1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 190.844131] x86/PAT: syz-executor.2:8461 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:36:50 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000040)={0xffffffffffffffff}, 0x111, 0x6}}, 0x20) eventfd(0x81) write$RDMA_USER_CM_CMD_BIND(r0, &(0x7f00000001c0)={0x14, 0x88, 0xfa00, {r1, 0x10, 0x0, @in={0x2, 0x4e22, @broadcast}}}, 0x90) r2 = fanotify_init(0x0, 0x0) fanotify_mark(r2, 0xd, 0x48000028, r0, 0x0) r3 = creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r3) syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x6, 0x408800) 07:36:51 executing program 3: ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780, 0x438}) 07:36:51 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:51 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:51 executing program 3: ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780, 0x438}) 07:36:51 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f00000000c0)='/dev/snd/pcmC#D#p\x00', 0x4, 0x200) perf_event_open$cgroup(&(0x7f0000000040)={0x5, 0x70, 0xffffffff, 0x1, 0x1ff, 0x10000, 0x0, 0x7, 0x40, 0x8, 0xfffffffffffffffc, 0xf, 0x1, 0x8, 0xfffffffffffff88d, 0x5, 0x6e80d44f, 0x7aa7, 0x3ff, 0x6, 0x7ff, 0x4, 0x55, 0x1f, 0x0, 0x3, 0x3, 0x8, 0x3, 0x4, 0x9, 0x9, 0x7, 0x8, 0x9, 0x1, 0x9, 0x4, 0x0, 0x0, 0x6, @perf_bp={&(0x7f0000000000), 0x1}, 0x2000, 0x6, 0x9, 0x3, 0x7e, 0x9, 0x8}, r2, 0x2, r0, 0x4) r3 = creat(&(0x7f0000000180)='./file0\x00', 0x0) ioctl$TUNSETVNETBE(r3, 0x400454de, &(0x7f0000000140)=0x1) close(r3) 07:36:51 executing program 3: r0 = syz_open_dev$video(0x0, 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780, 0x438}) 07:36:51 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 191.064846] x86/PAT: syz-executor.0:8482 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 191.102546] x86/PAT: syz-executor.2:8489 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:36:51 executing program 5: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) poll(0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_NOTIFY(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000680)={'bridge0\x00'}) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) socket$l2tp(0x18, 0x1, 0x1) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x3f00000000000000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_DQEVENT(0xffffffffffffffff, 0x80885659, &(0x7f00000002c0)={0x0, @motion_det}) msgrcv(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:51 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:51 executing program 3: r0 = syz_open_dev$video(0x0, 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780, 0x438}) 07:36:51 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x80, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000040)={0xcea, 0x8002, 0x8, 0x80000000}, &(0x7f0000000080)=0x10) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x4800002a, r0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) 07:36:51 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:51 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:51 executing program 3: r0 = syz_open_dev$video(0x0, 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780, 0x438}) 07:36:51 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 191.388216] x86/PAT: syz-executor.0:8519 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 191.393892] x86/PAT: syz-executor.2:8518 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:36:51 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780, 0x438}) 07:36:51 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 191.435136] x86/PAT: syz-executor.0:8519 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 191.474266] x86/PAT: syz-executor.0:8519 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:36:51 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000300)={0xffffffffffffffff, r2, 0x0, 0xd, &(0x7f00000000c0)='*\\ppp0cgroup\x00', 0xffffffffffffffff}, 0x30) ioctl$TIOCSPGRP(r2, 0x5410, &(0x7f0000000340)=r3) stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$EVIOCGREP(r2, 0x80084503, &(0x7f0000000380)=""/66) write$P9_RGETATTR(r2, &(0x7f0000000240)={0xa0, 0x19, 0x2, {0x2028, {0x10, 0x3, 0x6}, 0x2, r4, r5, 0x4, 0x7, 0x3ff, 0x0, 0xf5f, 0x2, 0x2413, 0xfffffffffffffffa, 0xdc, 0x8, 0x1e, 0x9000000, 0x100000001, 0xa1ef}}, 0xa0) close(r1) 07:36:51 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 191.564394] x86/PAT: syz-executor.4:8535 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 191.580792] x86/PAT: syz-executor.4:8535 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 191.589480] x86/PAT: syz-executor.4:8535 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 191.653198] x86/PAT: syz-executor.2:8546 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:36:51 executing program 5: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) poll(0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_NOTIFY(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000680)={'bridge0\x00'}) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) socket$l2tp(0x18, 0x1, 0x1) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x3f00000000000000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_DQEVENT(0xffffffffffffffff, 0x80885659, &(0x7f00000002c0)={0x0, @motion_det}) 07:36:51 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:51 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780, 0x438}) 07:36:51 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) write$UHID_SET_REPORT_REPLY(0xffffffffffffffff, &(0x7f0000000040)={0xe, 0x8, 0xdc4, 0x3ff, 0x2, "8318"}, 0xe) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) utimensat(r0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140)={{r2, r3/1000+10000}}, 0x0) r4 = creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$PERF_EVENT_IOC_ID(r4, 0x80082407, &(0x7f00000001c0)) 07:36:51 executing program 4: mkdir(0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:51 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:51 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:51 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:51 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780, 0x438}) [ 191.833341] x86/PAT: syz-executor.2:8560 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:36:51 executing program 4: mkdir(0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:51 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='mountstats\x00') getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000140)={0x0}, &(0x7f00000001c0)=0x8) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r2, 0x84, 0x70, &(0x7f0000000200)={r3, @in={{0x2, 0x4e21, @empty}}, [0x2, 0x2, 0x4, 0x1, 0x1, 0x1635fb95, 0x7ff, 0x7, 0x3, 0xe67, 0x7fffffff, 0xae2a, 0x1, 0x8, 0x7fff]}, &(0x7f0000000300)=0x100) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r4 = creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) getsockname(r4, &(0x7f0000000000)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @local}}, &(0x7f0000000080)=0x80) 07:36:52 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:52 executing program 5: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) poll(0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_NOTIFY(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000680)={'bridge0\x00'}) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) socket$l2tp(0x18, 0x1, 0x1) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x3f00000000000000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 07:36:52 executing program 4: mkdir(0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:52 executing program 3: syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780, 0x438}) 07:36:52 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:52 executing program 1: openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/hash_stats\x00', 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r2) mq_notify(r2, &(0x7f00000000c0)={0x0, 0x7, 0x1, @thr={&(0x7f0000000040)="d68a9f07a28e6fc707cf1ce76f868bdbf987c088d43a4881e79608f3610ecbd4dbf01ab32ddae02b1f0db27934d9bf12345b1604a221640682458ea07a949f5f3a276b354ec7a332ccd2a0b2e6b50225c6c8d2b7a3050a4265b4753c85ccaeb8", &(0x7f00000001c0)="217b71007ea4bf0d5555d977b47e86ed88d23afaf03e2cb73cdd66f9b1a6345638ca4a2d7bee647ed8fd0ecfdc793678580d1f4f4042e736a6d0cea0e72946c3f509cd094930d8fe711ae3accc8f8329972b8258b1d32f77e817c1d057d9c0e0fee8d9023026d8e05e718ef626ac91b1802c9524c15cc96efcda8094cae9b930d866707a226cca57f8dbee2c62ce61bf3b6c57a38073a15501480df292295ffeafa3da599bad54adfdb901e55528c380a9e3b2f43bec209c939ea45bc0021df1a40ce2c46d3af8f4644a1be86b77a9ee2fd5219ece0ccafaf3e10ed6f35414b2"}}) 07:36:52 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:52 executing program 3: syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780, 0x438}) 07:36:52 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:52 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) fsetxattr$trusted_overlay_opaque(r0, &(0x7f0000000000)='trusted.overlay.opaque\x00', &(0x7f0000000040)='y\x00', 0x2, 0x3) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) 07:36:52 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:52 executing program 3: syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780, 0x438}) 07:36:52 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:52 executing program 5: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) poll(0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_NOTIFY(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000680)={'bridge0\x00'}) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) socket$l2tp(0x18, 0x1, 0x1) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x3f00000000000000) 07:36:52 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:52 executing program 1: getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000002c0)={{{@in6=@mcast2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in6=@dev}}, &(0x7f00000003c0)=0xe8) mount$9p_tcp(&(0x7f0000000000)='127.0.0.1\x00', &(0x7f0000000040)='./file1\x00', &(0x7f0000000080)='9p\x00', 0x2000000, &(0x7f0000000600)={'trans=tcp,', {'port', 0x3d, 0x4e22}, 0x2c, {[{@access_client='access=client'}, {@version_L='version=9p2000.L'}, {@posixacl='posixacl'}, {@access_uid={'access', 0x3d, r0}}], [{@fscontext={'fscontext', 0x3d, 'system_u'}}, {@pcr={'pcr', 0x3d, 0xc}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'wlan0.^wlan1ppp0&selinuxproc'}}, {@fscontext={'fscontext', 0x3d, 'root'}}, {@smackfsfloor={'smackfsfloor'}}, {@pcr={'pcr', 0x3d, 0x27}}]}}) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x40, 0x0) fanotify_mark(r2, 0xd, 0x48000028, r1, 0x0) r3 = openat$dlm_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-control\x00', 0x111000, 0x0) ioctl$KVM_SIGNAL_MSI(r3, 0x4020aea5, &(0x7f0000000140)={0x7000, 0x5000, 0x8, 0x4, 0xffffffff}) creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r2) 07:36:52 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, 0x0) 07:36:52 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:52 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:52 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r2 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/status\x00', 0x0, 0x0) ioctl$SIOCAX25DELFWD(r2, 0x89eb, &(0x7f0000000080)={@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}}) getrlimit(0xb, &(0x7f0000000000)) creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) 07:36:52 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:52 executing program 5: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) poll(0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_NOTIFY(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000680)={'bridge0\x00'}) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) socket$l2tp(0x18, 0x1, 0x1) 07:36:52 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, 0x0) 07:36:52 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:52 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:52 executing program 1: r0 = dup(0xffffffffffffffff) sendmsg$sock(r0, &(0x7f0000001dc0)={&(0x7f00000007c0)=@vsock={0x28, 0x0, 0xffffffff, @reserved}, 0x80, &(0x7f0000001d00)=[{&(0x7f0000000840)="3cb4456eafd198a1370f51c6fc5bda52297e930f04a4e66d237c447594b5656a48c906aa18537146965c0d23e017626e94d4810e720e26bc249bc4399912239e6147b227d286cadaac1e1b638d73004f2a52695db9fbe1f9d3ce19638858b8b4656afba9d549031b1bdc1c351a5ffd43c72b7e0f680e4f159ac7f3f889d0004800aaa5c84ac7fabcf59adc7dc8bfe13bef2e4efe8b188c91533f3ec09633", 0x9e}, {&(0x7f0000000900)="770bd80b0334f52856c02b24b95383924f959e3e5b931c7b543495cfb152402818c9df21929f8a642199c8a06e3da60aa3ed0fb9c8fbdc82175308faba7b1ca59921b3581ce7c904d2b0f9a7c3d9692c05bdb071f56e9ab24bc51cfa2e2553d7ccf787eae501d049b8e02bcd7ae936e96d83fc847e53e20010517d2c891e0ad6a3ea190e4abe59a7449074018bb7ae2f316e5aaca5b7d979963ace0d35303a819da0e4f851a8d9a0880b642c5b1c5f28e381d6610ff71ff3e226d344d8039ff0a826997f9e547cdce2daeac07b5185953785775f5f36ec77ab7696dcd627f198556767799ff1538823abde570770e4b047fe9431d2a35155", 0xf8}, {&(0x7f0000000a00)="5170201be89b9c631028c27585e36b8dfa52dd5369e27534a65bf886daf5d4f5f202fbb5d8d39c36bd96560a577da50922539d7a3de44ea9b95e7ac74b2d15ca5c09c118cd18bc604c38156ac403a63c374d49565d18bff9948a45ebe4e1bc6690708c8b1097", 0x66}, {&(0x7f0000000a80)="293bdb652c19920472bceaa9205b189b8c595eb93bfa8e499a40ea51f955f1454244684d04d1308db3bbbf5a6eb3cc70ef93ffdda11322a66603494695d2c722344efdcfe2f28899ac8f32ef1304aa8a570410cebd8be59a83f959146e5130a8fab12e2e45a9222f1e2b2d1d83b72a3d660b78f921576ea026e6994f9be29dcbd1a6cc4985cf56ad3f44bcc61a64d9759f5c16ee4c5c44f17aa5d12c626fd01afbad4f6f70902ed951bf4b", 0xab}, {&(0x7f0000000b40)="555ef12295439e46f3e5b20643be648b4b7daa771363f62bef55ef46c3e156e205450cacf0d24b762fda239c9e24e3ac9871b41a6f6227abdd893e44b0471c164778d9c968a903c43c707ecf42cd68f0cafdc8806e41a40de020e4f31edba63574e53f45b72f99c2e94357b2e40372007daa3b16be8053039bfc87404b8d3f090eb9401fc680a00ccbea08d060587c220be958b997d28d9bbbe580d02f4e034644bd90cf004895ffedb6be0067fee79bef908b274ec8afe8585f83bae2c6986bd6aefbddb13f80c2d5ab4d2901d0079cc674fbbfb3bd899659fa57d515cabdf68e4383aa20638454dc8cdd79c55967ff5c2a1d78fc9ef9b188", 0xf9}, {&(0x7f0000000c40)="ceb5ad39d0e0121ba0319644d406ddf0aff494eb79f3b36eff771d89076f36389b7b43dcebabb397eebfda8c07c57de1df1948be5ba4365f34137d2ace364a084ce52277de6b14056f9c038dfc4eaa592d4ce47f26703a4e4e4c1590be8f4dd13824439d9726f64f5a63169a00e31c9acbf177ddf30b3b499d35d5a3e43de0d1f0c8511cb9db240362eb951d60a4bda00d634a9f5646ceaae4ca26dd4319345e2d791876b6962e449d798ef42c2b720be1c7858df16ef86c342c6227045f73a9a9885aff377ce9eae189c33d32f3a06e0cdc1b89b018f3642ab610b14f89660c836f84d40cb608fb9c55d0ac3cbffda11bab9d8518c391807a03560ced891c1069d95e128ab32f2e47ba29de4b0c9967ef3c07dee2cb91414ae6dbb874f3320a0d33acbf28dfff2c6721cf8b292e55cf87375de1a7bc5280e0738e303a470a3aa8f97d2233fb014c4e8070c11b48dc1c34af54f392da186475e02c31674d0ef5c8804639de1893d091ed9309767195918f9daf8f1a429d0ab3518f05eff02adf7b22d47c2200b72b1be9ac047e08d97ff6d375ea8d6df69465899773a79ee96ee8297992182f103754e78f634ec2e8762c9669e2737f169c8642866f14101e90e687fcfa7230b3b09cceee4c6b5b1257ad1c88d8aa7293a86b358d5e3ab933ebfc4be52a42f037b9e4cbc2dc9c5859c765ff9290bd656f9fcd2af18b92bc902df01ff1e143a99292c90f0243c2ac89830e50744ea215db7df7f6a3823ecfc77c2d87a7dd8ddea84380cba8b064c21c33db15cf7233249fb3e9f1b7288681036b9a452eec242a6773e365c76bbd18c0d0940ff9da4d5174fdeb4832f9612923abd2e2e925d3a4f6b9960b250138443ebee95c6bbf2d92879248ae779a78acaa310cd27a9b3bced98bc98ddd97cb6dd109f8c4e03021595feb3f98137a3bc9102664184b5455a2736630681793c251f816bbcca9a002537e5e836a784ef29b93219a6f3301096ace71009cdc865330aaea825d64f005ad7a51e57171d3894c2c0320ff3941b3cf76f5940153ed03f759404e46eb3b71119b1c840aa906f5d0b787407d764826eba90d195b1e1db604c771f475ace24f3b15c7be2b3706a33555330b6950abca8c00bd07ba34d575df3dd358491058f68042d3f9907cf839cace9fa35fe9db293b1f3b08b99df3e883221f1637ca46afb6aae2763971b4f5d92829a9f222838e7c80bbb815267e05fa9012e7d9c1ccf064e5409f71c49af46a4f4cf1951b949f2dbeefb4183aa1c9ce7c316969b321588d4fbaff58be17ded5a77a0375e6142b22a6ae6caf5a2ec217e545d6b90bdd2e6e06e8475d9a7fe1d047c096010587b895240f4c1673eec0872d23bf4afe4e43a67482c28fa2cc767d10260c56da87f0bcd9963a9176efdb62cb22d696e9c7afa963db7f2b74fa8cec66416ac8d8046b8148f003136ef7c9de46e31daa60e9c83c882f509fcb322dd595adf8f16f1f1303ecb295ad77a262b58d03509341fa1e5d346bf295196e8fa9ca391f3e7453492e39279ebc6c18509392349f35f0a64199dbec66f9442fb078b0123e07180def424874f1797d34617f5c377a1e40c49969fa77b25b97654dcd77be9a8fb64eaa98a7660b4822285c109d2a61c0084fb93ee0a7e06b40c122cc3916779756d84cbf01331fc7c37b2f9fa53b8afc5034659f2091f69fa8bc58e6c3b728c0dfdf8224279cf36c5fd2c4208f301d02c133193f286cbec3b1ec9b6ab939f539e6391d1d323e0f9f276d39488708eaed86fbe050a8182f4d0cb1b8ec89303b22ea3e692210944496be374b8503210e1368db57e9e0cc5a7b6260935c00e15251ac6a5396ae88cc2c261e63d8bf170b5de174cc8e55d223078100ee8eb8ae028ad5f5c99453c86c45831c66e9e919800b7ae565e44abe3248c362e9071ad2b2157e1692eba6f5488416fb3478eaa488ebea68490509079f287f206ab6b368a0caca0b5099270232e6310d448ba0cf08abe7acceed6ba0f788405bf32bb0418a4b9c318bd87ae8607e5f294445eb4f4d42dd058ff7a1776d907cb85458c84f2dac80deb0e55ad8a61c1daeb7e8f8aa90e98ccf436765c60db807543d136c81c639976060d82edc84f9647aba179c22a3a95b3ec76cd73296cdb70543e1c38a7ed101b11e86fe15c88a7ccec99e315fe947ff19ad6f0b57f2df16a00892469a22139a20707bf92de2ce6a22e8c07fbf2b519fef10c81870186ff99d9b73ffcc6de5e4d231a5248f639af75c63b9b18f45ec51859f2c70d2f3e13f0f08cc2b54e1580fe566aed54dd1a0408c412feb387d12ff46531a1bf69514b744d1c925e396f70afd6c36b79fb517cbe1d6f8ba03fbe1c4e968850519974b55c0b60fc5c00e7cff31da08140a5c64a091ef855f50767af2deca67c5e0e2a5ae0fa2f4582a566650cd48d86b93f0eac4dd38b18f436e6e711948ab5d0c343e826b7b2ea7923a47373768ebce700f2fe06364db3ece41cf89509f407f0f48c5ba8747f32e13b9f982a7fec89ff6f95a49e7a4e91c4d87ce0567503e18f4b47146d4b58c56591fc826823dd40bffc451b1dac097c3639ce447b46099e8b7f093ba058ca2f975f8118bbd0d430628103fdd33e6237ceabaf4e0c522dabe54dd6f4cb048ece9edb22f2bbaa8afc1b568b2188b950bed3967493367cf477a30c93301d3e941103d89297c53dd01a3e723bb321a1d91e13140786cd78cc108dba63618b9708ea6bc8ed1d78e7ebb4d725f1a68bba9a02845cc8862641524c647531fc689990a581165f49084c9715c0e64f9a1e2878c99e01641cf9ad351df0bbc700b2e94eb19300d3879c1b36fad8ff3654cc7f61cfeb03d22f40624d48cc5f84f8bd48e151cc919de0014291a29e08da7effecc32427b5597fe119fa0400c8776139e3f6d384afa07adb64cab17be11d21ffdbdad37e742ac986ae9a29b19b7cba5efed2c188a9d3445a78d8f766db1550e741d28c49c1f53505329e4759df6c8452014a9adfbbbbba6fe4c21ef86de5a3e154e7a4cd335b148d82ab306b3947e52201edba5104d026aa4e2c8745cfe3456ea9468003c8f29198d1bf571bc561d58ce8e1c5d4e16254a9d7db0516c769e937c73221eeca9df5776bbee8d41549f2a7187d4f50a9edb6ec912eb7298e793ac08b98443d524653ae49fe468f1221b3d72acad6f30d7203f3bd08bf195238752e1274eef1512d221e247b88844db482503d6bbdd0c2c3c53ce0e39dee92999e17b59ee6592430bbccb7ceffa0b863bb791f3245d99e2a56547ea0b3431f74c544b4fcfb0a6b86b20f561a9b84bfd943d9b2b6540722e7ae30056b713aa48972e0aca2cfa5a592685e4e80c9ebe326bdd55684b3b7e96a1fb4e1bc9db6ff73fafea0930f735cac122f73d6416a4f7242ef3a2a4d36b9c5c3386ac35b2ca04465912b8e23e42f494b7cb3eca8065f0b939e28c8edef94e1ae626d1221e81fb34503ef10b061843f6ea6d783c042edbc24edb685d10d01cd49aff257ca3f6f36d2abf7d750e5c54d2433e108d1b3bcce9679549cac2ccfea1b817e543cc8cad55365b038ddeb0a844f8cbfdd86698cb3b41c270cd0b7de7e9609f9e942be75f4403cfa4ff01a9958fa169f3d5803209ef237a85b2ffcb87d490853dd8fe5f04271e3f1e8d0573dbb13f3998ca16f0a1027be83669ffbedf322dd3640e39abb0495b34b729157e95228008d5e27d0cfad36bbd20e7f514385a3bafff11ed2c66226aaa88abc7911694b39aef5cd563e50addef58427bf23c77786fa2542328761721eca1da8c161834c71d29484f6995aa35463ed16cdc773a3c445bb43831bbfe2e570a502bfd4d9e6d100b46c01449415465e89f06c2d3e9f5378e67c3e2891ad89c55b430458265acc4b22b2f3875458d499b23865b5ebf77250684ea1a6f22d3fbfe4a0751f6172fd40d56ff23a90623c57761dcf4d5f2e2767b4e44dd365eb7b4e58ebab55d3e5f1c8e2cd57f868ab58ba4990a9f850458b454656e68c5b5f7ddffc8872431c2b82f69a6ca207b429acaec8dbddc941aed0fc48a5f3a78f3e3a237257f11900114748ced5314f4d64c31ef943642bbe8f18f41b4cba6a5db4fc5ab86793820f526b79ef91c73671db35ecfe545a9367cdc9da5238dccaf39562dbf09e9345d5d6cd9195ba020bcb4b24d51e24dbb90fb351dd53cf29701c4b40072392bc602fc1e2450f9736a9d985396a345cfc19f48ed89d9e7b6b753f92c5e95dfd4d084f6e0339ba40bba07b70e7b412920cca2b6eb59fa64f6347ecf57462bda667bef158bb5f086eadad3a9045f8adc44556cdd3e00f72bd8fa57fa4515d07e791febc05f5ab2807d209f843a2012f55fd689f73d84983223c8ecb14a3301b2f55e71c842684170a13a512d4a41a8c19586c5ead99d7336327776b29d9d57cb3e66218de5eae82b222a75b9b6537043a266fbf1a0b309b7d5b358f8a5f131f13ecbd15d52e465c2e6d496c956d477ab52010db07a63909d59219a855cd2ecd459205b76b57467bc132fce2b228c97bfc7c8668b31d0e85207506a17e86a776661e2dd11040aff5248ed6b6d82d5e7684e64203dab1d363d26d98d0842db416ad7e55652e3dce5af4a9cc231e984a111d11147fc668387bfcd82d229a3b055cd3f390169d414a149ce8cdeb316961798b6ddb52b59e66a28b8a5d901000fafb5da91f4daee4946b73f223cab5f2db5d6414d09e1f7eec17563063a772190d5423be23b36bcefb0c86a990e7afbe556870d541ee8ee48ed2c8a115d2428488caf138c9df4bee7f47259dc7d9a7715ff33c01358030361382c0858882d6e9be22af800a55a0d2fdfde375b3e0e84498a3b90c3cf2911a74ad32aac8a8ea7559dffcf83c3c6e0e4095abed563344f4860aab1ed3a488679ffc6f68c22b2cd59b116d057c97b00bebd3c67fb26b749d8ffada91dcbcfa145bfcbf9eec8ba322d5b61a06e5946f54a1753b18df6416611c186140d6232ef88ff737bfad6185ea88d8a452f6fb3d67fdf28df89368476f593a288d0353786aa5194e1cf5093b489d0425eb8dad450aadfde93553e2c98a3557f7679d9e164c730fc6f931c680af50d89a7c544ea149393cd306bbe49f262b9f60fdd98278fb754a6fde86865c026bfbd03fd6aa99edecfd7065eba6283b325d004806adcf4b613cd6db0d7c2af47937953acd3b85db5e2b64da7ddc24e8191410081f7e2dfa66102a7230d884185fb7f9a028c12925317eb0e7cd9d4cf4f173385946d9d64531a3bd1348700d2a7149e10d27a1f326ea421f06c46d9053d9d547dcc496a2e0a7692efbff4cca87ac93d797a7a1db40608a5a08fb81e8faad8ad62ae1fd4a985e871744b13531353e61aa66f8417a7574513a24a25f8a5f6675453abbba084bed1e67849a11eeeee5cf48466e2394286fd99814c3cd2689cf11ea67ef685f286e805b7205d8108da0e2c65cdccbcbe4a767b9931c405ecab06de9beec1aa6e9c526050029462f94830f92f11466d3b31012232dc9c7efcd7bf759ab829c48f0907877ddf5fbb7133680061f95a58253b6d53efa95c36ef641ed5c65c8dcba61f2a45bc881ffe5323c3cc243cb7b4d28f6fcb9bb59d086e980d09d4b8eb7a5a807fa2fc6ba1021d5cfe2abf23892c8459c573184ecefe16d2dad4b168d57d806b9bac7a799ab474e86895542226579a0de9adee2dce781532b65a0149a48cc5fed933512a1d5f742ca9a730257500b9b3dfa646d780639b73fd9708e1", 0x1000}, {&(0x7f0000001c40)="a61d3c9fc5fcf352570c38ac1d27bc5f42fa39e29f01eaf6ee9b05115036837e0151f6884a076e00c3fd928d00c5ebd00ada9993ae61c493ca61223ac7ffbb45bdbdf2756f4a23ad7a364b0e0aa297294dc432e986870b578cebb9c96448cc178cc6e2f283705007cc1a1d2e748d7a6e6fe79bddbb0cf85fc7b2df7a3adabf1f5638dde60b12662cfceec59a0a46a25f", 0x90}], 0x7, &(0x7f0000001d80)=[@mark={{0x14, 0x1, 0x24, 0xa4f}}], 0x18}, 0x4040000) ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r0, 0x3) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000600)={{{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in=@local}}, &(0x7f0000000700)=0xe8) syz_mount_image$hfsplus(&(0x7f0000000000)='hfsplus\x00', &(0x7f0000000040)='./file0\x00', 0x7, 0x7, &(0x7f0000000540)=[{&(0x7f00000001c0)="7d924521d150014f2b9fd305a4ebc5722ab56d4341f36cf7db760053f05515db81623a7de05faf3bc34370c40addc02128385a7d912f213c76c565206bccc39cc823f45dda1cf2a6afad4f04dedb926a00f27a0cd2f52be2a332f9ae31244d4548ff1085445b6b593f73c3cd605c8a169b6f9abdc145248e556eba45733573e02bcf8e01420fc472eb3379ddd695d642daa50f8ec90c98da27fb05126413138b797948ed15b52b1f66b8258dd811de722ce27825cb30944d7f4ee9e97d8d22b0aa3ae736efedead1cbcc926bca55c23a7a6d0011d71f5497", 0xd8, 0x80000001}, {&(0x7f0000000080)="533f8672ce1ab106b2c4be06b86a1b3f2cb2a52d34e1d7aa17e8338bee24417f4271520077e06375249b19fdc182aad72c361f7b6dfd55fd2959d4ebfa1389f2d4981f377ce08c936e14a5afb15832cd256e1c414d99a82f288e8bad75", 0x5d, 0xffffffff}, {&(0x7f0000000140)="eb3669a774f75f21d74f420be2776ac0d5da59bfdaf4c6653f35b5c5a672fab5ba73709873cb86e526aa8a97ef4de915bb68f6b2ccb3906a0f423e", 0x3b, 0x7}, {&(0x7f00000002c0)="9b1a75d3b4e892336745a471a331d1475c73f535182a936e1fd4d2edda0e19ec202a0498e08a5cf8f9b360f3b980635d686ac9ff21cd2c9078a33fa59a78adb2ea4a6addd7cb696c718206bd3521e16d42aa779cd8d92f7fbe0991bb4dc9779f3daef2bccac58d012b19b46fabff2c06c5eaee733221578a97ee9809a1b5bea6afe7a8c5b870c7fd33d9ad69a1cbc5de1f1e9a01765bf1c10e01254d3bc5b79f90a8f79420a6e69be422a5de1f149576d1e1022610bfac7e02d880914ea0b8", 0xbf, 0x9}, {&(0x7f0000000380)="09b405e9de7f5f3e4274d5cd41389e6a9464dd3278baec75ad5e63c5b93990f4a3f80699dff2903174c389c9e1626688e407774ffc24d9fed8babdaa73b192479dbbb2cce02c803725bc85429751b0b627c520c1634ae07e976152d0c8822b86e92ca6c818bcb14ce6cf5c29e526d2", 0x6f, 0xcb12}, {&(0x7f0000000400)="cb268a37689b2a356584c929cd1c6d30bda050b7f638fa73c41582a70c15e620800c721bb4d48e4cd39d5327f072a54f1206d0563f", 0x35, 0x7c}, {&(0x7f0000000440)="2b53c30052a54e3a02bcbac89eee340d8f986436e7691b01e56ac89a53739692718be8efc4b1d65ec11fd944a1d2ffd05ab21dbb01e8033adb6b9573f8d11b483a90e8bb912cffd930a705b572254bd09ca7120a06cfb49ee15bb47dca41f483da5b729650eb0fcba0b3df4a30ceb715cf814a5ed9422b658cc23083796c86ff461a733a21142f8cf70149c5e9a454018d636832ffddc0ea5418d71208cb63e9de9ab3e4636fa0f3c1093c8a8239243a3d7155183607b8e14b8f9ea07ed32f22e4599be20e0cd05df3f8cce1d11a7bb689ece85b90997aa6bcc8f4558e3be86936e2037288", 0xe5, 0x400}], 0x69126fef2b55ce30, &(0x7f0000000740)=ANY=[@ANYBLOB="747970653dd3a8613a2c7569643d", @ANYRESHEX=r2, @ANYBLOB="2c6769643d1a10e86d48bec6150000c09e0f8732a050980f", @ANYRESHEX=0x0, @ANYBLOB="2c736d61636b4c1bdde9b696c8c9b1a66fe8818fe92e538fdb40722566737472616e736d7574653d2c736d61636b6673666c6f6f"]) r3 = fanotify_init(0x120, 0x0) fanotify_mark(r3, 0xd, 0x48000028, r1, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r0) 07:36:52 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:52 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, 0x0) 07:36:52 executing program 5: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) poll(0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_NOTIFY(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000680)={'bridge0\x00'}) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) 07:36:52 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:52 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:52 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='trusted.overlay.upper\x00', &(0x7f00000001c0)={0x0, 0xfb, 0xef, 0x2, 0x2, "e8af2affedae8b5f2f3c9ec3d954d3ef", "ced8530ab0110d698300ea7934c70ea8e59e0230efab8a04f68855c6d5d5eaf8d66ba965c02b157f8c6dea8a86a6f28540699619d8716040acd46e71b87b4ee5a701751779e50892bedea6138bd15f3c9b67ef1915ce89f7c9ab2756fb333d7c8ba576f9b3817020ac9d8b531426482f2e56d8ecf8eac19c25fa7f0057759fbc3a3c15d26df318ac46f7980996d1d10faa11fe1233db8ab35cb4b43fb2993d5d45ddcb5b910549e4f02a9f786d4a684950811736eea3efc93002f19361b1d56660733f581d438dfc068125ba50eb16dc802601e2647f128a0e51"}, 0xef, 0x2) creat(&(0x7f0000000180)='./file0\x00', 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x84000, 0x0) close(r1) 07:36:52 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x0, 0x780, 0x438}) 07:36:52 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:52 executing program 5: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) poll(0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_NOTIFY(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000680)={'bridge0\x00'}) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 07:36:53 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x0, 0x780, 0x438}) 07:36:53 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:53 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:53 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:53 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='.