.844759] ? check_preemption_disabled+0x3c/0x250 [ 778.844773] sock_alloc_send_pskb+0x5db/0x740 [ 778.871731] ? sock_wmalloc+0xf0/0xf0 [ 778.875834] ? lock_downgrade+0x6e0/0x6e0 [ 778.880010] packet_sendmsg+0x16c4/0x5a70 [ 778.884174] ? avc_has_perm_noaudit+0x420/0x420 [ 778.888850] ? __might_fault+0x110/0x1d0 [ 778.892903] ? find_held_lock+0x35/0x130 [ 778.896956] ? __might_fault+0x110/0x1d0 [ 778.901025] ? rw_copy_check_uvector+0x1f1/0x290 [ 778.905777] ? packet_notifier+0x760/0x760 [ 778.909996] ? copy_msghdr_from_user+0x292/0x3f0 [ 778.914751] ? selinux_socket_sendmsg+0x36/0x40 [ 778.919414] ? security_socket_sendmsg+0x89/0xb0 [ 778.924166] ? packet_notifier+0x760/0x760 [ 778.928407] sock_sendmsg+0xce/0x110 [ 778.932118] ___sys_sendmsg+0x349/0x840 [ 778.936081] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 778.940831] ? mark_held_locks+0xb1/0x100 [ 778.944992] ? retint_kernel+0x2d/0x2d [ 778.948872] ? trace_hardirqs_on_caller+0x400/0x590 [ 778.953911] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 778.958683] ? save_trace+0x290/0x290 [ 778.962497] ? check_preemption_disabled+0x3c/0x250 [ 778.967506] ? __might_fault+0x110/0x1d0 [ 778.971563] ? find_held_lock+0x35/0x130 [ 778.975640] ? __might_fault+0x110/0x1d0 [ 778.979742] __sys_sendmmsg+0x152/0x3a0 [ 778.983709] ? SyS_sendmsg+0x50/0x50 [ 778.987445] ? lock_downgrade+0x6e0/0x6e0 [ 778.991608] ? trace_hardirqs_on_caller+0x400/0x590 [ 778.996617] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 779.001382] ? check_preemption_disabled+0x3c/0x250 [ 779.006410] ? retint_kernel+0x2d/0x2d [ 779.010294] ? SyS_sendmmsg+0x1c/0x60 [ 779.014100] SyS_sendmmsg+0x35/0x60 [ 779.017728] ? __sys_sendmmsg+0x3a0/0x3a0 [ 779.021875] do_syscall_64+0x1e8/0x640 [ 779.025755] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 779.030600] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 779.035780] RIP: 0033:0x459879 [ 779.038984] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 779.046698] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 779.053958] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 12:26:51 executing program 2 (fault-call:3 fault-nth:9): syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) [ 779.061220] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 779.068487] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 779.075755] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:26:51 executing program 1 (fault-call:13 fault-nth:50): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:26:51 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 779.161744] FAULT_INJECTION: forcing a failure. [ 779.161744] name failslab, interval 1, probability 0, space 0, times 0 [ 779.173719] CPU: 1 PID: 20579 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 779.180825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 779.180831] Call Trace: [ 779.180851] dump_stack+0x138/0x197 [ 779.180871] should_fail.cold+0x10f/0x159 [ 779.180886] should_failslab+0xdb/0x130 [ 779.180898] kmem_cache_alloc_node+0x287/0x780 [ 779.196662] ? __dev_queue_xmit+0x1e29/0x25e0 [ 779.196687] __alloc_skb+0x9c/0x500 [ 779.196697] ? skb_scrub_packet+0x4b0/0x4b0 [ 779.196709] ? __local_bh_enable_ip+0x99/0x1a0 [ 779.196720] alloc_skb_with_frags+0x86/0x4b0 [ 779.230729] ? trace_hardirqs_on+0x10/0x10 [ 779.234953] ? __local_bh_enable_ip+0x99/0x1a0 [ 779.239524] sock_alloc_send_pskb+0x5db/0x740 [ 779.244030] ? sock_wmalloc+0xf0/0xf0 [ 779.247815] ? lock_downgrade+0x6e0/0x6e0 [ 779.251952] packet_sendmsg+0x16c4/0x5a70 [ 779.256082] ? avc_has_perm_noaudit+0x420/0x420 [ 779.260740] ? __might_fault+0x110/0x1d0 [ 779.264786] ? find_held_lock+0x35/0x130 [ 779.268833] ? __might_fault+0x110/0x1d0 [ 779.272879] ? rw_copy_check_uvector+0x1f1/0x290 [ 779.277628] ? packet_notifier+0x760/0x760 [ 779.281849] ? copy_msghdr_from_user+0x292/0x3f0 [ 779.286591] ? selinux_socket_sendmsg+0x36/0x40 [ 779.291246] ? security_socket_sendmsg+0x89/0xb0 [ 779.295982] ? packet_notifier+0x760/0x760 [ 779.300201] sock_sendmsg+0xce/0x110 [ 779.303899] ___sys_sendmsg+0x349/0x840 [ 779.307857] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 779.312602] ? trace_hardirqs_on+0x10/0x10 [ 779.316823] ? check_preemption_disabled+0x3c/0x250 [ 779.321823] ? save_trace+0x290/0x290 [ 779.325611] ? __might_fault+0x110/0x1d0 [ 779.329656] ? find_held_lock+0x35/0x130 [ 779.333704] ? __might_fault+0x110/0x1d0 [ 779.337761] __sys_sendmmsg+0x152/0x3a0 [ 779.341727] ? SyS_sendmsg+0x50/0x50 [ 779.345426] ? lock_downgrade+0x6e0/0x6e0 [ 779.349561] ? __mutex_unlock_slowpath+0x71/0x800 [ 779.354387] ? check_preemption_disabled+0x3c/0x250 [ 779.359388] ? wait_for_completion+0x420/0x420 [ 779.363957] ? __sb_end_write+0xc1/0x100 [ 779.368023] ? SyS_write+0x15e/0x230 [ 779.371723] SyS_sendmmsg+0x35/0x60 [ 779.375332] ? __sys_sendmmsg+0x3a0/0x3a0 [ 779.379475] do_syscall_64+0x1e8/0x640 [ 779.383438] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 779.388271] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 779.393445] RIP: 0033:0x459879 [ 779.396618] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 779.404312] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 12:26:51 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) getpeername$netrom(r1, &(0x7f00000002c0)={{0x3, @netrom}, [@default, @remote, @null, @bcast, @netrom, @null, @default, @default]}, &(0x7f0000000000)=0x48) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) msync(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x4) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 779.411563] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 779.418819] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 779.426160] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 779.433412] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 [ 779.513343] FAULT_INJECTION: forcing a failure. [ 779.513343] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 779.525191] CPU: 1 PID: 20589 Comm: syz-executor.2 Not tainted 4.14.141 #37 [ 779.532303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 779.541757] Call Trace: [ 779.544355] dump_stack+0x138/0x197 [ 779.547996] should_fail.cold+0x10f/0x159 [ 779.552172] __alloc_pages_nodemask+0x1d6/0x7a0 [ 779.557104] ? __alloc_pages_slowpath+0x2930/0x2930 [ 779.562136] cache_grow_begin+0x80/0x400 [ 779.566213] kmem_cache_alloc+0x6a6/0x780 [ 779.570380] ? fat_i_callback+0x30/0x30 [ 779.574363] fat_alloc_inode+0x1c/0x60 [ 779.578255] alloc_inode+0x64/0x180 [ 779.581893] new_inode_pseudo+0x19/0xf0 [ 779.585876] new_inode+0x1f/0x40 [ 779.589252] fat_build_inode+0x124/0x293 [ 779.593317] vfat_create+0x1ae/0x329 [ 779.597038] ? vfat_mkdir+0x3c0/0x3c0 [ 779.600857] ? security_inode_create+0xd0/0x110 [ 779.605530] ? vfat_mkdir+0x3c0/0x3c0 [ 779.609343] lookup_open+0x11a6/0x1860 [ 779.613242] ? save_trace+0x290/0x290 [ 779.617036] ? complete_walk+0x1f0/0x1f0 [ 779.621102] path_openat+0xfca/0x3f70 [ 779.624909] ? trace_hardirqs_on+0x10/0x10 [ 779.629141] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 779.633796] ? find_held_lock+0x35/0x130 [ 779.637842] ? save_trace+0x290/0x290 [ 779.641645] ? __alloc_fd+0x1d4/0x4a0 [ 779.646592] do_filp_open+0x18e/0x250 [ 779.650399] ? may_open_dev+0xe0/0xe0 [ 779.654208] ? _raw_spin_unlock+0x2d/0x50 [ 779.658347] ? __alloc_fd+0x1d4/0x4a0 [ 779.662148] do_sys_open+0x2c5/0x430 [ 779.665878] ? filp_open+0x70/0x70 [ 779.669404] SyS_open+0x2d/0x40 [ 779.672676] ? do_sys_open+0x430/0x430 [ 779.676559] do_syscall_64+0x1e8/0x640 [ 779.680431] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 779.685285] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 779.690480] RIP: 0033:0x459879 [ 779.693667] RSP: 002b:00007feaaa924c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 779.701374] RAX: ffffffffffffffda RBX: 00007feaaa924c90 RCX: 0000000000459879 12:26:51 executing program 3: r0 = getpid() r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/capi/capi20\x00', 0x200080, 0x0) bind$llc(r1, &(0x7f0000000500)={0x1a, 0x30f, 0x8, 0x7b72, 0x10001, 0xffff, @broadcast}, 0x10) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r3, &(0x7f0000000340)=ANY=[], 0xff0e) close(r3) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r4, &(0x7f0000000140), 0x1c) openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/checkreqprot\x00', 0x2000, 0x0) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r2, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8001}, 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x10c, r5, 0x400, 0x70bd2b, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0x24, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xffffffffffffffff}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x8}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}]}, @TIPC_NLA_NET={0x28, 0x7, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x3cd}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xfffffffffffffffb}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xffffffffffffffe0}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7ff}]}, @TIPC_NLA_NET={0xc, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0xe28}]}, @TIPC_NLA_LINK={0x18, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_LINK={0x88, 0x4, [@TIPC_NLA_LINK_PROP={0x3c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xd736}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xbe}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x20}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6000000000000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x20000080}, 0x1) splice(r2, 0x0, r3, 0x0, 0x100000000, 0x0) write$binfmt_aout(r4, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:26:51 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x0) 12:26:51 executing program 2 (fault-call:3 fault-nth:10): syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) [ 779.708632] RDX: 0000000000000000 RSI: 0000000000141043 RDI: 0000000020000100 [ 779.715926] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 779.723204] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feaaa9256d4 [ 779.730468] R13: 00000000004f907f R14: 00000000004dac90 R15: 0000000000000004 12:26:51 executing program 1 (fault-call:13 fault-nth:51): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 779.827117] FAULT_INJECTION: forcing a failure. [ 779.827117] name failslab, interval 1, probability 0, space 0, times 0 [ 779.838870] CPU: 1 PID: 20604 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 779.846003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 779.855554] Call Trace: [ 779.858145] dump_stack+0x138/0x197 [ 779.861781] should_fail.cold+0x10f/0x159 [ 779.865929] should_failslab+0xdb/0x130 [ 779.869897] kmem_cache_alloc_node_trace+0x280/0x770 [ 779.875010] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 779.880509] __kmalloc_node_track_caller+0x3d/0x80 [ 779.885429] __kmalloc_reserve.isra.0+0x40/0xe0 [ 779.890090] __alloc_skb+0xcf/0x500 [ 779.893701] ? skb_scrub_packet+0x4b0/0x4b0 [ 779.898093] ? check_preemption_disabled+0x3c/0x250 [ 779.903093] ? retint_kernel+0x2d/0x2d [ 779.907058] alloc_skb_with_frags+0x86/0x4b0 [ 779.911473] sock_alloc_send_pskb+0x5db/0x740 [ 779.915964] ? sock_wmalloc+0xf0/0xf0 [ 779.919770] ? lock_downgrade+0x6e0/0x6e0 [ 779.923909] packet_sendmsg+0x16c4/0x5a70 [ 779.928042] ? avc_has_perm_noaudit+0x420/0x420 [ 779.932703] ? __might_fault+0x110/0x1d0 [ 779.936747] ? find_held_lock+0x35/0x130 [ 779.940788] ? __might_fault+0x110/0x1d0 [ 779.944832] ? rw_copy_check_uvector+0x1f1/0x290 [ 779.949577] ? packet_notifier+0x760/0x760 [ 779.953798] ? copy_msghdr_from_user+0x292/0x3f0 [ 779.958540] ? selinux_socket_sendmsg+0x36/0x40 [ 779.963195] ? security_socket_sendmsg+0x89/0xb0 [ 779.967934] ? packet_notifier+0x760/0x760 [ 779.972168] sock_sendmsg+0xce/0x110 [ 779.975890] ___sys_sendmsg+0x349/0x840 [ 779.979851] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 779.984593] ? mark_held_locks+0xb1/0x100 [ 779.988730] ? trace_hardirqs_on+0x10/0x10 [ 779.992951] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 779.997695] ? save_trace+0x290/0x290 [ 780.001479] ? check_preemption_disabled+0x3c/0x250 [ 780.006485] ? __might_fault+0x110/0x1d0 [ 780.010528] ? find_held_lock+0x35/0x130 [ 780.014573] ? __might_fault+0x110/0x1d0 [ 780.018634] __sys_sendmmsg+0x152/0x3a0 [ 780.022592] ? SyS_sendmsg+0x50/0x50 [ 780.026289] ? lock_downgrade+0x6e0/0x6e0 [ 780.030425] ? retint_kernel+0x2d/0x2d [ 780.034296] ? trace_hardirqs_on_caller+0x400/0x590 [ 780.039298] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 780.044044] ? check_preemption_disabled+0x3c/0x250 [ 780.049048] ? SyS_read+0x230/0x230 [ 780.052667] SyS_sendmmsg+0x35/0x60 [ 780.056284] ? __sys_sendmmsg+0x3a0/0x3a0 [ 780.060431] do_syscall_64+0x1e8/0x640 [ 780.064302] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 780.069135] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 780.074395] RIP: 0033:0x459879 [ 780.077581] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 780.085277] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 780.092531] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 780.099789] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 780.107059] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 780.114317] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 [ 780.169841] FAULT_INJECTION: forcing a failure. [ 780.169841] name failslab, interval 1, probability 0, space 0, times 0 [ 780.198787] CPU: 1 PID: 20613 Comm: syz-executor.2 Not tainted 4.14.141 #37 [ 780.205980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 780.215339] Call Trace: [ 780.217927] dump_stack+0x138/0x197 [ 780.221654] should_fail.cold+0x10f/0x159 [ 780.225808] should_failslab+0xdb/0x130 [ 780.229778] kmem_cache_alloc+0x2d7/0x780 [ 780.233914] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 780.239360] ? check_preemption_disabled+0x3c/0x250 [ 780.244363] selinux_file_alloc_security+0xb4/0x190 [ 780.249362] security_file_alloc+0x6d/0xa0 [ 780.253586] get_empty_filp+0x162/0x3f0 [ 780.257545] dentry_open+0x5f/0x220 [ 780.261190] ima_calc_file_hash+0x563/0x820 [ 780.265504] ? ima_add_template_entry.cold+0x48/0x48 [ 780.270609] ima_collect_measurement+0x3c1/0x450 [ 780.275363] ? ima_get_action+0x80/0x80 [ 780.279321] ? ima_get_cache_status+0x180/0x180 [ 780.283996] process_measurement+0x7dd/0xb80 [ 780.288405] ? ima_rdwr_violation_check+0x3f0/0x3f0 [ 780.293413] ? inode_has_perm.isra.0+0x15c/0x1e0 [ 780.298154] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 780.304807] ? fsnotify+0x11e0/0x11e0 [ 780.308597] ? inode_has_perm.isra.0+0x1e0/0x1e0 [ 780.313348] ? lock_downgrade+0x66c/0x6e0 [ 780.317489] ? file_ra_state_init+0xc9/0x1e0 [ 780.321882] ? do_dentry_open+0x452/0xeb0 [ 780.327168] ima_file_check+0x30/0x40 [ 780.330958] path_openat+0x1626/0x3f70 [ 780.334839] ? get_pid_task+0x98/0x140 [ 780.338745] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 780.343404] ? save_trace+0x290/0x290 [ 780.347192] ? __alloc_fd+0x1d4/0x4a0 [ 780.350979] do_filp_open+0x18e/0x250 [ 780.354768] ? may_open_dev+0xe0/0xe0 [ 780.358568] ? _raw_spin_unlock+0x2d/0x50 [ 780.362741] ? __alloc_fd+0x1d4/0x4a0 [ 780.366534] do_sys_open+0x2c5/0x430 [ 780.370237] ? filp_open+0x70/0x70 [ 780.373774] SyS_open+0x2d/0x40 [ 780.377037] ? do_sys_open+0x430/0x430 [ 780.380912] do_syscall_64+0x1e8/0x640 [ 780.384807] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 780.389663] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 780.394845] RIP: 0033:0x459879 [ 780.398019] RSP: 002b:00007feaaa924c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 780.406327] RAX: ffffffffffffffda RBX: 00007feaaa924c90 RCX: 0000000000459879 [ 780.413615] RDX: 0000000000000000 RSI: 0000000000141043 RDI: 0000000020000100 [ 780.420874] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 780.428129] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feaaa9256d4 [ 780.435390] R13: 00000000004f907f R14: 00000000004dac90 R15: 0000000000000004 [ 780.446812] ima: Unable to reopen file for reading. 12:26:53 executing program 1 (fault-call:13 fault-nth:52): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:26:53 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:26:53 executing program 2 (fault-call:3 fault-nth:11): syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:26:53 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x3, &(0x7f0000000100)=0x800000100000000, 0xc0) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x323) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0xa, 0x7, @tid=r0}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) ioctl$RTC_ALM_SET(0xffffffffffffffff, 0x40247007, &(0x7f0000000080)={0x14, 0x4, 0x0, 0x1a, 0xa, 0x7, 0x4, 0xa2, 0x1}) tkill(r0, 0x1000000000013) 12:26:53 executing program 5: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 781.550801] FAULT_INJECTION: forcing a failure. [ 781.550801] name failslab, interval 1, probability 0, space 0, times 0 [ 781.586243] FAULT_INJECTION: forcing a failure. [ 781.586243] name failslab, interval 1, probability 0, space 0, times 0 [ 781.608372] CPU: 0 PID: 20624 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 781.615534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 781.624993] Call Trace: [ 781.627605] dump_stack+0x138/0x197 [ 781.631259] should_fail.cold+0x10f/0x159 [ 781.635430] should_failslab+0xdb/0x130 [ 781.639424] kmem_cache_alloc_node+0x287/0x780 [ 781.644029] __alloc_skb+0x9c/0x500 [ 781.647671] ? skb_scrub_packet+0x4b0/0x4b0 [ 781.652002] ? __local_bh_enable_ip+0x99/0x1a0 [ 781.656624] alloc_skb_with_frags+0x86/0x4b0 [ 781.661046] ? trace_hardirqs_on+0x10/0x10 [ 781.665277] ? __local_bh_enable_ip+0x99/0x1a0 [ 781.669869] sock_alloc_send_pskb+0x5db/0x740 [ 781.674379] ? sock_wmalloc+0xf0/0xf0 [ 781.678185] ? lock_downgrade+0x6e0/0x6e0 [ 781.682345] packet_sendmsg+0x16c4/0x5a70 [ 781.686509] ? avc_has_perm_noaudit+0x420/0x420 [ 781.691185] ? __might_fault+0x110/0x1d0 [ 781.695248] ? find_held_lock+0x35/0x130 [ 781.699311] ? __might_fault+0x110/0x1d0 [ 781.703372] ? rw_copy_check_uvector+0x1f1/0x290 [ 781.708140] ? packet_notifier+0x760/0x760 [ 781.712386] ? copy_msghdr_from_user+0x292/0x3f0 [ 781.717151] ? selinux_socket_sendmsg+0x36/0x40 [ 781.721822] ? security_socket_sendmsg+0x89/0xb0 [ 781.726577] ? packet_notifier+0x760/0x760 [ 781.730818] sock_sendmsg+0xce/0x110 [ 781.734540] ___sys_sendmsg+0x349/0x840 [ 781.738534] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 781.743304] ? mark_held_locks+0xb1/0x100 [ 781.747462] ? trace_hardirqs_on+0x10/0x10 [ 781.751707] ? retint_kernel+0x2d/0x2d [ 781.755605] ? save_trace+0x290/0x290 [ 781.759404] ? trace_hardirqs_on_caller+0x400/0x590 [ 781.764444] ? __might_fault+0x110/0x1d0 [ 781.768524] ? find_held_lock+0x35/0x130 [ 781.772595] ? __might_fault+0x110/0x1d0 [ 781.776670] __sys_sendmmsg+0x152/0x3a0 [ 781.780640] ? SyS_sendmsg+0x50/0x50 [ 781.784358] ? lock_downgrade+0x6e0/0x6e0 [ 781.788537] ? retint_kernel+0x2d/0x2d [ 781.792424] ? trace_hardirqs_on_caller+0x400/0x590 [ 781.797434] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 781.802191] ? check_preemption_disabled+0x3c/0x250 [ 781.807223] SyS_sendmmsg+0x35/0x60 [ 781.810852] ? __sys_sendmmsg+0x3a0/0x3a0 [ 781.814999] do_syscall_64+0x1e8/0x640 [ 781.818975] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 781.823819] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 781.829022] RIP: 0033:0x459879 [ 781.832203] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 781.839905] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 781.847168] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 781.854528] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 781.861789] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 781.869052] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 [ 781.876334] CPU: 1 PID: 20627 Comm: syz-executor.2 Not tainted 4.14.141 #37 [ 781.883463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 781.892935] Call Trace: [ 781.895521] dump_stack+0x138/0x197 [ 781.899155] should_fail.cold+0x10f/0x159 [ 781.903292] should_failslab+0xdb/0x130 [ 781.907251] kmem_cache_alloc+0x2d7/0x780 [ 781.911387] get_empty_filp+0x8c/0x3f0 [ 781.915257] dentry_open+0x5f/0x220 [ 781.918903] ima_calc_file_hash+0x563/0x820 [ 781.923227] ? ima_add_template_entry.cold+0x48/0x48 [ 781.928327] ima_collect_measurement+0x3c1/0x450 [ 781.933070] ? ima_get_action+0x80/0x80 [ 781.937031] ? ima_get_cache_status+0x180/0x180 [ 781.941686] process_measurement+0x7dd/0xb80 [ 781.946080] ? ima_rdwr_violation_check+0x3f0/0x3f0 [ 781.951087] ? inode_has_perm.isra.0+0x15c/0x1e0 [ 781.955830] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 781.962502] ? fsnotify+0x11e0/0x11e0 [ 781.966307] ? inode_has_perm.isra.0+0x1e0/0x1e0 [ 781.971070] ? lock_downgrade+0x66c/0x6e0 [ 781.975207] ? file_ra_state_init+0xc9/0x1e0 [ 781.979612] ? do_dentry_open+0x452/0xeb0 [ 781.983751] ima_file_check+0x30/0x40 [ 781.987538] path_openat+0x1626/0x3f70 [ 781.991411] ? trace_hardirqs_on+0x10/0x10 [ 781.995642] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 782.000304] ? find_held_lock+0x35/0x130 [ 782.004441] ? save_trace+0x290/0x290 [ 782.008240] ? __alloc_fd+0x1d4/0x4a0 [ 782.012027] do_filp_open+0x18e/0x250 [ 782.015829] ? may_open_dev+0xe0/0xe0 [ 782.019622] ? _raw_spin_unlock+0x2d/0x50 [ 782.023750] ? __alloc_fd+0x1d4/0x4a0 [ 782.027542] do_sys_open+0x2c5/0x430 [ 782.031242] ? filp_open+0x70/0x70 [ 782.034793] SyS_open+0x2d/0x40 [ 782.038062] ? do_sys_open+0x430/0x430 [ 782.041960] do_syscall_64+0x1e8/0x640 [ 782.045832] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 782.050669] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 782.056193] RIP: 0033:0x459879 12:26:54 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bond0\x00', 0x0}) ioctl$HCIINQUIRY(r2, 0x800448f0, &(0x7f0000000080)={r4, 0x6, 0x1ff, 0x800000010000000, 0x5, 0x0, 0x83}) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 782.059370] RSP: 002b:00007feaaa924c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 782.067061] RAX: ffffffffffffffda RBX: 00007feaaa924c90 RCX: 0000000000459879 [ 782.074312] RDX: 0000000000000000 RSI: 0000000000141043 RDI: 0000000020000100 [ 782.081569] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 782.088823] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feaaa9256d4 [ 782.096076] R13: 00000000004f907f R14: 00000000004dac90 R15: 0000000000000004 12:26:54 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 782.115372] ima: Unable to reopen file for reading. 12:26:54 executing program 5: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:26:54 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) futimesat(r1, &(0x7f0000000000)='./file0\x00', &(0x7f00000002c0)={{0x0, 0x2710}, {r4, r5/1000+30000}}) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:26:54 executing program 2 (fault-call:3 fault-nth:12): syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:26:54 executing program 1 (fault-call:13 fault-nth:53): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:26:54 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000000)={0x6, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, @link_local}, {0x0, 0x0, 0x0, @dev}, {0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @local}, {}]}) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:26:54 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:26:54 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 782.834659] FAULT_INJECTION: forcing a failure. [ 782.834659] name failslab, interval 1, probability 0, space 0, times 0 [ 782.843637] FAULT_INJECTION: forcing a failure. [ 782.843637] name failslab, interval 1, probability 0, space 0, times 0 [ 782.861862] CPU: 1 PID: 20662 Comm: syz-executor.2 Not tainted 4.14.141 #37 [ 782.869089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 782.878462] Call Trace: [ 782.881073] dump_stack+0x138/0x197 [ 782.884719] should_fail.cold+0x10f/0x159 [ 782.888885] should_failslab+0xdb/0x130 [ 782.892873] __kmalloc_track_caller+0x2ec/0x790 [ 782.897548] ? fput+0xd4/0x150 [ 782.900746] ? ima_collect_measurement+0x270/0x450 [ 782.905680] krealloc+0x66/0xc0 [ 782.908959] ima_collect_measurement+0x270/0x450 [ 782.913716] ? ima_get_action+0x80/0x80 [ 782.917702] ? ima_get_cache_status+0x180/0x180 [ 782.923256] process_measurement+0x7dd/0xb80 [ 782.927670] ? ima_rdwr_violation_check+0x3f0/0x3f0 [ 782.932694] ? inode_has_perm.isra.0+0x15c/0x1e0 [ 782.937460] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 782.944127] ? fsnotify+0x11e0/0x11e0 [ 782.947973] ? inode_has_perm.isra.0+0x1e0/0x1e0 [ 782.952732] ? lock_downgrade+0x66c/0x6e0 [ 782.956895] ? file_ra_state_init+0xc9/0x1e0 [ 782.961313] ? do_dentry_open+0x452/0xeb0 [ 782.965481] ima_file_check+0x30/0x40 [ 782.969281] path_openat+0x1626/0x3f70 [ 782.973173] ? get_pid_task+0x98/0x140 [ 782.977077] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 782.981747] ? save_trace+0x290/0x290 12:26:55 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) bind$vsock_stream(r1, &(0x7f0000000000)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) tkill(r0, 0x1000000000013) [ 782.985554] ? __alloc_fd+0x1d4/0x4a0 [ 782.989450] do_filp_open+0x18e/0x250 [ 782.993251] ? may_open_dev+0xe0/0xe0 [ 782.997061] ? _raw_spin_unlock+0x2d/0x50 [ 783.001205] ? __alloc_fd+0x1d4/0x4a0 [ 783.005016] do_sys_open+0x2c5/0x430 [ 783.008728] ? filp_open+0x70/0x70 [ 783.012280] SyS_open+0x2d/0x40 [ 783.015556] ? do_sys_open+0x430/0x430 [ 783.019449] do_syscall_64+0x1e8/0x640 [ 783.023337] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 783.028188] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 783.033385] RIP: 0033:0x459879 [ 783.036578] RSP: 002b:00007feaaa924c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 783.044300] RAX: ffffffffffffffda RBX: 00007feaaa924c90 RCX: 0000000000459879 [ 783.051583] RDX: 0000000000000000 RSI: 0000000000141043 RDI: 0000000020000100 [ 783.058868] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 783.066149] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feaaa9256d4 [ 783.073429] R13: 00000000004f907f R14: 00000000004dac90 R15: 0000000000000004 [ 783.080813] CPU: 0 PID: 20668 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 783.087929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 783.097280] Call Trace: [ 783.097300] dump_stack+0x138/0x197 [ 783.097316] should_fail.cold+0x10f/0x159 [ 783.097329] should_failslab+0xdb/0x130 [ 783.097343] kmem_cache_alloc_node_trace+0x280/0x770 [ 783.097356] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 783.097368] __kmalloc_node_track_caller+0x3d/0x80 [ 783.097381] __kmalloc_reserve.isra.0+0x40/0xe0 [ 783.097392] __alloc_skb+0xcf/0x500 [ 783.097400] ? skb_scrub_packet+0x4b0/0x4b0 [ 783.097412] ? __local_bh_enable_ip+0x99/0x1a0 [ 783.119062] audit: type=1800 audit(1567427215.205:154): pid=20662 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed" comm="syz-executor.2" name="bus" dev="loop2" ino=23 res=0 [ 783.123773] alloc_skb_with_frags+0x86/0x4b0 [ 783.123787] ? retint_kernel+0x2d/0x2d [ 783.123801] ? trace_hardirqs_on_caller+0x400/0x590 [ 783.123815] sock_alloc_send_pskb+0x5db/0x740 [ 783.123831] ? sock_wmalloc+0xf0/0xf0 12:26:55 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 783.189354] ? lock_downgrade+0x6e0/0x6e0 [ 783.193520] packet_sendmsg+0x16c4/0x5a70 [ 783.193532] ? avc_has_perm_noaudit+0x420/0x420 [ 783.202325] ? __might_fault+0x110/0x1d0 [ 783.202338] ? find_held_lock+0x35/0x130 [ 783.202348] ? __might_fault+0x110/0x1d0 [ 783.202358] ? rw_copy_check_uvector+0x1f1/0x290 [ 783.202377] ? packet_notifier+0x760/0x760 [ 783.223496] ? copy_msghdr_from_user+0x292/0x3f0 [ 783.228265] ? selinux_socket_sendmsg+0x36/0x40 [ 783.232935] ? security_socket_sendmsg+0x89/0xb0 [ 783.237740] ? packet_notifier+0x760/0x760 [ 783.241972] sock_sendmsg+0xce/0x110 [ 783.245679] ___sys_sendmsg+0x349/0x840 [ 783.249644] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 783.254398] ? trace_hardirqs_on+0x10/0x10 [ 783.258625] ? check_preemption_disabled+0x3c/0x250 [ 783.263626] ? save_trace+0x290/0x290 [ 783.267413] ? __might_fault+0x110/0x1d0 [ 783.271465] ? __might_fault+0x110/0x1d0 [ 783.275514] ? find_held_lock+0x35/0x130 [ 783.279564] ? __might_fault+0x110/0x1d0 [ 783.283637] __sys_sendmmsg+0x152/0x3a0 [ 783.287614] ? SyS_sendmsg+0x50/0x50 [ 783.291320] ? lock_downgrade+0x6e0/0x6e0 [ 783.295457] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 783.300202] ? check_preemption_disabled+0x3c/0x250 [ 783.305949] ? retint_kernel+0x2d/0x2d [ 783.309827] ? __sys_sendmmsg+0x1e/0x3a0 [ 783.313887] SyS_sendmmsg+0x35/0x60 [ 783.317521] ? __sys_sendmmsg+0x3a0/0x3a0 [ 783.321682] do_syscall_64+0x1e8/0x640 [ 783.325577] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 783.330418] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 783.335592] RIP: 0033:0x459879 12:26:55 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0x0) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) write$P9_RSTAT(r1, &(0x7f0000000200)={0x5c, 0x7d, 0x2, {0x0, 0x55, 0x6, 0x2, {0x20, 0x0, 0x8}, 0x100000, 0x7fff, 0x951, 0x9e84, 0x1d, 'selinux@$securityvboxnet0self', 0x0, '', 0x1, '@', 0x4, 'tls\x00'}}, 0x5c) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) time(&(0x7f0000000000)) 12:26:55 executing program 2 (fault-call:3 fault-nth:13): syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) [ 783.338772] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 783.346483] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 783.353747] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 783.361003] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 783.368259] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 783.375514] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:26:55 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:26:55 executing program 1 (fault-call:13 fault-nth:54): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 783.523946] FAULT_INJECTION: forcing a failure. [ 783.523946] name failslab, interval 1, probability 0, space 0, times 0 [ 783.550954] CPU: 0 PID: 20699 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 783.558107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 783.567478] Call Trace: [ 783.570088] dump_stack+0x138/0x197 [ 783.573731] should_fail.cold+0x10f/0x159 [ 783.573749] should_failslab+0xdb/0x130 [ 783.581863] kmem_cache_alloc_node+0x287/0x780 [ 783.581878] ? __dev_queue_xmit+0x1e29/0x25e0 [ 783.581893] __alloc_skb+0x9c/0x500 [ 783.581905] ? skb_scrub_packet+0x4b0/0x4b0 [ 783.581922] ? __local_bh_enable_ip+0x99/0x1a0 [ 783.599063] FAULT_INJECTION: forcing a failure. [ 783.599063] name failslab, interval 1, probability 0, space 0, times 0 [ 783.603532] alloc_skb_with_frags+0x86/0x4b0 [ 783.603548] ? trace_hardirqs_on+0x10/0x10 [ 783.603558] ? __local_bh_enable_ip+0x99/0x1a0 [ 783.603573] sock_alloc_send_pskb+0x5db/0x740 [ 783.603591] ? sock_wmalloc+0xf0/0xf0 [ 783.636316] ? lock_downgrade+0x6e0/0x6e0 [ 783.640464] packet_sendmsg+0x16c4/0x5a70 [ 783.645426] ? avc_has_perm_noaudit+0x420/0x420 [ 783.650095] ? __might_fault+0x110/0x1d0 [ 783.654152] ? find_held_lock+0x35/0x130 [ 783.658205] ? __might_fault+0x110/0x1d0 [ 783.662257] ? rw_copy_check_uvector+0x1f1/0x290 [ 783.667020] ? packet_notifier+0x760/0x760 [ 783.671252] ? copy_msghdr_from_user+0x292/0x3f0 [ 783.676006] ? selinux_socket_sendmsg+0x36/0x40 [ 783.680670] ? security_socket_sendmsg+0x89/0xb0 [ 783.685421] ? packet_notifier+0x760/0x760 [ 783.689650] sock_sendmsg+0xce/0x110 [ 783.693358] ___sys_sendmsg+0x349/0x840 [ 783.697325] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 783.702257] ? trace_hardirqs_on+0x10/0x10 [ 783.706486] ? check_preemption_disabled+0x3c/0x250 [ 783.711496] ? save_trace+0x290/0x290 [ 783.715291] ? __might_fault+0x110/0x1d0 [ 783.719346] ? __might_fault+0x110/0x1d0 [ 783.723403] ? find_held_lock+0x35/0x130 [ 783.727460] ? __might_fault+0x110/0x1d0 [ 783.731529] __sys_sendmmsg+0x152/0x3a0 [ 783.735500] ? SyS_sendmsg+0x50/0x50 [ 783.739206] ? lock_downgrade+0x6e0/0x6e0 [ 783.743354] ? __mutex_unlock_slowpath+0x71/0x800 [ 783.748190] ? check_preemption_disabled+0x3c/0x250 [ 783.753200] ? wait_for_completion+0x420/0x420 [ 783.757779] ? __sb_end_write+0xc1/0x100 [ 783.761838] ? SyS_write+0x15e/0x230 [ 783.765547] SyS_sendmmsg+0x35/0x60 [ 783.769161] ? __sys_sendmmsg+0x3a0/0x3a0 [ 783.773307] do_syscall_64+0x1e8/0x640 [ 783.777187] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 783.782048] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 783.787235] RIP: 0033:0x459879 [ 783.790415] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 783.798114] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 783.805376] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 783.812646] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 783.819913] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 783.827180] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 [ 783.834471] CPU: 1 PID: 20706 Comm: syz-executor.2 Not tainted 4.14.141 #37 [ 783.841591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 783.850954] Call Trace: [ 783.853541] dump_stack+0x138/0x197 [ 783.857155] should_fail.cold+0x10f/0x159 [ 783.861408] should_failslab+0xdb/0x130 [ 783.865369] __kmalloc_track_caller+0x2ec/0x790 [ 783.870033] ? fput+0xd4/0x150 [ 783.873227] ? ima_collect_measurement+0x270/0x450 [ 783.878141] krealloc+0x66/0xc0 [ 783.881408] ima_collect_measurement+0x270/0x450 [ 783.886151] ? ima_get_action+0x80/0x80 [ 783.890115] ? ima_get_cache_status+0x180/0x180 [ 783.894771] process_measurement+0x7dd/0xb80 [ 783.899173] ? ima_rdwr_violation_check+0x3f0/0x3f0 [ 783.904179] ? inode_has_perm.isra.0+0x15c/0x1e0 [ 783.908924] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 783.915577] ? fsnotify+0x11e0/0x11e0 [ 783.919388] ? inode_has_perm.isra.0+0x1e0/0x1e0 [ 783.924131] ? lock_downgrade+0x66c/0x6e0 [ 783.928276] ? file_ra_state_init+0xc9/0x1e0 [ 783.932668] ? do_dentry_open+0x452/0xeb0 [ 783.936806] ima_file_check+0x30/0x40 [ 783.940595] path_openat+0x1626/0x3f70 [ 783.944470] ? trace_hardirqs_on+0x10/0x10 [ 783.948694] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 783.953435] ? find_held_lock+0x35/0x130 [ 783.957478] ? save_trace+0x290/0x290 [ 783.961290] ? __alloc_fd+0x1d4/0x4a0 [ 783.965095] do_filp_open+0x18e/0x250 [ 783.968880] ? may_open_dev+0xe0/0xe0 [ 783.972676] ? _raw_spin_unlock+0x2d/0x50 [ 783.976807] ? __alloc_fd+0x1d4/0x4a0 [ 783.980597] do_sys_open+0x2c5/0x430 [ 783.984296] ? filp_open+0x70/0x70 [ 783.987823] SyS_open+0x2d/0x40 [ 783.991087] ? do_sys_open+0x430/0x430 [ 783.994976] do_syscall_64+0x1e8/0x640 [ 783.998856] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 784.003715] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 784.008893] RIP: 0033:0x459879 [ 784.012066] RSP: 002b:00007feaaa924c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 784.019755] RAX: ffffffffffffffda RBX: 00007feaaa924c90 RCX: 0000000000459879 [ 784.027013] RDX: 0000000000000000 RSI: 0000000000141043 RDI: 0000000020000100 [ 784.034269] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 784.041520] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feaaa9256d4 [ 784.048772] R13: 00000000004f907f R14: 00000000004dac90 R15: 0000000000000004 [ 784.090354] audit: type=1800 audit(1567427216.205:155): pid=20706 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed" comm="syz-executor.2" name="bus" dev="loop2" ino=24 res=0 12:26:56 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:26:56 executing program 1 (fault-call:13 fault-nth:55): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:26:56 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) ioctl$TIOCGPTPEER(r2, 0x5441, 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) ioctl$VIDIOC_G_SELECTION(r2, 0xc040565e, &(0x7f0000000000)={0xc, 0x102, 0x1, {0x0, 0x8, 0xfffffffffffff3a6, 0xffffffff9fc95896}}) getpid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) ioctl$SCSI_IOCTL_GET_IDLUN(r1, 0x5382, &(0x7f0000000180)) tkill(r0, 0x1040000000013) sched_getparam(r0, &(0x7f0000000080)) 12:26:56 executing program 2 (fault-call:3 fault-nth:14): syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:26:56 executing program 3: r0 = getpid() r1 = shmget$private(0x0, 0x4000, 0x402, &(0x7f0000ffc000/0x4000)=nil) shmctl$SHM_INFO(r1, 0xe, &(0x7f0000000a80)=""/4096) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r3, &(0x7f0000000340)=ANY=[], 0xff0e) close(r3) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r4, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r2, 0x0, r3, 0x0, 0x100000000, 0x100) write$binfmt_aout(r4, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r2, 0xc02c5341, &(0x7f0000000380)) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) ioctl$FS_IOC_FSSETXATTR(r4, 0x401c5820, &(0x7f0000000080)={0x5698b1c1, 0x6, 0x1, 0x200, 0xffff}) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) getsockopt$inet6_opts(r3, 0x29, 0x3b, &(0x7f00000002c0)=""/134, &(0x7f0000000000)=0x86) tkill(r0, 0x1000000000013) 12:26:56 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 784.288835] FAULT_INJECTION: forcing a failure. [ 784.288835] name failslab, interval 1, probability 0, space 0, times 0 [ 784.289309] FAULT_INJECTION: forcing a failure. [ 784.289309] name failslab, interval 1, probability 0, space 0, times 0 [ 784.305050] CPU: 1 PID: 20730 Comm: syz-executor.2 Not tainted 4.14.141 #37 [ 784.318975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 784.328346] Call Trace: [ 784.330956] dump_stack+0x138/0x197 [ 784.334594] should_fail.cold+0x10f/0x159 [ 784.338748] should_failslab+0xdb/0x130 [ 784.342732] kmem_cache_alloc+0x2d7/0x780 [ 784.346904] ima_d_path+0x52/0x1de [ 784.350447] process_measurement+0x96a/0xb80 [ 784.354869] ? ima_rdwr_violation_check+0x3f0/0x3f0 [ 784.359894] ? inode_has_perm.isra.0+0x15c/0x1e0 [ 784.364654] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 784.371307] ? fsnotify+0x11e0/0x11e0 [ 784.371320] ? inode_has_perm.isra.0+0x1e0/0x1e0 [ 784.371332] ? lock_downgrade+0x66c/0x6e0 [ 784.371353] ? file_ra_state_init+0xc9/0x1e0 [ 784.371366] ? do_dentry_open+0x452/0xeb0 [ 784.371385] ima_file_check+0x30/0x40 [ 784.371395] path_openat+0x1626/0x3f70 [ 784.371405] ? trace_hardirqs_on+0x10/0x10 [ 784.371421] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 784.409154] ? find_held_lock+0x35/0x130 [ 784.413233] ? save_trace+0x290/0x290 [ 784.417049] ? __alloc_fd+0x1d4/0x4a0 [ 784.420858] do_filp_open+0x18e/0x250 [ 784.424744] ? may_open_dev+0xe0/0xe0 [ 784.428557] ? _raw_spin_unlock+0x2d/0x50 [ 784.432709] ? __alloc_fd+0x1d4/0x4a0 12:26:56 executing program 4: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000200)='/dev/full\x00', 0x2000, 0x0) write$P9_RXATTRWALK(r0, &(0x7f0000000240)={0xf, 0x1f, 0x2, 0x4}, 0xf) r1 = getpid() openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x200002, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r3, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) clock_getres(0x0, &(0x7f0000000300)) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r4, &(0x7f0000000140), 0x1c) fchmodat(r3, &(0x7f0000000180)='./file0\x00', 0x10) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) ioctl$KVM_GET_MSR_INDEX_LIST(r3, 0xc004ae02, &(0x7f00000002c0)=ANY=[@ANYBLOB="5b72f6755cb47ac0c14a2f3ca461740200000000f2000022880000"]) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0xfe47) splice(r2, 0x0, r3, 0x0, 0x100000000, 0x0) write$binfmt_aout(r2, 0x0, 0xfffffffffffffc88) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x108000000000f) 12:26:56 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x341200, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f00000000c0)=0x401, 0x4) connect$inet6(r4, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) openat$ipvs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r4, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) ioctl$VFIO_IOMMU_MAP_DMA(r3, 0x3b71, &(0x7f0000000080)={0x20, 0x3, 0x8, 0x4, 0x7fffffff}) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 784.436523] do_sys_open+0x2c5/0x430 [ 784.440244] ? filp_open+0x70/0x70 [ 784.443797] SyS_open+0x2d/0x40 [ 784.447081] ? do_sys_open+0x430/0x430 [ 784.450967] do_syscall_64+0x1e8/0x640 [ 784.450976] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 784.450993] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 784.451001] RIP: 0033:0x459879 [ 784.451006] RSP: 002b:00007feaaa924c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 784.451016] RAX: ffffffffffffffda RBX: 00007feaaa924c90 RCX: 0000000000459879 12:26:56 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0x80087601, &(0x7f0000000180)) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x10002, 0x3, 0x5000, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) write$binfmt_aout(r3, 0x0, 0x0) ioctl$PPPIOCGCHAN(r2, 0x80047437, &(0x7f0000000080)) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x5}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) ioctl$SIOCX25SENDCALLACCPT(r2, 0x89e9) tkill(r0, 0x1000000000013) [ 784.451021] RDX: 0000000000000000 RSI: 0000000000141043 RDI: 0000000020000100 [ 784.451028] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 784.459740] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feaaa9256d4 [ 784.459747] R13: 00000000004f907f R14: 00000000004dac90 R15: 0000000000000004 [ 784.525111] CPU: 0 PID: 20731 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 784.532256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 784.541607] Call Trace: [ 784.541628] dump_stack+0x138/0x197 [ 784.541644] should_fail.cold+0x10f/0x159 [ 784.541660] should_failslab+0xdb/0x130 [ 784.547876] kmem_cache_alloc_node_trace+0x280/0x770 [ 784.561073] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 784.566552] __kmalloc_node_track_caller+0x3d/0x80 [ 784.571506] __kmalloc_reserve.isra.0+0x40/0xe0 [ 784.576198] __alloc_skb+0xcf/0x500 [ 784.579846] ? skb_scrub_packet+0x4b0/0x4b0 [ 784.584229] alloc_skb_with_frags+0x86/0x4b0 12:26:56 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) fstat(r3, &(0x7f00000002c0)) splice(r2, 0x0, r2, 0x0, 0x3, 0x11) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) write$vnet(r1, &(0x7f00000004c0)={0x1, {&(0x7f0000000340)=""/115, 0x73, &(0x7f00000003c0)=""/237, 0x2, 0x1}}, 0x68) [ 784.588653] ? trace_hardirqs_on+0x10/0x10 [ 784.592908] sock_alloc_send_pskb+0x5db/0x740 [ 784.597425] ? sock_wmalloc+0xf0/0xf0 [ 784.601243] ? lock_downgrade+0x6e0/0x6e0 [ 784.605395] packet_sendmsg+0x16c4/0x5a70 [ 784.609533] ? avc_has_perm_noaudit+0x420/0x420 [ 784.614209] ? __might_fault+0x110/0x1d0 [ 784.618284] ? find_held_lock+0x35/0x130 [ 784.622360] ? __might_fault+0x110/0x1d0 [ 784.626435] ? rw_copy_check_uvector+0x1f1/0x290 [ 784.631240] ? packet_notifier+0x760/0x760 [ 784.635585] ? copy_msghdr_from_user+0x292/0x3f0 [ 784.640363] ? selinux_socket_sendmsg+0x36/0x40 [ 784.645039] ? security_socket_sendmsg+0x89/0xb0 [ 784.649786] ? packet_notifier+0x760/0x760 [ 784.654013] sock_sendmsg+0xce/0x110 [ 784.657711] ___sys_sendmsg+0x349/0x840 [ 784.661679] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 784.666428] ? mark_held_locks+0xb1/0x100 [ 784.670561] ? trace_hardirqs_on+0x10/0x10 [ 784.674790] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 784.679532] ? save_trace+0x290/0x290 [ 784.683328] ? check_preemption_disabled+0x3c/0x250 [ 784.688342] ? __might_fault+0x110/0x1d0 [ 784.692392] ? find_held_lock+0x35/0x130 [ 784.696527] ? __might_fault+0x110/0x1d0 [ 784.700583] __sys_sendmmsg+0x152/0x3a0 [ 784.704633] ? SyS_sendmsg+0x50/0x50 [ 784.708348] ? lock_downgrade+0x6e0/0x6e0 [ 784.712484] ? __mutex_unlock_slowpath+0x71/0x800 [ 784.717312] ? check_preemption_disabled+0x3c/0x250 [ 784.722320] ? wait_for_completion+0x420/0x420 [ 784.726898] ? __sb_end_write+0xc1/0x100 [ 784.730963] ? SyS_write+0x15e/0x230 [ 784.734667] SyS_sendmmsg+0x35/0x60 [ 784.738274] ? __sys_sendmmsg+0x3a0/0x3a0 [ 784.742408] do_syscall_64+0x1e8/0x640 [ 784.746334] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 784.751184] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 784.756366] RIP: 0033:0x459879 [ 784.759536] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 784.767231] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 784.774486] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 784.781830] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 12:26:56 executing program 5: getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r1, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r1, &(0x7f0000000340)=ANY=[], 0xff0e) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r2, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r0, 0x0, r1, 0x0, 0x100000000, 0x0) write$binfmt_aout(r2, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) 12:26:56 executing program 2 (fault-call:3 fault-nth:15): syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:26:56 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:26:56 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x4, &(0x7f0000000440)={0x0, 0x17, 0x0, @tid=r0}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 784.789080] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 784.796332] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:26:57 executing program 1 (fault-call:13 fault-nth:56): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 784.965183] FAULT_INJECTION: forcing a failure. [ 784.965183] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 784.969015] FAULT_INJECTION: forcing a failure. [ 784.969015] name failslab, interval 1, probability 0, space 0, times 0 [ 784.977034] CPU: 0 PID: 20772 Comm: syz-executor.2 Not tainted 4.14.141 #37 [ 784.977044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 784.977047] Call Trace: [ 784.977071] dump_stack+0x138/0x197 [ 784.977091] should_fail.cold+0x10f/0x159 [ 784.977109] __alloc_pages_nodemask+0x1d6/0x7a0 [ 784.977123] ? __alloc_pages_slowpath+0x2930/0x2930 [ 784.977145] cache_grow_begin+0x80/0x400 [ 784.977160] kmem_cache_alloc+0x6a6/0x780 [ 784.977183] ima_d_path+0x52/0x1de [ 785.037049] process_measurement+0x96a/0xb80 [ 785.041478] ? ima_rdwr_violation_check+0x3f0/0x3f0 [ 785.046496] ? inode_has_perm.isra.0+0x15c/0x1e0 [ 785.051253] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 785.057922] ? fsnotify+0x11e0/0x11e0 [ 785.061722] ? inode_has_perm.isra.0+0x1e0/0x1e0 [ 785.066475] ? lock_downgrade+0x66c/0x6e0 [ 785.070628] ? file_ra_state_init+0xc9/0x1e0 [ 785.075036] ? do_dentry_open+0x452/0xeb0 [ 785.079200] ima_file_check+0x30/0x40 [ 785.083005] path_openat+0x1626/0x3f70 [ 785.086892] ? trace_hardirqs_on+0x10/0x10 [ 785.091140] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 785.095895] ? find_held_lock+0x35/0x130 [ 785.099953] ? save_trace+0x290/0x290 [ 785.106241] ? __alloc_fd+0x1d4/0x4a0 [ 785.110055] do_filp_open+0x18e/0x250 [ 785.113857] ? may_open_dev+0xe0/0xe0 [ 785.117670] ? _raw_spin_unlock+0x2d/0x50 [ 785.121822] ? __alloc_fd+0x1d4/0x4a0 [ 785.125630] do_sys_open+0x2c5/0x430 [ 785.129346] ? filp_open+0x70/0x70 [ 785.132898] SyS_open+0x2d/0x40 [ 785.136175] ? do_sys_open+0x430/0x430 [ 785.140062] do_syscall_64+0x1e8/0x640 [ 785.143947] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 785.148802] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 785.153991] RIP: 0033:0x459879 [ 785.157174] RSP: 002b:00007feaaa924c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 785.164884] RAX: ffffffffffffffda RBX: 00007feaaa924c90 RCX: 0000000000459879 [ 785.172222] RDX: 0000000000000000 RSI: 0000000000141043 RDI: 0000000020000100 [ 785.179499] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 785.186768] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feaaa9256d4 [ 785.194037] R13: 00000000004f907f R14: 00000000004dac90 R15: 0000000000000004 [ 785.201330] CPU: 1 PID: 20773 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 785.208447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 785.217808] Call Trace: [ 785.220419] dump_stack+0x138/0x197 [ 785.224055] should_fail.cold+0x10f/0x159 [ 785.228220] should_failslab+0xdb/0x130 [ 785.232209] kmem_cache_alloc_node+0x287/0x780 [ 785.236806] ? __dev_queue_xmit+0x1e29/0x25e0 [ 785.241376] __alloc_skb+0x9c/0x500 [ 785.245020] ? skb_scrub_packet+0x4b0/0x4b0 [ 785.249357] ? __local_bh_enable_ip+0x99/0x1a0 [ 785.253956] alloc_skb_with_frags+0x86/0x4b0 [ 785.258378] ? trace_hardirqs_on+0x10/0x10 12:26:57 executing program 2 (fault-call:3 fault-nth:16): syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) [ 785.262629] ? __local_bh_enable_ip+0x99/0x1a0 [ 785.267235] sock_alloc_send_pskb+0x5db/0x740 [ 785.271749] ? sock_wmalloc+0xf0/0xf0 [ 785.275597] ? lock_downgrade+0x6e0/0x6e0 [ 785.279743] packet_sendmsg+0x16c4/0x5a70 [ 785.283886] ? avc_has_perm_noaudit+0x420/0x420 [ 785.288555] ? __might_fault+0x110/0x1d0 [ 785.292603] ? find_held_lock+0x35/0x130 [ 785.296646] ? __might_fault+0x110/0x1d0 [ 785.300730] ? rw_copy_check_uvector+0x1f1/0x290 [ 785.305484] ? packet_notifier+0x760/0x760 [ 785.309715] ? copy_msghdr_from_user+0x292/0x3f0 [ 785.314460] ? selinux_socket_sendmsg+0x36/0x40 [ 785.319112] ? security_socket_sendmsg+0x89/0xb0 [ 785.323861] ? packet_notifier+0x760/0x760 [ 785.328089] sock_sendmsg+0xce/0x110 [ 785.331807] ___sys_sendmsg+0x349/0x840 [ 785.335773] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 785.340527] ? mark_held_locks+0xb1/0x100 [ 785.344668] ? trace_hardirqs_on+0x10/0x10 [ 785.348904] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 785.353650] ? save_trace+0x290/0x290 [ 785.357436] ? check_preemption_disabled+0x3c/0x250 [ 785.362444] ? __might_fault+0x110/0x1d0 [ 785.366499] ? find_held_lock+0x35/0x130 [ 785.370550] ? __might_fault+0x110/0x1d0 [ 785.374632] __sys_sendmmsg+0x152/0x3a0 [ 785.378591] ? SyS_sendmsg+0x50/0x50 [ 785.382307] ? lock_downgrade+0x6e0/0x6e0 [ 785.386449] ? __mutex_unlock_slowpath+0x71/0x800 [ 785.391353] ? check_preemption_disabled+0x3c/0x250 [ 785.396381] ? wait_for_completion+0x420/0x420 [ 785.400957] ? __sb_end_write+0xc1/0x100 [ 785.405021] ? SyS_write+0x15e/0x230 [ 785.408720] SyS_sendmmsg+0x35/0x60 [ 785.412329] ? __sys_sendmmsg+0x3a0/0x3a0 [ 785.416462] do_syscall_64+0x1e8/0x640 [ 785.420341] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 785.425184] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 785.430362] RIP: 0033:0x459879 [ 785.433540] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 785.441327] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 785.448591] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 785.455844] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 785.463113] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 785.470375] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:26:57 executing program 1 (fault-call:13 fault-nth:57): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:26:57 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:26:57 executing program 5: getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r1, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r1, &(0x7f0000000340)=ANY=[], 0xff0e) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r2, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r0, 0x0, r1, 0x0, 0x100000000, 0x0) write$binfmt_aout(r2, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) [ 785.620928] FAULT_INJECTION: forcing a failure. [ 785.620928] name failslab, interval 1, probability 0, space 0, times 0 [ 785.665955] FAULT_INJECTION: forcing a failure. [ 785.665955] name failslab, interval 1, probability 0, space 0, times 0 [ 785.667243] CPU: 1 PID: 20791 Comm: syz-executor.2 Not tainted 4.14.141 #37 [ 785.684351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 785.693714] Call Trace: [ 785.696324] dump_stack+0x138/0x197 [ 785.699965] should_fail.cold+0x10f/0x159 [ 785.704119] should_failslab+0xdb/0x130 [ 785.708109] __kmalloc+0x2f0/0x7a0 [ 785.711663] ? ima_alloc_init_template+0x65/0x3a0 [ 785.716524] ima_alloc_init_template+0x65/0x3a0 [ 785.721203] ima_store_measurement+0x17b/0x330 [ 785.725876] ? ima_collect_measurement+0x450/0x450 [ 785.730813] ? kmem_cache_alloc+0x611/0x780 [ 785.735141] ? ima_d_path+0xaf/0x1de [ 785.738859] process_measurement+0x948/0xb80 [ 785.743281] ? ima_rdwr_violation_check+0x3f0/0x3f0 [ 785.748310] ? inode_has_perm.isra.0+0x15c/0x1e0 [ 785.753099] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 785.759768] ? fsnotify+0x11e0/0x11e0 [ 785.763578] ? inode_has_perm.isra.0+0x1e0/0x1e0 [ 785.768345] ? lock_downgrade+0x66c/0x6e0 [ 785.772504] ? file_ra_state_init+0xc9/0x1e0 [ 785.776923] ? do_dentry_open+0x452/0xeb0 [ 785.781092] ima_file_check+0x30/0x40 [ 785.784897] path_openat+0x1626/0x3f70 [ 785.788793] ? trace_hardirqs_on+0x10/0x10 [ 785.793075] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 785.797752] ? find_held_lock+0x35/0x130 [ 785.801816] ? save_trace+0x290/0x290 [ 785.805627] ? __alloc_fd+0x1d4/0x4a0 [ 785.809435] do_filp_open+0x18e/0x250 [ 785.813237] ? may_open_dev+0xe0/0xe0 12:26:57 executing program 5: getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r1, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r1, &(0x7f0000000340)=ANY=[], 0xff0e) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r2, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r0, 0x0, r1, 0x0, 0x100000000, 0x0) write$binfmt_aout(r2, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) [ 785.817058] ? _raw_spin_unlock+0x2d/0x50 [ 785.821213] ? __alloc_fd+0x1d4/0x4a0 [ 785.825031] do_sys_open+0x2c5/0x430 [ 785.828755] ? filp_open+0x70/0x70 [ 785.832308] SyS_open+0x2d/0x40 [ 785.835590] ? do_sys_open+0x430/0x430 [ 785.839490] do_syscall_64+0x1e8/0x640 [ 785.843384] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 785.848237] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 785.853430] RIP: 0033:0x459879 [ 785.856621] RSP: 002b:00007feaaa924c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 785.864333] RAX: ffffffffffffffda RBX: 00007feaaa924c90 RCX: 0000000000459879 [ 785.871609] RDX: 0000000000000000 RSI: 0000000000141043 RDI: 0000000020000100 [ 785.878881] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 785.886149] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feaaa9256d4 [ 785.893424] R13: 00000000004f907f R14: 00000000004dac90 R15: 0000000000000004 [ 785.900724] CPU: 0 PID: 20795 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 785.907865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 785.917224] Call Trace: [ 785.917246] dump_stack+0x138/0x197 [ 785.917262] should_fail.cold+0x10f/0x159 [ 785.917276] should_failslab+0xdb/0x130 [ 785.917293] kmem_cache_alloc_node_trace+0x280/0x770 [ 785.921058] audit: type=1804 audit(1567427218.025:156): pid=20791 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="add_template_measure" cause="ENOMEM" comm="syz-executor.2" name="/root/syzkaller-testdir449530266/syzkaller.Y6D8DH/542/file0/bus" dev="loop2" ino=27 res=0 [ 785.923492] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 785.923510] __kmalloc_node_track_caller+0x3d/0x80 [ 785.974908] __kmalloc_reserve.isra.0+0x40/0xe0 [ 785.979564] __alloc_skb+0xcf/0x500 [ 785.983171] ? skb_scrub_packet+0x4b0/0x4b0 [ 785.987478] ? __local_bh_enable_ip+0x99/0x1a0 [ 785.992043] alloc_skb_with_frags+0x86/0x4b0 [ 785.996438] ? retint_kernel+0x2d/0x2d [ 786.000340] ? trace_hardirqs_on_caller+0x400/0x590 [ 786.005343] sock_alloc_send_pskb+0x5db/0x740 [ 786.009838] ? sock_wmalloc+0xf0/0xf0 [ 786.013620] ? lock_downgrade+0x6e0/0x6e0 [ 786.017771] packet_sendmsg+0x16c4/0x5a70 [ 786.021916] ? avc_has_perm_noaudit+0x420/0x420 [ 786.026566] ? retint_kernel+0x2d/0x2d [ 786.030437] ? __might_fault+0x110/0x1d0 [ 786.034481] ? find_held_lock+0x35/0x130 [ 786.038525] ? __might_fault+0x110/0x1d0 [ 786.042572] ? rw_copy_check_uvector+0x1f1/0x290 [ 786.047323] ? packet_notifier+0x760/0x760 [ 786.051547] ? copy_msghdr_from_user+0x292/0x3f0 [ 786.056306] ? selinux_socket_sendmsg+0x36/0x40 [ 786.060960] ? security_socket_sendmsg+0x89/0xb0 [ 786.065700] ? packet_notifier+0x760/0x760 [ 786.069935] sock_sendmsg+0xce/0x110 [ 786.073634] ___sys_sendmsg+0x349/0x840 [ 786.077592] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 786.082353] ? mark_held_locks+0xb1/0x100 [ 786.086487] ? trace_hardirqs_on+0x10/0x10 [ 786.090706] ? retint_kernel+0x2d/0x2d [ 786.094577] ? save_trace+0x290/0x290 [ 786.098361] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 786.103101] ? __might_fault+0x110/0x1d0 [ 786.107145] ? find_held_lock+0x35/0x130 [ 786.111187] ? __might_fault+0x110/0x1d0 [ 786.115263] __sys_sendmmsg+0x152/0x3a0 [ 786.119221] ? SyS_sendmsg+0x50/0x50 [ 786.122918] ? retint_kernel+0x2d/0x2d [ 786.126786] ? trace_hardirqs_on_caller+0x400/0x590 [ 786.131790] ? check_preemption_disabled+0x3c/0x250 [ 786.136792] ? retint_kernel+0x2d/0x2d [ 786.140670] ? SyS_write+0x15e/0x230 [ 786.144367] SyS_sendmmsg+0x35/0x60 [ 786.147975] ? __sys_sendmmsg+0x3a0/0x3a0 [ 786.152143] do_syscall_64+0x1e8/0x640 [ 786.156016] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 786.160850] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 786.166043] RIP: 0033:0x459879 [ 786.169219] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 786.176914] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 786.184187] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 786.191443] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 786.198694] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 786.205945] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:26:59 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) ioctl$sock_SIOCINQ(r2, 0x541b, &(0x7f0000000000)) tkill(r0, 0x1000000000013) 12:26:59 executing program 2 (fault-call:3 fault-nth:17): syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:26:59 executing program 1 (fault-call:13 fault-nth:58): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:26:59 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:26:59 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) tkill(r0, 0x1000000000013) [ 787.667174] FAULT_INJECTION: forcing a failure. [ 787.667174] name failslab, interval 1, probability 0, space 0, times 0 [ 787.678718] FAULT_INJECTION: forcing a failure. [ 787.678718] name failslab, interval 1, probability 0, space 0, times 0 [ 787.678749] CPU: 0 PID: 20819 Comm: syz-executor.2 Not tainted 4.14.141 #37 [ 787.678755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 787.678760] Call Trace: [ 787.678778] dump_stack+0x138/0x197 [ 787.678798] should_fail.cold+0x10f/0x159 [ 787.678816] should_failslab+0xdb/0x130 [ 787.678833] kmem_cache_alloc_trace+0x2e9/0x790 [ 787.678855] ima_add_digest_entry+0x51/0x430 [ 787.678867] ima_add_template_entry+0x2cf/0x550 [ 787.678880] ? ima_get_binary_runtime_size+0x40/0x40 [ 787.678892] ? kzfree+0x29/0x30 [ 787.678902] ? crypto_destroy_tfm+0x147/0x2f0 [ 787.678919] ima_store_template+0x1a4/0x260 [ 787.678932] ? ima_alloc_init_template+0x3a0/0x3a0 [ 787.678949] ima_store_measurement+0x1a4/0x330 [ 787.678962] ? ima_collect_measurement+0x450/0x450 [ 787.678970] ? kmem_cache_alloc+0x611/0x780 [ 787.678987] ? ima_d_path+0xaf/0x1de [ 787.678998] process_measurement+0x948/0xb80 [ 787.679014] ? ima_rdwr_violation_check+0x3f0/0x3f0 [ 787.679029] ? inode_has_perm.isra.0+0x15c/0x1e0 [ 787.679042] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 787.679051] ? fsnotify+0x11e0/0x11e0 [ 787.679063] ? inode_has_perm.isra.0+0x1e0/0x1e0 [ 787.679073] ? lock_downgrade+0x66c/0x6e0 [ 787.679092] ? file_ra_state_init+0xc9/0x1e0 [ 787.679111] ? do_dentry_open+0x452/0xeb0 [ 787.816853] ima_file_check+0x30/0x40 [ 787.820695] path_openat+0x1626/0x3f70 [ 787.824601] ? get_pid_task+0x98/0x140 [ 787.828506] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 787.833178] ? save_trace+0x290/0x290 [ 787.836980] ? __alloc_fd+0x1d4/0x4a0 [ 787.840786] do_filp_open+0x18e/0x250 [ 787.844618] ? may_open_dev+0xe0/0xe0 [ 787.848438] ? _raw_spin_unlock+0x2d/0x50 [ 787.852584] ? __alloc_fd+0x1d4/0x4a0 [ 787.856391] do_sys_open+0x2c5/0x430 [ 787.860113] ? filp_open+0x70/0x70 [ 787.863665] SyS_open+0x2d/0x40 [ 787.866953] ? do_sys_open+0x430/0x430 [ 787.870853] do_syscall_64+0x1e8/0x640 [ 787.874743] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 787.879604] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 787.884798] RIP: 0033:0x459879 [ 787.887991] RSP: 002b:00007feaaa924c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 