\x00', 0x0, 0x0) statx(r0, &(0x7f00000000c0)='./file0\x00', 0x400, 0x40, &(0x7f00000001c0)) r1 = fanotify_init(0x0, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f00000002c0)='/dev/snd/pcmC#D#p\x00', 0x4, 0x444000) ioctl$CAPI_GET_FLAGS(r2, 0x80044323, &(0x7f0000000300)) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) sendmsg(r2, &(0x7f0000000440)={&(0x7f0000000340)=@pptp={0x18, 0x2, {0x3, @loopback}}, 0x80, &(0x7f0000000400)=[{&(0x7f00000003c0)="48977334", 0x4}], 0x1}, 0x8090) r3 = creat(&(0x7f0000000180)='./file0\x00', 0x0) ioctl$LOOP_SET_STATUS(r3, 0x4c02, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x6, 0x7ea0e3fe0d2576ef, 0xf, 0x9, "b61f53c5ca47321a4707ffc8ccee36e584c376b8bd8156b082c318c74e80db1c1a2c5e231932e8f80aa39fddc3c300002000", "b5ad8d22505fc226660a9de81410ede94ac96e4d31c77025398eba46264d7ba7", [0x1, 0xa78b]}) close(r1) uselib(&(0x7f0000000100)='./file0\x00') 07:36:53 executing program 5: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) poll(0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_NOTIFY(0xffffffffffffffff, 0x0, 0x0) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 07:36:53 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x0, 0x780, 0x438}) 07:36:53 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:53 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x40) close(r1) 07:36:53 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:53 executing program 5: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) poll(0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x0) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 07:36:53 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x0, 0x438}) 07:36:53 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:53 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0) ioctl$sock_bt_cmtp_CMTPGETCONNLIST(r2, 0x800443d2, &(0x7f0000000040)={0x3, &(0x7f0000000000)=[{}, {}, {}]}) close(r1) write$binfmt_misc(r1, &(0x7f0000000080)={'syz1', "c43b23ecbd5215c72726c6e2a849e7d447d276b3407d4ada3541610e695b4be8d9b66c7c4bb8105652867f6a41928e81ce12a9f75ed6abc9d51ab8c9ce872a40fa23a903c070ce384d"}, 0x4d) 07:36:53 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:53 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:53 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x0, 0x438}) 07:36:53 executing program 5: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) poll(0x0, 0x0, 0x0) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 07:36:53 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:53 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) 07:36:53 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:53 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x0, 0x438}) 07:36:53 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:53 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:53 executing program 5: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 07:36:53 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x5, 0x9164688f2ff11bf3) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000000)={0x0, 0x0, 0x1, 0x0, [], [{0x1, 0x3ff, 0xfffffffffffffff7, 0x7, 0x7f, 0x7}, {0x80, 0x1, 0xaed, 0x77ad204f, 0x0, 0x8001}], [[]]}) readv(r1, &(0x7f0000001700)=[{&(0x7f00000001c0)=""/4096, 0x1000}, {&(0x7f00000011c0)=""/175, 0xaf}, {&(0x7f0000001280)=""/209, 0xd1}, {&(0x7f0000001380)=""/210, 0xd2}, {&(0x7f0000001480)=""/79, 0x4f}, {&(0x7f0000001500)=""/237, 0xed}, {&(0x7f0000001600)=""/89, 0x59}, {&(0x7f0000001680)=""/110, 0x6e}], 0x8) close(r1) 07:36:53 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:53 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:36:53 executing program 5: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_create1(0x0) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 07:36:53 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:53 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:53 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:53 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:36:53 executing program 5: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 07:36:53 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:53 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:36:53 executing program 5: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 07:36:54 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r1, 0x400c6615, &(0x7f0000000000)) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) 07:36:54 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:54 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:36:54 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:54 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000400)) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:54 executing program 5: recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 07:36:54 executing program 5: recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 07:36:54 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:36:54 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 194.379858] x86/PAT: syz-executor.0:8827 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 194.411454] x86/PAT: syz-executor.0:8827 freeing invalid memtype [mem 0x00000000-0x00000fff] 07:36:54 executing program 5: recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 07:36:54 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) r2 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x40, 0x1) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r2, 0xc0845657, &(0x7f0000000340)={0x1, @reserved}) fcntl$setstatus(r1, 0x4, 0x46c00) fanotify_mark(r1, 0x11d, 0x48000028, r0, 0x0) socket$alg(0x26, 0x5, 0x0) modify_ldt$read_default(0x2, &(0x7f00000004c0)=""/133, 0xffffffffffffff45) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x84800) ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) creat(&(0x7f0000000180)='./file0\x00', 0x0) bind$rxrpc(r3, &(0x7f0000000080)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e20, 0xfffffffffffff801, @loopback, 0xea}}, 0x24) close(r1) [ 194.433667] x86/PAT: syz-executor.0:8827 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:36:54 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:54 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:36:54 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:54 executing program 5: syz_init_net_socket$netrom(0x6, 0x5, 0x0) recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 07:36:54 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:54 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) prctl$PR_GET_PDEATHSIG(0x2, &(0x7f0000000000)) 07:36:54 executing program 5: syz_init_net_socket$netrom(0x6, 0x5, 0x0) recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) [ 194.603460] x86/PAT: syz-executor.0:8858 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:36:54 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:54 executing program 3: ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:36:54 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 194.656094] x86/PAT: syz-executor.0:8858 freeing invalid memtype [mem 0x00000000-0x00000fff] 07:36:54 executing program 3: ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:36:54 executing program 5: syz_init_net_socket$netrom(0x6, 0x5, 0x0) recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) [ 194.713062] x86/PAT: syz-executor.0:8858 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:36:54 executing program 1: r0 = syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x6, 0x400000) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000340)={{{@in=@loopback, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@initdev}, 0x0, @in6=@mcast1}}, &(0x7f0000000440)=0xe8) sendmsg$kcm(r0, &(0x7f0000002d40)={&(0x7f0000000480)=@xdp={0x2c, 0x7, r1, 0x29}, 0x80, &(0x7f0000001840)=[{&(0x7f0000000500)="fee9547616c2191df5fe5ca6381838a6be27d53ebb8c131367a9ce3afac801d8553d221a83e8b7c0da391edba8c05589d8dc4e011aba93cbd95aeda0c1a5884fac4bef4c69e3947c1a2779245663c4ad39dc9c4873b3b1a0641686f34cc13ae9552f6d4e430196f3eb5228c66ca2c2dd8fd520f0c3938a77efd6d509b0d81068456c4ff0dfafa59720200877ea0d6198eb80e546ea34a477653a6d19ae0bc1e2ffc80edf34139da19a32a3f621fb394766f259fe7bf0b102e847e4cbdb", 0xbd}, {&(0x7f00000005c0)}, {&(0x7f0000000600)="485c0d180d600085cfdba6ad75a48c6e74ddbfa52eb336e73847ca14c2bc9288bb746648d2943e9974bf8ab78577e2fcb191de8d3795c656d3d75b39fd45f007ae39899de7ed913ea196463818120a380656fc22a3586c1a4d9a32f7bc33e65206aeec946ceb743e040101f78840f93e499973ffef37c7ce7618388fb31c05db1d4cbfa09d0cb618516caeedeaa4335276357a55d4648cb789d6d1fc1446413123fb24cbce94116b4a8e1a9e2a197e9dcf473c9f0b3b5c8f0c914814ef9a013870a4a7414b6f7bd7d1763a95a0cf1a275153951bb794cd46ba880e89088c064841bc3758dcfc6a1f9619c9399ca45daba179edd387efa0ef3411fcf714ef6b70a625cc7d8a318a6ac6e09e5f33503191921ffb43039630789e7dc696a8f96593e40865921552f7419aeb93f319196fc938c5f7c411206bbe56b51f0da25186f2c96462857fbf784aa08a8b7826548b1eefb55f4bc7c1d2cb555bd30e6cc122071597f9d2bc885c2448ed989b217e76d2a203a5782d2bb2f995f2fa78227970ec1036f6a6cd931ba47ede274e62e6cb8b28e3689ffdf521b7e559316cecd3f8aa69384f974ad3c032f0a10e78ba3b1b7fecb00e373277624c661390f2f4683c9820b8fefc7a45593837cde6d2edcbe803532a37721aa55d1b9976fe8a41ecbf669035e81135df0df29c1e4cbbc2e5294ebbf56dd8bcf3825e6b5854b38ecc12abefa30fe0bfda17675cd7d3d986e9105b3439af446c6107941a9ff007a49fa0227141c49263249ea763acde5e8228deac7d18addcf84fc011efa5ad75f3e2274ffe4b63985f44c361e051ef667395aa846eba16646dc7a44326fb07f7d19c3dd37afdce6cabc846a1a6fc0848b3f82f97e5d53d2786f36f946c12015b57b3063246094c770d6cc526b920aa7ff00475217defc42e3b93e9ef7bda17259453ed79c5b1814f8c8f34c24e2c91497ef60cff01655bf2f0b7ed0ecd2299caaba18e222ed9457b23a7b5674d680a1833eda6863293b7ee334113d050705c9aeef3a6055012cbd57fd1beae874864e92f753f359b0a8abc76c19696c86e1a610203174d49dfc03c6cce5fcdec85f67fcd0d69e2f32b431a1c1b6924f8a4ecc273882281ffdb7bfbb4e839d90a543591d6bec6f275075d7c27316b582f7135e7ea88702068b4718ad9636f562bb9df491a508dc9c8eb1eea88ff33f873dc490356de0651aa3a37a096f8316b24c45a3a47032ecff27640d202dc40e51e6d92b042188b14a04b68537a7e340980ff061b74c77c3ff73dcd5e97782a1bdbd82d4cd077f63f85df7443edb4de8a7a07523d7a1f71dd2f24fc49105e5b891e213bfd0aa1fe2297fa38187b4cdb36fb66beba4921733026d35172a7d5a14b5947e12c91a3d9b7bd283a85814ee592ae78bebf80b97ecfe8b8b1c9caa089a407b9b450bc271fa86eeba2d48f36f48738d6e6d59c1e8303fd5817f3b4cf1ac6e17c78ebe70aa5899af227bd5f7654a1f2df76d98e5b8c75ab374e96a11103d35009df767d952556275d18925b342308777c2df8cd14d62c15d68d2e7d5cc1daaf7f6c6e152dfc7c6cd8ccddc4a0678fcf47b5cfec673a3a8a5a7fa4029e8d4b0a14ccffd9e825a011b708a3f6a084a491fdcb14d920c4082c4d2860a33a9024af2d75fafd9c167b8a5ad62ca25bda0a6dca3fa1e17bfc64f99b44e20a91f8058581fe24dab7f2ecdafd90a81156000286276aeef63a39e4f7d422be0beae14749fdc1156d5053ba39734b5fde6cfb5b6b03c6d13107c557a6815676196b3e616cc69e53126e3343806a073d58fe62d7d199023347c927200ec9de928b7d44c1a9d1a192762a40b2dc43d43a9b6a36672eeb94acd98d90d81d52e05afe7346a5114f7964cc3461dc87770ccd685fbf8b1bb5f20eebbdcbc161b11a8e54f2cbec7691dd2ffce461200cd612f9fcdc2aae60a5fe3a7b7f0fefa8aff2e8f92ec55f33bc0a29580fe839160655338c3c7898a03fa5a2bd9fda9ba76e3330d562f9b415c7e4b69d4a402cbd9ed701c41291bbdd8e778f4a8a65de66a9455e2cd6534de7b6cd967fe8cca69f313cdbdb3bfc1cc9e0bc46280987e5621bcf9285523c1f6f19d7ac06814ed92f5f289c3c40f462464f1835dcea8f4af707d1e2d80988d6349950974827464b361bc4442af8f5b868bf041972844b63677db3189cb38881f90c960dd545ebbe1a46e259df67b34027678bebb3e95b66862eb57b0f3db590af0f18254fb2444d0057d762a9e405f51dd00efa1e4b044a953940d76df104c745cf06af360b663aac0385a9c5487903c35d677a4e7fe75f7923cac7c817a30b2ad890e5442108a9e1cf6c525e4dcfb73eaa969885e4849371659cf644900fc8a17fb62338e3f601f8c0018e64f86a713143c0b1ca747656034acc555e86ed403b4afc8dbd4707d1b633860afe936623959c86bafdb92257001ed53f796987073196df952e4da9999c6bbfc63309f6cd1c3a2db1cdcb8a7b2657c0cbd7cc64a38fbb4916d1f26619a4ce34743db213f5a1743a3212458c40e77afdcfd622fd7b3967e4ded065702660f726c46e9db50fa863fa8d470e29e3933c05ed44c1aefc3ee87df93b06a394d9d18d94e70a98219475e1492d150aeacf57cdf0cde84672bbbc232168518e85b49d7699d6d0c9d56047034d785e2b74048a9511270a0a23d464efdda58e32c4a24e5e6531ff7ed1f7be856a73d4f926fbc12a6bc6a5f3e006b80e62cde6c10c0b7d320456041c2a7d938ea2e104a457b2124f558130e5e0020f73bc952c94822d1544c83188344de63984780ccc36af81a91b8038c3f399df9fc6decae5f3395d5652617bf2012747d6399d3508e85008d09b94292dbe0c9501f0cafb0df84719fe5985dd68884232074b94a136d1ccc2e92d604a9100fbac6f0aba1adfeb2c712456d90bd33fc75bf6ad0ce8584bd241308aab17aabc2528800f010e96e75843bbd9412e3823f54c571e5ae4cb519b9cabb4659d6fe1cdbae40c2a7173604005949cf8e9c3a0af31bfd595a5b4b4f60267b5134d5f51c2e2f755d893641d46bbe6e47478db4a318b6050a3c700f5b8f358c96da3e78f2ee110e4d51cb822fa7ed224d450cc9a11b015b22caed13157454c54a0f65bcb61fa8443c5ad473e515a38bc149efa33a83e6989c13c7d8c0ea5f7dc0ddfd4945e26771fc8991575187feefc7ace077b324375374cc34e79649efa4c96f28bbaa2a6fdfa71802c0ae111095f008d939eef5055b2ba3f7164fb92e553b70bcaa9c38c2f9408dba80888ff49f42bf4b0b49598332a07743d36ec4b4663d04292da705d3b8cdb5a91f2e83d01f7beb50e78d95f5631dccd98110eb00487b00e93dcb3b1966df04c4ae4f66ad01ff218b1658341f5171f6ffeb448bb0363721be63eda16169ea6fb16da15ee292c24b1036ef926dc849de6bd47b183c0d4283527d7891a085a8ba96a95cf8a81ecb1783c0824a3c35a12ea27a2f1524bc3f2bc963f55cdd3371a7e3c56e5f4bce52b71c0302ca9fed1bb23d9bc42dbf04ae41ea81e080d2e472e4f6e422f5c045d0e0c5ea68b1dabe1929d923b70daa959c31fc1e782ea52d80532845b84e2d1ffa29b0eb63836359fdb762583bcf4605fe0307274a1fec31148e7d3f49111d6ae854040188ffd10a7a0d512588a321bca2cefe74a94345e11f4ed677694429da8dfc244b9214796d8c1e443e2fab8d99520eb731a0eda4f212deac5e02b0c0989641997d50fbafd2a0e261e17a7e097306a8318ac12f24baf32fe5b2a256c12dd6f455aad9ad0c42386ff46e81c4678d543cf6e28967a35de9333ce168a6d5c020261591c24e039623e56fb06317a3ee68a215a09c309b0eecb854b68a885ee44acb55d457015a369dcce3333594da9d0328ac2821223fed66520411f7729c065c3bf69daa9695dd10e2f45263587267100f59c8c889b0280fe4bbf8db943fe7ea98fb9d298979c7f86d664dca0d03772f5fe666fb0bc7afb4d23b576def5b074fddb641bb20b88844dc573e29a88ede38e59d49f3e061cd841b64a2ad8782e9698336b198e0a6caad54266cc158e8e349a6b7ce7601f410859eeee25f30417d923b489636b638d0a609f4fc072105fc0952fc25a623e4e0606b72fa617f1d4c3251b38ae44451c53246f3447766cd0e2200120cb0ad55ca07d18f12f261d3e368a52474787ecab12ab2c45dcc68ef40d10953d0cceba4d29af893bf170029a30ff3c87dd4ab820cf5dca3a9323ace9615f93f4375c87b34965f3a949218279ce8135f8bca8efa89bbd2267f2a237fde89bea97f2f5b2c3e97b79c414b1b674d8ea3cfdc1304bf5146b25edb1df0506f03a40ce0fa06ccfb7fec32d49d05cb662e3b52f9319ae8e361e26dff752ce3f9592a5f96d29e052b6d4bc07a23f9ee5fcf0ed005fbceae8af75d3f1ba0482d1f2b55a1bed04e1e371dd599debaee68d31cfa921b51e96bf1d7e7f71ab195463f80a95282a612e75d5f23393e0d249bfe400d548515772e6efdb1910b9d933bb00b20d66cde3a35710408ce6c9891315b0a464bb4212a1ae1e84c1fbebe700b35f22fe6d5622d70dd9fd700c70e8cf175926a76b4dc7cbe55c50cea1e3d2073205b417e899d0966852cdb8f56000368959a7b9408e0820aa3a49acdcc5909a57bd9def5d8f37decd3bcf8b38f15fff3aff49f407bbd22e150240767ff68fef9dfffa4446c1cae039c19ab68d9637ce49b3a698863f2443d5ab8532f686977a2ce8eca63841b61785f3566046572112340354fc7fa3d787b160e61ae33d2a650fe6f18d7988fbbf6ae6fa3561abfd03007b816f2cb385a0606a4841353ebbe659832f3618d17298910c4033f650a0cac860d36fb1da36e9b3c39a65162d69c02d4d3ed4748658744b27a52543e83108c954341e27f5d74f4d2c53a758fb571848b01b204b1c6153a9080c72e6efefffd9d613ab61d8baafe26d784c317f814890ad88e802cd8c15d1eb147f74b8d4a6ca5821ecc62ddfedea8cc202006bccd018a95ac7854b6365c028533adb03e3ced0e20fe537e57be3f178671467fe80530d4b958701d6752057c58b7c68f0f82a209c3b8222917aebb0978cd44ab142212fa8469acfe2c7d88d3b9f2f7b18091148ae1ee563e1315fb34216bd52e98f1efbcfedebee74569a702cd9aa2e94f49f3ef922ee4eaad3f1d3d50ce8e740b004f33bbc507fcd1f54585f2d758b069b72483c395ec9318000ceb032202b491fe05f5b05cddcdabb88a0887fa20855cb4fbc1e3a3e3431714124c1fb97e0486a03fa7fae4f0b2bd6bbc12b86f19207e2e54918593cd669b2217128877e1d004352f7e46c3bd6c3062f84d4a10b2d03c8402c9082d03a5a407205ad0524394eeb8fa77d6588b9a9d036fe2b18a8cc897fe281bc0e160a97ec128345ea4f25c203972df3e07c3b59bd88bcefe9748450ce98ac33f300d5c8a15b7da7932c5f3af72b2fd4b4231cf228e23e7e4f81344be7cc7ad6628728d8037113d6e77bf50bb260cee69e7c749ac0ff9b82ce4eafb2e8c91e45c4f5a6c0a26b9db1a359a1be83919e383e69b0198b0db36d8c9a7f1e0ffab799d34290a310f500dd9124fb2380c85a35e272a0804906f4241079774c5b53e3b3578571b3626de987a262e033badb35adabb4c730f0dc271ef75c42dd4c6a7f7ceeda0390cc3725096dbc2f4eed3b69794e710e4801442db25b7ecfbeca0cb3cb531e150cadbaf31f3ab73996c3f58d6b65f75793ce8b99abd2480d6a56", 0x1000}, {&(0x7f0000001600)="9b8c7d91f91e6351d271a323a1c7929cdd5a336ceb961a90b7d13f15c1dd6d409f4254f5089ff6343b1af305985e45351cf5ce61de7346912707e533e1c28351c17a51fbe0126f008050ed011b0076d59ee7d38c3dc39a6710c37ed8da8343decbd562f07db1770397354d2f05f514b3ccc5cb1ce1fa30292d0b4999e8a32dd9bb60fa2a043ba43f42d74cc1403ea3fe34a324577c9e319f0d0c3c0434c976791b4653d2e0fd480ae16262066b5723d19f45f9c74ed399c331d0f6d4d2f9d5589bfa5e9a22c3b23407de9df3e140a63bcc6da723e42496537ef9c2", 0xdb}, {&(0x7f0000001700)="78a3d818a38e49cff460d287c7ee9f2a67b89930f8d1954d4273c2420c04e57f13c8a99a28c9d4f24d9542b391776e5034922ba7b754", 0x36}, {&(0x7f0000001740)="e94365798509ebe0ebd8b3c3e68d5cbea20fd5d18268b9c1d97b75055b258d74973f681ebc46c5efc806564f0ed3e4214cb56056d1c38940e9d97a242132de3d88a84cd96de39dbc85", 0x49}, {&(0x7f00000017c0)="bf9ec10984b63686816f0776235b062f1f7939a161771c861bc7b22907b4a18e6d775ea2c3568c4641c51878e2fcd753220d42b9f4c17722348eba1405855c7b27c99074191a0218ee6503af14f68fe014d17b80175990144acf899ce7c746069c32ec843d1cd38e7a65703214c14b13eaa8d5313ece86fdaced99d9797d5d", 0x7f}], 0x7, &(0x7f00000018c0)=[{0x70, 0x107, 0x20, "167899ed953ef405d94ad4234283debf3e0ae45b3e7ed5e4d6a276c7e01a2cbf7d71cb18a5fb1144f18590dee2edcc226c2e37848b71c4b6a573b367c173642e5de6fcc52aba0e1a20de949c8f1b8415f89182b21619acae4f79ff"}, {0xa0, 0x110, 0x54d, "f395c2caac86a764db75560c1d3f953010fa4c707b35753999df1f156a56b951c156f64c475edd471566b0fc38be6f6edc7c6a211f790de845fd82036ce0beefc9cb3bc028034869395c4dd233347c433a44af783e34058fb3ed59e9b8eb64f785dc99dbf272a8e17aea587f5dc6497e174ca6c01a40e43c69ad9262e7976315b148656c761e9349ed74bb7618254c"}, {0xb8, 0x1, 0xffffffffffff8000, "b48e564a840f34b47f500c099487a1694b79eade49d6683b503f7a65547d0538d1332ed84106b5cd7748c0b672c8b9dc0beddc573019228f79721e8828989014521ca822c443b0673e749d39173c47007545951f1be1a1e8cd33c6f7d41d45f0621700588c6ff15c7ee461c59cdaefe727be11e702d2a7263a39fcba3990832daa58d7897e737573d27a661560124da205a3c7145b61962779b40120b7c38b6b0c"}, {0x78, 0x107, 0x40, "d5ee9c4d90d650020aa429210d83b1433142b4816f05127205ec871d1c5cdbf08a7b5c6c18887af4e9aebc621a4bfae8cc3c811a77f99767aaf633d3c288cd6aecf10b3bffda4539266b3e8fa6318f977546c4c8de835bde40d6ea384ed7f7ff961e6a98c97e1ecb"}, {0x28, 0x77369b4d96a290af, 0x7, "817e1cf46af5a2677c8620c8164c1bc30bd5041fb2155e"}, {0x1010, 0x10e, 0xf54, "c30d96fe9f1f3b660cf702a5f6a2cd6b02aa4a3cbeccabd18f0a942db5e0ee0b848924f42b760b0fb6a4b612282a4ca196d53c631167235efe8e851a4bbb00ccba232bf45737041d26c8dda6bfbbb136ca9c4023e629da93eeca43bdf949682f5dd52e7c402bc408d08636af540d1e223c72e15627447cd93b15bd944d876b2a44e0f69f67f4cd932b161fa799c09eaf9a4282ff38f89951d1148a699a72d76f41ccb53fa408aa792841fd32ed7e5336680543266155f23b95b5b0e9730ea8e0983402f2a7feb7aa7af8d0d29497fc13009e198485637682dc87b384775451b5e216503f38ed40158e353709e397df4466738242492797c605057ff9ae26f26c6834645ec346ba667001e03fef8be6eb00d881ac19e85d26f7a4061f47aa3024b686ba7ff13d1cb8db249135970159d8e9cd5f8c2f7cb585750b22bb4afa5d7a79d8dcf23089afe41571573ff657a9dc24ea3c4d84d0aa22a64f616ebb11d859588fdff08b259d78cd05078bbe6f8ffe4e78b7d0640d5f8affa4a47ba0b7251e7ac9e1d3b3a528de9ed8f0ad7b74457d1146b29dc6a22dc94e64a6a3d44419763919b5f8730a72ff663226d70c9f159e839d2d4c661ebdab9ae005899ef9a1196970b389c188bdd7a46aa44d3704e4f8e2a3d92c13b48268eeac3b8454039c0e85068aa0a2a1bf517366030ff190dccbaacbc50ca153383afe5a72b9245b9077ab1069b5150baf6531f1f68b35ae0037a58fa0a2ed6a784afde647a508ce0e41ca40af6ce468bf54268ec270b711294fef1926cccc94237074faafa9b7151d4e43de70c609b59d7e9cc227e5c61fff7c2c8e36b636786668d7dfa56c0cbc0b6ce9bae9dc6dc037b71aa8f55710887dda04a3cb9dbd37f72d826132bd6bac7a1388726de246701d162fb6b7cca5ec59bcf4b72cf33ad704276d24f23b687b41ffa03c3b0ad4cbbf54922c0b655e867ae3127a3d9c214d9e61caa9f01f2174cf7274b21a6d782a268e31d08f5996bc1bdd8c4bc7dace3d61f9ec62fef1d4a22f29d9d8434120e148ad7f0e54d445f2b337500806c3983bf29166fdcf9d81c8ff1d975f0a6a154bcc617cfc8d5f377791f97def37ca0a0747441ae1db6a99dd8f996ca88147a0a415f342ceb9dc3c04e10ee0e3c534cf5aea9bdcda1239c408c60b663f595eb90daab1a5ab049340975983c2c520b9eea07ca2841cbcd60cb98b67b190ecfafdf1dfd769b81f95f7f3a80b446b6602c4cae62f5b20c73c0241ac3361be22bddbdaefd2521497cabec58563e1e8ff9c5ffcf59322517101c70266d294d0a95c7deabb1999c563e993115765eadc8abfdb7fee65a3f39ac67736dfd372f16ac9c1bfc56b67d135ae8eb0731eeb2b837f7bd7b52633d54c3011bcda96a66e1e7a80f71cffd1dc0f7a66192040708b7609e34eab961225b128185e68ec51050079cd0b3b59c38cd5db3d966682bbc5ac7188d2f7674181852b58d890fb693079f852c7dfebafbf2e126e7ed6723d46d495fb230d04a07d520ddfd91266156b8368d68fab5e02dfea04c9a1d370d62c4cfbb1f147a80c186428eed10e05942c7b35c59e05ad947aa7f1850df131f65133da64763bdcbdb15d27630634724cf4d74a6a831f0dbd1e917e4e2b919c4c878bef52fe4a63cd02bd4edfdc14c84151ae0852fc7b925549373821c67f9361ca87dfd5e35293f83f3170a59f7e411fd3b8f8801236090d984bab4ff410e4763e8f2700b8ed48cc998fa05b08c4fb91590dc9ef99ede4dceaa2f11c6a78cf4dd2615851841f8923c41878f5a719c07dab964ad4a2a23dc21d8b10ae93417b668ea222c66b6c0503b3acf6500d09da35d533249caf612937d0db1be774b61c46300b4735b4c0cb4eadb102b59da7af4b8087f57644d08c12f45298009311626e1b2e1ca4c920115bd17d6bccc9bf6bd0e19661477e52c3a599779ca07fca8bf4cbf7853d0ce3208e6fe541ce14a75eda7799d47f7a6a7dab778d992b441515561229a7a5551ffbe7d05856871436f8dba6e544fcfcaff00fd195fee63960d68e610a9da9cf9effae122043f1ad2e30244ec485d0b4babc4c18d429634daac3ad86d67dc26742922ad5d54dedfc2771a398fb6a01ef8b405c63634d65e06ca5e390f66dc6e52c0f364eec69f4833d0da0f62fde430d9db84e87adab8a4d0d039c086b71cac30746315de302468e66b36dd15764e18cd6d3d738623ba6c32bf506b854aefc52d594fe8300ecd8c20a5c8a64aa8c3e51b492a85e28171bd5de173bc1896b4422dae2b2c41d6af6698062686f94fc27df22e49e31adba02334b7a307d531f343ee593442ac4d075307b33bc6ec34a4d1cf792dfbd8253bfa487e4a4af0d95f78c7e0afbfd856d733eab2a80d97bff3751b321dbd1d422f75b850d2428a1973643a5bc0874fa84d0f43ef4030997cf3baf7d327a5603a551e3de2482582829fb0b91786da93f382f98c0f7b785d14100e27400b0bb5424797e9874f92e884d684c5358421ab2432a7aa9adf692984969417782596d860d2f74179ed727d605c295a196f780f7534a088f2dd75500eb8400cc15df7d0833f65773dcf2fcf9581dcfd4a36d66d8be446abebd4f14824447e937b27ea0751d575191572fecbdfc105ddbd857c0d61dbf35965bc3d10c5e0de7609d003dd4ccfd37e4e6f10b915b6794e425984b27fec80c0e815063a1efcf95671d642046ab442b4dc164c8b5f9fe0ee8464090bf37f16754d2642ca583d9c81991fe4d95850084a11a45aff61fc958620ff3583da1ebb7c656efbb89e81688074a5580109a049a8033c0fa8fd5dc1ecf0ca25f97d2b9f841b99c1b2ca7a465893cf0fb436b7c45ad160ae02d769620de5cd00812db39b077731adf72844a183c622ad819987c8a50370f012f42180740259479b178ba5da53bec9caca7b97c51edaecba95aa1f5cb3cb3aed2c352c693f6eab5cbf52f1dc91675ed66fb47a80f3107d1b43e9fb00fa24d4581482974f96d006a0a6aa1945e314e5fcb0009ad16295f046c616bcc3932642f43d721152d92fae43f1a5a64eb51b8496f72e73e68bc5dfb86cec2f302143aa5129d41a42966a1650c1e6e4e88d8250e54f44bb2a190a468a8db0dcf7e8f94ee97e9a6b3abcc551cb78cef80e70989d9ab1effec3c0140a11240d43732f7d342dbbe26fb1c4c74195085ca7fce3da18444dcf1d4b0afc924b3567741dce568a9b024342270843a7568b6a9276f2ef085df64c74a42b92ea52a0a36bebd9b9cbb76a8c8efd445d6245de98dbb7e5341a7d16af1953aba7c971e025b9982279415c6a8b24af5be96ee03d9f361ed82c284efd3a5c7c643b23ed94474c792c244fd3acf479a01514bb915deb8495e0634e68eea8aa0f652db86773adfb833365925648d95aa430daa5658b769fbfa1188641ac7d8ed2a0c0f03173672cd41dd4eb1a18c41bce1d62236b9cb3881b15128bce959877857a8071782636fffa6b7c5e20a6551278af8517b866810a32b4261a14da4d00651ab0929e8b5c3d367d8151a3413b3e411d54c68a0db4de2b8825b7532aa538e19816cbac594b118403206577e42ebda1af140885ca4becb1441110d2d8aec4eb36fd1d0fb693b4a42b4dde7a4a9bc2a5a36116c4616c1fd15ad5725a38d31cf3a2ac5e7be61840eef3f4ed07cad89c1a1dd1a136ad8fa9c521f43c0bc6a0e3c87e5b9d959801fa078f762effa85f48324974cc41a12f4eb3baca1b68285e884fd2b2a6452926809816e076328a6f2cbc68acc8cff329784f41fd205cc1d0ae697f2d954b1f9ad3538adbf5a276d8d6be415c1daf946543be3b7cbb5ade83551eee8a8d775587b4823fe97a90513ce80e65712118124f8ce31f51790e214126751e9fdbedcf13449d68f71a4786fbafd984b8f49444219af252021848d1c511ba06fd0d33663ce50f7f2286d13744f7df4bae679d933e339f166415b4bcaf48c6abe59e96369743d5aa830a8f7d33d971a098b895ceaea2354cb8e8905a395f92b9bd824ad1b4df3f4e8ef32e3ca894e1caf44156d89e0524b91c392ad6d813a706b01cd6ae11ad782bbc8f4e4f18c7ec0c15b229002a88ecf697d4253c2d0363d533c77ce50d0b287d767185f4a74bdcad44f874ddf4de75dc215d8ce1a3c2c864222eb8f5acb1aac883598ad7f68ffa52ee0dd2ea45b9bb8fa32ae2ecd3554ae96539a1e6d0de6fe28b50684f58336a339a2bdb52da1da4e57e5259390b4c4d3c1de8a4b61dc2b048a1b7b1e78be5675fb40557646ed2e5b5ef48c6b505de40aa74ea680b6105b8d73d2c311cfd933f2c3a6899e6fe47fa21faf12c79aeda625fbd269dd49338af1b6484bc09df17e85bc39df51740da07fbb497e4dc7da8e432333733f20be52fc69e6c39cb888a7ce780378fffbfe06764f5d22dd3759a2cf896a09aa1ea1218452e841d498489b2bb1f35e7228ac2e1994c9f67ed03f40ed9291568bcc4dea43ad5021ec10ec2a6c4ebf838d904de55fdefd0ba5911aafe78fbb0ee9d1ed3d26ab92918557dbde0aa0568cc48af71e39ef48f103bbbbefe45f08395e4d45d3921be92d33225159ebfb5a6dac13594992a0df378b6d798061cd9ef44f1e37224856bb0ecc865b7b4fa04eddbde3e5d04bd78fe798285e56494e4ff14f247b25dc1ab91cf9f9bb41f9cc8248edd4f2f41258287fab4620c71b9a9a1be21ab7087e39c9b425951bd3fd380d538dd518648008462b5fd3044268827b15d186bee32ff05fc2ed07c572dad36d78b659cfe3721eee73dfedd328179e4c3adbce4bf5f89ebc70962cb54d5db602433d8e589287c6ad330bc925b259849a57c7e66507d6493cc0cabc685949791ced4176efa1b6d23655c5810918c645736d9edb8442ce4f11e1d62edf375e2ba52997c92439ceea3d40ff06924c490b6dc06dde617ad902e32de38f3a7cb13f82983c06dc143c0f5e3def04588eac287229be7dc5e020fab83e82002a4454b155ebd39d0694e55e2e892808b3e1be718bdd3888fd915980703d6701280484292b7d95aabf34200ec8e8e92e4d6ad74d67a1b6fbbbf01cc75fad742f7cc300be58504984f50660635e5d44d959ef95dcc358b46a001cee9b8365a31e2a793da8d8f15cbeb51942247ccb124aecd01a297aed2fc6b45d5744e1ff43b920c6ebbd28eba9c04eed14a8b0840b83d3da492f20df8d70194a49d0116dd0fc47ab6f9364ecccd586e4c320c88a87a44aab7d7dec5c0effc8eb0b9c95d20d4d28d791cabd72689ce1fa922c71ee182fd1afc0c935504839eba98bb62b12d847a1bdfd3d69e0e81a0c7b0ea2f962fe22d0280f42960e6589f11fc28d314a4ddc2fc5dd6cab00ba0c6324bf1d055ecf9caf12d310bf3ebdc1da2d4078efb3e103e7bd8114fe506830a63781a17273f923f10d648c638acbdb7e524f093cfc0a3b88396531bb14b40f444e90fbfeea1beeafde919fb2a76f80a73e5c1b722be3a054a88fe4b9803c9a3a4cf47e831c8e027473c88d992715d8e49133fc4076c4ce8be69c9c7167c221bbc6b680c48c4564803c6086d90b0660c8cc27de5dd6192657d0135783aeb5a5d59a528ffb7141d53faf2eeaa935728ab9b6d523e3b5924c17257febf5a3b5dde33a0afa1075c0e1764075dd049941b391d9994e9d071acd7d2e66c30c72dea0cc736f39ea37dbfefafb42989531c64d22e3c54b62c31e667c1aa12c30d884542ba7f1f8e2f7cb56f4f50a51d949db3e4e3274d0fedb8dafd40e3e79395708e2fba9177e"}, {0xe8, 0x0, 0x9, "6b2ec9aa803965cf550334a0a24de625a090a7efbb62ad462b0063ca3461d85b7a9279f06548493a80eb46320490e78a864575158c9c8ba49a349681121a1bc1f209392c94cc65bcea1eb607f99df40b2fd2d40c04a0fbe429a412386234043e27627d12d78d152d39bcc22881fbb8d6228ffb672830853ba2b07315ecacd6af3818b6c2c435d6f49f906b4f7d5806dc05f327a4fbda51eef5ff7e1c314ef9d8246a6a3b3a7febf9532ee0a762fd9ec9ad598fa1a6824ad3a98beda8c75d86a29ae3f8eb154381a7bb3423a96a8ea68461074d32"}, {0x110, 0x10c, 0x7, "978e893ed74c40374387caf045f42d86bfc8c441e6bc39e05fe6be170b5f5e94d773c98190f48b8660429091365c314d6e32cfbd863a45b82232c7cd78d35cb0e4e4f48a2982c6b14893f794072f29a7a00dd81586f59eb0824ea8091d9a5806154f26484820a255048c3e869e1b530327186b2a22b070ad353ed8b60e0fc36b86017ed60a50265b0edcf8ef642c4c9e94ef18f237a6cba3d38c0048286ba0ba20ad6045a2373ac443a3b11e42041ba5d06657ebd25302b643b9f382a105df170af12ef1ddd8b8d7f81ac8b3c48b64b9cec0609a462530f1ba44783fb8af1d08e8d6a9d00e225cc884df20eccfe2bebc1ee135583fb9923da53f"}], 0x1470}, 0x8084) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x40, 0x0) write$capi20_data(r3, &(0x7f0000000140)={{0x10, 0x9, 0x3, 0x82, 0x8001, 0x80}, 0xd7, "cb0d34e68d95793052550c4fb2e0e660893a771cf1f3f9df848c282b3170300859d80d9536c6062e8668a301277fef173877ec95573c8fce5e922dfece4aa4e60a41ddbe63cbed486254870787e811713fe7718f10b17b984f98085487b2b1171df4ad55c49aceddf030296d62f9f89d7547713de4cadb722cbc72634fb4e3adc1f88b00fc6c8abd9067d5bb0262b66b11fdad25b210237ba7f41ac75c754d24388504e529ff1b2ddbc25de29399b8c0e94e05bc911bdafbdaa8047e4c27518cd92fa222e214c304b6e5d81ba9d79f35eb89d07719adea"}, 0xe9) ioctl$TIOCSWINSZ(r3, 0x5414, &(0x7f0000000080)={0x1, 0xceb, 0x0, 0x800}) r4 = fanotify_init(0x0, 0x0) fanotify_mark(r4, 0xd, 0x48000028, r2, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x100000100) close(r4) 07:36:54 executing program 0: mkdir(0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:54 executing program 3: ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:36:54 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x0, 0x438}) 07:36:54 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:54 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:54 executing program 3: r0 = syz_open_dev$video(0x0, 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:36:54 executing program 1: r0 = fanotify_init(0x0, 0x0) fanotify_mark(r0, 0x10d, 0x48000028, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) recvmmsg(r1, &(0x7f0000000c40)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)=""/62, 0x38f}, {&(0x7f0000000040)=""/135, 0xfffffffffffffd6a}], 0x1000000000000152, &(0x7f00000001c0)=""/252, 0xfc}}, {{&(0x7f00000002c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0xfffffffffffffdcd, &(0x7f00000007c0)=[{&(0x7f0000000340)=""/252, 0xfc}, {&(0x7f0000000440)=""/229, 0xe5}, {&(0x7f0000000540)=""/196, 0xc4}, {&(0x7f0000000640)=""/230, 0xe6}, {&(0x7f0000000740)=""/93, 0x5d}], 0x5, &(0x7f0000000840)=""/75, 0x4b}, 0xe1e6}, {{&(0x7f00000008c0)=@pppoe={0x18, 0x0, {0x0, @local}}, 0x80, &(0x7f0000000bc0)=[{&(0x7f0000000940)=""/52, 0x1b}, {&(0x7f0000000980)=""/254, 0xfe}, {&(0x7f0000000a80)=""/188, 0xbc}, {&(0x7f0000000b40)=""/85, 0x55}], 0x4, &(0x7f0000000c00)=""/43, 0x2b}, 0xfffffffffffffff8}], 0x3, 0x40, &(0x7f0000000d00)) 07:36:54 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x0, 0x438}) 07:36:55 executing program 0: mkdir(0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:55 executing program 3: r0 = syz_open_dev$video(0x0, 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:36:55 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:55 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x0, 0x438}) 07:36:55 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x4000, 0x6) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x4c0000, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f00000001c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="de000000313ccf1e8fbbde59f8dd42e653b1dc8abdb19ba957f506362aa72a6b7a1e32412d71bb94961e181d02a579c78e4feb4bfa7ecaa00d72ab7b6706ae8f399be5196ce43d8e2297d96f5f4e46ee858c665393c5208c6d3f751bd1b81882e4fdbdbb3d708db587f93f9935951786ba4fc3b90ad5398453dddad20caf475e96f54736cb9144ac541c00e910277cd602bb4e05f0a00bd78e6295172a86e7618580c7f47cc65d0dc9628e6edc0007c73f4e2cbc7b1096ac1d0ef4b6b220fd14857e8aec2b51ed45eb36cbcca999129a00"/224], &(0x7f0000000040)=0xe6) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000000c0)={r2, 0x3ff}, 0x8) r3 = fanotify_init(0x0, 0x1) fanotify_mark(r3, 0xd, 0x48000028, r0, 0x0) creat(&(0x7f00000002c0)='./file0\x00', 0x0) close(r3) 07:36:55 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:55 executing program 3: r0 = syz_open_dev$video(0x0, 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:36:55 executing program 5: ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x0, 0x438}) 07:36:55 executing program 0: mkdir(0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:55 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:55 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) fdatasync(r0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) 07:36:55 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:36:55 executing program 5: ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x0, 0x438}) 07:36:55 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:55 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:55 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:55 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x4002, 0x0) setsockopt$l2tp_PPPOL2TP_SO_RECVSEQ(r2, 0x111, 0x2, 0x0, 0x4) renameat(r0, &(0x7f0000000000)='./file0\x00', r0, &(0x7f0000000040)='./file0\x00') creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) 07:36:55 executing program 5: ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x0, 0x438}) 07:36:55 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:36:55 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:55 executing program 5: r0 = syz_open_dev$video(0x0, 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x0, 0x438}) 07:36:55 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:36:55 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x0, &(0x7f0000ffb000/0x1000)=nil) 07:36:55 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:55 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) ioctl$SNDRV_TIMER_IOCTL_GINFO(r2, 0xc0f85403, &(0x7f0000000000)={{0x0, 0x1, 0x8, 0x0, 0x7f}, 0x7, 0x7fffffff, 'id1\x00', 'timer1\x00', 0x0, 0x6, 0x1, 0x5, 0x9}) 07:36:55 executing program 3: syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:36:55 executing program 5: r0 = syz_open_dev$video(0x0, 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x0, 0x438}) 07:36:55 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:55 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x0, &(0x7f0000ffb000/0x1000)=nil) 07:36:55 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:55 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x2, 0x2) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000040)=0x2000004, 0x4) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r2) 07:36:55 executing program 5: r0 = syz_open_dev$video(0x0, 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x0, 0x438}) 07:36:55 executing program 3: syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:36:55 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x0, &(0x7f0000ffb000/0x1000)=nil) 07:36:55 executing program 3: syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:36:55 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:55 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x0, 0x438}) 07:36:55 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) ioctl$sock_SIOCADDDLCI(r2, 0x8980, &(0x7f0000000000)={'veth1_to_bridge\x00', 0x100000001}) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r2, 0xc008551a, &(0x7f0000000040)={0x3f, 0x20, [0x4, 0x1, 0x7, 0xd4, 0x7, 0x800, 0x0, 0x1]}) 07:36:55 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:55 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x0, 0x438}) 07:36:55 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, 0x0) 07:36:55 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:56 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:56 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:56 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, 0x0) 07:36:56 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0) accept4$nfc_llcp(r2, &(0x7f0000000000), &(0x7f0000000080)=0x60, 0x80800) close(r2) 07:36:56 executing program 4: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) ioctl$sock_SIOCADDDLCI(r2, 0x8980, &(0x7f0000000000)={'veth1_to_bridge\x00', 0x100000001}) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r2, 0xc008551a, &(0x7f0000000040)={0x3f, 0x20, [0x4, 0x1, 0x7, 0xd4, 0x7, 0x800, 0x0, 0x1]}) 07:36:56 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, 0x0) 07:36:56 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:56 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x100) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0) r3 = geteuid() sendmsg$nl_netfilter(r2, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000040)={&(0x7f00000001c0)={0x288, 0x4, 0xa, 0x100, 0x70bd2d, 0x25dfdbfb, {0x7, 0x0, 0x9}, [@generic="f023d2a1ff458536ac273ccb9a797cec8f31ad8d374f72e77a501798a9c261e7a1b0892ba45f18d589ba1345d48fdc930707737df5dd9ce9cc941e99f5af80e9c06803ae67ea2aaed1b1934f2b", @typed={0x8, 0x48, @uid=r3}, @nested={0x94, 0x51, [@generic="1d61fe3f17e64ae59b4e2c0079eea55b7696a6eec976d83a533f0c2e8ffd695ed74a7167075ee72884383f6ca28ba517554b8ee157c96e820dda5e6864ca9e95cf2fb7aead423ce4cae7cac3c8f5d26f727ac17d68ce4a79d8720dacfd44746d57489cc1c03b87eb720710574eeabb1a2710f39e4f52c841f5eab228e91198f949a77616bcd79fbc67567adca7"]}, @nested={0x154, 0x1a, [@generic="c3296fafadef724c2748d91fb5a2ee12ec25c43690466f93d1a169e878cb880768a876d90d50e804794860d4ffb1288085c37f167b1d97f4a38613308916b273883129c527", @typed={0x8, 0x15, @ipv4=@dev={0xac, 0x14, 0x14, 0x1b}}, @typed={0x8, 0x22, @ipv4=@local}, @generic="eb957814e849c49ca926446a7af912361e3442851c9e4f1431bf0968d3409fed9cb755c9909a17390d62a63d4e29678ebb4d98b2a6cb7dbf23454ab15f23f7ec8d4e336b384a896f93e0165c632c8af2caacb82f1b92d5c3d27c33fcee13d4bcf9534f81a28124750088771eea0b2e79f288832efe4fad25a856d39cddfc5c0bd8bf608b6732be084d972e772a0ddb8d22c755d98ecb26fbe75934b6c2758d6341c2abd0ea8be6", @generic="1a900972705234eee76905d2c9e9a2a68956faea9436d724435251df37f0b387a58af328a830d797c648fe5f92348d94ea57fa37b097fbd8b205adae76caf11beab7e74716bcd2a507b6b5266848a042019e"]}, @typed={0x8, 0x2a, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}}, @generic="3bad10beabaaac3d59b06f0eda12e7bfd9488859ac7be21b3933875db0dd88b931d6", @nested={0xc, 0x47, [@typed={0x8, 0x84, @ipv4=@dev={0xac, 0x14, 0x14, 0x16}}]}]}, 0x288}, 0x1, 0x0, 0x0, 0x1}, 0x4000) close(r1) 07:36:56 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x0, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:56 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:56 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x0, 0x438}) 07:36:56 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x0, 0x780}) 07:36:56 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:56 executing program 5: syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x0, 0x438}) 07:36:56 executing program 5: syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x0, 0x438}) 07:36:56 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x0, 0x780}) 07:36:56 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:56 executing program 4 (fault-call:5 fault-nth:0): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:56 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x0, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:56 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) chroot(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) 07:36:56 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x0, 0x780}) 07:36:56 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 196.426309] FAULT_INJECTION: forcing a failure. [ 196.426309] name failslab, interval 1, probability 0, space 0, times 1 [ 196.474630] CPU: 0 PID: 9101 Comm: syz-executor.4 Not tainted 4.14.139 #35 [ 196.481684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 196.491038] Call Trace: [ 196.493633] dump_stack+0x138/0x19c [ 196.497273] should_fail.cold+0x10f/0x159 [ 196.501429] should_failslab+0xdb/0x130 [ 196.505413] kmem_cache_alloc+0x2d7/0x780 [ 196.509569] ? memset+0x32/0x40 [ 196.512857] __split_vma+0xc9/0x6d0 [ 196.516488] do_munmap+0x257/0xd60 [ 196.520036] SyS_mremap+0x933/0xeac [ 196.523667] ? __mutex_unlock_slowpath+0x71/0x800 [ 196.528523] ? move_vma+0x860/0x860 [ 196.532147] ? __sb_end_write+0xc1/0x100 [ 196.536231] ? do_syscall_64+0x53/0x640 [ 196.540208] ? move_vma+0x860/0x860 [ 196.543839] do_syscall_64+0x1e8/0x640 [ 196.547728] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 196.552582] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 196.557770] RIP: 0033:0x459879 [ 196.560957] RSP: 002b:00007ff398fd0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 07:36:56 executing program 5: syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x0, 0x438}) 07:36:56 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) openat$vnet(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-net\x00', 0x2, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r1) ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000140)) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) 07:36:56 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, 0x0) 07:36:56 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, 0x0) 07:36:56 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, 0x0) 07:36:56 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x438}) 07:36:56 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) [ 196.568668] RAX: ffffffffffffffda RBX: 00007ff398fd0c90 RCX: 0000000000459879 [ 196.575934] RDX: 0000000000001000 RSI: 0000000000001000 RDI: 0000000020ffc000 [ 196.583201] RBP: 000000000075bf20 R08: 0000000020ffb000 R09: 0000000000000000 [ 196.590466] R10: 0000000000000003 R11: 0000000000000246 R12: 00007ff398fd16d4 [ 196.597733] R13: 00000000004c5f0f R14: 00000000004daaf8 R15: 0000000000000004 07:36:56 executing program 4 (fault-call:5 fault-nth:1): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:56 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x438}) 07:36:56 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x0, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:56 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:56 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) r2 = dup(r0) ioctl$VT_OPENQRY(r2, 0x5600, &(0x7f0000000000)) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) 07:36:56 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) 07:36:56 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x438}) 07:36:56 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000000), &(0x7f0000000040)=0x14) close(r1) [ 196.801923] FAULT_INJECTION: forcing a failure. [ 196.801923] name failslab, interval 1, probability 0, space 0, times 0 07:36:56 executing program 2 (fault-call:8 fault-nth:0): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:56 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 196.849729] CPU: 1 PID: 9147 Comm: syz-executor.4 Not tainted 4.14.139 #35 [ 196.856782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 196.866137] Call Trace: [ 196.868726] dump_stack+0x138/0x19c [ 196.872367] should_fail.cold+0x10f/0x159 [ 196.876529] should_failslab+0xdb/0x130 [ 196.880519] kmem_cache_alloc+0x2d7/0x780 [ 196.884758] __split_vma+0xc9/0x6d0 [ 196.888367] do_munmap+0x2bd/0xd60 [ 196.891901] SyS_mremap+0x933/0xeac 07:36:56 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)=0x0) ptrace(0x4207, r3) close(r1) 07:36:56 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f0000000100)='/dev/snd/pcmC#D#p\x00', 0xfffffffffffffff7, 0xc200) linkat(r0, &(0x7f0000001700)='./file0\x00', r0, &(0x7f0000001740)='./file0\x00', 0x400) ioctl$VIDIOC_S_JPEGCOMP(r1, 0x408c563e, &(0x7f0000000280)={0x80, 0x0, 0x2b, "111efefce5a275d31413bdc553efb0030200000000000000fb47aa7a68d38cc8206d61f94b2ee2b30b6cb094643e86d194c60687a1882549d0b2241e", 0x1, "133b3dd8972812cd11af3f40b0ee3f869a42933544f58b0d2413bb3952c363de8e7a33ab3a3394c40e1871e014573e79740e3643461ff70c61a280e9", 0x10}) r2 = fanotify_init(0x0, 0x101000) r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x200000, 0x0) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000040)={0x5}) fanotify_mark(r2, 0xd, 0x30, r0, 0x0) faccessat(r0, &(0x7f00000000c0)='./file0\x00', 0x80, 0x800) r4 = creat(&(0x7f0000000180)='./file0\x00', 0x100000110) openat$selinux_load(0xffffffffffffff9c, &(0x7f00000016c0)='/selinux/load\x00', 0x2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000001940)={0x2710, 0x2, 0x6000, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) setsockopt$inet6_tcp_buf(r4, 0x6, 0x21, &(0x7f00000001c0)="f925566c561793ae136110d8dc964e086f657aa9301c674fee8a820c02a969d2b210b5c9da5a49063184e226535c1795560aa59b77a89922981f6ea20089d2da01de4648acfa0864bfccba6d5776099195f18f816c16ae0b108051de532c83e295c3aa06477882e92204f7d3501effaef752b36693c44fdbd49dc1dd7ba75629c562236ec409ddda9c771943b82d273c4d4699", 0x93) close(r2) ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000001780)={'team0\x00', 0x0}) getsockopt$inet6_mreq(r1, 0x29, 0x14, &(0x7f00000017c0)={@loopback, 0x0}, &(0x7f0000001800)=0x14) sendmsg$inet(r3, &(0x7f0000001900)={&(0x7f0000000140)={0x2, 0x4e24, @multicast2}, 0x10, &(0x7f0000001640)=[{&(0x7f0000000340)="563a785de94f18441d5eabff7b2e0719c59c1fa23f22d71e2d304308fd367bb56fbd6ac8ee11debb78a18817deed51b08b26c753eadf479adb94ba584e5f7e8ef9cffc2a80360030ab2a17626122", 0x4e}, {&(0x7f00000003c0)="c887c351f6a3079449ebac284ea7c135ec9806dbb520e4876c2079744fcb72e996a33f37b2d8c1d87a1ef8270571f6f4", 0x30}, {&(0x7f0000000400)="a27d281c3d0b39bc91855b9e9e6a56e51130b48e7c5d564b69d440513632144856", 0x21}, {&(0x7f0000000440)="bcf6bdb4d5ed5cdbe0be03db4238c94adba1e0e2020641a5ca5b740f83c05dca305240d2dcfd8b0055895fbe4c0f91ffd93e3358ea316530048e27b94f5250a4844bb58472b592bee739b124228bce4de867f88c131b16b95d06b1231fb35d174ed6ff963a0afcb9e778d398cc8b50a117f7608a45c3db01222a5bec5dad794d28bfc634977fa391637bcdea19cd640a3f5b364bc1e435ca337448cb4bbd2f669a8a8c", 0xa3}, {&(0x7f0000000500)="f243ddd4a399ec5eb1a887d5f07a85cfe728b30a65fedd95aed12fd19731452ca0687f68f5a90794efafce6a454ecac0dcda64bda1baeb00dfc4d6a30b4185030169b1693ef2da0866c08f854c2f000206958ad69a5ab0cb177b598b69ab6723989b66a09653862069d77c7377d28be60c5bd8c56078af564b86102f9091e69382723a68702ce37e0707459926cd9a1958edf9a0b84172587c42943e7cd8297ef86cb7a6164c031f0474c32c019fcc0897f562ac39", 0xb5}, {&(0x7f00000005c0)="c9a6e5107ac59dc25b56694b4537bd6246935b43610cba4dc5350caadcb12646bffbdb4a8b25985e34bb157969d4606be3bd9348b6d29639ff8c55fd1b4cb6be4bf950bbb8888720f7344ad2b1d6d506f5700f261ffb901d03497d56328d", 0x5e}, {&(0x7f0000000640)="ce0633d46ba88ce9adc4d3ada520b4b4dc0272d99567c1e11025e930e3bae54f68505682233c1c7068002b118c9a339abb5991fc59a10491fa38ae94bf29db3812eba7e7ad521fd8365d1299ec5153d2abc5443792f90fe4cd88ffa77209a704f0449deceb215759f5f27c04972b881724012e27b89757897735b38913a90c9a44137f55b852f6b8f7574f86c97226e6f9a0ea8ae6ac6ad02e9fcbee6d27bac3c06b80e0d68d29e477b365877bb500a9a448c5f37dccde6826b1de5ac8f71a2d77e69c153e0a464d1bbf6b6929c1b84699390fa37556fe8e39493d33b827b010680949cd288728f8e7c507223ed8840b34614847cca49dd9543afcf5d189331d43460ebc59058dd7ebc150eefe1839a7b9c667bd1a2e848e0bd71fbf0b529a02dc9bc8a671140b53458bf2d449b01ff08fc387a2440771e6a4dc49f65c4aca993445e59d080e94476fcfdc47801eda83bfe7db216d7c3a478c41c2107682ff25017c5d757dbe997763367da8ae06f856d25a8aecb7abfe31bdb39337f0980a4ceec80c70adbb98c13be074a5641b10cd2aca5fae55ba588b43cdf2aa369589a23f840996f109440536cf351f748e91923f33e2526cbc9984bc3d14dd37d20187b9d4d957da104e50a28e220a3e46ff2273100c6ab057623347bc78addb813dfadad7b6e7ccf44e6b45df608936d82b25d4940ae899311f1d5a93ff845a9ca12bf145dc0ee48efff3439f8033b334d0c67987a81a77a7cbc2e3959e021545d7348304518c5678633fa38540f4207736579624529b3cab1397a843a73f8a08fc19404a7c0f2a64ffa531768e1fcc623f3aa85a65e12e2611ddc5c501693086c0a98af2bb46cafa65e80b60ef67312b36dc277356f3dd3e9faa9c4d666163945660a629ddad28d31c6631e9c51fd12432c5a67fc56611b14d93f9e97434ce405322b8d1b20c0175928fe95566defb8a67346884bc9c8f00ed128e3676a7281b9282d7dc20ce74c3168f763942ac09bfe92588e7fc92ee329ac585551835b44be14436f266c4bca710598b9642421f0268369bc5629c9437c47d0a11cecdb1f19beb905475e076c31597d1c01b7a395a454673b73959dac3f725a521fa482bce6147ac169de624bef4e7824fffc7c3cd8b706e92a7c7e354069c88e0b8f91bd0879e61dff17b2365a3fb5daf65e5170f13317a899248b3c73e53e02d6c5fa8ff808381b717bfe7bbfdfc9e15b300816a2d7a70f2afd5754e8870bf2b20fabacc2d1278f01ac707e891e4358f21b0128285e5242dcc21b599b9c0437ae021699bbd670b8b1dcd74a5f9bc63d531f552a9c4130a93f31f893bbd1fd1ac66dd60fbaf69b1c6f9395a297851480bdf25ae217165dd62c8d77972f5d3430a703344130cd8ee9557a94d86f3d6a6fafb7d51c5180b0e96a1bc7f153353267d4179d7a8a4a8bba55b53a6d93dfb4c3f30435b4384db1f73a7e19d1048d2d5e59e524c3be2ff1a4c0e136a28139ab4c72c388e2bf1d458b9804e3d87f13ca3fafcda4801c86548247a74bb32bf4c7be86aefd147f65c326bc88bac4282fe8e5c33bf81b93a0576579777d7b3bb81f360611f9479c5fa0a29d18e66b27ee0923c18c945599fb07fc17e054ed88e2cf5001f4072f024c337ca8b57721b7f3928dcceacb80f9bc530a03df685b43eea36d199ac84a9d566c1706d4bf38682be81653e627b13534f05c5dabe19ee23c87fc114980996d8d7dd07b9d678fad3159eaf6d42ba0481188fba0ff1aa96d926bc0829415777d8b258b3fb695a9b19ecbf1a2ecabda4e8d0ddc0a2a33111a41da88d5b3d033edd0d2c7741ea5494ebcb31c3e7595eeec55cb83f411ba5b39fbf0b1792a71136606be616defc4504ee99efccfde1836f6f27c7be7d3df54ee07dd2e63c1bdcb137632baac10eab80afca5e4ab61ce06d3287b0a74c3e4ec1da54bfa9d76d1ac7ffaebcafb0723aced860a2eda88dedf5c07211a70ff64c5b9a00309104db96d0ca0d422689615a5575160daefa3b11f98e85a32846aebc1616dde98dc2e6bbcc40164fc3e8f1bdc4081f18a33142ac052c561dd9305407f08321d43565c0cca88ec341b59b500da25fe3f49fbcce6437a950c8f7cfc0be09df08a4c0607fc53feaa6465cdbc58a64561ca19c2a93dc15dee43e7580700e54577cc1f10f807482b8f264d0df2cdfee3176c90f6bbc38b3a78ed426b19b13cce534d710e8957ad054a2be8116bb8e9a87e3c97b4bd6bb1e0e4f003ec02c8238db9493eb4a4ea69b7b7dbd697afc5229a107fa145f13c48159f30886fe67e8e97bfb0a8e8d1260644851fa5889e94e9694af395dfc24a8fdc61afacac21a9a4e698d28cf2637b8deca192b92f54d7e3e973efa2c6c4ddd5e361231bd9b44931aa1f1ff789dcc820756c1f16bb3f2f13f14a43a1d4d449ff6d1b66de73ac0a47945fb8079c2c5bc72003680ef67960685d1165eedfeaa196b580d85bfbbea299bce55e413e02ebf89fae01b544f41dc3e4307e5736c198e60051b468352617ac84f8dee3b49af3cb27b9f54abc174f69113d8e100538b93c8d1bdb83f8ff91a03b7b037dda77453118b85968dfd2995e6e184e44453a29afce9e35cce72c15167c144ecf3bda24d94d06602fca81ac79c259aafc1b607f38e6c583d600cac0ef7464a9556516352a18f856a497152fcd3b5acbef1e8ec0025c001913c742e9dee559fc7cc050e5a0968ad30d9c7071f89e7585a26b0aaa7270692d7a9cfeb9b5fbc6a24364748fe14c161bdf3cc47c443e4ff3bb6957d39b48e07693daa02b4cc93d44e118a680b9ea48e651e59758f7ddae8e82806b0bb7ce411de8fe6b4f1a18501a862c8947ae3799b340f21153f9eb2dc03de4ef1284d0e9e0861030b58f21c2d95a75927e6ce7754de2f74102582e867301f7ef5b46909997884ffc8657ab2e70d46c01f33218c1272548f9c9c7ae6ab50f3ac0bacfc61547c654ebc3375ef864445c418e185a22f403893fc25a88363e117879ab72b780edc836cb66f1f19e68bbe422a8aab80d0291d8ceb9b3f6e0f5901128a17fa2f63ac1ce5851fe1088cbda78762bd54c77f82a8f702c924d21f1b12a2c02c695869ecf1064a40fa1d7b44a475564522a4c4fb52a622143d67b67e844a0bca5708cae7bb5bb430403eee8ec8c8f5e28206895ff327f898487ccd314a363265d2b89f592838f4c3f80a02b70e60be8f86960fa3d4dc64f389df7f2e14afa5f3b1f6ab58cf53b530e18fb254a1aad1f87e0f0009bc53f44b6d97564ae2ebf91eb885e53b19ef19896a7d68e1f3e53a67b49f8988e01b064d379010d40cf1da8b8c2e12d22e3eb8386acfcbbf30226b95a6dc7da8cba72bfa777cd4f9b05e5279e7a0e9b392990dc57536729e2ac6c44d33cbcdba9df8634882f7fbe7df4ad5f25b693910b817a7ee52f0a6ed0176659ba37fc6f1a9457b6c0166edd1104a215ea638244df569496a8b68be12d9b5f054fcd05b65940bcee76595cc3dfaac68e5b27be22407ffb5195a87fc0cd0e89cad59dd7213590e5788e6ecfde076b4c81aa38398c5d321c4e7eee843993659903bcd80e9782030587daa51642967b807e695186eb973bf77c3aff304b6755dadbab512b39e241618f814e1cb68e91fe4868785793db3be08c0de41e568d44af797c246eb03958e7f9664536591e7a3a0b74bc67e186f950da7d33938729da16cbd04276321f4437e56ea47d3a90e224ab9a444e5deabd7ff1d17a4117c53d84521f03b7f1827a3bf8faddc66911d207a2d56cd4452ba655dddfa6a0542a7ff7ef77f6edc8d9f55b421d5fe419a990d2262fdf7fc2b406578f05b87aa3295282ca700d5785ce0f28ff1eeee4ad599736d1ccd0bacded24b7bed004c218b7f2536146683a400b1f39af5886ae1fd1f5aff96dcbc898ff8de2d399173a9a567d9711de2230640bdd5ebe9b90d03563bf785f994376cda7f6b71529b2695089ebefe2a8b5913c05f95d4b42a66728800812705c37ffa6efad9465837036f9330de02668c10e46c64ac57503cab72309e06b0ca50629f133c895177a1670a74f1a632264d5b6a52f5d389968753674d2243941db3af803274aa735fe69d9b7554df1bc8c8a44ea232a0236db46eeef4684cf6fda6d5779908412d2a0d16bd5a7757872fcde056256dc0b3946d0b3f1233818a0a2691400acb578d1ef1a0be72bc04a2c93f7a9fc8d36b60ef6c30815a91e8a11347ea890bf6eeb70427608c749b5dc0a1e79ac649d63593fde4fb3300d65417917e9f935d1858e2ede62e57e27485f6a215a3ae33d4744a2f9f7e44baef893718560770fca9063f7652781fdd0b2c4c82caef9d01e64d52d6e7686390b407a3b1a56e7e1bbf15af2e3c277342709d2e80e23692537c51612c4535e3e648f9f9a6ea25d6b78e289445388045a98a2f427e4a3adbc0449407fcc80590712df98cc83fbb15de126d97398a8b09ddaacffe492f664ea5488da38841b20584943865a24d42e102613a6101ae9ad6c33f60e4b94391d80c2787d7917d73a7a5fd180ed3f64bf9c5ba7b6886cea67edcb39f3f8f3289b2354e4aae7866c54acc9406be460d25594a9fd38877947eadd433d609924ec702b1afb67e65e18ef1aa94168a176e2ced80af34138e67ea3edbff544c97ff5a2c32b2cc7ab7eb27c8f1ef96e7f39a11ceee984d64a5b74ab1dae21b3038eece6450ee39f82e649c4eb9507948198e76cd6f4c613a522308f4e2b5ea1c09344a6f2f0f5a0a38981e25929d70330b3d6cc58b31aa8bf29fefda4abfba16dcc9f165938d79114e523cd781a00f29d6b5b7155a2bb5e6a2225e0e2f2f2c241721527c7473e622c29ffc130a5ed1d5c1c929d4487e8ee6db8bb1463663969ff2b232ae45afb88b9dad21cb75c9ef2a341be3a5159679ff78f887e7994c303f5c2f609eee994412efda35f3a02047bcf33fb2bb27dfc1aa9515013a9fabafcf87ea5cc78ceac3403de58272152029d4b067c6600bf2dce08b7b9fe869011c4657f7c4515b4062c88199a6fc715d895e72284064f88a40eb6b58a99984f6925f266d39daa259f83dd1d638a443c2842e782277da5b3fa53d1f8ef110ea16101a30b454bfa4a5e05f1f4e5708ca37cd7c9aa8c8a78788f147f066f0019917931349aeec9f99007cd92b71e4a9cad3f7d36ce339ee0f9acdef64c67219e2aded92f3c552b8fca77d8cce0b85eec336d2ddca86a06e3c8a23145ee9123f84a78d52b7f75c7d519ae0bb2c106e978e2f5d3d8a1789ea3c6e43fec41ef2ca55a50c6d756ff6a3eaa99d75c87e89f91592d9f87e17443fb05b307d9c7ae4129d701f91ec598d5803b4824aeb471b86cfd711511cc9cc5e28c64bc4eed8bc45b27505e2174240d38893ca6e5efe2345e68110ef3da3f18a0cd6a9e996271783af119d1991fcda76b24239b85131a2762e8ab4d86d4bc6847975e270d14f830dd71acc167d3f25288911bd0b1fae809ba501a128885ca1d56fd8b96ec7098d32081e83647cf5d4fb5a5402a833172ee1f130fe87ad5b7ddb37e76421907522be8ce50330c13b488adc4892fb5400142b6a5cf606206993c2055ee2d0afd7ff68a3ae53dc1214f5d07d96945bad7d0fa4ddf5db999024bce8affb25d25b1bebb957494539067b7d1c77b580915101f5746b65cee2232d8450cf9f8f4098268db82942b7f01ad193b9b2967ef31c998eef716f45e15b162ed6d7929b5dd59c8d51e9667703044f77120de152e9720fa3310fa1a039fefae755", 