787.895705] RAX: ffffffffffffffda RBX: 00007feaaa924c90 RCX: 0000000000459879 [ 787.902977] RDX: 0000000000000000 RSI: 0000000000141043 RDI: 0000000020000100 [ 787.910254] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 787.917534] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feaaa9256d4 [ 787.924806] R13: 00000000004f907f R14: 00000000004dac90 R15: 0000000000000004 [ 787.936174] CPU: 1 PID: 20821 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 787.943310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 787.947446] ima: OUT OF MEMORY ERROR creating queue entry [ 787.952670] Call Trace: [ 787.952695] dump_stack+0x138/0x197 [ 787.952713] should_fail.cold+0x10f/0x159 12:27:00 executing program 3: inotify_init1(0x800) r0 = getpid() write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000340)=ANY=[], 0xff0e) close(0xffffffffffffffff) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) r2 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x401, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x1f, &(0x7f00000000c0)=0x800000100000001, 0xfffffffffffffe29) connect$inet6(r1, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) write$P9_ROPEN(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x71, 0x1, {{0x4}, 0x4}}, 0x18) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) write$binfmt_aout(r1, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x2}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:00 executing program 2 (fault-call:3 fault-nth:18): syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) [ 787.952726] should_failslab+0xdb/0x130 [ 787.952739] kmem_cache_alloc_node+0x287/0x780 [ 787.952755] ? pci_mmcfg_check_reserved+0x150/0x150 [ 787.964505] __alloc_skb+0x9c/0x500 [ 787.972591] ? skb_scrub_packet+0x4b0/0x4b0 [ 787.972604] ? preempt_schedule+0x4b/0x60 [ 787.972614] ? ___preempt_schedule+0x16/0x18 [ 787.972625] alloc_skb_with_frags+0x86/0x4b0 [ 787.972636] ? trace_hardirqs_on+0x10/0x10 [ 787.972646] ? __local_bh_enable_ip+0x15e/0x1a0 [ 787.972663] sock_alloc_send_pskb+0x5db/0x740 12:27:00 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffd000/0x2000)=nil) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) r6 = getegid() getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000340)={0x0, 0x0}, &(0x7f0000000380)=0xc) lstat(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) shmctl$IPC_SET(r4, 0x1, &(0x7f0000000480)={{0x4, r5, r6, r7, r8, 0x80, 0x9}, 0x0, 0x40000000000, 0x1, 0x32fd, r0, r0, 0x9}) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89b7f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe4500"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) ioctl$PPPIOCSMRRU(r2, 0x4004743b, &(0x7f0000000000)=0x1) setsockopt$inet6_tcp_TLS_TX(r3, 0x6, 0x1, &(0x7f0000000500)=@ccm_128={{0x303}, "60c73f5cfaac4ce6", "68c81a058aa79b32f970613c5a6d3bb8", "1b628f76", "b20eead4efb95ce4"}, 0x28) [ 788.002894] audit: type=1804 audit(1567427220.055:157): pid=20819 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="add_template_measure" cause="ENOMEM" comm="syz-executor.2" name="/root/syzkaller-testdir449530266/syzkaller.Y6D8DH/543/file0/bus" dev="loop2" ino=28 res=0 [ 788.003119] ? sock_wmalloc+0xf0/0xf0 [ 788.044157] ? lock_downgrade+0x6e0/0x6e0 [ 788.044175] packet_sendmsg+0x16c4/0x5a70 [ 788.044185] ? avc_has_perm_noaudit+0x420/0x420 [ 788.044200] ? retint_kernel+0x2d/0x2d [ 788.064840] ? __might_fault+0x110/0x1d0 [ 788.068908] ? find_held_lock+0x35/0x130 [ 788.072969] ? __might_fault+0x110/0x1d0 [ 788.077025] ? rw_copy_check_uvector+0x1f1/0x290 [ 788.077048] ? packet_notifier+0x760/0x760 [ 788.077064] ? copy_msghdr_from_user+0x292/0x3f0 [ 788.090790] ? selinux_socket_sendmsg+0x36/0x40 [ 788.095475] ? security_socket_sendmsg+0x89/0xb0 [ 788.100251] ? packet_notifier+0x760/0x760 [ 788.104498] sock_sendmsg+0xce/0x110 [ 788.108218] ___sys_sendmsg+0x349/0x840 [ 788.112196] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 788.116966] ? trace_hardirqs_on+0x10/0x10 [ 788.121201] ? retint_kernel+0x2d/0x2d [ 788.125088] ? save_trace+0x290/0x290 [ 788.128944] ? trace_hardirqs_on_caller+0x400/0x590 [ 788.133972] ? __might_fault+0x110/0x1d0 [ 788.138036] ? find_held_lock+0x35/0x130 [ 788.142100] ? __might_fault+0x110/0x1d0 [ 788.146184] __sys_sendmmsg+0x152/0x3a0 [ 788.150164] ? SyS_sendmsg+0x50/0x50 [ 788.153889] ? lock_downgrade+0x6e0/0x6e0 [ 788.158047] ? __mutex_unlock_slowpath+0x71/0x800 [ 788.162895] ? check_preemption_disabled+0x3c/0x250 [ 788.167922] ? wait_for_completion+0x420/0x420 [ 788.172510] ? __sb_end_write+0xc1/0x100 [ 788.176577] ? SyS_write+0x15e/0x230 [ 788.180300] SyS_sendmmsg+0x35/0x60 [ 788.183927] ? __sys_sendmmsg+0x3a0/0x3a0 [ 788.188080] do_syscall_64+0x1e8/0x640 [ 788.191989] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 788.196856] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 788.202052] RIP: 0033:0x459879 [ 788.205241] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 788.212937] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 788.220197] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 788.227458] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 788.234718] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 788.241975] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:00 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:00 executing program 1 (fault-call:13 fault-nth:59): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 788.371110] FAULT_INJECTION: forcing a failure. [ 788.371110] name failslab, interval 1, probability 0, space 0, times 0 [ 788.377451] FAULT_INJECTION: forcing a failure. [ 788.377451] name failslab, interval 1, probability 0, space 0, times 0 [ 788.387293] CPU: 0 PID: 20852 Comm: syz-executor.2 Not tainted 4.14.141 #37 [ 788.400872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 788.410238] Call Trace: [ 788.412842] dump_stack+0x138/0x197 [ 788.416471] should_fail.cold+0x10f/0x159 [ 788.420620] should_failslab+0xdb/0x130 [ 788.424599] __kmalloc+0x2f0/0x7a0 [ 788.428148] ? ima_write_template_field_data.isra.0+0xf7/0x1b0 [ 788.434120] ima_write_template_field_data.isra.0+0xf7/0x1b0 [ 788.439947] ima_eventname_init_common+0x122/0x1a0 [ 788.444898] ima_eventname_ng_init+0x20/0x30 [ 788.449312] ima_alloc_init_template+0x241/0x3a0 [ 788.454091] ima_store_measurement+0x17b/0x330 [ 788.458683] ? ima_collect_measurement+0x450/0x450 [ 788.463634] ? kmem_cache_alloc+0x611/0x780 [ 788.467977] ? ima_d_path+0xaf/0x1de [ 788.471717] process_measurement+0x948/0xb80 [ 788.476252] ? ima_rdwr_violation_check+0x3f0/0x3f0 [ 788.481292] ? inode_has_perm.isra.0+0x15c/0x1e0 [ 788.486054] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 788.492723] ? fsnotify+0x11e0/0x11e0 [ 788.496527] ? inode_has_perm.isra.0+0x1e0/0x1e0 [ 788.501281] ? lock_downgrade+0x66c/0x6e0 [ 788.505450] ? file_ra_state_init+0xc9/0x1e0 [ 788.509862] ? do_dentry_open+0x452/0xeb0 [ 788.514021] ima_file_check+0x30/0x40 [ 788.517822] path_openat+0x1626/0x3f70 [ 788.521713] ? trace_hardirqs_on+0x10/0x10 [ 788.525956] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 788.530655] ? find_held_lock+0x35/0x130 [ 788.534724] ? save_trace+0x290/0x290 [ 788.538526] ? __alloc_fd+0x1d4/0x4a0 [ 788.542328] do_filp_open+0x18e/0x250 [ 788.546127] ? may_open_dev+0xe0/0xe0 [ 788.549937] ? _raw_spin_unlock+0x2d/0x50 [ 788.554090] ? __alloc_fd+0x1d4/0x4a0 [ 788.557905] do_sys_open+0x2c5/0x430 [ 788.561621] ? filp_open+0x70/0x70 [ 788.565163] SyS_open+0x2d/0x40 [ 788.568437] ? do_sys_open+0x430/0x430 [ 788.572328] do_syscall_64+0x1e8/0x640 [ 788.576210] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 788.581065] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 788.586254] RIP: 0033:0x459879 [ 788.589438] RSP: 002b:00007feaaa924c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 788.597148] RAX: ffffffffffffffda RBX: 00007feaaa924c90 RCX: 0000000000459879 [ 788.604420] RDX: 0000000000000000 RSI: 0000000000141043 RDI: 0000000020000100 [ 788.611687] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 788.618987] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feaaa9256d4 [ 788.626255] R13: 00000000004f907f R14: 00000000004dac90 R15: 0000000000000004 [ 788.636114] audit: type=1804 audit(1567427220.755:158): pid=20852 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="add_template_measure" cause="ENOMEM" comm="syz-executor.2" name="/root/syzkaller-testdir449530266/syzkaller.Y6D8DH/544/file0/bus" dev="loop2" ino=29 res=0 [ 788.644948] CPU: 1 PID: 20850 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 788.670936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 788.680308] Call Trace: [ 788.682921] dump_stack+0x138/0x197 [ 788.686574] should_fail.cold+0x10f/0x159 [ 788.690733] should_failslab+0xdb/0x130 [ 788.694715] kmem_cache_alloc_node_trace+0x280/0x770 [ 788.699831] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 788.705298] __kmalloc_node_track_caller+0x3d/0x80 [ 788.710236] __kmalloc_reserve.isra.0+0x40/0xe0 [ 788.714917] __alloc_skb+0xcf/0x500 [ 788.718544] ? skb_scrub_packet+0x4b0/0x4b0 [ 788.722877] ? __local_bh_enable_ip+0x99/0x1a0 [ 788.727469] alloc_skb_with_frags+0x86/0x4b0 [ 788.731884] ? trace_hardirqs_on+0x10/0x10 [ 788.736116] ? __local_bh_enable_ip+0x99/0x1a0 [ 788.740703] sock_alloc_send_pskb+0x5db/0x740 [ 788.745203] ? sock_wmalloc+0xf0/0xf0 [ 788.749006] ? lock_downgrade+0x6e0/0x6e0 [ 788.753166] packet_sendmsg+0x16c4/0x5a70 [ 788.757325] ? avc_has_perm_noaudit+0x420/0x420 [ 788.761996] ? __might_fault+0x110/0x1d0 [ 788.766070] ? find_held_lock+0x35/0x130 [ 788.770137] ? __might_fault+0x110/0x1d0 [ 788.774201] ? rw_copy_check_uvector+0x1f1/0x290 [ 788.778972] ? packet_notifier+0x760/0x760 [ 788.783213] ? copy_msghdr_from_user+0x292/0x3f0 [ 788.787980] ? selinux_socket_sendmsg+0x36/0x40 [ 788.792656] ? security_socket_sendmsg+0x89/0xb0 [ 788.797505] ? packet_notifier+0x760/0x760 [ 788.801740] sock_sendmsg+0xce/0x110 [ 788.805456] ___sys_sendmsg+0x349/0x840 [ 788.809521] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 788.814287] ? trace_hardirqs_on+0x10/0x10 [ 788.818530] ? check_preemption_disabled+0x3c/0x250 [ 788.823549] ? save_trace+0x290/0x290 [ 788.827355] ? __might_fault+0x110/0x1d0 [ 788.831419] ? find_held_lock+0x35/0x130 [ 788.835487] ? __might_fault+0x110/0x1d0 [ 788.839570] __sys_sendmmsg+0x152/0x3a0 [ 788.843549] ? SyS_sendmsg+0x50/0x50 [ 788.847271] ? lock_downgrade+0x6e0/0x6e0 [ 788.851431] ? retint_kernel+0x2d/0x2d [ 788.855325] ? trace_hardirqs_on_caller+0x400/0x590 [ 788.860347] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 788.865112] ? check_preemption_disabled+0x3c/0x250 [ 788.870140] SyS_sendmmsg+0x35/0x60 [ 788.873766] ? __sys_sendmmsg+0x3a0/0x3a0 [ 788.877915] do_syscall_64+0x1e8/0x640 [ 788.881801] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 788.886662] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 788.891853] RIP: 0033:0x459879 [ 788.895042] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 788.902768] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 788.910205] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 12:27:01 executing program 2 (fault-call:3 fault-nth:19): syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:27:01 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x0, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 788.917463] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 788.924718] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 788.931982] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 [ 789.065258] FAULT_INJECTION: forcing a failure. [ 789.065258] name failslab, interval 1, probability 0, space 0, times 0 [ 789.077726] CPU: 1 PID: 20866 Comm: syz-executor.2 Not tainted 4.14.141 #37 [ 789.084849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 789.094203] Call Trace: [ 789.096796] dump_stack+0x138/0x197 [ 789.100434] should_fail.cold+0x10f/0x159 [ 789.106388] should_failslab+0xdb/0x130 [ 789.110356] __kmalloc+0x2f0/0x7a0 [ 789.113882] ? up_read+0x1a/0x40 [ 789.117235] ? crypto_alg_lookup+0x41/0x50 [ 789.121453] ? crypto_create_tfm+0x82/0x2e0 [ 789.125759] crypto_create_tfm+0x82/0x2e0 [ 789.129915] crypto_alloc_tfm+0x119/0x2f0 [ 789.134148] ? __kmalloc+0x376/0x7a0 [ 789.137866] crypto_alloc_shash+0x2d/0x40 [ 789.142002] ima_alloc_tfm+0x8b/0xc0 [ 789.145710] ima_calc_field_array_hash+0x49/0xc0 [ 789.150453] ima_store_template+0x111/0x260 [ 789.154766] ? ima_alloc_init_template+0x3a0/0x3a0 [ 789.159683] ? ima_alloc_init_template+0x272/0x3a0 [ 789.164603] ima_store_measurement+0x1a4/0x330 [ 789.170136] ? ima_collect_measurement+0x450/0x450 [ 789.175067] ? kmem_cache_alloc+0x611/0x780 [ 789.179380] ? ima_d_path+0xaf/0x1de [ 789.183078] process_measurement+0x948/0xb80 [ 789.187473] ? ima_rdwr_violation_check+0x3f0/0x3f0 [ 789.192587] ? inode_has_perm.isra.0+0x15c/0x1e0 [ 789.197337] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 789.204006] ? fsnotify+0x11e0/0x11e0 [ 789.207796] ? inode_has_perm.isra.0+0x1e0/0x1e0 [ 789.212538] ? lock_downgrade+0x66c/0x6e0 [ 789.216672] ? file_ra_state_init+0xc9/0x1e0 [ 789.221062] ? do_dentry_open+0x452/0xeb0 [ 789.225201] ima_file_check+0x30/0x40 [ 789.228987] path_openat+0x1626/0x3f70 [ 789.232878] ? trace_hardirqs_on+0x10/0x10 [ 789.237102] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 789.241750] ? find_held_lock+0x35/0x130 [ 789.245792] ? save_trace+0x290/0x290 [ 789.249581] ? __alloc_fd+0x1d4/0x4a0 [ 789.253371] do_filp_open+0x18e/0x250 [ 789.257159] ? may_open_dev+0xe0/0xe0 [ 789.260949] ? _raw_spin_unlock+0x2d/0x50 [ 789.265082] ? __alloc_fd+0x1d4/0x4a0 [ 789.268875] do_sys_open+0x2c5/0x430 [ 789.272576] ? filp_open+0x70/0x70 [ 789.276104] SyS_open+0x2d/0x40 [ 789.279368] ? do_sys_open+0x430/0x430 [ 789.283253] do_syscall_64+0x1e8/0x640 [ 789.287125] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 789.291962] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 789.297156] RIP: 0033:0x459879 [ 789.300332] RSP: 002b:00007feaaa924c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 789.308020] RAX: ffffffffffffffda RBX: 00007feaaa924c90 RCX: 0000000000459879 [ 789.315310] RDX: 0000000000000000 RSI: 0000000000141043 RDI: 0000000020000100 [ 789.330157] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 789.337419] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feaaa9256d4 [ 789.344674] R13: 00000000004f907f R14: 00000000004dac90 R15: 0000000000000004 [ 789.352819] ima: Can not allocate sha1 (reason: -12) [ 789.358247] audit: type=1804 audit(1567427221.475:159): pid=20866 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="add_template_measure" cause="hashing_error" comm="syz-executor.2" name="ima-ng" dev="loop2" ino=30 res=0 12:27:02 executing program 4: r0 = getpid() pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) prctl$PR_CAPBSET_DROP(0x18, 0x6) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:02 executing program 1 (fault-call:13 fault-nth:60): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:02 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x0, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:02 executing program 2 (fault-call:3 fault-nth:20): syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:27:02 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) tkill(r0, 0x1000000000013) [ 790.694419] FAULT_INJECTION: forcing a failure. [ 790.694419] name failslab, interval 1, probability 0, space 0, times 0 [ 790.711021] FAULT_INJECTION: forcing a failure. [ 790.711021] name failslab, interval 1, probability 0, space 0, times 0 [ 790.730342] CPU: 0 PID: 20875 Comm: syz-executor.2 Not tainted 4.14.141 #37 [ 790.737506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 790.746873] Call Trace: [ 790.749489] dump_stack+0x138/0x197 [ 790.753141] should_fail.cold+0x10f/0x159 [ 790.757312] should_failslab+0xdb/0x130 [ 790.761302] kmem_cache_alloc_trace+0x2e9/0x790 [ 790.765986] ima_add_digest_entry+0x51/0x430 [ 790.770400] ima_add_template_entry+0x2cf/0x550 [ 790.775072] ? ima_get_binary_runtime_size+0x40/0x40 [ 790.780195] ? kzfree+0x29/0x30 [ 790.783473] ? crypto_destroy_tfm+0x147/0x2f0 [ 790.787972] ima_store_template+0x1a4/0x260 [ 790.792289] ? ima_alloc_init_template+0x3a0/0x3a0 [ 790.797259] ima_store_measurement+0x1a4/0x330 [ 790.801851] ? ima_collect_measurement+0x450/0x450 [ 790.806786] ? kmem_cache_alloc+0x611/0x780 [ 790.811112] ? ima_d_path+0xaf/0x1de [ 790.814824] process_measurement+0x948/0xb80 [ 790.819263] ? ima_rdwr_violation_check+0x3f0/0x3f0 [ 790.824286] ? inode_has_perm.isra.0+0x15c/0x1e0 [ 790.829047] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 790.835708] ? fsnotify+0x11e0/0x11e0 [ 790.839511] ? inode_has_perm.isra.0+0x1e0/0x1e0 [ 790.844266] ? lock_downgrade+0x66c/0x6e0 [ 790.848417] ? file_ra_state_init+0xc9/0x1e0 [ 790.852831] ? do_dentry_open+0x452/0xeb0 [ 790.856994] ima_file_check+0x30/0x40 [ 790.860796] path_openat+0x1626/0x3f70 [ 790.864688] ? trace_hardirqs_on+0x10/0x10 [ 790.868958] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 790.873624] ? find_held_lock+0x35/0x130 [ 790.877679] ? save_trace+0x290/0x290 [ 790.881482] ? __alloc_fd+0x1d4/0x4a0 [ 790.885293] do_filp_open+0x18e/0x250 [ 790.889098] ? may_open_dev+0xe0/0xe0 12:27:03 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) accept$ax25(r1, &(0x7f0000000200)={{0x3, @netrom}, [@null, @bcast, @netrom, @netrom, @default, @default, @bcast, @bcast]}, &(0x7f0000000000)=0x48) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) socket$bt_rfcomm(0x1f, 0x3, 0x3) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000a80)=@nat={'nat\x00', 0x1b, 0x5, 0x798, 0x2f0, 0x490, 0x588, 0x490, 0x490, 0x6c8, 0x6c8, 0x6c8, 0x6c8, 0x6c8, 0x5, &(0x7f00000002c0), {[{{@ipv6={@empty, @loopback, [0xff, 0xff000000, 0x0, 0xffffffff], [0xffffff00, 0xffffff00, 0xffffffff, 0xff000000], 'erspan0\x00', 'veth1_to_bridge\x00', {}, {0xff}, 0x0, 0xff, 0x3, 0xd}, 0x0, 0x2a8, 0x2f0, 0x0, {}, [@common=@unspec=@physdev={0x98, 'physdev\x00', 0x0, {'tunl0\x00', {}, 'veth1_to_team\x00', {0xff}, 0x4}}, @common=@inet=@sctp={0x148, 'sctp\x00', 0x0, {0x4e24, 0x4e22, 0x4e20, 0x4e23, [0x8, 0xfffffffffffffff9, 0x7fff, 0x6, 0x1ff, 0x7, 0x5, 0x100000000, 0x3, 0xff, 0x7fff, 0xed1, 0x24, 0x0, 0x5, 0x1, 0x0, 0x1, 0x5, 0x9, 0xb07, 0x5, 0x2, 0x0, 0x3, 0x35a, 0xffff, 0x4c3595ea, 0x40, 0x9, 0x9, 0x8, 0x3, 0x6, 0x7, 0x2, 0x6, 0x10001, 0x5, 0x9, 0x5, 0x1ff, 0x200, 0x8, 0x1, 0x4, 0x5, 0x9, 0x100, 0x3, 0xfffffffffffffffc, 0x6, 0x7f, 0x0, 0x800, 0x7, 0x4, 0x0, 0x100, 0x5, 0x10001, 0x3, 0x1, 0x6], 0x7, [{0x7, 0x2, 0x3}, {0x7ff, 0x3, 0x8}, {0x7616, 0xe57, 0x81}, {0x1, 0x7, 0x8}], 0x1, 0x4, 0x4}}]}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x12, @ipv6=@empty, @ipv6=@local, @port=0x4e20, @port=0x4e24}}}, {{@uncond, 0x0, 0x158, 0x1a0, 0x0, {}, [@common=@dst={0x48, 'dst\x00', 0x0, {0xffffffff, 0x6, 0x1, [0x4, 0x8, 0xffffffffffffffa6, 0xcc, 0x0, 0x4, 0x4, 0x2, 0x10000, 0x55, 0x3, 0x80e6, 0x8, 0x1000, 0x9], 0xd}}, @common=@dst={0x48, 'dst\x00', 0x0, {0x6, 0x4, 0x1, [0x3, 0x4, 0x4, 0x6, 0x101, 0x3, 0x0, 0x8, 0xfffffffeffffffff, 0x4, 0x10001, 0x34, 0xdc, 0xfff, 0x1, 0x5], 0x7}}]}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x0, @ipv4=@loopback, @ipv4=@loopback, @port=0x4e21, @icmp_id}}}, {{@uncond, 0x0, 0xc8, 0xf8}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x8, 0x81, 0x1, 0x162759923f4562d0}}}, {{@ipv6={@mcast2, @empty, [0xffffffff, 0xff000000, 0xffffffff, 0xff], [0xffffff00, 0xff000000, 0x0, 0xff], 'ip6_vti0\x00', 'veth1_to_hsr\x00', {}, {}, 0x3b, 0x10001, 0x1, 0x67}, 0x0, 0xf8, 0x140, 0x0, {}, [@common=@srh={0x30, 'srh\x00', 0x0, {0x88, 0x416e, 0x5, 0x6, 0x100000001, 0x404, 0x20}}]}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x10, @ipv4=@remote, @ipv6=@ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x15}}, @port=0x4e21, @port=0x4e21}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x7f8) write$FUSE_BMAP(r1, &(0x7f0000000080)={0x18, 0x0, 0x3, {0x5}}, 0x18) tkill(r0, 0x1000000000013) [ 790.892911] ? _raw_spin_unlock+0x2d/0x50 [ 790.897056] ? __alloc_fd+0x1d4/0x4a0 [ 790.900867] do_sys_open+0x2c5/0x430 [ 790.904588] ? filp_open+0x70/0x70 [ 790.908130] SyS_open+0x2d/0x40 [ 790.911403] ? do_sys_open+0x430/0x430 [ 790.915312] do_syscall_64+0x1e8/0x640 [ 790.919204] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 790.924058] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 790.929249] RIP: 0033:0x459879 [ 790.932444] RSP: 002b:00007feaaa924c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 12:27:03 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x0, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 790.940151] RAX: ffffffffffffffda RBX: 00007feaaa924c90 RCX: 0000000000459879 [ 790.940157] RDX: 0000000000000000 RSI: 0000000000141043 RDI: 0000000020000100 [ 790.940161] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 790.940166] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feaaa9256d4 [ 790.940170] R13: 00000000004f907f R14: 00000000004dac90 R15: 0000000000000004 [ 790.978598] CPU: 1 PID: 20874 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 790.985733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 790.991104] ima: OUT OF MEMORY ERROR creating queue entry [ 790.995105] Call Trace: [ 790.995128] dump_stack+0x138/0x197 [ 790.995147] should_fail.cold+0x10f/0x159 [ 790.995163] should_failslab+0xdb/0x130 [ 790.995177] kmem_cache_alloc_node+0x287/0x780 [ 790.995190] ? __dev_queue_xmit+0x1e29/0x25e0 [ 790.995203] __alloc_skb+0x9c/0x500 [ 790.995210] ? skb_scrub_packet+0x4b0/0x4b0 [ 790.995222] ? __local_bh_enable_ip+0x99/0x1a0 [ 790.995231] alloc_skb_with_frags+0x86/0x4b0 [ 790.995242] ? trace_hardirqs_on+0x10/0x10 [ 790.995251] ? __local_bh_enable_ip+0x99/0x1a0 [ 790.995266] sock_alloc_send_pskb+0x5db/0x740 [ 790.995281] ? sock_wmalloc+0xf0/0xf0 [ 790.995295] ? packet_sendmsg+0x1405/0x5a70 [ 790.995303] packet_sendmsg+0x16c4/0x5a70 [ 790.995311] ? avc_has_perm_noaudit+0x420/0x420 [ 790.995323] ? lock_release+0x44d/0x940 [ 790.995335] ? rw_copy_check_uvector+0x1f1/0x290 [ 790.995350] ? __kprobes_text_end+0x3e880/0x3e880 [ 790.995361] ? packet_notifier+0x760/0x760 12:27:03 executing program 3: r0 = getpid() pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) ioctl$sock_rose_SIOCDELRT(r1, 0x890c, &(0x7f00000002c0)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x8001, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={'rose', 0x0}, 0x1, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @bcast, @bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) setsockopt$inet_sctp6_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f0000000000)=0x8, 0x4) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) ioctl$VIDIOC_G_JPEGCOMP(r1, 0x808c563d, &(0x7f0000000400)) tkill(r0, 0x1000000000013) 12:27:03 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x0, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:03 executing program 2 (fault-call:3 fault-nth:21): syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:27:03 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x0) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f00000002c0)=@ccm_128={{}, "cf97c1ebb6bff977", "8839f0e63a3b1ae0455322c2bc78edc2", "8cbc2dd0", "00942ba063dced9c"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) setsockopt$IP_VS_SO_SET_EDIT(r2, 0x0, 0x483, &(0x7f0000000240)={0x1, @empty, 0x4e21, 0x1, 'nq\x00', 0x2, 0x0, 0x75}, 0x2c) setxattr$trusted_overlay_origin(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='trusted.overlay.origin\x00', &(0x7f0000000180)='y\x00', 0x2, 0x2) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r2, 0x400c6615, &(0x7f0000000200)) [ 791.008068] audit: type=1804 audit(1567427223.095:160): pid=20875 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="add_template_measure" cause="ENOMEM" comm="syz-executor.2" name="/root/syzkaller-testdir449530266/syzkaller.Y6D8DH/546/file0/bus" dev="loop2" ino=31 res=0 [ 791.011269] ? check_preemption_disabled+0x3c/0x250 [ 791.011283] ? __kprobes_text_end+0x3e880/0x3e880 [ 791.011299] ? sock_sendmsg+0x65/0x110 [ 791.011308] ? packet_notifier+0x760/0x760 [ 791.011317] sock_sendmsg+0xce/0x110 [ 791.011326] ___sys_sendmsg+0x349/0x840 [ 791.011336] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 791.032306] ? mark_held_locks+0xb1/0x100 [ 791.032321] ? trace_hardirqs_on+0x10/0x10 [ 791.032329] ? trace_hardirqs_on_caller+0x400/0x590 [ 791.032339] ? save_trace+0x290/0x290 [ 791.032354] ? __might_fault+0x110/0x1d0 [ 791.032364] ? find_held_lock+0x35/0x130 [ 791.050169] ? __might_fault+0x110/0x1d0 [ 791.050196] __sys_sendmmsg+0x152/0x3a0 [ 791.050207] ? SyS_sendmsg+0x50/0x50 [ 791.050223] ? lock_downgrade+0x6e0/0x6e0 [ 791.058503] ? retint_kernel+0x2d/0x2d 12:27:03 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x0, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:03 executing program 1 (fault-call:13 fault-nth:61): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 791.058518] ? trace_hardirqs_on_caller+0x400/0x590 [ 791.058532] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 791.071649] ? check_preemption_disabled+0x3c/0x250 [ 791.071665] ? __sys_sendmmsg+0x3a0/0x3a0 [ 791.080369] SyS_sendmmsg+0x35/0x60 [ 791.080379] ? __sys_sendmmsg+0x3a0/0x3a0 [ 791.080391] do_syscall_64+0x1e8/0x640 [ 791.080399] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 791.080417] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 791.080425] RIP: 0033:0x459879 [ 791.080433] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 12:27:03 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x0, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 791.123599] ORIG_RAX: 0000000000000133 [ 791.123607] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 791.123613] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 791.123618] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 791.123623] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 791.123632] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 [ 791.203095] IPVS: set_ctl: invalid protocol: 1 0.0.0.0:20001 12:27:03 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:03 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TLS_TX(r3, 0x6, 0x1, &(0x7f0000000000)=@gcm_128={{0x304}, "c5f7548331f50bb7", "87afd9ab87c21e8cd00fb1fc2f04708b", "a39aba35", "18f22cf75e0c7251"}, 0x28) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 791.301002] FAULT_INJECTION: forcing a failure. [ 791.301002] name failslab, interval 1, probability 0, space 0, times 0 [ 791.322808] IPVS: set_ctl: invalid protocol: 1 0.0.0.0:20001 [ 791.381003] CPU: 1 PID: 20913 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 791.388163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 791.397537] Call Trace: [ 791.400148] dump_stack+0x138/0x197 [ 791.403793] ? should_fail.cold+0x10a/0x159 [ 791.408133] should_fail.cold+0x10f/0x159 [ 791.412299] should_failslab+0xdb/0x130 [ 791.416293] kmem_cache_alloc_node_trace+0x280/0x770 [ 791.421409] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 791.426882] __kmalloc_node_track_caller+0x3d/0x80 [ 791.431826] __kmalloc_reserve.isra.0+0x40/0xe0 [ 791.436503] __alloc_skb+0xcf/0x500 [ 791.440133] ? skb_scrub_packet+0x4b0/0x4b0 [ 791.444464] ? __local_bh_enable_ip+0x99/0x1a0 [ 791.449056] alloc_skb_with_frags+0x86/0x4b0 [ 791.453560] ? trace_hardirqs_on+0x10/0x10 [ 791.457799] ? __local_bh_enable_ip+0x99/0x1a0 [ 791.462393] sock_alloc_send_pskb+0x5db/0x740 [ 791.466910] ? sock_wmalloc+0xf0/0xf0 [ 791.470711] ? lock_downgrade+0x6e0/0x6e0 [ 791.474867] packet_sendmsg+0x16c4/0x5a70 [ 791.479021] ? avc_has_perm_noaudit+0x420/0x420 [ 791.483694] ? __might_fault+0x110/0x1d0 [ 791.487757] ? find_held_lock+0x35/0x130 [ 791.491817] ? __might_fault+0x110/0x1d0 [ 791.495876] ? rw_copy_check_uvector+0x1f1/0x290 [ 791.500647] ? packet_notifier+0x760/0x760 [ 791.504890] ? trace_hardirqs_on_caller+0x400/0x590 [ 791.509917] ? check_preemption_disabled+0x3c/0x250 [ 791.514936] ? selinux_socket_sendmsg+0x36/0x40 [ 791.519607] ? security_socket_sendmsg+0x89/0xb0 [ 791.524368] ? packet_notifier+0x760/0x760 [ 791.528604] sock_sendmsg+0xce/0x110 [ 791.532316] ___sys_sendmsg+0x349/0x840 [ 791.536287] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 791.541048] ? trace_hardirqs_on+0x10/0x10 [ 791.545290] ? check_preemption_disabled+0x3c/0x250 [ 791.550310] ? save_trace+0x290/0x290 [ 791.554123] ? __might_fault+0x110/0x1d0 [ 791.558186] ? find_held_lock+0x35/0x130 [ 791.562338] ? __might_fault+0x110/0x1d0 [ 791.566416] __sys_sendmmsg+0x152/0x3a0 [ 791.570390] ? SyS_sendmsg+0x50/0x50 [ 791.574107] ? lock_downgrade+0x6e0/0x6e0 [ 791.578263] ? __mutex_unlock_slowpath+0x71/0x800 [ 791.583280] ? check_preemption_disabled+0x3c/0x250 [ 791.588297] ? wait_for_completion+0x420/0x420 [ 791.592886] ? __sb_end_write+0xc1/0x100 [ 791.596954] ? SyS_write+0x15e/0x230 [ 791.600673] SyS_sendmmsg+0x35/0x60 [ 791.604298] ? __sys_sendmmsg+0x3a0/0x3a0 [ 791.608448] do_syscall_64+0x1e8/0x640 [ 791.612334] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 791.617184] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 791.622377] RIP: 0033:0x459879 [ 791.625561] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 791.633267] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 791.640538] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 791.647815] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 791.655086] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 791.662352] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:05 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) tkill(r0, 0x1000000000013) 12:27:05 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/policy\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:27:05 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:05 executing program 1 (fault-call:13 fault-nth:62): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:05 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000005c0)={'vcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000700)={&(0x7f0000000600)={0x1d, r4}, 0x10, &(0x7f00000006c0)={&(0x7f0000000640)=@canfd={{0x4, 0x80000000, 0x200, 0x7f}, 0x20, 0x1, 0x0, 0x0, "491912d887859bd1519e2ddb6d3e625657db3a9a270f9c3607f6d3668ee83e3713666a1fc8945e0c7208a9a372e60e254be9f4fe98a90d6d8babb4ec5c12a891"}, 0x48}, 0x1, 0x0, 0x0, 0x1}, 0x20040801) tkill(r0, 0x1000000000013) 12:27:05 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)=0x0) timer_settime(r4, 0x2, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x77359400}}, 0x0) tkill(r0, 0x1000000000013) [ 793.750443] FAULT_INJECTION: forcing a failure. [ 793.750443] name failslab, interval 1, probability 0, space 0, times 0 12:27:05 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) [ 793.804670] CPU: 0 PID: 20957 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 793.811837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 793.821207] Call Trace: [ 793.823824] dump_stack+0x138/0x197 [ 793.827474] should_fail.cold+0x10f/0x159 [ 793.831644] should_failslab+0xdb/0x130 [ 793.835626] kmem_cache_alloc_node+0x287/0x780 [ 793.840311] __alloc_skb+0x9c/0x500 [ 793.843939] ? skb_scrub_packet+0x4b0/0x4b0 [ 793.848271] ? __local_bh_enable_ip+0x99/0x1a0 [ 793.852863] alloc_skb_with_frags+0x86/0x4b0 [ 793.857285] ? trace_hardirqs_on+0x10/0x10 [ 793.861528] ? __local_bh_enable_ip+0x99/0x1a0 [ 793.866140] sock_alloc_send_pskb+0x5db/0x740 [ 793.870651] ? sock_wmalloc+0xf0/0xf0 [ 793.874463] ? lock_downgrade+0x6e0/0x6e0 [ 793.878623] packet_sendmsg+0x16c4/0x5a70 [ 793.882780] ? avc_has_perm_noaudit+0x420/0x420 [ 793.887458] ? __might_fault+0x110/0x1d0 [ 793.891522] ? find_held_lock+0x35/0x130 [ 793.895589] ? __might_fault+0x110/0x1d0 [ 793.899655] ? rw_copy_check_uvector+0x1f1/0x290 [ 793.904426] ? packet_notifier+0x760/0x760 [ 793.908668] ? copy_msghdr_from_user+0x292/0x3f0 [ 793.913541] ? selinux_socket_sendmsg+0x36/0x40 [ 793.918234] ? security_socket_sendmsg+0x89/0xb0 [ 793.923080] ? packet_notifier+0x760/0x760 [ 793.927403] sock_sendmsg+0xce/0x110 [ 793.931121] ___sys_sendmsg+0x349/0x840 [ 793.935099] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 793.939862] ? trace_hardirqs_on+0x10/0x10 [ 793.944101] ? check_preemption_disabled+0x3c/0x250 [ 793.949121] ? save_trace+0x290/0x290 [ 793.952924] ? __might_fault+0x110/0x1d0 [ 793.956998] ? __might_fault+0x110/0x1d0 [ 793.961071] ? find_held_lock+0x35/0x130 [ 793.965135] ? __might_fault+0x110/0x1d0 [ 793.969217] __sys_sendmmsg+0x152/0x3a0 [ 793.973201] ? SyS_sendmsg+0x50/0x50 [ 793.976926] ? lock_downgrade+0x6e0/0x6e0 [ 793.981079] ? __mutex_unlock_slowpath+0x71/0x800 [ 793.985927] ? check_preemption_disabled+0x3c/0x250 [ 793.990948] ? wait_for_completion+0x420/0x420 [ 793.995539] ? __sb_end_write+0xc1/0x100 [ 793.999615] ? SyS_write+0x15e/0x230 [ 794.003337] SyS_sendmmsg+0x35/0x60 [ 794.006961] ? __sys_sendmmsg+0x3a0/0x3a0 [ 794.011111] do_syscall_64+0x1e8/0x640 [ 794.015088] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 794.019940] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 794.025132] RIP: 0033:0x459879 [ 794.028316] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 794.036033] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 794.043752] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 794.051036] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 794.058310] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 794.065588] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:06 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:06 executing program 1 (fault-call:13 fault-nth:63): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:06 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0xaaaaaaaaaaaa939, &(0x7f0000000000)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x202}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) sendmsg(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="0d3f0650725e685f207979fd092b254a2bc3c4a57ff3730328428b89c6720ad50cbb03cb1302d76d251544dce6f2ad6fac950f6938a77233ec514bb8d9941a87088b35345b6009b567a541d39ecd2988fc5570b9044bd0d2aa1867ba3d50efb481e521408216f0a4ed1e54604d914ba8b72c", 0x72}, {&(0x7f0000000340)="18c4979801322d0e187ba2e4c82b574255be34b18fe7d5f243852d00b50051bc546698c17562dabbb3b211d56cbc629cdaffed602b5e7a396d47af7c15878061cd32c94977a83dc84c6e836222963ed5f20f2d841260b930992857091aa38995fb0c9dd73d5a72b5bd558e8828645a7df313dea16b34f2c975018278b2228e4e9bca4fabb2b20259700d193623a919ce069329fd7505589bce5d3d054b55e78e723c978c213b7732ee6d7ff85acd315b16a3bca9f7613836f401bbd61b3a39ea93e6", 0xc2}, {&(0x7f0000000140)="bff0e6bed24f3365a6584e571ebbee396c56d71902f3d0b0c171e32ca7a8a7afb1d1beaca5b6b9459a94c923df1157b8bdd64a8ef5e8c35c248b0ed21f661aaff4cb3f75b8c864fc5069c0efe49cda579903dd1c", 0x54}], 0x3}, 0x44090) r1 = getgid() r2 = getuid() getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000480)={{{@in6=@empty, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}}}, &(0x7f0000000580)=0xe8) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000005c0)={{{@in=@broadcast, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}, 0x0, @in6=@ipv4={[], [], @multicast1}}}, &(0x7f00000006c0)=0xe8) mount$9p_virtio(&(0x7f0000000240)='vfat\x00', &(0x7f0000000280)='./file0\x00', &(0x7f0000000440)='9p\x00', 0x0, &(0x7f0000000700)={'trans=virtio,', {[{@cache_none='cache=none'}, {@dfltgid={'dfltgid', 0x3d, r1}}], [{@subj_user={'subj_user', 0x3d, 'vfat\x00'}}, {@euid_lt={'euid<', r2}}, {@smackfsroot={'smackfsroot', 0x3d, 'vfat\x00'}}, {@appraise='appraise'}, {@euid_gt={'euid>', r3}}, {@smackfsdef={'smackfsdef', 0x3d, 'vfat\x00'}}, {@fowner_eq={'fowner', 0x3d, r4}}]}}) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) [ 794.233997] FAULT_INJECTION: forcing a failure. [ 794.233997] name failslab, interval 1, probability 0, space 0, times 0 [ 794.255880] CPU: 1 PID: 20978 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 794.263040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 794.274015] Call Trace: [ 794.276621] dump_stack+0x138/0x197 [ 794.280262] ? vprintk_func+0x65/0x159 [ 794.284164] should_fail.cold+0x10f/0x159 [ 794.288329] should_failslab+0xdb/0x130 [ 794.292312] kmem_cache_alloc_node_trace+0x280/0x770 [ 794.297419] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 794.302883] __kmalloc_node_track_caller+0x3d/0x80 [ 794.307816] __kmalloc_reserve.isra.0+0x40/0xe0 [ 794.312487] __alloc_skb+0xcf/0x500 [ 794.316299] ? skb_scrub_packet+0x4b0/0x4b0 [ 794.320621] ? __local_bh_enable_ip+0x99/0x1a0 [ 794.325247] alloc_skb_with_frags+0x86/0x4b0 [ 794.329663] ? trace_hardirqs_on+0x10/0x10 [ 794.333904] ? __local_bh_enable_ip+0x99/0x1a0 [ 794.338497] sock_alloc_send_pskb+0x5db/0x740 [ 794.342999] ? sock_wmalloc+0xf0/0xf0 [ 794.346801] ? packet_sendmsg+0x1491/0x5a70 [ 794.351131] packet_sendmsg+0x16c4/0x5a70 [ 794.355281] ? avc_has_perm_noaudit+0x420/0x420 [ 794.359955] ? trace_hardirqs_on_caller+0x400/0x590 [ 794.364972] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 794.369736] ? rw_copy_check_uvector+0x1f1/0x290 [ 794.374505] ? packet_notifier+0x760/0x760 [ 794.378763] ? copy_msghdr_from_user+0x292/0x3f0 [ 794.383521] ? selinux_socket_sendmsg+0x36/0x40 [ 794.388190] ? security_socket_sendmsg+0x89/0xb0 [ 794.392945] ? packet_notifier+0x760/0x760 [ 794.397179] sock_sendmsg+0xce/0x110 [ 794.401157] ___sys_sendmsg+0x349/0x840 [ 794.405127] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 794.409892] ? trace_hardirqs_on+0x10/0x10 [ 794.414132] ? retint_kernel+0x2d/0x2d [ 794.418020] ? save_trace+0x290/0x290 [ 794.421820] ? trace_hardirqs_on_caller+0x400/0x590 [ 794.426839] ? __might_fault+0x110/0x1d0 [ 794.430897] ? find_held_lock+0x35/0x130 [ 794.434959] ? __might_fault+0x110/0x1d0 [ 794.439062] __sys_sendmmsg+0x152/0x3a0 [ 794.443035] ? SyS_sendmsg+0x50/0x50 [ 794.446757] ? lock_downgrade+0x6e0/0x6e0 [ 794.450909] ? __mutex_unlock_slowpath+0x71/0x800 [ 794.455759] ? check_preemption_disabled+0x3c/0x250 [ 794.460778] ? wait_for_completion+0x420/0x420 [ 794.465355] ? __sb_end_write+0xc1/0x100 [ 794.469424] ? SyS_write+0x15e/0x230 [ 794.473145] SyS_sendmmsg+0x35/0x60 [ 794.476767] ? __sys_sendmmsg+0x3a0/0x3a0 [ 794.480921] do_syscall_64+0x1e8/0x640 [ 794.484818] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 794.489671] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 794.494951] RIP: 0033:0x459879 [ 794.498129] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 794.505834] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 794.513099] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 794.520541] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 794.527794] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 12:27:06 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0xb, [@var={0x3, 0x0, 0x0, 0xe, 0x2, 0x1}, @typedef={0x8, 0x0, 0x0, 0x8, 0x2}]}, {0x0, [0x0, 0x5f, 0x0, 0x0, 0xbf047e9e98e7c31d, 0x30, 0x5f, 0x0, 0x0]}}, &(0x7f00000002c0)=""/202, 0x3f, 0xca, 0x1}, 0x20) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:06 executing program 1 (fault-call:13 fault-nth:64): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 794.535060] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 [ 794.649193] FAULT_INJECTION: forcing a failure. [ 794.649193] name failslab, interval 1, probability 0, space 0, times 0 [ 794.662042] CPU: 0 PID: 20997 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 794.669185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 794.678658] Call Trace: [ 794.681283] dump_stack+0x138/0x197 [ 794.684923] should_fail.cold+0x10f/0x159 [ 794.689074] should_failslab+0xdb/0x130 [ 794.693065] kmem_cache_alloc_node+0x287/0x780 [ 794.697653] ? __dev_queue_xmit+0x1e29/0x25e0 [ 794.702243] __alloc_skb+0x9c/0x500 [ 794.705854] ? skb_scrub_packet+0x4b0/0x4b0 [ 794.710262] ? __local_bh_enable_ip+0x99/0x1a0 [ 794.714903] alloc_skb_with_frags+0x86/0x4b0 [ 794.719300] ? trace_hardirqs_on+0x10/0x10 [ 794.723521] ? __local_bh_enable_ip+0x99/0x1a0 [ 794.728092] sock_alloc_send_pskb+0x5db/0x740 [ 794.732592] ? sock_wmalloc+0xf0/0xf0 [ 794.736397] ? lock_downgrade+0x6e0/0x6e0 [ 794.740623] packet_sendmsg+0x16c4/0x5a70 [ 794.744756] ? avc_has_perm_noaudit+0x420/0x420 [ 794.749417] ? __might_fault+0x110/0x1d0 [ 794.753474] ? find_held_lock+0x35/0x130 [ 794.757618] ? __might_fault+0x110/0x1d0 [ 794.761699] ? rw_copy_check_uvector+0x1f1/0x290 [ 794.766477] ? packet_notifier+0x760/0x760 [ 794.770715] ? copy_msghdr_from_user+0x292/0x3f0 [ 794.775465] ? selinux_socket_sendmsg+0x36/0x40 [ 794.780130] ? security_socket_sendmsg+0x89/0xb0 [ 794.784877] ? packet_notifier+0x760/0x760 [ 794.789115] sock_sendmsg+0xce/0x110 [ 794.792826] ___sys_sendmsg+0x349/0x840 [ 794.796803] ? mark_held_locks+0xb1/0x100 [ 794.800933] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 794.805680] ? trace_hardirqs_on_caller+0x400/0x590 [ 794.810693] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 794.815475] ? check_preemption_disabled+0x3c/0x250 [ 794.820493] ? save_trace+0x290/0x290 [ 794.824289] ? __might_fault+0x110/0x1d0 [ 794.828350] ? __might_fault+0x110/0x1d0 [ 794.832408] ? find_held_lock+0x35/0x130 [ 794.836481] ? __might_fault+0x110/0x1d0 [ 794.840546] __sys_sendmmsg+0x152/0x3a0 [ 794.844511] ? SyS_sendmsg+0x50/0x50 [ 794.848224] ? lock_downgrade+0x6e0/0x6e0 [ 794.852387] ? __mutex_unlock_slowpath+0x71/0x800 [ 794.857225] ? check_preemption_disabled+0x3c/0x250 [ 794.862226] ? wait_for_completion+0x420/0x420 [ 794.866790] ? __sb_end_write+0xc1/0x100 [ 794.870874] ? SyS_write+0x15e/0x230 [ 794.874594] SyS_sendmmsg+0x35/0x60 [ 794.878218] ? __sys_sendmmsg+0x3a0/0x3a0 [ 794.882355] do_syscall_64+0x1e8/0x640 [ 794.886228] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 794.891074] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 794.896257] RIP: 0033:0x459879 [ 794.899429] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 794.907120] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 794.914375] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 794.921652] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 794.928913] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 794.936216] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:08 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:08 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:08 executing program 1 (fault-call:13 fault-nth:65): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:08 executing program 2: r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x0, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000080)={0x42, 0x3, 0x3}, 0x10) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) open(&(0x7f0000000140)='./bus\x00', 0x141043, 0x0) 12:27:08 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f00000002c0)=ANY=[@ANYBLOB="01000000000000000a004e2200000403ff020000000000000000000000000001f40000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000020000000a004e230000003ffe8000000000000000000000000000aaff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e2000000006000000000000000000000000000000001f000000000000000000000029c641716b253ab2000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b1c33be893b7321f1e1c4c55000000"], 0x190) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) ioctl$SIOCGIFHWADDR(r1, 0x8927, &(0x7f0000000000)) ioctl$KVM_GET_PIT2(r2, 0x8070ae9f, &(0x7f0000000480)) 12:27:08 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x112, 0x11}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:08 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) ioctl$TIOCEXCL(r0, 0x540c) fchdir(r0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r0, 0x40045542, &(0x7f0000000000)=0x4) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0xc4) [ 796.780170] FAULT_INJECTION: forcing a failure. [ 796.780170] name failslab, interval 1, probability 0, space 0, times 0 [ 796.804027] CPU: 0 PID: 21018 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 796.811188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 796.820563] Call Trace: [ 796.823172] dump_stack+0x138/0x197 [ 796.827006] ? should_fail.cold+0x10a/0x159 [ 796.831354] should_fail.cold+0x10f/0x159 [ 796.835510] should_failslab+0xdb/0x130 [ 796.839494] kmem_cache_alloc_node_trace+0x280/0x770 [ 796.844602] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 796.850066] __kmalloc_node_track_caller+0x3d/0x80 [ 796.855009] __kmalloc_reserve.isra.0+0x40/0xe0 [ 796.859684] __alloc_skb+0xcf/0x500 [ 796.863313] ? skb_scrub_packet+0x4b0/0x4b0 [ 796.867644] alloc_skb_with_frags+0x86/0x4b0 [ 796.872067] ? trace_hardirqs_on+0x10/0x10 [ 796.876346] sock_alloc_send_pskb+0x5db/0x740 [ 796.880851] ? sock_wmalloc+0xf0/0xf0 [ 796.884656] ? lock_downgrade+0x6e0/0x6e0 [ 796.888818] packet_sendmsg+0x16c4/0x5a70 [ 796.892970] ? avc_has_perm_noaudit+0x420/0x420 [ 796.897644] ? _raw_spin_unlock_irq+0x5e/0x90 [ 796.902148] ? finish_task_switch+0x178/0x650 [ 796.906641] ? finish_task_switch+0x14d/0x650 [ 796.911141] ? switch_mm_irqs_off+0x5e1/0xec0 [ 796.915655] ? packet_notifier+0x760/0x760 [ 796.919898] ? __kprobes_text_end+0x3e880/0x3e880 [ 796.924751] ? selinux_socket_sendmsg+0x36/0x40 [ 796.929425] ? security_socket_sendmsg+0x89/0xb0 [ 796.934179] ? packet_notifier+0x760/0x760 [ 796.938428] sock_sendmsg+0xce/0x110 [ 796.942138] ___sys_sendmsg+0x349/0x840 [ 796.946121] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 796.950878] ? mark_held_locks+0xb1/0x100 [ 796.955050] ? trace_hardirqs_on+0x10/0x10 [ 796.959293] ? retint_kernel+0x2d/0x2d [ 796.963193] ? save_trace+0x290/0x290 [ 796.967000] ? trace_hardirqs_on_caller+0x400/0x590 [ 796.972024] ? __might_fault+0x110/0x1d0 [ 796.976105] ? find_held_lock+0x35/0x130 [ 796.980366] ? __might_fault+0x110/0x1d0 [ 796.984446] __sys_sendmmsg+0x152/0x3a0 [ 796.988420] ? SyS_sendmsg+0x50/0x50 [ 796.992147] ? lock_downgrade+0x6e0/0x6e0 [ 796.996302] ? __mutex_unlock_slowpath+0x71/0x800 [ 797.001153] ? check_preemption_disabled+0x3c/0x250 [ 797.006178] ? wait_for_completion+0x420/0x420 [ 797.010761] ? __sb_end_write+0xc1/0x100 [ 797.014827] ? SyS_write+0x15e/0x230 [ 797.018556] SyS_sendmmsg+0x35/0x60 [ 797.022181] ? __sys_sendmmsg+0x3a0/0x3a0 [ 797.026357] do_syscall_64+0x1e8/0x640 [ 797.030277] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 797.035119] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 797.040294] RIP: 0033:0x459879 [ 797.043542] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 797.051335] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 797.058614] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 797.065877] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 797.073228] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 797.080487] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:09 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:09 executing program 1 (fault-call:13 fault-nth:66): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 797.211888] FAULT_INJECTION: forcing a failure. [ 797.211888] name failslab, interval 1, probability 0, space 0, times 0 [ 797.234201] CPU: 0 PID: 21044 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 797.241355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 797.250728] Call Trace: [ 797.253333] dump_stack+0x138/0x197 [ 797.256973] should_fail.cold+0x10f/0x159 [ 797.261134] should_failslab+0xdb/0x130 [ 797.265116] kmem_cache_alloc_node+0x287/0x780 [ 797.269703] ? pci_mmcfg_check_reserved+0x150/0x150 [ 797.274725] __alloc_skb+0x9c/0x500 [ 797.278354] ? skb_scrub_packet+0x4b0/0x4b0 [ 797.282676] ? retint_kernel+0x2d/0x2d [ 797.286563] alloc_skb_with_frags+0x86/0x4b0 [ 797.290976] ? check_preemption_disabled+0x3c/0x250 [ 797.296025] sock_alloc_send_pskb+0x5db/0x740 [ 797.300530] ? sock_wmalloc+0xf0/0xf0 [ 797.304331] ? lock_downgrade+0x6e0/0x6e0 [ 797.308494] packet_sendmsg+0x16c4/0x5a70 [ 797.312643] ? avc_has_perm_noaudit+0x420/0x420 [ 797.317313] ? retint_kernel+0x2d/0x2d [ 797.321208] ? __might_fault+0x110/0x1d0 [ 797.325272] ? find_held_lock+0x35/0x130 [ 797.329337] ? __might_fault+0x110/0x1d0 [ 797.333400] ? rw_copy_check_uvector+0x1f1/0x290 [ 797.338171] ? packet_notifier+0x760/0x760 [ 797.342675] ? copy_msghdr_from_user+0x292/0x3f0 [ 797.347432] ? selinux_socket_sendmsg+0x36/0x40 [ 797.352102] ? security_socket_sendmsg+0x89/0xb0 [ 797.356859] ? packet_notifier+0x760/0x760 [ 797.361092] sock_sendmsg+0xce/0x110 [ 797.364808] ___sys_sendmsg+0x349/0x840 [ 797.368785] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 797.373540] ? mark_held_locks+0xb1/0x100 [ 797.377687] ? trace_hardirqs_on+0x10/0x10 [ 797.381922] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 797.386677] ? save_trace+0x290/0x290 [ 797.390484] ? check_preemption_disabled+0x3c/0x250 [ 797.395507] ? __might_fault+0x110/0x1d0 [ 797.399565] ? find_held_lock+0x35/0x130 [ 797.403627] ? __might_fault+0x110/0x1d0 [ 797.407706] __sys_sendmmsg+0x152/0x3a0 [ 797.411683] ? SyS_sendmsg+0x50/0x50 [ 797.415400] ? lock_downgrade+0x6e0/0x6e0 [ 797.419554] ? __mutex_unlock_slowpath+0x71/0x800 [ 797.424397] ? check_preemption_disabled+0x3c/0x250 [ 797.429421] ? wait_for_completion+0x420/0x420 [ 797.434475] ? __sb_end_write+0xc1/0x100 [ 797.438544] ? SyS_write+0x15e/0x230 [ 797.442267] SyS_sendmmsg+0x35/0x60 [ 797.445909] ? __sys_sendmmsg+0x3a0/0x3a0 [ 797.450173] do_syscall_64+0x1e8/0x640 [ 797.454052] ? trace_hardirqs_off_thunk+0x1a/0x1c 12:27:09 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) [ 797.458906] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 797.464077] RIP: 0033:0x459879 [ 797.467252] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 797.474943] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 797.482204] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 797.489464] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 797.496715] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 797.503966] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:09 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:09 executing program 1 (fault-call:13 fault-nth:67): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 797.643133] FAULT_INJECTION: forcing a failure. [ 797.643133] name failslab, interval 1, probability 0, space 0, times 0 [ 797.664614] CPU: 1 PID: 21058 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 797.671770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 797.681229] Call Trace: [ 797.683842] dump_stack+0x138/0x197 [ 797.687508] should_fail.cold+0x10f/0x159 [ 797.691768] should_failslab+0xdb/0x130 [ 797.695848] kmem_cache_alloc_node_trace+0x280/0x770 [ 797.700964] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 797.706438] __kmalloc_node_track_caller+0x3d/0x80 [ 797.711376] __kmalloc_reserve.isra.0+0x40/0xe0 [ 797.716048] __alloc_skb+0xcf/0x500 [ 797.719680] ? skb_scrub_packet+0x4b0/0x4b0 [ 797.724012] ? __local_bh_enable_ip+0x99/0x1a0 [ 797.728604] alloc_skb_with_frags+0x86/0x4b0 [ 797.733021] ? trace_hardirqs_on_caller+0x400/0x590 [ 797.738404] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 797.743172] sock_alloc_send_pskb+0x5db/0x740 [ 797.747683] ? sock_wmalloc+0xf0/0xf0 [ 797.751497] ? lock_downgrade+0x6e0/0x6e0 [ 797.755663] packet_sendmsg+0x16c4/0x5a70 [ 797.759815] ? avc_has_perm_noaudit+0x420/0x420 [ 797.764495] ? __might_fault+0x110/0x1d0 [ 797.768560] ? find_held_lock+0x35/0x130 [ 797.772625] ? __might_fault+0x110/0x1d0 [ 797.776688] ? rw_copy_check_uvector+0x1f1/0x290 [ 797.781459] ? packet_notifier+0x760/0x760 [ 797.785703] ? copy_msghdr_from_user+0x292/0x3f0 [ 797.790466] ? selinux_socket_sendmsg+0x36/0x40 [ 797.795142] ? security_socket_sendmsg+0x89/0xb0 [ 797.799894] ? packet_notifier+0x760/0x760 [ 797.804128] sock_sendmsg+0xce/0x110 [ 797.807842] ___sys_sendmsg+0x349/0x840 [ 797.811940] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 797.816709] ? mark_held_locks+0xb1/0x100 [ 797.820862] ? trace_hardirqs_on+0x10/0x10 [ 797.825107] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 797.829865] ? save_trace+0x290/0x290 [ 797.833667] ? trace_hardirqs_on_caller+0x400/0x590 [ 797.838690] ? __might_fault+0x110/0x1d0 [ 797.842754] ? find_held_lock+0x35/0x130 [ 797.846815] ? __might_fault+0x110/0x1d0 [ 797.850896] __sys_sendmmsg+0x152/0x3a0 [ 797.854869] ? SyS_sendmsg+0x50/0x50 [ 797.858586] ? lock_downgrade+0x6e0/0x6e0 [ 797.862739] ? retint_kernel+0x2d/0x2d [ 797.866627] ? trace_hardirqs_on_caller+0x400/0x590 [ 797.871648] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 797.876407] ? check_preemption_disabled+0x3c/0x250 [ 797.881437] SyS_sendmmsg+0x35/0x60 [ 797.885147] ? __sys_sendmmsg+0x3a0/0x3a0 [ 797.889325] do_syscall_64+0x1e8/0x640 [ 797.893220] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 797.898074] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 797.903258] RIP: 0033:0x459879 [ 797.906440] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 797.914149] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 797.921414] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 797.928688] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 797.935976] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 797.943340] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:11 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop-control\x00', 0x800, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) ioctl$EVIOCSFF(r1, 0x40304580, &(0x7f0000000000)={0x57, 0x0, 0x8, {0x2}, {0xffffffffffff8001, 0x5}, @ramp={0x3, 0x0, {0x4, 0xdf6, 0xf29f27, 0xb533}}}) 12:27:11 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$netrom_NETROM_T1(r2, 0x103, 0x1, &(0x7f0000000000)=0x1000, 0x4) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r3, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:11 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:11 executing program 1 (fault-call:13 fault-nth:68): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:11 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:11 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:11 executing program 2: r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x2, 0x2) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000040)) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000080)="0568e747b9e8eec13f", 0x9}], 0x1, 0xb) fchdir(r1) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) [ 799.824817] FAULT_INJECTION: forcing a failure. [ 799.824817] name failslab, interval 1, probability 0, space 0, times 0 [ 799.837768] CPU: 1 PID: 21084 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 799.844910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 799.854274] Call Trace: [ 799.856864] dump_stack+0x138/0x197 [ 799.860483] should_fail.cold+0x10f/0x159 [ 799.864617] should_failslab+0xdb/0x130 [ 799.868576] kmem_cache_alloc_node+0x287/0x780 [ 799.873932] ? __dev_queue_xmit+0x1e29/0x25e0 [ 799.878415] __alloc_skb+0x9c/0x500 [ 799.882024] ? skb_scrub_packet+0x4b0/0x4b0 [ 799.886357] ? __local_bh_enable_ip+0x99/0x1a0 [ 799.890926] alloc_skb_with_frags+0x86/0x4b0 [ 799.895322] ? trace_hardirqs_on+0x10/0x10 [ 799.899540] ? __local_bh_enable_ip+0x99/0x1a0 [ 799.904110] sock_alloc_send_pskb+0x5db/0x740 [ 799.908592] ? sock_wmalloc+0xf0/0xf0 [ 799.912377] ? lock_downgrade+0x6e0/0x6e0 [ 799.916512] packet_sendmsg+0x16c4/0x5a70 [ 799.920643] ? avc_has_perm_noaudit+0x420/0x420 [ 799.925307] ? __might_fault+0x110/0x1d0 [ 799.929353] ? find_held_lock+0x35/0x130 [ 799.933399] ? __might_fault+0x110/0x1d0 [ 799.937451] ? rw_copy_check_uvector+0x1f1/0x290 [ 799.942216] ? packet_notifier+0x760/0x760 [ 799.946438] ? check_preemption_disabled+0x3c/0x250 [ 799.951439] ? retint_kernel+0x2d/0x2d [ 799.955323] ? packet_notifier+0x760/0x760 [ 799.959546] ? packet_sendmsg+0x15/0x5a70 [ 799.963677] ? packet_notifier+0x760/0x760 [ 799.967894] sock_sendmsg+0xce/0x110 [ 799.971592] ___sys_sendmsg+0x349/0x840 [ 799.975581] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 799.980326] ? mark_held_locks+0xb1/0x100 [ 799.984466] ? trace_hardirqs_on+0x10/0x10 [ 799.988702] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 799.993446] ? save_trace+0x290/0x290 [ 799.997237] ? check_preemption_disabled+0x3c/0x250 [ 800.002236] ? __might_fault+0x110/0x1d0 [ 800.006285] ? find_held_lock+0x35/0x130 [ 800.010330] ? __might_fault+0x110/0x1d0 [ 800.014397] __sys_sendmmsg+0x152/0x3a0 [ 800.018383] ? SyS_sendmsg+0x50/0x50 [ 800.022080] ? lock_downgrade+0x6e0/0x6e0 [ 800.026304] ? __mutex_unlock_slowpath+0x71/0x800 [ 800.031133] ? check_preemption_disabled+0x3c/0x250 [ 800.036135] ? wait_for_completion+0x420/0x420 [ 800.040701] ? __sb_end_write+0xc1/0x100 [ 800.044763] ? SyS_write+0x15e/0x230 [ 800.048469] SyS_sendmmsg+0x35/0x60 [ 800.052078] ? __sys_sendmmsg+0x3a0/0x3a0 [ 800.056214] do_syscall_64+0x1e8/0x640 [ 800.060083] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 800.064913] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 800.070088] RIP: 0033:0x459879 12:27:12 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 800.073283] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 800.081076] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 800.088335] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 800.095593] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 800.102853] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 800.110112] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:12 executing program 1 (fault-call:13 fault-nth:69): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:12 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:12 executing program 4: r0 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x1ff, 0x40000) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000080)={'team0\x00'}) r1 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r3, &(0x7f0000000340)=ANY=[], 0xff0e) close(r3) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r4, &(0x7f0000000140)={0xa, 0x400000000000, 0x0, @local}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r2, 0x0, r3, 0x0, 0x100000000, 0x0) write$binfmt_aout(r4, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 12:27:12 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @remote, 0x6}, 0x1c) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:12 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 800.289383] FAULT_INJECTION: forcing a failure. [ 800.289383] name failslab, interval 1, probability 0, space 0, times 0 [ 800.343674] CPU: 1 PID: 21107 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 800.350835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 800.360195] Call Trace: [ 800.362803] dump_stack+0x138/0x197 [ 800.366572] should_fail.cold+0x10f/0x159 [ 800.370735] should_failslab+0xdb/0x130 [ 800.374721] kmem_cache_alloc_node_trace+0x280/0x770 [ 800.379825] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 800.385294] __kmalloc_node_track_caller+0x3d/0x80 [ 800.390219] __kmalloc_reserve.isra.0+0x40/0xe0 [ 800.394883] __alloc_skb+0xcf/0x500 [ 800.398497] ? skb_scrub_packet+0x4b0/0x4b0 [ 800.402824] ? __local_bh_enable_ip+0x99/0x1a0 [ 800.407405] alloc_skb_with_frags+0x86/0x4b0 [ 800.411808] ? trace_hardirqs_on+0x10/0x10 [ 800.416133] ? __local_bh_enable_ip+0x99/0x1a0 [ 800.420750] sock_alloc_send_pskb+0x5db/0x740 [ 800.425269] ? sock_wmalloc+0xf0/0xf0 [ 800.429086] ? lock_downgrade+0x6e0/0x6e0 [ 800.433255] packet_sendmsg+0x16c4/0x5a70 [ 800.437417] ? avc_has_perm_noaudit+0x420/0x420 [ 800.442097] ? __might_fault+0x110/0x1d0 [ 800.446166] ? find_held_lock+0x35/0x130 [ 800.450231] ? __might_fault+0x110/0x1d0 [ 800.450247] ? rw_copy_check_uvector+0x1f1/0x290 [ 800.450270] ? packet_notifier+0x760/0x760 [ 800.450287] ? copy_msghdr_from_user+0x292/0x3f0 [ 800.450299] ? selinux_socket_sendmsg+0x36/0x40 [ 800.450314] ? security_socket_sendmsg+0x89/0xb0 [ 800.450322] ? packet_notifier+0x760/0x760 [ 800.450331] sock_sendmsg+0xce/0x110 [ 800.450340] ___sys_sendmsg+0x349/0x840 [ 800.450351] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 800.450362] ? mark_held_locks+0xb1/0x100 [ 800.450373] ? trace_hardirqs_on+0x10/0x10 [ 800.459188] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 800.459201] ? save_trace+0x290/0x290 [ 800.459216] ? check_preemption_disabled+0x3c/0x250 [ 800.459230] ? __might_fault+0x110/0x1d0 [ 800.459239] ? find_held_lock+0x35/0x130 [ 800.459250] ? __might_fault+0x110/0x1d0 [ 800.528263] __sys_sendmmsg+0x152/0x3a0 [ 800.532225] ? SyS_sendmsg+0x50/0x50 [ 800.535929] ? lock_downgrade+0x6e0/0x6e0 [ 800.540078] ? __mutex_unlock_slowpath+0x71/0x800 [ 800.544924] ? wait_for_completion+0x420/0x420 [ 800.549508] ? SyS_write+0x15e/0x230 [ 800.553228] SyS_sendmmsg+0x35/0x60 [ 800.556848] ? __sys_sendmmsg+0x3a0/0x3a0 [ 800.560995] do_syscall_64+0x1e8/0x640 [ 800.564906] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 800.569755] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 800.574943] RIP: 0033:0x459879 [ 800.578143] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 800.585866] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 12:27:12 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r1, 0x118, 0x1, &(0x7f0000000000)=0x7fffffff, 0x4) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:12 executing program 2: io_setup(0x8, &(0x7f0000000000)=0x0) syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x3, 0xe000) io_destroy(r0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) [ 800.593138] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 800.593145] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 800.593150] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 800.593159] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:14 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:14 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) write$P9_RLERRORu(r2, &(0x7f0000000000)={0x37, 0x7, 0x1, {{0x2a, 'keyring*md5sum:md5sum]wlan0:!trustedvmnet1'}, 0xb9b}}, 0x37) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x73, &(0x7f0000000080)={0x0, 0x6, 0x20, 0x7fff, 0x3}, &(0x7f0000000180)=0x18) getsockopt$inet_sctp_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000200)={r4, 0x7}, &(0x7f0000000240)=0x8) 12:27:14 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:14 executing program 1 (fault-call:13 fault-nth:70): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:14 executing program 2: r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:27:14 executing program 3: r0 = getpid() pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000004c0)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258053a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f8622ac9a3d841afe4500"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) r4 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x800, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r4, 0x0, 0xc0, 0x59, &(0x7f00000002c0)="fc2aeeea5941dcb135c2fc88438e5a55fd2f32c467c4ccd3995ae731e6927c4b50781e8fa94b2c158164c880e1ff3b5af48e6dd0d3764891f6e82ece9e78918827817364a09730645c27cce0885e812ccae1ea7c6f9dcb144ba6475849db2b4c32a028452ba0e9cd14bc427398fe26d654cf1053b211bef343150c30171237afc7d0b389df426e4072bec640700f5d30ba62d66e98e6d7f674168b3737e25ff60e4f4fc19ceeb3375e30dd898df2cb26db43376a01828506de34f894248afc25", &(0x7f0000000380)=""/89, 0xfffffffffffffffb}, 0x28) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) ioctl$VT_GETMODE(r4, 0x5601, &(0x7f0000000400)) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000440)={0x40, 0x4, 0xc00e356bd5c514d9}, 0x10) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) syz_open_dev$swradio(&(0x7f0000000480)='/dev/swradio#\x00', 0x0, 0x2) tkill(r0, 0x1000000000013) 12:27:14 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x6, 0x2000) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) [ 802.841824] FAULT_INJECTION: forcing a failure. [ 802.841824] name failslab, interval 1, probability 0, space 0, times 0 [ 802.855035] CPU: 0 PID: 21154 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 802.862173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 802.871538] Call Trace: [ 802.874149] dump_stack+0x138/0x197 [ 802.877793] should_fail.cold+0x10f/0x159 [ 802.877814] should_failslab+0xdb/0x130 [ 802.877828] kmem_cache_alloc_node+0x287/0x780 [ 802.877843] ? __dev_queue_xmit+0x1e29/0x25e0 [ 802.895001] __alloc_skb+0x9c/0x500 [ 802.898613] ? skb_scrub_packet+0x4b0/0x4b0 [ 802.902926] ? __local_bh_enable_ip+0x99/0x1a0 [ 802.907494] alloc_skb_with_frags+0x86/0x4b0 [ 802.911887] ? trace_hardirqs_on+0x10/0x10 [ 802.916103] ? __local_bh_enable_ip+0x99/0x1a0 [ 802.920676] sock_alloc_send_pskb+0x5db/0x740 [ 802.925160] ? sock_wmalloc+0xf0/0xf0 [ 802.928961] ? lock_downgrade+0x6e0/0x6e0 [ 802.935269] packet_sendmsg+0x16c4/0x5a70 [ 802.939401] ? avc_has_perm_noaudit+0x420/0x420 [ 802.944057] ? rw_copy_check_uvector+0x2d/0x290 [ 802.948717] ? audit_add_tree_rule.cold+0x2e/0x2e [ 802.953542] ? rw_copy_check_uvector+0x1f1/0x290 [ 802.958289] ? packet_notifier+0x760/0x760 [ 802.962509] ? copy_msghdr_from_user+0x292/0x3f0 [ 802.967248] ? selinux_socket_sendmsg+0x36/0x40 [ 802.971913] ? security_socket_sendmsg+0x89/0xb0 [ 802.976688] ? packet_notifier+0x760/0x760 [ 802.980907] sock_sendmsg+0xce/0x110 [ 802.984604] ___sys_sendmsg+0x349/0x840 [ 802.988564] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 802.993305] ? mark_held_locks+0xb1/0x100 [ 802.997440] ? trace_hardirqs_on+0x10/0x10 [ 803.001662] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 803.006408] ? save_trace+0x290/0x290 [ 803.010195] ? check_preemption_disabled+0x3c/0x250 [ 803.015200] ? __might_fault+0x110/0x1d0 [ 803.019248] ? find_held_lock+0x35/0x130 [ 803.023293] ? __might_fault+0x110/0x1d0 [ 803.027347] __sys_sendmmsg+0x152/0x3a0 [ 803.031309] ? SyS_sendmsg+0x50/0x50 [ 803.035010] ? lock_downgrade+0x6e0/0x6e0 [ 803.039147] ? __mutex_unlock_slowpath+0x71/0x800 [ 803.044072] ? check_preemption_disabled+0x3c/0x250 [ 803.049165] ? wait_for_completion+0x420/0x420 [ 803.053738] ? __sb_end_write+0xc1/0x100 [ 803.057801] ? SyS_write+0x15e/0x230 [ 803.061511] SyS_sendmmsg+0x35/0x60 [ 803.065123] ? __sys_sendmmsg+0x3a0/0x3a0 [ 803.069262] do_syscall_64+0x1e8/0x640 [ 803.073133] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 803.078068] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 803.083242] RIP: 0033:0x459879 12:27:15 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 803.086414] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 803.094105] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 803.103864] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 803.111129] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 803.118384] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 803.125641] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:15 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) ioctl$VIDIOC_SUBDEV_G_DV_TIMINGS(r0, 0xc0845658, &(0x7f0000000180)={0x0, @bt={0x4, 0x3, 0x1, 0x1, 0x7, 0x8, 0x8, 0x1, 0x7fffffff, 0x4, 0x240000000000, 0x2, 0x3, 0x1, 0x0, 0x36}}) 12:27:15 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) ioctl$VFIO_SET_IOMMU(r1, 0x3b66, 0x3) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x2) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f00000002c0)={0x0, 0x70, 0x7, 0x0, 0xef, 0x0, 0x0, 0x8000, 0x0, 0x3, 0xddb, 0x1, 0x7fff, 0x200, 0x5, 0xf3ef, 0x8, 0x4, 0x4, 0x8001, 0x1, 0x1, 0x400, 0x1ff, 0x1ff, 0x8, 0x80, 0x3, 0x8, 0x7bd9, 0x3f, 0x2, 0x5, 0x4, 0x800, 0x5, 0x1, 0x1, 0x0, 0x4, 0x0, @perf_config_ext={0x54, 0x4d8046e6}, 0x20000, 0x7, 0x2, 0x5, 0x9, 0x1, 0x5}) getsockopt$inet_tcp_buf(r2, 0x6, 0x3f, &(0x7f0000000340)=""/161, &(0x7f0000000000)=0xa1) 12:27:15 executing program 1 (fault-call:13 fault-nth:71): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:15 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 803.356410] FAULT_INJECTION: forcing a failure. [ 803.356410] name failslab, interval 1, probability 0, space 0, times 0 [ 803.382732] CPU: 1 PID: 21185 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 803.389883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 803.399253] Call Trace: [ 803.401864] dump_stack+0x138/0x197 [ 803.405530] should_fail.cold+0x10f/0x159 [ 803.409700] should_failslab+0xdb/0x130 [ 803.413684] kmem_cache_alloc_node_trace+0x280/0x770 [ 803.418775] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 803.424241] __kmalloc_node_track_caller+0x3d/0x80 [ 803.429220] __kmalloc_reserve.isra.0+0x40/0xe0 [ 803.433886] __alloc_skb+0xcf/0x500 [ 803.437497] ? skb_scrub_packet+0x4b0/0x4b0 [ 803.441813] ? __local_bh_enable_ip+0x99/0x1a0 [ 803.446383] alloc_skb_with_frags+0x86/0x4b0 [ 803.450786] ? trace_hardirqs_on+0x10/0x10 [ 803.455015] ? __local_bh_enable_ip+0x99/0x1a0 [ 803.459590] sock_alloc_send_pskb+0x5db/0x740 [ 803.464076] ? sock_wmalloc+0xf0/0xf0 [ 803.467863] ? lock_downgrade+0x6e0/0x6e0 [ 803.472012] packet_sendmsg+0x16c4/0x5a70 [ 803.476152] ? avc_has_perm_noaudit+0x420/0x420 [ 803.480923] ? __might_fault+0x110/0x1d0 [ 803.484969] ? find_held_lock+0x35/0x130 [ 803.489082] ? __might_fault+0x110/0x1d0 [ 803.493142] ? rw_copy_check_uvector+0x1f1/0x290 [ 803.497949] ? packet_notifier+0x760/0x760 [ 803.502181] ? copy_msghdr_from_user+0x292/0x3f0 [ 803.507062] ? selinux_socket_sendmsg+0x36/0x40 [ 803.511736] ? security_socket_sendmsg+0x89/0xb0 [ 803.516492] ? packet_notifier+0x760/0x760 [ 803.520724] sock_sendmsg+0xce/0x110 [ 803.524434] ___sys_sendmsg+0x349/0x840 [ 803.528733] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 803.533510] ? mark_held_locks+0xb1/0x100 [ 803.537675] ? trace_hardirqs_on+0x10/0x10 [ 803.541903] ? retint_kernel+0x2d/0x2d [ 803.545781] ? save_trace+0x290/0x290 [ 803.549562] ? retint_kernel+0x2d/0x2d [ 803.553444] ? __might_fault+0x110/0x1d0 [ 803.557490] ? find_held_lock+0x35/0x130 [ 803.561545] ? __might_fault+0x110/0x1d0 [ 803.565608] __sys_sendmmsg+0x152/0x3a0 [ 803.569569] ? SyS_sendmsg+0x50/0x50 [ 803.573283] ? lock_downgrade+0x6e0/0x6e0 [ 803.577425] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 803.582167] ? check_preemption_disabled+0x3c/0x250 [ 803.587173] ? retint_kernel+0x2d/0x2d [ 803.591067] ? __sys_sendmmsg+0x1e/0x3a0 [ 803.595162] SyS_sendmmsg+0x35/0x60 [ 803.598775] ? __sys_sendmmsg+0x3a0/0x3a0 [ 803.602908] do_syscall_64+0x1e8/0x640 [ 803.606782] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 803.611648] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 803.616835] RIP: 0033:0x459879 [ 803.620004] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 803.627711] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 803.634974] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 803.642231] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 803.649510] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 803.656777] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:17 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:17 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EVIOCGLED(r2, 0x80404519, &(0x7f0000000180)=""/131) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0xf, 0x6}, &(0x7f0000000000)) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff}, 0x84800) write$binfmt_elf32(r4, &(0x7f0000000a80)={{0x7f, 0x45, 0x4c, 0x46, 0x80, 0x8, 0x200000000, 0x8000, 0x1, 0x3, 0xdb40fd592720ebea, 0x7, 0x42, 0x38, 0x328, 0x9, 0x8, 0x20, 0x1, 0x3ff, 0x49000000000000, 0x2}, [{0x3, 0x2, 0xffffffffffff8001, 0x5d8ea260, 0x1, 0x3ff800000000, 0x9, 0x100}, {0x7, 0x7ff, 0x7fffffff, 0x7fffffff8000000, 0x751c, 0x2, 0x40, 0x5}], "3ce2a57c745888c0fbc01b24f5dfb9e5979e0053a7fd306dd5062c94bd1422ab7081a1413dcb971ba8a9f1ffa0e66ae2dd3cdf2ab9bb46dd34b9f46cb995c09bfca56e7d3a60374b437ea4a86d51741de67ca33d31c1a8043d59b1165d317b34905fa665646c6ba805000a31e7fe4a979f462f34198a003b2dc9a542d80ef22f3e8c9f766324b5c9f7788903116e45da26e0a65829809bc30f2553170454a02c811206e1519d5e948f47c26ba3d7beb0622c6d26d2afa0448f627693f3192d169b83134b3250f66d16159b14c2a134500d82057dda100eadba5187901e3288dbba0e10f5b70a7816a6b6ee73d48f4f81", [[], [], [], [], [], [], [], [], []]}, 0xa68) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) ptrace$setregs(0xd, r0, 0x0, &(0x7f00000002c0)="e98803d20e6e388b6252752e23b3bcb4662795e50f06a46884c31ed7fbe8f9f333229782ae7b4a2ad530493997c14e4a8ea637cf4d155424830e8b5efe55d9f7681e4bf96934d8954805a8767b84d7e4671d3edf064a959b4d8ce4b4543ad4633b61108832551c68c53123b620298525698ebfe9bee299117f12dc92c4dfb4ed92a3301f757da1d5") 12:27:17 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:17 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x6004, 0xaaaaaaaaaaaabf2, &(0x7f0000000040)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x102, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x2, 0x180) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r0, 0xc04c5349, &(0x7f0000000240)={0x3ff, 0x8ca5, 0x80000000000001}) open(&(0x7f0000000180)='./file0\x00', 0x1, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x4) 12:27:17 executing program 1 (fault-call:13 fault-nth:72): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 805.886355] FAULT_INJECTION: forcing a failure. [ 805.886355] name failslab, interval 1, probability 0, space 0, times 0 [ 805.908102] CPU: 0 PID: 21204 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 805.915353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 805.924725] Call Trace: [ 805.927341] dump_stack+0x138/0x197 [ 805.930995] should_fail.cold+0x10f/0x159 12:27:18 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 805.935177] should_failslab+0xdb/0x130 [ 805.939182] kmem_cache_alloc_node+0x287/0x780 [ 805.943790] ? __dev_queue_xmit+0x1e29/0x25e0 [ 805.948440] ? retint_kernel+0x2d/0x2d [ 805.952365] __alloc_skb+0x9c/0x500 [ 805.956011] ? skb_scrub_packet+0x4b0/0x4b0 [ 805.960350] ? check_preemption_disabled+0x3c/0x250 [ 805.960366] alloc_skb_with_frags+0x86/0x4b0 [ 805.960384] sock_alloc_send_pskb+0x5db/0x740 [ 805.960400] ? sock_wmalloc+0xf0/0xf0 [ 805.960415] ? lock_downgrade+0x6e0/0x6e0 [ 805.960433] packet_sendmsg+0x16c4/0x5a70 12:27:18 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 805.969875] ? avc_has_perm_noaudit+0x420/0x420 [ 805.969893] ? __might_fault+0x110/0x1d0 [ 805.969907] ? find_held_lock+0x35/0x130 [ 805.969917] ? __might_fault+0x110/0x1d0 [ 805.969929] ? rw_copy_check_uvector+0x1f1/0x290 [ 805.969948] ? packet_notifier+0x760/0x760 [ 806.003790] ? check_preemption_disabled+0x3c/0x250 [ 806.003807] ? selinux_socket_sendmsg+0x36/0x40 [ 806.012783] ? security_socket_sendmsg+0x89/0xb0 [ 806.012794] ? packet_notifier+0x760/0x760 [ 806.012804] sock_sendmsg+0xce/0x110 [ 806.012814] ___sys_sendmsg+0x349/0x840 [ 806.012824] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 806.012837] ? mark_held_locks+0xb1/0x100 [ 806.012852] ? trace_hardirqs_on+0x10/0x10 [ 806.012866] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 806.012874] ? save_trace+0x290/0x290 [ 806.012887] ? check_preemption_disabled+0x3c/0x250 [ 806.012900] ? __might_fault+0x110/0x1d0 [ 806.012909] ? find_held_lock+0x35/0x130 [ 806.012919] ? __might_fault+0x110/0x1d0 [ 806.079360] __sys_sendmmsg+0x152/0x3a0 [ 806.083345] ? SyS_sendmsg+0x50/0x50 [ 806.087050] ? lock_downgrade+0x6e0/0x6e0 [ 806.091192] ? __mutex_unlock_slowpath+0x71/0x800 [ 806.096023] ? check_preemption_disabled+0x3c/0x250 [ 806.101053] ? wait_for_completion+0x420/0x420 [ 806.105653] ? __sb_end_write+0xc1/0x100 [ 806.109719] ? SyS_write+0x15e/0x230 [ 806.113474] SyS_sendmmsg+0x35/0x60 [ 806.117087] ? __sys_sendmmsg+0x3a0/0x3a0 [ 806.121225] do_syscall_64+0x1e8/0x640 [ 806.125197] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 806.130062] entry_SYSCALL_64_after_hwframe+0x42/0xb7 12:27:18 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 806.135254] RIP: 0033:0x459879 [ 806.138447] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 806.146154] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 806.146161] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 806.146166] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 806.146175] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 806.167976] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:18 executing program 1 (fault-call:13 fault-nth:73): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:18 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r2, 0x810c5701, &(0x7f00000002c0)) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:18 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00'}) bind$packet(r0, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:18 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:18 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) accept(r0, 0x0, &(0x7f0000000180)) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r1, 0x80045500, &(0x7f0000000000)) [ 806.332883] FAULT_INJECTION: forcing a failure. [ 806.332883] name failslab, interval 1, probability 0, space 0, times 0 [ 806.368200] CPU: 0 PID: 21232 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 806.375360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 806.384724] Call Trace: [ 806.387315] dump_stack+0x138/0x197 [ 806.387337] should_fail.cold+0x10f/0x159 [ 806.387354] should_failslab+0xdb/0x130 [ 806.399179] kmem_cache_alloc_node_trace+0x280/0x770 [ 806.404298] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 806.409761] __kmalloc_node_track_caller+0x3d/0x80 [ 806.409775] __kmalloc_reserve.isra.0+0x40/0xe0 [ 806.409785] __alloc_skb+0xcf/0x500 [ 806.419402] ? skb_scrub_packet+0x4b0/0x4b0 [ 806.419423] ? check_preemption_disabled+0x3c/0x250 [ 806.419436] alloc_skb_with_frags+0x86/0x4b0 [ 806.436770] sock_alloc_send_pskb+0x5db/0x740 [ 806.441292] ? sock_wmalloc+0xf0/0xf0 [ 806.445109] ? lock_downgrade+0x6e0/0x6e0 [ 806.449267] packet_sendmsg+0x16c4/0x5a70 [ 806.453423] ? avc_has_perm_noaudit+0x420/0x420 [ 806.458197] ? lock_release+0x44d/0x940 [ 806.462183] ? rw_copy_check_uvector+0x1f1/0x290 [ 806.466952] ? packet_notifier+0x760/0x760 [ 806.471204] ? copy_msghdr_from_user+0x292/0x3f0 [ 806.475977] ? selinux_socket_sendmsg+0x36/0x40 [ 806.480659] ? security_socket_sendmsg+0x89/0xb0 [ 806.485419] ? packet_notifier+0x760/0x760 [ 806.489639] sock_sendmsg+0xce/0x110 [ 806.493334] ___sys_sendmsg+0x349/0x840 [ 806.497290] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 806.502035] ? mark_held_locks+0xb1/0x100 [ 806.506183] ? trace_hardirqs_on+0x10/0x10 [ 806.510436] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 806.515191] ? save_trace+0x290/0x290 [ 806.519009] ? check_preemption_disabled+0x3c/0x250 [ 806.524018] ? __might_fault+0x110/0x1d0 [ 806.528066] ? find_held_lock+0x35/0x130 [ 806.532117] ? __might_fault+0x110/0x1d0 [ 806.536176] __sys_sendmmsg+0x152/0x3a0 [ 806.540142] ? SyS_sendmsg+0x50/0x50 [ 806.543846] ? lock_downgrade+0x6e0/0x6e0 [ 806.548003] ? __mutex_unlock_slowpath+0x71/0x800 [ 806.553016] ? wait_for_completion+0x420/0x420 [ 806.557583] ? __f_unlock_pos+0xd/0x20 [ 806.561466] ? SyS_write+0x15e/0x230 [ 806.565192] SyS_sendmmsg+0x35/0x60 [ 806.568802] ? __sys_sendmmsg+0x3a0/0x3a0 [ 806.572940] do_syscall_64+0x1e8/0x640 [ 806.576812] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 806.582106] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 806.587278] RIP: 0033:0x459879 [ 806.590457] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 806.598157] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 806.605424] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 806.612683] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 806.619940] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 806.627198] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:20 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) fcntl$getown(r1, 0x9) ioctl$UI_DEV_DESTROY(r1, 0x5502) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) bind$bt_l2cap(r2, &(0x7f0000003e00)={0x1f, 0x4, {0x3ff, 0x8, 0xff, 0x9, 0x9, 0x2a0403ac}, 0x2, 0x7}, 0xe) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) sendmmsg$alg(r2, &(0x7f0000003c40)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)="b863df671e5e14917bdfa3a9ca238108513d236b74c35eb847be0e86f591056b7ee40a0188d23c864aa26d02e0d9e5cc039d48b355787759ac7cb74b0ffe40eb39d521d5c7e3cf16f24941dd3583cbd6dd6ec8928c81a89e4bcf94b73e40df41e04a", 0x62}, {&(0x7f00000002c0)="99651a4532ae59b6bc0dea6928f51a78eac476a7643f3bd90629b3003ce84b986e34c2cf27ed2eb833e28627dcfe714c0f4248171f1dda7c555e9dd41492126d544fdd72cb6c19f801faf990f1407c84cbf656a2d4a9ff1882ebe166025e1b2e7e90519f1486d8e2c8a2c614144bc1902045679f751f1f0e80e7626d21fb2efbe696", 0x82}], 0x2, &(0x7f0000000080)=[@op={0x18}, @assoc={0x18, 0x117, 0x4, 0x3}], 0x30, 0x40000}, {0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)="e0855135bc1d49a0b38f1275953cd83331a6aca4156144b00380c18dc04ffb688b6d2415d0ce2f2ca3b351050a17ccb3b04480e02d17b9143cf40439ebbb82f15cff9ed23937c21fe4063368b43b51f82ca397bf3bac55fa16b581c966b4f39de9da66f0a1dc0a0286a6ae2c181fed11d183d65c88ead249aea7ec7b4257255c6715fc9a42a45d95afb03886c01c15e1799b10526c31a4e4569d0d8b1a3e72651fef613820e0d9f35ba3c844d2a7be858246e7fe649ede467a10b7ebef23a1ff86a4f83d27c236", 0xc7}, {&(0x7f0000000480)="77fa34e3424a0d24ce4be35aef066f8a7358b631456daf597e8bb2ec672b4f16304dc779a55770bd6d1476a9308d9f06b996f8e19fabd84293d5a379b185c2ec31c1823baad9fa317bbf4cd2b85d6355c362821741550d41b55a5f67e9d4cf36089c48cf5ff01f95e63bbb86bda3013202d3b03b3b6f804eec042288e78ac71c62cbcb6f200379e3bea915", 0x8b}, {&(0x7f0000000540)="70cd6f647d752c82d39f50f9779e8bbc1875c9124446589c680c5b6e41de00757749056673d72d7307638841db6cf5d3d180e373c5e5c5273d41fbc99de0ed11eb272792323cd361f078dbfc8b42527aac396c237e6480509aa2ba38158ea86b7fdd4b668fa23c76c3c32629deaeac9ec91475d13122d2fbb542b1e3a64fb750ac034feea298227d24144e814b1f433b9fdebe3628de1f7426e33b05b38eebd9785f587965e69780d3c51c0be88b3c42faf4569708c34eb9a3", 0xb9}, {&(0x7f0000000600)="6695b92e0a8de2886457e4aaf27c1d5d254f30d38be1e61501979e1a38d6e47c6e73b2ab65f07c6f3bbeee7fff9f7d48a9dd82eb9ee8c8b7053541cf631163023e1357b98e72031a6259370189cb197ac65ebcfc48834205a156a85e298044655bbc4f8f3dd9028a623faee30a8d212c3c710ba329c84f107e408adeb88744b659948031c7d5bace2e47d621", 0x8c}, {&(0x7f0000000180)="340060ffd1171e90dcce84350004883817a8e1", 0x13}, {&(0x7f00000006c0)="2d02d3d872026a2b00935b1420912e122e0964867cb30ef99920ae14b1f75b45b590b829567f3a11b2dcf48803e566", 0x2f}, {&(0x7f0000000700)="0f0ab87a9c183566bab2f00499d8ac69d8759a433f63871b5be58c82467d40a42b21236b19c7bbc380a9c6d1b753b1df45bbaac3d45d9c17644f9cc9d2b98188176ca6a2f2cfc0c800b71555a05dff3a9d4647044d73b7629668d69f02c1963d43e8e1155f3d6cb4f4f2d96a21f1587ec198a5e01a12f6e6077cf09919a6c03386560d323132058a66", 0x89}], 0x7, &(0x7f0000000840)=[@assoc={0x18, 0x117, 0x4, 0x81}], 0x18, 0x80}, {0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000880)="911ec645764b59c22fce79f1c8ddb2fa150dd52c9cff4bb9b00b2da48b663e401f484e2aa1853e4f4b5004e6852850491a709f87830e51fa07099f5482b0b6339e55def9", 0x44}], 0x1, &(0x7f0000003e40)=ANY=[@ANYBLOB="18000000000000001701000004000000ffffffff000000001800000000000017010000040000000000000000000000180000000000000017010000030000000100000000000000180000000000000017010000040000000900000000000000180000000000000017010000030000000100000000000000180000000000000017010000040000000200000000000000980000000000000017010000020000007e000000bc7c0c7b7ad57514d08e2878bc4cdd196a15f431f2fc056bb1d245d0e83df5eadee21ec031ea8ef80123c8a733cd5d9a2fddede5a22e56659accc98311688ea679170f7fbeb407ec76d6096f2ab08e23c6061d411420fa51f47e1b35627b66bb2a31afbc152554af17621a0fa2299d804b7b7f61e92459779d802f1c651548ef87840000000000001edb69753a14bed9b60c6218321c1c44e45b6df3546788e09847f3e8e6c0c0a173cef5a2acf7ef2bc1d2fdffd2dc4ea372e2e37aa24251f68e4c86628ee4bdf28a30924f6902a2ac395370e837944d84ef26d87020dbc067ddd22c72665a1f6c04d9699099ea29798093310386800e49ccbc925187e8fa940d3e8b036b334e677e82ae885fdcb7fb09000000000000007ea41fdf4127643594de1c5aef3aa3764e5ae2e555ee830f3c875ea65e20e08498d584e6"], 0x128, 0x10}, {0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000940)="361ea3a7884997dd3bb824ae4f62b0b57e5247013821e75cbafde48c855a49177feff60e42b5b10948412f6ef73a72ba34e5b3f59ee3a2348d88131c90a7ca7a96faaeba514404de7551d51b1e614c870d4563f3e28c2564f9583089e3badd6d05c2db2fe183a385c81519f898b3ab4645b8bfd1c82813bec692a842b63934909b3a4c9f95f8579d750fa6988f417cdbd4472cef1f04464181de1df3", 0x9c}, {&(0x7f0000000bc0)="d3396e9bdfd518a85a3f6015df757ad4527bbd0b2f2d2c2db0816c94c9fd9bf95326b1ab505c81ac67e7c9b72bf40307c2996eed5c60187ae32a2b3cfc6cd7f30425932aa1e8f4aafcbfa61fb24d0aa2a1a79a2c58064531c6959928a4e8da216451e76f16f58dab3248babc200db3d3e86508d8252f9fb53e802d87e4765019c60b1fb0463bd5682f6108719cee1cc31fb781b18d4c859e931ea87f9c22ec2d4c2556d70c745f7c4815a79b0a029723bb13afa06fedd89b1211a783daa684aecb432d976fd8a7a90810b0f90e64878721fe248821a52cdd65", 0xd9}, {&(0x7f0000000cc0)="0ac07565a55b528eec6dc773cd6ed1bf4dce1c7875afe38876401b36a6e9c5148c1eb791c5f544e7b3722d5541488a7d7275fec10c718f4c94201b32da69aad79c4e4ab4eae8833623c4ab68e2a13bde17a4f9b602d8ef8dd479b1209ae5a445c4a76ed87dd76afc15d41c6457fc9440302d5fd4f870d6666f71d131a0e79e883e727ef4319aa9bef5ff3a128f60c4", 0x8f}], 0x3, &(0x7f0000000d80)=[@assoc={0x18, 0x117, 0x4, 0x9}, @op={0x18}, @assoc={0x18, 0x117, 0x4, 0x400}], 0x48, 0x8000}, {0x0, 0x0, &(0x7f0000002180)=[{&(0x7f0000000e00)="5a4f44614733a5268a701417ff9ecb7c9d50cfeb8c392059044117cfcfe3cb9deeaf1ef508ccd913c06c5c698a6c1ffcfbe463a7999cea8d4f3359d9b75628b885b6d6ca3655d33c56392c1e8b2ed091c0046406f53c7e69ae9f0710f532cbd7573526a7e504864533309a8b0f472cd00ffc005681ee4ff499960e6f5d9ddabb45faabf7bee032ed6a3f9f0b5838c94098924f9a78", 0x95}, {&(0x7f0000000ec0)="526bc7cf4dbe2e18c3a1faef82a27050f991f9a2a854fe4bd8692e74497e9450d989523d258e23cdd14f95aa8b", 0x2d}, {&(0x7f0000000f00)="2449adc50359", 0x6}, {&(0x7f0000000f40)="5ee6361a878e3c06320e670bb63b881a2b7101fd7dfdb847d06fee", 0x1b}, {&(0x7f0000000f80)="222dea93fbf58d75b183de2f29753d0fba476edd0290edc6cfa78d0148c2383efa0f3d79709d43a07d198f95a841a186c0269a10750a3e872bfba5e9b2fc27ea10ceb544b81dacb5b33524be43d8a161ada72e2c1e63b9a99d61379962b1dd86c86ec33603521bcc24561c444bced16aa5f9ef656c77912b9a2dcd5689c2827f5075ea54ce26812773727f55f1621bbc8b4c5711a8f18bf1e71854aabd0fcc8bb256570b527b9987b79b3583cca3c71071e9a0a200938779e9b5746aeb586e645af52857917e8d63e6b59fed4b3194c2c6bfa5d80034974cb1c84e3835c69ccf3e0378395abf175a8c97ea3e", 0xec}, {&(0x7f0000001080)="cc49705ca670b38cfd8dfe13a49db4a0d657bbf4941bd899cb486c31b9f324c89e988b0f8ccfd90c326e6886b71fb64ab7c1dae1548147559534a825656c45d80d5b5e67390eb1ce70ff5112006c0eb11257f2c781affd48b1051f2d409271f12724235d15092f333640bcadeeabf6113b68a3e007eef02e5975053b0d75419372e018b3257d36f74156946a3444e9994d07f6c8daf1a698eb2fdb459c266d8d1f6d0094df5c9bff95e7e0cee8e05d8218b86faffeaa45", 0xb7}, {&(0x7f0000001140)="1a722e6214378511682c2141a84fd5ddf1c8530efb7359d1754da7983d11f12788bc84601e2345bb901bd03c9505d29616502afd935e64d1c2c0fc59ef848be6", 0x40}, {&(0x7f0000001180)="95d3a1571438ae70f83bf205c5cb37f6972a76f765dbc0f61e8515b94ff9c5e3f15ce2b899f9b5e317be48e9c5da65d4614822137602b984d54e6e5c0bf7bac3dcadda178811708ce0bd1b5bb97e55eb68c561f329b9459d5396400b773260790b224a3a2c8363c87e2cfb00f9d68f1be56c5d14550fb7590b97a4e5ba1fecd663e806cc82d780e397dbb6fe01030684cfae808d811d9224c3c1d6755be62a1375e5705a74a2063ee5302dc3e6d5c5f7994d579dee22444cfd0950b3ca0c9e12c181be2fbfe69ccd6264ef797a78b3d4e03f9b00f4d59f2f735d74742cfa361421df661853c0dbb91f2a68ab1ef4df4546e29d73bba6e4e9f6bebd7845166c418d184feab029d468ede5e06ba33af294cc625f54ae6b4401ec91c2a9a0fb4e04995f3be7e0057ec08aa6fefe6ec363b03b60c13cadc2504662a5212e9f64c7b106f50ae9d31cdabab96c9b1f24592fef8a787d181a004aca4bf818a8f3a4bd48972092ab64855fb650e094cd098ad6fd2dabf8a1f520187fa118f8436c2b908340ad0af69f659b873317c9124d40d70b8daea0c7a6642b012aed71eba6266872caa8bcdbece857a1d59131d6c76ee6962127f8c84c3c23b63b2ee233e3131558688a757bc14c384e7c3140917078fa4909d2bd27d3a0ed8abe91bd647eb685291573b27b18a8fa1d666b9ecb08972e7afdbb2d6e0f1c9acc60b7159887639106b2d4020b744f864085f653a45814ff4d9e1030075a60287fadc9ff2185156854a904e771bdda8d86a93b67a09a684f5cff0db80c5d2ead16fe9b9725872b48c3ce5ea57cccc9928ddc6778b845f08fc4456459dcab931833a93ef88167fa17c5c32bd09150c97043053dfddd732a9a54730e18f786247c7e3b6699e3c7ce6ec85a1064929aab03303ee902bd1ed2fff1cb63c180f859ea70d5a273d50a0704b3b967c528d816f00bbf46482b69fc11d1382c9be5953185ab37159ca90827e8f2b96b61244cb005a2e3372edb0a732ffac4c69fca8a78a644e62016fab05c4f5e320f9f3ffe53838566748fbf67853b55d795003399aaccbdde3de0fab133aaa4606e16a210165a80fd8e7bfc6e4d5b2a540972f12eb99b834ad5aa1eb0f726c0ce5d3ff0eef62e8be39d427a9a39ea49944404db465c0a01e31db0949ad07c703c65260bcd38e7cc416747b61a67708fa66cd26023b1b3894c99e0bdcfb1321ddd954f0a057ffb05198aa99cbb598fe32722807efc95ca5cd5c8e69dd8c22e34b3aef6f9fd04e50724396408a72a7fa9291b4c1154ebf165d56017a122e58306e7d54c949cd213a3dd70c1982e39f78f2c3680df2923e13b03d8ee3bcf2744a9f2cbd7006af5e7d68ccbe3a634df25159eb10d56446430a6badb7b9b069af770a8cfbc3e302500d95baf33633b8768dc0cd2d745a42955ad72d75f36e5cff805fe9371ec1cf14ba14f1013a86898cacccb583762df33cc95aedfc25e1084a5c4b5c985333d660717b48a661a96ab4130938b851390db81ec1ca101c130206200bc46bf1d834179716c82e8b92bc94b7a2c6ad335276805488356ffcf1aab6d2363a97746b0aaf138809f3e39d1cefed12d0e9ca96b2effa9ce18ac2fb224ae38e80f943d598a1b74983c688106281f2e416cbb5327ab1be3a3bc5fec33f0ee4e07ce9819dbe779cecd4d185c92b2aac96b41b2f828b406bde1d6f1299245ffbabafdc7d1a99a66e77900b66266697bb7b80ac35d24e774233c26afaa75a2a87f260243a80148946e8fbc99996e068cc2d36a4fb5971a96d57bcf843d6b3f3b2144d1fbb05c943515f4ba03c932f7a131319a79061ea29d83b7ecb91ccf508b83372c7d8313e4d5afcdddbaccd2407f6a8b54940face4aaed38cb851777e509744032cb83661360e761ac6069466b753a95bd7a59c84ffe58ae4d7c9aecd66eace9420de34b81e802d6fe526e1c75d6c12dd59aa5ff4b2d3c0e2abeef31f88fcd2e6dfe8ba09ab9e247119246699c6e437cedeada99648bfe9148d1035183985c946877888c0f775c4aea727953a47f94bada2fbbca8f70c568ad0be80ec4cf875eba4cb87723ba1f478b72ad83212926dd3b7cc46673f73bb05f9e8f25949e2f66ae04c1620aee985ca12e56d5f44bd19a72149893f3ae69cfa75ebc7ef20c739820ffec87abbe74463d67b37762ce6857c5b124d33ed039ede2f5d2f077a193fc089ae4fc0579294f9a92edfcf46629344483c2e7438b908a4879c167c9b027394892c434acbd069d6c2ec09edfc2164718786fadbcc1d2bfc1e246393e7173ce07aa964b13f14e68c2f6e533b6a23a0520a5ec17171796e1995d63f2c13a8b8bb209d80c0763e2c67545549a72292358b4808f662287d68448d2c366cc9c2b8a3c0b6e1b13d5f8807a02fccd9dfdc5c7679e9ff09158fbb34aba8c25c1c7e33e3120df65bcc7f064a6e7dcb60d95fd96fb64b7e676cd8938f3bb25d2315a12357178d54e81e7907818e0a4b745c2df9c21022b6c7ded9155bc8d6246c34253a0338cef7f0cc27bb7e804f06e29bb77b44a1827a18e689f4a3866faf9771d89651f965abf3a25493aa4455c3c6c2f599dc066becb7028b64ffe44078fa4748c2c78ec850b7cb21a4d24e1e7c7f38c849289fd2adfcb8239d522a99a00da0007e742c8d503e3d1b58dc28a153eda70a20d470ec839e897a83a21dfc536be39d96782a3b9d1edc7e4739b6530a3712bc5df1fc2b5bdb7f49bad4b8cbc3aa4e669562438e7a3c70ae882e5b1182fdb0632e80495d3be1a6c8445fd14eed23b49e608d44be921d8932ffa06b8d602fb82f5b9d9d6202b93f8d61b239618d546dac46a95860551a059149aca3a24c14175d600204c1239d98079d9491c322750a1574814aa8e3be4da387cc835e106c658fc2dd0ee577fefd22a29c2d013b53eb019320003904b5cadb02bbde6e91c239dfbc4e2e3fcceb675d6a9d8336af0da9c9607a282c8c8ba0985577e551afcdb760fff40108079b9e581c2abe060dad36625a4917585d59d3fc8763cd621fccf4258cc99679c13d41cbf9883957b8ddf6d6caba72b0aceb212e643cc0fdcba9de86e1eea448bfd5c7e512cec5ccdf95399650e72e4f7617abd9207dc0c2a9bfdba2e81ce93e5a3649ac9a9652beb57a04fd53a939be0e7b068d4473be247a575754e07aec16301396f74c85769aa983d860da7c2b2e2278e76bf4b6077308bfe693378ea24ed27d977de5d6d8ea0f05e6cff120b8f68250fd100f3db46e9d0251669bee6b39a1f93df8e8236545ba2ceaa962e4eaf541346e037d1119f87204a3b471596b7e90719e5e6a3e6e2b91b7635d36d3cb7327eb646eeee8a7debb0b3ba38b80aceee46b64c5e42e5e19cdd3e2f16428c30908d3b359d6ac69c4f89954b1a70bdb817143e3d8a00dd37cf981a58a87763f426d6391d5664dedfd2e8bd380b2d1166f77af76861e587d49f802e2a14e70b704f07af77cb760ed424c086d72bee0c9dc3c2e4b492b5b1760c059c04a2704aa497c9751a278c347b69c5c7435d1c485bd4c97e58a3f626011906df4fdcd0aa679351c91de2102e870c1cc403662d69786f991c2a240bd71cb2d57168bf57b0d2c7b431c1f9c30f85be7cf7915503a8de4e83919317fe08c91925190c1e3d0ad0d573b2c3d9943a0d575625c46370056edbe80c1cfb5a672974cdfb0ea6dc9b9b098a612d80b0de0ba4fa904c35f4b94ff10bfe2f1f370abda53b510a024c629809d321eec82677c6e763363b5ce631e3af7f5f665f603ad9518d3aaf7d1b734d0373c1ee6847e7c653f236151d8a5a60c2dd4c10c72f9848d0ac845440adafda2fb2837dbfe03ba2d07af73d2954f88ce909ed313977566eaef727ab7cbc6391726001ac2bcf8bd373db47f5d13bd8e6b86be535b3aa22b008493334ef0448522a86db659b700503bcb6ee4e6dc7153564efcf1b4acf6dfb8160b52911d81260daea57af31001702b8af8fa0ea8eeb96762c4efb6b5feffadd5fcccccbe89e89c5feec66da53e0506f8e9a6813cdff6ed20ee2278b31fee5a695dd336c2622e796695ecb685bd198b473372e87910188c3e3013f8bed3f7efc0366905f4084227400ddff23fa7df48dca51bac9e800fdb89db2af70ff7bd368b60dcc6aab9686f6f660963770ffc1fa9bc981c414d25d541c59a7924f29a0e2c9280a835a428cde78233afe51ac83f98367bc0c4a7b9e21e5fee2bfa5c1d87f0fa90d80b6858819253f8a9b0013a5f74443421b39747ba5b19d8bad08075a6b8e34ef6c342fffbcf2893c999189f498c6823e61016b3fcc22ee3d4b2344a583eae003357937653c14679a9159a391bc0738e0181d76d523be9eea64e377240755b4311034328260eb477687a0da59c0a5a229e91344725244578f5c0155fa564edd7739be3492bf9b2cc538b9b80a016b984360d59f9281b29482d63f78846d26dbf6863763c93df4a4fb039a73fdfbf394bb93081fd2a50694f4fd2bc49719a6d770f8d4b9d5716b608b43ab0dd3298d7a713d6f1a716e03135bf09f9a748ff5aa6f5e60b0dce7b64ada58705acd9a73165dff3ca93398dda84372090e51bf4a8e69096fe3857142d4c708376ba93bb54b06f4b1993408798b9eead6d9643331f3c05d8e8678ef679f06d394cf5a4da2a3527ac795f2dc0802516b32da59a01c1ac2ec11db9af1509fae1d86c515207a280a572d06216f2945a011e7c75289e3b2b49d7bafe836256ac9baefb6eb004e4a866ce91aebee4621fa20a950e2a2f3d9922d31666ef92ea9f3ff620411b0459c4b3f4ef399828eb67794a5b53a6bb795aa1c7336797cd961c683ee413033fcc6c58571ced9f68cef105af395515cc7c060a33292e4d1916d6f48de7b3325b40eeb3ef8428be35392ebbd4191b46806c1e7976056b0dbcdce7bb7c2374ee7c62431005fe973bfe9f5d5c798ee57d00103769e835f1e3475dccb3ef0fd9b1c11055852096d9b2323f245c7840ad4604982b5b28a37902a680fc30fea97d300fcb2b8d530ebdb94480f3155fc34b12475ac26acbc54736a004301a218b5d3dd08d9260d67affd7ff0325e53df5f4525c988a8c0ddb52046aeb4e1a1258dbe96cc25cded12f75599d4b018d1c14a2279343eb6bb9ce8d7dd7882bb8caa9de9a925313b9399713391e86bf416440888fb9148d1c477b430adea2947d038367141a397adc892485a381ac3c6a9fa124985e82ed7f9b8f42ec53d0277b1344c55f6fff0a974e7a5e4292920c9719dd8d282022c47a9728b02260f19caa5764c9220014a22bc37f2d8636f50a5ba2f46a575c2bdaa696328266764e5f9703b96ea4a65bc977fbe560425c86ad9f603871742f482fe2c0cdede0683af35f0d5573462dbbac024ccfca6933dc40062a95e27c9ab6c1119850dd392df2368a1b0cacf253bd3ac6356f0ec501344b50ab169751e6c71e296f1ed203f53b73b96bf899afb71d07c595a11be99d14c9fb77a8ac1f08a8d835c748ae6bd39da83aca11c98c51c86b97e508ec4e0dfc9eeed67043e05c3e71d4d6f3363833097897bdc592803249ba0ffcb98235af38b3b2f978bc054f4583529787b7f7fa3e47db560e61297d06e9ac014a3e274e63823210117ef48d0921edbda569f13d21c202c76ae88171e4d6c969d0b0e90dc86ae705ab0b849b5ab6795f3b06fb1c535d494fc607aa13c88421c383d1fb357753fec058cf2b10bc660ca11a228969237b2b77236accc50dfc0f76f97c232996f6c778289c03a23c25220", 0x1000}], 0x8, &(0x7f0000002200)=[@iv={0xd0, 0x117, 0x2, 0xb9, "7bc39af846ededdd6c7002f8cdbd87b4eb0190079bd028b2722fc37424622dde82a6084c868624c4c4eb038d104431997ebfa093e9e37d27820791ea3c26a9945b894f4e8abea34362b348501f2fcd6a3080e052400e71433375d2c3f9c523e06c06a33ae246dfeaf585fc6cb353b58feb69da227ff18ccd5c7db5ebdfd10ed52c60bd55218d7ac2454720cd155330bbb53f00825f47d6872937a8eb805bf7a1c4cebfebc0147a0c25b74d0de7877fc7336434feaa1a60f012"}, @assoc={0x18, 0x117, 0x4, 0xbff}, @assoc={0x18, 0x117, 0x4, 0x4}, @op={0x18}, @assoc={0x18, 0x117, 0x4, 0x100}, @assoc={0x18, 0x117, 0x4, 0x7fff}], 0x148, 0x40}, {0x0, 0x0, &(0x7f0000003740)=[{&(0x7f0000002380)="395b83f2a1b53a486ff6cc51b75ba8509044b9aff89888328271bed24b6415e2c414a9c185457f891254e047c40874aa093f6d08ab9847d099295f31a2812526977b52008dc0313086c899eccd06d5852d208f7a0823f0d0cae19393f467895316d4f6c49e3d4b4f03377d7aeaa9f705e8771836", 0x74}, {&(0x7f0000002400)="e8c01ce2fe52350ce04ab0777ce21ea78965bf140c09d9eb1d7018594eb8c180e7721dac070bf025aaf2751df0c20927b68f7384b01ead8ca7ea7e46ac1afe1fbad1078b4e2db467565b99477cce8f0579c56dcb6024e58f2bd3fdf0", 0x5c}, {&(0x7f0000002480)="5994ebb191181e084310bd5c02ceb600f0dd7c6e27ac83f553ee726720e6b3178dec755dcd8c6df2403fb5baddb6d16ad4959ef3dbe894d9ef288b29a45384c090159f0e099e6dd7881efe185bd7fc642f253e91029b59f9d46f937c5e5f6decda733a8106a57c989c700b84e1aa90edb47f0db8dcb7a7e26e2bb38a2c5dc6ed8a42d3ae5e2b2380be47bcdaecdf59c81a5f688c132d0360", 0x98}, {&(0x7f0000002540)="d60f1987f05ec7ccdbaadf33656d91fd2e64051397255fe08dd96ab33e369de8e580a02e544d6bfe892142ea8c7ff46af69e7d127dad83748362dea08ab0c63edb599b174511b8a0cb9a2e457a37dcf6753de9ef7db1670af13758b95e3448a99ba7b9c00105d73dbe33ee4190eb3266b644d06df21d56019e0547a809711e323d4e8f9b127ea5c85c403681b056114494f49ba9f95eaeba8ab0fd47233141c21401b43dfaa17d801e4ed28a59a8ae134b3e1e5faa77de2387968866a03bbd1da833bcc80e487af2f889bcbfb0e07b3b85d740c3e1e6b8c1230b7b305c", 0xdd}, {&(0x7f0000002640)="f1e7b1be12e8c5e610159285cd56a786367cce120136fa389fff1587cbd04e8b7589e478e2fb9dd1265f5e911843a3208798955f067a711bad226fe7a71076d06b37109e5b68be8840bf7cebd864ce183be60d615f85d3339776ef48bf11ad14f971a6a0034d7865071756462adec69b34a0f7d9639415ef1e4684d73c7f1f530eab679d4c657283ecef8a8ec63e7ff8211889d7678a6b9652ca3cc82dae5b4bbf04fd91eed99073ada51038ceb46393502e1198c2c90d194d0d5ee40e5740908a400f99c8b330b545d9deb1af7a8cda0a90cf43427467eb4c7f73b819857bac04cf3bb6b83f628fb49fb491aab0f91a2076e9bcb8ecc5e91aa50db2139e52e35c6c8b5750cd5c168eaf796e719b1cfd93a8b81c92a886b9c2f8aa6c75f5e1d12a8a018ea316d509413e6ced10eace67e74d8549a707392ed3c1b8576688d71f7fe605813a79b4f321539f0784181cfbb115c8fd53da767765f7665e590418584599adfbeba1598292c3996f0706ce8700d9ca6fba63b50578351ab72536bb9daa4e27e8372b61f09afe79ea44cd7c4eb813bfffc2ab45005d56a2c8c563276579c246de25d388f4b894b5c848211852e93c177a3f714d13d58c469be894f23fedeb4656a97a6ad9b37b52d91ceb4db5cd73308c4b30be21ec9d923ce6f7242882c450d0491ab2251e3bc104a44cec31f1d43d2dd40e400194fb48be02c8e33668af12fb3b5eb521295126bd0824e2e6d7f71685b6fe88e6c78cf79d9fb35e30ff48e5b3be1029a5089582031424082d0f49e9ac0681395d9fcaa50d28cd07779aa315949122fa32b790816838e2c35cf7c0aae768f33bd8fe9d84fb6ec8ce0de263d3dae618c1868cf87d34b5018b4fd513acaf31e6d9f881a84b654055924410e551ad6a5734dc64d7c633fbc85743353fae2e62a8460f1309e621fbbb9ee785c8b21a67813386c0da427b2d937c634b8623a664f906206aa7dd74daf63511c390dd1bc8b7d6552a2cd27079af2f27e0e5c4a9ebbe6a881f38538f583b3e5b6135107cf2beb3ab10772c597b65f045410b9cb85bb4b004f05a03eeb3ff97ab36ee652b076482eea6a5341672665c33647a47d5c54978022e8835351448b46d27e791de39e6b4cdc0a63da6182c8e68c1cf8b282825fb75257c4d9c898fd10cfd4affa2eb6911eefd545b4fbe21e827ee8360cd81560b15d7c54294068ac51fc98318fab5c409c987780bf6978bc662b59b7f66836dd2847f3664f32a97d3b6d9d6a250c607ef1b37ee955c4f0ebd7991962ef9b4a485089d1c2f2dbbd2e8d62a3ac1e8a8179b6862b2116a3917b750fd4ec605f5def8997d27399c7f45ebc2fcf9820f47bd7b98e30417e47ba97d36eb8eff977f7ebc4f8b45e3f7a6354cda7608cdfcd44caf05869923985dd48af76f2034d32738be1102b33ff1bda3ca690887eac18be3a96999a5234c10cb5280e84e69a59d5578587bed401cab64a6491eaad0f1502f232c7d8061512062fe82e05774dd0ef708a16b53e3239e3c55102c119fd542da4a19b0e680f1e875c1c2e03a78d4b12c6aa5ea45125d17a15850d6007f9b2c36773466fe824bb9e9719d17df08cff83dabd1567f16aba9f5bcc5aa9b4e3d76ac12da19013a781732c4e2ffc383a9d1ff648fe5dcfcbd2a5786571ca72bc01bafd63d981e84670f7f2ee097d4212adbe3ef9a06e6ae8032072599b3d128ac1db7648591fb5bee9e0a95c0d6a8a8b3f521b6fd402f69573a0ded8e1b3d3b6aefb35a21265178dec0fd78811a243630a41b5bc20e6cba1e54fbbc10bf213b9c545bbe7eec442e6c85390616f02b2d4ebb92041411761afe4246dd1611c569315d74aba3844d5db9cbda8c862ee354bbb0bab74364d110b98d5fbd5fb7f1d3669bc2a2181897ac5f898f82971bc8cafb89f3df3b74b4d533f17f21f7b146667f38331b114a1e5b84c473d4bdcb1ed644e4a438a5bd9c3397946e569884a9be41b5ad0a6c7794252ed8375d7d9436c4766272213856679ec408e93fc22dff656e13e3ee61e3402cbadf127f74db7c75ac1627c4ad02dbb38bf1d49ff863b0ced6efe5ad771311dc450bf96ada343237ac1aef3be3bcf6ee858571c06e9779f86ebbe53deeecd58bb966f7877f254936f00e75bcf73d557e34b0a8d4a2bcdc0dde484084be751fd7f4350b4cb95e8626317a4df43ca625e1aeb270fc030f723b750c362ae818295b96a7c07cc8a4115de8b019c336e8684404ef17b5028ffcdf29085fbf3edc87696d8e17572c80ebc4fb9f5ad4a4cc5789690253f98a1e068a55de325d79e09800e6ff440009461bec03d5b18b96fe8b3a06e96bbcf3689b10267308d0b6261eee54f992f037f0f886cd38be4e76bf5ab8c46b2e478a8e340b0751ad8bd11ed759873acaac20fca6d3169b7e88d8a7f69e435c386356755a18a1e28e5b2bab85276c746271b7d86c7fc7139ab603f629bc863ac7be15768370ae582cca55e5f76e06b84a54c0311a22ca6e207422cae893b511ec4fa326500952a0e4b25516c2bd8eb4df886c76de06e9c238da8aa5239f0afc5aa4ff8a873344e8dfd2853701147fb94731d2abb8263096c2346b17828095a3944e9806e07b4c9c0a3bea88614705016799cf27c52d84456422ceaa97a6bd694a28174ebb8819565dd9c0e9fbc40ea30969e9b64c5445e7e3476ff0fb96422cdd5a12cfaf4d4977805410e45c4406e175f1ebd6bc57c0e02b4b358836d87cb4b6f2a728c35f228fdbd7660e6bb94153edc56352582f95fa31e80085f40b4a075bc25d6762260c4ab690d3f6027a63b730f52e744b9ffd451b3419c8df1dbbdbcbfbf66096ad35741e062e971c5895be9744534b3af9d220796420bc84bc77eff70d82bf978935ad5d825863f7a273c790612b209bfd207a6592b531c94dae6253d8ec1c45b4f5cf6fafed9c8168ab036635d932c2334d3424c38f7b26879af179b5c84ba426e115d4b02041a33ce78d2b1474e23dd18ac1580278400796f8add60955ab34a475c4c92297ee828bdcc9b504869d74ec03664a9a7fe5caa9767f9f0c795cf1c2607c12cb60984b913d02a9a6fe232c98fd633bb73c792960331d977781e7b6e65f20a06927bdf1a466940be37393edbffe7d647fa3bd97d5bc954c78e46addae0ec858aac99986da0a8f076508795366fbbdd54d8f5e310964ce74245ec98471120515d25b37b634164ecb02ebefe764e6f3c295c68950e1c3c30621d38757424b7fac4b83f8150bf6429b18092892ad24b43635294f023afeac2ae6d685383de0afd5903d3b5836c211d40ab0589b0dc8908573a6175908a273c17bac5ca2708b79fe79a986ea2c40e4463ae7e26d6f95028af67b08d5594dd4ddce3bc4eb8f716f74ae193bfd954ad836428033b21e67ad9e54c7ba8e8c87376db58f0dd0b8d5e339d0d281fa4a62bdb071b73282225923b07ee3e219e135d25141acdf9f7934079e253f9ec02e629bb7669f46143a2bc4426f13be63af0eb1bc23312e1c07155c5624699e82a678c5ff362f30be2296f10fc79ac430c907e8e91a35b8c69ddd7c11e631eba337ebd9c05ffb1b2045523d504a5a911033e8cd41732baf4e0af3c1ca29a332439134b18869742cb6ed3c7c68acd1780360125204f9806c4e9ef7db440a2c2cc965f22fa2595b21253582fbe3ee591d5814118d0dca6b4705d081e797b40bc36feec63ab815c7e756759005de1f362d42621b38f2c8f97e6ca31df284e35a72ab4920dd3508eed6c20c09d6012adfe388acf89eb0225ec6e8a8edd75d8cf04923398fed6d47e852401dedf9a6c84bf809943cdc7378bd5c5964382dd3d1bf861f006e60e7c523e9b0293b8d0a17654735b9dc38a50c12d3eb8afff4e6d95d964a3f78c3b642c0a61b206d60f6d60a3348f82518d1789221f31f9fa9bd6f5fe5556dccb08ee83e6150c30018334e605b4cd75582514147b1018065f2a678074c3677c7f4b1b407196e4d8758416de73b07ff26812a6cd351dbc5b59527314657520eef1ab70d72d3d2495bcd28d3685e362d3466540022e093373a98ce3e2610516e62dd90f8ba53abecc3447c5e3d5ba432b1cc5c8b9c1f29a2f53c5062174b3839a4b750fbf08c2b90575328ae325dadaaf54bc40b8e2713a2bbdf673f6537194bbdcca9617afad3b139734a04a34952c6ac516919a48bc2cc97eb73504f3624497982165b5b2bcbee66c2244fda95df6cd44c2f228a0f792199b03c235263dc7f91127a2540c5f152379e49ae94ec22d177e679464f905ff103a730c858047eaab6d68a89aa15434c435027a05278c78a401df23ac7dddb85cb9f3e72ed2089ae720de9f0885cec2c44a862ba376bfc44298317e3e3242083a9de7caa0c69e280c525b8599d927471b7c55cc1f6762059f6d934edc53971b0c66db45abe0b962107f4c64f1b4325e5758be329d03643393ca351bba7085d9fae8e6e209081edd9e43a36d1b8530c661e5de921da1bac4b8ba9b0d0683f2a236b9c5d54dafcc29fda98a41f2db35c969e9fcec05cbd4c2bd8ca9715a980cb5498d12756c81337180064663001fa0052d1760ba97d919940816b4b0fd9c8cfe8e1eba57ec185de004a09541ef84c1c83f79ada1b06db0fd41e4235d9eb286dde29952a39f8b825b2bfe42d629890ae4ceaaa6f7cc06198ba872a4f47e603797c791721e726727936eb27e3162377071613d6b6a4ba22da65e6171afbc373e6eb212b81bf5181ab7408dfc6d88aff448ee39fb587de54620798979e4a7b90b2131a7435bba74be4ec0a84c1724e16fd71c9f9bc14b50be3eca358350e011cc48bd81c03ea7606ae0a2eed5859d51555e5f7f0fb555b9781135b0ea70a239419c2fb458f2f792d299c6543b723a43b8986f1946fc6b31029f6062e98c7ffc0eb972e6cdef5d0ad2cae0968c35168556c8f99152f65b26d46e9e55df0034f2a9cf68f21d823f5b6ca3ef8d1673c9c0558263c0999d7db6f30d44c0f15e2450cefd8635eda3f532026cda1c8a4b0d4bed9a751749ace824a7ed20428fed2ed5a5c45385efabfb2e5aa113d9d85ab72b2f2e03e9d66fb7c06de4d821a4a6e259d99a0c64ff9090796a26b78613d5ac1b5c61e896ada16ab7352225b81261568e9f0473614680d8b5cff18de22214860bfddf563421488346ed6250afcbf8950299cc811076ca9353fb955f98c48bd6aed4909333ad73a56724bd78e46d13b7df599ffc3749b08be3d1746381367459d9705d087570785a69a8620769a307d5c15eb4ff4a5ef2ed2493231ebcc7eb40b25a560231196ae2c13e768525a246a5ac5f41b1d0735bfe69f472a231b2ea9575c91bb537843b23ea10156e8a9a2cf7bc728c4c39a5e74d49e0e0a6cf12e4295a2a38d77311e36fd9f4bff9838dd4d309f13727879cb62e1ba637f376b5900cceead2dbb440777504b262c7d88ad5e73419ad3cce41c28815b062957d63842bb4220903ba16a00e5166bc0adae3a29832f94f0b4b4a3d2cfd126120789e4bea61736dbf1a590296e241787422d6a074cd93b560d85293afaada4c14dee12e3015740af9fc8ab26cb0fa59f6d13880c3151d96a34b5fa28bc01e653b7541e5b3ac1847d9f78fb795c2045b0ddd75ee2d64fab2044bd13aed18a8691a4370c7f935987b548b0b9a439b536d58920db7fd0cfb07e7d26fc0cb5da1d1656aab3f980b0abec0b195d915767b2a238ca25513d701e8c01e3a8bcdf683e66999fcc460b044d195832611185fe95153805b82e03", 0x1000}, {&(0x7f0000003640)="fa5527efe4294e55675b8a45a29d2ead87a8de7dd027a348dc286ea92b69e43c4f9367fc2d1b891efde4c44963cb68d7dd65bcf797b12f53396db87d4faa1a83ef15e1be200be40c88515e0ee85cd6e6654e82261c4da42a3a055bd119025c6f39ec64430e19365425c7d8ddb93fba7af37381a541d9fb26dc975c38809af807fe98d1b3bc6d7a1d00aa6d49c2f76f63d50ecba69c0f2442d5dd6987442a09ba91078587d65c3924d3ff20bea1b3450f625845481ca8af918d64c15da92f2298bdb459eee4f20b2f62d1de456d1ad8e3b8", 0xd1}], 0x6, &(0x7f00000037c0)=[@op={0x18, 0x117, 0x3, 0x1}, @iv={0x78, 0x117, 0x2, 0x60, "a6211bcf6faeebb5a010c3e94340a6e408694e576688b400ca1c295cf75442bf4761335bb72f80e2b7b9c453a9e15de390045302cc92a0af8cc6e50b96b94bb5bd68c51c1751c7630bd1c605bc2538b59246a69e2f7271c8a0b43f118c8f2b71"}], 0x90, 0x800}, {0x0, 0x0, &(0x7f0000003900)=[{&(0x7f0000003880)="68af4e20f23792b50e4bde5e6c0a7c45669f8faefbcf4f6030b163e080ccdb95940527c0c73018b34163b58e3545b3dcd2254b1f5412865f0f9c0200480352fc14da177a", 0x44}], 0x1, &(0x7f0000003940)=[@assoc={0x18, 0x117, 0x4, 0x6}], 0x18, 0x4000000}, {0x0, 0x0, &(0x7f0000003b80)=[{&(0x7f0000003980)="56e8241779e19a78c2212bcbb99c109e7b06fb602230f4abede37b513d066c97dd0953948c933ff5c16afc7fa047c2b5e9dfc16069db25fe89927843eade0f9646840d98b37d1d54655369007b8220f273984ee75b207d3c151f8cc21383e61295648463f8b73ad8def82dec0d49b083e3ac9cf279ec9ae9", 0x78}, {&(0x7f0000003a00)="a1bd368a9304275e84df9cba2e20e3e84b63854795b683c464124ebf2dcfb98a92895d0f362449271b5d4f260edd950b1194e7bf445fa6e85ed24d5f8e2bbbf4a1fd96b3ce5ac431e8dcfd3008acc172d8cfac412ddca956f73ead818b84c8a904043d3091a4047fab1a3d91d118544398a01c8917882befec1b0733b4309b3cbfb59229c295231b488928bac2ae34b77a2a4abb4d4f3d4d729a9ffee81ced5c31268bb612fbea3fe7c5653f0de1420843291bc0ab5257fc", 0xb8}, {&(0x7f0000003ac0)="d418f1e74693dcd9c75dadf0dd5a321c989278a79322b134a00706aa591c6459192c78a729466a03c74bfb2e2a566de2f6", 0x31}, {&(0x7f0000003b00)="f28be3d1259958a4c7dca841d3e3886f8691ad6bf2e0a67c69514c67d08df4c1ee8a8002a3a46ce7e0b3e5321bbae0cc4010319475624525e3", 0x39}, {&(0x7f0000003b40)="1e2edbbb6e2aa24c475276ca2e2f85aca68d979196d52ebe43b798a1652fbf06a916beac9dab5bc1ea5cb0b8a7c2", 0x2e}], 0x5, &(0x7f0000003c00)=[@assoc={0x18, 0x117, 0x4, 0x1}], 0x18, 0x4008000}], 0x8, 0x80) tkill(r0, 0x1000000000013) 12:27:20 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00'}) bind$packet(r0, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:20 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) ioctl$BLKSECDISCARD(r0, 0x127d, &(0x7f0000000000)=0x1) fchdir(r0) r1 = open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) setsockopt$IP_VS_SO_SET_ZERO(r1, 0x0, 0x48f, &(0x7f0000000040)={0x2f, @empty, 0x4e21, 0x4, 'wlc\x00', 0x8, 0x4, 0x14}, 0x2c) 12:27:20 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:20 executing program 1 (fault-call:13 fault-nth:74): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:20 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r2, 0x6, 0x15, &(0x7f0000000080)=0x8000, 0x4) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) setxattr$trusted_overlay_redirect(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)='trusted.overlay.redirect\x00', &(0x7f0000000440)='./file0\x00', 0x8, 0x2) write$binfmt_aout(r3, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000380)='/dev/sequencer\x00', 0x2000, 0x0) fcntl$dupfd(r2, 0x0, r2) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) ioctl$KVM_DIRTY_TLB(r1, 0x4010aeaa, &(0x7f0000000340)={0x4}) getsockname$netrom(r2, &(0x7f00000002c0)={{0x3, @rose}, [@bcast, @rose, @rose, @default, @bcast, @netrom, @rose]}, &(0x7f0000000000)=0x48) 12:27:21 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000080)={0x16, 0x17, 0x1, {0xd, './file0/file0'}}, 0x16) getsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000000), &(0x7f0000000040)=0x8) [ 808.914659] FAULT_INJECTION: forcing a failure. [ 808.914659] name failslab, interval 1, probability 0, space 0, times 0 [ 808.934392] CPU: 0 PID: 21269 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 808.941559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 808.950933] Call Trace: [ 808.953530] dump_stack+0x138/0x197 [ 808.957149] should_fail.cold+0x10f/0x159 [ 808.961301] should_failslab+0xdb/0x130 [ 808.965269] kmem_cache_alloc_node+0x287/0x780 [ 808.969853] ? __dev_queue_xmit+0x1e29/0x25e0 [ 808.974364] __alloc_skb+0x9c/0x500 [ 808.977979] ? skb_scrub_packet+0x4b0/0x4b0 [ 808.982287] ? trace_hardirqs_on_caller+0x400/0x590 [ 808.987305] alloc_skb_with_frags+0x86/0x4b0 [ 808.991709] ? check_preemption_disabled+0x3c/0x250 [ 808.996719] ? retint_kernel+0x2d/0x2d [ 809.000594] sock_alloc_send_pskb+0x5db/0x740 [ 809.005084] ? sock_wmalloc+0xf0/0xf0 [ 809.008890] ? lock_downgrade+0x6e0/0x6e0 [ 809.013045] packet_sendmsg+0x16c4/0x5a70 [ 809.017357] ? avc_has_perm_noaudit+0x420/0x420 [ 809.022027] ? check_preemption_disabled+0x3c/0x250 [ 809.027033] ? retint_kernel+0x2d/0x2d [ 809.031006] ? rw_copy_check_uvector+0x1f1/0x290 [ 809.035754] ? packet_notifier+0x760/0x760 [ 809.039979] ? copy_msghdr_from_user+0x292/0x3f0 [ 809.044743] ? selinux_socket_sendmsg+0x36/0x40 [ 809.049417] ? security_socket_sendmsg+0x89/0xb0 [ 809.054238] ? packet_notifier+0x760/0x760 [ 809.058547] sock_sendmsg+0xce/0x110 [ 809.062252] ___sys_sendmsg+0x349/0x840 [ 809.066220] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 809.070966] ? trace_hardirqs_on+0x10/0x10 [ 809.075187] ? check_preemption_disabled+0x3c/0x250 [ 809.080207] ? save_trace+0x290/0x290 [ 809.083993] ? __might_fault+0x110/0x1d0 [ 809.088044] ? retint_kernel+0x2d/0x2d [ 809.091915] ? __might_fault+0x110/0x1d0 [ 809.095975] ? find_held_lock+0x35/0x130 [ 809.102522] ? __might_fault+0x110/0x1d0 [ 809.106601] __sys_sendmmsg+0x152/0x3a0 [ 809.110561] ? SyS_sendmsg+0x50/0x50 [ 809.114263] ? lock_downgrade+0x6e0/0x6e0 [ 809.118402] ? __mutex_unlock_slowpath+0x71/0x800 [ 809.123248] ? check_preemption_disabled+0x3c/0x250 [ 809.128264] ? wait_for_completion+0x420/0x420 [ 809.132925] ? __sb_end_write+0xc1/0x100 [ 809.136982] ? SyS_write+0x15e/0x230 [ 809.140696] SyS_sendmmsg+0x35/0x60 [ 809.144394] ? __sys_sendmmsg+0x3a0/0x3a0 [ 809.148623] do_syscall_64+0x1e8/0x640 [ 809.152506] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 809.157426] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 809.162607] RIP: 0033:0x459879 12:27:21 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00'}) bind$packet(r0, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 809.165785] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 809.173657] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 809.180915] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 809.188359] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 809.195617] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 809.202876] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:21 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:21 executing program 1 (fault-call:13 fault-nth:75): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:21 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00'}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:21 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) removexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)=@random={'system.', '\x00'}) 12:27:21 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./bus\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/capi/capi20\x00', 0x200000, 0x0) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r0, 0x12, 0x2, &(0x7f0000000240)=""/2, &(0x7f0000000280)=0x2) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000000c0)={0x0, 0x0}, &(0x7f0000000140)=0xc) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000340)={{{@in6=@empty, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in=@empty}}, &(0x7f0000000180)=0xe8) mount$9p_xen(&(0x7f0000000000)='mime_type.\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x4000, &(0x7f00000004c0)=ANY=[@ANYBLOB="7472616e733d78656e2c646562756f3d30783030303030303030303030c830303030382c63616368653d6d6d61700b6163636573733d636c69656e742c76657273696f6e3d3970323030302c756964", @ANYRESDEC=r1, @ANYBLOB=',smackfshat=,mask=MAY_EXEC,audit,uid<', @ANYRESDEC=r2, @ANYBLOB=',permit_directio,smackfshat=,pcr=00000000000000000062,\x00']) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r3) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:27:21 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00'}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 809.393566] FAULT_INJECTION: forcing a failure. [ 809.393566] name failslab, interval 1, probability 0, space 0, times 0 [ 809.410468] CPU: 1 PID: 21295 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 809.417711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 809.427084] Call Trace: [ 809.429678] dump_stack+0x138/0x197 [ 809.433330] should_fail.cold+0x10f/0x159 [ 809.437511] should_failslab+0xdb/0x130 12:27:21 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 809.441509] kmem_cache_alloc_node_trace+0x280/0x770 [ 809.446632] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 809.452108] __kmalloc_node_track_caller+0x3d/0x80 [ 809.457054] __kmalloc_reserve.isra.0+0x40/0xe0 [ 809.457066] __alloc_skb+0xcf/0x500 [ 809.457074] ? skb_scrub_packet+0x4b0/0x4b0 [ 809.457089] ? __local_bh_enable_ip+0x99/0x1a0 [ 809.457100] alloc_skb_with_frags+0x86/0x4b0 [ 809.474275] ? trace_hardirqs_on+0x10/0x10 [ 809.474289] ? __local_bh_enable_ip+0x99/0x1a0 [ 809.474310] sock_alloc_send_pskb+0x5db/0x740 [ 809.474326] ? sock_wmalloc+0xf0/0xf0 [ 809.495815] ? lock_downgrade+0x6e0/0x6e0 [ 809.499996] packet_sendmsg+0x16c4/0x5a70 [ 809.504160] ? avc_has_perm_noaudit+0x420/0x420 [ 809.508857] ? __might_fault+0x110/0x1d0 [ 809.512942] ? find_held_lock+0x35/0x130 [ 809.517034] ? __might_fault+0x110/0x1d0 [ 809.521098] ? rw_copy_check_uvector+0x1f1/0x290 [ 809.525876] ? packet_notifier+0x760/0x760 [ 809.530113] ? trace_hardirqs_on_caller+0x400/0x590 [ 809.535135] ? check_preemption_disabled+0x3c/0x250 12:27:21 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) getsockname(r3, &(0x7f0000000200)=@ethernet={0x0, @link_local}, &(0x7f0000000000)=0x80) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 809.540148] ? selinux_socket_sendmsg+0x36/0x40 [ 809.544811] ? security_socket_sendmsg+0x89/0xb0 [ 809.549556] ? packet_notifier+0x760/0x760 [ 809.553780] sock_sendmsg+0xce/0x110 [ 809.557595] ___sys_sendmsg+0x349/0x840 [ 809.561581] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 809.566436] ? mark_held_locks+0xb1/0x100 [ 809.570598] ? trace_hardirqs_on+0x10/0x10 [ 809.570608] ? trace_hardirqs_on_caller+0x400/0x590 [ 809.570618] ? save_trace+0x290/0x290 [ 809.570629] ? retint_kernel+0x2d/0x2d [ 809.570642] ? __might_fault+0x110/0x1d0 12:27:21 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 809.570651] ? find_held_lock+0x35/0x130 [ 809.570663] ? __might_fault+0x110/0x1d0 [ 809.579913] __sys_sendmmsg+0x152/0x3a0 [ 809.579926] ? SyS_sendmsg+0x50/0x50 [ 809.579943] ? lock_downgrade+0x6e0/0x6e0 [ 809.579958] ? __mutex_unlock_slowpath+0x71/0x800 [ 809.611583] ? check_preemption_disabled+0x3c/0x250 [ 809.621420] ? wait_for_completion+0x420/0x420 [ 809.621432] ? __sb_end_write+0xc1/0x100 [ 809.621448] ? SyS_write+0x15e/0x230 [ 809.621464] SyS_sendmmsg+0x35/0x60 [ 809.621473] ? __sys_sendmmsg+0x3a0/0x3a0 [ 809.621488] do_syscall_64+0x1e8/0x640 [ 809.621497] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 809.621513] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 809.621520] RIP: 0033:0x459879 [ 809.621525] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 809.621535] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 809.621539] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 809.621544] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 12:27:21 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f0000000000)={0x0}) ioctl$DRM_IOCTL_LOCK(r2, 0x4008642a, &(0x7f0000000080)={r4, 0xd7f405b428dd709a}) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:21 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 809.621552] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 809.695679] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:21 executing program 1 (fault-call:13 fault-nth:76): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:21 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00'}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:21 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:22 executing program 4: r0 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x8000, 0x200) ioctl$VIDIOC_G_SLICED_VBI_CAP(r0, 0xc0745645, &(0x7f0000000200)={0x7, [0x1, 0xfffffffffffffffa, 0x9, 0x1, 0xfff, 0x1, 0x5, 0x4, 0x800, 0x0, 0x2, 0x8, 0x0, 0x400, 0xfffffffffffffffb, 0x7ff, 0x9, 0x3, 0x1e, 0x100, 0xc21f, 0x5, 0x4, 0x4, 0x1, 0x1f, 0xfffffffffffffff9, 0xeaca, 0xd5, 0x2, 0x8001, 0xffffffffffffffff, 0x3ff, 0x7, 0x8, 0x1f, 0x1, 0xfffffffffffffffe, 0x20, 0xffffffffffffff80, 0xa67a, 0x0, 0x1f, 0x8, 0x3, 0x5, 0x8001, 0x5]}) r1 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r3, &(0x7f0000000340)=ANY=[], 0xff0e) close(r3) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r4, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r2, 0x0, r3, 0x0, 0x100000000, 0x0) write$binfmt_aout(r4, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 12:27:22 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:22 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000000)={0x0, 0x7}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000080)={r2, 0x9}, &(0x7f00000000c0)=0x8) 12:27:22 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 809.900813] FAULT_INJECTION: forcing a failure. [ 809.900813] name failslab, interval 1, probability 0, space 0, times 0 [ 809.936230] CPU: 0 PID: 21336 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 809.943387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 809.952752] Call Trace: [ 809.955365] dump_stack+0x138/0x197 [ 809.959013] should_fail.cold+0x10f/0x159 [ 809.963174] should_failslab+0xdb/0x130 [ 809.967160] kmem_cache_alloc_node+0x287/0x780 [ 809.971755] ? __dev_queue_xmit+0x1e29/0x25e0 [ 809.976267] __alloc_skb+0x9c/0x500 [ 809.979904] ? skb_scrub_packet+0x4b0/0x4b0 [ 809.984236] ? __local_bh_enable_ip+0x99/0x1a0 [ 809.988827] alloc_skb_with_frags+0x86/0x4b0 [ 809.993303] ? trace_hardirqs_on+0x10/0x10 [ 809.997546] ? __local_bh_enable_ip+0x99/0x1a0 [ 810.002142] sock_alloc_send_pskb+0x5db/0x740 [ 810.006647] ? sock_wmalloc+0xf0/0xf0 [ 810.010452] ? lock_downgrade+0x6e0/0x6e0 [ 810.014607] packet_sendmsg+0x16c4/0x5a70 [ 810.018757] ? avc_has_perm_noaudit+0x420/0x420 [ 810.023427] ? retint_kernel+0x2d/0x2d [ 810.027318] ? __might_fault+0x110/0x1d0 [ 810.031382] ? find_held_lock+0x35/0x130 [ 810.035448] ? __might_fault+0x110/0x1d0 [ 810.039517] ? rw_copy_check_uvector+0x1f1/0x290 [ 810.044286] ? packet_notifier+0x760/0x760 [ 810.048532] ? copy_msghdr_from_user+0x292/0x3f0 [ 810.053299] ? selinux_socket_sendmsg+0x36/0x40 [ 810.058065] ? security_socket_sendmsg+0x89/0xb0 [ 810.062828] ? packet_notifier+0x760/0x760 [ 810.067147] sock_sendmsg+0xce/0x110 [ 810.070863] ___sys_sendmsg+0x349/0x840 [ 810.074834] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 810.079599] ? trace_hardirqs_on+0x10/0x10 [ 810.083832] ? retint_kernel+0x2d/0x2d [ 810.087813] ? trace_hardirqs_on_caller+0x400/0x590 [ 810.092844] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 810.097611] ? check_preemption_disabled+0x3c/0x250 [ 810.102635] ? retint_kernel+0x2d/0x2d [ 810.106542] __sys_sendmmsg+0x152/0x3a0 [ 810.110546] ? SyS_sendmsg+0x50/0x50 [ 810.114266] ? lock_downgrade+0x6e0/0x6e0 [ 810.118420] ? __mutex_unlock_slowpath+0x71/0x800 [ 810.123265] ? check_preemption_disabled+0x3c/0x250 [ 810.128322] ? wait_for_completion+0x420/0x420 [ 810.133002] ? __sb_end_write+0xc1/0x100 [ 810.137071] ? SyS_write+0x15e/0x230 [ 810.140801] SyS_sendmmsg+0x35/0x60 [ 810.144429] ? __sys_sendmmsg+0x3a0/0x3a0 [ 810.148755] do_syscall_64+0x1e8/0x640 [ 810.152644] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 810.157495] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 810.162690] RIP: 0033:0x459879 [ 810.165884] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 810.173597] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 810.180857] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 810.188116] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 12:27:22 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:22 executing program 1 (fault-call:13 fault-nth:77): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 810.195377] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 810.202719] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:22 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r1, &(0x7f0000000340)=ANY=[], 0xff0e) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) syz_init_net_socket$ax25(0x3, 0x2, 0x7) connect$inet6(r2, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) write$binfmt_aout(r2, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 810.336435] FAULT_INJECTION: forcing a failure. [ 810.336435] name failslab, interval 1, probability 0, space 0, times 0 [ 810.392200] CPU: 0 PID: 21369 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 810.399356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 810.408721] Call Trace: [ 810.411326] dump_stack+0x138/0x197 [ 810.414980] should_fail.cold+0x10f/0x159 [ 810.419138] should_failslab+0xdb/0x130 [ 810.423123] kmem_cache_alloc_node_trace+0x280/0x770 [ 810.428332] ? check_preemption_disabled+0x3c/0x250 [ 810.433355] ? retint_kernel+0x2d/0x2d [ 810.437245] __kmalloc_node_track_caller+0x3d/0x80 [ 810.442193] __kmalloc_reserve.isra.0+0x40/0xe0 [ 810.446864] __alloc_skb+0xcf/0x500 [ 810.450490] ? skb_scrub_packet+0x4b0/0x4b0 [ 810.454814] ? __local_bh_enable_ip+0x99/0x1a0 [ 810.459400] alloc_skb_with_frags+0x86/0x4b0 [ 810.463807] ? trace_hardirqs_on+0x10/0x10 [ 810.468129] ? __local_bh_enable_ip+0x99/0x1a0 [ 810.472724] sock_alloc_send_pskb+0x5db/0x740 [ 810.477225] ? sock_wmalloc+0xf0/0xf0 [ 810.481029] ? lock_downgrade+0x6e0/0x6e0 [ 810.485183] packet_sendmsg+0x16c4/0x5a70 [ 810.489427] ? check_preemption_disabled+0x3c/0x250 [ 810.494534] ? retint_kernel+0x2d/0x2d [ 810.498430] ? avc_has_perm+0x2df/0x4b0 [ 810.502413] ? packet_notifier+0x760/0x760 [ 810.506653] ? copy_msghdr_from_user+0x292/0x3f0 [ 810.511584] ? selinux_socket_sendmsg+0x36/0x40 [ 810.516257] ? security_socket_sendmsg+0x89/0xb0 [ 810.521009] ? packet_notifier+0x760/0x760 [ 810.525251] sock_sendmsg+0xce/0x110 [ 810.528971] ___sys_sendmsg+0x349/0x840 [ 810.532950] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 810.537717] ? trace_hardirqs_on+0x10/0x10 [ 810.541949] ? retint_kernel+0x2d/0x2d [ 810.545835] ? save_trace+0x290/0x290 [ 810.549637] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 810.554400] ? __might_fault+0x110/0x1d0 [ 810.558472] ? find_held_lock+0x35/0x130 [ 810.562547] ? __might_fault+0x110/0x1d0 [ 810.566629] __sys_sendmmsg+0x152/0x3a0 [ 810.570609] ? SyS_sendmsg+0x50/0x50 [ 810.574338] ? lock_downgrade+0x6e0/0x6e0 [ 810.578479] ? __mutex_unlock_slowpath+0x71/0x800 [ 810.583314] ? check_preemption_disabled+0x3c/0x250 [ 810.588333] ? wait_for_completion+0x420/0x420 12:27:22 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) r4 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) ioctl$SIOCGIFMTU(r1, 0x8921, &(0x7f0000000000)) ioctl$LOOP_CTL_ADD(r2, 0x4c80, r4) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 810.592902] ? __sb_end_write+0xc1/0x100 [ 810.596967] ? SyS_write+0x15e/0x230 [ 810.600684] SyS_sendmmsg+0x35/0x60 [ 810.604293] ? __sys_sendmmsg+0x3a0/0x3a0 [ 810.608452] do_syscall_64+0x1e8/0x640 [ 810.612327] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 810.617187] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 810.622562] RIP: 0033:0x459879 [ 810.625736] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 810.633441] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 12:27:22 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x141043, 0x0) 12:27:22 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) setsockopt$inet6_MCAST_JOIN_GROUP(r2, 0x29, 0x2a, &(0x7f00000002c0)={0x2, {{0xa, 0x4e20, 0x1ff, @mcast1}}}, 0x88) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) socket$inet6_tcp(0xa, 0x1, 0x0) recvfrom$inet(r2, &(0x7f0000000a80)=""/4096, 0x1000, 0x140, 0x0, 0x0) 12:27:22 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 810.640717] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 810.647993] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 810.655287] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 810.662547] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:22 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:22 executing program 1 (fault-call:13 fault-nth:78): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 810.816088] FAULT_INJECTION: forcing a failure. [ 810.816088] name failslab, interval 1, probability 0, space 0, times 0 [ 810.832819] CPU: 1 PID: 21403 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 810.839968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 810.849424] Call Trace: [ 810.852059] dump_stack+0x138/0x197 [ 810.855703] should_fail.cold+0x10f/0x159 [ 810.859857] should_failslab+0xdb/0x130 [ 810.863877] kmem_cache_alloc_node+0x287/0x780 [ 810.868461] ? trace_hardirqs_on_caller+0x400/0x590 [ 810.873488] __alloc_skb+0x9c/0x500 [ 810.877118] ? skb_scrub_packet+0x4b0/0x4b0 [ 810.881442] alloc_skb_with_frags+0x86/0x4b0 [ 810.885859] ? trace_hardirqs_on_caller+0x400/0x590 [ 810.890884] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 810.895647] sock_alloc_send_pskb+0x5db/0x740 [ 810.900147] ? sock_wmalloc+0xf0/0xf0 [ 810.903945] ? lock_downgrade+0x6e0/0x6e0 [ 810.908098] packet_sendmsg+0x16c4/0x5a70 [ 810.912244] ? avc_has_perm_noaudit+0x420/0x420 [ 810.916915] ? __might_fault+0x110/0x1d0 [ 810.920981] ? find_held_lock+0x35/0x130 [ 810.925039] ? __might_fault+0x110/0x1d0 [ 810.929097] ? rw_copy_check_uvector+0x1f1/0x290 [ 810.933864] ? packet_notifier+0x760/0x760 [ 810.938103] ? copy_msghdr_from_user+0x292/0x3f0 [ 810.942861] ? selinux_socket_sendmsg+0x36/0x40 [ 810.947534] ? security_socket_sendmsg+0x89/0xb0 [ 810.952288] ? packet_notifier+0x760/0x760 [ 810.956527] sock_sendmsg+0xce/0x110 [ 810.960239] ___sys_sendmsg+0x349/0x840 [ 810.964213] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 810.968974] ? mark_held_locks+0xb1/0x100 [ 810.974167] ? trace_hardirqs_on+0x10/0x10 [ 810.978405] ? retint_kernel+0x2d/0x2d [ 810.982293] ? save_trace+0x290/0x290 [ 810.986087] ? trace_hardirqs_on_caller+0x400/0x590 [ 810.991193] ? __might_fault+0x110/0x1d0 [ 810.995263] ? find_held_lock+0x35/0x130 [ 810.999324] ? __might_fault+0x110/0x1d0 [ 811.003405] __sys_sendmmsg+0x152/0x3a0 [ 811.003418] ? SyS_sendmsg+0x50/0x50 [ 811.011092] ? lock_downgrade+0x6e0/0x6e0 [ 811.011109] ? trace_hardirqs_on_caller+0x400/0x590 [ 811.011121] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 811.011137] ? check_preemption_disabled+0x3c/0x250 [ 811.011148] ? retint_kernel+0x2d/0x2d [ 811.011168] SyS_sendmmsg+0x35/0x60 [ 811.011174] ? __sys_sendmmsg+0x3a0/0x3a0 [ 811.011183] do_syscall_64+0x1e8/0x640 [ 811.011191] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 811.011205] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 811.011214] RIP: 0033:0x459879 [ 811.011223] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 12:27:23 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x0, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 811.066893] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 811.074171] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 811.081451] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 811.088733] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 811.096015] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:23 executing program 4: r0 = getpid() r1 = syz_open_dev$vcsn(&(0x7f0000000380)='/dev/vcs#\x00', 0x6, 0x0) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f00000003c0)={&(0x7f0000fef000/0x11000)=nil, &(0x7f0000e00000/0x200000)=nil, 0x11000}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r3, &(0x7f0000000340)=ANY=[], 0xff0e) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r3, 0x84, 0x13, &(0x7f0000000000)={0x0, 0x2}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp_SCTP_MAXSEG(r3, 0x84, 0xd, &(0x7f0000000180)=@assoc_value={r4, 0x5}, &(0x7f0000000200)=0x8) close(r3) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r5, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) getsockopt$IP_VS_SO_GET_DESTS(r3, 0x0, 0x484, &(0x7f00000002c0)=""/192, &(0x7f0000000240)=0xc0) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r2, 0x0, r3, 0x0, 0x100000000, 0x0) write$binfmt_aout(r5, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:23 executing program 1 (fault-call:13 fault-nth:79): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:23 executing program 2: open(&(0x7f0000000040)='./bus\x00', 0x2000, 0xa8) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) ioctl$TCSETSW(r1, 0x5403, &(0x7f0000000000)={0x7fffffff, 0x1, 0x4, 0x46d, 0xf, 0x8f6, 0x1, 0x0, 0x100000001, 0x1, 0x4, 0xd86b}) [ 811.229524] IPVS: length: 192 != 24 [ 811.285021] FAULT_INJECTION: forcing a failure. [ 811.285021] name failslab, interval 1, probability 0, space 0, times 0 [ 811.297191] CPU: 1 PID: 21429 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 811.304323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 811.304331] Call Trace: [ 811.304357] dump_stack+0x138/0x197 [ 811.304377] should_fail.cold+0x10f/0x159 [ 811.304393] should_failslab+0xdb/0x130 [ 811.304410] kmem_cache_alloc_node_trace+0x280/0x770 [ 811.304425] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 811.304439] __kmalloc_node_track_caller+0x3d/0x80 [ 811.304453] __kmalloc_reserve.isra.0+0x40/0xe0 [ 811.304463] __alloc_skb+0xcf/0x500 [ 811.304471] ? skb_scrub_packet+0x4b0/0x4b0 [ 811.304481] ? find_held_lock+0x35/0x130 [ 811.304495] alloc_skb_with_frags+0x86/0x4b0 [ 811.304504] ? trace_hardirqs_on+0x10/0x10 [ 811.304521] sock_alloc_send_pskb+0x5db/0x740 [ 811.304539] ? sock_wmalloc+0xf0/0xf0 [ 811.304548] ? lock_downgrade+0x6e0/0x6e0 [ 811.304565] packet_sendmsg+0x16c4/0x5a70 [ 811.304575] ? avc_has_perm_noaudit+0x420/0x420 [ 811.304588] ? __might_fault+0x110/0x1d0 [ 811.304596] ? find_held_lock+0x35/0x130 [ 811.304612] ? __might_fault+0x110/0x1d0 [ 811.402255] ? rw_copy_check_uvector+0x1f1/0x290 [ 811.407004] ? packet_notifier+0x760/0x760 [ 811.411232] ? copy_msghdr_from_user+0x292/0x3f0 [ 811.415987] ? selinux_socket_sendmsg+0x36/0x40 [ 811.420651] ? security_socket_sendmsg+0x89/0xb0 [ 811.425388] ? packet_notifier+0x760/0x760 [ 811.429604] sock_sendmsg+0xce/0x110 [ 811.433300] ___sys_sendmsg+0x349/0x840 [ 811.437257] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 811.442001] ? trace_hardirqs_on+0x10/0x10 [ 811.446223] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 811.451057] ? save_trace+0x290/0x290 [ 811.454844] ? check_preemption_disabled+0x3c/0x250 [ 811.459846] ? retint_kernel+0x2d/0x2d [ 811.463719] ? __might_fault+0x110/0x1d0 [ 811.467761] ? find_held_lock+0x35/0x130 [ 811.471815] ? __might_fault+0x110/0x1d0 [ 811.475867] __sys_sendmmsg+0x152/0x3a0 [ 811.479825] ? SyS_sendmsg+0x50/0x50 [ 811.483522] ? lock_downgrade+0x6e0/0x6e0 [ 811.487655] ? retint_kernel+0x2d/0x2d [ 811.491524] ? trace_hardirqs_on_caller+0x400/0x590 [ 811.496527] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 811.501274] ? check_preemption_disabled+0x3c/0x250 [ 811.506276] SyS_sendmmsg+0x35/0x60 [ 811.509884] ? __sys_sendmmsg+0x3a0/0x3a0 [ 811.514015] do_syscall_64+0x1e8/0x640 [ 811.517890] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 811.522721] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 811.527893] RIP: 0033:0x459879 12:27:23 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:23 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000000)={0x0, @empty, @dev}, &(0x7f0000000080)=0xc) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 811.531061] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 811.538751] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 811.546001] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 811.553262] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 811.560514] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 811.567765] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:23 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000080)={0x1, 0x1}, 0x8) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0xe}, &(0x7f0000000180)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:23 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = semget(0x1, 0x3, 0x500) semctl$SETALL(r1, 0x0, 0x11, &(0x7f0000000000)=[0x101, 0x0]) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:27:23 executing program 1 (fault-call:13 fault-nth:80): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:23 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x0, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:23 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = openat$usbmon(0xffffffffffffff9c, &(0x7f0000000440)='/dev/usbmon0\x00', 0x200000, 0x0) ioctl(r0, 0x4, &(0x7f0000000640)="a818b308fce04240d395b3dc6dd5325681dd5320312320e3fda8d386e330371758f3d46ac336c69968e680d685afc4d937ea9a3e13aa58f48fb6ffd939d4783a81ef157befdf0aef228295965ef62d79b44d389e55d66443266d7c80b171cbe0dbdf63f4b15832e3ff971d83b6b2aa7a8c") r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) getpeername$tipc(r1, &(0x7f0000000040)=@id, &(0x7f00000000c0)=0x10) write$capi20_data(r1, &(0x7f0000000340)={{0x10, 0x5, 0x4, 0x81, 0x8, 0x3ff}, 0xc3, "aa8a7144e84e9ef63514d7335ce26a559a31302de4076b931d5ba8c4627db8ef0739a1f15db03724aab355ba87e2134223f147dacdbbe173b36914454414a02db004b0c531bfb21586804403195b7bcccdfd129095c8355f635cfd658b733358f93df8523d8cb82269228cd29c1d4c6dbfb59c6fab29e089a0ebd46c22f60edbb6926f0a1877c105a08cac04a02378863528ccdb082e617f427abf2669b0645a776e40849158dc26e57c96d3372159b02c790acff155b2764c376b34843f21e94f8afb"}, 0xd5) fchdir(r1) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) read$rfkill(r1, &(0x7f0000000000), 0x8) [ 811.879320] FAULT_INJECTION: forcing a failure. [ 811.879320] name failslab, interval 1, probability 0, space 0, times 0 [ 811.895738] CPU: 1 PID: 21467 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 811.902885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 811.912253] Call Trace: [ 811.914861] dump_stack+0x138/0x197 [ 811.918500] ? printk+0xb8/0xbc [ 811.921799] should_fail.cold+0x10f/0x159 [ 811.925961] should_failslab+0xdb/0x130 [ 811.929944] kmem_cache_alloc_node+0x287/0x780 [ 811.934558] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 811.939328] __alloc_skb+0x9c/0x500 [ 811.942962] ? skb_scrub_packet+0x4b0/0x4b0 [ 811.947287] alloc_skb_with_frags+0x86/0x4b0 [ 811.951698] ? trace_hardirqs_on+0x10/0x10 [ 811.955938] sock_alloc_send_pskb+0x5db/0x740 [ 811.960442] ? sock_wmalloc+0xf0/0xf0 [ 811.964244] ? lock_downgrade+0x6e0/0x6e0 [ 811.968506] packet_sendmsg+0x16c4/0x5a70 [ 811.973006] ? avc_has_perm_noaudit+0x420/0x420 [ 811.977685] ? __might_fault+0x110/0x1d0 [ 811.981782] ? find_held_lock+0x35/0x130 [ 811.985852] ? __might_fault+0x110/0x1d0 [ 811.989947] ? rw_copy_check_uvector+0x1f1/0x290 [ 811.994723] ? packet_notifier+0x760/0x760 [ 811.998966] ? copy_msghdr_from_user+0x292/0x3f0 [ 812.003728] ? selinux_socket_sendmsg+0x36/0x40 [ 812.008399] ? security_socket_sendmsg+0x89/0xb0 [ 812.013158] ? packet_notifier+0x760/0x760 [ 812.017398] sock_sendmsg+0xce/0x110 [ 812.021112] ___sys_sendmsg+0x349/0x840 [ 812.025085] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 812.029840] ? mark_held_locks+0xb1/0x100 [ 812.033994] ? trace_hardirqs_on+0x10/0x10 [ 812.038231] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 812.042988] ? save_trace+0x290/0x290 [ 812.046787] ? check_preemption_disabled+0x3c/0x250 [ 812.051806] ? __might_fault+0x110/0x1d0 [ 812.055870] ? find_held_lock+0x35/0x130 [ 812.059932] ? __might_fault+0x110/0x1d0 [ 812.064008] __sys_sendmmsg+0x152/0x3a0 [ 812.067982] ? SyS_sendmsg+0x50/0x50 [ 812.071704] ? lock_downgrade+0x6e0/0x6e0 [ 812.075856] ? retint_kernel+0x2d/0x2d [ 812.079746] ? trace_hardirqs_on_caller+0x400/0x590 [ 812.084767] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 812.089527] ? check_preemption_disabled+0x3c/0x250 [ 812.094563] SyS_sendmmsg+0x35/0x60 [ 812.098189] ? __sys_sendmmsg+0x3a0/0x3a0 [ 812.102347] do_syscall_64+0x1e8/0x640 [ 812.106233] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 812.111084] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 812.116268] RIP: 0033:0x459879 [ 812.119450] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 812.127157] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 812.134427] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 812.141690] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 812.148956] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 812.156211] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:24 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x0, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:24 executing program 1 (fault-call:13 fault-nth:81): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:24 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000000)=0x4) r1 = open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) ioctl$KVM_SET_CPUID2(r1, 0x4008ae90, &(0x7f0000000340)={0x7, 0x0, [{0x80000008, 0x6, 0x6, 0x3, 0xfffffffffffffffe, 0x7f, 0x10000}, {0x6, 0x5, 0x7, 0x9ae4, 0x100000001, 0x5, 0x2}, {0x6, 0x1, 0x5, 0x4, 0x100000000, 0xf7b, 0x8}, {0x43fd062d507aa2b0, 0x80, 0x7, 0x4, 0x3, 0x3f, 0x200}, {0x40000000, 0x20007ff, 0x1, 0xd, 0x6, 0x7fffffff, 0x3ff}, {0x2, 0x2, 0x0, 0x400, 0x40, 0x7563d604, 0x5}, {0x29f7ee74fc7dbc8, 0x7, 0x4, 0x80000000, 0x2, 0xca8, 0xffff}]}) [ 812.305127] FAULT_INJECTION: forcing a failure. [ 812.305127] name failslab, interval 1, probability 0, space 0, times 0 [ 812.317330] CPU: 1 PID: 21483 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 812.324635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 812.334006] Call Trace: [ 812.336612] dump_stack+0x138/0x197 [ 812.340259] should_fail.cold+0x10f/0x159 [ 812.344411] should_failslab+0xdb/0x130 [ 812.348383] kmem_cache_alloc_node_trace+0x280/0x770 [ 812.353486] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 812.358944] __kmalloc_node_track_caller+0x3d/0x80 [ 812.363874] __kmalloc_reserve.isra.0+0x40/0xe0 [ 812.368544] __alloc_skb+0xcf/0x500 [ 812.372174] ? skb_scrub_packet+0x4b0/0x4b0 [ 812.376500] ? __local_bh_enable_ip+0x99/0x1a0 [ 812.381082] alloc_skb_with_frags+0x86/0x4b0 [ 812.385491] ? trace_hardirqs_on+0x10/0x10 [ 812.389724] ? __local_bh_enable_ip+0x99/0x1a0 [ 812.394311] sock_alloc_send_pskb+0x5db/0x740 [ 812.398810] ? sock_wmalloc+0xf0/0xf0 [ 812.402609] ? lock_downgrade+0x6e0/0x6e0 [ 812.406764] packet_sendmsg+0x16c4/0x5a70 [ 812.410908] ? avc_has_perm_noaudit+0x420/0x420 [ 812.415577] ? __might_fault+0x110/0x1d0 [ 812.419632] ? find_held_lock+0x35/0x130 [ 812.423691] ? __might_fault+0x110/0x1d0 [ 812.427751] ? rw_copy_check_uvector+0x1f1/0x290 [ 812.432518] ? packet_notifier+0x760/0x760 [ 812.436759] ? copy_msghdr_from_user+0x292/0x3f0 [ 812.441513] ? check_preemption_disabled+0x3c/0x250 [ 812.446548] ? selinux_socket_sendmsg+0x36/0x40 [ 812.451224] ? security_socket_sendmsg+0x89/0xb0 [ 812.455976] ? packet_notifier+0x760/0x760 [ 812.460216] sock_sendmsg+0xce/0x110 [ 812.463924] ___sys_sendmsg+0x349/0x840 [ 812.467896] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 812.472661] ? trace_hardirqs_on+0x10/0x10 [ 812.476888] ? trace_hardirqs_on_caller+0x400/0x590 [ 812.481888] ? save_trace+0x290/0x290 [ 812.485669] ? trace_hardirqs_on_caller+0x400/0x590 [ 812.490686] ? __might_fault+0x110/0x1d0 [ 812.494738] ? find_held_lock+0x35/0x130 [ 812.498778] ? __might_fault+0x110/0x1d0 [ 812.502830] __sys_sendmmsg+0x152/0x3a0 [ 812.506801] ? SyS_sendmsg+0x50/0x50 [ 812.510510] ? lock_downgrade+0x6e0/0x6e0 [ 812.514652] ? __mutex_unlock_slowpath+0x71/0x800 [ 812.519477] ? check_preemption_disabled+0x3c/0x250 [ 812.524475] ? wait_for_completion+0x420/0x420 [ 812.529041] ? __sb_end_write+0xc1/0x100 [ 812.533088] ? SyS_write+0x15e/0x230 [ 812.536785] SyS_sendmmsg+0x35/0x60 [ 812.540393] ? __sys_sendmmsg+0x3a0/0x3a0 [ 812.544526] do_syscall_64+0x1e8/0x640 [ 812.548390] ? trace_hardirqs_off_thunk+0x1a/0x1c 12:27:24 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) getsockopt$TIPC_DEST_DROPPABLE(r2, 0x10f, 0x81, &(0x7f0000000080), &(0x7f0000000340)=0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) perf_event_open(&(0x7f00000002c0)={0x5, 0x70, 0x401, 0x7fffffff, 0x3, 0x4, 0x0, 0x9, 0x8, 0x4, 0x6, 0x1ff, 0x0, 0x2, 0xfffffffffffffffd, 0x5, 0x80000000, 0x5, 0x7, 0x7fff, 0x0, 0x9f7, 0x5, 0x2, 0x1, 0x7b, 0x40, 0x3f, 0x7edf, 0x1ff, 0x1, 0x3, 0x38, 0x81, 0x9, 0x7e6, 0x3000, 0x0, 0x0, 0x1, 0x4, @perf_bp={&(0x7f0000000000), 0x5}, 0x100, 0x9, 0x0, 0x1, 0x8, 0x200}, 0x0, 0x0, r1, 0x8) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 812.553318] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 812.558487] RIP: 0033:0x459879 [ 812.561667] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 812.569353] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 812.576616] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 812.583869] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 812.591120] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 812.598390] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:24 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:24 executing program 1 (fault-call:13 fault-nth:82): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 812.712576] FAULT_INJECTION: forcing a failure. [ 812.712576] name failslab, interval 1, probability 0, space 0, times 0 [ 812.725503] CPU: 0 PID: 21497 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 812.732627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 812.741983] Call Trace: [ 812.744569] dump_stack+0x138/0x197 [ 812.748207] should_fail.cold+0x10f/0x159 [ 812.752361] should_failslab+0xdb/0x130 [ 812.756323] kmem_cache_alloc_node+0x287/0x780 [ 812.760888] ? __dev_queue_xmit+0x1e29/0x25e0 [ 812.765539] __alloc_skb+0x9c/0x500 [ 812.769165] ? skb_scrub_packet+0x4b0/0x4b0 [ 812.773474] ? __local_bh_enable_ip+0x99/0x1a0 [ 812.778038] alloc_skb_with_frags+0x86/0x4b0 [ 812.782425] ? trace_hardirqs_on+0x10/0x10 [ 812.786648] sock_alloc_send_pskb+0x5db/0x740 [ 812.791158] ? sock_wmalloc+0xf0/0xf0 [ 812.794943] ? lock_downgrade+0x6e0/0x6e0 [ 812.799075] packet_sendmsg+0x16c4/0x5a70 [ 812.803206] ? avc_has_perm_noaudit+0x420/0x420 [ 812.807856] ? __might_fault+0x110/0x1d0 [ 812.811903] ? find_held_lock+0x35/0x130 [ 812.815954] ? __might_fault+0x110/0x1d0 [ 812.819995] ? rw_copy_check_uvector+0x1f1/0x290 [ 812.824745] ? packet_notifier+0x760/0x760 [ 812.828964] ? copy_msghdr_from_user+0x292/0x3f0 [ 812.833726] ? selinux_socket_sendmsg+0x36/0x40 [ 812.838380] ? security_socket_sendmsg+0x89/0xb0 [ 812.843150] ? packet_notifier+0x760/0x760 [ 812.847409] sock_sendmsg+0xce/0x110 [ 812.851115] ___sys_sendmsg+0x349/0x840 [ 812.855069] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 812.859807] ? retint_kernel+0x2d/0x2d [ 812.863678] ? trace_hardirqs_on+0x10/0x10 [ 812.867892] ? save_trace+0x290/0x290 [ 812.871672] ? retint_kernel+0x2d/0x2d [ 812.875541] ? __might_fault+0x110/0x1d0 [ 812.879600] ? find_held_lock+0x35/0x130 [ 812.883647] ? __might_fault+0x110/0x1d0 [ 812.887697] __sys_sendmmsg+0x152/0x3a0 [ 812.891660] ? SyS_sendmsg+0x50/0x50 [ 812.895363] ? lock_downgrade+0x6e0/0x6e0 [ 812.899604] ? __mutex_unlock_slowpath+0x71/0x800 [ 812.904436] ? check_preemption_disabled+0x3c/0x250 [ 812.909460] ? wait_for_completion+0x420/0x420 [ 812.914034] ? __sb_end_write+0xc1/0x100 [ 812.918097] ? SyS_write+0x15e/0x230 [ 812.921798] SyS_sendmmsg+0x35/0x60 [ 812.925406] ? __sys_sendmmsg+0x3a0/0x3a0 [ 812.929626] do_syscall_64+0x1e8/0x640 [ 812.933598] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 812.938453] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 812.943626] RIP: 0033:0x459879 [ 812.946802] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 812.954605] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 12:27:25 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 812.961861] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 812.969130] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 812.976387] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 812.983641] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:26 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r1) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0xfffffffffffffe70) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r1, 0xc0485661, &(0x7f0000000200)={0x6, 0x1, @start={0xfffffffffffffffb}}) tkill(r0, 0x1000000000013) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r1, 0xc08c5336, &(0x7f00000002c0)={0x9, 0x58e0, 0x1, 'queue0\x00', 0x4}) 12:27:26 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, 0x0, 0x0) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:26 executing program 1 (fault-call:13 fault-nth:83): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:26 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:26 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) ftruncate(r0, 0x7fffffff) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) socket$rds(0x15, 0x5, 0x0) 12:27:26 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0x0) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 814.752292] FAULT_INJECTION: forcing a failure. [ 814.752292] name failslab, interval 1, probability 0, space 0, times 0 12:27:26 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 814.802225] CPU: 1 PID: 21523 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 814.809394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 814.818764] Call Trace: [ 814.821370] dump_stack+0x138/0x197 [ 814.825199] should_fail.cold+0x10f/0x159 [ 814.829364] should_failslab+0xdb/0x130 [ 814.833358] kmem_cache_alloc_node_trace+0x280/0x770 [ 814.838470] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 814.843949] __kmalloc_node_track_caller+0x3d/0x80 [ 814.848892] __kmalloc_reserve.isra.0+0x40/0xe0 [ 814.853575] __alloc_skb+0xcf/0x500 [ 814.857216] ? skb_scrub_packet+0x4b0/0x4b0 [ 814.861549] ? __local_bh_enable_ip+0x99/0x1a0 [ 814.866315] alloc_skb_with_frags+0x86/0x4b0 [ 814.870736] ? trace_hardirqs_on+0x10/0x10 [ 814.874973] ? __local_bh_enable_ip+0x99/0x1a0 [ 814.879566] sock_alloc_send_pskb+0x5db/0x740 [ 814.884071] ? sock_wmalloc+0xf0/0xf0 [ 814.887875] ? lock_downgrade+0x6e0/0x6e0 [ 814.892029] packet_sendmsg+0x16c4/0x5a70 [ 814.896175] ? avc_has_perm_noaudit+0x420/0x420 12:27:27 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 814.900850] ? __might_fault+0x110/0x1d0 [ 814.904914] ? find_held_lock+0x35/0x130 [ 814.908986] ? __might_fault+0x110/0x1d0 [ 814.913053] ? rw_copy_check_uvector+0x1f1/0x290 [ 814.917820] ? packet_notifier+0x760/0x760 [ 814.922063] ? selinux_socket_sendmsg+0x36/0x40 [ 814.922076] ? security_socket_sendmsg+0x89/0xb0 [ 814.931474] ? packet_notifier+0x760/0x760 [ 814.931485] sock_sendmsg+0xce/0x110 [ 814.931494] ___sys_sendmsg+0x349/0x840 [ 814.931505] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 814.931522] ? trace_hardirqs_on+0x10/0x10 [ 814.931535] ? check_preemption_disabled+0x3c/0x250 [ 814.931543] ? save_trace+0x290/0x290 [ 814.931555] ? __might_fault+0x110/0x1d0 [ 814.931566] ? __might_fault+0x110/0x1d0 [ 814.931576] ? find_held_lock+0x35/0x130 [ 814.931586] ? __might_fault+0x110/0x1d0 [ 814.931609] __sys_sendmmsg+0x152/0x3a0 [ 814.931619] ? SyS_sendmsg+0x50/0x50 [ 814.931627] ? trace_hardirqs_on_caller+0x400/0x590 [ 814.931641] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 814.994872] ? fput+0x10/0x150 [ 814.998072] ? fput+0x16/0x150 [ 815.001265] ? SyS_write+0x15e/0x230 [ 815.004985] SyS_sendmmsg+0x35/0x60 [ 815.008609] ? __sys_sendmmsg+0x3a0/0x3a0 [ 815.012761] do_syscall_64+0x1e8/0x640 [ 815.016646] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 815.021498] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 815.027819] RIP: 0033:0x459879 [ 815.031094] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 815.038802] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 815.046071] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 12:27:27 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="eb3c906d6b66732e6661740002040100020002a456f8", 0x16}], 0x0, 0x0) r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm_plock\x00', 0x404800, 0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000140)={&(0x7f0000000080)='./file0\x00', r0}, 0x10) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) unlinkat(r1, &(0x7f0000000040)='./file1\x00', 0x200) fchdir(r1) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) timer_create(0x7, &(0x7f0000000180)={0x0, 0x29, 0x4, @tid=0xffffffffffffffff}, &(0x7f00000001c0)=0x0) timer_gettime(r2, &(0x7f0000000240)) 12:27:27 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00008feff0)={0x0, 0xff33}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0200000000000000cd71d9c2e917358f"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x4, 0x0, &(0x7f00008feff0)={&(0x7f0000000c40)=ANY=[@ANYBLOB="020d0000100000002f3144e800000008030006000720000002004000e0000001000000f5000000000800120002000200000000000000000030006c00020300060000000000f9acb20200000000152c000000000000000001020014bb00000000000000000000000003000500002000000200ed00e000000100800083e30f510b9d8efd6eadf31561988c77cf152ea8bb43ddbd7d03dac7f445a652d3f8b063daeb15b11df58d2b220046820cd437fb95e2e13523c882492096ff1c17d5c647067080641d4c75fe6f4ede5fb105595e85190900000000020000003a0fcc835820d96008f866fb4d28bc7ef9f8062f9db55b8128159cdcfd0c171bcf9e868c603d7f8542cbd8c5d2e29b90ddf7f6d9525cbc5b20d8b6f661130c526af0320ad36f005f535d7e160b5669dd7f1237cc0f7dac1003d8cc1c47a77965d66df2f2d4bff069f7d039c721484d89f3684064363829137869865cce84240b9ec5cf2faf907a440931d08e9e65d7b8597e57292ac7c4f1c02db1c2e4f7104d1a982cf40045d0f4431963df216018cd09bb08ad3d580000000095d5f782adaeac178f69a3247fd3bf2ef5d6862908eb0cd1f08974add39b3dc0c419ab6cdf8741796365ff5febb5acc75fc049d032b828fbbfb2a1f86bd5ddac8b0c34a65f46d7a939862a1dd8bafdd2d2740e8b855e8cc356e15f6ddcef472fd05c029c319536d3a31e646c5afdde4f9efd85a700a7ef39946f797fa96bacfd15ccb9a902c486c3ea0b529fd45c29361d88fda169e41ce903006baed92ec35a1db60eb31fc6b8094c32755b474f45ede3d211c8f97e5d1b5f3a1e7cd20b3bc7b000c02edef7a48db21b1bed2250f1e1044d4e9d018bb02ac2f8a22b834cbf73c16ec0bfeba144e362c08960124b6fe545d74627b8375905fb38e5a8c45f2579b2e80762c2c54695669a70ccb97f7d4f0000970e7e3c4bc415bad58368aadb6dd179da093b760f40ac2cf674dde3642c6052c14c275fe321612006d2ce4d6fe600a954494b97fdeef8dd0406e0ce4e41281ac2aeb90710f5c72159f40e573e1a98bdbd45014c882cf185b11003924150ce0e90cf060e75669e11b52980b0215dd874f8c7b77a5510000000000091537ac62a93d30b3a03af813137fdbe437ebeb3bb5465e146df3b1db40c941e7b3fb95d05ac7ebe7f64994af4ee2331d19616d5073260fd3a027ce3671673046bfc7dd0aabb28deacf006003888e748cd3e33784ef870a1d077ed042e179fd1e4cc4af0e2a15f4bb4f7fde1c5d12bf1a7982f0f6175fc29982ca257d83b31369823f5f183156f5fb4c77fe8ca7ad22dcc2ca7409ee800000000ee124e511f41e1130c37049c000000000000000000c1861ff607ce12f96cc854450e914e30db640a5f465cc343ed4d15e0ac565f6b501e35dda2b48c0e502239e0265c079ec700b7eda23f2f816e53a2eafd99b6c21df716ba011af218c828e68c9083ea03480a1be3d0d14e0b45d2384f1063e15340418714574f0c2deeafcb544403848780ff33723b1570b3e7b53bde53faccc8f08bac9a91b376db76124c6f851f1615ed405b02ee06a41ee4532067cc12dddd74bfe3125c15e35a004f7492b5d4feec1ceb78231075c41b59059d352c16fc4059e38ee946fe593990b33343db118802e8c6cc7ce97db7b8af7672bd977153681c529391e3b7348412af2c5fbedd96261795a86bc8e5b1624ea5263611560a598a75a7d06165e1d3599022b4f8671b00c200000000000000000000000000000000c47df62715a6a0235adf06e5cce390146b12000000370b3d0d8e4dabf5be2492e973679fd25800"/1318], 0x80}}, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmmsg(r3, &(0x7f0000000180), 0x44d, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r4, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000000)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r4, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:27 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) r4 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/policy\x00', 0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f00000002c0)=@gcm_256={{0x304}, "986c771d97432b99", "9374e3432a55c84e4328e945bce64dd678b8e23751990f77257d739e355aacf5", "3e97e114", "dba51577f27709b5"}, 0x38) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r1, 0x28, 0x1, &(0x7f0000000000)=0xc248, 0x8) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 815.053343] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 815.060654] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 815.067930] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:27 executing program 1 (fault-call:13 fault-nth:84): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:27 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 815.268658] FAULT_INJECTION: forcing a failure. [ 815.268658] name failslab, interval 1, probability 0, space 0, times 0 [ 815.280321] CPU: 0 PID: 21559 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 815.287439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 815.296805] Call Trace: [ 815.299420] dump_stack+0x138/0x197 [ 815.303252] should_fail.cold+0x10f/0x159 [ 815.307442] should_failslab+0xdb/0x130 [ 815.311472] kmem_cache_alloc_node+0x287/0x780 [ 815.311486] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 815.311503] __alloc_skb+0x9c/0x500 [ 815.320852] ? skb_scrub_packet+0x4b0/0x4b0 [ 815.320865] alloc_skb_with_frags+0x86/0x4b0 [ 815.320877] ? trace_hardirqs_on+0x10/0x10 [ 815.320894] sock_alloc_send_pskb+0x5db/0x740 [ 815.320911] ? sock_wmalloc+0xf0/0xf0 [ 815.345835] ? lock_downgrade+0x6e0/0x6e0 [ 815.349986] packet_sendmsg+0x16c4/0x5a70 [ 815.354210] ? avc_has_perm_noaudit+0x420/0x420 [ 815.358893] ? retint_kernel+0x2d/0x2d [ 815.362811] ? packet_notifier+0x760/0x760 [ 815.367069] ? copy_msghdr_from_user+0x292/0x3f0 [ 815.372358] ? selinux_socket_sendmsg+0x36/0x40 [ 815.377018] ? security_socket_sendmsg+0x89/0xb0 [ 815.381810] ? packet_notifier+0x760/0x760 [ 815.386056] sock_sendmsg+0xce/0x110 [ 815.390041] ___sys_sendmsg+0x349/0x840 [ 815.394007] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 815.398780] ? trace_hardirqs_on+0x10/0x10 [ 815.403028] ? check_preemption_disabled+0x3c/0x250 [ 815.408150] ? save_trace+0x290/0x290 [ 815.411966] ? retint_kernel+0x2d/0x2d [ 815.415878] ? __might_fault+0x110/0x1d0 [ 815.419945] ? find_held_lock+0x35/0x130 [ 815.423998] ? __might_fault+0x110/0x1d0 [ 815.424022] __sys_sendmmsg+0x152/0x3a0 [ 815.424032] ? SyS_sendmsg+0x50/0x50 [ 815.424043] ? lock_downgrade+0x6e0/0x6e0 [ 815.424058] ? __mutex_unlock_slowpath+0x71/0x800 [ 815.424073] ? check_preemption_disabled+0x3c/0x250 [ 815.449848] ? wait_for_completion+0x420/0x420 [ 815.454465] ? __sb_end_write+0xc1/0x100 [ 815.458529] ? SyS_write+0x15e/0x230 [ 815.462263] SyS_sendmmsg+0x35/0x60 [ 815.465883] ? __sys_sendmmsg+0x3a0/0x3a0 [ 815.470030] do_syscall_64+0x1e8/0x640 [ 815.473912] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 815.478755] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 815.483932] RIP: 0033:0x459879 [ 815.487108] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 815.494806] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 815.502081] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 815.509348] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 12:27:27 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, 0x0, 0x0) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:27 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) lseek(r1, 0x0, 0x2) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) getsockopt$inet_dccp_int(r2, 0x21, 0x0, &(0x7f0000000000), &(0x7f0000000080)=0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000180)='lp\x00', 0x3) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) ioctl$sock_SIOCBRDELBR(r2, 0x89a1, &(0x7f0000000380)='veth1_to_bridge\x00') connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f00000003c0)={0x5, 0x7, 0x6, 0x80000001, 0xfff}, 0x14) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000200)={&(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f00000002c0)="81b874f9670f1d9e24f5ec21dc673398142a1bb86e4b35f4afe156833782f5a1556999d9f579a448c8144a58737192ec7938b6eb665524cac6058336c325e19abbd1d984cf8f9dd06d631fe35060ae2c80efcc09f08244174271b0a0e104fd06524981e1e9805ac374f0b3f13bb366155e15f3751ec91e001d4408a719f566b7e0c60ce48909278fdba648483410b62839c85c76d46a22fd6ba3ac49", 0x9c, r2}, 0x68) tkill(r0, 0x1000000000013) 12:27:27 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:27 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x2a) 12:27:27 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x4, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) [ 815.516609] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 815.523881] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:27 executing program 1 (fault-call:13 fault-nth:85): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:27 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:27 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="f1420c7f0000002e6661740042eb8b2b87b962254f1c76af4302715d9c6696cd7e3f40a346f623562124d208d4232f724621149f1d4f23cdbcdd35b4847c98324817751e0000000000000101ed5d59ca3a550418d401561be7808120675b848e8ce023265ceaf993334ec6482ab3182e00aecfa7dfd135aff3eea6", 0x7b}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f00000001c0)='./file0\x00', 0x3410c5, 0x110) 12:27:27 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r2, 0x118, 0x1, &(0x7f0000000000)=0x3f, 0x4) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:27 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 815.731836] FAULT_INJECTION: forcing a failure. [ 815.731836] name failslab, interval 1, probability 0, space 0, times 0 [ 815.769656] CPU: 1 PID: 21590 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 815.776855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 815.786226] Call Trace: [ 815.788835] dump_stack+0x138/0x197 [ 815.792485] should_fail.cold+0x10f/0x159 [ 815.796738] should_failslab+0xdb/0x130 [ 815.800738] kmem_cache_alloc_node_trace+0x280/0x770 [ 815.805859] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 815.811454] __kmalloc_node_track_caller+0x3d/0x80 [ 815.816490] __kmalloc_reserve.isra.0+0x40/0xe0 [ 815.821166] __alloc_skb+0xcf/0x500 [ 815.824801] ? skb_scrub_packet+0x4b0/0x4b0 [ 815.829126] ? __local_bh_enable_ip+0x99/0x1a0 [ 815.833750] alloc_skb_with_frags+0x86/0x4b0 [ 815.838174] ? trace_hardirqs_on+0x10/0x10 [ 815.842599] ? __local_bh_enable_ip+0x99/0x1a0 [ 815.847205] sock_alloc_send_pskb+0x5db/0x740 [ 815.851807] ? sock_wmalloc+0xf0/0xf0 [ 815.855643] ? packet_sendmsg+0x16a1/0x5a70 [ 815.860075] packet_sendmsg+0x16c4/0x5a70 [ 815.864238] ? avc_has_perm_noaudit+0x420/0x420 [ 815.868914] ? __might_fault+0x110/0x1d0 [ 815.872982] ? find_held_lock+0x35/0x130 [ 815.877046] ? __might_fault+0x110/0x1d0 [ 815.881109] ? rw_copy_check_uvector+0x1f1/0x290 [ 815.885882] ? packet_notifier+0x760/0x760 [ 815.890125] ? copy_msghdr_from_user+0x292/0x3f0 [ 815.894887] ? selinux_socket_sendmsg+0x36/0x40 [ 815.899559] ? security_socket_sendmsg+0x89/0xb0 [ 815.904322] ? packet_notifier+0x760/0x760 [ 815.908560] sock_sendmsg+0xce/0x110 [ 815.912291] ___sys_sendmsg+0x349/0x840 [ 815.916363] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 815.921135] ? trace_hardirqs_on+0x10/0x10 [ 815.925379] ? trace_hardirqs_on_caller+0x400/0x590 [ 815.930398] ? save_trace+0x290/0x290 [ 815.934214] ? __might_fault+0x110/0x1d0 [ 815.938373] ? find_held_lock+0x35/0x130 [ 815.942437] ? __might_fault+0x110/0x1d0 [ 815.946525] __sys_sendmmsg+0x152/0x3a0 [ 815.950501] ? SyS_sendmsg+0x50/0x50 [ 815.954221] ? lock_downgrade+0x6e0/0x6e0 [ 815.958379] ? retint_kernel+0x2d/0x2d [ 815.962271] ? trace_hardirqs_on_caller+0x400/0x590 [ 815.967294] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 815.972074] ? check_preemption_disabled+0x3c/0x250 [ 815.977118] SyS_sendmmsg+0x35/0x60 [ 815.980759] ? __sys_sendmmsg+0x3a0/0x3a0 [ 815.984915] do_syscall_64+0x1e8/0x640 [ 815.988826] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 815.993669] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 815.998861] RIP: 0033:0x459879 [ 816.002030] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 816.009722] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 816.016981] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 816.024266] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 12:27:28 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 816.031565] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 816.038834] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:28 executing program 1 (fault-call:13 fault-nth:86): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:28 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, 0x0, 0x0) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:28 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) timer_create(0x2, &(0x7f0000000000)={0x0, 0x40, 0x4, @tid=r0}, &(0x7f0000000080)) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f00000002c0)={0x0, @in={{0x2, 0x4e21, @loopback}}, [0x1f, 0x5, 0x5, 0xffffffffffffffc1, 0x7f, 0x5, 0x3, 0x2, 0x80000001, 0x5, 0x64c4, 0x9, 0xffff, 0x3f, 0x80000001]}, &(0x7f0000000180)=0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000000200)={0x8, 0x3ff, 0x0, 0x0, 0xff, 0x80000001, 0x5, 0x8000, r4}, &(0x7f0000000240)=0x20) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 816.202573] FAT-fs (loop2): invalid media value (0x1c) [ 816.214088] FAULT_INJECTION: forcing a failure. [ 816.214088] name failslab, interval 1, probability 0, space 0, times 0 [ 816.227868] FAT-fs (loop2): Can't find a valid FAT filesystem [ 816.244383] CPU: 1 PID: 21614 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 816.251626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 816.260991] Call Trace: [ 816.263597] dump_stack+0x138/0x197 [ 816.269206] should_fail.cold+0x10f/0x159 [ 816.273373] should_failslab+0xdb/0x130 [ 816.277355] kmem_cache_alloc_node+0x287/0x780 [ 816.281951] __alloc_skb+0x9c/0x500 [ 816.285602] ? skb_scrub_packet+0x4b0/0x4b0 [ 816.289937] ? __local_bh_enable_ip+0x99/0x1a0 [ 816.294522] alloc_skb_with_frags+0x86/0x4b0 [ 816.298938] ? retint_kernel+0x2d/0x2d [ 816.302833] ? trace_hardirqs_on_caller+0x400/0x590 [ 816.307882] sock_alloc_send_pskb+0x5db/0x740 [ 816.312389] ? sock_wmalloc+0xf0/0xf0 [ 816.316193] ? lock_downgrade+0x6e0/0x6e0 [ 816.320354] packet_sendmsg+0x16c4/0x5a70 [ 816.324499] ? avc_has_perm_noaudit+0x420/0x420 [ 816.329169] ? __might_fault+0x110/0x1d0 [ 816.333229] ? find_held_lock+0x35/0x130 [ 816.337347] ? __might_fault+0x110/0x1d0 [ 816.341408] ? rw_copy_check_uvector+0x1f1/0x290 [ 816.346180] ? packet_notifier+0x760/0x760 [ 816.350422] ? copy_msghdr_from_user+0x292/0x3f0 [ 816.355179] ? selinux_socket_sendmsg+0x36/0x40 [ 816.359849] ? security_socket_sendmsg+0x89/0xb0 [ 816.364601] ? packet_notifier+0x760/0x760 [ 816.368923] sock_sendmsg+0xce/0x110 [ 816.372638] ___sys_sendmsg+0x349/0x840 [ 816.376610] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 816.381374] ? __schedule+0x7c0/0x1cd0 [ 816.385267] ? trace_hardirqs_on+0x10/0x10 [ 816.389506] ? trace_hardirqs_on_caller+0x400/0x590 [ 816.394521] ? save_trace+0x290/0x290 [ 816.398359] ? __might_fault+0x110/0x1d0 [ 816.402419] ? find_held_lock+0x35/0x130 [ 816.406481] ? __might_fault+0x110/0x1d0 [ 816.410556] __sys_sendmmsg+0x152/0x3a0 [ 816.414526] ? SyS_sendmsg+0x50/0x50 [ 816.418249] ? lock_downgrade+0x6e0/0x6e0 [ 816.422402] ? __mutex_unlock_slowpath+0x71/0x800 [ 816.427247] ? check_preemption_disabled+0x3c/0x250 [ 816.432265] ? wait_for_completion+0x420/0x420 [ 816.436853] ? __sb_end_write+0xc1/0x100 [ 816.440919] ? SyS_write+0x15e/0x230 [ 816.444638] SyS_sendmmsg+0x35/0x60 [ 816.448256] ? __sys_sendmmsg+0x3a0/0x3a0 [ 816.452413] do_syscall_64+0x1e8/0x640 [ 816.456302] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 816.461150] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 816.466340] RIP: 0033:0x459879 [ 816.469524] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 816.477230] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 816.484499] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 816.491773] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 816.499040] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 816.506290] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 [ 816.556498] FAT-fs (loop2): invalid media value (0x1c) [ 816.566174] FAT-fs (loop2): Can't find a valid FAT filesystem 12:27:30 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) write(r3, &(0x7f00000002c0)="b8d3e67634e7a72efd56a93ddd4a50c3c933b09df366123b6497e80831b36db4356475bc19e061d8f3009722d6184336ccc6e163cf7edf3c6a69ed40f464f714decc49e0228cf487bc122875d52494c958cbd00767a81c2aab70e8d301c9eee4dd9e478ae38e12d6d57b2e31504df50d19c00762701a3a190255eb86c733ebfd9d89b2133b466f33ec88a065b65f22fdc4b0f32769fd07cb3c01f45903bcf6c8815e55facf87b2a5ca74134fcd374d5af5c32b6e02707459c68f1479fcda27427c1f85fd219d7ed3db052c066070a73672cd6212ab70bc5f71d261edae02ee1ba2894751a995771832b3", 0xea) 12:27:30 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:30 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380), 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:30 executing program 1 (fault-call:13 fault-nth:87): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:30 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000000)='./file0\x00', 0x1410c3, 0x0) 12:27:30 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) ioctl$KDSETLED(r0, 0x4b32, 0x8) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) ioctl$VIDIOC_S_PRIORITY(r0, 0x40045644, 0x2) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f, 0xa}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r0, &(0x7f0000000080)={0x4, 0x8, 0xfa00, {r1, 0x2}}, 0x10) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000000c0)=0x8) [ 818.705844] FAULT_INJECTION: forcing a failure. [ 818.705844] name failslab, interval 1, probability 0, space 0, times 0 [ 818.743363] CPU: 1 PID: 21646 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 818.750526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 818.759896] Call Trace: [ 818.762605] dump_stack+0x138/0x197 [ 818.766250] ? vprintk_func+0x65/0x159 [ 818.770162] should_fail.cold+0x10f/0x159 [ 818.774356] should_failslab+0xdb/0x130 [ 818.778335] kmem_cache_alloc_node_trace+0x280/0x770 [ 818.783472] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 818.789035] __kmalloc_node_track_caller+0x3d/0x80 [ 818.793968] __kmalloc_reserve.isra.0+0x40/0xe0 [ 818.799071] __alloc_skb+0xcf/0x500 [ 818.802699] ? skb_scrub_packet+0x4b0/0x4b0 [ 818.807020] ? retint_kernel+0x2d/0x2d [ 818.810921] alloc_skb_with_frags+0x86/0x4b0 [ 818.815346] ? check_preemption_disabled+0x3c/0x250 [ 818.820369] sock_alloc_send_pskb+0x5db/0x740 [ 818.824899] ? sock_wmalloc+0xf0/0xf0 [ 818.828730] ? lock_downgrade+0x6e0/0x6e0 [ 818.832891] packet_sendmsg+0x16c4/0x5a70 [ 818.837039] ? avc_has_perm_noaudit+0x420/0x420 [ 818.841716] ? __might_fault+0x110/0x1d0 [ 818.845778] ? find_held_lock+0x35/0x130 [ 818.849840] ? __might_fault+0x110/0x1d0 [ 818.853907] ? rw_copy_check_uvector+0x1f1/0x290 [ 818.858676] ? packet_notifier+0x760/0x760 [ 818.862922] ? copy_msghdr_from_user+0x292/0x3f0 [ 818.867689] ? selinux_socket_sendmsg+0x36/0x40 [ 818.872364] ? security_socket_sendmsg+0x89/0xb0 [ 818.877127] ? packet_notifier+0x760/0x760 [ 818.881368] sock_sendmsg+0xce/0x110 [ 818.885084] ___sys_sendmsg+0x349/0x840 [ 818.889067] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 818.893824] ? mark_held_locks+0xb1/0x100 [ 818.897991] ? trace_hardirqs_on+0x10/0x10 [ 818.902234] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 818.906991] ? save_trace+0x290/0x290 [ 818.910800] ? retint_kernel+0x2d/0x2d [ 818.914688] ? __might_fault+0x110/0x1d0 [ 818.918750] ? find_held_lock+0x35/0x130 [ 818.922814] ? __might_fault+0x110/0x1d0 [ 818.926895] __sys_sendmmsg+0x152/0x3a0 [ 818.930866] ? SyS_sendmsg+0x50/0x50 [ 818.934574] ? lock_downgrade+0x6e0/0x6e0 [ 818.938716] ? retint_kernel+0x2d/0x2d [ 818.942585] ? trace_hardirqs_on_caller+0x400/0x590 [ 818.947588] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 818.952339] ? check_preemption_disabled+0x3c/0x250 [ 818.957359] SyS_sendmmsg+0x35/0x60 [ 818.960979] ? __sys_sendmmsg+0x3a0/0x3a0 [ 818.965139] do_syscall_64+0x1e8/0x640 [ 818.969204] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 818.974042] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 818.979216] RIP: 0033:0x459879 [ 818.982391] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 818.990085] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 818.997353] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 12:27:31 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 819.004627] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 819.011903] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 819.019341] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:31 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380), 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:31 executing program 1 (fault-call:13 fault-nth:88): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:31 executing program 5: r0 = getpid() write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000340)=ANY=[], 0xff0e) close(0xffffffffffffffff) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r1, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:31 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)=0x0) timer_settime(r4, 0x1, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) setsockopt$IP_VS_SO_SET_DEL(r1, 0x0, 0x484, &(0x7f0000000000)={0x2c, @broadcast, 0x4e21, 0x2, 'none\x00', 0x20, 0x2, 0x5b}, 0x2c) 12:27:31 executing program 5: r0 = getpid() write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000340)=ANY=[], 0xff0e) close(0xffffffffffffffff) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r1, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 819.211508] FAULT_INJECTION: forcing a failure. [ 819.211508] name failslab, interval 1, probability 0, space 0, times 0 [ 819.295740] CPU: 1 PID: 21673 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 819.303104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 819.312474] Call Trace: [ 819.315078] dump_stack+0x138/0x197 [ 819.318812] should_fail.cold+0x10f/0x159 [ 819.322971] should_failslab+0xdb/0x130 [ 819.326949] kmem_cache_alloc_node+0x287/0x780 [ 819.331536] ? __dev_queue_xmit+0x1e29/0x25e0 [ 819.336038] __alloc_skb+0x9c/0x500 [ 819.339670] ? skb_scrub_packet+0x4b0/0x4b0 [ 819.343996] ? __local_bh_enable_ip+0x99/0x1a0 [ 819.348588] alloc_skb_with_frags+0x86/0x4b0 [ 819.352997] ? retint_kernel+0x2d/0x2d [ 819.356888] ? trace_hardirqs_on_caller+0x400/0x590 [ 819.361911] sock_alloc_send_pskb+0x5db/0x740 [ 819.366420] ? sock_wmalloc+0xf0/0xf0 [ 819.370227] ? lock_downgrade+0x6e0/0x6e0 [ 819.374384] packet_sendmsg+0x16c4/0x5a70 [ 819.378534] ? avc_has_perm_noaudit+0x420/0x420 [ 819.383201] ? retint_kernel+0x2d/0x2d [ 819.387101] ? __might_fault+0x110/0x1d0 [ 819.391169] ? find_held_lock+0x35/0x130 [ 819.395234] ? __might_fault+0x110/0x1d0 [ 819.399301] ? rw_copy_check_uvector+0x1f1/0x290 [ 819.404072] ? packet_notifier+0x760/0x760 [ 819.408321] ? copy_msghdr_from_user+0x292/0x3f0 [ 819.413089] ? selinux_socket_sendmsg+0x36/0x40 [ 819.417758] ? security_socket_sendmsg+0x89/0xb0 [ 819.422519] ? packet_notifier+0x760/0x760 [ 819.426755] sock_sendmsg+0xce/0x110 [ 819.430475] ___sys_sendmsg+0x349/0x840 [ 819.434453] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 819.439219] ? mark_held_locks+0xb1/0x100 [ 819.443374] ? trace_hardirqs_on+0x10/0x10 [ 819.447610] ? retint_kernel+0x2d/0x2d [ 819.451502] ? save_trace+0x290/0x290 [ 819.455318] ? trace_hardirqs_on_caller+0x400/0x590 [ 819.460339] ? __might_fault+0x110/0x1d0 [ 819.464400] ? find_held_lock+0x35/0x130 [ 819.468458] ? __might_fault+0x110/0x1d0 [ 819.472533] __sys_sendmmsg+0x152/0x3a0 [ 819.476509] ? SyS_sendmsg+0x50/0x50 [ 819.480213] ? lock_downgrade+0x6e0/0x6e0 [ 819.484351] ? retint_kernel+0x2d/0x2d [ 819.488235] ? trace_hardirqs_on_caller+0x400/0x590 [ 819.493262] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 819.498013] ? check_preemption_disabled+0x3c/0x250 [ 819.503039] SyS_sendmmsg+0x35/0x60 [ 819.506649] ? __sys_sendmmsg+0x3a0/0x3a0 [ 819.510785] do_syscall_64+0x1e8/0x640 [ 819.514675] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 819.519506] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 819.524691] RIP: 0033:0x459879 [ 819.527883] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 819.535626] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 819.542992] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 819.550256] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 819.557525] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 819.564784] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:31 executing program 3: r0 = getpid() pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:31 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x0, &(0x7f0000000480), 0x100, 0x0) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x1) r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vsock\x00', 0x400, 0x0) ioctl$SIOCGSTAMPNS(r0, 0x8907, &(0x7f0000000380)) r1 = open(&(0x7f0000000000)='./bus/file0\x00', 0x0, 0x0) fchdir(r1) sendto$inet6(r1, &(0x7f00000000c0)="7e01a1beb1abd510006eff6263076ae2a3230948ce33d19289f77a", 0x1b, 0x4000, &(0x7f0000000140)={0xa, 0x4e23, 0x2, @local, 0x5}, 0x1c) rt_sigprocmask(0x1, &(0x7f0000000240), &(0x7f0000000280), 0xffffffffffffff70) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) setsockopt$inet_dccp_buf(r1, 0x21, 0xc, &(0x7f0000000180)="54cd439332e1773f8a4f1038fa2f6487b469afcc9d33f4fffbb3dfb811c823c749700cdf51b34843f3546b32dffeb515ffa92e311b5407706b3504fa668e960d3d6ae88bc9a242970526008e86f0381c08a4955975abec3599e76e43ff85bc9312aaf366bb91acbf003497575dae80aee52b3290c2e323b24b755f5d360e31b46126c4b2a83af61c1c2e669ac67729ae1ec9e8cf88453c005fd4325c7aa3dc5d7bd9156517173559b6", 0xa9) ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f00000003c0)={@dev={0xfe, 0x80, [], 0xd}, 0x13, r2}) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:27:31 executing program 4: r0 = getpid() pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x6, 0x30080) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) write$P9_RSTAT(r1, &(0x7f0000000200)={0x4a, 0x7d, 0x1, {0x0, 0x43, 0x7b55e629, 0x5, {0x33, 0x0, 0x2}, 0x0, 0xd0e, 0xffffffff, 0x3, 0x4, 'tls\x00', 0x4, 'tls\x00', 0x4, 'tls\x00', 0x4, 'tls\x00'}}, 0x4a) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:31 executing program 5: r0 = getpid() write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000340)=ANY=[], 0xff0e) close(0xffffffffffffffff) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r1, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:31 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380), 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:31 executing program 1 (fault-call:13 fault-nth:89): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 819.696801] FAT-fs (loop2): bogus number of reserved sectors [ 819.730359] FAT-fs (loop2): Can't find a valid FAT filesystem [ 819.736785] Unknown ioctl 35079 12:27:31 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r1, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r1, &(0x7f0000000340)=ANY=[], 0xff0e) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r2, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r0, 0x0, r1, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(0x0, 0x1000000000013) [ 819.751996] FAULT_INJECTION: forcing a failure. [ 819.751996] name failslab, interval 1, probability 0, space 0, times 0 [ 819.777041] CPU: 0 PID: 21714 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 819.784290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 819.793658] Call Trace: [ 819.796261] dump_stack+0x138/0x197 [ 819.799902] ? vprintk_func+0x65/0x159 [ 819.803800] should_fail.cold+0x10f/0x159 [ 819.807956] should_failslab+0xdb/0x130 [ 819.811944] kmem_cache_alloc_node_trace+0x280/0x770 [ 819.817057] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 819.822609] __kmalloc_node_track_caller+0x3d/0x80 [ 819.827540] __kmalloc_reserve.isra.0+0x40/0xe0 [ 819.832222] __alloc_skb+0xcf/0x500 [ 819.835856] ? skb_scrub_packet+0x4b0/0x4b0 [ 819.840183] ? __local_bh_enable_ip+0x99/0x1a0 [ 819.844767] alloc_skb_with_frags+0x86/0x4b0 [ 819.849176] ? trace_hardirqs_on+0x10/0x10 [ 819.853409] ? __local_bh_enable_ip+0x99/0x1a0 [ 819.858005] sock_alloc_send_pskb+0x5db/0x740 [ 819.862509] ? sock_wmalloc+0xf0/0xf0 [ 819.866313] ? lock_downgrade+0x6e0/0x6e0 [ 819.870478] packet_sendmsg+0x16c4/0x5a70 [ 819.874623] ? avc_has_perm_noaudit+0x420/0x420 [ 819.879295] ? __might_fault+0x110/0x1d0 [ 819.883355] ? find_held_lock+0x35/0x130 [ 819.887416] ? __might_fault+0x110/0x1d0 [ 819.891480] ? rw_copy_check_uvector+0x1f1/0x290 [ 819.896245] ? packet_notifier+0x760/0x760 [ 819.900576] ? copy_msghdr_from_user+0x292/0x3f0 [ 819.905336] ? selinux_socket_sendmsg+0x36/0x40 [ 819.910877] ? security_socket_sendmsg+0x89/0xb0 [ 819.915634] ? packet_notifier+0x760/0x760 [ 819.919870] sock_sendmsg+0xce/0x110 [ 819.923585] ___sys_sendmsg+0x349/0x840 [ 819.927563] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 819.932328] ? mark_held_locks+0xb1/0x100 [ 819.936517] ? retint_kernel+0x2d/0x2d [ 819.940411] ? save_trace+0x290/0x290 [ 819.944212] ? trace_hardirqs_on_caller+0x400/0x590 [ 819.949231] ? __might_fault+0x110/0x1d0 [ 819.953297] ? find_held_lock+0x35/0x130 [ 819.957359] ? __might_fault+0x110/0x1d0 [ 819.961430] ? __sanitizer_cov_trace_pc+0x2a/0x60 [ 819.966279] __sys_sendmmsg+0x152/0x3a0 [ 819.970251] ? SyS_sendmsg+0x50/0x50 [ 819.973970] ? lock_downgrade+0x6e0/0x6e0 [ 819.978128] ? retint_kernel+0x2d/0x2d [ 819.982014] ? trace_hardirqs_on_caller+0x400/0x590 [ 819.987040] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 819.991824] ? check_preemption_disabled+0x3c/0x250 [ 819.996839] SyS_sendmmsg+0x35/0x60 [ 820.000459] ? __sys_sendmmsg+0x3a0/0x3a0 [ 820.004626] do_syscall_64+0x1e8/0x640 [ 820.008506] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 820.013426] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 820.018647] RIP: 0033:0x459879 [ 820.021838] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 820.029555] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 820.036902] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 820.044158] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 12:27:32 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(0xffffffffffffffff, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:32 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x4, &(0x7f0000000000)={0x0, 0x12, 0x2, @thr={&(0x7f00000002c0)="6f4c8c9e712764b654d55e60159e10516166ed4834239b742a459548b7214ec05e7fda9cf8dbc7c89caabea1e473c0d95426150c8b62a0c04e8776268ab75c4a1b4554803fe660f7617a917a87687dea554b2da2950a8bd0dd20c94e3c0a91fba285c98f14da5b181b11c65559122cb579f1dfa945423b38fcff77313cc5be3d61920d4416cd2b91c1623c057c5fd5764b6713528540f71d74b7c88abfd0200813648219b8a46746fd62", &(0x7f0000000080)="853aa83bb2c3fa1c11fe59ec96c2d90c8abceead7db6c861c02b5992ecf9709a4f01f9e15c6104f3a80e948ff8cbc4832257bc7c190bc4738ba46c"}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 820.051427] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 820.058685] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 [ 820.087071] FAT-fs (loop2): bogus number of reserved sectors [ 820.093252] FAT-fs (loop2): Can't find a valid FAT filesystem 12:27:32 executing program 1 (fault-call:13 fault-nth:90): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 820.131099] Unknown ioctl 35079 12:27:32 executing program 2: r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x10012) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000040)={0xffffffffffffffff}, 