0x1000}], 0x7, &(0x7f0000001840)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x4}}, @ip_ttl={{0x14, 0x0, 0x2, 0x7fffffff}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r5, @empty, @loopback}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r6, @rand_addr=0x1, @remote}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x1}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x3}}], 0xa0}, 0x40) [ 196.895527] ? __mutex_unlock_slowpath+0x71/0x800 [ 196.900376] ? move_vma+0x860/0x860 [ 196.903993] ? __sb_end_write+0xc1/0x100 [ 196.908058] ? do_syscall_64+0x53/0x640 [ 196.912032] ? move_vma+0x860/0x860 [ 196.915660] do_syscall_64+0x1e8/0x640 [ 196.919542] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 196.924392] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 196.929581] RIP: 0033:0x459879 [ 196.932768] RSP: 002b:00007ff398fd0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 196.940474] RAX: ffffffffffffffda RBX: 00007ff398fd0c90 RCX: 0000000000459879 [ 196.947740] RDX: 0000000000001000 RSI: 0000000000001000 RDI: 0000000020ffc000 [ 196.955010] RBP: 000000000075bf20 R08: 0000000020ffb000 R09: 0000000000000000 [ 196.962281] R10: 0000000000000003 R11: 0000000000000246 R12: 00007ff398fd16d4 [ 196.969646] R13: 00000000004c5f0f R14: 00000000004daaf8 R15: 0000000000000004 [ 197.005703] x86/PAT: syz-executor.4:9147 freeing invalid memtype [mem 0x00000000-0x00000fff] 07:36:57 executing program 4 (fault-call:5 fault-nth:2): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:57 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x40000) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000000)={0x40000000}) close(r0) epoll_create(0x7) 07:36:57 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) 07:36:57 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) [ 197.048451] x86/PAT: syz-executor.2:9165 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 197.062202] FAULT_INJECTION: forcing a failure. [ 197.062202] name failslab, interval 1, probability 0, space 0, times 0 [ 197.084384] CPU: 0 PID: 9165 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 197.091416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.100767] Call Trace: [ 197.103361] dump_stack+0x138/0x19c [ 197.107001] should_fail.cold+0x10f/0x159 [ 197.111163] should_failslab+0xdb/0x130 [ 197.111178] kmem_cache_alloc_node+0x287/0x780 [ 197.111191] ? get_pid_task+0x98/0x140 [ 197.111219] copy_process.part.0+0x17d5/0x6a00 [ 197.111235] ? debug_smp_processor_id+0x1c/0x20 [ 197.111248] ? perf_trace_lock+0x109/0x500 07:36:57 executing program 5 (fault-call:1 fault-nth:0): r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) 07:36:57 executing program 3 (fault-call:1 fault-nth:0): r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) [ 197.111256] ? check_preemption_disabled+0x3c/0x250 [ 197.111264] ? save_trace+0x290/0x290 [ 197.111273] ? SOFTIRQ_verbose+0x10/0x10 [ 197.111281] ? debug_smp_processor_id+0x1c/0x20 [ 197.111289] ? __f_unlock_pos+0x19/0x20 [ 197.111297] ? find_held_lock+0x35/0x130 [ 197.111311] ? __cleanup_sighand+0x50/0x50 [ 197.119957] ? lock_downgrade+0x6e0/0x6e0 [ 197.119974] _do_fork+0x19e/0xce0 [ 197.121496] ? fork_idle+0x280/0x280 [ 197.167262] ? fput+0xd4/0x150 [ 197.183181] ? SyS_write+0x15e/0x230 [ 197.183198] SyS_clone+0x37/0x50 07:36:57 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/access\x00', 0x2, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000040)={0x0, 0x35755f55, 0x40b9, 0x1}) [ 197.183207] ? sys_vfork+0x30/0x30 [ 197.200664] do_syscall_64+0x1e8/0x640 [ 197.204559] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 197.209410] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 197.214601] RIP: 0033:0x459879 [ 197.217788] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 197.225508] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 197.232778] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 197.240047] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 07:36:57 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x107000, 0x0) ioctl$LOOP_GET_STATUS64(r1, 0x4c05, &(0x7f0000000140)) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x3, 0x35315241, 0x780, 0xfffffffffffffffe}) 07:36:57 executing program 2 (fault-call:8 fault-nth:1): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:57 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x80000) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) ioctl$KDDISABIO(r2, 0x4b37) 07:36:57 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:57 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000180)={0x200000000000, 0x35315241, 0x20, 0x1}) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snapshot\x00', 0x18000, 0x0) syz_open_pts(r1, 0x101400) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$SIOCAX25GETINFO(r2, 0x89ed, &(0x7f0000000080)) [ 197.247312] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 197.247319] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 197.270796] x86/PAT: syz-executor.2:9165 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 197.337675] x86/PAT: syz-executor.4:9191 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 197.389220] FAULT_INJECTION: forcing a failure. [ 197.389220] name failslab, interval 1, probability 0, space 0, times 0 [ 197.417935] x86/PAT: syz-executor.2:9205 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 197.433723] CPU: 0 PID: 9191 Comm: syz-executor.4 Not tainted 4.14.139 #35 [ 197.440763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.450120] Call Trace: [ 197.452715] dump_stack+0x138/0x19c [ 197.456354] should_fail.cold+0x10f/0x159 [ 197.458875] FAULT_INJECTION: forcing a failure. [ 197.458875] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 197.460506] should_failslab+0xdb/0x130 [ 197.460519] kmem_cache_alloc+0x2d7/0x780 [ 197.460529] ? validate_mm+0x337/0x5a0 [ 197.460547] copy_vma+0x3ca/0x9d0 [ 197.488169] move_vma+0x233/0x860 [ 197.491619] ? move_page_tables+0x1740/0x1740 [ 197.496102] ? selinux_mmap_addr+0x20/0x100 [ 197.500415] ? security_mmap_addr+0x79/0xa0 [ 197.504731] ? get_unmapped_area+0x21d/0x320 [ 197.509131] SyS_mremap+0xac7/0xeac [ 197.512755] ? move_vma+0x860/0x860 [ 197.516371] ? __sb_end_write+0xc1/0x100 [ 197.520431] ? do_syscall_64+0x53/0x640 [ 197.524397] ? move_vma+0x860/0x860 [ 197.528014] do_syscall_64+0x1e8/0x640 [ 197.531889] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 197.536726] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 197.541902] RIP: 0033:0x459879 [ 197.545079] RSP: 002b:00007ff398fd0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 197.552779] RAX: ffffffffffffffda RBX: 00007ff398fd0c90 RCX: 0000000000459879 [ 197.560036] RDX: 0000000000001000 RSI: 0000000000001000 RDI: 0000000020ffc000 [ 197.567291] RBP: 000000000075bf20 R08: 0000000020ffb000 R09: 0000000000000000 [ 197.574548] R10: 0000000000000003 R11: 0000000000000246 R12: 00007ff398fd16d4 [ 197.581804] R13: 00000000004c5f0f R14: 00000000004daaf8 R15: 0000000000000004 [ 197.589078] CPU: 1 PID: 9205 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 197.592881] x86/PAT: syz-executor.4:9191 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 197.596094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.613984] Call Trace: [ 197.616568] dump_stack+0x138/0x19c [ 197.620185] should_fail.cold+0x10f/0x159 [ 197.624324] ? __might_sleep+0x93/0xb0 [ 197.628197] __alloc_pages_nodemask+0x1d6/0x7a0 [ 197.632865] ? __alloc_pages_slowpath+0x2930/0x2930 [ 197.637858] ? rcu_read_lock_sched_held+0x110/0x130 [ 197.642856] copy_process.part.0+0x26a/0x6a00 [ 197.647327] ? debug_smp_processor_id+0x1c/0x20 [ 197.651971] ? perf_trace_lock+0x109/0x500 [ 197.656184] ? check_preemption_disabled+0x3c/0x250 [ 197.661179] ? save_trace+0x290/0x290 [ 197.664955] ? SOFTIRQ_verbose+0x10/0x10 [ 197.668989] ? debug_smp_processor_id+0x1c/0x20 [ 197.673645] ? __f_unlock_pos+0x19/0x20 [ 197.677595] ? find_held_lock+0x35/0x130 [ 197.681639] ? __cleanup_sighand+0x50/0x50 [ 197.685851] ? lock_downgrade+0x6e0/0x6e0 [ 197.689981] _do_fork+0x19e/0xce0 [ 197.693417] ? fork_idle+0x280/0x280 [ 197.697110] ? fput+0xd4/0x150 [ 197.700280] ? SyS_write+0x15e/0x230 [ 197.703972] SyS_clone+0x37/0x50 [ 197.707315] ? sys_vfork+0x30/0x30 [ 197.710836] do_syscall_64+0x1e8/0x640 [ 197.714697] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 197.719519] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 197.724687] RIP: 0033:0x459879 [ 197.727852] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 07:36:57 executing program 4 (fault-call:5 fault-nth:3): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:57 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x7, 0x801) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000001480)='/dev/dsp\x00', 0x200, 0x0) fsetxattr$trusted_overlay_origin(r0, &(0x7f0000000000)='trusted.overlay.origin\x00', &(0x7f0000000040)='y\x00', 0x2, 0x1) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000001500)={{{@in6=@local, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in6=@ipv4={[], [], @local}}}, &(0x7f0000001600)=0xe8) sendmsg$nl_route_sched(r1, &(0x7f00000016c0)={&(0x7f00000014c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000001680)={&(0x7f0000001640)=ANY=[@ANYBLOB="400000002800000127bd7000fbdbdf2500000000", @ANYRES32=r2, @ANYBLOB="0f000c000e000d000800050008000100640700000000000000000100fbffffff0800050009030000"], 0x40}, 0x1, 0x0, 0x0, 0x80}, 0x20000001) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:36:57 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:57 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x0, 0x0, 0x2}) 07:36:57 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x8002, 0x4) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) ioctl$sock_bt_bnep_BNEPGETCONNINFO(r2, 0x800442d3, &(0x7f0000000000)={0x9565, 0x2, 0x24c00000000, @dev={[], 0x866}, 'veth0_to_hsr\x00'}) fanotify_init(0x0, 0x0) [ 197.735548] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 197.742794] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 197.750048] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 197.757296] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 197.764544] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 197.798181] x86/PAT: syz-executor.2:9205 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 197.824906] x86/PAT: syz-executor.2:9205 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 197.843841] FAULT_INJECTION: forcing a failure. 07:36:57 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x121000, 0x0) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000140)) r2 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/mls\x00', 0x0, 0x0) bind$isdn(r2, &(0x7f0000000080)={0x22, 0x1ff, 0x2, 0xc99, 0x7104}, 0x6) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) 07:36:57 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x4400) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x0, 0x0, 0x0, @stepwise={{0x690, 0x17}, {0x9, 0x5}, {0xffffffffffff7fff, 0x9}}}) r1 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x2, 0x200002) ioctl$KDDELIO(r1, 0x4b35, 0xa52) r2 = syz_open_dev$admmidi(&(0x7f0000000080)='/dev/admmidi#\x00', 0x2, 0x20081) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000140)={r2, r2, 0x11, 0x2}, 0x10) bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000000c0)={r1, r2, 0xf, 0x2}, 0x10) 07:36:57 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x100010101, 0x4f73253477c6e108) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) [ 197.843841] name failslab, interval 1, probability 0, space 0, times 0 [ 197.906184] CPU: 1 PID: 9218 Comm: syz-executor.4 Not tainted 4.14.139 #35 [ 197.913232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.922585] Call Trace: [ 197.925173] dump_stack+0x138/0x19c [ 197.928902] should_fail.cold+0x10f/0x159 [ 197.933067] should_failslab+0xdb/0x130 [ 197.937048] kmem_cache_alloc+0x2d7/0x780 [ 197.941205] __split_vma+0xc9/0x6d0 [ 197.944834] do_munmap+0xb09/0xd60 [ 197.948382] move_vma+0x4a7/0x860 [ 197.951840] ? move_page_tables+0x1740/0x1740 [ 197.956331] ? selinux_mmap_addr+0x20/0x100 [ 197.960634] ? security_mmap_addr+0x79/0xa0 [ 197.964933] ? get_unmapped_area+0x21d/0x320 [ 197.969317] SyS_mremap+0xac7/0xeac [ 197.972925] ? move_vma+0x860/0x860 [ 197.976528] ? __sb_end_write+0xc1/0x100 [ 197.980591] ? do_syscall_64+0x53/0x640 [ 197.984560] ? move_vma+0x860/0x860 [ 197.988170] do_syscall_64+0x1e8/0x640 [ 197.992052] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 197.996983] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 198.002151] RIP: 0033:0x459879 07:36:58 executing program 2 (fault-call:8 fault-nth:2): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:58 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x4800002a, r0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) 07:36:58 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:58 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f0000000040)={0x7, {0x6, 0x8, 0x8, 0x6}}) [ 198.005321] RSP: 002b:00007ff398fd0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 198.013005] RAX: ffffffffffffffda RBX: 00007ff398fd0c90 RCX: 0000000000459879 [ 198.020251] RDX: 0000000000001000 RSI: 0000000000001000 RDI: 0000000020ffc000 [ 198.027506] RBP: 000000000075bf20 R08: 0000000020ffb000 R09: 0000000000000000 [ 198.034753] R10: 0000000000000003 R11: 0000000000000246 R12: 00007ff398fd16d4 [ 198.042009] R13: 00000000004c5f0f R14: 00000000004daaf8 R15: 0000000000000004 07:36:58 executing program 4 (fault-call:5 fault-nth:4): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 198.060644] x86/PAT: syz-executor.4:9218 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 198.099564] x86/PAT: syz-executor.2:9239 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:36:58 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000040)={0x0, 0x35315241, 0x780}) [ 198.114437] FAULT_INJECTION: forcing a failure. [ 198.114437] name fail_page_alloc, interval 1, probability 0, space 0, times 0 07:36:58 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:58 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x100000010) close(r1) ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000040)=0x0) sched_setparam(r3, &(0x7f0000000080)=0xfafc) ioctl$sock_SIOCGIFCONF(r2, 0x8912, &(0x7f0000000000)) [ 198.157816] CPU: 1 PID: 9239 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 198.164861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 198.174215] Call Trace: [ 198.176805] dump_stack+0x138/0x19c [ 198.180470] should_fail.cold+0x10f/0x159 [ 198.184622] ? __might_sleep+0x93/0xb0 [ 198.188540] __alloc_pages_nodemask+0x1d6/0x7a0 [ 198.193234] ? __alloc_pages_slowpath+0x2930/0x2930 [ 198.198264] ? rcu_read_lock_sched_held+0x110/0x130 [ 198.203288] copy_process.part.0+0x26a/0x6a00 07:36:58 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000016c0)='cpuacct.usage_all\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000001700)={0x2}, 0x1) r1 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:36:58 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x1, 0x98000) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) [ 198.207791] ? debug_smp_processor_id+0x1c/0x20 [ 198.212463] ? perf_trace_lock+0x109/0x500 [ 198.216698] ? check_preemption_disabled+0x3c/0x250 [ 198.221712] ? save_trace+0x290/0x290 [ 198.225597] ? SOFTIRQ_verbose+0x10/0x10 [ 198.229662] ? debug_smp_processor_id+0x1c/0x20 [ 198.234327] ? __f_unlock_pos+0x19/0x20 [ 198.238304] ? find_held_lock+0x35/0x130 [ 198.242374] ? __cleanup_sighand+0x50/0x50 [ 198.246610] ? lock_downgrade+0x6e0/0x6e0 [ 198.250768] _do_fork+0x19e/0xce0 [ 198.254223] ? fork_idle+0x280/0x280 07:36:58 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) ioctl$SCSI_IOCTL_DOORUNLOCK(r2, 0x5381) 07:36:58 executing program 3: r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/checkreqprot\x00', 0x183100, 0x0) accept$unix(r0, &(0x7f0000000080), &(0x7f0000000140)=0x6e) r1 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) [ 198.257935] ? fput+0xd4/0x150 [ 198.261125] ? SyS_write+0x15e/0x230 [ 198.264842] SyS_clone+0x37/0x50 [ 198.268204] ? sys_vfork+0x30/0x30 [ 198.271746] do_syscall_64+0x1e8/0x640 [ 198.275632] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 198.280485] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 198.285672] RIP: 0033:0x459879 [ 198.288859] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 198.296580] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 198.303845] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 198.311134] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 198.318400] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 198.325668] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 07:36:58 executing program 2 (fault-call:8 fault-nth:3): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:58 executing program 5: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0x0, 0x2) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000001280)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000001240)={0xffffffffffffffff}, 0x106, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f00000012c0)={0x15, 0x110, 0xfa00, {r1, 0x1, 0x0, 0x0, 0x0, @in={0x2, 0x4e22, @broadcast}, @in6={0xa, 0x4e20, 0x0, @mcast1, 0x1f}}}, 0x118) r2 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) socket$netlink(0x10, 0x3, 0x12) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/udp\x00') ioctl$DRM_IOCTL_MAP_BUFS(r3, 0xc0186419, &(0x7f0000001200)={0x1, &(0x7f0000001400)=""/183, &(0x7f0000000080)=[{0xffffffffffffffc0, 0x1000, 0x7f, &(0x7f0000000200)=""/4096}]}) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r2, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) 07:36:58 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x180) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x13) 07:36:58 executing program 1: openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) fanotify_init(0x0, 0x0) r0 = socket$inet(0x10, 0x3, 0x0) r1 = syz_open_dev$vcsn(&(0x7f00000001c0)='/dev/vcs#\x00', 0xfffffffffffffffe, 0x400) memfd_create(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r2 = getpid() socket$inet6_dccp(0xa, 0x6, 0x0) sched_setattr(r2, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r3, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x6) socket$caif_seqpacket(0x25, 0x5, 0x0) socket$packet(0x11, 0x2, 0x300) write(r5, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000380)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a63540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aab05741d1434c9680337f900"/76, 0x4c}], 0x1}, 0x0) syz_open_dev$loop(&(0x7f0000000440)='/dev/loop#\x00', 0x4, 0x40) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x8060, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x0, 0x3a, &(0x7f0000000200)={0x77359400}) vmsplice(0xffffffffffffffff, &(0x7f0000000900)=[{&(0x7f0000000600)}, {0x0}, {&(0x7f0000000840)}], 0x3, 0x0) getsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f00000002c0)={@loopback, 0x0}, &(0x7f0000000300)=0x14) ioctl$sock_inet6_SIOCDELRT(r1, 0x890c, &(0x7f0000000340)={@initdev={0xfe, 0x88, [], 0x1, 0x0}, @loopback, @mcast1, 0x1, 0x5, 0x0, 0x0, 0x7fff, 0x84, r7}) clock_gettime(0x1, &(0x7f0000005200)) [ 198.412963] x86/PAT: syz-executor.4:9267 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 198.427698] x86/PAT: syz-executor.2:9239 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 198.427729] x86/PAT: syz-executor.4:9267 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 198.437003] x86/PAT: syz-executor.2:9239 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 198.445290] x86/PAT: syz-executor.4:9267 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:36:58 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_WINDOW(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="30740e9e0000000b1414fca2c10d7bd9f4b3a6b0c20bcd01e8bd75ac1dce823afdc227f0e29bda2aa310b9fc7ba0ee5f19146f2086674a441ff9eb0d044a4528f16d547ca05b668a03f47d248cafa95a8a5d860b03cc75ca9229b11964bc7a5057261523", @ANYRES16=r1, @ANYBLOB="01002abd7000ffdbdf2501000000000000000941000000140018000004007564703a73797a3000000000"], 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x80) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:58 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:58 executing program 5: r0 = syz_open_dev$video(&(0x7f00000000c0)='/dev/video#\x00', 0x8001, 0x40000) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) prctl$PR_GET_FPEMU(0x9, &(0x7f0000000040)) [ 198.477116] audit: type=1400 audit(1566718618.490:71): avc: denied { create } for pid=9269 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_scsitransport_socket permissive=1 07:36:58 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f00000006c0)='./file0\x00', 0x1, 0x12b) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000001780)={0x0, 0x2}, &(0x7f00000017c0)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000001800)={0x0, 0x54, "850c7c64f034d3c253a076b3ee0e6b5a201982e8711c6dfa75aaa5b414e8534438f91eb88b4520bb5b54ceb84ecfe0ef94e0900a369312d9f911bdd0022d21a5285b61d66d43ca262bec691f44a25577903da7aa"}, &(0x7f0000001880)=0x5c) sendmsg$inet_sctp(r1, &(0x7f0000001980)={&(0x7f0000000700)=@in={0x2, 0x4e24, @broadcast}, 0x10, &(0x7f0000001740)=[{&(0x7f0000000740)="a1d994d9473d0d489afe86eefc21b33da2d44278b909d3431a0c99684c20a95221960d37decb0d4113b8d6f5cf76ede1f5a92f940c7896886f888d428d94cf9d1d3590aa07a098382cc882cfa255d8dd580dc2e01645ea76d92126070a22b478cbcb25b82df3d38b21bd0f9439d056414230d7580c8c94f2def73c4290d749a5d40a4be59ac7e1878c56e3ba1691902527755f4641caa57311825ddf5247b16e46b973fcd9eef006da976c7478f3f909311ab07974cfe4dcf905bb597391c2ab8e36d78a57ec61501814f7ed263a525e4c91eb73bec55a2c61b55c56f7913906b0af7c94bf122a03bbae1571790d6281950cdc3cb145e81c68360a49d4f1276fe551f543af9dc662ad471a3cab7a64d00a9641ed943a162d986b6af0c1a0f0428e57e633003977f6f3e99a34282358da4cfcac9c8cb13e6dc201a3e98466ab20d6ddd289c55296b63005aa323066a18f815b40ba0aa999724749edab5c82125458e58c25e26691468777521453d2275e606d31da183948c484ce0488f16278421d43963ccf4c9e9954c05ec9b28c8b700970036baeba744c9d8ede60f808a1e2151ae376c8f0fe66cdf6daf3ef4ba7472dfcea059ad29b76d0c4de2ea8276a5f82be8a8cf70c581659d593db3fe1eaed7cdb26a649ea093a5572ef048d3d3eef2014b7958dd7f6d66d5e11c59166d129a50beccd3a551d09c18ff50274e867cc91b10ba38511f9a5628423a83188d10c28a1b2acce1f24cf0a1dedce3c3d1354367714e207810527d5dacf669df21ac9fbae38ac1a55ac7d7470441cda20ddde7242c1f321934c1325a7adb29c70ccc8b394988c21be9db3b86a2b364e389d4368163488f817f13470cd37e9cd0fbfb4299a5d452fb5a9ac5321e09e35fd2548f46ea410a6267a5b7c5ac4d3fedf436eec4cd8a3b466d40e21e202ec5d822aa9a69a1a0a0c47f3a015205d81b5d0e6f9efd8fbf9bcb366d787f4fde416a3c4731253b518f86e5dbc33df5917ffff68ac8f5a1797188cfe370d951823b38986bff7c8c1c06e2b719691382d05961d626565805bf85f324b0759ca3e640d43d517e21807c6bc2a5cf7a12e046ef56df298e6412a7f726aedf2aa1dde973af4335f42ff2c09982f703ce3020a14088f9b5fe622ebd3a762ae67dd3130c7f8d7f8cb797842f7bf4559672b8ae1bd2a3da273ea4f7f73390ab0b54a2ff082a3c3dfb21aa9d7472ae8204afad3a6d7b1b308a7d9aa03c9c20e448a9fdbbdf88abe524d0c0fce5e7fa6ac9d95ee5509c28dd77245a00a30c1e4933c5d2044483aaaff194bbed69df54b1c0513cb143252fe11ac04e75424b4a6ba3be902ccba03c7253ede7bfdde604dfaee4fda0851b73e0125e0442ecd514032e18a38684a79774285f02696e6e3b72552f76c5ecab03efa902ffa34707be2780f247099250e37ff788048f623e95d9818fd33bd2db0b58a0214cd1da19857a02cbb7f5dad955fcc745770ce228bcb8146c83df91d7825e1b03a68a576f4a269c5afd2069751477ebc739db778ab9d391bc6eef7c22dc9009ed666457c4ddc4e1bf7218c56a691093324f6f2048432af13396ed8220a74d00853cc55a5674eb72b68e7a1e214c4083f1fee8c0b4ac8361a646f415beaa4884dfc44bce8b42b24210dda0a302a9f6c4ab406942cc40ef8b8e30bd2e0b80772b3aee34bf85b93fed56f3f02636bf0427ac2396f4c3ca5da2b0821ec9ac9c37c4ed83cc12c9409f94d0f2f783d4edc87f6938554d4f4cc9caf3b4e0b6629bde62ed2c9ca4b4cb8c64735f958bc4ddae8a02a4a0540b86f838d3081f14ef6f430ef517c41b2d75035200dfb18d4d175299d56c9e5160ff514d40c15965cacfe0c5cce6e07e7ae89028fdbe061aca7ffe4d878fc2914a16638fbfedcd89db5b4ade33cce9616abf6a492e60453050602e0e2b6dd2c02a7a9d3f04afc8f82c3982aef754e75646e71255931170613163dd4120780d6eed4d78b9b2d72fbaa71b024ee610ac2336df930134c95373a32e36f01c53e3c7c2d0d9350acee98346dcc135699337ace3675c343e8d48d76a498b98c5c862b76e07cdef9a81516b31673971b25c602325b80307a06c61976591c10885ea79b40d341a78f3b64393acb254ecc979eb615b98708f9cf8097461029d731eda966bf9668bdd913492caabb5f87ec877e6fb9e672aa6d90fd3cf5161b330f6b4f5ba100d13e84fa154ccf12d39a09e18496365642d79f0c745f10d4ee84fd836454eb9fd4dcfafb3aab11eba18f14d3ac6ca4f619765c6b9702e7d5b52d2e2b33f27f74440fa1c6a43204bb9105f4afd47fc55948d68f6fa7a924e1900d816043700130f0b7ed962a357e38f7ed0f7badf6cb903e9c3b6e340a4df2ef6c978c18826dd1a614f60244576503338146680bbb89587c298a7138443ec676ff384d8b38fe01e588fdb2c0f697ea74a00d59b12b92c498a746e14af82b771eb2b60ab1d14dfa929b94ea4822041be1690dcd1a904f6cf862b469469463da376f03d32bca7a24b240ec04a260504d83dc851539a2c253953d2c1815ac979bfdd94a25f7cbab5fc19db38e7c9705b8936a0c4c2c7cefabf91f4eb473539aac99c92e8f35598a02f2f113ee18db89ceba1d56c64db0a1a3651b11f453f6f8ecd342b95fd9ed24147aa7a6de5de5f8db06a47eaa6de6cad0a9641c9cde780479e42e5bbd95eb8fba6e1ce2a506045522eeeddbf0682a1f8b337f93cef7d7dc7d1dd0660ba4c19831c83a9a1847d1bf019fd3a966222f2d647538fbfb56495d67e4163823940d63332c6c738600bb08d7f0667486c2f0a76f263eb914b8d30cd5bf87a88d309f00695033d4b8ddf46adb9c0d13c1cde53e462ba5e72a218254e88be32f4c0a96be5dff480fa3017a022fee8e09374dfa01efe8f628c1921804e8060f380b41af823f318ee6422fc9c30b3219fe102729272c8f3ba37aa8f3f122c91bc8b3e76d503052895ab2edae1fc0fa6560cc454b12120becc093855eebb2a5ec0a002d0d4609603f2f5b20feb25773c0ca38ce93d496bee738a41a53fc140e150fcd050fe69b0e2e5f32e9ae8ad713ed0fdf54cc41d1920d28570416d944a6ec70404453c9f3672d7acd7909c27e0c32a3127748b8b2a825a5321a2ea7742ecdfedc59a1a3717317ff9f2e5a04ee6dd9c60da25967ab0abcdc1a30259d99e472c6b8f7c320972714d5e34a370c03c2ce025584fc303f068ba209c32ae75a4833992c433ab7e55b22a72c8186858869d14b3a0894ef3b8689b947e83f41782f26db946f4bfbe678e5a8e9b7290379891369ea37d3741be6786f303a5a41e2bde923b0e27524b9c72426eb9cac0ed28bd6e9e34336d9489307f2a04751885730fe388c97c070c553f8f063f4d5ab6f8f2b0143a2f060db478d574508b899af31bee6c1037af295337276b53c200b8f7f1a623c49f4bae0bb5ce2d286845b23a1427d4538dfce34c2a5fc41328ee49361fdb2bdf0e6f72f0f7921cdc472f596c1c6917cff9c5d325a4e040317130aad19ad786cc223714dd68fb4de1732d3e81dc9965bf83114d6c7ec62e21f85478b87bf622fe2174f5416bae2ccbb26b42ad328d9a6171c2df879a1a3e9da822b862df19abb5b719e2d1d561dfd75dfee699ea2f4e0486bc81ca8fa10ba03f11731dea4ad9e8517bb212531fa60bdc4fec20031a19a89383dc44fbb314d25a436ddefd1aaf09621bb4f5faf4e476df0949ab6ba22f47a0294d890a2aaf31b498077e63935868698af58bb7cba827bf8beb27fc73743f2252f926a2dcf870ecbc4ccc830ce0eea2ba682d1d7ec1ea82d42d5ab48ce49a999250d69150fd080a5445689010ec2914bf2da218339819f1e408a806cfde0cb37ef576e3fd542cc76c969568bfe5f10d4331c1a92f31f56132818c3287a7d7ba9bf807b35c29e8da109e7d62da8eb273a03a7e3f04466f9f8caee77f800a782ac0ab68191885cd67da5c15c773b51efcfcfd61e1fd3be1781f75a532ccef45dffe312441df54b587ace5c4264af973ab016d2d9841540dfa08bfba3a55ca562a6aee336fb154497cac8c19002872596b9784450f1c5f4770cfe7e1189fdee2b4d06167106dbd0cef379fe6b02f52a886a3d1a624aea92335cc2b09dc2cea4d2817f283e646571ac7e7247c5e8b16e166740160ada5d0ae24fae81b5ece0b1830fe56ea7f7c288cbb700ceab942b128083e2b8145cb6572109fc7554c28ea682011145d312e62d574b8dcfb582b0a0d02b1337e5c584ddfb6525fa273c4d02da0369678e90472f3f62a2a7332564c47236897add5e074822e8c5aa295373e1cbf66fc64cdf3277f4dd8c2cec2ab5f08d7adb1a30a35e4ccecb146687edf43bee4c0129252223ebd1212f1007cc989117cf4cb9a2f9fb0c7d2b63ec25d9c0a8c94f86debf3b6634c6272c12bb05d43fbcb1fac59d18c8d06b4cf49cea6aa99e42c4b2f2e5f4da9f77a3922c70ac44595fca7a246d8f0451b0bd5d17a060e23d965186e5147305ed844b8ea1544a6053bc8ea3a55a38c52336ab41727966823ba7542b8fd23c2783af182d9d5360dd77d23e5e441ef53f30796051b689ce89a514145b735bbf4fd2a1a280e3af8949153f3259cdc28d95622615fd0c97ecc5a3c5ffbe7d65b44d93a9bf31ee2af64a382d80853a3e7baff05c82374def026e0e5e9843f390ec2f87ed673e4fac3816042dbed190498661d19635670c99ea0a80277dd1495905e62bc297346af2864d040f21681cbb184279fffa3af2388249133ad750c8ee649788ae87133a19cec5e7e2ccf66acf03a25f2c9116a30abbac57ebc7687c5626749e4e110e501325bb986d119ad111b9b2f1216efee6583fa0a25842ddbf4162db5ccc7f19a07c50f81cedac23606929b4e58d0f463246b0efc3f96b71daa0707d5dedfe6dd275008c18f520987b8097309f8fae973e27514e09c4d855d04af9c60e23f25fbdb87ef9120f512ebebe4552832f63521da57d2e1b96bf5a983127ff41e1985dc3f5495bdc0a0515c958c3bf2fe35741e7db0ba7cd4713ef2c3201037aa75c50e3e21b14ee914051584f47445191eadc92123bde98053f04a5a230b3b81d23051c8e498adaac3ab4b60fdde3e290e8925ca7408827077888f7ac034781dca2a16e179d46bc49c4512d27f6acb97074323d8e8cb091de5292434a017b973db9be02cec0ab39d1c7e19920b57243696277963e0760a9e56f3abff435a48413517e05b2f0d0b872a5fb7fb83c6f5988306b3f793cf8c16b748be29cd05e7b0cb92102381befac75f4300ff26940e9a9e19a573c1e9fcedca8127e6f5b37a84222da08ea6caaaed43ffcc35f4f4b76cb810aff1e9bbc8f6396364332c333d6cfbe04a66805d1eaa93a64b4d0f64b35ed220bd629788502303595e7057f466e4810f59548b8837a0ca6570d2271327ddbf913d9b16cc12802edb4ac179f1ae5f311cd8c1c5b501eca5f0cc6323792d9ce1b309d0853ec4fda6bb8196b5d708ca1c2d6bd52f278b6a88db3c7725cf3a30413f0917086aba5548db8e21a567e9a21afc4de76a490de4fafe2dcc9abd311cda5c557ecd841d3b7a3113b9f06e034da9ecd6a1c8c0c70cb4d8bf5d736afa37e4d43b787fc040b8fc26deae350c51ee09c6a840d3f24db8e62de5ae63e308a0c235d2cbde572db73dd70873567078ffab832ae7df7b70ddf77792437224d5816400932478a0e02f0b1fe3e253aab17f5e521865016b8aa3c86f7a06de6a8c0e515f04a5758c9", 