0x2, 0x5}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_MCAST(r0, &(0x7f0000000140)={0x16, 0x98, 0xfa00, {&(0x7f0000000000), 0x3, r1, 0x30, 0x1, @in={0x2, 0x4e23, @empty}}}, 0xa0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r2) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) [ 820.218836] FAULT_INJECTION: forcing a failure. [ 820.218836] name failslab, interval 1, probability 0, space 0, times 0 [ 820.231729] CPU: 0 PID: 21746 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 820.238843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 820.238849] Call Trace: [ 820.238870] dump_stack+0x138/0x197 [ 820.238892] should_fail.cold+0x10f/0x159 [ 820.238908] should_failslab+0xdb/0x130 [ 820.238927] kmem_cache_alloc_node+0x287/0x780 [ 820.267142] __alloc_skb+0x9c/0x500 [ 820.272426] ? skb_scrub_packet+0x4b0/0x4b0 [ 820.276736] ? __local_bh_enable_ip+0x99/0x1a0 [ 820.281303] alloc_skb_with_frags+0x86/0x4b0 [ 820.285712] ? trace_hardirqs_on+0x10/0x10 [ 820.289925] ? __local_bh_enable_ip+0x99/0x1a0 [ 820.294506] sock_alloc_send_pskb+0x5db/0x740 [ 820.299006] ? sock_wmalloc+0xf0/0xf0 [ 820.302793] ? lock_downgrade+0x6e0/0x6e0 [ 820.306926] packet_sendmsg+0x16c4/0x5a70 [ 820.311057] ? avc_has_perm_noaudit+0x420/0x420 [ 820.315752] ? retint_kernel+0x2d/0x2d [ 820.319643] ? __might_fault+0x110/0x1d0 [ 820.323710] ? find_held_lock+0x35/0x130 [ 820.327779] ? __might_fault+0x110/0x1d0 [ 820.331825] ? rw_copy_check_uvector+0x1f1/0x290 [ 820.336592] ? packet_notifier+0x760/0x760 [ 820.340824] ? copy_msghdr_from_user+0x292/0x3f0 [ 820.345581] ? selinux_socket_sendmsg+0x36/0x40 [ 820.350241] ? security_socket_sendmsg+0x89/0xb0 [ 820.355007] ? packet_notifier+0x760/0x760 [ 820.359240] sock_sendmsg+0xce/0x110 [ 820.362945] ___sys_sendmsg+0x349/0x840 [ 820.366915] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 820.371668] ? trace_hardirqs_on_caller+0x400/0x590 [ 820.376669] ? trace_hardirqs_on+0x10/0x10 [ 820.380887] ? check_preemption_disabled+0x3c/0x250 [ 820.385896] ? retint_kernel+0x2d/0x2d [ 820.389770] ? save_trace+0x290/0x290 [ 820.393548] ? retint_kernel+0x2d/0x2d [ 820.397418] ? __might_fault+0x110/0x1d0 [ 820.401466] ? find_held_lock+0x35/0x130 [ 820.405520] ? __might_fault+0x110/0x1d0 [ 820.409575] __sys_sendmmsg+0x152/0x3a0 [ 820.413535] ? SyS_sendmsg+0x50/0x50 [ 820.417233] ? lock_downgrade+0x6e0/0x6e0 [ 820.421377] ? __mutex_unlock_slowpath+0x71/0x800 [ 820.426210] ? check_preemption_disabled+0x3c/0x250 [ 820.431212] ? wait_for_completion+0x420/0x420 [ 820.435959] ? __sb_end_write+0xc1/0x100 [ 820.440012] ? SyS_write+0x15e/0x230 [ 820.443731] SyS_sendmmsg+0x35/0x60 [ 820.447344] ? __sys_sendmmsg+0x3a0/0x3a0 [ 820.451586] do_syscall_64+0x1e8/0x640 [ 820.455567] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 820.460422] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 820.465606] RIP: 0033:0x459879 12:27:32 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(0xffffffffffffffff, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 820.468781] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 820.476486] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 820.483775] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 820.491039] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 820.498301] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 820.505562] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:32 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) ioctl$TCSBRK(r2, 0x5409, 0x6) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:32 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r1, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r1, &(0x7f0000000340)=ANY=[], 0xff0e) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r2, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r0, 0x0, r1, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(0x0, 0x1000000000013) [ 820.545954] audit: type=1804 audit(1567427252.665:161): pid=21747 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir449530266/syzkaller.Y6D8DH/578/file0" dev="sda1" ino=17201 res=1 12:27:32 executing program 1 (fault-call:13 fault-nth:91): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:32 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(0xffffffffffffffff, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 820.657803] audit: type=1804 audit(1567427252.725:162): pid=21761 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir449530266/syzkaller.Y6D8DH/578/file0" dev="sda1" ino=17201 res=1 [ 820.687623] FAULT_INJECTION: forcing a failure. [ 820.687623] name failslab, interval 1, probability 0, space 0, times 0 [ 820.710579] CPU: 1 PID: 21773 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 820.717727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 820.727087] Call Trace: [ 820.729695] dump_stack+0x138/0x197 [ 820.733352] should_fail.cold+0x10f/0x159 [ 820.737518] should_failslab+0xdb/0x130 [ 820.741507] kmem_cache_alloc_node_trace+0x280/0x770 [ 820.746635] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 820.752197] __kmalloc_node_track_caller+0x3d/0x80 [ 820.757116] __kmalloc_reserve.isra.0+0x40/0xe0 [ 820.761777] __alloc_skb+0xcf/0x500 [ 820.765398] ? skb_scrub_packet+0x4b0/0x4b0 [ 820.769711] ? __local_bh_enable_ip+0x99/0x1a0 [ 820.774290] alloc_skb_with_frags+0x86/0x4b0 [ 820.778692] ? trace_hardirqs_on+0x10/0x10 [ 820.782916] ? __local_bh_enable_ip+0x99/0x1a0 [ 820.787497] sock_alloc_send_pskb+0x5db/0x740 [ 820.792007] ? sock_wmalloc+0xf0/0xf0 [ 820.795800] ? lock_downgrade+0x6e0/0x6e0 [ 820.799944] packet_sendmsg+0x16c4/0x5a70 [ 820.804079] ? avc_has_perm_noaudit+0x420/0x420 [ 820.808747] ? __might_fault+0x110/0x1d0 [ 820.812798] ? find_held_lock+0x35/0x130 [ 820.816839] ? __might_fault+0x110/0x1d0 [ 820.820886] ? rw_copy_check_uvector+0x1f1/0x290 [ 820.825722] ? packet_notifier+0x760/0x760 [ 820.829956] ? copy_msghdr_from_user+0x292/0x3f0 [ 820.834701] ? selinux_socket_sendmsg+0x36/0x40 [ 820.839354] ? security_socket_sendmsg+0x89/0xb0 [ 820.844093] ? packet_notifier+0x760/0x760 [ 820.848311] sock_sendmsg+0xce/0x110 [ 820.852010] ___sys_sendmsg+0x349/0x840 [ 820.855965] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 820.860739] ? mark_held_locks+0xb1/0x100 [ 820.864877] ? trace_hardirqs_on+0x10/0x10 [ 820.869113] ? trace_hardirqs_on_caller+0x400/0x590 [ 820.874118] ? save_trace+0x290/0x290 [ 820.877910] ? __might_fault+0x110/0x1d0 [ 820.881967] ? find_held_lock+0x35/0x130 [ 820.886034] ? __might_fault+0x110/0x1d0 [ 820.890108] __sys_sendmmsg+0x152/0x3a0 [ 820.894076] ? SyS_sendmsg+0x50/0x50 [ 820.897774] ? lock_downgrade+0x6e0/0x6e0 [ 820.901917] ? retint_kernel+0x2d/0x2d [ 820.905817] ? trace_hardirqs_on_caller+0x400/0x590 [ 820.910819] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 820.915578] ? check_preemption_disabled+0x3c/0x250 [ 820.920602] SyS_sendmmsg+0x35/0x60 [ 820.924216] ? __sys_sendmmsg+0x3a0/0x3a0 [ 820.928437] do_syscall_64+0x1e8/0x640 [ 820.932307] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 820.937136] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 820.942312] RIP: 0033:0x459879 [ 820.945496] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 820.953205] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 12:27:33 executing program 2: r0 = dup(0xffffffffffffffff) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000000)={0x0, 0x1f}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000140)={r1, @in6={{0xa, 0x4e20, 0x3, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x2}}, 0x2, 0x401}, 0x90) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r2) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:27:33 executing program 1 (fault-call:13 fault-nth:92): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 820.960471] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 820.967736] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 820.975018] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 820.982280] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:33 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, 0x0, 0x0, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:33 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, 0x0, 0x0, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 821.114436] FAULT_INJECTION: forcing a failure. [ 821.114436] name failslab, interval 1, probability 0, space 0, times 0 [ 821.135064] CPU: 0 PID: 21785 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 821.142207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 821.142213] Call Trace: [ 821.142235] dump_stack+0x138/0x197 [ 821.142254] should_fail.cold+0x10f/0x159 [ 821.142268] should_failslab+0xdb/0x130 [ 821.142284] kmem_cache_alloc_node+0x287/0x780 [ 821.142298] ? __dev_queue_xmit+0x1e29/0x25e0 [ 821.142307] ? retint_kernel+0x2d/0x2d [ 821.142320] __alloc_skb+0x9c/0x500 [ 821.142329] ? skb_scrub_packet+0x4b0/0x4b0 [ 821.142340] ? check_preemption_disabled+0x3c/0x250 [ 821.142352] alloc_skb_with_frags+0x86/0x4b0 [ 821.142369] sock_alloc_send_pskb+0x5db/0x740 [ 821.142387] ? sock_wmalloc+0xf0/0xf0 [ 821.142398] ? lock_downgrade+0x6e0/0x6e0 [ 821.142414] packet_sendmsg+0x16c4/0x5a70 [ 821.170681] ? avc_has_perm_noaudit+0x420/0x420 [ 821.170698] ? __might_fault+0x110/0x1d0 [ 821.170713] ? find_held_lock+0x35/0x130 [ 821.170725] ? __might_fault+0x110/0x1d0 [ 821.230168] ? rw_copy_check_uvector+0x1f1/0x290 [ 821.234934] ? packet_notifier+0x760/0x760 [ 821.239163] ? copy_msghdr_from_user+0x292/0x3f0 [ 821.243919] ? selinux_socket_sendmsg+0x36/0x40 [ 821.248642] ? security_socket_sendmsg+0x89/0xb0 [ 821.253397] ? packet_notifier+0x760/0x760 [ 821.257619] sock_sendmsg+0xce/0x110 [ 821.261320] ___sys_sendmsg+0x349/0x840 [ 821.265277] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 821.270035] ? mark_held_locks+0xb1/0x100 [ 821.274174] ? trace_hardirqs_on+0x10/0x10 [ 821.278395] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 821.283137] ? save_trace+0x290/0x290 [ 821.286945] ? retint_kernel+0x2d/0x2d [ 821.290821] ? trace_hardirqs_on_caller+0x400/0x590 [ 821.295827] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 821.300665] ? check_preemption_disabled+0x3c/0x250 [ 821.305668] ? retint_kernel+0x2d/0x2d [ 821.309548] __sys_sendmmsg+0x152/0x3a0 [ 821.313511] ? SyS_sendmsg+0x50/0x50 [ 821.317240] ? lock_downgrade+0x6e0/0x6e0 [ 821.321400] ? __mutex_unlock_slowpath+0x71/0x800 [ 821.326232] ? check_preemption_disabled+0x3c/0x250 [ 821.331240] ? wait_for_completion+0x420/0x420 [ 821.335814] ? __sb_end_write+0xc1/0x100 [ 821.339862] ? SyS_write+0x15e/0x230 [ 821.343585] SyS_sendmmsg+0x35/0x60 [ 821.347194] ? __sys_sendmmsg+0x3a0/0x3a0 [ 821.351327] do_syscall_64+0x1e8/0x640 [ 821.355600] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 821.360443] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 821.365635] RIP: 0033:0x459879 [ 821.368817] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 821.376510] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 821.383768] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 821.391043] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 821.398300] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 821.405557] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:35 executing program 4: r0 = getpid() r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000180)='/dev/null\x00', 0x9dafcfbb72bd460a, 0x0) ioctl$TIOCGETD(r1, 0x5424, &(0x7f0000000200)) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r3, &(0x7f0000000340)=ANY=[], 0xff0e) close(r3) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r4, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) prlimit64(r0, 0x0, &(0x7f0000000000)={0x7, 0x9}, &(0x7f0000000080)) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r2, 0x0, r3, 0x0, 0x100000000, 0x0) write$binfmt_aout(r4, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:35 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) rt_sigtimedwait(&(0x7f00000000c0)={0x101}, &(0x7f0000000140), &(0x7f00000001c0)={0x0, 0x989680}, 0x8) r1 = open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) r2 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2) renameat2(r2, &(0x7f0000000040)='./bus\x00', r1, &(0x7f0000000080)='./bus\x00', 0x2) 12:27:35 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r1, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r1, &(0x7f0000000340)=ANY=[], 0xff0e) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r2, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r0, 0x0, r1, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(0x0, 0x1000000000013) 12:27:35 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, 0x0, 0x0, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 823.205655] audit: type=1400 audit(1567427255.325:163): avc: denied { getrlimit } for pid=21810 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=process permissive=1 12:27:35 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) ioctl$TIOCSTI(r2, 0x5412, 0x7) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) ioctl$LOOP_SET_STATUS64(r2, 0x4c04, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x26, 0x5, 0x0, 0x0, 0x1e, 0x1, "a05727b5c97424fac30d9498680dc15f28fef7dda62aa2e5f181b8b84d9eba2b8d3df001edd0531cd5c8653947acf9309da8dc4b8bf5462669cf9bc158d69bf6", "d2a2b9e15c1c6a450041326450dc60ec78a039f3d727a43df770f762b1c1e9c8861a85ab8ed3a29380e4138e213b0ab8622e65da5e333925157824e853f7a40f", "08e721638aa0b16703c6e2d70071144558ec0e6696b796334dab6677ee19aaff", [0x8, 0x7f6b]}) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x200000, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x23) tkill(r0, 0x1000000000013) 12:27:35 executing program 1 (fault-call:13 fault-nth:93): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:35 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:35 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e23, @remote}}, 0x6, 0x8, 0x101, 0x2, 0x20}, &(0x7f0000000240)=0x98) 12:27:35 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) fcntl$dupfd(r2, 0x0, r3) 12:27:35 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000000)={0x7f}, 0x1) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) [ 823.714599] FAULT_INJECTION: forcing a failure. [ 823.714599] name failslab, interval 1, probability 0, space 0, times 0 [ 823.728928] CPU: 0 PID: 21833 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 823.736064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 823.745434] Call Trace: [ 823.748035] dump_stack+0x138/0x197 [ 823.751681] should_fail.cold+0x10f/0x159 [ 823.755840] should_failslab+0xdb/0x130 [ 823.759826] kmem_cache_alloc_node_trace+0x280/0x770 [ 823.764936] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 823.770390] __kmalloc_node_track_caller+0x3d/0x80 [ 823.775321] __kmalloc_reserve.isra.0+0x40/0xe0 [ 823.779991] __alloc_skb+0xcf/0x500 [ 823.783623] ? skb_scrub_packet+0x4b0/0x4b0 [ 823.787946] ? trace_hardirqs_on_caller+0x400/0x590 [ 823.792964] alloc_skb_with_frags+0x86/0x4b0 [ 823.797392] ? check_preemption_disabled+0x3c/0x250 [ 823.802410] ? retint_kernel+0x2d/0x2d [ 823.806310] sock_alloc_send_pskb+0x5db/0x740 [ 823.810821] ? sock_wmalloc+0xf0/0xf0 [ 823.814630] ? lock_downgrade+0x6e0/0x6e0 [ 823.818783] packet_sendmsg+0x16c4/0x5a70 [ 823.822932] ? avc_has_perm_noaudit+0x420/0x420 [ 823.827612] ? __might_fault+0x110/0x1d0 [ 823.831677] ? find_held_lock+0x35/0x130 [ 823.835739] ? __might_fault+0x110/0x1d0 [ 823.839802] ? rw_copy_check_uvector+0x1f1/0x290 [ 823.844659] ? packet_notifier+0x760/0x760 [ 823.848902] ? copy_msghdr_from_user+0x292/0x3f0 [ 823.853667] ? selinux_socket_sendmsg+0x36/0x40 [ 823.858338] ? security_socket_sendmsg+0x89/0xb0 [ 823.863094] ? packet_notifier+0x760/0x760 [ 823.867326] sock_sendmsg+0xce/0x110 [ 823.871051] ___sys_sendmsg+0x349/0x840 [ 823.875024] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 823.879791] ? mark_held_locks+0xb1/0x100 [ 823.883936] ? retint_kernel+0x2d/0x2d [ 823.887854] ? trace_hardirqs_on_caller+0x400/0x590 [ 823.892874] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 823.897628] ? save_trace+0x290/0x290 [ 823.901432] ? check_preemption_disabled+0x3c/0x250 [ 823.906449] ? __might_fault+0x110/0x1d0 [ 823.910536] ? find_held_lock+0x35/0x130 [ 823.914597] ? __might_fault+0x110/0x1d0 [ 823.918674] __sys_sendmmsg+0x152/0x3a0 [ 823.922652] ? SyS_sendmsg+0x50/0x50 [ 823.926376] ? lock_downgrade+0x6e0/0x6e0 [ 823.930530] ? __mutex_unlock_slowpath+0x71/0x800 [ 823.935379] ? check_preemption_disabled+0x3c/0x250 [ 823.940400] ? wait_for_completion+0x420/0x420 [ 823.944980] ? __sb_end_write+0xc1/0x100 [ 823.949050] ? SyS_write+0x15e/0x230 [ 823.952771] SyS_sendmmsg+0x35/0x60 [ 823.956391] ? __sys_sendmmsg+0x3a0/0x3a0 [ 823.960544] do_syscall_64+0x1e8/0x640 12:27:36 executing program 5: r0 = getpid() pipe(0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000340)=ANY=[], 0xff0e) close(0xffffffffffffffff) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r1, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 823.964437] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 823.969321] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 823.974654] RIP: 0033:0x459879 [ 823.977828] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 823.985567] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 823.992833] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 824.000197] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 824.007468] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 12:27:36 executing program 5: r0 = getpid() pipe(0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000340)=ANY=[], 0xff0e) close(0xffffffffffffffff) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r1, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 824.007476] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:36 executing program 1 (fault-call:13 fault-nth:94): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:36 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, 0x0) 12:27:36 executing program 5: r0 = getpid() pipe(0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000340)=ANY=[], 0xff0e) close(0xffffffffffffffff) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r1, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 824.173251] FAULT_INJECTION: forcing a failure. [ 824.173251] name failslab, interval 1, probability 0, space 0, times 0 12:27:36 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) setsockopt$inet6_tcp_int(r0, 0x6, 0x2, &(0x7f0000000040)=0x1f000, 0x4) r1 = open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) fgetxattr(r0, &(0x7f0000000000)=@known='system.sockprotoname\x00', &(0x7f0000000340)=""/86, 0x56) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_LINK_STATS(r1, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x30, r2, 0x400, 0x70bd25, 0x25dfdbfe, {{}, 0x0, 0xb, 0x0, {0x14, 0x14, 'broadcast-link\x00'}}, ["", "", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x10) ioctl$FITRIM(r1, 0xc0185879, &(0x7f0000000080)={0xfff, 0x4, 0x80000001}) [ 824.229445] CPU: 1 PID: 21860 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 824.236607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 824.245973] Call Trace: [ 824.248556] dump_stack+0x138/0x197 [ 824.252194] should_fail.cold+0x10f/0x159 [ 824.256366] should_failslab+0xdb/0x130 [ 824.260351] kmem_cache_alloc_node+0x287/0x780 [ 824.264943] ? __dev_queue_xmit+0x1e29/0x25e0 [ 824.271456] __alloc_skb+0x9c/0x500 [ 824.275095] ? skb_scrub_packet+0x4b0/0x4b0 [ 824.279418] ? trace_hardirqs_on_caller+0x400/0x590 [ 824.284438] alloc_skb_with_frags+0x86/0x4b0 [ 824.288866] ? check_preemption_disabled+0x3c/0x250 [ 824.293897] ? retint_kernel+0x2d/0x2d [ 824.297804] sock_alloc_send_pskb+0x5db/0x740 [ 824.302311] ? sock_wmalloc+0xf0/0xf0 [ 824.302327] ? lock_downgrade+0x6e0/0x6e0 [ 824.310254] packet_sendmsg+0x16c4/0x5a70 [ 824.310265] ? avc_has_perm_noaudit+0x420/0x420 [ 824.310280] ? __might_fault+0x110/0x1d0 [ 824.310289] ? find_held_lock+0x35/0x130 [ 824.310298] ? __might_fault+0x110/0x1d0 [ 824.310311] ? rw_copy_check_uvector+0x1f1/0x290 [ 824.336000] ? packet_notifier+0x760/0x760 [ 824.340247] ? copy_msghdr_from_user+0x292/0x3f0 [ 824.345009] ? selinux_socket_sendmsg+0x36/0x40 [ 824.349678] ? security_socket_sendmsg+0x89/0xb0 [ 824.354433] ? packet_notifier+0x760/0x760 [ 824.358667] sock_sendmsg+0xce/0x110 [ 824.362390] ___sys_sendmsg+0x349/0x840 [ 824.366364] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 824.371129] ? retint_kernel+0x2d/0x2d [ 824.375025] ? trace_hardirqs_on_caller+0x400/0x590 [ 824.380048] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 824.384824] ? check_preemption_disabled+0x3c/0x250 [ 824.389842] ? retint_kernel+0x2d/0x2d [ 824.393747] __sys_sendmmsg+0x152/0x3a0 [ 824.397729] ? SyS_sendmsg+0x50/0x50 [ 824.401446] ? lock_downgrade+0x6e0/0x6e0 [ 824.405600] ? __mutex_unlock_slowpath+0x71/0x800 [ 824.410443] ? check_preemption_disabled+0x3c/0x250 [ 824.415459] ? wait_for_completion+0x420/0x420 [ 824.420040] ? __sb_end_write+0xc1/0x100 [ 824.424108] ? SyS_write+0x15e/0x230 [ 824.427823] SyS_sendmmsg+0x35/0x60 [ 824.431448] ? __sys_sendmmsg+0x3a0/0x3a0 [ 824.435599] do_syscall_64+0x1e8/0x640 [ 824.439480] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 824.444332] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 824.449519] RIP: 0033:0x459879 [ 824.452725] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 824.460434] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 824.467706] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 824.474975] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 824.482238] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 824.489504] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:38 executing program 3: r0 = getpid() pipe(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000440)=0x100000001, 0x6f) connect$inet6(r3, &(0x7f0000000140), 0x1c) accept$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast1}}, &(0x7f00000003c0)=0x1c) accept4$nfc_llcp(r2, 0x0, &(0x7f00000002c0), 0x80000) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) write$FUSE_DIRENT(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="50000000000000000100000000000000040000000000000001000000000000000400000001000000746c7300000000000500000000000000010100feabca0200040a3250cd467390e31136bd00000006000000746c730000000000"], 0x50) ioctl$TCSETSF(r2, 0x5404, &(0x7f0000000300)={0x0, 0x10001, 0x3f, 0x100000000, 0xd, 0x5, 0xffff, 0xffffffff, 0x77, 0xff, 0x5, 0x800}) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000080)=@gcm_256={{0x16b4b6934185d8ba}, "73a6d3cda5aa6759", "dc8f17a20a611991419f524d64553337ba963580a5464475b216e670910dd45f", "078b5b8f", "c46c9e94d59cfa85"}, 0x38) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) ioctl$SIOCAX25ADDFWD(r2, 0x89ea, &(0x7f0000000000)={@bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}) ioctl$TIOCGICOUNT(r2, 0x545d, 0x0) tkill(r0, 0x1000000000013) 12:27:38 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:38 executing program 1 (fault-call:13 fault-nth:95): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:38 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) recvmsg$kcm(r0, &(0x7f00000001c0)={&(0x7f0000000000)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000340)=""/237, 0xed}, {&(0x7f00000004c0)=""/196, 0xc4}, {&(0x7f0000000080)=""/31, 0x1f}, {&(0x7f00000005c0)=""/243, 0xf3}, {&(0x7f0000000140)=""/102, 0x66}, {&(0x7f00000006c0)=""/187, 0xbb}], 0x6, &(0x7f00000000c0)=""/22, 0x16}, 0x40000002) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000440)={'vcan0\x00', r1}) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) utimes(&(0x7f0000000780)='./file0\x00', &(0x7f00000007c0)={{}, {0x77359400}}) 12:27:38 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, 0x0) 12:27:38 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) getpgrp(r0) accept4$alg(r2, 0x0, 0x0, 0x800) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 826.767609] FAULT_INJECTION: forcing a failure. [ 826.767609] name failslab, interval 1, probability 0, space 0, times 0 [ 826.792370] CPU: 0 PID: 21893 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 826.799527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 826.808910] Call Trace: [ 826.811519] dump_stack+0x138/0x197 12:27:38 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f0000000040)=0x3) fchdir(r0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000000)={0x0, 0x1, 0x6855, 0x2}) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2) [ 826.815167] should_fail.cold+0x10f/0x159 [ 826.819330] should_failslab+0xdb/0x130 [ 826.823325] kmem_cache_alloc_node_trace+0x280/0x770 [ 826.828439] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 826.833908] __kmalloc_node_track_caller+0x3d/0x80 [ 826.838851] __kmalloc_reserve.isra.0+0x40/0xe0 [ 826.843534] __alloc_skb+0xcf/0x500 [ 826.847208] ? skb_scrub_packet+0x4b0/0x4b0 [ 826.851539] alloc_skb_with_frags+0x86/0x4b0 [ 826.855954] ? sock_alloc_send_pskb+0xad/0x740 [ 826.860540] sock_alloc_send_pskb+0x5db/0x740 [ 826.865046] ? sock_wmalloc+0xf0/0xf0 [ 826.868852] ? lock_downgrade+0x6e0/0x6e0 [ 826.873009] packet_sendmsg+0x16c4/0x5a70 [ 826.877155] ? avc_has_perm_noaudit+0x420/0x420 [ 826.881838] ? __might_fault+0x110/0x1d0 [ 826.885901] ? find_held_lock+0x35/0x130 [ 826.889971] ? __might_fault+0x110/0x1d0 [ 826.894043] ? rw_copy_check_uvector+0x1f1/0x290 [ 826.898823] ? packet_notifier+0x760/0x760 [ 826.903074] ? copy_msghdr_from_user+0x292/0x3f0 [ 826.907839] ? selinux_socket_sendmsg+0x36/0x40 [ 826.912517] ? security_socket_sendmsg+0x89/0xb0 [ 826.917631] ? packet_notifier+0x760/0x760 [ 826.921874] sock_sendmsg+0xce/0x110 [ 826.925591] ___sys_sendmsg+0x349/0x840 [ 826.929584] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 826.934342] ? retint_kernel+0x2d/0x2d [ 826.938233] ? trace_hardirqs_on+0x10/0x10 [ 826.942465] ? save_trace+0x290/0x290 [ 826.946261] ? retint_kernel+0x2d/0x2d [ 826.950150] ? __might_fault+0x110/0x1d0 [ 826.954210] ? find_held_lock+0x35/0x130 [ 826.958272] ? __might_fault+0x110/0x1d0 [ 826.962355] __sys_sendmmsg+0x152/0x3a0 12:27:39 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000340)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100000c7, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='uid_map\x00') preadv(r4, &(0x7f0000000340), 0x10000151, 0x0) close(r2) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f00000002c0)=0x401, 0x4) setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) syz_open_procfs$namespace(r0, &(0x7f0000000480)='ns/cgroup\x00') connect$inet6(r5, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x1d3) splice(r1, 0x0, r4, 0x0, 0x415e, 0x0) write$binfmt_aout(r5, 0x0, 0x0) write$capi20_data(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="10000900848081000400000000000000ac007f44fa9feac481aae352191906ba667746cae5f9d580c003c7cd2ee180ea186a18ec2e7be6704ea442411c3998955d8697808b52b58c1f23c6e8939d86172913852fd50dbe24f9882abc2999df1be357899bf98a2793ec876094a6bd76dbba08b18d07bd0acdf1f0948dff329ff0491597b225fc804dac951606d51d3354c18edbc06524064ade241dd0c0c299f2b6907a87973059ae345a35f9e4b89d79ef54a8c6158ece1da070a66e9678"], 0xbe) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) setsockopt$CAIFSO_LINK_SELECT(r2, 0x116, 0x7f, &(0x7f0000000000)=0x5, 0x4) setsockopt$l2tp_PPPOL2TP_SO_LNSMODE(r1, 0x111, 0x4, 0x1, 0x4) write$P9_RLERROR(r1, &(0x7f0000000440)={0x22, 0x7, 0x1, {0x19, '/selinux/avc/cache_stats\x00'}}, 0x22) [ 826.966344] ? SyS_sendmsg+0x50/0x50 [ 826.970072] ? lock_downgrade+0x6e0/0x6e0 [ 826.974247] ? retint_kernel+0x2d/0x2d [ 826.978270] ? trace_hardirqs_on_caller+0x400/0x590 [ 826.983336] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 826.988127] ? check_preemption_disabled+0x3c/0x250 [ 826.993261] SyS_sendmmsg+0x35/0x60 [ 826.996909] ? __sys_sendmmsg+0x3a0/0x3a0 [ 827.001077] do_syscall_64+0x1e8/0x640 [ 827.004985] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 827.009857] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 827.015143] RIP: 0033:0x459879 12:27:39 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) timer_create(0x6, &(0x7f0000000200)={0x0, 0x31, 0x0, @thr={&(0x7f0000000180)="5cdf7406c7fd880884774030c7176018ec0560e1e41aa27ebd682a8e0bc5cac067aa4ecfec747991cf96184f4738a2c3ebc398", &(0x7f00000002c0)="e6c94c80301e9ed214e935201d1266e6c27600bf64f29e5d1ec838e9eb7c6e776fa9ad5d041d90404675829327466238d48036cf4c4689a8fb30502036ac6054bb2181622540495ff38f32d1dc8feeb7dc0137a622c08eac8c8e8a907ec12117fd5b741f23ac874d805af66d87d85470a94fe5c15f9e6b2fc77b4fee47ccbfc4dd87172333f368560cd4322b0378329151544c426aacc53306a189dba291b207db295cb6adba1921dcec707d3ff1053337a950f5383786a6fbf8c59ae865fc04f259631ef9979255ef3dafb86abcb6d029824f35ceb378720afdfc"}}, &(0x7f0000000240)) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r2, 0x40286608, &(0x7f0000000080)={0x8a, 0x1, 0xe8, 0x10001, 0x10001, 0x7}) ioctl$sock_SIOCINQ(r2, 0x541b, &(0x7f00000003c0)) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r2, 0x0, r2, 0x0, 0xfffffffe, 0x110) setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000000)={@multicast2, @multicast1}, 0x8) write$binfmt_aout(r3, 0x0, 0x4e) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f0000000440), &(0x7f0000000480)=0x4) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000400)={0x2000, 0x6000}) tkill(r0, 0x1000000000013) 12:27:39 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 827.018341] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 827.026103] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 827.033394] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 827.040702] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 827.047974] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 827.055302] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:39 executing program 1 (fault-call:13 fault-nth:96): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:39 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) ptrace$setopts(0x4200, r0, 0x1, 0x8) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:39 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:39 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TLS_TX(r2, 0x6, 0x1, &(0x7f0000000000)=@gcm_256={{0x307}, "e7aa33f50dfb19ae", "a4a16baa0b8688f74b0a9cc00e9bfe782238a4f0c2c4af60dfa273019a81a6b7", "beca6c8e", "37b7381aa0f6c814"}, 0x38) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:39 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, 0x0) 12:27:39 executing program 2: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000040)='./bus\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) [ 827.313977] FAULT_INJECTION: forcing a failure. [ 827.313977] name failslab, interval 1, probability 0, space 0, times 0 [ 827.338992] CPU: 1 PID: 21928 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 827.346158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 827.355614] Call Trace: [ 827.358222] dump_stack+0x138/0x197 [ 827.361869] should_fail.cold+0x10f/0x159 [ 827.366035] should_failslab+0xdb/0x130 [ 827.370025] kmem_cache_alloc_node+0x287/0x780 [ 827.374617] ? __dev_queue_xmit+0x1e29/0x25e0 [ 827.379131] __alloc_skb+0x9c/0x500 [ 827.382771] ? skb_scrub_packet+0x4b0/0x4b0 [ 827.387103] ? __local_bh_enable_ip+0x99/0x1a0 [ 827.391696] alloc_skb_with_frags+0x86/0x4b0 [ 827.396111] ? trace_hardirqs_on+0x10/0x10 [ 827.400346] ? __local_bh_enable_ip+0x99/0x1a0 [ 827.404953] sock_alloc_send_pskb+0x5db/0x740 [ 827.409458] ? sock_wmalloc+0xf0/0xf0 [ 827.413265] ? lock_downgrade+0x6e0/0x6e0 [ 827.417418] packet_sendmsg+0x16c4/0x5a70 [ 827.421569] ? avc_has_perm_noaudit+0x420/0x420 [ 827.426245] ? __might_fault+0x110/0x1d0 [ 827.430314] ? find_held_lock+0x35/0x130 [ 827.434399] ? __might_fault+0x110/0x1d0 [ 827.438464] ? rw_copy_check_uvector+0x1f1/0x290 [ 827.443235] ? packet_notifier+0x760/0x760 [ 827.447479] ? copy_msghdr_from_user+0x292/0x3f0 [ 827.452247] ? selinux_socket_sendmsg+0x36/0x40 [ 827.456923] ? security_socket_sendmsg+0x89/0xb0 [ 827.461768] ? packet_notifier+0x760/0x760 [ 827.466013] sock_sendmsg+0xce/0x110 [ 827.469735] ___sys_sendmsg+0x349/0x840 [ 827.473712] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 827.478486] ? trace_hardirqs_on+0x10/0x10 [ 827.482898] ? retint_kernel+0x2d/0x2d [ 827.486788] ? save_trace+0x290/0x290 [ 827.490592] ? trace_hardirqs_on_caller+0x400/0x590 [ 827.495621] ? __might_fault+0x110/0x1d0 [ 827.499697] ? find_held_lock+0x35/0x130 [ 827.503798] ? __might_fault+0x110/0x1d0 [ 827.507886] __sys_sendmmsg+0x152/0x3a0 [ 827.511872] ? SyS_sendmsg+0x50/0x50 [ 827.515601] ? trace_hardirqs_on_caller+0x400/0x590 [ 827.520638] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 827.525426] ? SyS_write+0x1e0/0x230 [ 827.529155] ? fput+0x8/0x150 [ 827.532269] ? SyS_write+0x15e/0x230 [ 827.535992] SyS_sendmmsg+0x35/0x60 [ 827.539739] ? __sys_sendmmsg+0x3a0/0x3a0 [ 827.543909] do_syscall_64+0x1e8/0x640 [ 827.547807] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 827.552669] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 827.557869] RIP: 0033:0x459879 12:27:39 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000000)=ANY=[], 0x0) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) fcntl$notify(r1, 0x402, 0x24) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) ioctl$TIOCLINUX6(r1, 0x541c, &(0x7f0000000000)={0x6, 0x1ff}) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:39 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) syz_genetlink_get_family_id$tipc(&(0x7f0000000240)='TIPC\x00') write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000000)=0x10001, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) timer_settime(r4, 0x0, &(0x7f0000000180)={{r5, r6+30000000}, {0x0, 0x989680}}, &(0x7f0000000200)) [ 827.561062] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 827.568785] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 827.576149] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 827.583422] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 827.590698] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 827.597977] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:39 executing program 1 (fault-call:13 fault-nth:97): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:39 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, 0x0, 0x0) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:39 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x1, 0x82) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) write$binfmt_elf32(r0, &(0x7f00000004c0)=ANY=[@ANYBLOB="7f"], 0x1) 12:27:39 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x1, 0x82) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) write$binfmt_elf32(r0, &(0x7f00000004c0)=ANY=[@ANYBLOB="7f"], 0x1) 12:27:39 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_SMI(r1, 0xaeb7) r2 = open(&(0x7f0000000140)='./file0\x00', 0x10000, 0x0) fchdir(r2) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) prctl$PR_SET_MM(0x23, 0x3, &(0x7f0000ff9000/0x4000)=nil) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_PORTS(r0, &(0x7f0000000240)={&(0x7f00000000c0), 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r3, 0x102, 0x70bd2c, 0x25dfdbfb, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) inotify_add_watch(r1, &(0x7f0000000080)='./bus\x00', 0x20000000) [ 827.815112] FAULT_INJECTION: forcing a failure. [ 827.815112] name failslab, interval 1, probability 0, space 0, times 0 [ 827.828037] CPU: 1 PID: 21970 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 827.835210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 827.844664] Call Trace: [ 827.847271] dump_stack+0x138/0x197 [ 827.851609] should_fail.cold+0x10f/0x159 [ 827.851627] should_failslab+0xdb/0x130 [ 827.851643] kmem_cache_alloc_node_trace+0x280/0x770 [ 827.851658] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 827.851673] __kmalloc_node_track_caller+0x3d/0x80 [ 827.851690] __kmalloc_reserve.isra.0+0x40/0xe0 [ 827.879990] __alloc_skb+0xcf/0x500 [ 827.880000] ? skb_scrub_packet+0x4b0/0x4b0 [ 827.880016] ? preempt_schedule+0x4b/0x60 [ 827.880027] ? ___preempt_schedule+0x16/0x18 [ 827.880039] alloc_skb_with_frags+0x86/0x4b0 [ 827.880052] ? trace_hardirqs_on+0x10/0x10 [ 827.880064] ? __local_bh_enable_ip+0x15e/0x1a0 [ 827.880084] sock_alloc_send_pskb+0x5db/0x740 [ 827.914379] ? sock_wmalloc+0xf0/0xf0 [ 827.914395] ? lock_downgrade+0x6e0/0x6e0 [ 827.914414] packet_sendmsg+0x16c4/0x5a70 [ 827.914423] ? avc_has_perm_noaudit+0x420/0x420 [ 827.914439] ? __might_fault+0x110/0x1d0 [ 827.914447] ? find_held_lock+0x35/0x130 [ 827.914455] ? __might_fault+0x110/0x1d0 [ 827.914468] ? rw_copy_check_uvector+0x1f1/0x290 [ 827.914485] ? packet_notifier+0x760/0x760 [ 827.914499] ? copy_msghdr_from_user+0x292/0x3f0 [ 827.914512] ? selinux_socket_sendmsg+0x36/0x40 [ 827.914529] ? security_socket_sendmsg+0x89/0xb0 [ 827.914538] ? packet_notifier+0x760/0x760 [ 827.914547] sock_sendmsg+0xce/0x110 [ 827.914557] ___sys_sendmsg+0x349/0x840 [ 827.914569] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 827.914577] ? mark_held_locks+0xb1/0x100 [ 827.914590] ? trace_hardirqs_on+0x10/0x10 [ 827.914602] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 827.914611] ? save_trace+0x290/0x290 [ 827.914626] ? check_preemption_disabled+0x3c/0x250 [ 827.914636] ? __might_fault+0x110/0x1d0 [ 827.914651] ? find_held_lock+0x35/0x130 [ 827.952483] ? __might_fault+0x110/0x1d0 [ 827.952509] __sys_sendmmsg+0x152/0x3a0 [ 827.961929] ? SyS_sendmsg+0x50/0x50 [ 827.961946] ? lock_downgrade+0x6e0/0x6e0 [ 827.961961] ? __mutex_unlock_slowpath+0x71/0x800 [ 827.961973] ? check_preemption_disabled+0x3c/0x250 [ 827.961983] ? wait_for_completion+0x420/0x420 [ 827.961994] ? __sb_end_write+0xc1/0x100 [ 828.047826] ? SyS_write+0x15e/0x230 [ 828.051545] SyS_sendmmsg+0x35/0x60 [ 828.055165] ? __sys_sendmmsg+0x3a0/0x3a0 [ 828.059319] do_syscall_64+0x1e8/0x640 [ 828.063194] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 828.068033] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 828.073209] RIP: 0033:0x459879 [ 828.076377] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 828.084093] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 828.091355] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 828.098611] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 828.105865] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 12:27:40 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000002c0)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) setsockopt$TIPC_GROUP_LEAVE(r1, 0x10f, 0x88) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:40 executing program 0: 12:27:40 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, 0x0, 0x0) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:40 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) ioctl$SNDRV_TIMER_IOCTL_STOP(r1, 0x54a1) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, &(0x7f0000000000)=0x100000000, 0x8) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 828.113143] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:40 executing program 1 (fault-call:13 fault-nth:98): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:40 executing program 0: 12:27:40 executing program 0: 12:27:40 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:27:40 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, 0x0, 0x0) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 828.312686] FAULT_INJECTION: forcing a failure. [ 828.312686] name failslab, interval 1, probability 0, space 0, times 0 [ 828.337994] CPU: 1 PID: 21999 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 828.346287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 828.355653] Call Trace: [ 828.355677] dump_stack+0x138/0x197 [ 828.355697] should_fail.cold+0x10f/0x159 [ 828.355713] should_failslab+0xdb/0x130 [ 828.355729] kmem_cache_alloc_node+0x287/0x780 [ 828.374679] ? __dev_queue_xmit+0x1e29/0x25e0 [ 828.379383] __alloc_skb+0x9c/0x500 [ 828.383144] ? skb_scrub_packet+0x4b0/0x4b0 [ 828.387500] ? __local_bh_enable_ip+0x99/0x1a0 [ 828.392117] alloc_skb_with_frags+0x86/0x4b0 [ 828.396528] ? retint_kernel+0x2d/0x2d [ 828.400401] ? trace_hardirqs_on_caller+0x400/0x590 [ 828.405503] sock_alloc_send_pskb+0x5db/0x740 [ 828.409999] ? sock_wmalloc+0xf0/0xf0 [ 828.413897] ? lock_downgrade+0x6e0/0x6e0 [ 828.418060] packet_sendmsg+0x16c4/0x5a70 [ 828.422203] ? avc_has_perm_noaudit+0x420/0x420 [ 828.426858] ? __might_fault+0x110/0x1d0 [ 828.430915] ? find_held_lock+0x35/0x130 [ 828.434962] ? __might_fault+0x110/0x1d0 [ 828.439007] ? rw_copy_check_uvector+0x1f1/0x290 [ 828.443757] ? packet_notifier+0x760/0x760 [ 828.447981] ? copy_msghdr_from_user+0x292/0x3f0 [ 828.452739] ? selinux_socket_sendmsg+0x36/0x40 [ 828.457394] ? security_socket_sendmsg+0x89/0xb0 [ 828.462148] ? packet_notifier+0x760/0x760 [ 828.466386] sock_sendmsg+0xce/0x110 [ 828.470131] ___sys_sendmsg+0x349/0x840 [ 828.474115] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 828.478908] ? mark_held_locks+0xb1/0x100 [ 828.483081] ? trace_hardirqs_on+0x10/0x10 [ 828.483093] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 828.483101] ? save_trace+0x290/0x290 [ 828.483110] ? trace_hardirqs_on_caller+0x400/0x590 [ 828.483123] ? __might_fault+0x110/0x1d0 [ 828.483131] ? find_held_lock+0x35/0x130 [ 828.483140] ? __might_fault+0x110/0x1d0 12:27:40 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}]}, 0x9) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 828.483164] __sys_sendmmsg+0x152/0x3a0 [ 828.517087] ? SyS_sendmsg+0x50/0x50 [ 828.520825] ? lock_downgrade+0x6e0/0x6e0 [ 828.524975] ? __mutex_unlock_slowpath+0x71/0x800 [ 828.529896] ? check_preemption_disabled+0x3c/0x250 [ 828.534911] ? wait_for_completion+0x420/0x420 [ 828.539481] ? __sb_end_write+0xc1/0x100 [ 828.543534] ? SyS_write+0x15e/0x230 [ 828.547261] SyS_sendmmsg+0x35/0x60 [ 828.550886] ? __sys_sendmmsg+0x3a0/0x3a0 [ 828.555115] do_syscall_64+0x1e8/0x640 [ 828.559016] ? trace_hardirqs_off_thunk+0x1a/0x1c 12:27:40 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 828.563886] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 828.569073] RIP: 0033:0x459879 [ 828.572253] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 828.580051] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 828.587429] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 828.594724] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 828.602000] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 12:27:40 executing program 0: [ 828.602006] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:41 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) ioctl$TUNGETDEVNETNS(r1, 0x54e3, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x36f) timer_create(0x0, &(0x7f0000000340)={0x0, 0x10, 0x0, @thr={&(0x7f0000000000), &(0x7f00000002c0)="326b56e27ebd4895fc985fa76d6942facec07c2a82a9e3ce6c0f387f16c65f75754dc34bcfc37aaf6e5ffa590da54f0bbbd625b053e28319bf783108067c6e3c3fffb091fa389af53986837db22a80ea6cf4e2ffcd380e8700c1974263fe53fb1b90a76425877fc5728ad3fc51784754c09a"}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:41 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000180)=ANY=[], 0x0) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) getsockopt$EBT_SO_GET_ENTRIES(r1, 0x0, 0x81, &(0x7f00000002c0)={'filter\x00', 0x0, 0x4, 0x1000, [], 0x5, &(0x7f0000000200)=[{}, {}, {}, {}, {}], &(0x7f0000000a80)=""/4096}, &(0x7f0000000000)=0x78) connect$inet6(r3, &(0x7f0000000140), 0x1c) ioctl$TIOCLINUX5(r1, 0x541c, &(0x7f0000000080)={0x5, 0x80000001, 0x1, 0x1, 0x7}) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:41 executing program 0: 12:27:41 executing program 1 (fault-call:13 fault-nth:99): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:41 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x3, 0x1) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) sendmsg$sock(r0, &(0x7f0000000280)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f00000003c0)=[{&(0x7f0000000140)="0ec2ea93b2b92c34cdcb5d97530c6600c32f92f1ebebdec2c97d7fec39c036483199cf2a20809251f331ff73835fe6123719dd9844f9c78d90ec190ffee93ee37b79f82a4c9349350c9a461655be4a32b88699d8a34d277406200a8f075f7453587418c091ef41c2908af03e7d8202e403ebfac3fedf74f2883375210cd31427d36209c4949394c504644c2a7837f1f978078bceb7e2980d7c7ea775", 0x9c}, {&(0x7f00000004c0)="2cdbaae5f957c3c4a970df3f4bcf310aed24a0884c3af7efa78943ba393ff2c22f3600e6c8d9abdf6d4fc17dd4211fd8dde6f3c3673889993b725aea511b6a911c9f52d02d081f7bd755cf0e275d05ed20748e030130d210d30426bf05020fd66c272be6345aa016dda861263267be343f6b1f8a81456ed7d9b5d33713781f00aec57833c70868466130638bbf4815f559d40728e8cb50e9548f696c00f01e3ca64e1374640678f98fddf6158498b00695f9011b9aefdc9e65c783fd3e0524ad1fabb71172162024f202f86887b8ed77895a74183e4ac6aa1e8b8673630620b2d95d62401a5a20da83591477df087bf7fcdf8ac3ab71d32d682034b2baf5537bbd38a83789f60529be9b5afbe458a8409041fb19ac1a2e655227d190b148590f0be4ecd6589c10bb07835b548e60982400083a67251d9fa61b767c6b6f55d9db148bd821f9108232e9d579ab07d99aff7739ea9e1776d683337ba90eb1e7f9e47d0c369420de2dc32783a92512fd74f067765643cb77d9929d0524493d86acc56c812a21ac9aa67affcebfb9edb656cb8f6b9b626736ed58b50959d8d6c445686da2c092f2b684e7c980bbb9c1c06db7bee510d6b231713992fcf37f3fee6a4d1557e495ce541b106b31251b514b6b25714e3da9fc5df4e2ee7082e5a247ef36a9222a9f38bedc189e508bfaf7c3ec32eaf33bfa851322ad6a70732376c9465e7375d7b40f3ebb083903664a087940853343d281dad61e7a30dea5ea0244ccfc99045abbaa9c5bf1f6dc17100d334a3d13f7dfafd5381102433bf97c606175c0f76312fefcb8b165ab80c2a7e4a646d3541b16a6d8dca98faf677deece840cc6da221ee3f5db3b7ff313baf4dde3f1e6091e9482cf18cdd44d6a3de26404bfa327675c1e1c765647e25f83f96a5d5e8aac604592593633e2ec5ab910d45848726ae13cc86b87b2c5ad85178035dcb266dcfba6c2c2c4c758ecf040c1bcd197dadeeacb443053484ee2f32325e7fd23a9b934e266db3d2bf4c63e693893714c1aebe98205b165a4551252fc412eb73d490bb04b126b89a830a707bc8beb15ff9381fd679f01fd0db18b6186f7bb27d0dc57759172a4ebdd21d0bd00a54f2d265f30eb554497fbfb107c28472ca3f0bb55570e1c980671477a7d7d507b162ee5249b7537f90af512945c57b3d985dc59719f8126bd70cfe51986df327d9d3722040cfc52a09cdd05672a0a62614676c49d08d63ccbfe23418da7c5a36b3c36f3fdcbf5f5ed1edfd3d558a8bfcb43fd28c0ac61cf823bbb1c72bd5fcaf24e4439721584813fa3db681db76505c1e96e57c0ac547f543f410ae6405793c9682fc03072128fc6a0f088eedc951553be30c1fe50342d96bb0ae6e554063d60ac94c3902be4568e0081b72bc385f856efea3cdb85864ce93c9fbe595f6c2ad2067320aaeccb423dc9f07172b163c17d4c59cdbe7891d31ad072379fae7ee1c5e52574e6343c0b5fc7bffc4853f5d852f0bb5297ad6e9452a28bddea80fe0de9739227647881ae5557e389e5ca0878473e0360d017d770bc0d2ca27d04cf7b29a2cc3acce6773635fc2cd81f1cec293bf6ddbd5548de7d2d76ba573546cff465a513735ea26292e7675a153869bed6b19f867406f4aaa4ca252fe217105125202db8bd2023be60cb3aec21c8f28007af9995188d8d2c2b591b4c6b18853453d345f63532e3ca38752f7ac1fef9fb4b70ad5a15c94e07945fdf6ec5d5591a787a577ed3e866ad534a0d1251c944d700a7bd0a1f70f07076b0c43463a3857c95ccaf375da7bcc14eb771ef646bdf77ed60aeb8dafca6928d040291485d62f2247d4fe433aba944d5046d18c11993d1a4c8c209cf2e1b16a2e69df2b4c287bc2e6cc33cd63d812f7446b846e1f03c7c403ba1b0dc3214c49319deff1431ed8794635d3e97e2cd7e7671ba1ade2edf8ac7365173a8924177eada20d94ea9dc1d9279681d3dee419e23152872cbd45e8dfc98556069ca6cbffb9858afd492b5b93aede085ab107c2ca4aebf38c43f6fc32baafc872a5ca1497bd19b2005a7a724fea4e7bc99248adfccc83621b39622e8959a4a0a943d081f963799710768c49d6788a7a057e1bf43f4b33fb3431e7e19e6bc77803e7f4a352f8f062a840f280fca4eecf77d34f471af1a8c2d521b088b3d7f3b06f809fc3c158df97cd5a4c37241558f6fe84d0f36592ef58a8025f37745e3ad11e383e0d7db900f54fd1520d032505d8599fa1271a4a368541e77477f131d5600185bc3cd19b1e5769f405d664f46afc25ac8fd57025d094f71c594af05e0bc2afd0f73a19947e4f1ba8cacc04fad5cc559dcce4dd7b1991d22a19fb56f8335bab4ea5dd5f0c5a0065c4cd36b776f2b7cc5e14b1a14527be2959f9a2d0179f04055c2e7ece9b1db62b5c90febedcd76375311d4d87f78fd73402294d160f582a411e202080d43838e57f966174d3badbd6836a09a06fe91aea970279a4f060f1ca74c8b630e19e321ca5370a33a147535a0623eaa016a7b27f2779030be63e305850b6120cacb66f745d74f5c5e83767039dbd435b14507bb7bce9f0fe3eeafa5383754a495389cba60da406cf19d6281fa49313421e8a3601d42ec2178f05b7cf5896b892169d8ccf8a3f4dd4cc255b4a7d41d12848ba049e27eb74ac6fefe89be015a8b5c04ee52add3b7b92c54c5efd6a75448a6075fa50b4d5d518912b62cf475f3713374a34edfa95dcd2132c00bf8351ad21ca80b81f698c813a7192007aedaa6de33f3528f1383272e915eb8882223415e5da3ccb9919454d6223e411fc99588beb2a0524b1c1d3f274bc812bf935380261d35b64e62b58762afa39b1687d4f59b325fad66415f2a62872f8bba2d23793012ce51a8613a179b4e379b9f9242acba7c9c8b81cf999c8ed4a51f7d290feb2ee801ec1a8d67c0e5f6a98d0aad41fa6a6c4ab70f243f6c06978a8f0786f77b4957d4ebdfd8dff32628691da101447f61c32712286f4651b66f65e7d8b0eafb1ba3ad962ae7012e325d87c94dbda41133a07d0775eea5f1f8a0556de7d6ce37b4b9518f6e77a14bfd9dda65a873b77e2fd9b55b5dbb2c1d90a1e698502706e698149bc8c2c6262871ea7833d867bc033483021eabc254fe185a57db7bcfac31a83c3c43c455a7322d0f4d89b59796c4daa5429586453e55a4837e049bfc98e25f6f4cbd74edbbd2aeab8082c7aaf02971ebbe3b129a3621ffd2da2061f8d3ef0aeeae424206db8d2bdc7870e07d140f62e1ed31077170250469c56eefb0661a2b327910cca4646bfc84574a31602c18f8726b904314f47f0e20a467f5414edb0168fdf960804cdabc0ca7a63653125b89623bf6b63348832e3b9d9fbe033fef80cc3f4f049fff760f1a536a6ce3120ac6e709a5db02375d8db5d3f8022991d9c379a83882448db4d4e750faa61f2b72ccec560bf048b80d3d9aff5b5ff1a5eba0177c16799fa84d9580fc628dd9938f0801ec68c065ba0474333f2cdaad84ce87bf234c002a799ec41659e09a7c2a388ead2a8ef0970d615f81d43d605cecde6be105e8a0d3a38fdeb63aabf810ef0916d4139a9c1d4a89f4e16b8b7bfdc4c2451af74032aa6349c919f2e1cf3b9eb223fd413e55c52d0a1e8a94009304be736d06ada6c29cc5474743aae438843924cdcb84c52de9e38bb6c49716dd84e052362d28b9f2f99c562eb1bcbaefca36ea0e6115643abfaaae61eb9862d35acd426d58b4e357f14ae3d166d63d3101aff96b1d58c01f9e3b8e4bb53ad0947ccf40f2c7d3243343c21d543742dea64323fb450e30b75cc2b1944c5f7657819d9a74caa0d735e4cf3cde36a7b8a05da47106afc82aa585c0f05fbcfb67d41378d5ae32b697174fc294ed61fcfd8de97fbfb86f05c6983aa61c723f1a8340b768b3def2df3d980692e30afe39e77cb117db1bb7203d63a3cdf13330c54e8ad2fff7871eb29cd560c346bc736c1444f33700f8454738a30286a97ba320f56db17c6d47ee5f400593fdf75a1a6c144a9829c89819af9c34ec00f169cac64846e0d06799931988f8b2e9bc913636475ec0cdad523ef5693a54291a9b2809d21eb3c2b940d9bda3586a164cd68ada5c79dfe86930235b89bc55c7174f4c96d5c5ee981cdb2be52e246483093812a2ff6b31c094c7b35e57173827c3d13df89e381ff41f256443079037a89c6da1f306acab93f924d705968e692c526b19d34676a49c94f1d2ee182f44853700791065d4b825839b963c5c7319871f22a335f4ffb67b588231173e49ddc85af1598f152960e2da7fca48eb2de1be9f20a4fd95476e56037b333436b6034b1a87b32c27dc64658eff880b1a5d3b1bc7baefb398eff1770687b8699339ce7c256e92fc008feadbb4fcf518ee319da05e56dceea974a68407347a1f983d078f90d02005714056d0da7e6da7b42516fd72b073a1c2c25b8590f36c35359be5b772e4b51aeba1595174dc3d1afbf91d97206b611fdbef7d9e5cd737d1024c581b0f5e93f77b0d4a27bce9a6b0aa5b0d480ebffca9b9dcf01213cbf5db174a11d47df283fab38d0255de2e877aa74150e257fe583955d90678d5677d8be9ee7fb41024d1f01178785495ff0f2aaf37cd801483b5b3e1f9508766756369608fb7dca47359e5139a43da779e9062ce9b0c8e5ca650cfe696c7fa56a420a27ed0fc1d9dd5c75c9ef2ecdf5cb2445ed9bc76f4aad7821b013b543914c1b620226a1fcf0929b7ec41826eb030758d7f02cee0eaef6488153db8f89dbaa7dc32b0f5c380aa5c90c46b5a8c82a0bf55b7823b0af9c3c0956e8f443f4e57f830097c14e85cb9e61c87e5b5fa5b7ed63ba5d838218e331604aa889c1ec799623c7e1f8ef715f23ad77569731946367587d305ee4d4a84d925db3d5bdeb2c050022ea85c45c9da45f644087aaa9e6451c05e156b732c70a6fb55186650bb96b7eb2ad212589db8e2d8b4b335c270a9f9c206483eb696035dbba6b5ff10942fc1e43d4f13bad7b82726b41f12bae54f19d4bb8199b77baee26cf81d338e6300dbe197f30644a8fbfd9a567c922ac11f2daab731e7fd4f88b7a90ed3438e80d12fa05c8d1d42aef424e7e8efba61d7d5aafe12943cf13ff2ac5eabecf8fdc632628cccc8df963adb49f39e3f9d9ad31d85f0c76092b463a04e5a260bdab18ffdd4f38c6e8687248077edbd4af4a9ce4de0034a67b730b017a89ab476d72d00e3363fcfdfa6b547fcc513043a7378d3c38e7b2bb0bd2e556cce2981e910f8207ab1941f100d7edd1ba5df971c942cb8302df8b653bf59b8794de7b90663ff3b92d087f5f9fa23e61025c1e6f772b8c598d4d2e624efaa78091901b3a431d31f47e0cbc552a059c5f5975536b40027cd7dd5718f995c5cc997b5d1df911024ceb044f4eb06936e346d31dc1f861f896d91875589d943e89ca65437f030830bff289cb993a5b19b0d7359a7ba864b97247fe15a4f935a9e5631aad8c8e14042c74d38145fa24c1996b34b92724630d27465c3c45b67d56df2e12b18da340798f1783e276f985caf523968abf918f8ba0e424232cd48e57a32fc0393eff89f2ebd90040126b5878739d9ce95db36e5875e7671b5429dbf91a4ab85db51bd3211327a9fc12b21733dd9b2fc9295dc769299e0d069175b1a07419eb1136fdb5ce383b1613774cb3c1b139e96d5cd6f01bf7d11cd76602e1b8957fd14cf4982153a5127d552f1741b059cb3e08f6a27bd770a94ceb3d1b39febde9f1b73939293b3e71e", 0x1000}, {&(0x7f0000000000)="ebdf26360e8df9d9593caf881f70a20a5779bfdedb6886f585d6", 0x1a}, {&(0x7f0000000240)="7cb2279c31e1a17e7f09ea26f3f3b4f9eba301d25b479f6b2e005dba97dfc7e5641ea9634e", 0x25}, {&(0x7f0000000340)="575ff8da9c2591e121f396f859c7c7781f44afa5d593d34f475ab761ab7d69f07c82956c5ec8b81f22f5585695ac3809e2767e3ca7788c3ee39ebfeb8b936e57e3eb82a9597703688e169662a7c679e6387a82d434acbac0033d7e2133fa6ded9f231aef57052eb76b6721bed5d7de280d229e6f8d06906dd45cd79de3", 0x7d}], 0x5}, 0x40) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:27:41 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000), 0x0) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:41 executing program 0: [ 829.127025] FAULT_INJECTION: forcing a failure. [ 829.127025] name failslab, interval 1, probability 0, space 0, times 0 [ 829.177071] CPU: 0 PID: 22045 Comm: syz-executor.1 Not tainted 4.14.141 #37 [ 829.184220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 829.184227] Call Trace: [ 829.184249] dump_stack+0x138/0x197 [ 829.184268] should_fail.cold+0x10f/0x159 [ 829.203991] should_failslab+0xdb/0x130 [ 829.207989] kmem_cache_alloc_node_trace+0x280/0x770 [ 829.213107] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 829.218570] __kmalloc_node_track_caller+0x3d/0x80 [ 829.218585] __kmalloc_reserve.isra.0+0x40/0xe0 [ 829.218596] __alloc_skb+0xcf/0x500 [ 829.231798] ? skb_scrub_packet+0x4b0/0x4b0 [ 829.231815] ? __local_bh_enable_ip+0x99/0x1a0 [ 829.231827] alloc_skb_with_frags+0x86/0x4b0 [ 829.231838] ? trace_hardirqs_on+0x10/0x10 [ 829.231846] ? __local_bh_enable_ip+0x99/0x1a0 [ 829.231863] sock_alloc_send_pskb+0x5db/0x740 [ 829.240751] ? sock_wmalloc+0xf0/0xf0 [ 829.240767] ? lock_downgrade+0x6e0/0x6e0 [ 829.240787] packet_sendmsg+0x16c4/0x5a70 [ 829.270566] ? avc_has_perm_noaudit+0x420/0x420 12:27:41 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000), 0x0) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:41 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)=0x0) clock_gettime(0x0, &(0x7f0000000000)) timer_settime(r4, 0x2, &(0x7f0000000280)={{0x77359400}}, 0x0) tkill(r0, 0x1000000000013) 12:27:41 executing program 0: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x0) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x0, r1}) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000000)) [ 829.275257] ? __might_fault+0x110/0x1d0 [ 829.279336] ? find_held_lock+0x35/0x130 [ 829.283411] ? __might_fault+0x110/0x1d0 [ 829.283427] ? rw_copy_check_uvector+0x1f1/0x290 [ 829.292401] ? packet_notifier+0x760/0x760 [ 829.292416] ? copy_msghdr_from_user+0x292/0x3f0 [ 829.292430] ? selinux_socket_sendmsg+0x36/0x40 [ 829.292440] ? security_socket_sendmsg+0x89/0xb0 [ 829.292448] ? packet_notifier+0x760/0x760 [ 829.292459] sock_sendmsg+0xce/0x110 [ 829.318797] ___sys_sendmsg+0x349/0x840 [ 829.322787] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 829.327556] ? mark_held_locks+0xb1/0x100 [ 829.331723] ? trace_hardirqs_on+0x10/0x10 [ 829.335976] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 829.340743] ? save_trace+0x290/0x290 [ 829.344545] ? retint_kernel+0x2d/0x2d [ 829.348440] ? __might_fault+0x110/0x1d0 [ 829.352486] ? find_held_lock+0x35/0x130 [ 829.356536] ? __might_fault+0x110/0x1d0 [ 829.360599] __sys_sendmmsg+0x152/0x3a0 [ 829.364552] ? SyS_sendmsg+0x50/0x50 [ 829.368371] ? lock_downgrade+0x6e0/0x6e0 [ 829.372524] ? retint_kernel+0x2d/0x2d [ 829.376402] ? trace_hardirqs_on_caller+0x400/0x590 [ 829.381417] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 829.386203] ? check_preemption_disabled+0x3c/0x250 [ 829.391218] ? __sys_sendmmsg+0x3a0/0x3a0 [ 829.395351] SyS_sendmmsg+0x35/0x60 [ 829.398970] ? __sys_sendmmsg+0x3a0/0x3a0 [ 829.403108] do_syscall_64+0x1e8/0x640 [ 829.406997] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 829.411966] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 829.417136] RIP: 0033:0x459879 [ 829.420316] RSP: 002b:00007fee420d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 12:27:41 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000), 0x0) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:41 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/validatetrans\x00', 0x1, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x80, 0x0) ioctl$VIDIOC_G_PARM(r0, 0xc0cc5615, &(0x7f0000000340)={0x7, @raw_data="d94597a083f547003c58774159a7669c057b60d0049c4e7e683e9b74f3f762d61746aaeabb8033ad1cf9123b94c4b0f6a22b203d37c065b55ee1655d9c56f3b806bf17c90b4e36f109ff6ad5d6d60df929668e34f8553fcacf2e42245aa5d134fb4a4824bd276cb218775ef055d8b69a0af2a32092b19dfdc9d4cbf86d9833321a89e1c4192faccdc3ec21c43c7ceeb8e27b3d7ac578aac0b2a6a8117d845ea4538f25db98067a582288497d6ddfdaff7e6d271047d3063b962a9c48d29fa1a5bc17153b8a4c7b67"}) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) [ 829.428031] RAX: ffffffffffffffda RBX: 00007fee420d0c90 RCX: 0000000000459879 [ 829.435301] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000006 [ 829.442585] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 829.442590] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee420d16d4 [ 829.442595] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000007 12:27:44 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r2, 0x84, 0x7, &(0x7f0000000000)={0x3}, 0x4) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:44 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r1, 0x80dc5521, &(0x7f0000000180)=""/101) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:44 executing program 0: r0 = getpid() r1 = syz_open_dev$sndseq(&(0x7f0000000200)='/dev/snd/seq\x00', 0x0, 0x0) read(r1, &(0x7f0000000340)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000080)={0x200000000bd}) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r1, 0xc04c5349, &(0x7f0000000380)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:44 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:44 executing program 2: pipe(&(0x7f0000000000)={0xffffffffffffffff}) fstat(r0, &(0x7f0000000040)) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:27:44 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) getsockopt$netrom_NETROM_T4(r1, 0x103, 0x6, &(0x7f0000000000)=0x2, &(0x7f0000000040)=0x4) 12:27:44 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:44 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(r1, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x62892a21858dfdb8}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)={0xe4, r3, 0x2, 0x70bd25, 0x8, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xff}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x7}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x39b2f768}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x401}, @IPVS_CMD_ATTR_DAEMON={0x28, 0x3, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bond_slave_1\x00'}]}, @IPVS_CMD_ATTR_SERVICE={0x3c, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x8}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x25}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0xc}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0xd0f845012400a1a5}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x18f85dc2}, @IPVS_CMD_ATTR_SERVICE={0x30, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x8, 0x22}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'ovf\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}]}, 0xe4}, 0x1, 0x0, 0x0, 0x41cfc3d076a8745}, 0x400c001) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000140), 0x1c) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x4e20, 0x2, @mcast2}}, 0xbf9, 0x2243, 0x10001, 0x7, 0x20}, &(0x7f0000000240)=0x98) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000480)={r4, @in6={{0xa, 0x4e21, 0xa1, @remote, 0xfffffffffffffffd}}, 0xfffffffffffffffa, 0x100000000}, 0x90) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:44 