0x1000}], 0x1, &(0x7f00000018c0)=[@dstaddrv6={0x20, 0x84, 0x8, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, @sndinfo={0x20, 0x84, 0x2, {0x75, 0x200, 0x7, 0x3f, r2}}, @dstaddrv6={0x20, 0x84, 0x8, @dev={0xfe, 0x80, [], 0x14}}, @init={0x18, 0x84, 0x0, {0xfffffffffffffffd, 0xae65, 0x1, 0x7f}}, @sndrcv={0x30, 0x84, 0x1, {0x5, 0x7, 0x8000, 0x9, 0x9, 0x400, 0x0, 0x1ff, r3}}], 0xa8, 0x20000000}, 0x4000800) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:36:58 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) r1 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x5, 0xaa461b89da607f5f) r2 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/mls\x00', 0x0, 0x0) fanotify_mark(r1, 0x4, 0x40000000, r2, &(0x7f00000000c0)='./file0\x00') 07:36:58 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 198.604912] x86/PAT: syz-executor.2:9283 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 198.630584] x86/PAT: syz-executor.4:9290 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 198.637963] FAULT_INJECTION: forcing a failure. [ 198.637963] name failslab, interval 1, probability 0, space 0, times 0 [ 198.650516] protocol 88fb is buggy, dev hsr_slave_0 [ 198.650573] protocol 88fb is buggy, dev hsr_slave_1 [ 198.652337] x86/PAT: syz-executor.4:9296 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 198.706747] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 198.715594] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 198.738040] CPU: 1 PID: 9283 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 198.745086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 198.754439] Call Trace: [ 198.757032] dump_stack+0x138/0x19c [ 198.759515] x86/PAT: syz-executor.4:9296 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 198.760672] should_fail.cold+0x10f/0x159 [ 198.760692] should_failslab+0xdb/0x130 [ 198.760707] __kmalloc_track_caller+0x2ec/0x790 [ 198.760721] ? check_preemption_disabled+0x3c/0x250 [ 198.760734] ? prepare_creds+0x3e/0x380 [ 198.773437] ? selinux_cred_prepare+0x49/0xb0 [ 198.782053] kmemdup+0x27/0x60 [ 198.782065] selinux_cred_prepare+0x49/0xb0 [ 198.782078] security_prepare_creds+0x7d/0xb0 07:36:58 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:58 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8004, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x4, 0x35315241, 0x200000, 0x200, 0x1, @discrete={0x85, 0x401}}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6400, 0x40) ioctl$SCSI_IOCTL_START_UNIT(r1, 0x5) [ 198.782092] prepare_creds+0x2cf/0x380 [ 198.782103] copy_creds+0x7b/0x4f0 [ 198.782112] ? lockdep_init_map+0x9/0x10 [ 198.782125] copy_process.part.0+0x868/0x6a00 [ 198.782140] ? debug_smp_processor_id+0x1c/0x20 [ 198.782149] ? perf_trace_lock+0x109/0x500 [ 198.782160] ? check_preemption_disabled+0x3c/0x250 [ 198.837478] ? save_trace+0x290/0x290 [ 198.841279] ? SOFTIRQ_verbose+0x10/0x10 [ 198.845329] ? debug_smp_processor_id+0x1c/0x20 [ 198.849995] ? __f_unlock_pos+0x19/0x20 [ 198.853981] ? __cleanup_sighand+0x50/0x50 [ 198.858219] ? lock_downgrade+0x6e0/0x6e0 [ 198.862375] _do_fork+0x19e/0xce0 [ 198.865843] ? fork_idle+0x280/0x280 [ 198.869574] ? fput+0xd4/0x150 [ 198.872767] ? SyS_write+0x15e/0x230 [ 198.876484] SyS_clone+0x37/0x50 [ 198.879848] ? sys_vfork+0x30/0x30 [ 198.883390] do_syscall_64+0x1e8/0x640 [ 198.887280] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 198.892131] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 198.897314] RIP: 0033:0x459879 [ 198.900500] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 198.908201] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 198.915458] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 198.922720] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 198.922726] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 198.922732] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 198.930048] x86/PAT: syz-executor.2:9283 freeing invalid memtype [mem 0x00000000-0x00000fff] 07:36:58 executing program 2 (fault-call:8 fault-nth:4): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:58 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000040)={0x80000000, 0x35315241, 0x100000004, 0x0, 0x3, @stepwise={{0x80000000}, {0x5, 0x80}, {0x2, 0x5}}}) r1 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0xad17, 0x400) ioctl$sock_inet_udp_SIOCINQ(r1, 0x541b, &(0x7f00000000c0)) 07:36:58 executing program 3: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x10000, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x1, &(0x7f00000000c0)={0xffffffffffffffff}, 0x111, 0x5}}, 0x20) write$RDMA_USER_CM_CMD_DESTROY_ID(r0, &(0x7f0000000180)={0x1, 0x10, 0xfa00, {&(0x7f0000000080), r1}}, 0x18) ioctl$TIOCNOTTY(r0, 0x5422) r2 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r2, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) [ 198.930063] x86/PAT: syz-executor.2:9283 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 199.050140] protocol 88fb is buggy, dev hsr_slave_0 [ 199.055251] protocol 88fb is buggy, dev hsr_slave_1 [ 199.116518] x86/PAT: syz-executor.2:9321 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 199.135207] FAULT_INJECTION: forcing a failure. [ 199.135207] name failslab, interval 1, probability 0, space 0, times 0 [ 199.147359] CPU: 0 PID: 9321 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 199.154381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.163726] Call Trace: [ 199.166299] dump_stack+0x138/0x19c [ 199.169915] should_fail.cold+0x10f/0x159 [ 199.174051] should_failslab+0xdb/0x130 [ 199.178011] kmem_cache_alloc+0x2d7/0x780 [ 199.182158] ? creds_are_invalid+0x48/0x110 [ 199.186459] ? selinux_is_enabled+0x9/0x50 [ 199.190686] ? creds_are_invalid+0x48/0x110 [ 199.195001] __delayacct_tsk_init+0x20/0x80 [ 199.199301] copy_process.part.0+0x1a6c/0x6a00 [ 199.203869] ? debug_smp_processor_id+0x1c/0x20 [ 199.208515] ? perf_trace_lock+0x109/0x500 [ 199.212733] ? check_preemption_disabled+0x3c/0x250 [ 199.217738] ? save_trace+0x290/0x290 [ 199.221516] ? SOFTIRQ_verbose+0x10/0x10 [ 199.225561] ? debug_smp_processor_id+0x1c/0x20 [ 199.230207] ? __f_unlock_pos+0x19/0x20 [ 199.234163] ? __cleanup_sighand+0x50/0x50 [ 199.238481] ? lock_downgrade+0x6e0/0x6e0 [ 199.242611] _do_fork+0x19e/0xce0 [ 199.246048] ? fork_idle+0x280/0x280 [ 199.249770] ? fput+0xd4/0x150 [ 199.252951] ? SyS_write+0x15e/0x230 [ 199.256654] SyS_clone+0x37/0x50 [ 199.259999] ? sys_vfork+0x30/0x30 [ 199.263528] do_syscall_64+0x1e8/0x640 [ 199.267392] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 199.272222] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 199.277388] RIP: 0033:0x459879 [ 199.280557] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 199.288244] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 199.295494] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 199.303944] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 199.311196] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 199.318451] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 199.325882] protocol 88fb is buggy, dev hsr_slave_0 [ 199.330983] protocol 88fb is buggy, dev hsr_slave_1 [ 199.370384] x86/PAT: syz-executor.2:9315 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 199.379122] x86/PAT: syz-executor.2:9315 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 199.437573] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 199.446289] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. 07:36:59 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x840, 0x0) epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r0, &(0x7f0000000040)) ioctl$SG_EMULATED_HOST(r2, 0x2203, &(0x7f0000000080)) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r3 = creat(&(0x7f0000000180)='./file0\x00', 0x0) write$P9_RSTATFS(r3, &(0x7f00000001c0)={0x43, 0x9, 0x2, {0xffffffffffffff73, 0x4, 0xae, 0x2e4488a7, 0x7, 0x1, 0x8, 0x0, 0x5}}, 0x43) mq_timedreceive(r2, &(0x7f0000000080), 0x0, 0x3, &(0x7f00000000c0)={0x0, 0x1c9c380}) close(r1) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f0000000400)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000003c0)={&(0x7f0000000280)={0x120, r4, 0x200, 0x70bd28, 0x25dfdbff, {}, [@TIPC_NLA_NET={0x34, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x1}, @TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xfffffffffffffffd}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xd919}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xffff}]}, @TIPC_NLA_MEDIA={0x40, 0x5, [@TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfc}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}]}, @TIPC_NLA_MEDIA={0x74, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x547d6769}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x415}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x20}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}]}]}, @TIPC_NLA_MEDIA={0xc, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_NODE={0x18, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x20}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x120}, 0x1, 0x0, 0x0, 0x800}, 0x20000000) 07:36:59 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0xb4d79b2e5fcb12c4, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) write$nbd(r0, &(0x7f0000000100)={0x67446698, 0x1, 0x2, 0x1, 0x4, "bd5b25846a46e69f260f2cc2b835ab9e96e35065c81233e7f290c7b7f24142b53a2ad80aa71f9bf4ea5719b4aedd7598874f4acf04de873c6663920e574dce86fef82fbab116014b71d7fc955ae27ea0ba4d1feee6b77a843025d0bda13d90c75d5ae2285177f9c9337b9fde7230de3415b00f3fd744b97cd1ba8851304e6f4bcd5c97c0c5a4d201553069"}, 0x9b) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:36:59 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) lsetxattr$security_smack_transmute(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='security.SMACK64TRANSMUTE\x00', &(0x7f00000000c0)='TRUE', 0x4, 0x2) 07:36:59 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000040), &(0x7f0000000080)=0x4) 07:36:59 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x0, &(0x7f0000ffb000/0x1000)=nil) 07:36:59 executing program 2 (fault-call:8 fault-nth:5): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:36:59 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000080)={0x0, 0x2, 0x8, 0x5}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000140)={r1, 0x40, 0x2, 0x5, 0x50, 0xffffffff7fffffff}, &(0x7f0000000180)=0x14) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) mremap(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000ffc000/0x2000)=nil) 07:36:59 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r0, 0xc0305616, &(0x7f0000000040)={0x0, {0x0, 0xf6}}) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0xffffffffffffffff, 0x0, 0x2, @stepwise={{0x9, 0xfff}, {0x2, 0x8}, {0x3, 0x2}}}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x7, [@enum={0x7, 0x4, 0x0, 0x6, 0x4, [{0x0, 0xfd6}, {0x9, 0x2e}, {0x0, 0x6}, {0x5, 0x4}]}, @restrict={0x3, 0x0, 0x0, 0xb, 0x5}]}, {0x0, [0x61, 0x30, 0x61, 0x61, 0x61]}}, &(0x7f0000000140)=""/185, 0x57, 0xb9}, 0x20) 07:36:59 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8001, 0x101003) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:36:59 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x0, &(0x7f0000ffb000/0x1000)=nil) [ 199.593162] x86/PAT: syz-executor.2:9337 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 199.618252] FAULT_INJECTION: forcing a failure. [ 199.618252] name failslab, interval 1, probability 0, space 0, times 0 [ 199.675032] CPU: 0 PID: 9337 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 199.682080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.691427] Call Trace: [ 199.691446] dump_stack+0x138/0x19c [ 199.691466] should_fail.cold+0x10f/0x159 [ 199.691485] should_failslab+0xdb/0x130 [ 199.691500] kmem_cache_alloc+0x2d7/0x780 [ 199.691513] ? lockdep_init_map+0x9/0x10 [ 199.697701] ? debug_mutex_init+0x2d/0x5a [ 199.697718] dup_fd+0x85/0xa40 [ 199.697743] copy_process.part.0+0x1b5a/0x6a00 [ 199.697758] ? debug_smp_processor_id+0x1c/0x20 [ 199.730549] ? perf_trace_lock+0x109/0x500 [ 199.734790] ? check_preemption_disabled+0x3c/0x250 [ 199.739814] ? save_trace+0x290/0x290 [ 199.743617] ? SOFTIRQ_verbose+0x10/0x10 [ 199.747693] ? debug_smp_processor_id+0x1c/0x20 [ 199.752379] ? __cleanup_sighand+0x50/0x50 [ 199.756616] ? lock_downgrade+0x6e0/0x6e0 [ 199.760773] _do_fork+0x19e/0xce0 [ 199.764232] ? fork_idle+0x280/0x280 [ 199.767954] ? fput+0xd4/0x150 [ 199.771153] ? SyS_write+0x15e/0x230 07:36:59 executing program 1: r0 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/status\x00', 0x0, 0x0) sysinfo(&(0x7f0000000240)=""/118) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000080)={0x10000009}) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x0, 0x1) fanotify_mark(r3, 0xd, 0x48000028, r2, 0x0) openat$selinux_status(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/status\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r3) 07:36:59 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x0, &(0x7f0000ffb000/0x1000)=nil) 07:36:59 executing program 1: openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r0 = fanotify_init(0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r0) [ 199.774873] SyS_clone+0x37/0x50 [ 199.778239] ? sys_vfork+0x30/0x30 [ 199.781776] do_syscall_64+0x1e8/0x640 [ 199.785663] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 199.790507] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 199.795694] RIP: 0033:0x459879 [ 199.799184] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 199.806888] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 199.814154] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 07:36:59 executing program 3: ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x0, 0xdf1f765bc8b73c49, 0x780}) socket$inet(0x2, 0x3, 0x2) r0 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/mls\x00', 0x0, 0x0) tee(r0, r0, 0x7, 0x4) write$P9_RFSYNC(r0, &(0x7f0000000040)={0x7, 0x33, 0x1}, 0x7) ioctl$TIOCLINUX7(r0, 0x541c, &(0x7f0000000080)={0x7, 0x3f}) 07:36:59 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) execve(&(0x7f0000000040)='./file0\x00', &(0x7f0000000200)=[&(0x7f0000000080)='vmnet0{!vboxnet1@\x00', &(0x7f00000000c0)='/dev/video#\x00', &(0x7f0000000140)='/dev/video#\x00', &(0x7f0000000180)='\x00', &(0x7f00000001c0)='security\\e/security\x00'], &(0x7f0000000400)=[&(0x7f0000000240)='/dev/video#\x00', &(0x7f0000000280)='\x00', &(0x7f00000002c0)='/dev/video#\x00', &(0x7f0000000300)='/dev/video#\x00', &(0x7f0000000340)='/dev/video#\x00', &(0x7f0000000380)='-wlan0\x00', &(0x7f00000003c0)='*vboxnet0\x00']) r1 = geteuid() ioprio_get$uid(0x3, r1) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) r2 = syz_open_dev$dmmidi(&(0x7f0000000440)='/dev/dmmidi#\x00', 0x80000, 0x8000) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000004c0)="066c459dfdb9f7520337d9bbb6765101", 0x353) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f0000000480)='mime_typebdev\x00') 07:36:59 executing program 4: mkdir(&(0x7f0000000180)='./file0\x00', 0x2) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x408b02, 0x0) r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000140)={0x10000, 0x0, 0x1, r1}) chdir(&(0x7f00000000c0)='./file0\x00') openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x4f6e65fbf7bd8a01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 199.821424] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 199.828686] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 199.828693] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 199.852776] x86/PAT: syz-executor.2:9337 freeing invalid memtype [mem 0x00000000-0x00000fff] 07:36:59 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x10d, 0x8001001, r0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x40) close(r1) 07:36:59 executing program 2 (fault-call:8 fault-nth:6): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 199.877105] x86/PAT: syz-executor.2:9337 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:36:59 executing program 0: openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) fanotify_init(0x0, 0x0) r0 = socket$inet(0x10, 0x3, 0x0) r1 = syz_open_dev$vcsn(&(0x7f00000001c0)='/dev/vcs#\x00', 0xfffffffffffffffe, 0x400) memfd_create(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r2 = getpid() socket$inet6_dccp(0xa, 0x6, 0x0) sched_setattr(r2, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r3, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x6) socket$caif_seqpacket(0x25, 0x5, 0x0) socket$packet(0x11, 0x2, 0x300) write(r5, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000380)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a63540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aab05741d1434c9680337f900"/76, 0x4c}], 0x1}, 0x0) syz_open_dev$loop(&(0x7f0000000440)='/dev/loop#\x00', 0x4, 0x40) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x8060, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x0, 0x3a, &(0x7f0000000200)={0x77359400}) vmsplice(0xffffffffffffffff, &(0x7f0000000900)=[{&(0x7f0000000600)}, {0x0}, {&(0x7f0000000840)}], 0x3, 0x0) getsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f00000002c0)={@loopback, 0x0}, &(0x7f0000000300)=0x14) ioctl$sock_inet6_SIOCDELRT(r1, 0x890c, &(0x7f0000000340)={@initdev={0xfe, 0x88, [], 0x1, 0x0}, @loopback, @mcast1, 0x1, 0x5, 0x0, 0x0, 0x7fff, 0x84, r7}) clock_gettime(0x1, &(0x7f0000005200)) 07:37:00 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) r1 = socket$caif_seqpacket(0x25, 0x5, 0x0) r2 = accept$packet(0xffffffffffffffff, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000003c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000400)={'team0\x00', r3}) r4 = accept4(0xffffffffffffffff, &(0x7f0000000040)=@ethernet={0x0, @broadcast}, &(0x7f00000000c0)=0x80, 0x800) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000140)={@local, @local, 0x0}, &(0x7f0000000180)=0xc) sendmsg$sock(r4, &(0x7f0000000300)={&(0x7f00000001c0)=@ll={0x11, 0x8638f708366c4f2b, r5, 0x1, 0x9, 0x6, @broadcast}, 0x80, &(0x7f0000000280)=[{&(0x7f0000000240)="2f0e5f6f76f531b54d7c2f28578463e49d5a8043bf0ff5a202292fc4", 0x1c}], 0x1, &(0x7f00000002c0)=[@timestamping={{0x14, 0x1, 0x25, 0x5}}], 0x18}, 0x4000000) r6 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r6, &(0x7f0000000440)={0x10101}) 07:37:00 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) pipe2(&(0x7f0000000080)={0xffffffffffffffff}, 0x0) bind$unix(r1, &(0x7f0000000140)=@abs={0x0, 0x0, 0x4e23}, 0x6e) ioctl$VIDIOC_S_CROP(r0, 0x4014563c, &(0x7f0000000040)={0x5, {0x7, 0x6, 0x58d8, 0xffffffff}}) [ 199.948167] x86/PAT: syz-executor.4:9374 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:00 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r2 = add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$revoke(0x3, r2) linkat(r0, &(0x7f0000000000)='./file0\x00', r0, &(0x7f0000000040)='./file0\x00', 0x400) r3 = creat(&(0x7f0000000140)='./file1\x00', 0x100) fchmodat(r0, &(0x7f0000000200)='./file0\x00', 0x100) ioctl$VT_GETMODE(r3, 0x5601, &(0x7f00000001c0)) creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000280)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x44, r4, 0x20, 0x70bd2b, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x30, 0x1, [@IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e20}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x8, 0xf36717b520fc7a7f}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'sed\x00'}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x8004}, 0x4000) [ 200.036126] x86/PAT: syz-executor.4:9374 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 200.066929] x86/PAT: syz-executor.2:9390 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 200.068333] x86/PAT: syz-executor.4:9374 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:00 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-monitor\x00', 0x201, 0x0) ioctl$DRM_IOCTL_ADD_MAP(r0, 0xc0286415, &(0x7f0000000100)={0x0, 0x7, 0x3, 0x0, &(0x7f0000ffb000/0x2000)=nil, 0x8}) chdir(&(0x7f00000000c0)='./file0\x00') accept$inet6(r0, &(0x7f0000000000), &(0x7f0000000140)=0x1c) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) lsetxattr$security_evm(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='security.evm\x00', &(0x7f0000000200)=@v1={0x2, "73960e33"}, 0x5, 0x706ac621a137ce74) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:00 executing program 5: ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x0, 0x3831354f}) r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/checkreqprot\x00', 0x40000, 0x0) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000080), &(0x7f00000000c0)=0x14) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000040)=[@timestamp, @timestamp, @sack_perm, @sack_perm, @timestamp, @mss={0x2, 0x7}, @window={0x3, 0x1, 0xfffffffffffffffe}, @timestamp], 0x8) [ 200.086958] FAULT_INJECTION: forcing a failure. [ 200.086958] name failslab, interval 1, probability 0, space 0, times 0 [ 200.120886] CPU: 0 PID: 9390 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 200.128020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 07:37:00 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) close(r1) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000000)=0x75275bca83b31a33, 0xffffffffffffffdf) [ 200.137457] Call Trace: [ 200.140046] dump_stack+0x138/0x19c [ 200.143680] should_fail.cold+0x10f/0x159 [ 200.147836] should_failslab+0xdb/0x130 [ 200.151816] kmem_cache_alloc+0x2d7/0x780 [ 200.155959] ? lockdep_init_map+0x9/0x10 [ 200.160003] ? debug_mutex_init+0x2d/0x5a [ 200.164156] dup_fd+0x85/0xa40 [ 200.167345] copy_process.part.0+0x1b5a/0x6a00 [ 200.171922] ? debug_smp_processor_id+0x1c/0x20 [ 200.176586] ? perf_trace_lock+0x109/0x500 [ 200.180821] ? check_preemption_disabled+0x3c/0x250 07:37:00 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) setsockopt$netlink_NETLINK_CAP_ACK(r2, 0x10e, 0xa, &(0x7f0000000000)=0x2, 0x4) [ 200.185836] ? save_trace+0x290/0x290 [ 200.189643] ? SOFTIRQ_verbose+0x10/0x10 [ 200.193703] ? debug_smp_processor_id+0x1c/0x20 [ 200.198386] ? __cleanup_sighand+0x50/0x50 [ 200.202622] ? lock_downgrade+0x6e0/0x6e0 [ 200.206778] _do_fork+0x19e/0xce0 [ 200.210233] ? fork_idle+0x280/0x280 [ 200.213955] ? fput+0xd4/0x150 [ 200.217151] ? SyS_write+0x15e/0x230 [ 200.220880] SyS_clone+0x37/0x50 [ 200.224250] ? sys_vfork+0x30/0x30 [ 200.227798] do_syscall_64+0x1e8/0x640 [ 200.231688] ? trace_hardirqs_off_thunk+0x1a/0x1c 07:37:00 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x2000, 0x0) ioctl$DRM_IOCTL_GET_CAP(r2, 0xc010640c, &(0x7f00000000c0)={0x100000000, 0x9}) r3 = creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r3) socket$nl_xfrm(0x10, 0x3, 0x6) fsetxattr$security_capability(r3, &(0x7f0000000000)='security.capability\x00', &(0x7f0000000040)=@v1={0x1000000, [{0x4, 0x8}]}, 0xc, 0x1) mlock2(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x1) signalfd4(r2, &(0x7f0000000140)={0x8001}, 0x8, 0x80000) [ 200.236538] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 200.241725] RIP: 0033:0x459879 [ 200.244907] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 200.252617] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 200.259886] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 200.267155] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 200.274406] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 07:37:00 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) r1 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_GET(r1, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x280}, 0xc, &(0x7f0000000340)={&(0x7f00000001c0)={0x148, r2, 0x20, 0x70bd2a, 0x25dfdbfd, {}, [@TIPC_NLA_BEARER={0xcc, 0x1, [@TIPC_NLA_BEARER_NAME={0x18, 0x1, @l2={'ib', 0x3a, 'veth1_to_bridge\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @rand_addr=0xff}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0x4, @dev={0xfe, 0x80, [], 0x14}, 0xff}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0x1, @remote, 0x80000001}}, {0x14, 0x2, @in={0x2, 0x4e21, @multicast2}}}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0x18, 0x1, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x7956}]}, @TIPC_NLA_MEDIA={0x68, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x973}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffffffffffc}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}]}]}, 0x148}, 0x1, 0x0, 0x0, 0x24000001}, 0x20004880) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) sysinfo(&(0x7f0000000040)=""/118) 07:37:00 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780, 0x0, 0x0, @stepwise={{0x0, 0x6}, {0x1, 0x2}, {0x5, 0x1ff}}}) [ 200.281665] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 200.304910] x86/PAT: syz-executor.2:9390 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 200.387589] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 200.396331] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. 07:37:00 executing program 2 (fault-call:8 fault-nth:7): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 200.499087] x86/PAT: syz-executor.2:9390 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 200.601630] x86/PAT: syz-executor.2:9433 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 200.613895] FAULT_INJECTION: forcing a failure. [ 200.613895] name failslab, interval 1, probability 0, space 0, times 0 [ 200.625550] CPU: 1 PID: 9433 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 200.632557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 200.641892] Call Trace: [ 200.644464] dump_stack+0x138/0x19c [ 200.648183] should_fail.cold+0x10f/0x159 [ 200.652327] should_failslab+0xdb/0x130 [ 200.656291] kmem_cache_alloc_node_trace+0x280/0x770 [ 200.661377] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 200.666813] __kmalloc_node+0x3d/0x80 [ 200.670596] kvmalloc_node+0x4e/0xe0 [ 200.674812] alloc_fdtable+0xcf/0x280 [ 200.678592] dup_fd+0x693/0xa40 [ 200.681856] copy_process.part.0+0x1b5a/0x6a00 [ 200.686420] ? debug_smp_processor_id+0x1c/0x20 [ 200.691068] ? perf_trace_lock+0x109/0x500 [ 200.695282] ? check_preemption_disabled+0x3c/0x250 [ 200.700279] ? save_trace+0x290/0x290 [ 200.704058] ? SOFTIRQ_verbose+0x10/0x10 [ 200.708096] ? debug_smp_processor_id+0x1c/0x20 [ 200.712749] ? __cleanup_sighand+0x50/0x50 [ 200.716964] ? lock_downgrade+0x6e0/0x6e0 [ 200.721106] _do_fork+0x19e/0xce0 [ 200.724549] ? fork_idle+0x280/0x280 [ 200.728244] ? fput+0xd4/0x150 [ 200.731416] ? SyS_write+0x15e/0x230 [ 200.735126] SyS_clone+0x37/0x50 [ 200.738470] ? sys_vfork+0x30/0x30 [ 200.741991] do_syscall_64+0x1e8/0x640 [ 200.745856] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 200.750679] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 200.755848] RIP: 0033:0x459879 [ 200.759014] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 200.766706] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 200.774040] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 200.781292] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 200.788553] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 200.795802] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 200.803293] protocol 88fb is buggy, dev hsr_slave_0 [ 200.808352] protocol 88fb is buggy, dev hsr_slave_1 [ 200.822621] x86/PAT: syz-executor.2:9433 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 200.831307] x86/PAT: syz-executor.2:9433 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:00 executing program 0: openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) fanotify_init(0x0, 0x0) r0 = socket$inet(0x10, 0x3, 0x0) r1 = syz_open_dev$vcsn(&(0x7f00000001c0)='/dev/vcs#\x00', 0xfffffffffffffffe, 0x400) memfd_create(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r2 = getpid() socket$inet6_dccp(0xa, 0x6, 0x0) sched_setattr(r2, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r3, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x6) socket$caif_seqpacket(0x25, 0x5, 0x0) socket$packet(0x11, 0x2, 0x300) write(r5, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000380)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a63540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aab05741d1434c9680337f900"/76, 0x4c}], 0x1}, 0x0) syz_open_dev$loop(&(0x7f0000000440)='/dev/loop#\x00', 0x4, 0x40) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x8060, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x0, 0x3a, &(0x7f0000000200)={0x77359400}) vmsplice(0xffffffffffffffff, &(0x7f0000000900)=[{&(0x7f0000000600)}, {0x0}, {&(0x7f0000000840)}], 0x3, 0x0) getsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f00000002c0)={@loopback, 0x0}, &(0x7f0000000300)=0x14) ioctl$sock_inet6_SIOCDELRT(r1, 0x890c, &(0x7f0000000340)={@initdev={0xfe, 0x88, [], 0x1, 0x0}, @loopback, @mcast1, 0x1, 0x5, 0x0, 0x0, 0x7fff, 0x84, r7}) clock_gettime(0x1, &(0x7f0000005200)) 07:37:00 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/checkreqprot\x00', 0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) 07:37:00 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) r1 = getpgid(0x0) ptrace$setsig(0x4203, r1, 0x5, &(0x7f0000000040)={0x13, 0x8, 0x636b}) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) 07:37:00 executing program 3: r0 = memfd_create(&(0x7f0000000040)='vboxnet0bdev\x00', 0x4) fsetxattr$security_evm(r0, &(0x7f0000000080)='security.evm\x00', &(0x7f00000000c0)=@v1={0x2, "b0a80e9a38ff04203e2d1d"}, 0xc, 0x2) r1 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:00 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/nat_icmp_send\x00', 0x2, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x3000000, 0x101012, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000100)={0x20, @tick=0x6, 0x3ff, {0x80000000, 0x1000}, 0xcf, 0x0, 0x6}) 07:37:00 executing program 2 (fault-call:8 fault-nth:8): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:01 executing program 5: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/userio\x00', 0x100, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f0000000080)) r1 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) [ 200.947382] x86/PAT: syz-executor.2:9441 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 200.981223] FAULT_INJECTION: forcing a failure. [ 200.981223] name failslab, interval 1, probability 0, space 0, times 0 [ 200.996090] x86/PAT: syz-executor.4:9447 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 201.008608] CPU: 0 PID: 9441 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 201.015643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 201.024988] Call Trace: [ 201.025007] dump_stack+0x138/0x19c [ 201.025027] should_fail.cold+0x10f/0x159 [ 201.025046] should_failslab+0xdb/0x130 [ 201.025062] kmem_cache_alloc_node_trace+0x280/0x770 07:37:01 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x6, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:01 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x100000006) close(r1) [ 201.025073] ? kasan_unpoison_shadow+0x35/0x50 [ 201.025091] __kmalloc_node+0x3d/0x80 [ 201.033359] x86/PAT: syz-executor.4:9447 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 201.035419] kvmalloc_node+0x4e/0xe0 [ 201.035432] alloc_fdtable+0x13b/0x280 [ 201.035444] dup_fd+0x693/0xa40 [ 201.039464] x86/PAT: syz-executor.4:9447 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 201.044499] copy_process.part.0+0x1b5a/0x6a00 [ 201.044516] ? debug_smp_processor_id+0x1c/0x20 [ 201.044526] ? perf_trace_lock+0x109/0x500 [ 201.044535] ? check_preemption_disabled+0x3c/0x250 [ 201.044544] ? save_trace+0x290/0x290 [ 201.044554] ? SOFTIRQ_verbose+0x10/0x10 [ 201.044562] ? debug_smp_processor_id+0x1c/0x20 [ 201.044584] ? __cleanup_sighand+0x50/0x50 [ 201.044594] ? lock_downgrade+0x6e0/0x6e0 [ 201.044610] _do_fork+0x19e/0xce0 [ 201.044626] ? fork_idle+0x280/0x280 [ 201.044641] ? fput+0xd4/0x150 [ 201.044650] ? SyS_write+0x15e/0x230 [ 201.044669] SyS_clone+0x37/0x50 [ 201.053015] ? sys_vfork+0x30/0x30 [ 201.053031] do_syscall_64+0x1e8/0x640 07:37:01 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0xc1, 0x2000) write$FUSE_LSEEK(0xffffffffffffffff, &(0x7f0000000080)={0x18, 0x0, 0x8, {0x7fffffff}}, 0x18) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:01 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x100010002) r1 = fanotify_init(0x0, 0x0) gettid() fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x105) close(r1) [ 201.053043] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 201.065307] x86/PAT: syz-executor.4:9452 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 201.069188] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 201.069196] RIP: 0033:0x459879 [ 201.069204] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 [ 201.077869] x86/PAT: syz-executor.4:9452 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 201.081017] ORIG_RAX: 0000000000000038 [ 201.081025] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 07:37:01 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780, 0x0, 0x13b3018b9b80bf38}) [ 201.081031] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 201.081037] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 201.081043] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 201.081049] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 201.241246] x86/PAT: syz-executor.4:9452 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 201.283881] x86/PAT: syz-executor.2:9439 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 201.292949] x86/PAT: syz-executor.2:9439 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 201.367478] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 201.370114] protocol 88fb is buggy, dev hsr_slave_0 [ 201.376175] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 201.381177] protocol 88fb is buggy, dev hsr_slave_1 07:37:01 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) execve(&(0x7f0000000040)='./file0\x00', &(0x7f0000000200)=[&(0x7f0000000080)='vmnet0{!vboxnet1@\x00', &(0x7f00000000c0)='/dev/video#\x00', &(0x7f0000000140)='/dev/video#\x00', &(0x7f0000000180)='\x00', &(0x7f00000001c0)='security\\e/security\x00'], &(0x7f0000000400)=[&(0x7f0000000240)='/dev/video#\x00', &(0x7f0000000280)='\x00', &(0x7f00000002c0)='/dev/video#\x00', &(0x7f0000000300)='/dev/video#\x00', &(0x7f0000000340)='/dev/video#\x00', &(0x7f0000000380)='-wlan0\x00', &(0x7f00000003c0)='*vboxnet0\x00']) r1 = geteuid() ioprio_get$uid(0x3, r1) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) r2 = syz_open_dev$dmmidi(&(0x7f0000000440)='/dev/dmmidi#\x00', 0x80000, 0x8000) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000004c0)="066c459dfdb9f7520337d9bbb6765101", 0x353) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f0000000480)='mime_typebdev\x00') 07:37:01 executing program 5: ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) 07:37:01 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) syz_kvm_setup_cpu$x86(r0, r0, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000080)="0f08c483256bfa0c420fc7320fc730c462859c85a64d0000440f001e460f01dfc4e23592445100420f017600c442792ab90b000000", 0x35}], 0x1, 0x22, &(0x7f0000000140), 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) setxattr$trusted_overlay_origin(&(0x7f0000000200)='./file0\x00', &(0x7f0000000180)='trusted.overlay.origin\x00', &(0x7f00000001c0)='y\x00', 0xfd4e, 0x2) 07:37:01 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0xc40, 0x0) setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000080)=@req={0xd85, 0x1, 0x8, 0x2}, 0x10) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:01 executing program 1: setxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='trusted.overlay.redirect\x00', &(0x7f00000000c0)='./file0\x00', 0x8, 0x2) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r2 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$UI_ABS_SETUP(r2, 0x401c5504, &(0x7f0000000000)={0x1, {0x7, 0x10c8, 0x81, 0x0, 0xffffffff, 0x7}}) close(r1) 07:37:01 executing program 2 (fault-call:8 fault-nth:9): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:01 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) signalfd4(r0, &(0x7f0000000080)={0x5}, 0x8, 0x80000) r1 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x782b, 0x41) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f00000000c0)={0x9, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000140)=0x28) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000001c0)={r2, 0x1c, &(0x7f0000000180)=[@in6={0xa, 0x4e20, 0xd9, @dev={0xfe, 0x80, [], 0x1f}}]}, &(0x7f0000000200)=0x10) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) [ 201.782103] x86/PAT: syz-executor.2:9486 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 201.799651] x86/PAT: syz-executor.4:9484 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 201.816011] FAULT_INJECTION: forcing a failure. [ 201.816011] name failslab, interval 1, probability 0, space 0, times 0 07:37:01 executing program 3: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x200000, 0x0) getsockopt$inet6_int(r0, 0x29, 0x7, &(0x7f0000000080), &(0x7f00000000c0)=0x4) r1 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) [ 201.819712] x86/PAT: syz-executor.4:9484 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 201.842506] x86/PAT: syz-executor.4:9484 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:01 executing program 1: r0 = syz_open_dev$usbmon(&(0x7f0000000240)='/dev/usbmon#\x00', 0x6, 0x800) ioctl$KVM_IRQ_LINE(r0, 0x4008ae61, &(0x7f0000000280)={0x5, 0x6}) r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000005c0)='.\x00', 0x1, 0x0) r2 = fanotify_init(0x0, 0x0) fanotify_mark(r2, 0xd, 0x48000028, r1, 0x0) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/policy\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0xa8, &(0x7f0000000040)=[@in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x20}}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, @in={0x2, 0x4e20, @multicast1}, @in={0x2, 0x4e20, @loopback}, @in={0x2, 0x4e23, @rand_addr=0x80000001}, @in6={0xa, 0x4e23, 0xffffffffffffffff, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}, @in={0x2, 0x4e22, @rand_addr=0x1}, @in6={0xa, 0x4e20, 0x200, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x29}}, 0x8}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f00000001c0)=0x10) syslog(0x2, &(0x7f00000002c0)=""/243, 0xf3) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f0000000200)=@sack_info={r4, 0xae, 0xffffffffffff0001}, 0xc) chmod(&(0x7f0000000300)='./file0\x00', 0x10) r5 = creat(&(0x7f0000000180)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000600)='bpf\x00', 0x202a, &(0x7f0000000640)={[{@mode={'mode', 0x3d, 0x4}}, {@mode={'mode', 0x3d, 0x8001}}], [{@mask={'mask', 0x3d, '^MAY_EXEC'}}]}) getsockopt$IPT_SO_GET_ENTRIES(r5, 0x0, 0x41, &(0x7f00000003c0)=ANY=[@ANYRES16=r1], &(0x7f0000000340)=0x1) r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000400)='IPVS\x00') lsetxattr$trusted_overlay_nlink(&(0x7f00000006c0)='./file0\x00', &(0x7f0000000700)='trusted.overlay.nlink\x00', &(0x7f0000000740)={'U-', 0xffffffffffff4556}, 0x28, 0x1) ioctl$KVM_NMI(r3, 0xae9a) sendmsg$IPVS_CMD_NEW_DAEMON(r5, &(0x7f0000000580)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2000100}, 0xc, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="dc000000", @ANYRES16=r6, @ANYBLOB="100029bd7000ffdbdf25090000004c000100080008000000000008000900780000000800020000000000080001000a000000080001000a00000008000b0073697000080004004e2300989dc5ad73457ec7887cb41496a31a430008000800ff0f000008000b00736970001c0001000800080001000000080009007b00000008000200ff0000002c0001000800010002000000080004004e20000008000b0073697000080009000200000008000500040000002c0003000800010000000000080005000000000008000800030000000800036f96000000"], 0xdc}, 0x1, 0x0, 0x0, 0x10}, 0x10) fcntl$setpipe(r0, 0x407, 0x100000001) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x4) close(r2) [ 201.873909] x86/PAT: syz-executor.4:9490 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 201.896965] CPU: 1 PID: 9486 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 201.899903] x86/PAT: syz-executor.4:9499 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 201.903993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 07:37:01 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x9072d6250bfbb1d4, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) write$FUSE_POLL(r1, &(0x7f0000000100)={0x18, 0x0, 0x8, {0x10}}, 0x18) [ 201.903999] Call Trace: [ 201.904015] dump_stack+0x138/0x19c [ 201.904036] should_fail.cold+0x10f/0x159 [ 201.904054] should_failslab+0xdb/0x130 [ 201.904067] kmem_cache_alloc_node_trace+0x280/0x770 [ 201.904081] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 201.904098] __kmalloc_node+0x3d/0x80 [ 201.904111] kvmalloc_node+0x4e/0xe0 [ 201.904123] alloc_fdtable+0xcf/0x280 [ 201.904135] dup_fd+0x693/0xa40 [ 201.904158] copy_process.part.0+0x1b5a/0x6a00 [ 201.904172] ? debug_smp_processor_id+0x1c/0x20 [ 201.929635] x86/PAT: syz-executor.4:9499 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 201.932404] ? perf_trace_lock+0x109/0x500 [ 201.932419] ? check_preemption_disabled+0x3c/0x250 [ 201.932430] ? save_trace+0x290/0x290 [ 201.932441] ? SOFTIRQ_verbose+0x10/0x10 [ 201.932450] ? debug_smp_processor_id+0x1c/0x20 [ 201.932475] ? __cleanup_sighand+0x50/0x50 [ 201.932485] ? lock_downgrade+0x6e0/0x6e0 [ 201.932501] _do_fork+0x19e/0xce0 [ 201.932515] ? fork_idle+0x280/0x280 [ 201.932529] ? fput+0xd4/0x150 [ 201.969818] audit: type=1400 audit(1566718621.980:72): avc: denied { syslog } for pid=9500 comm="syz-executor.1" capability=34 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 [ 201.970781] ? SyS_write+0x15e/0x230 [ 201.970800] SyS_clone+0x37/0x50 [ 201.970809] ? sys_vfork+0x30/0x30 [ 201.970824] do_syscall_64+0x1e8/0x640 [ 201.970834] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 201.970865] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 201.970875] RIP: 0033:0x459879 07:37:02 executing program 5: r0 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x7f0000000, 0x2100) ioctl$VT_OPENQRY(r0, 0x5600, &(0x7f0000000080)) ioctl$sock_bt_hci(r0, 0x400448e0, &(0x7f0000000140)="a9ce3b20219d4fd36abea0ba4906701445de5b45f1040c3ae4e2cfe42a9548e5e04bcb4060f49440b77b42acfaaf1c45aefe89fb001512b454b76a4fc75c77ba4fb4f5767d019482ed2b9a8d973edf5cdc45ad87fae8d7f73bd448a510660038815218a4d36e5a6a81f340f5ba58f1834a95f566e0ab7aefbdfa6519714806c0af2d4f") r1 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x2) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) mkdirat(r0, &(0x7f00000000c0)='./file0\x00', 0x8) 07:37:02 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) syz_mount_image$f2fs(&(0x7f0000000080)='f2fs\x00', &(0x7f00000000c0)='./file0\x00', 0x100000000, 0x7, &(0x7f0000000580)=[{&(0x7f0000000140)="6e3961f52fd7ae6e9c951ec4ac2c5b7e3cdbe8a4e4f5d6a481a71af242321c44b3f4d7cdb214830409a1a49fc3526a785421deb20b685b050805260179214ecec48d7014d981176704a9da08cd25b4bf5f33433bae59aa20628d07ae38167e4294f6bf445a3bd48323270947feb330830c66b5c890050d82783f00482600bd3610dfca482f0ac768111d4a954889bb08c81499", 0x93, 0x2}, {&(0x7f0000000200)="e928", 0x2, 0x9}, {&(0x7f0000000240)="119fc48e9102d556bf13437cb02ac905574680e06b32150963a329857f6785ce859e25d14540a2f8918531cccac2f7011c9bc16ac645484d0942d6f8dc9101dd077e6ccc92f80d4d95550c51a35539ef7855e9ec5c8d8dfcb12f58c0dda14c1291781a954ab4f6ffe0d26c6f9fcc6d3d82335cf5733d2f556acbc613432240991ab1aee9d8219db2ce4f2d52d5ce9cb324", 0x91, 0x80}, {&(0x7f0000000300)="68231d2daab5a386d0ac3944daf8e6af9fb6aefce4af6ea0ce017d7869e7906d1bab412bd3eee18cf0f6b5e0d58c7abc872770f031e33d3428feef9977dabe4723d659603386fd651ea5b45896f442b0cebc530fe0c809b80cd33afa1ad4e7d76b26634d2905c302661582711cca50ae853c55635d73a0515bb9d9d79d0e319e", 0x80}, {&(0x7f0000000380)="25a34f485f37d43f934e5814841b0b2ffbb6090128ce304b3ac59bf7d7a998066beb08dfd80c519f3eeae0bcc8af597ab2ea7b4466d4f3248a432584a04dcf191a676940d703c892c8ff971d", 0x4c, 0x80000000}, {&(0x7f0000000400)="3b90f98df6b89143267f46d0af60fbec9cd9acd3ae660aeba2af550f0de6c7e4aec6628a2c3c217ca5542b997f938710200c25f61582c583c832244e7efb7713a6fcbc47b43324e75dd9de464e3d9d13972e94bdc899e71d1378d3d76395785cfac8cfacd9cbda65c7ff9652b72c08913e179e11b29c2b7b3fe69266c023adb97e986d64fe9c81e080f5a18acf74d8e4d422a20c8b2b85979064b41dad87770f79cb02672cc8d04b23a2cddb25", 0xad, 0x40000000000}, {&(0x7f00000004c0)="6eff3b3497523225c788607ffa3f518469f44e643b39c31e1b1f736479d4f5ce640b70e869e23d57cde2c1344bfc5083575e59c0f93f417b7e1abc93066707f3504da5a5169afbd29b55e0666cbb4e7fffa24a9fe482fb4928d3a6cc152a5ac07b8944421b073a75a54339a61c83cc8af80bc9aa2ec2dc9fded532441b6fdcd0925a6b1eaa1586dc21150cd13c7eb7f223129559aa3fe3c9b06d1387cf29b754ff9225df0d3b3bc17acd6901f95ad10bbc28b62e2981", 0xb6, 0x166}], 0x1200014, &(0x7f0000000640)={[{@lazytime='lazytime'}, {@background_gc_off='background_gc=off'}, {@jqfmt_vfsv1='jqfmt=vfsv1'}, {@nolazytime='nolazytime'}, {@background_gc_off='background_gc=off'}, {@background_gc_sync='background_gc=sync'}, {@nolazytime='nolazytime'}, {@inline_xattr_size={'inline_xattr_size', 0x3d, 0x9}}, {@lfs_mode='mode=lfs'}, {@nouser_xattr='nouser_xattr'}], [{@subj_role={'subj_role', 0x3d, 'cgroup&md5sum'}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'wlan1'}}, {@hash='hash'}, {@appraise='appraise'}, {@dont_hash='dont_hash'}]}) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x8, 0x0, 0x57c0d76a7763cd44, @discrete={0x8, 0x9}}) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r0, 0x40045542, &(0x7f0000000040)=0x9) ioctl$VIDIOC_ENUMSTD(r0, 0xc0485619, &(0x7f0000000740)={0x0, 0xf900, "863999b6f7e67d5e7ca230c8fca59449bc581d470dfe1935", {0x2, 0x2}, 0x8}) 07:37:02 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) r1 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x5, 0xaa461b89da607f5f) r2 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/mls\x00', 0x0, 0x0) fanotify_mark(r1, 0x4, 0x40000000, r2, &(0x7f00000000c0)='./file0\x00') [ 202.071514] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 202.079205] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 202.086465] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 202.093715] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 202.100971] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 202.108226] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 07:37:02 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x8400, 0x0) getsockopt$IP_VS_SO_GET_INFO(r1, 0x0, 0x481, &(0x7f0000000040), &(0x7f0000000080)=0xc) sendfile(r0, r1, 0x0, 0x6) r2 = fanotify_init(0x0, 0x0) fanotify_mark(r2, 0xd, 0x48000028, r0, 0x0) r3 = creat(&(0x7f0000000180)='./file0\x00', 0x0) getsockopt$packet_int(r1, 0x107, 0x13, &(0x7f0000000140), &(0x7f0000000240)=0x4) accept$netrom(r3, &(0x7f00000001c0)={{0x3, @netrom}, [@null, @null, @rose, @remote, @remote, @bcast, @default, @bcast]}, &(0x7f00000000c0)=0x48) close(r3) [ 202.126624] x86/PAT: syz-executor.2:9486 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 202.145487] x86/PAT: syz-executor.2:9486 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:02 executing program 2 (fault-call:8 fault-nth:10): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:02 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x4e, 0x42) write$FUSE_NOTIFY_INVAL_ENTRY(r0, &(0x7f0000000100)={0x2a, 0x3, 0x0, {0x1, 0x9, 0x0, 'devtmpfs\x00'}}, 0x2a) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:02 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f0000000240)='/dev/usbmon#\x00', 0x6, 0x800) ioctl$KVM_IRQ_LINE(r0, 0x4008ae61, &(0x7f0000000280)={0x5, 0x6}) r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000005c0)='.