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000002c0)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37e9c321881258b33a24336bc643f3a89bc8868d0bc83ecddb3a7f71dfb5387f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e24500"}, 0xd8) ioctl$sock_TIOCINQ(r2, 0x541b, &(0x7f0000000000)) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1d) syz_open_dev$admmidi(&(0x7f0000000080)='/dev/admmidi#\x00', 0x80000001, 0x20000) 12:27:44 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x8001) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x1) write$nbd(r0, &(0x7f0000000040)={0x67446698, 0x0, 0x1, 0x3, 0x1, "7f4ac5a1ab4d67a00dcd6d65dcecc6a3c61292a50c2c58dbf8da88f551920e4e920e5794a99bb15c8c4297804ce05f1c78288669e87e02e63012e612aa43b5990a285095457af858d83cc050d0f815581a9be6b6ea4068a0623831952aa531f3bd5242e20fb6da2b705f8c3050866d1f76cf24c17595ab4a4cfc3d08ed2d1cff7bd4e9b6dde6bb7c51e7b56d0f0576ad2f13522e41fde5cf05c28cf74e"}, 0xad) getpgid(0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000200)='/dev/zero\x00', 0x400000, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9) r1 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r1, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x77}) getsockname(r1, &(0x7f0000000180)=@nfc_llcp, 0x0) ioctl$sock_inet6_SIOCADDRT(r1, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, 0x0, 0x0) listen(r2, 0x0) r3 = memfd_create(&(0x7f0000001600)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x11, r3, 0x0) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:27:44 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:44 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) ioctl$VIDIOC_ENUM_DV_TIMINGS(r1, 0xc0945662, &(0x7f00000002c0)={0x3, 0x0, [], {0x0, @reserved}}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000480)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0xfffffffffffffe88) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r2, 0x84, 0x70, &(0x7f0000000380)={0x0, @in6={{0xa, 0x4e23, 0x3db, @mcast1, 0xe9}}, [0xfa5, 0xe0, 0x7fff, 0x3f, 0x5, 0xecd, 0x28, 0xf216, 0x1, 0x1, 0x5, 0x4884dad2, 0x7, 0x9, 0xffffffffffffff00]}, &(0x7f0000000080)=0x100) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x66, &(0x7f0000000180)={r4, 0x4}, &(0x7f0000000200)=0x8) setsockopt$bt_hci_HCI_FILTER(r1, 0x0, 0x2, &(0x7f0000000000)={0x5557, 0x20, 0x3ff, 0x9}, 0x10) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:44 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r0, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$CAIFSO_LINK_SELECT(r1, 0x116, 0x7f, &(0x7f0000000080)=0x100, 0x4) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:44 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:45 executing program 0: 12:27:45 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, 0x0, 0x0) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:45 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) write$UHID_INPUT(r1, &(0x7f0000000a80)={0x8, "d02cdaf066ec404b93cfe706d731d839ba7fa07c146d72a3605370c0655820967b0b50b8fa687417e85bb3ec078a9e89ab719d0da994f7073070b2a4e8139ab464568b030eb8e7021084ee69540921087cd64d31bec0b55f6da18bdca44307fcddc2edf09aaa6c8deb2e77366fdc635fa7e6bc7dd73a85709a6dc73cb3cc3e9836f3096068f0aba97f58bdb9fb7f1a5e4e099df8760e591e935b2090f06865d5b433f4580e27352293168a165336c00f0a4f9140b28459e8056741c9055d6ac15d9bb8ab1bb64870d699a156ea87f844977eaa1b0e191d33a743e42fad5829c993bca50c8be0970274e35b0bfcd3ec886a1f47194edb165693956f793f2fe8385f8c5d4d29edad116e52e202afc9f2488c4200b843ee296b32b849860bf28d1242c6ca8263ccd215a780905c502ef6ceb9d07f71c61a2c4914894b3094c4dd0582ebca5a35c2bbf03d44b9e5eefa3207e8ba6c56b868ee518d2f2c1d3452c5a62d94c6357fa18a91e0b47ce43bd0e5a6ab244ee9e6aa5a0f3f4c27b2480dfb99d74316e5a1a257c2cb6d458fa1c2529a87a741da6f0a9cb2f1f759b7fa0e06b89c917224a7bcd209be2038be3982b95e7813a24af07bc037bc40a19cd40fbeb8d6b1efc9c45a8216cd15ad734ee797d549f46e718e74f6878679a96588cb4d1fe16e5693b87cc348da5348e657572d8ca29e9d52fa100da9d26283942ddaa7257a5dafa99dfb65bfec0545baf55bab998876c7186b2b47e3b1fd3e06697b0d30bfb0d7100e970f72c54177b2f61daf1e7b4f85888c59c5a4c379b91306184c2ec309c120c0f937c7cefd00fa00ada2dc966b9fa14f7eaa668abe465cc170d20333c3abd342f8b382217536044f0d8c7f25ce11dba3f245ebe45175e13d5b6660b2fbdc49525ac2426bf3392f3ce697a70b7450c07998a987337d112ea23c77b6f012ab5092570cac37e060aec01b16838eeac231e55d1c3faa49fddc02417e962166033cf45c09ac6534761179386f669f932ec6034acb1d839451603f8d7fcdc85255d761391e76df4333a5e4a22a9b287f66cda1119b57a4fae3384ebd2de2c097f7ab792f33a0bf5d79d6caede9b1740c9d612df7e36a272ecf4a185f1c09344122e3cfb39b1e7d5354298e61c0a5ae6acce5292bcbb6b5a970240b20e643da205b1168235c39881e85b5e6f2a0b64e0b220ffbd64fcb5d3e774029e9e50169f4b9c98efd9018b96dc0f625b3b85e45337ceec26b64e53b6afb41f7dd1fcf45ef5074a77507ed6b75adc50f33291f31326da3637ea3d7cbb624cdf319ec1993d6cf85823588e7cbec630029d54360705d6964b881a99adc64fe940185c14418552042d370eefcf4262e38ade8e829ba6f4fe9e74f6c49f88de6bf1e74d246a9b679d0685b0d978ac923f323912706750a2cc4e1fdec106d38fb2db3eb5bc62d9ba40e89731a5978dcb91dba081ca6f562e1e7263a67f0e060fa4de689a5c06363d562bcb00eb080d4a11d31af3566fea3b2b057c53a229827b8dcf4db81a11305fd8561ed74a50afd90c87c38ac89e27773552276cc2f9c0cb2b2908e181a14fdb4c00b60963cd1a2f96c9cd5826e77300d25f4d6e14216f773297133e4780f1c438a85d1de2927b21df25ea6fb9b1ecb78dcce6d1aca672488b3de5b62ed29f2522e9d9b4672d5ccb1257a96f6838532771f032c9c13a512492571fbd876231b30ab5d6c03ca1012684da28e05e7122a30c334185bd24d69086b9314499a2597b8a244a991d73c31bc22a5b51cdebbf976f36812e241149bf8c62f9a471819215abf1beeaa23f0cde7bc48ca6fe9b1efcc896ba6b3c5a275b9bb5e389e3d0cf89fd54430e6cd245771738655ef45549229d9ad87cd9245d135e0aab07dfdb8537a13ea763c1966cbcc9d7f1e77aa2179d29e97fc4419a0ee36df86aa1b6c21d922ed8555178c8c15e37da079408c27b15fe2b7eecbbd6aa0ed11ccb9deb7af9a13dcd88ff45e956a20028b31d892e2dc016db6508894d398d7281245ead6bb7adde1002ba7a3e9ecda6fa67e12b0f84c024e04ed67a3b14c0dda0e60975f773ffb061d9445558066096fd9295a1daa9f0af217c1523f340b545f2ac15d4bd7639fd8393b05c748fb2e189fbd347acc933a1c20e8815d8d60ffb03b92cfafb48a7ef828f0faae2d779c219c72fab87582851340c4898687ee62e9410a0e883ed132a0f959a2a7ecd1ad67a4466259ac5ce28724b079de5a0a1790e8589c99fbce629234ba1e585b69c45972d2b7f307e5175c10d686a95261f98089dae5a446c5875b12b156bdf65a0cf0e7a25010cf02c04927ed45f8ed8763c907463aa3f0fc141b93c59f4b920bbd1fc1011fdc5a614a6ba213b28d854d4715dd0dd3eb97df61635a2bf6939263615461becfcd4e2fd0ff57cd5a44af9b9f6afdbe9926aead0c0daf9a293846abb8aab091ce0f8f8464f0ddfed65b4cf4907aa2bda26a3aed2a8fc4f6ea79f252feb206265c7c1650406d4653066cebd1af0c7401aa5d6c1fc1d8b7675a562a3f857a46321554e12caa8224c4049fc1769c0d1d74e91ed4a52ee27f448f9999f03c047747f221b26f9466b8542cf010f53d417bede187f064fe2731b687b610172dbd450436579272c1caa517fb33f3542ff4f3baead11461a4334abafa76773a1d424bf8c39694134ef302c677f832b0166a2886df5c096fd804790dba69505ffae91ff68b8e351ad5c1a36157e51dc8ec68d03effd82fd57434e1de2d185952ebc63354b8f465697ef8609f459781c843e7fe7c2bf0a6711c56546e59e75a921940e43e4bc0d80d8fc4fc7b5894d834bc85648e487ea9a3603d80d25c6bc56df61bac7a4f84463b5be0e04c8bbe12c97a10f8f1fc18f7f3314099edf7ef59c640568b86b2a2a96f6dc5c51f0a0ca2381994dadd918c93dd33c716691a8505cae57637789293bdde9846a3d183c3a5ed5066c6d592c9855147cda2be1c74ec3f0ddcfeaf67ad1a2b811f0fb21415160fc7694f14b4ebe2116aeabb9fc629ab9076cc67ed725f549974e5f7d4418265da235f4d59800268c6b3484ca56e63cae017bab18adf8cb8ecf6fdb4f3eb157467efe242bb90875c97ad097cc2b9b34ee2215f3a873106be4731850b6887807a52d374a019f8feb9edc590aab65c3bf18db92b894e8cfbf367ba43439a66466ebe5c20861fe13cbdec29238a9cc7eb9f96537e86836aa3dff40f0350325fe2b90c82d4297f66e764a89fb50cd7e01e22731ddbcfc7be4a48c7f3890ef332a68bf9313e1525ad604fb57c1c60ee5751b75be2c925a9ed2111f7cd10c5edc4667a95458833d9e2cd81e86e5d3d8e4b7515a3a0568d2351a919c5bf8e21a92b07459c4c82dda80cd4ccdc0338866a093f549c8a0e9b646996178c948eafc03f88a0489d9341500c4705837cf429876dda72a1df9aa63f7b3371fc2c6b9d78957f59072192a79312d0f1b71328b43ba9fc2ca22435e7781323f91e62522178f6ad087ed6151924594568637a7b3f05dfffbb97951e6c64b08c1108e0c85721af8fec08f8e1b169aa966acc6b3450fd04b6a569a77b1712ad165692adcd84e181e4b38cfe23bc855c9a785429f1e17e4ab835a4d3b529e174cc51e2a1ff54516e61e7655a1b58fbb864bb641d48f867db8c39a439157c61e6866edf797998b982308674e046586e2896c572344de222598ad370b1f102825d2908dcc84eaac94d5e3f90b49847893c489d4b06587b199984ce86f3d808904bb5433aa1c8589176ab776e3165ec2df1fc744b53abf8c945445286bed40cd4e3ca259ec91fc6ac4a13c8c208a57039090084b9cacf2ab9ec82be66e41f410f402dfc72d622dbc950c00bf40c734a9c64f53563081ef2e7a1a13d7e4a3d028c84aedfdd487250818844d9def7e278ed661853c4512d6dc585796f03c2aa6c91f5638261ca20273c13781e944bea37a7990aae039c2a903d95d0c6d5eb38abee8c1ae2a9d9345969fec40b081874cf22e02eb917734bb5b18d60efa090e46ae5f6accc76a861e25fae494a96c4bf345e9da372980203165fa422c6d9f267cac311088ad5758580410412975545da71686ac2d1a892d4258ae76fd15c6c835f06d4841090d4144cadbf247effc508fdb6f09a6ac05702b7afe32d075a38560fd94f03f4415b1998bd2fbfda980ef1aeeea164b293fb07ae122260b7681995c8c1e323c64447ec7955c1321f0be8c2c84de30d09ffab5c8ce408a55c9603a7d8b3327c82c9f2b8de316f42eada118b8d0fd389315bd171f9be5cfbe5b8799d22f320d8158030eea50344df8191956a3d7f62e61b96897e5cd138401b42ca33624aca92291156bda286eb9d4e9cea045d0534f47d5d25193a3968ba5ca12685d87faff1369adfca6d65407968e882424e157b607838abf85fe61653b2f211dcd1e275f436206587e5974358afc4fdafed275e895cb4c65603cafa39b76b0b6ebce535bba472a7e62694ebced52c78c47f186b90e82ed9cc7c273af9c9b7154169e43c5e7ae43aefbb3adf69a2e7a190c437701475298f3d3bf24803308b8a10740b18a9417be2a5d0fc7061f16c00611e050a806ecc9cc30512da8fb812e3f15213032748abc803ee039080138efbefd5cab0a6c7d675ea812376c2c8a8af1d5f71d9f828fb7b981e44d124beed5ee9d72bf4a592df4f5ba79285034665b1d7797ead5e59f1b96448ad91443427b514cfc740fff6322f49a54428281b99daed91e1b313d2c6d0759ac27d429853849f733f9702b687c74c90f3deb07c2a92efd34378fec24259d335725f34e8fedc49836bed23f7d24af6c57b680a2e9bfda89d7942403236e820c0028f0642d0dfda909c13eed318be5d98b3f4db6f6511e2a975c43707908fbb2b2a71848f8e764aa00687aff77de8504e605da642954f6c53d53ffbe9eaaf0f7f3f04df597566fb79decee952d34f0830b76b42be5df06068f3891b1143e1e871c537588e7d1ae1a842ae6ee79fae80b2d13197db4be50ac924cda5e822ef0ea7b1e3505bd69a5d0c00d58b8c23022aaa40a5898dd78227abba4ebaeadaccc8b068c4a50e2f2779255c8cb65e044e46495152eeda38cf8ec80243c2c9e9ea0d7b158613032d2467fc646be46ea437c933f6bd62fb12f1a6929417ac82e7766d4fd4d25f411295d06e352a93954cc1b5a46db27a76b2323f934dfe17354e90ed7db019b7a718a05baed16ec09d5750235929bdeba76956b75a3f8e4a89b2e32bc2d82c5dc3f1a75ff725d63d6fb289eea1427e2476a16a482c15fabdcf5d04cde891b90c6b3f443c93b25f9cafb041b2da7979bc4b65e423e1ae9a725cf9ba769c1b86406e37226f79d3837249ea105d10abbf000fa3bf84c5e5a12952228e69bb923ad37f7ddba941393943ce785f2a00efb513dce5e70f6924aa17066ec9d2261ba297f58d39a12cb63bbd87869dd2db8bf77db7f221798c2883d46226073c49d9d1667cd627a45878a80a993ed36b31f1d74fbbb34b84d9d55d93dfe93c550e051b7b4f59fcc9d2873aaa8cd2421dffd5d718c5f2ea0e4e1b9484854eb10a6335b2e7a12cc60106d34df44964983531a5d834508106313c61e440866dcdeae5d76b563f2b08c9f6f24145d250fe731fa188a88856e07ba37023987fc886be610076662353eaeeb31a39f2901953ca49509ce7a768e8e2b5d5f291d398d102b56a80bb8c2a4074c0f59d6d8b1a57522991f7f5a68019cbe43d0b8b02d9a53c8881304f8f86ed5f8b4d9498", 0x1000}, 0x1006) close(r2) ioctl$PERF_EVENT_IOC_RESET(r2, 0x2403, 0x1f) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:45 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) accept$ax25(r0, &(0x7f0000000240)={{0x3, @default}, [@default, @rose, @rose, @remote, @remote, @bcast, @netrom, @rose]}, &(0x7f00000004c0)=0x48) ioctl$TUNDETACHFILTER(r1, 0x401054d6, 0x0) fstat(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuse(0x0, &(0x7f0000000000)='./bus/file0\x00', &(0x7f0000000040)='fuse\x00', 0x41010, &(0x7f0000000340)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=000000000150000,user_id=\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRESDEC=r2, @ANYBLOB=',group_id=', @ANYRESDEC=r3, @ANYBLOB=',default_permissions,allow_other,blksize=0x0000000000000c00,appraise_type=imasig,smackfsroot=mime_typemd5sum!lo-$user)#nodevmd5sumsecurity,smackfshat=,seclabel,smackfsroot=,\x00']) 12:27:45 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) epoll_wait(r1, &(0x7f0000000180)=[{}, {}, {}, {}, {}, {}], 0x6, 0x2f) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:45 executing program 0: 12:27:47 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000002c0)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$CAPI_INSTALLED(r1, 0x80024322) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) accept4$llc(r2, 0x0, &(0x7f0000000080), 0x80000) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) syz_open_procfs(r0, &(0x7f0000000000)='fd\x00') tkill(r0, 0x1000000000013) 12:27:47 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, 0x0, 0x0) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:47 executing program 0: 12:27:47 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) arch_prctl$ARCH_GET_GS(0x1004, &(0x7f0000000280)) ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, &(0x7f0000000040)={0x0, 0xb67, 0x8, 0x5, 0x101}) fcntl$getflags(r0, 0x3) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e20, @loopback}}, 0x6, 0x8, 0x9, 0x401, 0x18}, &(0x7f0000000080)=0x98) getsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f00000000c0)={r1, 0xffffffff, 0x1, 0xdfcb}, &(0x7f0000000240)=0x10) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:27:47 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @rand_addr, 0x4c3}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_create(0x4, &(0x7f0000000000)={0x0, 0x12, 0x0, @tid=r0}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) 12:27:47 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r1, 0x28, 0x0, &(0x7f0000000080)=0x23, 0x8) 12:27:47 executing program 0: 12:27:47 executing program 2: r0 = inotify_init1(0x800) fsetxattr$trusted_overlay_redirect(r0, &(0x7f00000001c0)='trusted.overlay.redirect\x00', &(0x7f0000000240)='./file0\x00', 0x8, 0x3) syz_mount_image$vfat(&(0x7f0000000180)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0xffffffaf}], 0x0, 0x0) setxattr$trusted_overlay_nlink(&(0x7f0000000300)='./file1\x00', &(0x7f0000000340)='trusted.overlay.nlink\x00', &(0x7f0000000380)={'L-', 0x17a}, 0x28, 0x2) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) connect$bt_sco(r1, &(0x7f00000000c0)={0x1f, {0x8, 0x1, 0x7bc, 0x40, 0x7, 0xffffffffffffff55}}, 0x8) setxattr$trusted_overlay_nlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f0000000080)={'U+', 0x3}, 0x28, 0x1) r2 = open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) setsockopt$inet_mreq(r2, 0x0, 0x20, &(0x7f0000000280)={@remote, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x8) 12:27:47 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) readv(r0, &(0x7f0000000600)=[{&(0x7f0000000100)=""/218, 0xda}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x6) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0xccf3, 0x0, 0x0, 0x800e007f5) shutdown(r0, 0x0) ppoll(0x0, 0x0, 0x0, &(0x7f0000000080), 0x4) shutdown(r1, 0x0) 12:27:47 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, 0x0, 0x0) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:47 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(0xffffffffffffffff) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:47 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) readv(r0, &(0x7f0000000600)=[{&(0x7f0000000100)=""/218, 0xda}, {0x0}, {0x0}, {0x0}], 0x4) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0xccf3, 0x0, 0x0, 0x800e007f5) shutdown(r0, 0x0) ppoll(0x0, 0x0, 0x0, &(0x7f0000000080), 0x4) shutdown(r1, 0x0) 12:27:48 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x1}, 0xfffffe23) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, r3) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:48 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x8001, 0x1) ioctl$TIOCGWINSZ(r0, 0x5413, &(0x7f0000000140)) r1 = open(&(0x7f0000000040)='./file0\x00', 0x1, 0x0) ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000180)) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='dctcp-reno\x00', 0xb) ioctl$EVIOCGABS3F(r0, 0x8018457f, &(0x7f0000000340)=""/155) ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f00000001c0)={0xb, 0x7, {0x52, 0x9, 0x6d78, {0x100000000, 0x6}, {0x800, 0x4}, @cond=[{0x6, 0x401, 0x9, 0xd5e, 0x1, 0x10000}, {0x9, 0x0, 0x28000000, 0x8, 0x0, 0x1}]}, {0x53, 0x1000, 0x8f, {0x1, 0x4}, {0x2, 0x7ff}, @rumble={0x7fffffff, 0x7}}}) openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cuse\x00', 0x2, 0x0) r2 = open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r2, 0x0, 0x61, &(0x7f0000000240)={'filter\x00', 0x4}, 0x68) 12:27:48 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(0xffffffffffffffff) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:48 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) readv(r0, &(0x7f0000001440)=[{&(0x7f0000000000)=""/145, 0x91}, {0x0}, {0x0}, {0x0}], 0x4) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0xfd1d, 0x0, 0x0, 0x800e006a1) shutdown(r0, 0x0) recvfrom$inet(r1, 0x0, 0xfffffe44, 0x0, 0x0, 0x800e00521) shutdown(r1, 0x0) 12:27:48 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0106426, &(0x7f0000000180)={0x4, &(0x7f0000000080)=[{0x0}, {}, {}, {}]}) ioctl$DRM_IOCTL_UNLOCK(r1, 0x4008642b, &(0x7f00000001c0)={r4, 0xc07a529fc3352db4}) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:48 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) fsetxattr$trusted_overlay_opaque(r1, &(0x7f0000000000)='trusted.overlay.opaque\x00', &(0x7f0000000080)='y\x00', 0x2, 0x1) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:48 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(0xffffffffffffffff) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:48 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) r2 = gettid() fcntl$setown(r1, 0x8, r2) 12:27:48 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:48 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:48 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000340)={@in6={{0xa, 0x4e21, 0xba3d, @ipv4={[], [], @remote}, 0x5}}, 0x0, 0xc888, 0x0, "1a06b45becb835db1326e00edb126b4713435e3387d9b619da08de3578fd190e7963f04a8f26fe547f33cdf1218408a010f3dc8b309fb043c4a5ed4c35a681eff4a4781b53ee9a93fc0183c273d6d818"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) ioctl$SCSI_IOCTL_START_UNIT(r1, 0x5) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000000)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0xfffffffffffffe67) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) ioctl$VIDIOC_S_EXT_CTRLS(r1, 0xc0205648, &(0x7f0000000300)={0x4, 0x3, 0x1, [], &(0x7f00000002c0)={0x9b0b7b, 0x0, [], @p_u16=&(0x7f0000000080)=0x2}}) socket$nl_netfilter(0x10, 0x3, 0xc) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:48 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) poll(&(0x7f0000000000)=[{r0, 0x80}], 0x1, 0x4e) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0xff8c, 0x0, 0x0, 0x800e004c5) shutdown(r1, 0x0) 12:27:48 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ptrace$getenv(0x4201, r0, 0x1, &(0x7f0000000000)) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:48 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x38f, &(0x7f0000000000)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x100000000, 0x0) r0 = syz_open_dev$video(&(0x7f00000000c0)='/dev/video#\x00', 0x100000000, 0x0) ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000080)={0x2, 0x0, 0x9443a24ff5f4a0b3, {0x0, 0x0, 0x20000000000005, 0x7}}) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:27:48 executing program 4: r0 = getpid() pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:49 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) readv(r0, &(0x7f0000001440)=[{&(0x7f0000000000)=""/145, 0x91}, {0x0}, {0x0}, {0x0}, {0x0}], 0x5) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0xfd1d, 0x0, 0x0, 0x800e006a1) shutdown(r0, 0x0) shutdown(r1, 0x0) 12:27:49 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(r0, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r3, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r2, 0x40042409, 0x1) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x0, 0x0, 0x0) sendmsg$inet6(r1, &(0x7f0000000200)={&(0x7f0000000080)={0xa, 0x4e22, 0x7, @mcast2, 0x1}, 0x1c, &(0x7f0000000180)=[{&(0x7f0000000480)="f7357faaa03e856e4e1150e4c1610443f6b6303622c3ca9dc5e873cc14f5bbd5bc38f56d14614fc7782f820b6778a70de436f800b5dcd1bccc0fc7c693a3f5a61fb6c1cc5111d7dc845539d815bb2398259694e28f7ce06b54aec08435a95b0b455a8428171fd7034f6be46191b4663595911210668d29a6a0f2931f95364b8c68a41c45739dca02ba8329bc62eff22b53ae8db7caf93c60e484ce7158c4b7576b2404f5bc374dae3aab262bcdb42318595dc09f7fd32a99d405941ee65fcd3462abd1d6b1cc5afdad83b6ba1d01fdd71a8339d1e404f758ba78a832a5ebe78fc80656db", 0xe4}, {&(0x7f0000000580)="678f8624383a83cb9f204654ef10f2524b32e49c0547d1c9637f5e1e3ba88add4fe71737482df9d5c558b2f2c921c8c67dbf7b3b042d610cd08ba6a1f733d38fe9dd53984cc075817b84f64e97b042cefc37da6225d5d6ed960e6ab0ffcfae058b21b81eaabf826c5471d58f31b9e2a32f8fd4bd1b5030e5bc4461fc6ccd074b9cafa60d59632fffd1a94ad8e3c5ad61ea786d81a0a24635d878e2b0d03f52d3e45d324fbc97877cc552593dc3805d8733c7071e7eb743ef0580655a2524c58543f14e54cead4452e668ac03343aa7ced9f0c27bd973a0f11afd4cd226b273c40b397adf1fd98fff25", 0xe9}], 0x2, &(0x7f00000001c0)=[@dontfrag={{0x14, 0x29, 0x3e, 0x2}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x7fffffff}}], 0x30}, 0x20004000) sendmmsg(r3, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:49 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) fchdir(r1) 12:27:49 executing program 3: r0 = getpid() r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x401, 0x80) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000080)={0xd6, 0x0, 0x1}) ioctl$DRM_IOCTL_SG_ALLOC(r1, 0xc0106438, &(0x7f00000002c0)={0xffffffffffffffd9, r2}) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r1, 0x5386, &(0x7f0000000300)) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r4, &(0x7f0000000340)=ANY=[], 0xff0e) close(r4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f0000000380)={0x0, @in6={{0xa, 0x4e22, 0x4, @mcast1, 0x4}}, [0x6, 0x89, 0xffffffffffffff36, 0x0, 0x4, 0x200, 0x8, 0xffffffffffffa2c3, 0x100, 0x10001, 0x1, 0x5, 0x2, 0x1, 0x7]}, &(0x7f0000000480)=0x100) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f00000004c0)={r6, 0x9, 0x30}, &(0x7f0000000500)=0xc) setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r5, &(0x7f0000000140)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast1}, 0x4}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f0000000340)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0xfffffffffffffe34) splice(r3, 0x0, r4, 0x0, 0x100000000, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r4, 0x4008240b, &(0x7f0000000540)={0x3, 0x70, 0x2, 0x0, 0x7fffffff, 0x6a381cbd, 0x0, 0x338000000000, 0x80000, 0x1, 0xaf4, 0x9, 0x7, 0xfffffffffffffffc, 0x500000000, 0x10000, 0x8, 0x101, 0x6, 0x7, 0x16, 0x7, 0x0, 0x7, 0xc0fb, 0x5, 0x2, 0x9, 0x1, 0x8, 0x8, 0xe302, 0x1, 0x0, 0x9, 0x2, 0x100, 0x869a, 0x0, 0x1, 0x2, @perf_config_ext={0xffffffffffffff8b, 0x1}, 0x100, 0x6, 0x1, 0x2, 0x450, 0xcf9c, 0x4}) write$binfmt_aout(r5, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:49 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) ptrace$getenv(0x4201, r0, 0x6, &(0x7f0000000080)) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x2, &(0x7f0000000000)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:49 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x4, @mcast2, 0x4}, 0xfffffffffffffcfa) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:49 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:49 executing program 0: clone(0x200, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f00000002c0)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = creat(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0) dup2(r0, r1) execve(&(0x7f0000000000)='./file1\x00', 0x0, 0x0) ioctl$sock_inet_tcp_SIOCOUTQNSD(r1, 0x894b, 0x0) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) 12:27:49 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000000)=@sack_info={0x0, 0x6, 0xae28}, &(0x7f0000000040)=0xc) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={r1, 0x2c, &(0x7f0000000080)=[@in6={0xa, 0x4e24, 0x5, @empty, 0x1ff}, @in={0x2, 0x4e24, @local}]}, &(0x7f0000000140)=0x10) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:27:49 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x2, 0x0) tkill(r0, 0x1000000000013) 12:27:49 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000180)='SEG6\x00') sendmsg$SEG6_CMD_DUMPHMAC(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x408c038}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x34, r4, 0x200, 0x70bd26, 0x25dfdbfb, {}, [@SEG6_ATTR_SECRETLEN={0x8, 0x5, 0x1}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x9}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x8000000000000}, @SEG6_ATTR_ALGID={0x8, 0x6, 0x3}]}, 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x20000000) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000340)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r1, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x58, r5, 0x4, 0x70bd2a, 0x25dfdbfb, {}, [@TIPC_NLA_LINK={0x24, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}]}, @TIPC_NLA_NODE={0xc, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1}]}, @TIPC_NLA_LINK={0x14, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x4}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x10}, 0x20000000) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) prctl$PR_SET_MM_MAP_SIZE(0x23, 0xf, &(0x7f0000000580)) ioctl$VIDIOC_TRY_FMT(r2, 0xc0d05640, &(0x7f0000000480)={0x8, @sliced={0x4, [0x80800000000000, 0x8, 0x7, 0x0, 0xbc1, 0x4, 0x80000000, 0x20, 0xffffffffffff8001, 0x9, 0x2, 0xe0, 0x4, 0x80, 0x2665, 0x3, 0x7, 0xa39, 0x3, 0x6, 0x38, 0x800, 0x1ff, 0x9, 0x2, 0x0, 0x7fffffff, 0x6, 0x3f, 0x400, 0x6, 0x7, 0xfffffffffffff800, 0x6, 0x1ff, 0x1, 0x0, 0xc9, 0x2, 0x80000001, 0x6, 0x82c, 0x0, 0x8, 0x8, 0x2, 0x9ecb, 0x11e760cb], 0x10000}}) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) ioctl$sock_inet_tcp_SIOCOUTQNSD(r2, 0x894b, &(0x7f0000000000)) ioctl$EVIOCSFF(r1, 0x40304580, &(0x7f0000000600)={0x53, 0x7ff, 0x9, {0x4, 0x9}, {0x9, 0xffffffffffffff05}, @period={0x58, 0x3, 0x0, 0x2, 0x800, {0x626183e9, 0x8, 0x42bc99b1, 0x3}, 0x2, &(0x7f00000005c0)=[0x7, 0x8001]}}) tkill(r0, 0x1000000000013) 12:27:49 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000000)=0xa0c455583749e24, 0x4) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:27:49 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) connect$caif(r1, &(0x7f0000000080)=@dbg={0x25, 0x6, 0x71}, 0x18) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) fcntl$getownex(r0, 0x10, &(0x7f00000001c0)={0x0, 0x0}) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000480)={{{@in=@empty, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@initdev}, 0x0, @in=@broadcast}}, &(0x7f0000000200)=0xe8) ioctl$DRM_IOCTL_GET_CLIENT(r1, 0xc0286405, &(0x7f0000000280)={0x1, 0x400, r4, 0x0, r5, 0x0, 0x10001}) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:49 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r2, &(0x7f0000000180)={0xa, 0x4e21, 0x4, @local, 0xffffffff}, 0x1c) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) ioctl$BLKBSZSET(r2, 0x40081271, &(0x7f0000000000)=0x101) write$binfmt_aout(r1, 0x0, 0x301723492141134b) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x11}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) getpid() tkill(r0, 0x1000000000013) dup(r3) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000080)={0x5c, @empty, 0x4e23, 0x0, 'sh\x00', 0x10, 0x800, 0x10}, 0x2c) 12:27:49 executing program 4: r0 = getpid() write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000340)=ANY=[], 0xff0e) close(0xffffffffffffffff) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080)=0x8000000fffffefe, 0x4) connect$inet6(r1, &(0x7f0000000140), 0x1c) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, &(0x7f0000000180)=[0x1, 0x2], 0x2) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0xea) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) write$binfmt_aout(r1, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) prlimit64(r0, 0x1, 0x0, &(0x7f0000000000)) 12:27:49 executing program 2: lsetxattr$trusted_overlay_nlink(&(0x7f0000000280)='./bus\x00', &(0x7f0000000440)='trusted.overlay.nlink\x00', &(0x7f0000000700)={'t+', 0x800080000}, 0x41c, 0x3) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./bus\x00', 0x501404, 0x10000) fchdir(r0) r1 = open(&(0x7f0000000740)='./bus\x00', 0x1, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r1, 0xab07, 0x7) r2 = getegid() getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000340)={{{@in6, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in6=@mcast2}}, &(0x7f00000000c0)=0xe8) getresuid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) ioctl(r1, 0xe49, &(0x7f0000000780)="383408a3bbcdfa65a84a9a19e5e46b29c27eb021e3d496871a202f7db39a23789a6f8a9617f8c55da32d5153b02a06d48ce32ce2d4b699ee8a450bfdc5fe19061015076672338907f79e579c28b113b0680f7890689a1a431d1aa1ce5458647dcefc629f595ccd058e4d13ef3f86fc6da54e1bbd890888394b8d4ab7fcfb2e8d956ef3f559ae7f2b281cf9f73462e8465e350f309376feb27efa151ec1faa60e5001f904b8c8c8c2c2b37738e6433194e1f6d4ca78f7c54db047") getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000004c0)={{{@in=@broadcast, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}, 0x0, @in=@local}}, &(0x7f0000000240)=0xe8) mount$9p_tcp(&(0x7f0000000000)='127.0.0.1\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x40, &(0x7f00000005c0)={'trans=tcp,', {'port', 0x3d, 0x4e23}, 0x2c, {[{@uname={'uname', 0x3d, 'vfat\x00'}}, {@dfltgid={'dfltgid', 0x3d, r2}}, {@cache_loose='cache=loose'}, {@access_client='access=client'}, {@loose='loose'}, {@nodevmap='nodevmap'}], [{@obj_user={'obj_user', 0x3d, '-eth1vboxnet1cpuset*-]wlan0'}}, {@smackfsdef={'smackfsdef', 0x3d, 'vfat\x00'}}, {@smackfsfloor={'smackfsfloor'}}, {@fowner_lt={'fowner<', r3}}, {@obj_role={'obj_role', 0x3d, '\xf7'}}, {@fowner_gt={'fowner>', r4}}, {@context={'context', 0x3d, 'system_u'}}, {@euid_gt={'euid>', r5}}, {@smackfstransmute={'smackfstransmute', 0x3d, '&{'}}]}}) 12:27:49 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) ioctl$KDMKTONE(r1, 0x4b30, 0x2) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) ioctl$KVM_S390_UCAS_MAP(r2, 0x4018ae50, &(0x7f0000000000)={0x4, 0x2, 0x22c}) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000813) 12:27:50 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$FS_IOC_SETVERSION(r1, 0x40087602, &(0x7f0000000080)=0x21b) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:50 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:50 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) readv(r0, &(0x7f0000001440)=[{&(0x7f0000000000)=""/145, 0x91}, {0x0}, {0x0}, {0x0}], 0x4) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0xfd1d, 0x0, 0x0, 0x800e00526) shutdown(r0, 0x0) setsockopt$sock_timeval(r0, 0xffff, 0x1005, 0x0, 0x0) recvfrom$inet(r1, 0x0, 0xfffffe44, 0x0, 0x0, 0x800e00521) shutdown(r1, 0x0) 12:27:50 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) getsockopt$netrom_NETROM_T1(r0, 0x103, 0x1, &(0x7f0000000080), &(0x7f00000000c0)=0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000100)={0x200, 0x4}) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r1, 0xc08c5336, &(0x7f0000000480)={0xfff, 0x6, 0xffffffffffffffff, 'queue0\x00', 0x2}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x800, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f0000000680)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a1c2ff49053e049e080381518ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d80600000094abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc674fe1c364ec7b9a7953124025bef730e40ec1dd14622dcced4ebe998de0a20ece04254661bbcec5fc79398467ad9c765bf7bb3422632f65e19f0ada0411f0ce4467b987e91efee7282c82ecdc84a6f69132258db2eac2d61c7ebf7ce9e00e432a5bd26870170f1d00ee38d8c0167bb9a0f936bc0f6d7ce4e6df8926ff81146ccaf2c0", 0x11f, 0x4, &(0x7f00000001c0)={0xa, 0x4e20, 0x22, @mcast1, 0xfffffffffffff485}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f0000000180)) 12:27:50 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) ioctl$VFIO_GET_API_VERSION(r2, 0x3b64) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:50 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000080)={@rand_addr=0x3f, @empty, 0x0, 0x7, [@remote, @initdev={0xac, 0x1e, 0x1, 0x0}, @empty, @rand_addr, @local, @dev={0xac, 0x14, 0x14, 0xa}, @initdev={0xac, 0x1e, 0x0, 0x0}]}, 0x2c) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:50 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000023c0)=[{&(0x7f0000000000)=""/62, 0x3e}, {0x0}], 0x2}, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0x893f, 0x0, 0x0, 0x800e005f6) shutdown(r0, 0x0) recvfrom$inet(r1, 0x0, 0x10201, 0x0, 0x0, 0x800e0051d) shutdown(r1, 0x0) 12:27:50 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r1, &(0x7f0000000340)=ANY=[], 0xff0e) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r2, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r1, 0x0, 0x3, 0x2) write$binfmt_aout(r2, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x39) r3 = request_key(&(0x7f0000000000)='encrypted\x00', &(0x7f0000000080)={'syz', 0x0}, &(0x7f0000000180)='tls\x00', 0x0) keyctl$update(0x2, r3, 0x0, 0x0) 12:27:50 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000180)="11dca5055e0bcfe47bf070") execveat(r0, &(0x7f0000000000)='./bus\x00', &(0x7f00000004c0)=[&(0x7f0000000040)='vfat\x00', &(0x7f0000000080)='*\x00', &(0x7f00000000c0)='vfat\x00', &(0x7f0000000140)='vfat\x00', &(0x7f0000000340)='!\x00', &(0x7f0000000380)='$-@\x00', &(0x7f00000003c0)='keyringsystem\x00', &(0x7f0000000400)='vfat\x00', &(0x7f0000000440)='vfat\x00'], &(0x7f0000000700)=[&(0x7f0000000540)='\x00', &(0x7f0000000580)='\x00', &(0x7f00000005c0)='vfat\x00', &(0x7f0000000600)='vfat\x00', &(0x7f0000000640)='vfat\x00', &(0x7f0000000680)='trustedcgroup&\x00', &(0x7f00000006c0)='vboxnet1\'+em0\x00'], 0x100) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f000014f000)={0x0, 0xfffffffffffffecf, &(0x7f00000bfff0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="b800000019000100000000000000000800000000000000040000000000000001e0001901000000000000000000000000f3320000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c7efe1d863433e91c00000000000000000000000000000000000000000000000000000000000000000000000082183e331f662e9c3ec20d26a64c7d7d79d4683010e0b6dfe7561a1f4dc913be3c3971c2e464a3aae692fe13bf338e8e5b82295151a2686340a1d07546e5fd8f42aaa58c2fd701ea1026b9ba2482d07d0e2e99"], 0xb8}}, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:27:50 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) syz_mount_image$nfs4(&(0x7f0000000080)='nfs4\x00', &(0x7f0000000180)='./file0\x00', 0x6, 0x3, &(0x7f0000000280)=[{&(0x7f0000000480)="08a8c97b627b4dfa8ce8cd5f1efa10b83b6e0545bd59aa3cf6681f6d68c7dc67dce8da0f1dbab42767550e1a452d3e71901de257d3cd178e414da67c4ee461908bdf8c513c1088ba750ec761796b3f9062da4eb400d8002334808efeeebe8aafbc08625991fadc59cb9ed650f8e3236ce9e18ed57381265ff1b1c781a9f44d20fc460f74100a817bf58759ad3b613b648d6e7d7c61214242a93007301c93c0f2aece3bea4c595a3152c6257f530fed92359708aaaf18377d8a2917662889cf6b06", 0xc1, 0x3}, {&(0x7f00000001c0)='*\b1', 0x3, 0x8d9}, {&(0x7f0000000580)="6ac9a99ac49985d9fb0b940cb7b2ad96fe2703f2225a56be34e3989b0714b13e8e151f03af8d0fa8dec1be4cc28dad9926b49b902fe7be2b6e6783e7967d21b46f044edac122a83b339726ff25100a76964c5c0f7fe028bdff08c93cf73cecba3bff884b73e3e8f0cdd94ecdc9d0be7138cbe429b7a3cb98b5af46d9a9bad5d72f7ef2d0923dbcf1cc4b8871e212646eee7b9a955d966e72a8973f4f2358431df5e657f445f1e9911da21a9dcdf050b387e3542cdeff851a37d5ef2ecb4a35bb72", 0xc1, 0x3}], 0x200000, &(0x7f0000000200)='ip6_vti0\x00') ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 838.551437] 9pnet: p9_fd_create_tcp (22399): problem connecting socket to 127.0.0.1 12:27:50 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000000)=ANY=[], 0x0) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:50 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) poll(&(0x7f0000000000)=[{r0, 0x80}], 0x1, 0x4e) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0xff8c, 0x0, 0x0, 0x800e004c5) poll(0x0, 0x0, 0x4e) shutdown(r1, 0x0) 12:27:50 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000180)=[{&(0x7f00000001c0)="eb3c906d6b66732e666174000204010002000270fff8", 0x84, 0x3}], 0x2040, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x141043, 0x0) setsockopt$sock_void(r1, 0x1, 0x1b, 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000240)=@assoc_value={0x0}, &(0x7f0000000340)=0x8) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r1, 0x84, 0x5, &(0x7f00000000c0)={r2, @in={{0x2, 0x4e24, @broadcast}}}, 0x84) 12:27:51 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x0, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:51 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) tkill(r0, 0x1a) recvmmsg(r3, &(0x7f0000003680)=[{{&(0x7f0000000200)=@xdp, 0x80, &(0x7f0000000180)=[{&(0x7f00000002c0)=""/110, 0x6e}, {&(0x7f0000000340)=""/150, 0x96}, {}, {&(0x7f0000000080)}], 0x4, &(0x7f0000000400)=""/78, 0x4e}, 0xed4}, {{&(0x7f0000000480)=@ethernet, 0x80, &(0x7f0000000840)=[{&(0x7f0000000500)=""/247, 0xf7}, {&(0x7f0000000600)=""/111, 0x6f}, {&(0x7f0000000680)=""/60, 0x3c}, {&(0x7f00000006c0)=""/83, 0x53}, {&(0x7f0000000740)=""/213, 0xd5}], 0x5, &(0x7f00000008c0)}, 0x8}, {{&(0x7f0000000900)=@pptp, 0x80, &(0x7f0000001b80)=[{&(0x7f0000000980)=""/157, 0x9d}, {&(0x7f0000000a80)=""/4096, 0x1000}, {&(0x7f0000001a80)=""/153, 0x99}, {&(0x7f0000001b40)=""/29, 0x1d}], 0x4, &(0x7f0000001bc0)=""/127, 0x7f}, 0x5}, {{&(0x7f0000001c40)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x80, &(0x7f0000001d00)=[{&(0x7f0000001cc0)=""/3, 0x3}], 0x1, &(0x7f0000001d40)=""/11, 0xb}, 0x20}, {{&(0x7f0000001d80)=@ethernet={0x0, @local}, 0x80, &(0x7f0000002f40)=[{&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000002e00)=""/87, 0x57}, {&(0x7f0000002e80)=""/169, 0xa9}], 0x3}, 0x2}, {{&(0x7f0000002f80)=@isdn, 0x80, &(0x7f0000003580)=[{&(0x7f0000003000)=""/199, 0xc7}, {&(0x7f0000003100)=""/25, 0x19}, {&(0x7f0000003140)=""/157, 0x9d}, {&(0x7f0000003200)=""/195, 0xc3}, {&(0x7f0000003300)=""/100, 0x64}, {&(0x7f0000003380)=""/233, 0xe9}, {&(0x7f0000003480)=""/215, 0xd7}], 0x7, &(0x7f0000003600)=""/99, 0x63}, 0x8}], 0x6, 0x0, &(0x7f0000003800)) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:51 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x10800, 0x0) ioctl$EVIOCGMTSLOTS(r0, 0x8040450a, &(0x7f0000000040)=""/49) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) setxattr$security_selinux(&(0x7f0000000240)='./bus\x00', &(0x7f0000000280)='security.selinux\x00', &(0x7f0000000440)='system_u:object_r:restorecond_var_run_t:s0\x00', 0x2b, 0x1) syz_mount_image$minix(&(0x7f0000000080)='minix\x00', &(0x7f00000000c0)='./bus\x00', 0x3, 0x2, &(0x7f00000001c0)=[{&(0x7f0000000340)="81997417f4c266244565432c1279c5bfee8fa423b5a9084a912cfb004a5c61b55492036c78cf6d2057f0ec033caceace312e85aef88372fb3e69c6b63aba9040c039e1d044868802350616a3004b4826979d6c3c0dd9362a65c8c95eb1ac27967443047f2140e798d0dc659ca9ce83214d68ff9053ebc497c3b023509b745bcd5dd621b9f627c69c4545a3a0a62eec9c834d908f9a00309d1b8033eb62a368a4539c7e5ce58ded89502a255317e741835878e793f9c202709752d854f74b01128e076697b04b79bfe80b6dab245c49ffd2508acc1d75c0203eb67ee286c4c9f720e1af70", 0xe4, 0xc3d}, {&(0x7f0000000140)="f64acedf8f6e264a7f60f686db814b8f7cf98742523d42830fe2993507028f188d3971ccd41528a8851f666fe2e30a7d0cb64cfa33b82ab0d98c1518fac78d927824a69f3e6570600b5c0b5da43508275a1d7ab1a5607f3e6f4276d054b2fe3a", 0x60, 0x5}], 0x880000, 0x0) fchdir(r1) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x2) 12:27:51 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f00000002c0)={@in={{0x2, 0x4e24, @multicast2}}, 0x0, 0x2, 0x0, "fa5261247cb07dc2c1110de20f44d89a5dba5c18ffe5d29d1067af707bb343860a7c772a4a62bcaef5bcd7f8d8411cd5c01577e2f111877926556b3a7c603b10302ca24a709e2397e7e7128244a00015"}, 0xd8) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:51 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) readv(r0, &(0x7f0000000600)=[{&(0x7f0000000100)=""/218, 0xda}, {0x0}, {0x0}, {0x0}, {0x0}], 0x5) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0xccf3, 0x0, 0x0, 0x800e007f5) shutdown(r0, 0x0) ppoll(0x0, 0x0, 0x0, &(0x7f0000000080), 0x4) shutdown(r1, 0x0) 12:27:51 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VT_WAITACTIVE(r1, 0x5607) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'nlmon0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) r4 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r4) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:51 executing program 4: r0 = getpid() pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x20, 0x5, 0x7}) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r2, 0x0, 0x19d) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)=0x0) timer_settime(r4, 0x1, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x77359400}}, 0x0) write$UHID_CREATE2(r1, &(0x7f00000002c0)={0xb, 'syz1\x00', 'syz1\x00', 'syz0\x00', 0x73, 0xe3, 0x1ff, 0x4, 0x1, 0x40, "78a66331ed9c325da060dbf1fec91685ff81d4f3eb4045a386885e95fa267333fbe9618f6362bc4fcca6de8a4cdda6e4d05e129bae043d7857dbaf452f5a67e05f80c1ba1411da9912b4cf3c43eace424ffe9cf1556ec432206e754d1fbe75fa45142c3cf76e57eaf6366c5c4f6ee6b2c75eb0"}, 0x18b) syz_open_procfs(r0, &(0x7f0000000180)='net/l2cap\x00') tkill(r0, 0x1000000000013) 12:27:51 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x200000, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:27:51 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x40, 0x0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:27:51 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000001680)={0x0, 0x0, &(0x7f0000001600)=[{&(0x7f0000000040)=""/185, 0xb9}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x8}, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0x893f, 0x0, 0x0, 0x800e00519) shutdown(r0, 0x0) getsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) recvfrom$inet(r1, 0x0, 0x10201, 0x0, 0x0, 0x800e0051d) shutdown(r1, 0x0) 12:27:51 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) ioctl$sock_SIOCGIFCONF(r0, 0x8912, &(0x7f0000000040)=@req={0x28, &(0x7f0000000000)={'gretap0\x00', @ifru_mtu=0x2}}) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:27:51 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000080)=0x0) r5 = getuid() ioctl$DRM_IOCTL_GET_CLIENT(r1, 0xc0286405, &(0x7f0000000180)={0x9f0, 0x4, r4, 0x0, r5, 0x0, 0x8, 0x2}) 12:27:52 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x0, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:52 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000140)=""/205, 0xcd}], 0x1, 0x0, 0x51}, 0x2) r1 = dup(r0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r2, 0x0, 0xfd1d, 0x0, 0x0, 0x800e00505) shutdown(r1, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000640)=""/4096, 0x1000}, {0x0}, {0x0}], 0x3}, 0x0) r4 = dup(r3) r5 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r5, 0x0, 0x2a80, 0x0, 0x0, 0x800e00506) shutdown(r4, 0x0) r6 = socket$inet_udp(0x2, 0x2, 0x0) recvmsg(r6, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000200)=""/1, 0x1}], 0x1}, 0x0) shutdown(r5, 0x0) shutdown(r2, 0x0) 12:27:52 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000080)='./file0\x00', 0x0, 0x100000066) 12:27:52 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) stat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0}) r5 = geteuid() getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000380)={{{@in=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@remote}}, &(0x7f0000000480)=0xe8) getsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f00000004c0)={{{@in=@dev, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f00000005c0)=0xe8) r8 = geteuid() getsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f0000000600)={{{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in=@initdev}}, &(0x7f0000000700)=0xe8) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000740)={{{@in6=@local, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @loopback}}, 0x0, @in=@loopback}}, &(0x7f0000000840)=0xe8) getresuid(&(0x7f0000000880)=0x0, &(0x7f00000008c0), &(0x7f0000000900)) stat(&(0x7f0000000940)='./file0\x00', &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getgroups(0x7, &(0x7f0000000a00)=[0xee01, 0xee00, 0x0, 0xee00, 0xffffffffffffffff, 0xee01, 0x0]) getresgid(&(0x7f0000000a80), &(0x7f0000000ac0), &(0x7f0000000b00)=0x0) getresgid(&(0x7f0000000b40), &(0x7f0000000b80), &(0x7f0000000bc0)=0x0) r16 = getgid() getresgid(&(0x7f0000000c00), &(0x7f0000000c40)=0x0, &(0x7f0000000c80)) fstat(r3, &(0x7f0000000cc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000d40)='./file0\x00', &(0x7f0000000d80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000e00)={0x0, 0x0, 0x0}, &(0x7f0000000e40)=0xc) fsetxattr$system_posix_acl(r1, &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f0000000e80)={{}, {0x1, 0x4}, [{0x2, 0x1, r4}, {0x2, 0xa48247cc228c24e1, 0xee01}, {0x2, 0x5, r5}, {0x2, 0x2, r6}, {0x2, 0x2, r7}, {0x2, 0x2, r8}, {0x2, 0x1, r9}, {0x2, 0x2, r10}, {0x2, 0x5, r11}], {0x4, 0x2}, [{0x8, 0x2, r12}, {0x8, 0x1, r13}, {0x8, 0x2, r14}, {0x8, 0x1, r15}, {0x8, 0x0, r16}, {0x8, 0x1, r17}, {0x8, 0x3, r18}, {0x8, 0x1, r19}, {0x8, 0x0, r20}], {0x10, 0x5}, {0x20, 0xc30985ab8b378e28}}, 0xb4, 0x1) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) setsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000000)=0xcf5, 0x4) 12:27:52 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r2, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x10000) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:52 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/status\x00', 0x0, 0x0) getsockopt$EBT_SO_GET_INFO(r0, 0x0, 0x80, &(0x7f0000000140)={'filter\x00'}, &(0x7f00000000c0)=0x78) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) write$binfmt_elf32(r1, &(0x7f00000004c0)={{0x7f, 0x45, 0x4c, 0x46, 0x8, 0x2, 0xfffffffffffffff7, 0x7fffffff, 0x20000000000000, 0x2, 0x0, 0x0, 0x2f8, 0x38, 0x294, 0x9, 0x3, 0x20, 0x2, 0x7ff, 0x1, 0x1}, [{0x3, 0xffff, 0x8ad6, 0x8, 0x1f, 0x9, 0xfffffffffffffff8, 0x5}], "bec12af9c9ab0250cf90485b4fa92e78360c2e5208c76caef024b47e5b35db869c248206a20cabaf0ff0bf0df18d2531cbba52c8ada0e1f8b47636092bd81dadd352d5da5e125899a1c79990a42c15554b3d9c0fad9fe57e88e765178877ae6e490f449f1dc48b50c1a8f111c9852d31b283d39897d2b756360d92f9e46c8619826e524c0461d137c198947f5a6ad5abd4ad915141b0e759373817f126a685", [[], [], [], [], [], [], [], [], []]}, 0x9f7) fchdir(r1) r2 = open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) ioctl$VIDIOC_QBUF(r2, 0xc058560f, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x1000, {0x77359400}, {0x5, 0x1, 0x9ca9, 0x7, 0x3, 0x2, "29c7ef9c"}, 0x1, 0x3, @offset=0x1, 0x4}) 12:27:54 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) setxattr(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)=@random={'btrfs.', '\x00'}, &(0x7f0000000480)='tls\x00', 0x4, 0x2) ioctl$KVM_GET_FPU(r1, 0x81a0ae8c, &(0x7f00000002c0)) connect$inet6(r3, &(0x7f0000000140), 0x1c) ioctl$VIDIOC_G_EDID(r2, 0xc0285628, &(0x7f0000000080)={0x0, 0x0, 0x4, [], &(0x7f0000000000)=0x355f}) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) syz_open_dev$mouse(&(0x7f0000000180)='/dev/input/mouse#\x00', 0x10000, 0x200000) write$binfmt_aout(r1, 0x0, 0x3e3) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:54 executing program 2: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000240)=[{&(0x7f00000014c0)="1a2c9e6d3e013e65a7b0a0e94ba35cbf3eb911d81d7d97d4663831db31107f1c831a4b6518e51013318a84a0e22ac5b8f2ffee6162608ee499d5cb403ce660ec8268091de65173bbdc7f7384c501baefc8d307692484a998f844f7b193b8f618da4fbdc90cc3975da30eeb0a97e070ec7f870e8c287dea4e54b5bbc10802c65ae76a3fbb953557c321f40a2f83b77847de1c1e5f2e8a", 0x1a0, 0x6}, {&(0x7f00000003c0)="20aa04250c716f9163f4d84455b8522a1291513cff22f48ee1625f4b985c3a2775294f218a06f724840b4a2b1a730ac2d2e71e6501d1e9ec3973e01005185e42d9020d0af2b9e639cfbf00c9a850452e7e1445526946f50e33b39acbbc7bb54f646702128bc11341367fefa0995c36e64e272f0e513ed82dde4c62087c6d73f2251718ab0013b7301e5631025abb2374826b97d62d732f6cd0dea4296d9fe3d2e5", 0x0, 0x7}, {&(0x7f00000004c0)="0b24f3904dc9b7cc4f176d76c16fc9b04775987133ae378830addde7e3eb1fbdda0fbdcd501ae37d840d36c1f9dcec2af612e394ed80b5836d9cd61c696b8f41a6027c578d79c5c72e59ba0ed57cfa916894ba0a2743dfd9bf33db54312a8615612178256d91b397ac0583bb65f165bb225defa642685716c7872e8374850fab7cee05d324774c5639da3dac28cac122f0f8fd901ce29df570fca88dd23170141994dc5ac9c48d97ed3a3443a96e1a4fd296d988cbd9d47488ac45cbd874c941cd0c4ed0e2012297ad5d1436e1cf198f71ab25f3dee3b0f93a168c79eabe91ebbc12abf7a22033a31032f293723e664ff5a668b24a1ee13d242ad0bf59c2e842ea4db8cfb0985ce3d1305c1a9ff6bfb00c7ca67f5018f0d3fd616c8cc357cb338386c9e7dbda7361bad272b40a6f137b59f1d7ac69a51bb35b1684b8a12302416bfa9090e1af760b0e1eb138d16380cf846c297674763ecdc7dc05cd33c0b5ce6a33d313e2a91fe259f1b02a09b2f3f34e9d48f324f2516d051e847680be8780e8c0cb2ea780cefec768717a27d1444d658ec62350bb4cb28f6ab56ebca8e6443d3c5e15762cf6cf80f59d8ab897e9631407f53fba58a9266db87b712a0a5b9db8dbb3bfda3f95b0f4fb310acd93639115d57573548c9a1bdca50ea7efd7e8f4de2e7532b6754153082520245a5baa1073ca9fd3748c6e8859cbf4fb9639994eba3562fde7a2e202322e5a5377d10ac75f09ace659b17301a1d104993a4afae5bc7eec38e245f03528b5b4969e54a90833a57b57c93e39bffa160c992933be340660e9fb3175ef47cdce20468b894267423de37cc9548f869f88466af80f428bf477fc76402b438de53453c73cfc71fd4403a406c21a324f9037d89315296fcd030c6b990e0770d67b3cdf7d536ce87e92cc55b9ae5d043c9a9d84dae5b613ea50e2e6549c16837a0c4a798bebb6394ed9f74685595506b5025b49ceb43ead4b858d2c62d06def552cf074e0628fc57dfba881f52831555d38227fa68fdc3fe0801ba899eaa1e3d3f519513772b1fad9ecdbbf9114546ab250b0b3f256ca6fc3a54f25689802245cc28e0e9d69b0886be494be2dd7bb176aaf77fa33c84013d7d3aeda8fe87c48205eb608e56854d96c91e272ca1b923e2a4bb52e9f543040651ade9c1d77fce149f1ecaa7ed89083b4db6e12341913b214729e8e790874cb2db4fb0c9414263861b7fca2e561b8bf4e089af74c8e30ff40ef52c0161f082ff4840dea80e0367cec2102ece20228a5c9bfdab9d53f2abbccecfff481a155ae5378225c36692468125a4cd5563e6686975779585acadae44a571117ad4ba185a481ac0b292e783860a6b3865380a832fce8ce80515522dbf574b166f49eea0fae3dc6d62976f62f1dc5a99da677d429a46e473ef9553753723eab880edf58f537154af135bd0a23eba7ed3a6b8a3f2e84cb9a8fdfc1412891153dff39a7c54e41479753986d6c6c0b66e081c7c72bd229ac49212e1b829725c66d5ef8bd5048b89b0614293f5de646506bda88faff41b330b9b111aae6853b15e6e841b872de3de93d6cf9d6fb16e442cdf2054b133b2b3661e166458827da33bc95dd2f5b9d7ccdf4d3d9917f6528f5a3e85f6ac810629aff65b3be1af576032e9c1516c15dab29a9d5ea4a2f71899a0d46800ae3bdf0915c9f268bf8ab089aa1b7cd6580f27b0f53f098860d68c97fabd954a9bc9ec9a725b3cd4360c8c8977f469c7cf075350954678f59c6f85731542fba618668a27b938085867b32caba4983835d8bbf7986549bdb0fd8b15fbcb83674c518a6cf2f5bcf4b8bc4c02647f0bbefa9388bb311f8fd5f4db1975582891e62c86d4249e9c98d7cc9c2c9a42ee58611a3060b524455e30ccffe568d3f18a4d0a9b72935945a97297daa0f36f7035e30536ac2e60255224913cf4247c9248352f240dec3d1a86b43b5ed66c55c3c01ba455fea0fd910f0c9e38ea986903ba1fd3209c82f5e3fbeee6cd0a9b0de24423d90aa2e2b40371dddb0a064e763adad75a69975381a3bddeffefc43e42729864ff4d61171eb9ef0b44cc35962043d86188624cefa1506a07fc8864d571c40c1f85dd9b122d791a59304bf4de9cb836148c521b9350fc229a6b91492e45626d5d10f0fdae1c4d7cae9aaef8d8d1690a0c1e9e32216f3dfaf66b6f4230971d36581154abc277b3a85fec3c32467d9cd443c98dc3474819249538129a60b06e97ebc4cd81c800fc0f20472f9e08e4dcb8cfee5cdaa7a99834e394323709438c72683289fef3f7f85905534a195b723326ee97082ee8e819135e48b3c615885c95d2b174081255b2540d8af22f8cca6dd04c8e517899758fb3f0b4c7ab36ff4ee345f4e7bc163357368fd4c5317f91cb8ac3c3cd15e5fe5f248c7c335db79cd4bef65e785d75f758735b3eb14e186b1192ed262300147d2cd04363c749d8c1e991ab67424a19ceee9e032fe2eae43fb04a02cc06e3c4b223d4464aef93650186799780a22cde3dee5ad73d62a9d2df29ca6e0b4ccff6c3e64fd55e255f7282ece5e0541dc5e316ae47836741fbea3b44b280e3eb313634d2e08c85f8c8bbbe62069c02d0d113ec8e921a3197a80d75f35a3df43b57a97139045797fa4c39ad8d14ee989a44731cf345e5d12f5832d4c6f3bec9ccf6e1e9b4fd11c19f4c8dca8df211822fc3600867ef182952292e3e2a32b269959896beee8a1099b79c726b22defa7cef169cdec3b080f0aa208f28899bedd1778b055becc9de6a75c890efd7be900a7ffb861b4073c5c96067da59e519de1a5c548a907e1cbeba151da3dc3b2d374324c3fdb58c397e8c4e5fa2dc8c0974dc03c5300dbadd84d02a7de8d673d4230d7ef997d823f1af50412e09afec5dc4012805ae81fbbd4ab70190fc55679ec9bb7c63eeb0a2f184a193bb8fc65b5e7e42a10d774380a6341bcc276dae3764385e8efd5ebf4f3c20c88ac75573f48692fe2e7432100f190dab8ab5ed6fd3506b3ee1e963f6ede79f0680d32da2b789238ccacbb3b107f9a155235fff500b2f1503658f6ea59204e95df3d5ba1aaec1cb9f45770b792d0d273ab3c2e98cc606078ffb5da992be1ed14027b0814f23e2bd475796c03513a754c337b3740baaf1de77d06b730db4e21d1883d13ad406c655a83958d3af3eaecc799f85f026efc7cb52127eaa3cf47ba7b0e991d801bc77bb98bbbe498d698cfe3627855ef1bfd20e6c881a0887444aa24a01aa1fa46147a7e02354e7f6fcb06de2adf8caee6ed2ac4c5e9dfd070556fbfc0529fc0de844b4eccb90d11b90f6555beb6c8d796806c5b08ccacc65d183c616f6b0572df83a204f3243af72839577106bffc8ebed9c07351b0ca2106ae64660556d85173a416bb80ee8ad4a36c335b46603560a9897ed4142bde251f89b50f3410d8b44029c12f044abc441961e9ad216bf942c114ad49c7069539a0b373ebed2c138ece703fa42d7a4cee29715a6db8c616e0e64027b579bcab3b37b0988742b7a883b0f69bb9b6eb245380ac6a3bc6501abb8d62848756b99514b9e56c81ea2bdb41a69922150eaa92d98c705155f4d5c0cfad0b6f49abf589d0d4dfa7d9866a6ade88dada375f79d75e55112a52802a289e752f15217ebb960386ab289de5a8842bff84ced0890d93e7b23b4010119a8f6273b2f97d9b0c9466d451f7293ab8e491982ecd2c985ccc887335663f084df86caf21b479f38da1bd37422e5b84e75afa539b19d2f3ac99e9ddda5ad580141b2eca5f40cd81beda9503bcb64c97fe5c9a15906ea9e5ec9f162f82ca72d1abeabc2a84aea91fda35b138dc6e725997c2398a2a438f300b27962a318e2b964c0311c3d5232ec2c4babbcca261c27aeba141597879f46134f7bcbbd2c5eabc41aca936a147d112add67d73ce424a7822f2c4a8a91c78dec67028e48b5818bd18c4a8a1071122cbe943bebb798554d1fce9b30ed9dfe4c318f8da0a492bdb54bdab248da5c1573d17a9b2ad77e3b29094d7690adb8998b70bf58aed7272c19544aaf2277b39eff874b0622e6cb64eaa2f1bab2aee6c85387fa46bfea3345aa190a7008eb81596ad38e540cc1d5a0659aa483e812a9fb6ae410c11883e21593b109540e87e5fdfbcd27d093e4c9a1b271fd5fab315ae0c878fd094a4691174035fd6f31a81eb777691b2fd2f6ce339ddd61dc93fcc88a1cd5ad25dea8f4d7432562581124b9e9540fa2d2d448f9793816f9d76b6d991a31c4d995d2800fea823af4b4acbd84d8e1f3f59164570e1f9fa95f5edd2f7d14b1bcef1efdf5d7c63b67164b3d955f2e47f73ff11db58764545d1a69319e1ab3f9c18d76d3016e63d1be8ddcff4358e59a16e54308aa3d06d92fd415b1b285f7743626a2a5f18b2aa03aa5064cc8f62df514d20ae6f5af45ded7186518c4a91489a8b4e3cd380c1aa236bffc9b69937177ac14f784aa57dbbc50c6e30da69ef740f84973a52f770db308249be6e964c1d71454592bcb0db0601bf3c94c5b64fe9ec4fb92f447f5dacb5b78248acac9349181cf5a5e59c924c2de8f16e21e8ad84d3421a253395abec87d643cdeaf3457b2e6f17099f19ebd15b8c51781d2c1e9142d9e40a089f6417a89d9d67d6f6a71362f7e39d1adf4d95a7804a61da3982327abf5688980fe2b2a4e5511f7180a0f025517f29cb4dcfd5fa78aaefde1de523efa60a2a436a840d9248e369683c0f6e0356d4a40f92d96028bc2937486d29ef8d982a0f03508d8cae3fa677fd62fa712419e0ddf8a1622bccf56ff90ee80841a6c2750439c772b275b11a27589e6c5d31de4a09b658d593a70d1e0da2967efa30739c5ac27680d2787131fcd59cc12d8bb93744b235aa006f08eb5499f72e032967cf32052f72714bacb26310fea6475d9db1e89cface08dbd162ac361931ccc8bd87f34919f634dcd5e87f26377e5bbdb882e7438d9c0496d014c4f78aaaf4bd3a809f47c17226e2f0cd39f77c0bda64bfe32357a3ba8b377d97517d84032fa2338b88062b5450f57d7365e3c6b0f8c42cbd85f57c48bf89c2af90ecfa226e4af8ae6ab919c1012c20fabd3a7db2261e1cd44eb9dafe057c2fbf9943fae02cbc9cb4fca40d3afc107406f50f95fb492fe7af6f7fe4498822a42d796ecead16401608bf3b7505199d31a9484e01cc87b4a6d4515cb00db7831b45330904de0975094b7a1f9c96f07b84dd124230ef1f6984a327fd92e313cfbacd4c253413048ff5e3975c64dfadabc06db7e3fcd7805149163e8cfa8c5fe3d1fd3fada24741d3acda85695ea5f273da9a19466e31ac8e1736d299c6d5bc414b05c3e916ab8de054f3d4deb368cc87df8e825a44a81c3902cd3c5023c773e51e8592ef4666f82a1eef28a3b54f7042bac644fe11cd1b4b98d8702499778238e6eb954d914a843ade51f01ba068d095cc8f9a84317651dd61014e83a4ea1d8d7d9817ea580ef4000227ddee1ef2a6a31a979590eb0d43239f39cedcf1a3e17c5ad5e02e92c775098570487e6197ee6e73c49ef90fbed367bf3fd40c0a4a0091482088653424bc2dbed017bbe1bd9f006685ae701972e16049ad5b0cf9fdbfada5bb26806c207db89393a6778a1f92527631caae1fa6381e6fd3dc39bf90aca21ab97ba0eb3d7e42c74e5006ffac0211fef956dd1aff791f1db690dd3ff14c0091e73cb0c469611f2b72f8481a994d2d7247db5faa4336461898a50a89b4d8d57233287a8848d1830935d36cc295132098819590968dc496dc078c", 0x0, 0x2b}, {&(0x7f0000000340)="30dd96d9d38c228a1bcd5457216612cccbec073cbdc5957db8a5fea0aa9087242e25348c5d01490ff6cacc0e5ab68f94f53373b4e3267f80a8aa29243a6b141a931bb076af273ffa3042985ef0c0b8a6df8b8ca2c60b65c4c72121b01d", 0x0, 0xfffffffffffffffa}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:27:54 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:54 executing program 0: 12:27:54 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x0, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:54 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f0000000080), &(0x7f00000002c0)=0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x400, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:54 executing program 0: [ 842.220229] FAT-fs (loop2): invalid media value (0xbf) 12:27:54 executing program 0: 12:27:54 executing program 0: [ 842.244435] FAT-fs (loop2): Can't find a valid FAT filesystem 12:27:54 executing program 4: r0 = getpid() write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000340)=ANY=[], 0xff0e) close(0xffffffffffffffff) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r1, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) write$binfmt_aout(r1, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:54 executing program 0: [ 842.313768] FAT-fs (loop2): invalid media value (0xbf) [ 842.325309] FAT-fs (loop2): Can't find a valid FAT filesystem 12:27:54 executing program 0: 12:27:54 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000040)='./file0\x00', 0xe008, 0x1, &(0x7f0000000480)=[{&(0x7f0000000000)="eb3c9070fff8", 0x6}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x2000, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:27:54 executing program 0: [ 842.509258] FAT-fs (loop2): bogus number of reserved sectors [ 842.519614] FAT-fs (loop2): Can't find a valid FAT filesystem [ 842.567767] FAT-fs (loop2): bogus number of reserved sectors [ 842.574352] FAT-fs (loop2): Can't find a valid FAT filesystem 12:27:54 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x1) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:54 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:55 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, 0x0, 0x0) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:55 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x1000001f4) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:55 executing program 0: 12:27:55 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x0, &(0x7f0000000040), 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:27:55 executing program 4: r0 = getpid() r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x400, 0x0) ioctl$IOC_PR_RELEASE(r1, 0x401070ca, &(0x7f0000000080)={0x100, 0x2}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r3, &(0x7f0000000340)=ANY=[], 0xff0e) close(r3) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r4, &(0x7f0000000140), 0x1c) socket$nl_route(0x10, 0x3, 0x0) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r2, 0x0, r3, 0x0, 0x100000000, 0x0) write$binfmt_aout(r4, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:55 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) ioctl$BLKRAGET(r1, 0x1263, &(0x7f0000000180)) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) write$rfkill(r1, &(0x7f0000000080)={0x6, 0x5, 0x2, 0x1}, 0x8) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:55 executing program 0: 12:27:55 executing program 0: [ 843.078978] FAT-fs (loop2): bogus number of reserved sectors [ 843.113507] FAT-fs (loop2): Can't find a valid FAT filesystem 12:27:55 executing program 0: 12:27:55 executing program 0: 12:27:55 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0) [ 843.182303] FAT-fs (loop2): bogus number of reserved sectors [ 843.191884] FAT-fs (loop2): Can't find a valid FAT filesystem 12:27:55 executing program 0: 12:27:55 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, 