\x00', 0x1, 0x0) r2 = fanotify_init(0x0, 0x0) fanotify_mark(r2, 0xd, 0x48000028, r1, 0x0) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/policy\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0xa8, &(0x7f0000000040)=[@in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x20}}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, @in={0x2, 0x4e20, @multicast1}, @in={0x2, 0x4e20, @loopback}, @in={0x2, 0x4e23, @rand_addr=0x80000001}, @in6={0xa, 0x4e23, 0xffffffffffffffff, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}, @in={0x2, 0x4e22, @rand_addr=0x1}, @in6={0xa, 0x4e20, 0x200, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x29}}, 0x8}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f00000001c0)=0x10) syslog(0x2, &(0x7f00000002c0)=""/243, 0xf3) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f0000000200)=@sack_info={r4, 0xae, 0xffffffffffff0001}, 0xc) chmod(&(0x7f0000000300)='./file0\x00', 0x10) r5 = creat(&(0x7f0000000180)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000600)='bpf\x00', 0x202a, &(0x7f0000000640)={[{@mode={'mode', 0x3d, 0x4}}, {@mode={'mode', 0x3d, 0x8001}}], [{@mask={'mask', 0x3d, '^MAY_EXEC'}}]}) getsockopt$IPT_SO_GET_ENTRIES(r5, 0x0, 0x41, &(0x7f00000003c0)=ANY=[@ANYRES16=r1], &(0x7f0000000340)=0x1) r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000400)='IPVS\x00') lsetxattr$trusted_overlay_nlink(&(0x7f00000006c0)='./file0\x00', &(0x7f0000000700)='trusted.overlay.nlink\x00', &(0x7f0000000740)={'U-', 0xffffffffffff4556}, 0x28, 0x1) ioctl$KVM_NMI(r3, 0xae9a) sendmsg$IPVS_CMD_NEW_DAEMON(r5, &(0x7f0000000580)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2000100}, 0xc, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="dc000000", @ANYRES16=r6, @ANYBLOB="100029bd7000ffdbdf25090000004c000100080008000000000008000900780000000800020000000000080001000a000000080001000a00000008000b0073697000080004004e2300989dc5ad73457ec7887cb41496a31a430008000800ff0f000008000b00736970001c0001000800080001000000080009007b00000008000200ff0000002c0001000800010002000000080004004e20000008000b0073697000080009000200000008000500040000002c0003000800010000000000080005000000000008000800030000000800036f96000000"], 0xdc}, 0x1, 0x0, 0x0, 0x10}, 0x10) fcntl$setpipe(r0, 0x407, 0x100000001) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x4) close(r2) [ 202.215121] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 202.247218] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock 07:37:02 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11036, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x35c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL(r0, 0xc040564b, &(0x7f0000000040)={0x1, 0x0, 0x1007, 0x4, 0x2707, {0x6, 0x3}, 0x1}) [ 202.266312] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 202.293709] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 202.304833] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0) 07:37:02 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x46, 0x35315241, 0x0, 0xfffffffffffffffd}) 07:37:02 executing program 1: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/sync_retries\x00', 0x2, 0x0) accept4$ax25(r0, 0x0, &(0x7f00000000c0), 0x80000) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x0, 0x8000) fanotify_mark(r2, 0x7d, 0x4800102a, r1, 0x0) r3 = creat(&(0x7f0000000180)='./file0\x00', 0x0) ioctl$SIOCX25GCALLUSERDATA(r0, 0x89e4, &(0x7f00000001c0)={0xd, "ff9946383bc18fc76506dcde1d1374d4b89698d8f633f102c3a432f0bcba972f959c6d7a54eac6dcee6cd2f9cfbb98f4027076469198052485494b9b043332815ee4d7ad0c2fbacbadce77607192db60c87a1c2cfd2c789fde9468f468998fa3276318e1c030b0d64d06557ee7f4859d6f1e7bb9329d23edecfa41ab095fa62c"}) setsockopt(r3, 0x3, 0x4, &(0x7f0000000340)="a7eb5e86473effd0965f53192a6cc3dcf9c3408af770070c4b921e7639f3ee8074f3353d6ec3f652035fb2fde7aff4884c26ffef9534bbca6b966cd4ea9f58e684b305b6172b5d1d8c7b7aceae0b86c7a13a0333da2a46bfd87f816c7583370b49c356c87b9c30832a86d8fc25022649d6a97b6825344018c52e287645daaac15132337d8d2b8c0b63531ec7fc4427efa517767317383a631356dd630874145385fb68df44b25f343196ee7f93608f4490f7aa1f39a6931f43b85519cf01ebb34d0320a283183b80c8f134cd7868296d45567b51296b34d374f68b62214619d3", 0xe0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r3, 0x84, 0x71, &(0x7f0000000000)={0x0, 0x6}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x1f, &(0x7f0000000280)={r4, @in={{0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x3ff, 0xa}, 0x90) close(r2) [ 202.319521] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock 07:37:02 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) lseek(r0, 0x0, 0x3) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x44) close(r1) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r2, 0x40bc5311, &(0x7f0000000140)={0xc90, 0x1, 'client0\x00', 0xd32b1422c5b212d4, "a9842002e93072d1", "3e3a43f16251802cecd7b38b4f94412d0a776bf1b27d301a7d114d844d3f8cc3", 0x730c}) [ 202.372107] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 202.385847] x86/PAT: syz-executor.4:9538 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 202.399480] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 202.407528] x86/PAT: syz-executor.2:9540 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 202.441721] FAULT_INJECTION: forcing a failure. [ 202.441721] name failslab, interval 1, probability 0, space 0, times 0 [ 202.443632] audit: type=1400 audit(1566718622.460:73): avc: denied { map } for pid=9532 comm="syz-executor.4" path="/root/syzkaller-testdir468126275/syzkaller.6xE6xl/109/file0/file0/mem" dev="devtmpfs" ino=34995 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:device_t:s0 tclass=file permissive=1 [ 202.470699] CPU: 1 PID: 9540 Comm: syz-executor.2 Not tainted 4.14.139 #35 07:37:02 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/udp\x00') ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000080)={0x2, 0x1, 0x10000, 0x0, 0x8}) r1 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) ioctl$KVM_NMI(r0, 0xae9a) ioctl$EVIOCGNAME(r0, 0x80404506, &(0x7f0000000140)=""/122) 07:37:02 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x7, 0x801) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000001480)='/dev/dsp\x00', 0x200, 0x0) fsetxattr$trusted_overlay_origin(r0, &(0x7f0000000000)='trusted.overlay.origin\x00', &(0x7f0000000040)='y\x00', 0x2, 0x1) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000001500)={{{@in6=@local, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in6=@ipv4={[], [], @local}}}, &(0x7f0000001600)=0xe8) sendmsg$nl_route_sched(r1, &(0x7f00000016c0)={&(0x7f00000014c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000001680)={&(0x7f0000001640)=ANY=[@ANYBLOB="400000002800000127bd7000fbdbdf2500000000", @ANYRES32=r2, @ANYBLOB="0f000c000e000d000800050008000100640700000000000000000100fbffffff0800050009030000"], 0x40}, 0x1, 0x0, 0x0, 0x80}, 0x20000001) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) [ 202.489913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 202.499255] Call Trace: [ 202.501838] dump_stack+0x138/0x19c [ 202.501856] should_fail.cold+0x10f/0x159 [ 202.501871] should_failslab+0xdb/0x130 [ 202.501883] kmem_cache_alloc+0x2d7/0x780 [ 202.501895] ? _raw_spin_unlock+0x2d/0x50 [ 202.501912] copy_process.part.0+0x3987/0x6a00 [ 202.501927] ? debug_smp_processor_id+0x1c/0x20 [ 202.501937] ? perf_trace_lock+0x109/0x500 [ 202.501947] ? check_preemption_disabled+0x3c/0x250 [ 202.501956] ? save_trace+0x290/0x290 [ 202.501966] ? SOFTIRQ_verbose+0x10/0x10 [ 202.501976] ? debug_smp_processor_id+0x1c/0x20 [ 202.501998] ? __cleanup_sighand+0x50/0x50 [ 202.502008] ? lock_downgrade+0x6e0/0x6e0 [ 202.502024] _do_fork+0x19e/0xce0 [ 202.502038] ? fork_idle+0x280/0x280 [ 202.502052] ? fput+0xd4/0x150 [ 202.502062] ? SyS_write+0x15e/0x230 [ 202.502076] SyS_clone+0x37/0x50 [ 202.502084] ? sys_vfork+0x30/0x30 [ 202.502098] do_syscall_64+0x1e8/0x640 [ 202.502106] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 202.502121] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 202.516092] x86/PAT: syz-executor.4:9546 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 202.517943] RIP: 0033:0x459879 [ 202.517949] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 202.517961] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 202.517967] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 202.517973] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 07:37:02 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x4000, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_bt_cmtp_CMTPCONNADD(r1, 0x400443c8, &(0x7f0000000080)={r2, 0x5}) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:02 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x100000002, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff}) ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) 07:37:02 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x7, 0x801) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000001480)='/dev/dsp\x00', 0x200, 0x0) fsetxattr$trusted_overlay_origin(r0, &(0x7f0000000000)='trusted.overlay.origin\x00', &(0x7f0000000040)='y\x00', 0x2, 0x1) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000001500)={{{@in6=@local, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in6=@ipv4={[], [], @local}}}, &(0x7f0000001600)=0xe8) sendmsg$nl_route_sched(r1, &(0x7f00000016c0)={&(0x7f00000014c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000001680)={&(0x7f0000001640)=ANY=[@ANYBLOB="400000002800000127bd7000fbdbdf2500000000", @ANYRES32=r2, @ANYBLOB="0f000c000e000d000800050008000100640700000000000000000100fbffffff0800050009030000"], 0x40}, 0x1, 0x0, 0x0, 0x80}, 0x20000001) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) [ 202.517979] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 202.517985] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 202.637823] x86/PAT: syz-executor.2:9540 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 202.638748] x86/PAT: syz-executor.4:9546 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 202.655699] x86/PAT: syz-executor.2:9540 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:02 executing program 2 (fault-call:8 fault-nth:11): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:02 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_RESERVED(r0, 0x5601, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000080)={0x55400000000000, 0x0, 0x76, 0x7, 0x1, @stepwise={{0x45, 0x6}, {0x74b8, 0x18a}, {0xfb, 0x4}}}) 07:37:02 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000080)=0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000100)=0x0) tgkill(r0, r1, 0x33) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:02 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x20, 0x48000028, r0, 0x0) linkat(r0, &(0x7f00000000c0)='./file0/file0\x00', r0, &(0x7f0000000140)='./file1\x00', 0x1400) getxattr(&(0x7f00000001c0)='./file0/file0\x00', &(0x7f0000000040)=@random={'system.', 'proc\x00'}, &(0x7f0000000080)=""/41, 0x29) creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) 07:37:02 executing program 3: ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:02 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x7, 0x801) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000001480)='/dev/dsp\x00', 0x200, 0x0) fsetxattr$trusted_overlay_origin(r0, &(0x7f0000000000)='trusted.overlay.origin\x00', &(0x7f0000000040)='y\x00', 0x2, 0x1) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000001500)={{{@in6=@local, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in6=@ipv4={[], [], @local}}}, &(0x7f0000001600)=0xe8) sendmsg$nl_route_sched(r1, &(0x7f00000016c0)={&(0x7f00000014c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000001680)={&(0x7f0000001640)=ANY=[@ANYBLOB="400000002800000127bd7000fbdbdf2500000000", @ANYRES32=r2, @ANYBLOB="0f000c000e000d000800050008000100640700000000000000000100fbffffff0800050009030000"], 0x40}, 0x1, 0x0, 0x0, 0x80}, 0x20000001) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) [ 202.782116] x86/PAT: syz-executor.4:9572 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:02 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_S_FREQUENCY(r0, 0x402c5639, &(0x7f00000000c0)={0x0, 0x1, 0x7f}) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000080)={0x0, 0x4745504a, 0x0, 0x0, 0x0, @stepwise={{0x9}, {0x79c, 0x2}, {0x368, 0x1}}}) ioctl$VIDIOC_S_FREQUENCY(r0, 0x402c5639, &(0x7f0000000040)={0xf4, 0x3, 0x3}) userfaultfd(0x1a5c7c49b37e1053) [ 202.854044] x86/PAT: syz-executor.4:9578 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 202.884803] x86/PAT: syz-executor.2:9587 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:02 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x7, 0x801) openat$dsp(0xffffffffffffff9c, &(0x7f0000001480)='/dev/dsp\x00', 0x200, 0x0) fsetxattr$trusted_overlay_origin(r0, &(0x7f0000000000)='trusted.overlay.origin\x00', &(0x7f0000000040)='y\x00', 0x2, 0x1) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000001500)={{{@in6=@local, @in6=@empty}}, {{@in=@dev}, 0x0, @in6=@ipv4={[], [], @local}}}, &(0x7f0000001600)=0xe8) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:02 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x861, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/user\x00', 0x2, 0x0) r1 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/hash_stats\x00', 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r1, 0x4010aeac, &(0x7f00000000c0)={0x9, 0x4bf43019}) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:02 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000280)='bfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:02 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0xffffffffffffffff, 0x35315241, 0x2000000}) 07:37:02 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x410001, 0x100) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200)='TIPC\x00') sendmsg$TIPC_CMD_SET_NETID(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x24, r3, 0x800, 0x70bd2b, 0x25dfdbfd, {{}, 0x0, 0x800b, 0x0, {0x8, 0x2, 0x100000000}}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x84}, 0x4000) mkdir(&(0x7f0000000000)='./file0\x00', 0xfb) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r4 = creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r4) fcntl$dupfd(r4, 0x406, r1) getsockname$unix(r4, &(0x7f0000000040)=@abs, &(0x7f00000000c0)=0x6e) [ 202.899913] x86/PAT: syz-executor.4:9578 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 202.916853] FAULT_INJECTION: forcing a failure. [ 202.916853] name failslab, interval 1, probability 0, space 0, times 0 [ 202.942798] CPU: 1 PID: 9587 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 202.949826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 202.959169] Call Trace: [ 202.959187] dump_stack+0x138/0x19c [ 202.959206] should_fail.cold+0x10f/0x159 [ 202.969530] should_failslab+0xdb/0x130 [ 202.973514] kmem_cache_alloc+0x2d7/0x780 [ 202.977665] ? _raw_spin_unlock_irq+0x28/0x90 [ 202.982156] ? trace_hardirqs_on_caller+0x400/0x590 [ 202.982174] copy_process.part.0+0x1cd5/0x6a00 [ 202.982191] ? debug_smp_processor_id+0x1c/0x20 [ 202.982201] ? perf_trace_lock+0x109/0x500 [ 202.982210] ? check_preemption_disabled+0x3c/0x250 [ 202.982220] ? save_trace+0x290/0x290 [ 202.982229] ? SOFTIRQ_verbose+0x10/0x10 [ 202.982239] ? debug_smp_processor_id+0x1c/0x20 [ 202.996471] ? __cleanup_sighand+0x50/0x50 [ 202.996485] ? lock_downgrade+0x6e0/0x6e0 [ 202.996504] _do_fork+0x19e/0xce0 [ 203.022433] ? fork_idle+0x280/0x280 [ 203.022452] ? fput+0xd4/0x150 [ 203.022463] ? SyS_write+0x15e/0x230 [ 203.022478] SyS_clone+0x37/0x50 [ 203.022486] ? sys_vfork+0x30/0x30 [ 203.022500] do_syscall_64+0x1e8/0x640 [ 203.022510] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 203.056224] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 203.061413] RIP: 0033:0x459879 [ 203.064599] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 203.072306] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 203.079571] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 203.086838] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 203.094099] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 203.094106] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 203.122060] x86/PAT: syz-executor.2:9587 freeing invalid memtype [mem 0x00000000-0x00000fff] 07:37:03 executing program 2 (fault-call:8 fault-nth:12): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:03 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) r1 = openat$cgroup_ro(r0, &(0x7f0000000040)='memory.current\x00', 0x0, 0x0) r2 = dup3(r0, r0, 0x80000) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000080)="65260f01b92f5d0000400f78357000000066b891008ed06740deff640fae9147000000c4c2c5922cf6400f01c964410f011bb952090000b818340000ba000000000f30b805000000b99d174cfd0f01d9", 0x50}], 0x1, 0x0, &(0x7f0000000180)=[@cr4={0x1, 0x110000}, @dstype0={0x6, 0x2}], 0x2) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00') sendmsg$IPVS_CMD_ZERO(r2, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x480006}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r3, 0x0, 0x70bd2c, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x10) ioctl$MON_IOCX_MFETCH(r2, 0xc0109207, &(0x7f0000000200)={&(0x7f00000001c0)=[0x0, 0x0], 0x2, 0x8}) ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000240)=0x0) setpriority(0x0, r4, 0x5) 07:37:03 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0xae0, 0x102) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:03 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) r2 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/hash_stats\x00', 0x0, 0x0) setsockopt$SO_TIMESTAMP(r2, 0x1, 0x1d, &(0x7f0000000040)=0x7f, 0x4) openat(r2, &(0x7f0000000080)='./file0\x00', 0x400, 0x8) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r3 = creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000140)={0xffffffffffffffff}, 0x13f}}, 0x20) ioctl$VFIO_GET_API_VERSION(r3, 0x3b64) write$RDMA_USER_CM_CMD_JOIN_MCAST(r3, &(0x7f0000000200)={0x16, 0x98, 0xfa00, {&(0x7f00000000c0), 0x2, r4, 0x30, 0x1, @ib={0x1b, 0x200, 0x8, {"2586bfedb83327e111187ec018d9a6e7"}, 0x101, 0x401, 0x5}}}, 0xa0) getsockopt$inet_sctp6_SCTP_RTOINFO(r3, 0x84, 0x0, &(0x7f0000000100)={0x0, 0x81, 0x9, 0x5}, &(0x7f00000002c0)=0x10) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r3, 0x84, 0xf, &(0x7f0000000340)={r5, @in6={{0xa, 0x4e21, 0x1, @remote, 0x9}}, 0x7, 0x7, 0x1, 0x3, 0x4}, &(0x7f0000000400)=0x98) 07:37:03 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x7, 0x801) openat$dsp(0xffffffffffffff9c, &(0x7f0000001480)='/dev/dsp\x00', 0x200, 0x0) fsetxattr$trusted_overlay_origin(r0, &(0x7f0000000000)='trusted.overlay.origin\x00', &(0x7f0000000040)='y\x00', 0x2, 0x1) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:03 executing program 4: r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/checkreqprot\x00', 0x200900, 0x0) getsockopt$inet_mreqsrc(r0, 0x0, 0x2f, &(0x7f0000000100)={@loopback, @initdev, @local}, &(0x7f0000000140)=0xc) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) prctl$PR_GET_CHILD_SUBREAPER(0x25) [ 203.158604] x86/PAT: syz-executor.2:9587 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:03 executing program 3: r0 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x4, 0x80800) getgid() bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000340)={r0, 0xc0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=0x6, 0x0, 0x0, 0x0, &(0x7f0000000180)={0x9, 0x3}, 0x0, 0x0, &(0x7f00000001c0)={0x3, 0xa, 0x3ff, 0x1}, &(0x7f0000000200)=0x8000, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=0xfffffffffffff3cc}}, 0x10) listen(r0, 0xff) r1 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x100, 0x1) setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000380)=0x7, 0x4) ioctl$VIDIOC_S_EXT_CTRLS(r1, 0xc0205648, &(0x7f0000000080)={0xa20000, 0x8001, 0xbc6, [], &(0x7f0000000040)={0x0, 0x4, [], @ptr=0x85}}) getuid() ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) r2 = semget$private(0x0, 0x2, 0x48c) ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000440)=0x0) write$FUSE_LK(r0, &(0x7f00000004c0)={0x28, 0x0, 0x7, {{0x401, 0x7, 0x0, r3}}}, 0x28) ptrace$getregs(0xe, r3, 0x8, &(0x7f0000000480)=""/33) semctl$GETZCNT(r2, 0x3, 0xf, &(0x7f00000003c0)=""/94) 07:37:03 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cgroup.events\x00', 0x0, 0x0) ioctl$PPPIOCGMRU(r1, 0x80047453, &(0x7f0000000040)) r2 = fanotify_init(0x0, 0x0) fanotify_mark(r2, 0xd, 0x48000028, r0, 0x0) close(r0) 07:37:03 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x7, 0x801) openat$dsp(0xffffffffffffff9c, &(0x7f0000001480)='/dev/dsp\x00', 0x200, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:03 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000180)='/dev/video#\x00', 0x80, 0x4000) ioctl$VIDIOC_TRY_EXT_CTRLS(r0, 0xc0205649, &(0x7f0000000080)={0x9d0000, 0x1, 0x7, [], &(0x7f0000000040)={0x9909d9, 0x6, [], @value64=0x3ff}}) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000000)={0x0, 0x35315241, 0x0, 0x7}) ioctl$FICLONE(r0, 0x40049409, r0) ioctl$VIDIOC_SUBDEV_G_EDID(r0, 0xc0285628, &(0x7f0000000140)={0x0, 0x81, 0xfc00, [], &(0x7f0000000100)=0x8}) [ 203.292836] x86/PAT: syz-executor.4:9627 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 203.298995] x86/PAT: syz-executor.2:9629 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:03 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fstat(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0}) quotactl(0x5, &(0x7f0000000000)='./file0\x00', r2, &(0x7f00000000c0)="acfa700e46df29b929c72620ef41fd26b6554fe6bad7d63166a6ba3a76") fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r3 = creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) ioctl$TIOCGSOFTCAR(r3, 0x5419, &(0x7f0000000140)) 07:37:03 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/commit_pending_bools\x00', 0x1, 0x0) sync() ioctl$PPPIOCCONNECT(r1, 0x4004743a, &(0x7f0000000080)=0x3) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780, 0xffffffffffffffff}) [ 203.356281] x86/PAT: syz-executor.4:9640 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 203.361929] FAULT_INJECTION: forcing a failure. [ 203.361929] name failslab, interval 1, probability 0, space 0, times 0 [ 203.375177] x86/PAT: syz-executor.4:9640 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 203.443906] CPU: 1 PID: 9641 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 203.451038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 203.460390] Call Trace: [ 203.462981] dump_stack+0x138/0x19c [ 203.466616] should_fail.cold+0x10f/0x159 [ 203.470790] should_failslab+0xdb/0x130 [ 203.474767] kmem_cache_alloc+0x2d7/0x780 [ 203.478917] ? lockdep_init_map+0x9/0x10 [ 203.482980] ? debug_mutex_init+0x2d/0x5a [ 203.487140] copy_process.part.0+0x3c75/0x6a00 [ 203.491719] ? debug_smp_processor_id+0x1c/0x20 [ 203.496391] ? perf_trace_lock+0x109/0x500 [ 203.500608] ? check_preemption_disabled+0x3c/0x250 [ 203.505606] ? debug_smp_processor_id+0x1c/0x20 [ 203.510279] ? __cleanup_sighand+0x50/0x50 [ 203.514493] ? lock_downgrade+0x6e0/0x6e0 [ 203.518629] _do_fork+0x19e/0xce0 [ 203.522066] ? fork_idle+0x280/0x280 [ 203.525765] ? fput+0xd4/0x150 [ 203.528938] ? SyS_write+0x15e/0x230 [ 203.532635] SyS_clone+0x37/0x50 [ 203.535979] ? sys_vfork+0x30/0x30 [ 203.539508] do_syscall_64+0x1e8/0x640 [ 203.543376] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 203.548201] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 203.553371] RIP: 0033:0x459879 [ 203.556555] RSP: 002b:00007fcec12ddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 203.564244] RAX: ffffffffffffffda RBX: 00007fcec12ddc90 RCX: 0000000000459879 [ 203.571496] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 203.578745] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 203.586009] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12de6d4 07:37:03 executing program 2 (fault-call:8 fault-nth:13): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:03 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x7, 0x801) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:03 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x0, 0x0) mmap$perf(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x6, 0x20010, r1, 0x0) 07:37:03 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) ioctl$TIOCGPKT(r0, 0x80045438, &(0x7f0000000080)) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:03 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x10000, 0x100000002) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) mkdir(&(0x7f0000000000)='./file0\x00', 0x10) mknod(&(0x7f0000000080)='./file0\x00', 0xc000, 0x4) 07:37:03 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x1f, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780, 0x6, 0x3, @stepwise={{0x9, 0x9}, {0xa0, 0x7898}, {0xff, 0x4}}}) [ 203.593604] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 203.612827] x86/PAT: syz-executor.2:9641 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 203.625626] x86/PAT: syz-executor.2:9641 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:03 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8001, 0x0) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x80, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) [ 203.684704] x86/PAT: syz-executor.4:9663 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 203.693673] audit: type=1400 audit(1566718623.700:74): avc: denied { map } for pid=9659 comm="syz-executor.5" path="/dev/mixer" dev="devtmpfs" ino=15672 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sound_device_t:s0 tclass=chr_file permissive=1 07:37:03 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) r2 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) bind$vsock_stream(r2, &(0x7f00000001c0)={0x28, 0x0, 0x0, @host}, 0xfffffffffffffed3) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r3 = creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) ioctl$EVIOCGEFFECTS(r3, 0x80044584, &(0x7f0000000000)=""/194) 07:37:03 executing program 3: r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-monitor\x00', 0x80400, 0x0) getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000040), &(0x7f0000000100)=0x4) shmget(0x0, 0x1000, 0x6ed685bcb39413a2, &(0x7f0000ffd000/0x1000)=nil) ioctl$VIDIOC_S_CROP(r0, 0x4014563c, &(0x7f0000000080)={0x7, {0xfffffffffffffffc, 0xfffffffffffffff7, 0x1270, 0x3}}) syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$LOOP_SET_CAPACITY(r0, 0x4c07) 07:37:03 executing program 0: ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) [ 203.768127] x86/PAT: syz-executor.4:9672 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 203.805787] x86/PAT: syz-executor.4:9672 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:03 executing program 3: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x800, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) futimesat(r0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140)={{0x77359400}, {r1, r2/1000+30000}}) r3 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r3, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:03 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x109201) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) ioctl$VIDIOC_SUBDEV_S_CROP(r0, 0xc038563c, &(0x7f0000000040)={0x1, 0x0, {0x1f, 0x20, 0x3, 0x81}}) [ 203.837710] x86/PAT: syz-executor.2:9678 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 203.847689] x86/PAT: syz-executor.4:9686 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 203.893155] x86/PAT: syz-executor.4:9686 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 203.906989] FAULT_INJECTION: forcing a failure. [ 203.906989] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 203.912816] x86/PAT: syz-executor.4:9686 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 203.932371] CPU: 1 PID: 9692 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 203.939406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 203.948761] Call Trace: [ 203.951347] dump_stack+0x138/0x19c [ 203.954978] should_fail.cold+0x10f/0x159 [ 203.959123] ? __might_sleep+0x93/0xb0 [ 203.963027] __alloc_pages_nodemask+0x1d6/0x7a0 [ 203.967698] ? fs_reclaim_acquire+0x20/0x20 [ 203.972017] ? __alloc_pages_slowpath+0x2930/0x2930 [ 203.977038] ? check_preemption_disabled+0x3c/0x250 [ 203.982055] alloc_pages_current+0xec/0x1e0 [ 203.986376] __get_free_pages+0xf/0x40 [ 203.990258] pgd_alloc+0x25/0x2b0 [ 203.990269] ? lockdep_init_map+0x9/0x10 [ 203.990283] mm_init+0x578/0x970 [ 203.990296] copy_process.part.0+0x3ccd/0x6a00 [ 203.990311] ? debug_smp_processor_id+0x1c/0x20 [ 203.990320] ? perf_trace_lock+0x109/0x500 [ 203.990331] ? check_preemption_disabled+0x3c/0x250 [ 203.990344] ? debug_smp_processor_id+0x1c/0x20 [ 203.990365] ? __cleanup_sighand+0x50/0x50 [ 203.997840] ? lock_downgrade+0x6e0/0x6e0 [ 203.997858] _do_fork+0x19e/0xce0 [ 204.036053] ? fork_idle+0x280/0x280 [ 204.039751] ? fput+0xd4/0x150 [ 204.042932] ? SyS_write+0x15e/0x230 [ 204.046639] SyS_clone+0x37/0x50 [ 204.049980] ? sys_vfork+0x30/0x30 [ 204.053500] do_syscall_64+0x1e8/0x640 [ 204.057363] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 204.062198] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 204.067376] RIP: 0033:0x459879 [ 204.070553] RSP: 002b:00007fcec12ddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 204.078252] RAX: ffffffffffffffda RBX: 00007fcec12ddc90 RCX: 0000000000459879 [ 204.085511] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 204.092760] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 204.100010] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12de6d4 [ 204.107266] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 204.128415] x86/PAT: syz-executor.2:9692 freeing invalid memtype [mem 0x00000000-0x00000fff] 07:37:04 executing program 2 (fault-call:8 fault-nth:14): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:04 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xc, 0x48000028, r0, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000040)='./file0\x00', 0x81, 0x3, &(0x7f0000000280)=[{&(0x7f0000000080)="b9f62649499c02fa8d21af08a4dcec3704c29f0f0f22b989369fdc0186dd584dc75629ceb5c41f54ad17b400a6c452e425db373932b37448f42705", 0x3b, 0x9}, {&(0x7f00000000c0)="65b0cc7d6151f7cf6cfb1b07e736f51d9fc923b076df848d9ce2ba86a040663471427f45ed98e5a6", 0x28, 0x8}, {&(0x7f00000001c0)="8ff2fb493128aeb629afde0cbd31117caa414406ba4f286afadf39ea72f17e56f4f4eef485bc219576fbc53529ae318f7bc39f8aa0605349f01cce3e3c068b391ca5678e384b8b1c714d5422c32d4762214c8e76c577c0cdec0ecfe9465aa1096f10d8292bd22affe462e97c4da04f4c006f41127057228227f554a438066cdd8a224ddc891f29c16c5ed7f3fb5c51ae1f80c7b5d01a2ae8", 