0x0, 0x0) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:56 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000000)={0xc2d5, 0x8000, 0x6, 0xdc, 0x0}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f00000002c0)=@assoc_value={r4, 0x6}, &(0x7f0000000300)=0x8) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:56 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) shmget$private(0x0, 0x1000, 0x100, &(0x7f0000fff000/0x1000)=nil) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:56 executing program 2: ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000000)={0x0, 0x80000, 0xffffffffffffffff}) fsetxattr$trusted_overlay_origin(r0, &(0x7f0000000040)='trusted.overlay.origin\x00', &(0x7f0000000080)='y\x00', 0x2, 0x1) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:27:56 executing program 0: 12:27:56 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) splice(r2, &(0x7f0000000080)=0x3, r2, &(0x7f0000000180), 0x2, 0xa) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:56 executing program 0: 12:27:56 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000000)={{{@in=@initdev, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in=@multicast2}}, &(0x7f0000000140)=0xe8) fstat(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000340)={{{@in6=@loopback, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@ipv4={[], [], @loopback}}}, &(0x7f0000000240)=0xe8) write$P9_RSTATu(r0, &(0x7f00000004c0)={0x6c, 0x7d, 0x1, {{0x0, 0x52, 0x4, 0x2d, {0x10, 0x1, 0x3}, 0x10800000, 0x9, 0x1c0d, 0x1, 0x10, '*vboxnet0trusted', 0x5, 'vfat\x00', 0x5, 'vfat\x00', 0x5, 'vfat\x00'}, 0x5, 'vfat\x00', r1, r2, r3}}, 0x6c) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:27:56 executing program 0: 12:27:56 executing program 0: 12:27:56 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x107) ioctl$BLKTRACESTOP(r0, 0x1275, 0x0) ioctl$SIOCRSACCEPT(r0, 0x89e3) fchdir(r0) r1 = open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000000000), &(0x7f0000000080)=0x4) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0xd, 0x11, r1, 0x0) 12:27:56 executing program 0: [ 844.258976] audit: type=1400 audit(1567427276.375:164): avc: denied { map } for pid=22777 comm="syz-executor.2" path="/root/syzkaller-testdir449530266/syzkaller.Y6D8DH/618/file0/bus" dev="loop2" ino=78 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dosfs_t:s0 tclass=file permissive=1 12:27:56 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, 0x0, 0x0) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:56 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x25) 12:27:56 executing program 4: r0 = getpid() openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/checkreqprot\x00', 0x101000, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:27:56 executing program 0: 12:27:56 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:27:56 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(r1, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r3, 0x4, 0x2400) sendto$inet6(r2, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x20000000000002, @mcast1, 0x8}, 0x1c) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000001680)={{{@in=@remote, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}}}, &(0x7f0000001780)=0xe8) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'hwsim0\x00', r4}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x0, 0x0, 0x0) sendmmsg(r3, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:56 executing program 0: 12:27:57 executing program 0: 12:27:57 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x19e}], 0x0, 0x0) r0 = syz_open_dev$vbi(&(0x7f00000001c0)='/dev/vbi#\x00', 0x0, 0x2) r1 = openat$usbmon(0xffffffffffffff9c, &(0x7f0000000240)='/dev/usbmon0\x00', 0x80000, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000001540)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000001500)={0xffffffffffffffff}, 0x2, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r0, &(0x7f0000001580)={0x4, 0x8, 0xfa00, {r2, 0x1}}, 0x10) dup2(r1, 0xffffffffffffffff) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000000)={{{@in=@broadcast, @in=@broadcast}}, {{@in=@dev}, 0x0, @in=@loopback}}, &(0x7f0000000140)=0xe8) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000440)=0xc) ptrace$peek(0x1, r3, &(0x7f00000014c0)) r4 = add_key(&(0x7f0000000280)='rxrpc\x00', &(0x7f0000000340)={'syz', 0x3}, &(0x7f0000000380)="73f78276986dadf261fc1b98038231e9c4396691ac58c0a04cdd8103688bf68b0debf5ffcfd95ec9c39cfaf4720f57278bc77526dc5a3a387653f6627915ea6177ac1989a9e1ce716eabd36215fc2fb1df48e6436716860f54a8d6c0e98f921a6decb500415448b8a93edbca95e8df87655d579cc9297bfb7dacba68b02efc00367ccfa7209d615513c42ff59b09", 0x8e, 0xfffffffffffffffa) keyctl$read(0xb, r4, &(0x7f00000004c0)=""/4096, 0x1000) r5 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r5) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) setsockopt$l2tp_PPPOL2TP_SO_LNSMODE(r5, 0x111, 0x4, 0x0, 0x4) 12:27:57 executing program 0: 12:27:57 executing program 0: 12:27:57 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(r0, 0x116, 0x7f, 0x0, 0xfffffffffffffca4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:27:57 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0), 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:00 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0xa, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) preadv(r1, &(0x7f0000000000)=[{&(0x7f00000002c0)=""/159, 0x9f}, {&(0x7f0000000380)=""/163, 0xa3}], 0x2, 0x0) tkill(r0, 0x1000000000013) 12:28:00 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/user\x00', 0x2, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) ioctl$KDGKBMETA(r2, 0x4b62, &(0x7f0000000000)) ioctl$VT_WAITACTIVE(r1, 0x5607) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) socket$caif_seqpacket(0x25, 0x5, 0x5) mremap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil) 12:28:00 executing program 0: 12:28:00 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x80) fchdir(r0) chroot(&(0x7f0000000000)='./file1\x00') open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x6d87aec789d2da0f) 12:28:00 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r2, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, &(0x7f0000000080)={'bridge0\x00', {0x2, 0x4e24, @multicast2}}) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:28:00 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0), 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:00 executing program 0: 12:28:00 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) get_thread_area(&(0x7f0000000000)={0xffffffff, 0x0, 0x1000, 0x0, 0x1, 0x0, 0x5, 0x5, 0x0, 0x5}) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:00 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus/file0\x00', 0x0, 0x0) setsockopt$inet6_tcp_buf(r0, 0x6, 0xd, &(0x7f0000000000)="36a26f2675b644920ab255b3e9ff1a3b8f", 0x11) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:28:00 executing program 0: 12:28:00 executing program 0: 12:28:00 executing program 0: 12:28:00 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) tkill(r0, 0xb) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) connect$vsock_dgram(r3, &(0x7f0000000000)={0x28, 0x0, 0x0, @reserved}, 0x10) 12:28:00 executing program 2: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x40000, 0x0) ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r0, 0x110, 0x4, &(0x7f0000000180), 0x4) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r1, 0x84, 0x1b, &(0x7f00000004c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="00100000fb69f3ae1bd5e798a60a4255f7dab8f60c05e4ec4fc168285d74074c9fce3cddb744384d9fc631ef79d2ea48a6b303cfd8be761bbd38dea548d2d0e78159d286369862fdb75f8d83f0597fb0967872a52c18d23c5621c4a4d75c7185cae3a878160f9e0b2c39104326ad33ab106fe7e9cb17b0b26734fa950b6d3f39de8d228d66f2b3b261d150f574af2f9683e35f7c1373c20b643c4df4ca90e4bfcc59784be49797cc31611ea054268f938e2732965f9b2f5a9bd5bfb617f3161310d9b94e07c5ebb7ced4862ec066bbc36cb1dc15a097a6db2b3b3d5f972a8a6c86a190934a4e07cb082df8f1adf277da223f9728cded9bc92478a39b5e6cf3ec28a627419365b30495cda330c22b863a3d60662314f29c8fea4756437a6d5752268b983ff2484c02d5d0bcd03335f1dc31e8aac96c4479a2e87fda2e549d8031853a682c2f5b3f4538335b51033a90157e5909020640829a19b4a1481f4f1bb9b07013c72c4f2433a98d3b1404f4508126ede72e7d762041b00342477b7e4980e3894bc0d57d401cf9defdfc86c092f762d930a7f68094048003253b8c1579cc37141dbc04e206350695202b79e91d019da97d4d09677f033e8f2b4fcfadcb9bcdc811e4923b879d299c323de4bb2f91359bb10c0fdd8522dcc2741fea6a3e7e96b6cb12ec8172044e9ec32a62fe06924b99b3c636ba747d824dc003a403a561da3c7a27c9be0a5552da7105dee75ca1151c0c1d7d0760589b7130bb35afbdd4dce6759667d280e78c865548ac7e97101e807055996590d8afe9fdabdf8260a5656dc198965b0a2782e7e352af316dffcdff58a703d9b6d47216ff245f288d7f04f55472f5b45c5881b15bac8a7546f572a77c18ac199fe69bd2eab01c51931fbd03a42c66cb16e772a07c1532c324fc84b2610a37f03a78fb9e26d0cd6e42ebcae810c909f338f39103f37eba3dabf23fdd41368f413827f9aa6c7d9dffb400aa15c08deb1493b81381b5d9837bbe3a82b794299544a3bb98bfa89f7d1d9abdb4c301a3bfc23e5673d236234f80ed22dd13c93ed5f7e6ae524268540f22ca600b977d4a5e03ebd69c23a1e6933892cd93709b1557245adf1408f2651bf1f7365b6323d10935d534dfca329677f91c6fb0f2870d3c43fdbc25eb1e80d31904f2b2ae14baa4a0319806a8dbab9e565c82e4fd958f8532242ea0268342bea21d96a5f540eb0db7dd4ba21646c250e562cbdf6b1969659244469fd7f4d619e2c76c800be66f61f81c75b757a21de50d2dc40767cd1171e06dff664dced1b2b2f5aa37eddf916d773673ab57f02a0a4d84c044d3ea17098c8d51a8324b13cdd5f75b6252a46d86b475e2b435bf7171ed80daed92443e030c5644bc55c83057cdfca1c3ce7869a6d5619c9a96bc2f600f14fc97e56af72454c6be59980dc338c94d2537fbcfce20db2cec43726ee23d2d23670a89e586b1dd062a65c77371945ed36095a5552e51dec1837c4746d6214b832dd10c7032ae8e58b2f753ea1c00b677b2257b05738eae484b5ae916807fdaac508c65754b74181eb4e5c6ab80ae44b736bf5e255f4d8f877709122b61291b4433b2b113bef36d0f79bdd2d17c710eb93fb15401813ce67ad0cdf520a154b1f3e6edf1607fd4f1d1cb5fb403829f46b29332c9ff636c7c08f0e64aa07d0320b1c3a98f94e36a1b4ba889ab7c4f5298cc89b69946e0cc65e40e0203ded68814ca6903de6b5187259a10b49fe5dbc2040c3ede92beab091af3c9e4386bfbf47bca805425d8af5ae04e5c3bc166899ea3fbdfe4a8ae74ea5c4757c14d17c801e3bb8c0278315f1059022697b0f00be2f22dcd7dcb16d19b459619ab1ba0f6ed5399561729ceea73f49a5a4225e7c3f3bb0937f1d2b030f5ece4cc842d76399ceed854c5efbada6b745d9a8ec33d25a2493bb7e809afd34e60efbad787ac3fb840114aa65a747c83a76f9b7ffb7846532151a096d6821cf4c8a2ee43ef6949758e7d6a3138623ec539a2a0bcec76f3ba58a3a59402ac0520068ad7743b5fa2d8fcc99790c858859591aba8166a8c5e2020b656b9ea7ba29a4867edbed06ecc34b563acf5d003ab7310ac84e6f7d9f8b950804b74e94dcc49a39b516857bdcbe9efc914a6aca3308b76195a17b20a1dade926016d34b63d269054fab32beb71d6226440b3cfbfb70077aeef8a0d61e59ef83f1edea7e6b713853bb75b562161f963cc1b5fc2091addf189526f744bf8c3e9f45d24909274c0d49134f0ff5447d308b8a01c5ccad484bbab3e6592f1af03e913104f95bedab59861a00dfda67b52c6b14540cd9061b1558a54814af9409e8ba0a6f0fb89c55a452bece3c6d29992d64f22ac060931aa4c7b99422e0c69ffec41a3e636acf0ec0d85fd89d26df5cd67a8300a094d201e3eba709d20bb0ee6903288f5b527a6141d08b4bb41ccb67964536908cca86f10aac224c0904ce0daeef41401f7523f91ede17a7a06982ea9ac366e3dd56822be1b6ffa066cd95d119c82fcdea61010ac936700a5b7300d3d5fadcf91021821597239dda52f7a3e09a3ac1bd9f9b08b1de486b0f369e4e9f9696242fd49f86ddcad96f0574032e46606a1abae1e6d1334d1bb6e8bda6f3f748d6a4982fd40ed550e30ccf55788f2ebcee79c49cad0b431cb136d8b7c5af393bf75168881f5ce34b8bef851fd08886d80932f11569e2ca7476f36702241e69337e2b8d0bee6fcbaf59f6e11ca89c5559b0e40f55d36fe1d8e19ffc7b867a858d8410793a011176549a713c1c7f8103e081e903abadd9c810df892f8495f734ef8dbd9e26932ab4e84b988b033881fd7cb04ea3f8ae89d38b399061429d9c26e5859264d63351778348d9d66f0fa53864d51cb70e9db892949f2e335660eb259da3313c5372ba6a1573c7d6b3115502ef3b666ba0da5b36ac060f7ae13fcaff36d4fa1ebdda5239cca696da7cd619d3a79b5d72c4b16421078fffe47140c1cd3301b4857514ef88a4e2cd22095f81c299a8fd87e393b677daa08e4f8e0c85f154f0e9b6c0982d02cdfbb9e7aec61f8ecd2dd54bd6e380854706f194e735e02eb3a9cf3f11b707c1e309adfaabb1b05d0889407496233a6d04c29906d66125ccd0d3c2b9cbf31babac8cc7e91b9676b926be9919c517ac6b0c6eab51167424ad6f04e5f5eca1b8ef10c627addf18afeffef9ecbd46c2f8df07a719c4e82cc1af627edb1f149bb93eab34cdb342093d9afaffb3f5df9542224fe31176fd3e6c7ba2f7d5cd5bd0af9c8e3b98f03f074f5428c6229c9eddd40c3aa0cf7bf37e88fb5825cbe33627cb55d2ce52188fbf3d79ee88250993e1c37107d44e47440fb0b4971e8f2ad956dd45d8072056b21721db8562cf9ee6761fa8cf14fd18950a2357cd76a21db965a94d9b687ae13731fd202c26be8951c959fb5b390ae075ed65a614e15da9eb5dc15b6ea60c75a8157c4088de54a115e2ea54ed99e25b919fb8f923ad21704894f89b401181fe7f659fd2bb5aa85f56d746386cd3658faecadfa2a088171139220af7f6ebf3cb21aefb0cb6a1f5fb6fdf7c2d66042d29d1ed81e36e1a86e89ba68ea828fe98366d84822b60467e30e2747d92203b314949cc9ecb2f1b68edf6e11ba6bcc12f2de67e325d0d9c0b716b35a8b06c176b2d96364c3ed1d654593fb982cc57c33bc2a4756bf5ab96c9c491bffb468f732f94b62bd622ff70fcfb4ce55956b9e1aaad46e9382589b3d58db881e961e5063a86b79d4cbf8ec69f2301a0d0352c86eba039fa1d128323d242e8049c5543aae35c11022123f526457c53a3f31691e20387b69fc11d416254125b4f8ec8db5e9a8db669d2bf423d53c9b6057b8f47aabbfbab1362429221351503ff1cd33bde61000af556f4d3951178e783da042416bb0455ce499cd075d3fe04b9a741fef880daf111cdbeb685d117a277915f3703fec8db823a9a7cae9f1d1bd603936ac1f57e978351630f22f04a240e201a2ee8144cefc075b579b8253e05a35c1805682235921b2ba151f381e8231414b98683c53a4646163b28ce939b1c38888a73618823ff7624de7486b5de504aee968b5d3671ade3b6c112a366cc908f17a939cb58a7eba364db1d6f71216e581e77ad7df6799df6f16575a1633df0e5ad1ad5ec02df2eb2e565385f07087ab35a7f1395b3630b5e7c1fbc1a3fd95e27150aeae02957877754682bc08d2d69388566d00ba54c94d845682211dc4a4fd5be4a9434b35105de7b2fc9343eee7abd4cb84ba6bf9831f825831b822e6332318f254d2ef730f1bb645e7e3e2fbf5bc61515f7fb6e28f07d62569d0b26f6fa9ccc7ee9295f9068948b6e47ae2ee7b2146153b4fcb064d437661ccdb77257117a369cfd8477c317bf73164d90d95e50009b42f3f92343d49d27e24357eee1b7af418acdb3bd9717d8297455bfb72f41aae0b1890b97f5b881a18514e2b7a852dded0ed1bc96703e3cbee5ec7b916dbdac25d47a58f94f262e00626728e0ec5707187a8f18ab9cafda25c34bca0a92e773a1f4de11bea7548ab880fc022398c875f9e9f2433a698ee1717b90a9157ccea78dcefc959d7030bf9cee2bf15e45af52aa6a6d0a826ce9d197c43ec134ddeb208adad18fe4fd4b12f10e539b8726e3170280532f02d0aa631c1ab950fe72173558111750a6bdd0b2c8b5c0d2508afeda9ee06482891492c33cb483e0d4ed0c761c0429a5150ab3cae71d8f7cb322e6cef79d32160cbb6a2b2c39a1df2069eafb8e6aa3b898cd81514c539c118ede1807528a4b84d42465925bde68246f915958fe789ecc7c99295262a622f4dcc305554e4b737e7a2f8909e4a0b8153ceba682f81bf6e6098640a3f228ae11b9970109b43b3c9c9e9b5a41cf5265f90113f07bc0af0e4442e1d2c6155e91df6526db700e25666635be2d89592d07b1d083e3b71c753728b4d85d45b2942f0765a60bd650c79a554d7923a59aba4d9d22bc9dcdca57e863842063db471d7591ff35b3983ae0b6d46f03a02078296d6aa3f1da4d96162616821e3f2682d834e93a4ca92c40430140a82e35252af4864e0fc9c384316efc19cf1dfce83b5ec6503b24b2bac0b048ecf61ae92efaa051ce5b2dd023773343e1be4ea38fbe47cbc04252ab6a20cb89aae98a88f5bfba81cbc0daa42d1d4a85a9bdc4a1c7e8e8e98f1b6a2e25d7e791ee6ce52db4b0aa4441dc8ee766b9034833e35e66ef16b2582a7c5e55ed1fe5907eb91135b3ba4fc9777009a79c5cb8346fe06328723402ba44dac8b331f69e52cbeb6aba0c4a6b1e490eb6d1bc218720fe5bee3fcf1e7e1fcf5a3351d0c5ee21dda09000000b9f0fb065235231aacb10839463a7240801d33e7979c3b648596093f033fa99ae92e78034e6b9659d08f2658bc39e68b1742b80f37c67d42788695080110fa09213714a6608f426fb3cd89ec0e8edc20346f5e493bf2c7dfeae797e76a8ff94ac6a100b3e2644bd8592302dda313dda3d5e3bd8e54e44e2a3da5256c258b1cfaa67a8ca425997f38b482c3068ba4d51bb709ce256bfb5331d71dd0ece4097de7c7cd9be6c17e04a29f18cb6f910b004c24026f774b35ddf03eb1944ef5d898328c88178945759d447b3ae393c3a627207565158558800fa26983d189445f584409c2719e63411b1ba855adf5514bd2ca26d5feb1c140c1007a505ab2dd4f8246fc6935cab00b659ecccd43b63e9871734d9a0b957662d166ce767af1efeb566867dfae45279f58455569db375c2fa0fe830724ca70056b7800"], &(0x7f00000000c0)=0x1008) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000140)={r2, 0x9}, 0xc) fchdir(r1) r3 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r3, 0x84, 0x7, &(0x7f0000000040)={0xa79a}, 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000240)={0x0, 0x70, 0x4, 0x2, 0x1ff, 0x3, 0x0, 0x3, 0x8800, 0x1, 0x1000, 0x7, 0x9, 0x7f, 0x100000001, 0x50, 0x5ce1, 0x10001, 0x5, 0xff, 0x85d, 0x0, 0x0, 0x5, 0xffffffff, 0x100, 0xab65, 0x8, 0xffffffff, 0x0, 0x401, 0x5, 0xfbc, 0xe12c, 0x0, 0x20, 0x9, 0x9, 0x0, 0xffff, 0x4, @perf_config_ext={0x100000000, 0x8}, 0x4000, 0x80000000, 0xd33, 0xd4ee06258d06fb5a, 0x40, 0x4, 0x1ff}) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:28:00 executing program 0: 12:28:00 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) getresgid(&(0x7f0000000180), &(0x7f0000000200)=0x0, &(0x7f0000000240)) getresuid(&(0x7f00000002c0), &(0x7f0000000300)=0x0, &(0x7f0000000340)) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x14, &(0x7f0000000380)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_loose='cache=loose'}, {@cache_loose='cache=loose'}, {@afid={'afid', 0x3d, 0x8}}, {@cache_none='cache=none'}, {@cache_loose='cache=loose'}, {@version_L='version=9p2000.L'}, {@dfltgid={'dfltgid', 0x3d, r4}}], [{@fowner_gt={'fowner>', r5}}, {@appraise='appraise'}]}}) tkill(r0, 0x1000000000013) 12:28:00 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000080)=0x1) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:28:00 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0), 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:00 executing program 0: 12:28:01 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000000)=0x92bde15db68faa6b, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:01 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000000)={0x0, 0xd153, 0x8, 0xff, 0xaea, 0x5}, &(0x7f0000000040)=0x14) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000080)={r2, 0x3}, &(0x7f00000000c0)=0x8) 12:28:01 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_SWAP_BOOT(r2, 0x6611) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f00000002c0)={{{@in6=@loopback, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in=@remote}}, &(0x7f0000000180)=0xe8) setsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000480)={r4, @empty, @empty}, 0x2ea) connect$inet6(r3, &(0x7f0000000140), 0x1c) ioctl$void(r3, 0xc0045878) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) fremovexattr(r3, &(0x7f0000000080)=@known='com.apple.FinderInfo\x00') splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) accept$unix(r1, &(0x7f00000003c0), &(0x7f0000000240)=0x6e) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) openat$cgroup_subtree(r2, &(0x7f0000000000)='cgroup.subtree_control\x00', 0x2, 0x0) fcntl$setown(r2, 0x8, r0) 12:28:01 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) sendmmsg$alg(r1, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) sendmsg(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000280)="a04e92b5ffbd53b4de2da6463c2183d0", 0x10}], 0x1}, 0x0) recvfrom(r1, &(0x7f0000000140)=""/163, 0x100000345, 0x0, 0x0, 0x0) 12:28:01 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$sock_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000080)) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:28:01 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000080)='./bus\x00', 0x141043, 0x100010002) 12:28:01 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x72, 0x82) write$binfmt_elf32(r0, &(0x7f00000004c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x58) 12:28:01 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x1, 0x82) write$binfmt_elf32(r0, &(0x7f00000004c0)=ANY=[@ANYBLOB="7f"], 0x1) 12:28:01 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) ioctl$VIDIOC_ENUMAUDIO(r3, 0xc0345641, &(0x7f0000000000)={0x6, "69e6be5057615479a43eb3373e4048c1b9dc56111a1f677f6fba6b0da18399a6", 0x3, 0x1}) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:01 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000000)=0x2) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:01 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:01 executing program 0: r0 = getpid() r1 = syz_open_dev$sndseq(&(0x7f00000004c0)='/dev/snd/seq\x00', 0x0, 0x0) read(r1, &(0x7f0000000480)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000080)={0x200000000bd}) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)=0x0) timer_settime(r2, 0x1, &(0x7f0000000500)={{0x77359400}}, 0x0) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r1, 0x40505330, &(0x7f0000000280)) ioctl$sock_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, &(0x7f0000000440)) r3 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMP(r3, 0x1, 0x1d, &(0x7f0000000040)=0xff, 0x4) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r1, 0x80045301, &(0x7f0000000340)) semget$private(0x0, 0x3, 0x80) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x20000, 0x4) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r1, 0xc08c5334, &(0x7f0000000540)={0x0, 0x1, 0x80000001, 'queue0\x00', 0x4}) tkill(r0, 0x1000000000013) 12:28:01 executing program 4: r0 = getpid() pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:01 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x188, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0xfffffffffffffebc}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:28:01 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0xffffffffefffffff) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) accept4$packet(r1, &(0x7f0000000080), &(0x7f0000000180)=0x14, 0x80800) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x40000) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0xfffffffffffffa6d) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:28:01 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:01 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:01 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) setsockopt$IPT_SO_SET_ADD_COUNTERS(r2, 0x0, 0x41, &(0x7f0000000200)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_udp_int(r2, 0x11, 0x67, &(0x7f0000000000), &(0x7f0000000080)=0x4) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:01 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:01 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000080)='./file0\x00', 0x8001, 0x13) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:28:02 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:02 executing program 3: r0 = getpid() r1 = accept4(0xffffffffffffffff, &(0x7f00000002c0)=@nfc, &(0x7f0000000000)=0x80, 0x80000) setsockopt$inet6_MRT6_DEL_MFC_PROXY(r1, 0x29, 0xd3, &(0x7f0000000340)={{0xa, 0x4e24, 0x8, @empty, 0x1000}, {0xa, 0x4e21, 0x1ff, @rand_addr="1319c7aeb18c5453a3ed0c54f49b1da4", 0x2}, 0x187f0b15, [0x20, 0xff0000000000, 0x81, 0x6, 0x3f, 0x3f, 0x0, 0x400]}, 0x5c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x4) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r3, &(0x7f0000000340)=ANY=[], 0xff0e) close(r3) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) open_by_handle_at(r1, &(0x7f00000003c0)={0xd9, 0x1, "9b6d694c38f39d5a2d7912ff63286c3761f44b2cf55971943c425d43d507293e9b1281d8664219e75750321995ba55e919af0be29f96be1fcb3ce0ed8290af34ea94397923c8c786c9fb0385a719c61cde331753cdd2a71e2183a557232063a4c909c6984a076f893b977279389650285ed9d61620da9fce674fead3ada671301600a873d8951ad9a89cf5287f5224dd531f202ac5c47f87fa75ba4699ee40c736caac0b37a1b851ac48d781b8d9838b1a4bddebbab5209f9a16b73c23a96fa89394b86cf6908972f66e816641386e2e38"}, 0x280000) connect$inet6(r4, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r2, 0x0, r3, 0x0, 0x100000000, 0x0) ioctl(r3, 0x28000000000000, &(0x7f00000004c0)="a09acf3fc7db58e463fad8b1d949f3379b19032e932d61b878a2c03f925b30b8aaa9a8beb0cfb4d94bfbe27fd59d3d4d0e197b") write$binfmt_aout(r4, 0x0, 0xffffffffffffff7b) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:02 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:02 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r1 = dup(r0) getsockopt$bt_BT_POWER(r1, 0x112, 0x9, 0x0, &(0x7f0000000040)) 12:28:02 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) sendto$inet6(r1, &(0x7f0000000000)="31461aa70665a4bf14f18a34ce863eb80e36", 0x12, 0x4, &(0x7f0000000080)={0xa, 0x4e20, 0x81, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0xffffffff}, 0x1c) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000680)='TIPCv2\x00') socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)={0x110, r4, 0x434, 0x70bd27, 0x25dfdbfc, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}, @TIPC_NLA_MEDIA={0xc, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_MEDIA={0xa0, 0x5, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x4c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x96}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xa50}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x81}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x101}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3ca}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffffffffffa}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}]}, @TIPC_NLA_LINK={0x44, 0x4, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}]}, @TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}]}]}, 0x110}, 0x1, 0x0, 0x0, 0x10}, 0x40000d1) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:02 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f0000000140)=0x80, 0x80000) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000180)={@loopback, @initdev, 0x0}, &(0x7f00000001c0)=0xc) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000340)={{{@in=@local, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in=@initdev}}, &(0x7f0000000240)=0xe8) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@multicast1, @in6=@empty, 0x4e22, 0x7, 0x4e22, 0x8, 0xa, 0xb0e798a54ba31c36, 0x20, 0x2f, r1, r2}, {0x200, 0x557, 0x2, 0xfffffffffffffff9, 0x2e8fb7b3, 0x27fc, 0x8b, 0xda5}, {0x8001, 0x2, 0x40}, 0x80, 0x6e6bba, 0x0, 0x1, 0x2}, {{@in6=@rand_addr="9d0e9bc3cbd22c0b7f8b117a1d8cfc08", 0x4d5, 0x3b}, 0x2, @in6=@loopback, 0x3506, 0xd788feb322f8f57b, 0x1, 0xffffffffffffffc0, 0xffff, 0x1, 0x90}}, 0xe8) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r3) getsockopt$inet_sctp6_SCTP_INITMSG(r3, 0x84, 0x2, &(0x7f0000000000), &(0x7f0000000040)=0x8) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:28:02 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:02 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) write$uinput_user_dev(r1, &(0x7f0000000480)={'syz0\x00', {0x2, 0x3, 0x6b, 0x7}, 0x9, [0x6, 0x1, 0x1, 0xffffffff, 0x2, 0x80e4, 0x9, 0x3, 0x700000, 0x7fff, 0x8, 0x5, 0x4, 0xfffffffffffeffff, 0xd331, 0x100000000000000, 0x4, 0x3, 0xfffffffffffffffe, 0x5, 0xac6, 0x2, 0x9, 0x20, 0x8, 0x200, 0x3, 0x200, 0x10001, 0x7ff, 0x8, 0x5, 0x8, 0x9, 0x4, 0xc766, 0x8000, 0x4, 0x40, 0x118, 0x7, 0x1, 0x2, 0x6, 0x100000000, 0xfe33, 0x8, 0x9, 0x5, 0x10000, 0x4, 0x15, 0x5, 0x9, 0x2, 0x1ff, 0x400000000000000, 0x0, 0x4, 0x7, 0x6, 0x2, 0x1, 0x1000], [0x7e, 0xf7, 0x5, 0x9, 0x1, 0x1f, 0xa5, 0x0, 0xfffffffffffffffa, 0x7f, 0x5, 0x3, 0x10001, 0x0, 0x9, 0x7, 0x2, 0x26f, 0x3fffc00000, 0x7fffffff, 0x401, 0x0, 0x5, 0x4, 0x4, 0x94c0000000000, 0x7, 0x84, 0x2, 0x41, 0x9, 0x5, 0x7, 0x1000, 0x9, 0x5, 0x100, 0x1, 0x800, 0x0, 0xc8a7, 0x0, 0x3ff, 0x80, 0x3c79, 0x4, 0x7fff, 0xb92e, 0x8, 0x7f, 0x7, 0xd69, 0x4, 0xffff, 0x8001, 0x0, 0x3f, 0x1f, 0x0, 0xda6c, 0xbda, 0x6, 0x27], [0xc2b, 0xffffffffffffffd7, 0x9, 0x2800000000, 0x9, 0xd06f, 0x80000000, 0x7f, 0x101, 0x80000001, 0x98, 0x0, 0x4, 0x7, 0x4, 0xc0000000, 0xff, 0x7fffffff, 0x101, 0x7, 0x39, 0x4, 0x1, 0x3ff, 0x1, 0x39d2, 0x2, 0x52, 0x20, 0x9, 0x2, 0xffffffff, 0xbb, 0x1, 0x10001, 0x1, 0xaaf9, 0x1d, 0x20, 0x1, 0x3, 0x6, 0xffffffffffffffff, 0x7ff, 0x6, 0x1ff, 0x1, 0x7, 0x100000000000, 0xffff, 0x200, 0x8000, 0xff, 0xfffffffffffffffc, 0xffffffffffffffc1, 0x7, 0xffffffff, 0x1ff, 0x2, 0x7, 0x7, 0x5, 0x6, 0x1000], [0x2, 0x4, 0x8, 0xffffffff, 0x6, 0x10001, 0x5, 0x2, 0x7fff, 0x6, 0x1, 0x4, 0x100000000, 0x6, 0x9, 0x6, 0x81, 0x6, 0x6, 0x81, 0x7, 0x3, 0xd2, 0x5861, 0x8, 0x3, 0x1, 0x4, 0x6, 0x2, 0xffff, 0x6, 0xfff, 0x7fffffff, 0x10001, 0x7fff, 0xfffffffffffffffe, 0x101, 0xff, 0x1, 0xfffffffffffffff9, 0x21, 0x9, 0x0, 0x8fe, 0x7, 0x442, 0x8, 0x5e, 0x3, 0x10000, 0x1f, 0xd2a2, 0x0, 0x5, 0xa6c, 0x7, 0x100000001, 0x9, 0x6, 0x8, 0x2, 0x800, 0xfffffffffffffffe]}, 0x45c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000000080)=r3) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:28:02 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0xffffffffffffff46) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) timer_create(0x6, &(0x7f0000000040)={0x0, 0x2e, 0x942ca2f26078d669, @thr={&(0x7f0000000580)="c727038885a6ed3128c3c155b3f48e195105ddc10cb3166a66021fe1d2690c837bef96290c09bb0d402a00034de913e7f6a3a6252ba13fe07e1d0650c16a14bf4933f8f3a61507b52d831ad6b6b908e9d207d9996674851a554baf15ef8825a6b10ce16ba0a06708629444a7d055986f2454def568a7cd8cce48dcfdd910bb604298eb5a2fd4f1ddf1049c45c031462d750892f4ff39d400eb9705e34e64562900beabca9942be305efdfef171500672dc2959df3997078d3b0a8c1b8c5c9509b9da44ece2f01e852ae913324b73947958f50928b272b897605c56ae5ff776", &(0x7f0000000680)="650026dcaecf4c987deca7b2e87e0301413c3a835e92851ab19dbbc7fafc5c466c08a2fb9b0d60ffdeac1e7e58bda4e293d1640d4bacccfad7812bdc4b459d2221d2accdd621914933ca8eb9eb58a1f45c70429c25c30adb18025f6556e8ee4f2aee14e6801a8d51336380330dc3847508ed06a3a7cf4381f61bf9ead0e34b620c7969d145513796194f68080e11e797cdddc4ec851bb919df62b8778b305d0a1aaf34e400a940ea82f6e6264a857277eea9009088d0b91483170d6141952ab85dec5ab10eb1f59579ed855a70afa120f811af10e1a14197e41d4396bc20b681c5ffd41f91cd"}}, &(0x7f0000000180)) readv(r1, &(0x7f0000000500)=[{&(0x7f0000000200)=""/79, 0x4f}, {&(0x7f00000002c0)=""/149, 0x95}, {&(0x7f0000000000)=""/62, 0x3e}, {&(0x7f0000000380)=""/191, 0xbf}, {&(0x7f0000000440)=""/181, 0xb5}], 0x5) 12:28:02 executing program 0: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0xffffffffefffffff) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) accept4$packet(r1, &(0x7f0000000080), &(0x7f0000000180)=0x14, 0x80800) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x40000) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0xfffffffffffffa6d) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:28:02 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) 12:28:02 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:02 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) prctl$PR_SET_THP_DISABLE(0x29, 0x1) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r1, 0x29, 0x1, &(0x7f0000000180), 0x4) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) pivot_root(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:05 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) write$UHID_CREATE2(r2, &(0x7f0000000440)={0xb, 'syz0\x00', 'syz1\x00', 'syz0\x00', 0x7, 0x6c42, 0x10000, 0xffff, 0x4, 0xfffffffffffff2c8, "1351b6e21e8ac0"}, 0x11f) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000080)=@sack_info={0x0, 0x2, 0x401}, &(0x7f00000003c0)=0xc) setsockopt$inet_sctp6_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000000400)=@assoc_id=r4, 0x4) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) perf_event_open(&(0x7f00000002c0)={0x0, 0x70, 0x6b9, 0x5, 0x9, 0xca2, 0x0, 0xffffffff, 0x20, 0x1, 0x5, 0x8000, 0x401, 0x7, 0xdd9e, 0x40, 0x6, 0x4, 0xb42, 0x83e5, 0x6, 0x10000, 0x7fff, 0x6, 0xffffffffffff0001, 0x3ff, 0x13, 0x5, 0x200, 0x1, 0x5, 0x10001, 0x9, 0x800, 0x6, 0xe3, 0x7, 0x9, 0x0, 0x1000000000000, 0x4, @perf_bp={&(0x7f0000000000), 0x9}, 0x20000, 0x3, 0x600000000000000, 0x3, 0x5, 0x7, 0xaf}, r0, 0xf, 0xffffffffffffffff, 0xb) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) ioctl$VIDIOC_ENUMOUTPUT(r1, 0xc0485630, &(0x7f0000000340)={0x8, "4c898f44cbdbc0a10c993c0c400eb25c1113c82469b017f2e192416179989c93", 0x0, 0x100000000, 0x8, 0x7, 0x8}) tkill(r0, 0x1000000000013) 12:28:05 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000340)=[@in6={0xa, 0x4e21, 0x3, @rand_addr="47f94d89f15a879ed9e855e6679cd3f8", 0x2}, @in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x10}}, @in6={0xa, 0x4e24, 0x80, @mcast2, 0xabb}, @in={0x2, 0x4e24, @multicast2}, @in={0x2, 0x4e20, @empty}, @in6={0xa, 0x4e21, 0x4, @local, 0x100000001}, @in={0x2, 0x4e22, @remote}, @in6={0xa, 0x4e23, 0x0, @local, 0x3}, @in6={0xa, 0x4e20, 0x3, @empty, 0x200000000}], 0xcc) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) ioctl$BLKPG(r1, 0x1269, &(0x7f0000000140)={0xa01, 0x9, 0xa4, &(0x7f0000000040)="70f98927f114e8822c0d20360a722d0d9144068d4954dbcb4f438a943c3a2001b5863fa444df2f41b49856f1b43670392955893a7526cd52ba5181dbca0305da0513c49650c446dadab4a46805b498ed855325118bfa79b53d37421b932bc61dd10824f8054321c2606517fd4285d531bf79376b6721d9061f2e7212684f7135b8e74f8a8be93c3ac5104b6d0987fa219b445fde8797ba2657581648353cb94a121d3236"}) ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000640)={0x0, 0x0, 0x2, 0x0, [], [{0xfffffffffffffffb, 0x0, 0x9, 0x2, 0x1, 0x3ff}, {0x0, 0xd2b, 0x9, 0x800, 0xff, 0x2}], [[], []]}) ioctl$KVM_GET_REG_LIST(r1, 0xc008aeb0, &(0x7f00000004c0)=ANY=[@ANYBLOB="060080000000000003000000008f000000000080000000008000000000000000000400000000000000074f3ccc109b77e8f3274d2fc5d9821aecb4f1372bcf41986def73729f2e5c9de84235f12393dc867ffbd0e26e5e88245d4d72aff6c504ecdcce01c68224113f26862f3a2b317bcf9d501f2ad8eafc78ee7395676e5ae0f607c6c13218010000005e2c69e300c552bc4c9441bd4b4eab3452c2796bd8a1084eb4d35da7caffba473c7995734f768000000400000000ceacd0527b2d8df1df6a44e3bbba89398ea28fe239485db100000010a9af3133f45d9bd4d4a44993a00d12aa4a6211bf05c3aefd9c6eedd12a3612fc10895af7c510ceab7ac7f43d187ae0edc812eb762c8d5cc7469fc549b0e8473fe1b0e0a46f7df7c8deb6ec13a19200000000f1bc02ff3f7776f8c49b00b66638cec18d26f13d184d80da326f0332f9e971619700"/342]) fchdir(r1) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:28:05 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x1) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) write$P9_RREMOVE(r2, &(0x7f0000000000)={0x7, 0x7b, 0x2}, 0x7) 12:28:05 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:05 executing program 0: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r2, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, &(0x7f0000000080)={'bridge0\x00', {0x2, 0x4e24, @multicast2}}) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:28:05 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcadf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0xfffffffffffffdd5, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:28:05 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r1, &(0x7f0000000340)=ANY=[], 0xff0e) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r2, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r2, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r2, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:05 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/igmp\x00') ioctl$EVIOCSCLOCKID(r0, 0x400445a0, &(0x7f0000000040)=0x1ff) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) lstat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r1, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000180)='./file0\x00', r2, r3) r4 = open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f00000000c0), &(0x7f0000000140)=0x4) r5 = accept4$tipc(r4, 0x0, &(0x7f0000000080), 0x800) dup2(r5, r4) 12:28:05 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, 0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:05 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) ioctl$VIDIOC_DBG_G_REGISTER(r1, 0xc0385650, &(0x7f0000000000)={{0x3}, 0x8}) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:05 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, 0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:05 executing program 2: r0 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) setsockopt$RDS_GET_MR_FOR_DEST(r0, 0x114, 0x7, &(0x7f0000000140)={@generic={0x5, "1c86111b782aed5bb436755253c5f90dd88007a9489394666a1856fa0c98d8103287b9bd046435f9215551b0ceaed59df35c69463b8694c2c781b133389629eb5c6f3472ba4141a28c356811ed31fca34dbe554c52b9bef6201bb7fc63e7e26f0c21d010b9e57e96331db07ca80277981d12925d0a4bcfc01a76ed8fb017"}, {&(0x7f0000000000)=""/87, 0x57}, &(0x7f0000000080), 0x1}, 0xa0) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:28:06 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x2b02e082, 0x4) ioctl$SCSI_IOCTL_START_UNIT(r2, 0x5) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:06 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, 0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:06 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f0000000080), &(0x7f0000000180)=0x4) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000002c0)=0xfffffffffffffffd, 0xfadb) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_refresh_period\x00', 0x2, 0x0) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) ioctl$IOC_PR_PREEMPT_ABORT(r2, 0x401870cc, &(0x7f0000000200)={0x9, 0x0, 0x36c, 0x9}) ioctl$EVIOCGABS2F(r4, 0x8018456f, &(0x7f0000000300)=""/167) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:06 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) setrlimit(0x2, &(0x7f00000000c0)={0x9}) r1 = open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0x80045500, &(0x7f00000001c0)) openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0xabaf7be2be7d200d, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000180)={&(0x7f0000000140)='./bus\x00', 0x0, 0x10}, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'veth1_to_hsr\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000080)={'vcan0\x00', r2}) 12:28:06 executing program 0: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x80) fchdir(r0) chroot(&(0x7f0000000000)='./file1\x00') open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x6d87aec789d2da0f) 12:28:06 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(r1, 0x80044942, &(0x7f00000001c0)) 12:28:06 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f0000000080)=0x3, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) ioctl$DRM_IOCTL_GET_CAP(r2, 0xc010640c, &(0x7f0000000000)={0x200, 0x2}) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x80002, 0x4) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:06 executing program 0: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcadf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0xfffffffffffffdd5, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:28:06 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) ioctl$EVIOCSKEYCODE_V2(r2, 0x40284504, &(0x7f0000000000)={0x8, 0xa, 0xb535, 0xfffffffffffffff7, "776ddef828cc0b5364ec52b5e93a6eb520b193fbe05615420b68606f2df01cc9"}) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x1}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:06 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:06 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffeffffffff, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000000)={0x0, @aes128, 0x1, "673ca1ff11f239d8"}) fchdir(r0) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) ioctl$VIDIOC_PREPARE_BUF(r0, 0xc058565d, &(0x7f0000000140)={0x2, 0x6, 0x4, 0x10000, {r1, r2/1000+30000}, {0x2, 0x2, 0x5, 0x596, 0x7, 0xa1b7, "128f6861"}, 0x5, 0x72c7f7ba24f72093, @planes=&(0x7f0000000080)={0x7ff, 0x80000001, @userptr=0x9, 0xe2}, 0x4}) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:28:06 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) ioctl$DRM_IOCTL_AGP_INFO(r1, 0x80386433, &(0x7f0000000200)=""/120) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) mlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f0000000000)=0xffffffffffffffff, 0x4) splice(r1, 0x0, r2, 0x0, 0x9, 0x8) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:06 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:06 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x2, 0x0) 12:28:06 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) setsockopt$llc_int(r2, 0x10c, 0x5, &(0x7f0000000500)=0x1, 0x4) ioctl(r1, 0xa, &(0x7f0000000000)="a2cc") poll(&(0x7f0000000080)=[{r1, 0x1082}, {r3, 0x8040}, {r1}, {r3, 0x8000}], 0x4, 0x8000) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) setsockopt$inet6_group_source_req(r2, 0x29, 0x2c, &(0x7f00000003c0)={0x3, {{0xa, 0x4e23, 0x1ff, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x5}}, {{0xa, 0x4e22, 0x265bdcd7, @remote, 0xad5}}}, 0x108) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000011) ioctl$FS_IOC_ENABLE_VERITY(r2, 0x6685, &(0x7f0000000200)={0x1, 0x4, 0x1000, 0xe8, &(0x7f00000002c0)="f72cfd0d64eb8f44ab12a74bec4a98310e0a31c63e74ebef0a4ec71798b9eda0f65f3d83b8bd67625c25c8b92032a698c6827a6e7be2329babc147fb4ede03bcbf347db9c6e3efff4f7859134d81bf6d5114f05ea2ab86df5374b0a4fbbe5b4fae578af229ab77dcf5bf058c7a60930f23a4e8330efafeffcddb77149c1c0227479f7fca7013403ea09f8621a5e4353ddb8ea14070a79e39d1084cf3d18ef5278885fab8bd4f9a60989e3d3db4ad5e9ac8f4ac5c44d31dbd40fc2c41da964ecd02511ac39a538045060b250bf5dd35f7e5bfcb6974f5ad5e1596841c50d16a31fd688943a9f1074e", 0xe, 0x0, &(0x7f0000000180)="366a8f0ff4ff6b28c3e3bf9ac3a9"}) 12:28:06 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:06 executing program 2: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x101000, 0x0) ioctl$RNDCLEARPOOL(r0, 0x5206, &(0x7f0000000040)=0x9) syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:28:06 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r1, 0x4008ae93, &(0x7f0000000640)=0x1d002) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(r0, 0x116, 0x7f, 0x0, 0xfffffffffffffe60) accept4$packet(r0, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000004c0)=0x14, 0x800) sendmsg$can_raw(r0, &(0x7f0000000600)={&(0x7f0000000500)={0x1d, r3}, 0x10, &(0x7f00000005c0)={&(0x7f0000000540)=@canfd={{0x4, 0x0, 0x3, 0x8}, 0xe, 0x2, 0x0, 0x0, "03ae99ea10ed0b8212e9f023216d2c977d5f2dae8a3dad9f5b9fe752fc27e477f58c008ca7aeb991fa804ebf389fedcce033bd9f2bb206596b7be58bf77a574c"}, 0x48}, 0x1, 0x0, 0x0, 0x4004050}, 0x44000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r4, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r1, &(0x7f0000000480)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @local}, 0xfffffffffffffffb) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x0, 0x0, 0x0) write$binfmt_misc(r2, &(0x7f0000000680)={'syz1', "68fc058cdf6b386a5423f841606d85d9979a34af14f328188bb32ccedf7f529f81554b2bd1196fbe51e991c43e3cea4f7085f89bd9afeeaa45e2101e7856029948fefd66d1242f8f1b830fb170c7f12af79f4a6591574773dcfd65b2d3f52b98a3df3be3aecba659e947aba54090a4939be7c8980c812da0513f77aac629f0423348495b3fd75e44087ecff027a4eabc470c5d7ff8110a57f78f474fef0253a0d7fd7cde8f54185242eb765f85ad6b0d7f57b32ea965278e6380cf34eeafde2cb0b80ae109d4a2bc0b3da2754d58000e3bc660a38566372ff99064ec431d8a20ceb73b7eb60ad9b763a06019bd894b672d8cf2a873be7e1796c2f738df195a6ab3a03fe8f5597194b52dfb9035d36e67d33ab5e2e80d891defef9f76910645e4549413d59ff3daeb0cca977f4a37a4af045444731090d287385b6a339c02044a16855361bb7839cd9aa2ecab8d3947bf2da7b4435696503f8b11ad0a0f95a32231391f9791af9b87ff881d4c85f645f57c29f34f68ef3cf2e3d58f48d6a20fe583262efea2e5d4a5c9a3638fb94a640be42cc863126ec838ee240d32f5d0e32c699dfc4167854e191a18ab168c4254b709b3d0cde8dade495811440577a15571053eafdc29cb6bda3257a3958cdd7e2c2c8fbca1161107402bc71e0b8e6fa85cbe4a6af6a28bd24b356b6a093b4b721b247d50258ea4155bca4d91843a2bb5e2e48cbaa033b06c1d7336a94a3406fed2603fa0cb8fa413038e357bbbc9d4c13b4807f8540d9a13e2896bd42a6d0c5e913fc22b91e45d2e9ac2ded28fcc161d5f34c9a8d3f8218e5afd872f38842f6a1fab2d727bd43ad28da818992e0504d3b0bc333394ae8f01a46284530d77946f3bbc65e8338bbac7273a2b56fdccd895c64ac854c469d7ae8edb7599ce85c0f27f6a7cc107ad918f1a87dac2dce5bce3ad09e292998842fee4bbfdd57ef9e7fadacbb3038d99aff82b1780ca7f0bb8daf79744967e998e34c89003b684961b35f058cdd6bc5e576bbd1aaa0269bf7d1fb27576ebfb7874560fbffab745b0782bf0681bc96307ace3c9da7cba5a0c8eeb4a19a15be07aa7f7584741ac1631a639353a97bb64065a3fcf9e426a98fa1333ae8a6b20aaa032601f4030aac813cae3fc01a8aa7dbb45c90d72ee571748f82d2c497b40e29cbd15923b22f89018187d4aec27711c927638241df4bf0e51df991dbfea1567d545ce87bba3a8ce02746ca7ea71161ba137adf09302fbe414bd79c3cfd03a882665a5d4f2d1aba13470889a1a8e3b65543b5fe6e946a936d1890b0905bddd7c80e75e2abc74864f152c7c1154be25e930d8828af56907e5139d092c13ea4b953c3436f7b434cd507551ae57208b94ff6ed681189d204c8d27a500b81686cc79a132fc34617e39bbb3248904de3dd9fe6a40ac4433cd2cad1593a4958d645d31e856c6fee28692479c6146f4fdea6e44bb59f04f698b4623b887173e73e974e52f7235712741d8f77578405f3e460c36bba7738be65e3c3938bc26a1466c9e4d088e91fe78ddf89263ba1351aa9aa1cf86b219dfdfcca632bbcefb62d7a6c8a4ccfe94ab5bc73ff31450b1fa5d60b6a50be8495cbd365f71a3c3afb4aee2c623b5b419365b672d69f1724fb986fb611fe554ff67b2c46177b852d0bd63c3623386e2965c6d187e2d653ba8b6367739b1b75274064256a38c53e8dc38448852d378317ce50e48767f7982d8c592fc1dd64f035c70230b3299290b17f81f7550fdd71c645c8e37efd14e19256b34d78d790a314c840f235a1e7797d192e770d6624168246841094b2694106e704891f2f6e0e182dd7ead059e007758de39946808d3f0218153200fdc3fed776f0c4aa6d23c9a2f501c29aa9774952ab5d52a4284ab12b632859ea4ecb163ac8ebc10cfa6faeb576c7b333705214e052df3067b1c777e0a60208ce3d8d9f50335f9920aceff0bce32eec65f390747ff3c657d0a56d86c07898d68ff733b86bfb05d596081697fc28c24b37f75611f9f9834c7ddfdddfae73b89aa557990369dbce4d4dff4a9bf07b3512c27d00dff5968a14cdf0ef785da30aaeb25a500c090c7a95aa3f40a26220fe7092d8a3cf346a896cd84433cf4d84e42ceac6609b2a532875bdaa53936024ea3376dc05a5a222a2812540e60695c09f996726f4bf4a925510c5a073ac3f219d149ee5fc39e3d825a94272e2a16d936124cfe7aefaecf796acd94d6de5409bfa29fae378140a68df6d8c3470538cf90ce55e55ebcfd9a08f2af29acc55856eaffb24bb97f56f83af31941b8fdc0e93af20d7bd46667430317624a367568cd74eb66af9c5ff033771f6d773940357df573c6bdd5b247a63e8371b4c6fe4bf7eee8c9a1372f6227051cfba7680ffb7d3a691d45e23075714932d59764aff6d9c60730dd11478b987462ac79acf33e6a637a90203c20bff9b6c857f2eaf640e29866095cc868b0743faa707e59a8245c7e7714721efd8baccda3f7ed6a983c5c8a13a34664b9d96f09f6e98e6188d0926f672165d3fc031159a262c40c60d56f9e609c22c658282cedada4dfd338b6a8016247c868e29c63cf7e786b76328687fd4144e6278606a7efeebacb6bf242b197f69270fc51a6abdb658452ce7951bcdeb429745cf68d908179c9116a15e9c098f34bd8dfcaedc641cce50f21997f9d68e7f7ab7b4bbe467c97806a1e2797ea2094fb42ee8ad66040c2c540b3d47085991f1e5d316adcfc7c68c5f560d8b47d7d8c8cb5539bdcf1e416eca2a1546767f86ea122673135a2644fadf10ee2b956f952eb08b7064bc191076c7b79b8c1705829d9ca28831ffb5e34d3aeca56feca6f00667c984e2761d1990af1e8d86bb08131f78ad33e9c24e09581f5ca657f77e635681cd69a579653ded6de38208f83e49c8ef273d3556bb2a68270bb923b051a8985412386e8efd5485198eaf95bc6900b8fd2055b2944fa9d03bba76b0ad5c9cbeeabf0d92c392e4ac95f05a1f59054cf6352cb5674d1d4eeba92b237d55bb5752798bf509fb3e28dd3d04b2e080391e1e2aa9c7d077021d6f3143a3873b5afb5e5729a2a1b38b04a2b56487230568cc04332c42e30645718860d45eca30154ef047d192f05e5ef2b9272bab82f9e7c30d74635aa9317e4fe57a59f613ea15a06e97588ce7538b9c699e46776af2e4260028768a73ac2e0ff7ea6bbae36b6e41fe6af7c6f2a5e7ecfe899ac154eecb239a29eacfb762d7ecd407201e356a51a9e77daba48afe556b62ce6a4c03f467e161379646233cbf8005782d1768bf2fe75bcca1232cc0c340a986c67fc74d36c24e64daad4fb289946c7ab410e55d93da47daed09007f6e8f18a6e54e4c795e86c125364c949353018d92be7d53464f77634374ecf68cd7436b2c6f388a774bb5297edf1e87d8d61876da60902d70965d9aa4a8d38e1d7ee99426947c1bf70f7f39b0df9a1d10a266b1696498b24c84c1e3140836ada0cc9db6b548796a882b57d636174a7bf865eb83cfd87a478c792c808b7102371d5e3ca0e793f1effa78952b265c14715f2d03930b80bfe60d0c33da2f1113f087a85a63f327a2b34d0d5037c1819586ca6c644c549726092cc793feef63989ec5a446a70e1c7694b4e14bbc0de0befeb133404a83ac85e1738996a1fca80af24c4d3657bd13b93e7e41cd83fe44e322d2b4007b862c365c7e4d3d2a17f9cd235cdc1a337af83acbfd70b342e51ec6cb5e88b6ae654d3d45baeca5189e9edbb5f9c1306f7114b775918018668a80aa43a1a74f6a66e582e8dc2fd4094bb74dad753d5b22058a064c86714f4acafa5b67ddb74f255ead55296883ce59e8be725dbff54f0ca1b383e1c7897b071fc96f83caefa846d1d8c5df25ef7dc1623b2135aa2143289882b8fa80aa97472a435179392acd7de49b2b2d4af5c6ec44d8fdc7fc53cfc90782b3c55ed900670672042a35f930bb4841e1e2c89bfda8096481e3e5bd259b68001a1ff0ffc518524a1cda0d1599c100f43060ba655fe3148ad8028a4dacee810b0788c5a989bf18872ba7205c4510c3680714acc030387bb547990acfb29a164771152791d76714e7a1200b39b01163993d952d975820ee99a9b520c9eb8508b15121adac4decaed4c2087589d6b89c888d76a578dbd507adad7b06f240c620d6bcd01fae6e48e3e8f700271999c5d6167f53e050c92a27c40adad65cdff60a9ce9de77ff54e390355305a0b182d1cb2f16da314eecce7bfcbfec5b0e4ad4a61a633d1aeb18fca070c2fa1bb2981d9928a03990de454beffdd17ef822cee41260a7222cba2f77bbeee60e6a6315393da044f05a10cc246f4d2fa4e6d3bfe603c1bc7a0e206233bf43e07a59c140e563e24796991d70408954712a3849b67164f2e43ad94f80763f290c273f8de0a86f40e114950983b8c02c77b34f7ab03848662b4411fcf801ca114c02057f0c07213c50addcbb90b6caad7666d441e0be3dea2df28679536611ad885af861047f219e92d4bb344e4a84a9d70e55bbe183cc45b70bb872fcda29ead0802f177dc6f267332b1d5cd88632a10c43ec314d14ce10e26cd493a3be38fe9f59539d0b454347d294bb2d07f3726bfb5cd6e110f3f672a4b86a49a5774f26406193aa68b1ba38f34f6cfee454a3fe2e382766e49da79f6526aad02900364b65af3647481d81678a1fb5eb1418263e3ca603b97fb6fcb1820c89d527dbeddec0ea849f1a91cec990d2698be1d47ed0898aab9cf9d9782cecc8413064aa93eaddba54f5c7ab0c80102f20903bd54f3ce0f88aff46e83b13164feda5608a3ad446adbc7036087a2a58f3e01f94f1664bf521cf2b0a74173b5c41ada1c3e300e787838c6e02e1b27e4ae857d65c67f0e9b002a8955f957a3917688e44f356c1b050f75a9acca4fbc36a53cbe8ab788f6183eb4fe1a1841e637c5acce4b3ed6dd3d1178d9c52b0ae0bb610042cc49247e2a3b0134f1203f6a4698030f909b6c8347470d6ad99bd8c83e94a31462ead14fc914763d4609988671902eddb37d83daafe5551b13ccab416f3558773fa50d441263c0c063d52ba6b35f20f0acea45d8933ed57968b3ae6039bc34b76a393d8adcb2bf8cf63c0ac2206abbd7278925531ca954d33ba82f218567da6867c54a86569d5dd13d9da0bb3a23ce95017e7b4354b5b5b9028848870137050a9c9dfc75a793d816c6639ca36a457144243544546c65ef300107e665ed1e56f1de25d477201bfdd32ef77d496a91427d84c8b80fd10ef90994dcee66b4dbc62020dc383496390721ad3151b17177c50b3ea6589db73896a5bf8d2c06f1159165dab8e9ae44ab5597e5a809adbfe4c995792d63fd04dac2127ce43a2997924b47f439e50af32da2cb8315603438f91bd2e104897f57cc05ed1ab52f0cb92266fb6516a8949feda869ec60adb9683c7e93b22334f639a89c9075b709a8cffe11f170e411058d60ace788a81ad8acbf61ce0edf2ca191f5ec661711e099f61639aa1c72c807379e20c21c15222674f015ddf96b2a00e14901d15315b4185c358280d783e25f0db4f04cb5715361a7c9d457875a7ae88450dcc9bfe24f36b190dd30616c224ced161ebfce9889b53271325d3c88648152c56a594edfbf7f4c5c9a453ad9bb871e59beee78178e20cab2b51d28c3897d9f71010a8135d4f641af79bf5b550b18f0d42a464d0001e1cb0bf0ada30ac661277c7236c601cfed5b44612e5cf83bfffe2f63170bd487cca01f769a7d6154eb1969d74f95"}, 0x1004) sendmmsg(r4, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) getresuid(&(0x7f00000001c0)=0x0, &(0x7f0000000200), &(0x7f0000000280)) setsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x6, 0x1, &(0x7f0000000380)={0x2, 0x9, 0x6, 0x42eb, 0x8, 0x9, 0x1}, 0xc) setxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='security.capability\x00', &(0x7f00000002c0)=@v3={0x3000000, [{0x2, 0x8000}, {0x4, 0x6}], r6}, 0x18, 0x2) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:28:06 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, 0x0, 0x0) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:06 executing program 0: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(r1, 0x80044942, &(0x7f00000001c0)) 12:28:09 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) write$P9_RUNLINKAT(r2, &(0x7f0000000000)={0x7, 0x4d, 0x1}, 0x7) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) ioctl$UI_SET_PHYS(r1, 0x4008556c, &(0x7f0000000080)='syz1\x00') splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r2, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:09 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) ioctl$SIOCGSTAMPNS(r1, 0x8907, &(0x7f0000000000)) 12:28:09 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, 0x0, 0x0) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:09 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000080)={0x0, 0x80000, r1}) ioctl$DRM_IOCTL_GEM_OPEN(r1, 0xc010640b, &(0x7f0000000180)={0x0, 0x0, 0x7}) ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f00000001c0)={r4, r5}) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:28:09 executing program 0: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(r0, 0x116, 0x7f, 0x0, 0xfffffffffffffca4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:28:09 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet_sctp_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000000)={0x2, 0xd7b, 0x7f, 0x8, 0x3, 0xffff, 0x1f, 0x7, 0x6, 0x20, 0x7}, 0xb) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:09 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x1, 0x0) fchdir(r0) accept(r0, &(0x7f0000000000)=@nfc_llcp, &(0x7f0000000080)=0x80) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:28:09 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, 0x0, 0x0) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:09 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TLS_TX(r2, 0x6, 0x1, &(0x7f0000000080)=@gcm_256={{0x303}, "beb17da659245954", "fd6177a2a72cbad4f63e66f0fd23e6a7d43ffb274a69e9cc05b001d416117a5a", "eebb6bab", "470b7b78a752572a"}, 0x38) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) ioctl$EVIOCGPROP(r1, 0x80404509, &(0x7f0000000000)) ioctl$FIGETBSZ(r2, 0x2, &(0x7f0000000000)) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:09 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r0, 0x4020565b, &(0x7f0000000000)={0x8001001, 0x7fffffff, 0x1}) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x100) 12:28:09 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:09 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:10 executing program 3: r0 = getpid() write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000340)=ANY=[], 0xff0e) close(0xffffffffffffffff) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xffffffffffffff0d) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r1, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) write$binfmt_aout(r1, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:10 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x9}, 0x1c) ioctl$RTC_UIE_OFF(r2, 0x7004) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000000)=@gcm_256={{0x303}, "cf400250ba15e91f", "884d120741c7c939c9c1696ef426ceb9f080932d6b55b55ec05084f4ace946bd", "a99f4abd", "4d3c1003c1b9b7ad"}, 0x38) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f0000000580)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10001002}, 0xc, &(0x7f0000000540)={&(0x7f0000000300)={0x204, r4, 0x9ce3576df59caedb, 0x70bd29, 0x25dfdbfd, {}, [@TIPC_NLA_MON={0x44, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x101}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}, @TIPC_NLA_BEARER={0xac, 0x1, [@TIPC_NLA_BEARER_PROP={0x4c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x40}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xd377}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x81}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7fff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x100000000}]}, @TIPC_NLA_BEARER_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xad}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10000}]}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'ib', 0x3a, 'rose0\x00'}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}]}, @TIPC_NLA_SOCK={0x1c, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x5}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER={0x50, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x5}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffffffffff2d}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}]}]}, @TIPC_NLA_MON={0x14, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x7f}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xffffffffffffff7f}]}, @TIPC_NLA_MON={0x1c, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x73c}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1ff}]}, @TIPC_NLA_LINK={0x64, 0x4, [@TIPC_NLA_LINK_PROP={0x54, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fb}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x20}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4b8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffff}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}]}, 0x204}, 0x1, 0x0, 0x0, 0x800}, 0xcbe44e05b4324dda) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) ioctl$sock_inet_SIOCADDRT(r1, 0x890b, &(0x7f0000000200)={0x0, {0x2, 0x4e23}, {0x2, 0x4e21, @multicast1}, {0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x200, 0x0, 0x0, 0x0, 0x7f9, &(0x7f0000000080)='bcsh0\x00', 0x4, 0x9, 0x6}) tkill(r0, 0x1000000000013) 12:28:10 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x30b, 0xff, 0x7, 0x4, 0x9, 0x9}) getsockopt$inet_mreqn(r0, 0x0, 0x0, &(0x7f0000000140)={@multicast2, @dev, 0x0}, &(0x7f00000004c0)=0x9f) bind$can_raw(r0, &(0x7f0000000040)={0x1d, r1}, 0xffffff46) 12:28:10 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:10 executing program 0: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) ioctl$EVIOCSKEYCODE_V2(r2, 0x40284504, &(0x7f0000000000)={0x8, 0xa, 0xb535, 0xfffffffffffffff7, "776ddef828cc0b5364ec52b5e93a6eb520b193fbe05615420b68606f2df01cc9"}) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x1}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:10 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000080)={'veth0\x00', 0xca3}) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:28:10 executing program 2: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x400000000e004, 0x1, &(0x7f0000000480)=[{&(0x7f00000000c0)="eb3c906174000204010002000270fff8000000000000", 0x16}], 0x4a853311fe46d79b, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) uname(&(0x7f00000004c0)=""/4096) ioperm(0x101, 0x8, 0xfffffffffffffff9) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000000)=[{0x100000001, 0x8, 0x3, 0x1}, {0x7, 0x8, 0x2, 0x1}, {0xffffffffffff8000, 0x4, 0x7fffffff, 0x1}]}, 0x10) 12:28:10 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) ftruncate(r2, 0x7) setsockopt$inet6_tcp_TLS_TX(r2, 0x6, 0x1, &(0x7f0000000000)=@ccm_128={{0x303}, "7cf0c35c496099cf", "910894eaaa2f07093c8bbda0e23291b9", "875d4ba6", "f8f29fa37e8dffca"}, 0x28) 12:28:10 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r1, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r1, &(0x7f0000000340)=ANY=[], 0xff0e) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r2, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:10 executing program 4: r0 = getpid() pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x20, 0x5, 0x7}) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r2, 0x0, 0x19d) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)=0x0) timer_settime(r4, 0x1, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x77359400}}, 0x0) write$UHID_CREATE2(r1, &(0x7f00000002c0)={0xb, 'syz1\x00', 'syz1\x00', 'syz0\x00', 0x73, 0xe3, 0x1ff, 0x4, 0x1, 0x40, "78a66331ed9c325da060dbf1fec91685ff81d4f3eb4045a386885e95fa267333fbe9618f6362bc4fcca6de8a4cdda6e4d05e129bae043d7857dbaf452f5a67e05f80c1ba1411da9912b4cf3c43eace424ffe9cf1556ec432206e754d1fbe75fa45142c3cf76e57eaf6366c5c4f6ee6b2c75eb0"}, 0x18b) syz_open_procfs(r0, &(0x7f0000000180)='net/l2cap\x00') tkill(r0, 0x1000000000013) 12:28:10 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r1, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r1, &(0x7f0000000340)=ANY=[], 0xff0e) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r2, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:10 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000280)={0x0, 0x0}, &(0x7f0000001580)=0xc) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000040)='./file0\x00', 0x5, 0x8, &(0x7f00000014c0)=[{&(0x7f0000000080)="342351b315d2752bf951d31cdbc307", 0xf, 0xc5}, {&(0x7f00000000c0)="365fb8d28c", 0x5, 0x10000}, {&(0x7f0000000140)="b48eaf51d2ba3e331ff4f8514d45e19c6955fc74e7de8e584b5ac4914e3c86ede236bf2b08e3dd5ef3c1378b860ddf59097aa3aab9a31f68c995e2f42744d972e62f0c14a72370dcf498921f11af32d37b5884c207e025fb5e3b6df0e5282568c568b9b4b99694534aa174a756861e3cd598e1307bb9", 0x76, 0x3}, {&(0x7f00000001c0)='q', 0x1, 0xfffffffffffffffa}, {&(0x7f0000000240)="f158c84cb57e29fe4fb5c51847c4c840326e7e16038f34e8425e", 0x1a}, {&(0x7f0000000340)="dfc1a2af6cc22a3a8a169a1469286c6916439a0a0ae6be270dc30f77c32206395606ce0908cd99a2e4fbb07a2921ccd62068d806fe4d5b08e179018ed4f7a835c02f9d4289587f623c16c0993f2585f4b8b27d348a78c23d6759d42b4a189264c912fd77598ea78eb1b8d0cbd7e30cafa2fe40982ae20f95a1e1c42e28268bae521ba98ae950ed212a1ff68b20d8591ee474bb60537957ef094c70755ae864e2fcea4d112eb9ea243b63bea2e7990a109ca0d3546b00f0", 0xb7, 0x6}, {&(0x7f00000004c0)="54aa9641e23e184388ed708e97008316f52731cb386aeae13a270300badf206beb33426c33893156932a90b1cffe3f41e0d5f415b48c50e9c23a8eb13df302da9cb3dc06530c0369245865829bd383c4b139e2e95ddeaba694e1f743edf5d938a2bf0d9a8e67e7c9c801cbe0f558730f3222c595220f931a5ff595b312e2eab2076931fd03a0832bec2d8c6e976372b7200889bd1b43580ddb4385a8d27d75ecf2a74556c4dda56a5c11b4622a44dd3047e8f8a1c04a02b5f04c46d8ce1d89bb88d51ebf65a6f068f08714eb8ff2df4c0377b3614fcddb9c65c0965618485e3cb31d2600090f0276db3e460e83d02d2c75fb289abfc7f6415760d9ca121075a2d73d30919925a1b1e28dd1be42a9f254bfacf5f106738d54c976cfa64dc20967f4531bf303c4f0f7c094317ea46498c38a53fcd84f27b0752f0511bfbee3a563b1bcca8da7d39e001b96b5e63600fbe2009711177443f12b8e8d1ecd3c4f8c19580584845d053531c4d1b690241e719221fa430b13ff6959873e76655759b48d018bea114aa138916915baaefbd7ab2ae576e8470192d56b6d4b7913496409616effc92c6c8806834765591fbd3ba6e15509eae060cec463926ad4c4daee66e3699defc7aac8189b57d448f752f83e5692a83df6c664f34c70d101167963e98881c3a750a4d9255bffa1d657ef586de3306ccfa4349387c5b443971b3acee8c0903e0e261218559dd00919a995e9f381517a3c7129c407b146836f95ed6bcf7e0312c79f7befc37b75f396c5326e9b6385d9c8d653563e48e7cae0a1f3fe4cfca6863e4ae97ee19b9a6b68d062a57db0734e5d9ee113d48f6883dceaf1ac314f8c96d9f4568d867a18ff1bb6cebf6682418ad0bcee47e76f59c8d2706f458a5dc5636776944456fc8417ef4563969b9563f5a19e9e9b8afbcbf7c6f8a2fdb247ddc17d3b5304fcf9c4d2ce14e6cc28bb9b51e8270b172e9b643fa94715967448a062a3794848988c645d4bc91c4dfe98062f3312d73ee27891ed885ada3caa46bfc3a64197498fe079fd409879ec1a09900b81c294fde6009e8449a9d56444608b76c29381dafde4d669a5c15f17fe30a889dfce7115ce46ea16e1e8c61fa57c567039a117192cf8395b6ffe88ccb7d3f6b674176c578c293b0c4aae0d91aa4f80abd9d1e656cd1a862ed96471212bc1f7ce21fe11e0c038fc73357be0d74855eda4dff7c383c4b61d3a421e93e301f1fc8287df67e4e150f1e7a56978d7275bd65c7dd381df3fa8038a4677d4070814b0c23cb79e45ba860295d6ae2909f94d522e8249723d9ba59281defdf89de0b2dfefd9f27f45308a87e29f0a6473e680c01fd5462c4049f36c1bcfce6687299543e36eb678b1a11fcadbc2a223d1daff24f0417db410d04b8d4b9b8332856690bca70ba7d46cb5fd2cf31089fd834e88085937ed4b9b802e65f7a307e47b46996975572362453d904fab2d80b0c5fb68ce985189968ab1251a320e33e0057537259466ff050b669dc93b72e861715438979d0718f091b28bca12643a077b74dbbc504f0e646e1b815d1e4913325ae1bcff05f53316677e9042151dcb64d35899cf2a1608bbcb350b3a8cd02f8a62610403c42203ce2b5f574387add7d7143bac349e33d12abf282772e42c39752104af9bef0c25367fe054f16b653953a7b96d9bafcc645c47cd04296e6bd0aa2aed6c49b8e32f7f05c04889a3996dc9cbf6270a90dcc48e14b0a2bc3f8b3e13f0e4eef9ab5a02fbceae2536ba212638be663ef5c58fe0193f0b9b4354443e81e4cd445239e35fabd06679cffa07f756253eead9f18042047936e56d0e3fb89d59c4e6fc0cee9f6cfad1a2ed9a754acdae5e019701ab28c879024213a38ce86f8b4b34fbcbd5fe4995ebdf9a09d4ebd57c7ae44318609b16d792500f14bb3a9f4bdbff527fe3d1e96252f2ea02dfa82b308a8a46ded36649e5ad68a723fee4ea094faf0909cc2e22e7c36f66a98a58fb413558bb77db8e5a5b549a648e36ba698264bc580e6f1927f7d9af554c489d5aa1e2fc7ebded1e05f7b8dcc827e645109bfca7127aa690e720fdea3f6b8dfeb3ab1be9efd1974a136155b1302f0c1245f027cc8488645da3cdbcb42d02b660461c0595b03563f848b654b0ba0d684a2f310bb96c780e021db4e59e1c22523ddc6197ad332b2b62a5db5bed5c6f046c6a3da6ff09af37ad834e6da3003cdda53fc6ee08c96bc367510d1a9c7db03c981ba8ad82f1d97e5f3898c5908eaf27bf6ed61b07dc0772a96afe9217d3ab93d16e2404833e7b05ab369605f748b21ba0b6e5e54475aaa3461727f2a19d17828f6e2698582297686af0fa0ac89ab556dee9604174437009d23988858daad892ecc9507acdf5c290cc200ce61fadc9c83d36de5e200ca81cd488437836cd9e5f7af83c5de20173f004858487faf2e6f34a186935ccd12883625c1d2b38770f9b176015b01eae11d4667673b89938dd07e426819d5b6ab8598e1cccf42e985a3c2c814bcba084bd5a9a78280b461b2046bbf2e89fa66838dc6b49ebb90e0c87f2fc67c9cee065165baa686524e491f5ddce386165b090e673c5c133f129e28c7bf09524b5e7b3236dbf36ff3350569ed6755682e6a24881b9979e443409e5d3eda9a33b1a6d40bf671e7ad1786212daa2e9f7ad0ede74bfbd0a256d7c7206876bb9f97acbe25163490f40e9c9e03c1261503ecc283059cec031e3f33c1e6c279ec66934953c3f196e5267246820967ec467684435bee5555ea6a3b25df5346803678911ddb0a0f0790536db356239ac478bab82c6a4c1d5da39e933ec2f1df0cadd5468183ed59d56a54a1f8c92e101689659966d6c968aa02ec2cb0e1d286f9870668b3df569dad18086f67b497be1f797cd6447495d72db60913005d46e02655757ef8fb1210fc9c48b47d5f87a9a86a6a882b3beb1fd616f0bbe1655149e0723bf5f2de939f44317937de81e2c98ecc10c9ab9661c171cb6758bb0ee5ebee906a6623b521a5783d74c83e2502b3710c90a3ae94e996b220cfad5bfd5d216470d279dac188eac6d415892107daee32dab80e883954d15cb9b1d5b85479178aa7cf8ec4f1a09d82df8c9a883cbcd94e60c9c843b7144b2c2d951fa3c3bcb2a50338b6dc77339ea01953da9aaa6a85008b94d6f56535a4336902c297dd279bc3cb5b144dae93b2a40cb34f4fc86e574cfb43e95dd5cafdf70902ecfad366b73ee32e6d363632e2657c03ba8ebbbe6f0acce4ec5ab4a9e86ae5ac3fe2c48e8da5cefd32b4649bd4e7760e4192bf8ba614c7ec08dbb61daa47125e1b77f4c0815b2e7bc58a161cf8564d8e3c4574f331b822ea45dba97a1928360e388ac817869c46e0cd83b3e2377b194df80d1cc0ea57adcee4609a48bf7c3cdc20692efd81e337792d91b4e64f5168a721fb950cbafe57f6e8c4e3cfe01712e744abcf30929d4c3cf35d036b9bbd4019b51abdbe668ed01ffde8e989bc270cc3dfdb1699eba3d8a48b7f27c31abd03caac95d4e166e1347e0994c3b33f7f52602b91bb02e140a02341851a7b7a453777af60ab9e4db0c7b81d97434b7fb5b24be711269ae833b38e8d3d21d751d31d8b596ef43b52fdb56761c9149b98dccfb72999e1f24e95836e02c754c3a178ce535f86165f52f6607729acf081e97886194d14849e9853fa1e6d9cb91ff304abb456d4a604e70ac0b7d2ac537ec6fb426a3f1e180bfcb8ce9b9e2522472731209565ed22763700192d2532199b0fed842c5e45440ce73fcd2cb7ef72ab354bb4e1597fe0d895fc5dbfa4697cc4cc66521488974ceeed2d3a5de9c758731411905ac5d68e98bf5ebe05d889cec4ed5714a8c4b3f0a99d06e94643a31a9f01f9abd501f4edda0ae8347c431058ce854b7cb12699f2f655e7b3be48db2dae7a0384eb91336c9945cbf8aeab7ae9fbd824070d2ff3e9b318f580467d1f47e0ce5f425cc423ce0fd958fd8bd244516cf37f683d2f2d2bb6e056266c43d8fcb33ba2209a41c4046702ca3a6a53680d08f71a8b90fb2cbdb2232e5174c4d830b325f63bd5591582ebeb8397d36c4357a706fc1788bf2a4b5d43ca393dfe18ef45e4330f0cf8facc7716c9adbae652cf1aa20cdd60882a7ba02bf60d5be199ddfe8285fbd5bf0dd0fa11bf2bd5f86dfd1cf25799d0694e406233c4682349ca86752b19e48e6a0d8a7ea7101770299331719b4a2fc8d59dee1535063f7b999c6bf64006a51cb5d184daf13ac5dda6ddfbca1b3ec5cc3e20f27fcd3261620e0806a81fede2aeacbba6adf4bddeac733c9b0dc59cead9876063ff3681f8fc0baee685b9283dbc17eda25031f9157e3f6698f417db132237eacdb9a3a1fd790afa177c1a074a14d3041e92a814d43001079c2c229e024c3bfcd6e5a7a2fd7bef7de3775e2e922af196bafb62ead66f1c1813a078e83222e68fa06b1f9f0225008e1aa98a247760f7b3659e5af9319af712a47812a3ea28a6daed0b1caa27a0724b16708360603cf69e89cea68c7d36f8d21bc767189f38ea439c695e1bcd8962b18df0219e0be0a50f53377cf47c3adf9d494d607d84239c7209772765abb5a55bda68b2cbef85b5f81415254e3364bdb3377be3c422f35209ee7c1ace678dbd29892115d0201f4c1f09986c1af215cb8accc31e62027b35e9aa83db2f0bc863dbafbf2f55e7b0a015f9135de497c175ca73c3dccdc0f27018974f571b4f59214a05aafdb3a0152725b4c891e82e408963b89cb796b860aec5fa647a6bc31d1b2ea6163fa779938f98961cb1a041a8e6d969bb9b553bc22eeb49d3f0e331438e53f8e20fcb450656b48f79b41d1ad47951fb1e28f261a68e136a45f481657573f3c5e01a334e2bfcab41ffd547048b087f441d9b1ef15b59a440bcfcf801320f399541bd92edf84e6d2f77ece5ef29ccba6894ec3916bb0af06ca701b6327a53bed32d707f8a7d1e68f92040c520820864668c65903c77b021a8401b329a14fe8ba1b9f1df99e20132f3f02b36945febba467b88afa0896d9c813d5cc44e4bd051fff7ed02e06c78b0584193e2af256ba54d4b094f1ecd5e9e2b3e299d60216de1c0c3ca81da76d3f4e3888a2ce8f6271d1410d9b38fde4619a5820b034a3c48800bd88a9a35652c4563ff2249084659a63c7ba32a80f0f3e397ccaeaa9c5d57cd5f12d3d90143bfc13b8bdd066160aa275810bd12ed8ce1146e331bb18615de80ce1515730734aa9cb6026ac8b1668d102fe87e2c8f7a18c390f9a2d2b2f3f8ebf6a23c2d49f2f214afb397c3672d4a12ea0e39ffc5c487fec84f16ff1affb7e753e2b963aa1e7e609eb7903341298d0826f5c15a9821580b7415ca687592dd2ee4f9ecd5cd230649f05edc886992f71a5318d2811874359d9c420bf8c0070179aa780994905598c0c40e21d90f1dd9199f606561268cee82378fb74f984481460e0006f8c4d4c562b3508c5d022dd4955da497fd753c70b2610e56e1aaa61fb04e29e0f9d2cbfd4fa2119cfd1915b715532a3a9d056b4ec6d93f2e2e117c11f9655bc19adb2106fd06f5b1467c1217cb813be0a4db715c471092a71c5f82aaafc245d46d3804a2a5dd001b49f21f79871d75bbddd3b5faa501206e3de5cc9533265f9fe7b00f12bee04299f47ba9cd62a781f767ff68ee4be890a6d916f58142f4e9c97ef61c8917688c5c31d38441a2f58cd51b0a2831d8b68338f5b8c51d52f841290f7684cc99fb596ccee37e12213c7008ee3116c756f6ed56edba68cc8c6c0", 0x1000, 0x3}, {&(0x7f0000000400)="58937fb229cb16a0e96a1205f9b45f567c5b4644362ccbc370fdfefee44e5e7a27854d7d1a0b8e7c27390336084f67da2ce83267200b9865f5f8421ef767f74b29c44eb419650562bc6c9818340688e7cf", 0x51, 0x5}], 0x8000, &(0x7f00000015c0)={[{@shortname_lower='shortname=lower'}, {@numtail='nonumtail=0'}, {@nonumtail='nnonumtail=1'}, {@shortname_win95='shortname=win95'}, {@shortname_mixed='shortname=mixed'}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'wlan1wlan1'}}, {@fowner_gt={'fowner>', r1}}]}) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:28:10 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r1, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r1, &(0x7f0000000340)=ANY=[], 0xff0e) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r2, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:10 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) ioctl$VT_DISALLOCATE(r0, 0x5608) fchdir(r0) r1 = open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) ioctl$ASHMEM_SET_SIZE(r1, 0x40087703, 0x0) 12:28:10 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:10 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000080)={0xffffffffffffffff}, 0x13f, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_ACCEPT(r0, &(0x7f0000000480)={0x8, 0x120, 0xfa00, {0x0, {0xfffffffffffffff9, 0xb47, "1faf97a7f7ee9afaa31af29bc4b61c0f3cd413c076c19f8f57d0bd51ba253931107788c76d1ed83e3bb2f49ef49fa9777ddf052b4e3466ee0022fdced37882e77c2450a02d434b397f9ec2e6f715070c0df738f7f3fa3a3ca767409676b695eb24218a8480e784430ea080f64ce207b3da53b28aad31628d7d62cbcc6b23ea3991fbaead169fa4ff4de4fef8783fd4a639f44e5972ebddb9e28c1a03db72e75c87ee664e9ce395a9538822b4c8435f86c2bcf54ee8a0bc517491205903d035eb6595f6a6933c81bfceda601a78b7fde9e401327f1cb0278b678a6e96147d21e9d64acbb6011a3c7e4c7faa8e1ebe67774d87a9f5e4e5649a86da178476828ef7", 0x30, 0x8, 0x800, 0x2, 0x1, 0x0, 0x8}, r2}}, 0x128) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x200000000000011, 0x8000f, 0x4) fcntl$setstatus(r3, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) openat$selinux_relabel(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/relabel\x00', 0x2, 0x0) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x0, 0x0, 0x0) sendmmsg(r3, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) getsockopt$EBT_SO_GET_INFO(r3, 0x0, 0x80, &(0x7f00000001c0)={'nat\x00'}, &(0x7f0000000280)=0x78) 12:28:13 executing program 0: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r1, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r1, &(0x7f0000000340)=ANY=[], 0xff0e) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r2, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:13 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:13 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x8, 0x40100) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:28:13 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:28:13 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000000)=ANY=[], 0xfffffffffffffe27) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000a00)={0x0, @rand_addr, @multicast2}, &(0x7f0000000c80)=0xc) ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000cc0)={@ipv4={[], [], @remote}, 0x1, r4}) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:13 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:13 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) fsetxattr$trusted_overlay_upper(r0, &(0x7f0000000000)='trusted.overlay.upper\x00', &(0x7f0000000340)=ANY=[@ANYBLOB="00fbd4cb4043de257a2051fb81affdc4fb4c4e7eb1a6c45e53d4b666db8899f586d839e2c1fb2ec6a08c378ad52e1233b771a9eb0be0b047ba69aa5f071850155b9a43c8842eada74155cc7fa5b3ece0bd4bcf809058dd07af3a2086a7801364069fd6ce0ca7aaedfadd1af595d6676cef6cc8f56fcb9791b0c9f21e09ca615140bb6ce8514e243100ace355b59e72c012c8caed7e4e91213070774c153b7e8106326cfbcba11d4b32f6f4b576fb52d9c7282b78d955f5c7f518d275933079c71e75e268c6a361236fde8a195ec2038bdb059c4d"], 0xd4, 0x1) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:28:13 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) stat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0}) r5 = geteuid() getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000380)={{{@in=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@remote}}, &(0x7f0000000480)=0xe8) getsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f00000004c0)={{{@in=@dev, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f00000005c0)=0xe8) r8 = geteuid() getsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f0000000600)={{{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in=@initdev}}, &(0x7f0000000700)=0xe8) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000740)={{{@in6=@local, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @loopback}}, 0x0, @in=@loopback}}, &(0x7f0000000840)=0xe8) getresuid(&(0x7f0000000880)=0x0, &(0x7f00000008c0), &(0x7f0000000900)) stat(&(0x7f0000000940)='./file0\x00', &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getgroups(0x7, &(0x7f0000000a00)=[0xee01, 0xee00, 0x0, 0xee00, 0xffffffffffffffff, 0xee01, 0x0]) getresgid(&(0x7f0000000a80), &(0x7f0000000ac0), &(0x7f0000000b00)=0x0) getresgid(&(0x7f0000000b40), &(0x7f0000000b80), &(0x7f0000000bc0)=0x0) r16 = getgid() getresgid(&(0x7f0000000c00), &(0x7f0000000c40)=0x0, &(0x7f0000000c80)) fstat(r3, &(0x7f0000000cc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000d40)='./file0\x00', &(0x7f0000000d80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000e00)={0x0, 0x0, 0x0}, &(0x7f0000000e40)=0xc) fsetxattr$system_posix_acl(r1, &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f0000000e80)={{}, {0x1, 0x4}, [{0x2, 0x1, r4}, {0x2, 0xa48247cc228c24e1, 0xee01}, {0x2, 0x5, r5}, {0x2, 0x2, r6}, {0x2, 0x2, r7}, {0x2, 0x2, r8}, {0x2, 0x1, r9}, {0x2, 0x2, r10}, {0x2, 0x5, r11}], {0x4, 0x2}, [{0x8, 0x2, r12}, {0x8, 0x1, r13}, {0x8, 0x2, r14}, {0x8, 0x1, r15}, {0x8, 0x0, r16}, {0x8, 0x1, r17}, {0x8, 0x3, r18}, {0x8, 0x1, r19}, {0x8, 0x0, r20}], {0x10, 0x5}, {0x20, 0xc30985ab8b378e28}}, 0xb4, 0x1) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) setsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000000)=0xcf5, 0x4) 12:28:13 executing program 0: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r1, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r1, &(0x7f0000000340)=ANY=[], 0xff0e) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r2, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:13 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x1b, &(0x7f0000000000)=0x800000100000001, 0x1) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:13 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:13 executing program 0: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) stat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0}) r5 = geteuid() getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000380)={{{@in=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@remote}}, &(0x7f0000000480)=0xe8) getsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f00000004c0)={{{@in=@dev, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6}}, &(0x7f00000005c0)=0xe8) r8 = geteuid() getsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f0000000600)={{{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in=@initdev}}, &(0x7f0000000700)=0xe8) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000740)={{{@in6=@local, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @loopback}}, 0x0, @in=@loopback}}, &(0x7f0000000840)=0xe8) getresuid(&(0x7f0000000880)=0x0, &(0x7f00000008c0), &(0x7f0000000900)) stat(&(0x7f0000000940)='./file0\x00', &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getgroups(0x7, &(0x7f0000000a00)=[0xee01, 0xee00, 0x0, 0xee00, 0xffffffffffffffff, 0xee01, 0x0]) getresgid(&(0x7f0000000a80), &(0x7f0000000ac0), &(0x7f0000000b00)=0x0) getresgid(&(0x7f0000000b40), &(0x7f0000000b80), &(0x7f0000000bc0)=0x0) r16 = getgid() getresgid(&(0x7f0000000c00), &(0x7f0000000c40)=0x0, &(0x7f0000000c80)) fstat(r3, &(0x7f0000000cc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000d40)='./file0\x00', &(0x7f0000000d80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000e00)={0x0, 0x0, 0x0}, &(0x7f0000000e40)=0xc) fsetxattr$system_posix_acl(r1, &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f0000000e80)={{}, {0x1, 0x4}, [{0x2, 0x1, r4}, {0x2, 0xa48247cc228c24e1, 0xee01}, {0x2, 0x5, r5}, {0x2, 0x2, r6}, {0x2, 0x2, r7}, {0x2, 0x2, r8}, {0x2, 0x1, r9}, {0x2, 0x2, r10}, {0x2, 0x5, r11}], {0x4, 0x2}, [{0x8, 0x2, r12}, {0x8, 0x1, r13}, {0x8, 0x2, r14}, {0x8, 0x1, r15}, {0x8, 0x0, r16}, {0x8, 0x1, r17}, {0x8, 0x3, r18}, {0x8, 0x1, r19}, {0x8, 0x0, r20}], {0x10, 0x5}, {0x20, 0xc30985ab8b378e28}}, 0xb4, 0x1) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) setsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000000)=0xcf5, 0x4) 12:28:13 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x0, &(0x7f0000000000)=0x800000100000001, 0xfffffe72) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x2}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) ioctl$sock_inet6_tcp_SIOCATMARK(r3, 0x8905, &(0x7f0000000080)) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f0000000340)={{0x5, 0x1, 0x4, 0x55d, 'syz0\x00', 0xdd9}, 0x5, 0x30, 0xffffffffffffffc1, r0, 0x9, 0x6, 'syz1\x00', &(0x7f00000002c0)=['vmnet1wlan0bdev$lo\x00', '\x00', 'tls\x00', 'tls\x00', 'systemvboxnet0@posix_acl_access^\x00', 'tls\x00', 'tls\x00', 'tls\x00', '(&wlan1\x00'], 0x51, [], [0x6, 0x3, 0x0, 0xffffffff80000000]}) 12:28:13 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) readlinkat(r0, &(0x7f0000000000)='./bus\x00', &(0x7f0000000040)=""/14, 0xe) fchdir(r0) r1 = open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) r2 = semget$private(0x0, 0x4, 0x400) semop(r2, &(0x7f0000000080)=[{0x2, 0x7c5e, 0x800}, {0x4, 0xd7e, 0x800}], 0x2) fchdir(r1) 12:28:13 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0xffffffffffffff1b) setsockopt$RXRPC_UPGRADEABLE_SERVICE(r2, 0x110, 0x5, &(0x7f0000000080)=[0x1], 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000200)={'vcan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', r3}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:28:13 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:13 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r1 = dup3(r0, r0, 0x80000) sendfile(r1, r0, &(0x7f0000000040), 0x400000000000000) fchdir(r0) sendfile(r0, r0, &(0x7f0000000000), 0xc0000000000) r2 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_ADD(r1, 0x4c80, r2) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:28:13 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) ioctl$VFIO_GET_API_VERSION(r2, 0x3b64) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:14 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:14 executing program 0: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x4, @mcast2, 0x4}, 0xfffffffffffffcfa) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:14 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000340)={@in6={{0xa, 0x4e21, 0xba3d, @ipv4={[], [], @remote}, 0x5}}, 0x0, 0xc888, 0x0, "1a06b45becb835db1326e00edb126b4713435e3387d9b619da08de3578fd190e7963f04a8f26fe547f33cdf1218408a010f3dc8b309fb043c4a5ed4c35a681eff4a4781b53ee9a93fc0183c273d6d818"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) ioctl$SCSI_IOCTL_START_UNIT(r1, 0x5) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000000)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0xfffffffffffffe67) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) ioctl$VIDIOC_S_EXT_CTRLS(r1, 0xc0205648, &(0x7f0000000300)={0x4, 0x3, 0x1, [], &(0x7f00000002c0)={0x9b0b7b, 0x0, [], @p_u16=&(0x7f0000000080)=0x2}}) socket$nl_netfilter(0x10, 0x3, 0xc) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:14 executing program 2: r0 = getpid() pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:14 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendto$netrom(r1, &(0x7f0000000180)="d4a69d274d253cf11a172f25c18fe3343d00685e762cfa737cd66e84a1d04e177274a9ce1f43646f4db31d7e80ba19a57c378ebf7ac63f25c3fa7a84974994cdc71c80fc67876dd9b589eb910f84286978148075575506e67b1cb30ef386202d05574123d96bba0a928ca9005ebf46124f2df5f7371e9cddca55e2da78f606d17ee705a53acca2c066f21884448e768d1be866b288b6a8b3ddc3d9fb7a8c", 0x9e, 0x4000, &(0x7f0000000280)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x3}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null, @default, @bcast, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:28:14 executing program 0: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ptrace$getenv(0x4201, r0, 0x1, &(0x7f0000000000)) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:14 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, 0x0, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:14 executing program 0: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) fsetxattr$trusted_overlay_opaque(r1, &(0x7f0000000000)='trusted.overlay.opaque\x00', &(0x7f0000000080)='y\x00', 0x2, 0x1) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:14 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) write$UHID_INPUT(r1, &(0x7f0000000a80)={0x8, "d02cdaf066ec404b93cfe706d731d839ba7fa07c146d72a3605370c0655820967b0b50b8fa687417e85bb3ec078a9e89ab719d0da994f7073070b2a4e8139ab464568b030eb8e7021084ee69540921087cd64d31bec0b55f6da18bdca44307fcddc2edf09aaa6c8deb2e77366fdc635fa7e6bc7dd73a85709a6dc73cb3cc3e9836f3096068f0aba97f58bdb9fb7f1a5e4e099df8760e591e935b2090f06865d5b433f4580e27352293168a165336c00f0a4f9140b28459e8056741c9055d6ac15d9bb8ab1bb64870d699a156ea87f844977eaa1b0e191d33a743e42fad5829c993bca50c8be0970274e35b0bfcd3ec886a1f47194edb165693956f793f2fe8385f8c5d4d29edad116e52e202afc9f2488c4200b843ee296b32b849860bf28d1242c6ca8263ccd215a780905c502ef6ceb9d07f71c61a2c4914894b3094c4dd0582ebca5a35c2bbf03d44b9e5eefa3207e8ba6c56b868ee518d2f2c1d3452c5a62d94c6357fa18a91e0b47ce43bd0e5a6ab244ee9e6aa5a0f3f4c27b2480dfb99d74316e5a1a257c2cb6d458fa1c2529a87a741da6f0a9cb2f1f759b7fa0e06b89c917224a7bcd209be2038be3982b95e7813a24af07bc037bc40a19cd40fbeb8d6b1efc9c45a8216cd15ad734ee797d549f46e718e74f6878679a96588cb4d1fe16e5693b87cc348da5348e657572d8ca29e9d52fa100da9d26283942ddaa7257a5dafa99dfb65bfec0545baf55bab998876c7186b2b47e3b1fd3e06697b0d30bfb0d7100e970f72c54177b2f61daf1e7b4f85888c59c5a4c379b91306184c2ec309c120c0f937c7cefd00fa00ada2dc966b9fa14f7eaa668abe465cc170d20333c3abd342f8b382217536044f0d8c7f25ce11dba3f245ebe45175e13d5b6660b2fbdc49525ac2426bf3392f3ce697a70b7450c07998a987337d112ea23c77b6f012ab5092570cac37e060aec01b16838eeac231e55d1c3faa49fddc02417e962166033cf45c09ac6534761179386f669f932ec6034acb1d839451603f8d7fcdc85255d761391e76df4333a5e4a22a9b287f66cda1119b57a4fae3384ebd2de2c097f7ab792f33a0bf5d79d6caede9b1740c9d612df7e36a272ecf4a185f1c09344122e3cfb39b1e7d5354298e61c0a5ae6acce5292bcbb6b5a970240b20e643da205b1168235c39881e85b5e6f2a0b64e0b220ffbd64fcb5d3e774029e9e50169f4b9c98efd9018b96dc0f625b3b85e45337ceec26b64e53b6afb41f7dd1fcf45ef5074a77507ed6b75adc50f33291f31326da3637ea3d7cbb624cdf319ec1993d6cf85823588e7cbec630029d54360705d6964b881a99adc64fe940185c14418552042d370eefcf4262e38ade8e829ba6f4fe9e74f6c49f88de6bf1e74d246a9b679d0685b0d978ac923f323912706750a2cc4e1fdec106d38fb2db3eb5bc62d9ba40e89731a5978dcb91dba081ca6f562e1e7263a67f0e060fa4de689a5c06363d562bcb00eb080d4a11d31af3566fea3b2b057c53a229827b8dcf4db81a11305fd8561ed74a50afd90c87c38ac89e27773552276cc2f9c0cb2b2908e181a14fdb4c00b60963cd1a2f96c9cd5826e77300d25f4d6e14216f773297133e4780f1c438a85d1de2927b21df25ea6fb9b1ecb78dcce6d1aca672488b3de5b62ed29f2522e9d9b4672d5ccb1257a96f6838532771f032c9c13a512492571fbd876231b30ab5d6c03ca1012684da28e05e7122a30c334185bd24d69086b9314499a2597b8a244a991d73c31bc22a5b51cdebbf976f36812e241149bf8c62f9a471819215abf1beeaa23f0cde7bc48ca6fe9b1efcc896ba6b3c5a275b9bb5e389e3d0cf89fd54430e6cd245771738655ef45549229d9ad87cd9245d135e0aab07dfdb8537a13ea763c1966cbcc9d7f1e77aa2179d29e97fc4419a0ee36df86aa1b6c21d922ed8555178c8c15e37da079408c27b15fe2b7eecbbd6aa0ed11ccb9deb7af9a13dcd88ff45e956a20028b31d892e2dc016db6508894d398d7281245ead6bb7adde1002ba7a3e9ecda6fa67e12b0f84c024e04ed67a3b14c0dda0e60975f773ffb061d9445558066096fd9295a1daa9f0af217c1523f340b545f2ac15d4bd7639fd8393b05c748fb2e189fbd347acc933a1c20e8815d8d60ffb03b92cfafb48a7ef828f0faae2d779c219c72fab87582851340c4898687ee62e9410a0e883ed132a0f959a2a7ecd1ad67a4466259ac5ce28724b079de5a0a1790e8589c99fbce629234ba1e585b69c45972d2b7f307e5175c10d686a95261f98089dae5a446c5875b12b156bdf65a0cf0e7a25010cf02c04927ed45f8ed8763c907463aa3f0fc141b93c59f4b920bbd1fc1011fdc5a614a6ba213b28d854d4715dd0dd3eb97df61635a2bf6939263615461becfcd4e2fd0ff57cd5a44af9b9f6afdbe9926aead0c0daf9a293846abb8aab091ce0f8f8464f0ddfed65b4cf4907aa2bda26a3aed2a8fc4f6ea79f252feb206265c7c1650406d4653066cebd1af0c7401aa5d6c1fc1d8b7675a562a3f857a46321554e12caa8224c4049fc1769c0d1d74e91ed4a52ee27f448f9999f03c047747f221b26f9466b8542cf010f53d417bede187f064fe2731b687b610172dbd450436579272c1caa517fb33f3542ff4f3baead11461a4334abafa76773a1d424bf8c39694134ef302c677f832b0166a2886df5c096fd804790dba69505ffae91ff68b8e351ad5c1a36157e51dc8ec68d03effd82fd57434e1de2d185952ebc63354b8f465697ef8609f459781c843e7fe7c2bf0a6711c56546e59e75a921940e43e4bc0d80d8fc4fc7b5894d834bc85648e487ea9a3603d80d25c6bc56df61bac7a4f84463b5be0e04c8bbe12c97a10f8f1fc18f7f3314099edf7ef59c640568b86b2a2a96f6dc5c51f0a0ca2381994dadd918c93dd33c716691a8505cae57637789293bdde9846a3d183c3a5ed5066c6d592c9855147cda2be1c74ec3f0ddcfeaf67ad1a2b811f0fb21415160fc7694f14b4ebe2116aeabb9fc629ab9076cc67ed725f549974e5f7d4418265da235f4d59800268c6b3484ca56e63cae017bab18adf8cb8ecf6fdb4f3eb157467efe242bb90875c97ad097cc2b9b34ee2215f3a873106be4731850b6887807a52d374a019f8feb9edc590aab65c3bf18db92b894e8cfbf367ba43439a66466ebe5c20861fe13cbdec29238a9cc7eb9f96537e86836aa3dff40f0350325fe2b90c82d4297f66e764a89fb50cd7e01e22731ddbcfc7be4a48c7f3890ef332a68bf9313e1525ad604fb57c1c60ee5751b75be2c925a9ed2111f7cd10c5edc4667a95458833d9e2cd81e86e5d3d8e4b7515a3a0568d2351a919c5bf8e21a92b07459c4c82dda80cd4ccdc0338866a093f549c8a0e9b646996178c948eafc03f88a0489d9341500c4705837cf429876dda72a1df9aa63f7b3371fc2c6b9d78957f59072192a79312d0f1b71328b43ba9fc2ca22435e7781323f91e62522178f6ad087ed6151924594568637a7b3f05dfffbb97951e6c64b08c1108e0c85721af8fec08f8e1b169aa966acc6b3450fd04b6a569a77b1712ad165692adcd84e181e4b38cfe23bc855c9a785429f1e17e4ab835a4d3b529e174cc51e2a1ff54516e61e7655a1b58fbb864bb641d48f867db8c39a439157c61e6866edf797998b982308674e046586e2896c572344de222598ad370b1f102825d2908dcc84eaac94d5e3f90b49847893c489d4b06587b199984ce86f3d808904bb5433aa1c8589176ab776e3165ec2df1fc744b53abf8c945445286bed40cd4e3ca259ec91fc6ac4a13c8c208a57039090084b9cacf2ab9ec82be66e41f410f402dfc72d622dbc950c00bf40c734a9c64f53563081ef2e7a1a13d7e4a3d028c84aedfdd487250818844d9def7e278ed661853c4512d6dc585796f03c2aa6c91f5638261ca20273c13781e944bea37a7990aae039c2a903d95d0c6d5eb38abee8c1ae2a9d9345969fec40b081874cf22e02eb917734bb5b18d60efa090e46ae5f6accc76a861e25fae494a96c4bf345e9da372980203165fa422c6d9f267cac311088ad5758580410412975545da71686ac2d1a892d4258ae76fd15c6c835f06d4841090d4144cadbf247effc508fdb6f09a6ac05702b7afe32d075a38560fd94f03f4415b1998bd2fbfda980ef1aeeea164b293fb07ae122260b7681995c8c1e323c64447ec7955c1321f0be8c2c84de30d09ffab5c8ce408a55c9603a7d8b3327c82c9f2b8de316f42eada118b8d0fd389315bd171f9be5cfbe5b8799d22f320d8158030eea50344df8191956a3d7f62e61b96897e5cd138401b42ca33624aca92291156bda286eb9d4e9cea045d0534f47d5d25193a3968ba5ca12685d87faff1369adfca6d65407968e882424e157b607838abf85fe61653b2f211dcd1e275f436206587e5974358afc4fdafed275e895cb4c65603cafa39b76b0b6ebce535bba472a7e62694ebced52c78c47f186b90e82ed9cc7c273af9c9b7154169e43c5e7ae43aefbb3adf69a2e7a190c437701475298f3d3bf24803308b8a10740b18a9417be2a5d0fc7061f16c00611e050a806ecc9cc30512da8fb812e3f15213032748abc803ee039080138efbefd5cab0a6c7d675ea812376c2c8a8af1d5f71d9f828fb7b981e44d124beed5ee9d72bf4a592df4f5ba79285034665b1d7797ead5e59f1b96448ad91443427b514cfc740fff6322f49a54428281b99daed91e1b313d2c6d0759ac27d429853849f733f9702b687c74c90f3deb07c2a92efd34378fec24259d335725f34e8fedc49836bed23f7d24af6c57b680a2e9bfda89d7942403236e820c0028f0642d0dfda909c13eed318be5d98b3f4db6f6511e2a975c43707908fbb2b2a71848f8e764aa00687aff77de8504e605da642954f6c53d53ffbe9eaaf0f7f3f04df597566fb79decee952d34f0830b76b42be5df06068f3891b1143e1e871c537588e7d1ae1a842ae6ee79fae80b2d13197db4be50ac924cda5e822ef0ea7b1e3505bd69a5d0c00d58b8c23022aaa40a5898dd78227abba4ebaeadaccc8b068c4a50e2f2779255c8cb65e044e46495152eeda38cf8ec80243c2c9e9ea0d7b158613032d2467fc646be46ea437c933f6bd62fb12f1a6929417ac82e7766d4fd4d25f411295d06e352a93954cc1b5a46db27a76b2323f934dfe17354e90ed7db019b7a718a05baed16ec09d5750235929bdeba76956b75a3f8e4a89b2e32bc2d82c5dc3f1a75ff725d63d6fb289eea1427e2476a16a482c15fabdcf5d04cde891b90c6b3f443c93b25f9cafb041b2da7979bc4b65e423e1ae9a725cf9ba769c1b86406e37226f79d3837249ea105d10abbf000fa3bf84c5e5a12952228e69bb923ad37f7ddba941393943ce785f2a00efb513dce5e70f6924aa17066ec9d2261ba297f58d39a12cb63bbd87869dd2db8bf77db7f221798c2883d46226073c49d9d1667cd627a45878a80a993ed36b31f1d74fbbb34b84d9d55d93dfe93c550e051b7b4f59fcc9d2873aaa8cd2421dffd5d718c5f2ea0e4e1b9484854eb10a6335b2e7a12cc60106d34df44964983531a5d834508106313c61e440866dcdeae5d76b563f2b08c9f6f24145d250fe731fa188a88856e07ba37023987fc886be610076662353eaeeb31a39f2901953ca49509ce7a768e8e2b5d5f291d398d102b56a80bb8c2a4074c0f59d6d8b1a57522991f7f5a68019cbe43d0b8b02d9a53c8881304f8f86ed5f8b4d9498", 0x1000}, 0x1006) close(r2) ioctl$PERF_EVENT_IOC_RESET(r2, 0x2403, 0x1f) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:14 executing program 2: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:14 executing program 0: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) fsetxattr$trusted_overlay_opaque(r1, &(0x7f0000000000)='trusted.overlay.opaque\x00', &(0x7f0000000080)='y\x00', 0x2, 0x1) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:16 executing program 3: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, 0x0) 12:28:16 executing program 2: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) syz_genetlink_get_family_id$tipc(&(0x7f0000000240)='TIPC\x00') write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000000)=0x10001, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) timer_settime(r4, 0x0, &(0x7f0000000180)={{r5, r6+30000000}, {0x0, 0x989680}}, &(0x7f0000000200)) 12:28:16 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TLS_TX(r2, 0x6, 0x1, &(0x7f0000000000)=@gcm_256={{0x307}, "e7aa33f50dfb19ae", "a4a16baa0b8688f74b0a9cc00e9bfe782238a4f0c2c4af60dfa273019a81a6b7", "beca6c8e", "37b7381aa0f6c814"}, 0x38) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:16 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x400) ioctl$TIOCGISO7816(r0, 0x80285442, &(0x7f0000000180)) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$SIOCGETNODEID(r1, 0x89e1, &(0x7f0000000080)={0x2}) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:28:16 executing program 0: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendto$netrom(r1, &(0x7f0000000180)="d4a69d274d253cf11a172f25c18fe3343d00685e762cfa737cd66e84a1d04e177274a9ce1f43646f4db31d7e80ba19a57c378ebf7ac63f25c3fa7a84974994cdc71c80fc67876dd9b589eb910f84286978148075575506e67b1cb30ef386202d05574123d96bba0a928ca9005ebf46124f2df5f7371e9cddca55e2da78f606d17ee705a53acca2c066f21884448e768d1be866b288b6a8b3ddc3d9fb7a8c", 0x9e, 0x4000, &(0x7f0000000280)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x3}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null, @default, @bcast, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:28:16 executing program 2: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r1, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(r1, &(0x7f0000000340)=ANY=[], 0xff0e) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r2, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r0, 0x0, r1, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(0x0, 0x1000000000013) 12:28:16 executing program 4: r0 = getpid() pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x6, 0x30080) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) write$P9_RSTAT(r1, &(0x7f0000000200)={0x4a, 0x7d, 0x1, {0x0, 0x43, 0x7b55e629, 0x5, {0x33, 0x0, 0x2}, 0x0, 0xd0e, 0xffffffff, 0x3, 0x4, 'tls\x00', 0x4, 'tls\x00', 0x4, 'tls\x00', 0x4, 'tls\x00'}}, 0x4a) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:17 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, 0x0, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:17 executing program 4: r0 = getpid() write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)={[{0x2d, 'cpu'}, {0x2d, 'io'}, {0x2d, 'io'}]}, 0xd) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000340)=ANY=[], 0xff0e) close(0xffffffffffffffff) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r1, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:17 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, 0x0, 0x0) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:28:17 executing program 4: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, 0x0, 0x0) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:28:17 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r2, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) accept4$packet(r2, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000180)=0x14, 0x80800) getsockopt$inet6_tcp_buf(r0, 0x6, 0xd, &(0x7f0000000480)=""/4096, &(0x7f00000000c0)=0x1000) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', r3}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000001c0)) 12:28:17 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) lseek(r1, 0x0, 0x2) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) getsockopt$inet_dccp_int(r2, 0x21, 0x0, &(0x7f0000000000), &(0x7f0000000080)=0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000180)='lp\x00', 0x3) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) ioctl$sock_SIOCBRDELBR(r2, 0x89a1, &(0x7f0000000380)='veth1_to_bridge\x00') connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f00000003c0)={0x5, 0x7, 0x6, 0x80000001, 0xfff}, 0x14) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000200)={&(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f00000002c0)="81b874f9670f1d9e24f5ec21dc673398142a1bb86e4b35f4afe156833782f5a1556999d9f579a448c8144a58737192ec7938b6eb665524cac6058336c325e19abbd1d984cf8f9dd06d631fe35060ae2c80efcc09f08244174271b0a0e104fd06524981e1e9805ac374f0b3f13bb366155e15f3751ec91e001d4408a719f566b7e0c60ce48909278fdba648483410b62839c85c76d46a22fd6ba3ac49", 0x9c, r2}, 0x68) tkill(r0, 0x1000000000013) 12:28:17 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x4, 0x0) fchdir(r0) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:28:17 executing program 2: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, 0x0, 0x0) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:28:17 executing program 3: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = semget(0x1, 0x3, 0x500) semctl$SETALL(r1, 0x0, 0x11, &(0x7f0000000000)=[0x101, 0x0]) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) 12:28:17 executing program 0: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x0, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:28:18 executing program 3: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe004, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) accept(r0, 0x0, &(0x7f0000000180)) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) open(&(0x7f0000000100)='./bus\x00', 0x141043, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r1, 0x80045500, &(0x7f0000000000)) 12:28:18 executing program 4: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f00000002c0)=ANY=[@ANYBLOB="01000000000000000a004e2200000403ff020000000000000000000000000001f40000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000020000000a004e230000003ffe8000000000000000000000000000aaff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e2000000006000000000000000000000000000000001f000000000000000000000029c641716b253ab2000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b1c33be893b7321f1e1c4c55000000"], 0x190) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) ioctl$SIOCGIFHWADDR(r1, 0x8927, &(0x7f0000000000)) ioctl$KVM_GET_PIT2(r2, 0x8070ae9f, &(0x7f0000000480)) 12:28:20 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, 0x0, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:20 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @dev}}, 0x0, 0x1, 0x0, "f37dfe5b37edc321881258b33a24336b94f143df7205a5bd87eec643f3a89bc8868d0bc83e96b267916d330bc07f86d0b459563216bd88fac164beb8508022ac9a3ddb1a32e7e29281189935841afe45"}, 0xd8) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0xb, [@var={0x3, 0x0, 0x0, 0xe, 0x2, 0x1}, @typedef={0x8, 0x0, 0x0, 0x8, 0x2}]}, {0x0, [0x0, 0x5f, 0x0, 0x0, 0xbf047e9e98e7c31d, 0x30, 0x5f, 0x0, 0x0]}}, &(0x7f00000002c0)=""/202, 0x3f, 0xca, 0x1}, 0x20) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:20 executing program 2: openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:28:20 executing program 0: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) ioctl$KVM_REINJECT_CONTROL(r1, 0xae71, &(0x7f0000000180)) close(r2) ioctl$ASHMEM_PURGE_ALL_CACHES(r1, 0x770a, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000000000)) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) write$P9_RLOCK(r2, &(0x7f0000000080)={0x8, 0x35, 0x2, 0x2}, 0x8) tkill(r0, 0x1000000000013) 12:28:20 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r3, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x0, 0x0, 0x0) sendmmsg(r3, &(0x7f0000000d00), 0x400004e, 0x0) writev(r2, &(0x7f0000000640)=[{&(0x7f0000000480)="a2b962ceab1fe0d3ca0f5aae5f0f7a3eddd14e86ea5a5d810024d79f6decc38fa1d990047b0ae3ee69830765f2fdd9a9883b6983a3c1ce6889787109d930aa53a32c76eab4cf0fbc951e6bc133f8df7e6790f5aee738900dd2ef4756f739062f4b219512188c4d52d54ec90787061c43bf2795f66a9efef15b749b51b231ec2d9857801c62325b3d2f6c678d5e137660f4c11d8afe46cfd0931be02ec6e8b4a5244c7c91b626820455bd0c1f2718b0bea4816f6d25bb69814a9e822f79a84d5c9d13c16ca50e6f7a4ed3881efec40c", 0xcf}, {&(0x7f0000000080)="403aabf302f108e00391e84a072689ffb74318a295813651bb9896ee30cd47fb8690d03c1d11de39ca5b9ebc9ae712dbab1c39d3619cf4cf8c", 0x39}, {&(0x7f0000000180)="b66f7926", 0x4}, {&(0x7f0000000580)="10633b68c2c535b18d1206dcb277ecae377f9a721b3c07c42f7ca7c3dfdaf962f137de61e55a76e994ce28c1fbaf1352c30432d7d62c8e885aeac4f9206305a92e964ee25819e646cb42744b2eac75aa4ec0fde7887833e806be2f98c435158770e15438516b7c167a8d3d70c47ed619430ab8fbed00445210f0333fe78476139a50f81bfa", 0x85}, {&(0x7f00000001c0)="d60a7c3173a8233038137290fa0ef9b20b772a333f34e2433fdc2bb83280e51aa1a40d305392e144d16aa80fdecfc6db5f96e78730a6dae58c34c4f543a3fff68bf4f57994d7548a4230e6d861fa04c7efee66df831ec3e21f379ff12f110862a3833022af31e5", 0x67}, {&(0x7f0000000280)="bb60d8564c7deea059cbb98d322cd7d6dd2b1b464c5dab1c409c853947e3074211bae8f40d0b63682c311f", 0x2b}], 0x6) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:28:20 executing program 4: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x0, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r1, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r1, &(0x7f0000000040)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r1, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:28:20 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) ioctl$SIOCX25GCALLUSERDATA(0xffffffffffffffff, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r1, 0x4, 0x2400) sendto$inet6(0xffffffffffffffff, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r1, &(0x7f0000000040)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:28:20 executing program 4: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x0, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r1, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r1, &(0x7f0000000040)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r1, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:28:20 executing program 2 (fault-call:8 fault-nth:0): openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 868.877227] FAULT_INJECTION: forcing a failure. [ 868.877227] name failslab, interval 1, probability 0, space 0, times 0 [ 868.922173] CPU: 0 PID: 23678 Comm: syz-executor.2 Not tainted 4.14.141 #37 [ 868.929335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 868.938710] Call Trace: [ 868.941323] dump_stack+0x138/0x197 [ 868.944971] should_fail.cold+0x10f/0x159 [ 868.949135] should_failslab+0xdb/0x130 [ 868.953135] kmem_cache_alloc_node+0x287/0x780 [ 868.957731] ? check_preemption_disabled+0x3c/0x250 [ 868.962757] ? retint_kernel+0x2d/0x2d [ 868.966658] __alloc_skb+0x9c/0x500 [ 868.970419] ? skb_scrub_packet+0x4b0/0x4b0 [ 868.974751] ? __alloc_skb+0x17/0x500 [ 868.978558] alloc_skb_with_frags+0x86/0x4b0 [ 868.982978] ? trace_hardirqs_on+0x10/0x10 [ 868.987220] ? retint_kernel+0x2d/0x2d [ 868.991122] sock_alloc_send_pskb+0x5db/0x740 [ 868.995631] ? sock_wmalloc+0xf0/0xf0 [ 868.999439] ? lock_downgrade+0x6e0/0x6e0 [ 869.003598] packet_sendmsg+0x16c4/0x5a70 [ 869.007747] ? avc_has_perm_noaudit+0x420/0x420 [ 869.012426] ? __might_fault+0x110/0x1d0 [ 869.016496] ? find_held_lock+0x35/0x130 [ 869.020569] ? __might_fault+0x110/0x1d0 [ 869.024631] ? rw_copy_check_uvector+0x1f1/0x290 [ 869.029406] ? packet_notifier+0x760/0x760 [ 869.033651] ? copy_msghdr_from_user+0x292/0x3f0 [ 869.038420] ? selinux_socket_sendmsg+0x36/0x40 [ 869.043100] ? security_socket_sendmsg+0x89/0xb0 [ 869.047945] ? packet_notifier+0x760/0x760 [ 869.052184] sock_sendmsg+0xce/0x110 [ 869.055920] ___sys_sendmsg+0x349/0x840 [ 869.059905] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 869.064667] ? check_preemption_disabled+0x3c/0x250 [ 869.069696] ? find_held_lock+0x35/0x130 [ 869.073762] ? __fget+0x210/0x370 [ 869.077226] ? lock_downgrade+0x6e0/0x6e0 [ 869.081390] ? __fget+0x237/0x370 [ 869.084856] ? __fget_light+0x172/0x1f0 [ 869.088834] ? __fdget+0x1b/0x20 [ 869.092203] ? sockfd_lookup_light+0xb4/0x160 [ 869.099252] __sys_sendmmsg+0x152/0x3a0 [ 869.103233] ? SyS_sendmsg+0x50/0x50 [ 869.106960] ? lock_downgrade+0x6e0/0x6e0 [ 869.111115] ? __mutex_unlock_slowpath+0x71/0x800 [ 869.115965] ? check_preemption_disabled+0x3c/0x250 [ 869.120995] ? wait_for_completion+0x420/0x420 [ 869.125588] ? __sb_end_write+0xc1/0x100 [ 869.129665] ? SyS_write+0x15e/0x230 [ 869.133395] SyS_sendmmsg+0x35/0x60 [ 869.137029] ? __sys_sendmmsg+0x3a0/0x3a0 [ 869.141185] do_syscall_64+0x1e8/0x640 [ 869.145079] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 869.149933] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 869.155121] RIP: 0033:0x459879 [ 869.158309] RSP: 002b:00007feaaa924c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 869.166029] RAX: ffffffffffffffda RBX: 00007feaaa924c90 RCX: 0000000000459879 12:28:21 executing program 0: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) ioctl$KVM_REINJECT_CONTROL(r1, 0xae71, &(0x7f0000000180)) close(r2) ioctl$ASHMEM_PURGE_ALL_CACHES(r1, 0x770a, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000000000)) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) write$P9_RLOCK(r2, &(0x7f0000000080)={0x8, 0x35, 0x2, 0x2}, 0x8) tkill(r0, 0x1000000000013) 12:28:21 executing program 3 (fault-call:10 fault-nth:0): r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) [ 869.173304] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000005 [ 869.180578] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 869.187853] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feaaa9256d4 [ 869.195137] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000006 12:28:21 executing program 2 (fault-call:8 fault-nth:1): openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) [ 869.306971] FAULT_INJECTION: forcing a failure. [ 869.306971] name failslab, interval 1, probability 0, space 0, times 0 [ 869.318749] CPU: 0 PID: 23692 Comm: syz-executor.2 Not tainted 4.14.141 #37 [ 869.325874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 869.335244] Call Trace: [ 869.337852] dump_stack+0x138/0x197 [ 869.341501] should_fail.cold+0x10f/0x159 [ 869.345665] should_failslab+0xdb/0x130 [ 869.349657] kmem_cache_alloc_node_trace+0x280/0x770 [ 869.354774] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 869.360240] __kmalloc_node_track_caller+0x3d/0x80 [ 869.365172] __kmalloc_reserve.isra.0+0x40/0xe0 [ 869.369842] __alloc_skb+0xcf/0x500 [ 869.373468] ? skb_scrub_packet+0x4b0/0x4b0 [ 869.377794] ? retint_kernel+0x2d/0x2d [ 869.381692] alloc_skb_with_frags+0x86/0x4b0 [ 869.386107] ? trace_hardirqs_on+0x10/0x10 [ 869.390360] sock_alloc_send_pskb+0x5db/0x740 [ 869.394865] ? sock_wmalloc+0xf0/0xf0 [ 869.398669] ? lock_downgrade+0x6e0/0x6e0 [ 869.402867] packet_sendmsg+0x16c4/0x5a70 [ 869.407022] ? avc_has_perm_noaudit+0x420/0x420 [ 869.411699] ? __might_fault+0x110/0x1d0 [ 869.415762] ? find_held_lock+0x35/0x130 [ 869.419821] ? __might_fault+0x110/0x1d0 [ 869.423886] ? rw_copy_check_uvector+0x1f1/0x290 [ 869.428656] ? packet_notifier+0x760/0x760 [ 869.432901] ? copy_msghdr_from_user+0x292/0x3f0 [ 869.437675] ? mark_held_locks+0xb1/0x100 [ 869.441831] ? selinux_socket_sendmsg+0x36/0x40 [ 869.446504] ? security_socket_sendmsg+0x89/0xb0 [ 869.451297] ? packet_notifier+0x760/0x760 [ 869.455550] sock_sendmsg+0xce/0x110 [ 869.459272] ___sys_sendmsg+0x349/0x840 [ 869.463251] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 869.468017] ? find_held_lock+0x35/0x130 [ 869.472079] ? __fget+0x210/0x370 [ 869.475535] ? retint_kernel+0x2d/0x2d [ 869.479511] ? trace_hardirqs_on_caller+0x400/0x590 [ 869.484615] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 869.489387] ? check_preemption_disabled+0x3c/0x250 [ 869.494406] ? retint_kernel+0x2d/0x2d [ 869.498302] ? __sys_sendmmsg+0xe0/0x3a0 [ 869.502374] __sys_sendmmsg+0x152/0x3a0 [ 869.506374] ? SyS_sendmsg+0x50/0x50 [ 869.510452] ? lock_downgrade+0x6e0/0x6e0 [ 869.514620] ? __mutex_unlock_slowpath+0x71/0x800 [ 869.519458] ? check_preemption_disabled+0x3c/0x250 [ 869.524463] ? wait_for_completion+0x420/0x420 [ 869.529029] ? __sb_end_write+0xc1/0x100 [ 869.533189] ? SyS_write+0x15e/0x230 [ 869.536900] SyS_sendmmsg+0x35/0x60 [ 869.540521] ? __sys_sendmmsg+0x3a0/0x3a0 [ 869.544665] do_syscall_64+0x1e8/0x640 [ 869.548565] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 869.553407] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 869.558598] RIP: 0033:0x459879 [ 869.561776] RSP: 002b:00007feaaa924c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 869.569496] RAX: ffffffffffffffda RBX: 00007feaaa924c90 RCX: 0000000000459879 [ 869.576755] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000005 [ 869.584030] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 869.591292] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feaaa9256d4 [ 869.598560] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000006 12:28:23 executing program 5: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x0, 'cpu'}]}, 0x5) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) timer_create(0x0, &(0x7f0000000100), &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:23 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dlm_plock\x00', 0x200200, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000480)={{{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in=@dev}}, &(0x7f0000000280)=0xe8) r3 = geteuid() lstat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000580)={{{@in6=@empty, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in=@initdev}}, &(0x7f0000000680)=0xe8) fstat(r0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_xen(&(0x7f0000000080)='/dev/dlm_plock\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x8, &(0x7f0000000740)={'trans=xen,', {[{@noextend='noextend'}, {@dfltuid={'dfltuid', 0x3d, r2}}, {@cachetag={'cachetag', 0x3d, '/dev/zero\x00'}}, {@posixacl='posixacl'}, {@version_L='version=9p2000.L'}, {@version_u='version=9p2000.u'}, {@access_any='access=any'}, {@cache_fscache='cache=fscache'}], [{@uid_lt={'uid<', r3}}, {@obj_role={'obj_role', 0x3d, '/dev/zero\x00'}}, {@uid_eq={'uid', 0x3d, r4}}, {@uid_eq={'uid', 0x3d, r5}}, {@smackfstransmute={'smackfstransmute', 0x3d, '%'}}, {@obj_user={'obj_user', 0x3d, '/dev/dlm_plock\x00'}}, {@subj_type={'subj_type', 0x3d, 'bdev#ppp0'}}, {@dont_measure='dont_measure'}, {@euid_eq={'euid', 0x3d, r6}}]}}) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, 0x0) ioctl$CAPI_SET_FLAGS(0xffffffffffffffff, 0x80044324, 0x0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r7, 0x4, 0x2400) sendto$inet6(r1, &(0x7f00000003c0)="bea626573851ca99ccda959cd4f61287f6854350d385263b0b51356a18ef958136ac6e76e3c6f282576c12d65c9af18909158d1a7234c5131ef62734d18eaa1d930428a016c992bc06d0528e6c8b12dcaaf46e810059af8e4e51c8510ff7da7d7a114f01969691e6d85f92cbed94abc4259719263edea8a51d61ad7b0bda741f41ec8388fd7a037ba4d17ec12c3b6416dc", 0x91, 0x800, &(0x7f0000000100)={0xa, 0x0, 0x2, @mcast1, 0x8}, 0x1c) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r7, &(0x7f0000000040)={0x11, 0x0, r8, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r7, 0x1, 0x0, 0x0, 0x0) sendmmsg(r7, &(0x7f0000000d00), 0x400004e, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/48) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:28:23 executing program 2 (fault-call:8 fault-nth:2): openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x220001, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x80000000000003, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x595, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f00000000c0)) 12:28:23 executing program 4 (fault-call:6 fault-nth:0): pipe(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) truncate(&(0x7f0000000000)='./bus\x00', 0x1000) r1 = open(&(0x7f0000000480)='./bus\x00', 0x8400, 0x0) lseek(r0, 0x0, 0x2) sendfile(r0, r1, 0x0, 0x40d09) 12:28:23 executing program 3: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000200)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r2, &(0x7f0000000180)={0xb, 0x10, 0xfa00, {&(0x7f00000002c0), r4, 0x4cab}}, 0x18) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000013) 12:28:23 executing program 0: r0 = getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000340)=ANY=[], 0xff0e) ioctl$KVM_REINJECT_CONTROL(r1, 0xae71, &(0x7f0000000180)) close(r2) ioctl$ASHMEM_PURGE_ALL_CACHES(r1, 0x770a, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r3, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000000000)) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000a40)=@gcm_128={{0x303}, "658bdce8f16b6901", "9fae1947fe62576d6d7573c55f795e68", "a43cc80d", "ca90bc29c8f91cf6"}, 0x28) splice(r1, 0x0, r2, 0x0, 0x100000000, 0x0) write$binfmt_aout(r3, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) write$P9_RLOCK(r2, &(0x7f0000000080)={0x8, 0x35, 0x2, 0x2}, 0x8) tkill(r0, 0x1000000000013) [ 871.187711] kasan: CONFIG_KASAN_INLINE enabled [ 871.194466] FAULT_INJECTION: forcing a failure. [ 871.194466] name failslab, interval 1, probability 0, space 0, times 0 [ 871.198438] audit: type=1804 audit(1567427303.315:165): pid=23709 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir908670830/syzkaller.l28sY1/609/bus" dev="sda1" ino=16691 res=1 [ 871.210248] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 871.245310] FAULT_INJECTION: forcing a failure. [ 871.245310] name failslab, interval 1, probability 0, space 0, times 0 [ 871.265595] CPU: 0 PID: 23709 Comm: syz-executor.4 Not tainted 4.14.141 #37 [ 871.272743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 871.282116] Call Trace: [ 871.284727] dump_stack+0x138/0x197 [ 871.288381] should_fail.cold+0x10f/0x159 [ 871.292552] should_failslab+0xdb/0x130 [ 871.296555] kmem_cache_alloc_trace+0x2e9/0x790 [ 871.301275] ? mark_held_locks+0xb1/0x100 [ 871.305435] alloc_pipe_info+0xb0/0x380 [ 871.309416] splice_direct_to_actor+0x5d2/0x7b0 [ 871.314091] ? check_preemption_disabled+0x3c/0x250 [ 871.319111] ? retint_kernel+0x2d/0x2d [ 871.323008] ? generic_pipe_buf_nosteal+0x10/0x10 [ 871.327856] ? do_splice_to+0x170/0x170 [ 871.331842] ? generic_pipe_buf_nosteal+0x10/0x10 [ 871.336696] do_splice_direct+0x18d/0x230 [ 871.340852] ? splice_direct_to_actor+0x7b0/0x7b0 [ 871.345708] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 871.350559] ? __sb_start_write+0x153/0x2f0 [ 871.354886] do_sendfile+0x4db/0xbd0 [ 871.358611] ? do_compat_pwritev64+0x140/0x140 [ 871.363200] ? retint_kernel+0x2d/0x2d [ 871.367094] SyS_sendfile64+0x102/0x110 [ 871.371065] ? SyS_sendfile+0x130/0x130 [ 871.375038] ? do_syscall_64+0xcf/0x640 [ 871.379013] ? SyS_sendfile+0x130/0x130 [ 871.382988] do_syscall_64+0x1e8/0x640 [ 871.386165] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 871.386868] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 871.393078] Modules linked in: [ 871.397903] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 871.397912] RIP: 0033:0x459879 [ 871.401078] CPU: 1 PID: 23711 Comm: syz-executor.3 Not tainted 4.14.141 #37 [ 871.406241] RSP: 002b:00007f0e97312c78 EFLAGS: 00000246 [ 871.409408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 871.416497] ORIG_RAX: 0000000000000028 [ 871.421838] task: ffff888062514340 task.stack: ffff888048c60000 [ 871.431166] RAX: ffffffffffffffda RBX: 00007f0e97312c90 RCX: 0000000000459879 [ 871.435119] RIP: 0010:scatterwalk_copychunks+0x4d6/0x6b0 [ 871.441141] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 871.448483] RSP: 0018:ffff888048c67648 EFLAGS: 00010202 [ 871.454007] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 871.466598] R10: 0000000000040d09 R11: 0000000000000246 R12: 00007f0e973136d4 [ 871.473846] RAX: dffffc0000000000 RBX: 0000000000001000 RCX: ffffc9001433f000 [ 871.481091] R13: 00000000004c7065 R14: 00000000004dc6d0 R15: 0000000000000006 [ 871.488343] RDX: 0000000000000002 RSI: ffffffff82d55709 RDI: ffff88806462f5a8 [ 871.502862] RBP: ffff888048c676b8 R08: ffffed100c8ae7da R09: 0000000000000002 [ 871.510138] R10: ffffed100c8ae7d9 R11: ffff888064573ecc R12: 0000000000001000 [ 871.517416] R13: 0000000000000000 R14: ffff888048c67710 R15: 0000000000003000 [ 871.524693] FS: 00007fda0ba05700(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000 [ 871.532925] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 871.538807] CR2: 0000001b31f27000 CR3: 00000000a52fa000 CR4: 00000000001406e0 [ 871.546081] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 871.553357] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 871.560168] CPU: 0 PID: 23707 Comm: syz-executor.2 Not tainted 4.14.141 #37 [ 871.560619] Call Trace: [ 871.567711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 871.570284] scatterwalk_map_and_copy+0x12f/0x1d0 [ 871.579604] Call Trace: [ 871.584429] ? scatterwalk_copychunks+0x6b0/0x6b0 [ 871.587004] dump_stack+0x138/0x197 [ 871.591815] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 871.595419] should_fail.cold+0x10f/0x159 [ 871.600842] ? rcu_read_lock_sched_held+0x110/0x130 [ 871.604980] should_failslab+0xdb/0x130 [ 871.609980] ? __kmalloc+0x376/0x7a0 [ 871.613928] kmem_cache_alloc+0x47/0x780 [ 871.617619] ? gcmaes_encrypt.constprop.0+0x143/0xb90 [ 871.621651] ? avc_has_perm_noaudit+0x2b2/0x420 [ 871.626815] gcmaes_encrypt.constprop.0+0x1d2/0xb90 [ 871.631458] ? avc_has_extended_perms+0xe40/0xe40 [ 871.636451] ? __lock_is_held+0xb6/0x140 [ 871.641268] skb_clone+0x129/0x320 [ 871.645308] ? check_preemption_disabled+0x3c/0x250 [ 871.648818] __skb_tstamp_tx+0x35f/0x640 [ 871.653813] generic_gcmaes_encrypt+0xf4/0x130 [ 871.657849] __dev_queue_xmit+0x181f/0x25e0 [ 871.662401] ? helper_rfc4106_encrypt+0x320/0x320 [ 871.666700] ? retint_kernel+0x2d/0x2d [ 871.671539] ? __kmalloc+0x376/0x7a0 [ 871.675402] ? netdev_pick_tx+0x300/0x300 [ 871.679090] gcmaes_wrapper_encrypt+0xef/0x150 [ 871.683215] ? check_preemption_disabled+0x3c/0x250 [ 871.687770] tls_push_record+0x906/0x1210 [ 871.692758] ? retint_kernel+0x2d/0x2d [ 871.696887] tls_sw_sendpage+0x434/0xb50 [ 871.700767] dev_queue_xmit+0x18/0x20 [ 871.704803] ? tls_sw_sendmsg+0x1020/0x1020 [ 871.708585] ? dev_queue_xmit+0x18/0x20 [ 871.712883] inet_sendpage+0x157/0x580 [ 871.716835] packet_sendmsg+0x1de0/0x5a70 [ 871.720746] ? tls_sw_sendmsg+0x1020/0x1020 [ 871.724870] ? avc_has_perm_noaudit+0x420/0x420 [ 871.729167] kernel_sendpage+0x92/0xf0 [ 871.733813] ? check_preemption_disabled+0x3c/0x250 [ 871.737671] ? inet_sendmsg+0x500/0x500 [ 871.742683] ? retint_kernel+0x2d/0x2d [ 871.746651] sock_sendpage+0x8b/0xc0 [ 871.750514] ? rw_copy_check_uvector+0x1f1/0x290 [ 871.754199] ? kernel_sendpage+0xf0/0xf0 [ 871.758933] ? packet_notifier+0x760/0x760 [ 871.762965] pipe_to_sendpage+0x242/0x340 [ 871.767195] ? security_socket_sendmsg+0x89/0xb0 [ 871.771306] ? direct_splice_actor+0x190/0x190 [ 871.776033] ? packet_notifier+0x760/0x760 [ 871.780593] ? anon_pipe_buf_release+0x157/0x220 [ 871.784800] sock_sendmsg+0xce/0x110 [ 871.789528] __splice_from_pipe+0x348/0x780 [ 871.793214] ___sys_sendmsg+0x349/0x840 [ 871.797514] ? direct_splice_actor+0x190/0x190 [ 871.801461] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 871.806022] ? direct_splice_actor+0x190/0x190 [ 871.810753] ? find_held_lock+0x35/0x130 [ 871.815307] splice_from_pipe+0xf0/0x150 [ 871.819343] ? __fget+0x210/0x370 [ 871.823381] ? splice_shrink_spd+0xb0/0xb0 [ 871.826808] ? lock_downgrade+0x6e0/0x6e0 [ 871.831017] ? security_file_permission+0x89/0x1f0 [ 871.835133] ? __fget+0x237/0x370 [ 871.840036] generic_splice_sendpage+0x3c/0x50 [ 871.843470] ? __fget_light+0x172/0x1f0 [ 871.848023] ? splice_from_pipe+0x150/0x150 [ 871.851973] ? __fdget+0x1b/0x20 [ 871.856307] SyS_splice+0xd92/0x1430 [ 871.859650] ? sockfd_lookup_light+0xb4/0x160 [ 871.863340] ? put_timespec64+0xb4/0x100 [ 871.867811] __sys_sendmmsg+0x152/0x3a0 [ 871.871858] ? compat_SyS_vmsplice+0x250/0x250 [ 871.875802] ? SyS_sendmsg+0x50/0x50 [ 871.880370] ? do_syscall_64+0x53/0x640 [ 871.884053] ? lock_downgrade+0x6e0/0x6e0 [ 871.888005] ? compat_SyS_vmsplice+0x250/0x250 [ 871.892127] ? __mutex_unlock_slowpath+0x71/0x800 [ 871.896683] do_syscall_64+0x1e8/0x640 [ 871.901497] ? wait_for_completion+0x420/0x420 [ 871.905361] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 871.909926] ? SyS_write+0x15e/0x230 [ 871.914749] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 871.918436] SyS_sendmmsg+0x35/0x60 [ 871.923599] RIP: 0033:0x459879 [ 871.927200] ? __sys_sendmmsg+0x3a0/0x3a0 [ 871.930398] RSP: 002b:00007fda0ba04c78 EFLAGS: 00000246 [ 871.934522] do_syscall_64+0x1e8/0x640 [ 871.934525] ORIG_RAX: 0000000000000113 [ 871.934532] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000459879 [ 871.939883] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 871.943739] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003 [ 871.947696] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 871.954937] RBP: 000000000075bf20 R08: 0000000100000000 R09: 0000000000000000 [ 871.959864] RIP: 0033:0x459879 [ 871.967113] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fda0ba056d4 [ 871.972275] RSP: 002b:00007feaaa924c78 EFLAGS: 00000246 [ 871.979523] R13: 00000000004c907b R14: 00000000004df4f0 R15: 00000000ffffffff [ 871.982689] ORIG_RAX: 0000000000000133 [ 871.989939] Code: [ 871.995276] RAX: ffffffffffffffda RBX: 00007feaaa924c90 RCX: 0000000000459879 [ 871.995284] RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000005 [ 872.002531] 00 [ 872.006480] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 872.008601] 00 [ 872.015850] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feaaa9256d4 12:28:24 executing program 4 (fault-call:6 fault-nth:1): pipe(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) truncate(&(0x7f0000000000)='./bus\x00', 0x1000) r1 = open(&(0x7f0000000480)='./bus\x00', 0x8400, 0x0) lseek(r0, 0x0, 0x2) sendfile(r0, r1, 0x0, 0x40d09) [ 872.023098] fc [ 872.024971] R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000006 [ 872.032217] ff df 80 3c 02 00 0f 85 37 01 00 00 49 8d 45 10 4d 89 2e 48 89 c2 48 89 45 c0 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 7d 01 00 00 48 b8 00 00 00 [ 872.068398] RIP: scatterwalk_copychunks+0x4d6/0x6b0 RSP: ffff888048c67648 [ 872.081676] kobject: 'loop4' (ffff8880a4a577e0): kobject_uevent_env [ 872.090432] kobject: 'loop4' (ffff8880a4a577e0): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 872.095048] ---[ end trace e72752ec8a61adb8 ]--- [ 872.107361] Kernel panic - not syncing: Fatal exception [ 872.114077] Kernel Offset: disabled [ 872.117715] Rebooting in 86400 seconds..