0x98, 0x9}], 0x800, &(0x7f0000000140)={[{@shortname_mixed='shortname=mixed'}], [{@permit_directio='permit_directio'}, {@defcontext={'defcontext', 0x3d, 'system_u'}}]}) creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) 07:37:04 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) getresgid(&(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x100000001, 0x0, 0x3}) 07:37:04 executing program 5: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xbc, 0x204100) getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f0000000080), &(0x7f00000000c0)=0x4) ioctl$sock_TIOCOUTQ(r0, 0x5411, &(0x7f0000000040)) ftruncate(0xffffffffffffffff, 0x2cd) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) 07:37:04 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) lsetxattr$security_evm(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='security.evm\x00', &(0x7f0000000180)=@v1={0x2, "de740a43e4"}, 0x6, 0x2) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000080)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) r1 = syz_open_dev$adsp(&(0x7f00000000c0)='/dev/adsp#\x00', 0x7, 0x40802) setsockopt$sock_int(r1, 0x1, 0x1e, &(0x7f00000001c0)=0x13aa, 0x4) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000004, 0x20010, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:04 executing program 0: ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) [ 204.142329] x86/PAT: syz-executor.2:9692 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:04 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) r1 = socket$vsock_dgram(0x28, 0x2, 0x0) r2 = accept4(r1, &(0x7f0000000040)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000000c0)=0x80, 0x80000) setsockopt$kcm_KCM_RECV_DISABLE(r2, 0x119, 0x1, &(0x7f0000000140)=0x7, 0x4) socket$caif_seqpacket(0x25, 0x5, 0x5) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) r3 = syz_open_dev$audion(&(0x7f0000000180)='/dev/audio#\x00', 0x7fff, 0x0) openat$cgroup_ro(r3, &(0x7f00000001c0)='cpuacct.usage_percpu_sys\x00', 0x0, 0x0) 07:37:04 executing program 1: syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x2, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x2, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0) ioctl$CAPI_GET_PROFILE(r2, 0xc0404309, &(0x7f0000000000)=0xff) ioctl$VT_DISALLOCATE(r2, 0x5608) close(r1) 07:37:04 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180)='devtmpfs\x00', 0x2c2f84465bbe6328, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000080)={0x0, 0x22, "d07c4ad84c87d715505a737a5ebfb808ccda6b203c846b40472b0baef924031a308f"}, &(0x7f0000000100)=0x2a) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000140)={r1, 0x40}, 0x8) 07:37:04 executing program 0: ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:04 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENCODER_CMD(r0, 0xc028564d, &(0x7f0000000040)={0x0, 0x1, [0x5, 0xffffffff00000001, 0x0, 0x9, 0x3, 0x0, 0x9, 0x401]}) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:04 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) r2 = dup3(r0, r1, 0x80000) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x8040ae9f, &(0x7f0000000000)) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r3 = creat(&(0x7f0000000180)='./file0\x00', 0x0) ioctl$BLKRAGET(r3, 0x1263, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040)={0x40002011}) close(r1) [ 204.269873] x86/PAT: syz-executor.2:9718 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 204.339297] FAULT_INJECTION: forcing a failure. [ 204.339297] name failslab, interval 1, probability 0, space 0, times 0 [ 204.423179] CPU: 0 PID: 9736 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 204.430237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 204.439594] Call Trace: [ 204.442191] dump_stack+0x138/0x19c [ 204.445834] should_fail.cold+0x10f/0x159 [ 204.449992] should_failslab+0xdb/0x130 [ 204.453966] kmem_cache_alloc+0x2d7/0x780 [ 204.458097] ? lock_downgrade+0x6e0/0x6e0 [ 204.462251] __khugepaged_enter+0x37/0x340 [ 204.466485] copy_process.part.0+0x5557/0x6a00 [ 204.471064] ? debug_smp_processor_id+0x1c/0x20 [ 204.475724] ? __cleanup_sighand+0x50/0x50 [ 204.479937] ? lock_downgrade+0x6e0/0x6e0 [ 204.484067] _do_fork+0x19e/0xce0 [ 204.487502] ? fork_idle+0x280/0x280 [ 204.491194] ? fput+0xd4/0x150 [ 204.494368] ? SyS_write+0x15e/0x230 [ 204.498059] SyS_clone+0x37/0x50 [ 204.501404] ? sys_vfork+0x30/0x30 [ 204.504924] do_syscall_64+0x1e8/0x640 [ 204.508790] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 204.513619] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 204.518792] RIP: 0033:0x459879 [ 204.521959] RSP: 002b:00007fcec12ddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 204.529644] RAX: ffffffffffffffda RBX: 00007fcec12ddc90 RCX: 0000000000459879 [ 204.536891] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 204.544142] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 204.551388] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12de6d4 [ 204.558634] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 07:37:04 executing program 2 (fault-call:8 fault-nth:15): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:04 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) r1 = syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x0, 0x2) ioctl$KVM_GET_ONE_REG(r1, 0x4010aeab, &(0x7f0000000080)={0x100, 0x20}) 07:37:04 executing program 0: r0 = syz_open_dev$video(0x0, 0x7, 0x801) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:04 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f00000000c0)=0x100000000) read(r0, &(0x7f0000000040)=""/68, 0x44) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:04 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/sync_persist_mode\x00', 0x2, 0x0) setsockopt$inet_sctp_SCTP_RECVNXTINFO(r2, 0x84, 0x21, &(0x7f0000000280)=0x7, 0x4) ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) 07:37:04 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) readlink(&(0x7f0000000080)='./file1\x00', &(0x7f0000000500)=""/4096, 0x1000) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x102112, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 204.568072] x86/PAT: syz-executor.2:9736 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 204.576971] x86/PAT: syz-executor.2:9736 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:04 executing program 0: r0 = syz_open_dev$video(0x0, 0x7, 0x801) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:04 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f00000002c0)={0x0, 0x7d, "8cebfc2582166fd8992693ef88cce136b712d975291351a52e1ad96a6026cd54dadbcdb05145355905f6fa0e35f217f6a997c8588377b328ac7836ddf98f7dad2552bc2d37409c816b7d83d3dd4f4df874f1d659140016378f420e39bc66d3dc8f308775b2fbb5e13d9c3aebcc6e5db3ae4c7618c955043c6d5c160708"}, &(0x7f0000000240)=0x85) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000080)={0x100000001, 0x8, 0x2, 0xe5aa, 0x8001, 0x9, 0x8, 0x4000000, r1}, &(0x7f0000000100)=0xfffffffffffffe67) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={r2, @in={{0x2, 0x4e24, @multicast1}}, 0x118, 0xdb7, 0x2, 0x8, 0x10}, 0x98) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) ioctl$VIDIOC_G_CTRL(r0, 0xc008561b, &(0x7f0000000200)={0x1, 0x7}) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:04 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x8040, 0x0) ioctl$sock_inet_SIOCADDRT(r1, 0x890b, &(0x7f0000000140)={0x0, {0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e21, @local}, 0x8, 0x0, 0x0, 0x0, 0x10001, &(0x7f0000000080)='vcan0\x00', 0xfffffffffffff000, 0xfbc1, 0xfffffffffffffff7}) setsockopt$nfc_llcp_NFC_LLCP_RW(r1, 0x118, 0x0, &(0x7f00000000c0)=0x40, 0x4) 07:37:04 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x10000000d, 0x48000028, r0, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0xa4, 0x4000) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = creat(&(0x7f0000000180)='./file0\x00', 0x0) ioctl$KVM_GET_MSR_INDEX_LIST(r3, 0xc004ae02, &(0x7f00000000c0)={0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) close(r1) 07:37:04 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) write$P9_RREADLINK(r0, &(0x7f00000000c0)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0x10) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) fanotify_mark(r1, 0x1, 0x10, r0, &(0x7f0000000000)='./file0\x00') r2 = semget$private(0x0, 0x0, 0x202) semctl$GETZCNT(r2, 0x0, 0xf, &(0x7f0000000040)=""/79) creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) 07:37:04 executing program 0: r0 = syz_open_dev$video(0x0, 0x7, 0x801) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) [ 204.704533] x86/PAT: syz-executor.2:9764 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 204.730867] x86/PAT: syz-executor.4:9773 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 204.731362] FAULT_INJECTION: forcing a failure. [ 204.731362] name failslab, interval 1, probability 0, space 0, times 0 [ 204.789378] x86/PAT: syz-executor.4:9773 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 204.797500] CPU: 1 PID: 9764 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 204.805001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 204.814347] Call Trace: [ 204.815609] x86/PAT: syz-executor.4:9773 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 204.816931] dump_stack+0x138/0x19c [ 204.816950] should_fail.cold+0x10f/0x159 [ 204.816966] should_failslab+0xdb/0x130 [ 204.833273] kmem_cache_alloc+0x2d7/0x780 [ 204.841353] ? _raw_spin_unlock+0x2d/0x50 [ 204.841364] ? __khugepaged_enter+0x26c/0x340 [ 204.841380] copy_process.part.0+0x444f/0x6a00 [ 204.841420] ? __cleanup_sighand+0x50/0x50 [ 204.841432] ? lock_downgrade+0x6e0/0x6e0 [ 204.841449] _do_fork+0x19e/0xce0 [ 204.841464] ? fork_idle+0x280/0x280 [ 204.841480] ? fput+0xd4/0x150 [ 204.841490] ? SyS_write+0x15e/0x230 [ 204.841505] SyS_clone+0x37/0x50 [ 204.841514] ? sys_vfork+0x30/0x30 [ 204.841529] do_syscall_64+0x1e8/0x640 [ 204.887788] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 204.892634] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 204.897820] RIP: 0033:0x459879 [ 204.901006] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 204.908721] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 204.915988] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 204.923236] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 204.930482] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 07:37:05 executing program 2 (fault-call:8 fault-nth:16): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:05 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000140)={0x0, 0xa1}, 0x10) r1 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:05 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x0, 0x801) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:05 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) ioctl$VIDIOC_G_PRIORITY(r0, 0x80045643, 0x2) times(&(0x7f0000000040)) pipe2(&(0x7f0000000080)={0xffffffffffffffff}, 0x80000) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x2) 07:37:05 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r0 = syz_open_dev$usb(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0x400, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000001c0)={0xffffffffffffffff}, 0x2, 0x5}}, 0x20) write$RDMA_USER_CM_CMD_NOTIFY(r0, &(0x7f0000000240)={0xf, 0x8, 0xfa00, {r1, 0xe}}, 0x10) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) setxattr$security_smack_entry(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='security.SMACK64\x00', &(0x7f0000000140)='GPL#\x00', 0x5, 0x2) openat$tun(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/net/tun\x00', 0x2040, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000fec000/0x14000)=nil, 0x14000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:05 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x743801, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000140)={{{@in=@dev, @in6=@loopback}}, {{@in6=@ipv4={[], [], @dev}}, 0x0, @in6=@remote}}, &(0x7f0000000080)=0xe8) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) [ 204.937743] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 204.953873] x86/PAT: syz-executor.2:9762 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 204.963565] x86/PAT: syz-executor.2:9762 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:05 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = dup3(r0, r0, 0x80000) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000000)={0x0, 0x100000000}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f00000001c0)={r2, @in6={{0xa, 0x4e21, 0x2, @local, 0x8}}, [0x81, 0x2, 0x2, 0x200, 0x5, 0xdaf8, 0xe7, 0x80000001, 0x7f, 0x93, 0xe116, 0x3f, 0x7ff, 0x2, 0xfffffffffffffffe]}, &(0x7f0000000080)=0x100) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0xe216ae3903719917}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000200", @ANYRES16=r3, @ANYBLOB="20be2dbd7000fedbdf2507000000080006003f000000"], 0x1c}, 0x1, 0x0, 0x0, 0x40014}, 0x8011) r4 = fanotify_init(0x0, 0x0) fanotify_mark(r4, 0xd, 0x48000028, r0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r4) 07:37:05 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x3, 0x2) ioctl$TUNDETACHFILTER(r0, 0x401054d6, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x2, &(0x7f00000001c0)={0xffffffffffffffff}, 0x52a33df605028912, 0x5}}, 0x20) write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r1, &(0x7f0000000240)={0xb, 0x10, 0xfa00, {&(0x7f0000000100), r2, 0x3ff}}, 0x18) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:05 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x0, 0x801) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:05 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000300)='/dev/video#\x00', 0x0, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0xc, &(0x7f00000001c0)='/dev/video#\x00'}, 0x30) r2 = gettid() r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer2\x00', 0x2180, 0x0) ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa04, &(0x7f0000000280)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}}) kcmp(r1, r2, 0x4, r0, r0) r4 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x7, 0x400100) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={0xffffffffffffffff, r4, 0x0, 0x1, &(0x7f00000000c0)='\x00', 0xffffffffffffffff}, 0x30) write$P9_RGETLOCK(r4, &(0x7f0000000240)=ANY=[@ANYBLOB="1f0000003701000201000000000000001f00000000000000", @ANYRES32=r5, @ANYBLOB="020cff427a51686784"], 0x1f) ioctl$TUNGETFEATURES(r4, 0x800454cf, &(0x7f0000000080)) 07:37:05 executing program 5: syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x8000, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x39565559, 0x0, 0x0, 0x0, @stepwise={{0x3, 0x80000000}, {0x1, 0x10001}, {0x0, 0x9}}}) [ 205.058497] x86/PAT: syz-executor.2:9804 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:05 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vga_arbiter\x00', 0x200, 0x0) write$P9_RMKDIR(r1, &(0x7f0000000080)={0x14, 0x49, 0x2, {0x1, 0x4}}, 0x14) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r2, 0x84, 0x1a, &(0x7f0000000140)={0x0, 0x1a, "f36b04f0ff4e631c3abcd012ed1849aa459779cc5623a0cd2f4b"}, &(0x7f0000000180)=0x22) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f00000001c0)={r3, 0xe0, "636677918db218f77ffe6c1a6dd6b3e22c7e1e8d6606d1ca4cdec0f0a4b148409bed07fff788c7dbe8041ca69a4c09114148b089c61e6c0363cd3a1bd68220265d87867a8249d5772eff3467735f77fb19699b31dec643cd9817463024e00315ef9275993e43e35b8616a5d01cb26c5a7dec7228556361f336febc4b7b37736321ddb6bbb348748ce0aa50bd54c459b7771af3e8c4a8c1dc644379e55aaf49d88ec3d9ed4a3b5fb333c91a84b098a4c3492866636308742d6f364b516080ad5f4c341c45c5c8d1fc031514c515de0dc36cc4aa0b62e0de9fc14e517bb6404eb7"}, &(0x7f00000002c0)=0xe8) [ 205.127521] x86/PAT: syz-executor.4:9812 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 205.156976] FAULT_INJECTION: forcing a failure. [ 205.156976] name failslab, interval 1, probability 0, space 0, times 0 [ 205.190663] x86/PAT: syz-executor.4:9824 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 205.199481] CPU: 1 PID: 9820 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 205.206510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 205.215865] Call Trace: [ 205.217561] x86/PAT: syz-executor.4:9824 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 205.218455] dump_stack+0x138/0x19c [ 205.218474] should_fail.cold+0x10f/0x159 [ 205.218490] should_failslab+0xdb/0x130 [ 205.238786] kmem_cache_alloc+0x2d7/0x780 [ 205.242948] copy_process.part.0+0x444f/0x6a00 [ 205.247555] ? __cleanup_sighand+0x50/0x50 [ 205.251790] ? lock_downgrade+0x6e0/0x6e0 [ 205.255940] _do_fork+0x19e/0xce0 [ 205.259402] ? fork_idle+0x280/0x280 [ 205.263113] ? fput+0xd4/0x150 [ 205.266292] ? SyS_write+0x15e/0x230 [ 205.270000] SyS_clone+0x37/0x50 [ 205.273365] ? sys_vfork+0x30/0x30 [ 205.276910] do_syscall_64+0x1e8/0x640 [ 205.276919] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 205.276935] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 205.292269] RIP: 0033:0x459879 [ 205.295444] RSP: 002b:00007fcec12ddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 205.303151] RAX: ffffffffffffffda RBX: 00007fcec12ddc90 RCX: 0000000000459879 [ 205.310417] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 205.317686] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 205.324954] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12de6d4 [ 205.332217] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 07:37:05 executing program 2 (fault-call:8 fault-nth:17): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:05 executing program 1: r0 = openat$selinux_status(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/status\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000040)=""/157, 0x9d) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) tee(r1, r1, 0xa4, 0xa) r2 = fanotify_init(0x0, 0x0) fanotify_mark(r2, 0xd, 0x48000028, r1, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r2) 07:37:05 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0xfffffffffffffffc, 0x0, 0x3, @discrete={0x200, 0x40}}) mount$bpf(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x810, &(0x7f0000000180)={[{@mode={'mode', 0x3d, 0x2}}, {@mode={'mode', 0x3d, 0xffff}}, {@mode={'mode', 0x3d, 0x30}}, {@mode={'mode', 0x3d, 0x2}}], [{@permit_directio='permit_directio'}, {@defcontext={'defcontext', 0x3d, 'staff_u'}}]}) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x40, 0x0) openat$cgroup_subtree(r1, &(0x7f0000000080)='cgroup.subtree_control\x00', 0x2, 0x0) 07:37:05 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x0, 0x801) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:05 executing program 5: r0 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) ioctl$RTC_EPOCH_READ(r0, 0x8008700d, &(0x7f0000000140)) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0xffffffffffff0001, 0x402000) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000180)={{{@in6=@remote, @in=@broadcast}}, {{@in6=@ipv4={[], [], @dev}}, 0x0, @in6=@initdev}}, &(0x7f0000000040)=0xe8) 07:37:05 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r0 = semget$private(0x0, 0x1, 0x4) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40000, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r1, 0xc0905664, &(0x7f0000000140)={0x0, 0x0, [], @raw_data=[0x400, 0x400, 0x2, 0x7f, 0x3, 0x4, 0x0, 0x1, 0x80000001, 0x4, 0x6, 0x1, 0x4, 0x6a74, 0x80000001, 0x6, 0x2, 0x554, 0x9, 0x10000, 0xffffffff, 0x64, 0x9, 0x3, 0x3, 0x5, 0x5, 0x3, 0x0, 0x1, 0x9, 0xd3]}) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000080)=[0xeb60, 0x1]) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ff9000/0x2000)=nil, 0x2000, 0x0, 0x12, r2, 0x3) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 205.346216] x86/PAT: syz-executor.2:9820 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 205.354860] x86/PAT: syz-executor.2:9820 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:05 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x7, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:05 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0) getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r2, 0x84, 0x1e, &(0x7f0000000000), &(0x7f0000000040)=0x4) close(r1) [ 205.429258] x86/PAT: syz-executor.2:9846 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:05 executing program 3: sysfs$1(0x1, &(0x7f0000000140)='@keyring\x00') r0 = open(&(0x7f0000000040)='./file0\x00', 0x900, 0x100) ioctl$KVM_GET_PIT(r0, 0xc048ae65, &(0x7f0000000080)) r1 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:05 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000080)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mkdir(&(0x7f00000000c0)='./file1\x00', 0x20) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 205.490009] FAULT_INJECTION: forcing a failure. [ 205.490009] name failslab, interval 1, probability 0, space 0, times 0 [ 205.501445] CPU: 1 PID: 9854 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 205.501453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 205.501457] Call Trace: [ 205.501474] dump_stack+0x138/0x19c [ 205.524039] should_fail.cold+0x10f/0x159 [ 205.528192] should_failslab+0xdb/0x130 [ 205.532174] kmem_cache_alloc+0x47/0x780 [ 205.536229] ? __lock_is_held+0xb6/0x140 [ 205.540289] ? check_preemption_disabled+0x3c/0x250 [ 205.545315] anon_vma_clone+0xde/0x470 [ 205.549217] anon_vma_fork+0x87/0x4d0 [ 205.553027] copy_process.part.0+0x45e2/0x6a00 [ 205.553061] ? __cleanup_sighand+0x50/0x50 [ 205.561842] ? lock_downgrade+0x6e0/0x6e0 [ 205.565989] _do_fork+0x19e/0xce0 [ 205.566005] ? fork_idle+0x280/0x280 [ 205.566020] ? fput+0xd4/0x150 [ 205.576341] ? SyS_write+0x15e/0x230 [ 205.580061] SyS_clone+0x37/0x50 [ 205.580071] ? sys_vfork+0x30/0x30 [ 205.580086] do_syscall_64+0x1e8/0x640 [ 205.580094] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 205.580112] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 205.580121] RIP: 0033:0x459879 [ 205.580126] RSP: 002b:00007fcec12ddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 205.580136] RAX: ffffffffffffffda RBX: 00007fcec12ddc90 RCX: 0000000000459879 [ 205.580144] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 205.587011] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 07:37:05 executing program 0: syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x7, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:05 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x80008001, 0x0) ioctl$VIDIOC_STREAMOFF(r0, 0x40045613, &(0x7f0000000000)=0x3ff) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) [ 205.587017] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12de6d4 [ 205.587023] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 205.641553] x86/PAT: syz-executor.2:9854 freeing invalid memtype [mem 0x00000000-0x00000fff] 07:37:05 executing program 2 (fault-call:8 fault-nth:18): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:05 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000040)={0x6, 0x30314752, 0x2, 0xecca, 0x3, @stepwise={{0x5, 0x757}, {0x8, 0x7}, {0x0, 0x401}}}) 07:37:05 executing program 0: syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x7, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:05 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) 07:37:05 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_G_TUNER(r0, 0xc054561d, &(0x7f0000000040)={0x81, "280ff45defa26e1008f79ff2658dd1f113c435717b0db25dfbfcc49d2cf92677", 0x4, 0x800, 0x6, 0x0, 0x1, 0x1, 0x1ff, 0x10000}) gettid() connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r1, 0x0, 0x0) dup3(0xffffffffffffffff, r1, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) r3 = syz_open_dev$media(0x0, 0x100, 0xfffffffffffffffc) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x0, 0xffffffffffffffff}, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$EVIOCREVOKE(0xffffffffffffffff, 0x40044591, &(0x7f0000000040)) ioctl$MON_IOCQ_RING_SIZE(r3, 0x9205) connect$pppoe(r2, &(0x7f0000000080)={0x18, 0x0, {0x2, @link_local, 'bond0\x00'}}, 0x1e) sendmmsg(r2, &(0x7f0000005b40), 0x4000000000001b2, 0x0) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) [ 205.705456] x86/PAT: syz-executor.4:9869 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 205.714870] x86/PAT: syz-executor.2:9854 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 205.767671] x86/PAT: syz-executor.4:9871 freeing invalid memtype [mem 0x00000000-0x00000fff] 07:37:05 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x5, 0x440000) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x20323159, 0x780, 0x4}) socket$isdn(0x22, 0x3, 0x11) 07:37:05 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000000)='./file0\x00', r0, &(0x7f0000000040)='./file0\x00') r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) 07:37:05 executing program 0: syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x7, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) [ 205.849936] x86/PAT: syz-executor.4:9871 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:05 executing program 3: pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4dd3d1d400411187) ioctl$VIDIOC_G_PRIORITY(r0, 0x80045643, 0x2) r1 = syz_open_dev$video(&(0x7f00000001c0)='/dev/video#\x00', 0x5, 0x231b62cd9db32bd0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) [ 205.900785] x86/PAT: syz-executor.4:9897 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 205.916721] x86/PAT: syz-executor.2:9895 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 205.955486] x86/PAT: syz-executor.4:9897 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 205.981158] FAULT_INJECTION: forcing a failure. [ 205.981158] name failslab, interval 1, probability 0, space 0, times 0 [ 206.000120] protocol 88fb is buggy, dev hsr_slave_0 [ 206.005220] protocol 88fb is buggy, dev hsr_slave_1 [ 206.029092] x86/PAT: syz-executor.4:9897 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 206.037937] CPU: 0 PID: 9904 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 206.044950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 206.054298] Call Trace: [ 206.056882] dump_stack+0x138/0x19c [ 206.060516] should_fail.cold+0x10f/0x159 [ 206.064676] should_failslab+0xdb/0x130 [ 206.068658] kmem_cache_alloc+0x47/0x780 [ 206.072725] ? anon_vma_chain_link+0x142/0x1a0 [ 206.077315] anon_vma_clone+0xde/0x470 [ 206.081216] anon_vma_fork+0x87/0x4d0 [ 206.085019] copy_process.part.0+0x45e2/0x6a00 [ 206.089637] ? __cleanup_sighand+0x50/0x50 [ 206.093876] ? lock_downgrade+0x6e0/0x6e0 [ 206.093893] _do_fork+0x19e/0xce0 [ 206.093925] ? fork_idle+0x280/0x280 [ 206.093942] ? fput+0xd4/0x150 [ 206.093952] ? SyS_write+0x15e/0x230 [ 206.093967] SyS_clone+0x37/0x50 [ 206.115480] ? sys_vfork+0x30/0x30 [ 206.119022] do_syscall_64+0x1e8/0x640 [ 206.123437] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 206.128284] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 206.133466] RIP: 0033:0x459879 [ 206.136650] RSP: 002b:00007fcec12ddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 206.144355] RAX: ffffffffffffffda RBX: 00007fcec12ddc90 RCX: 0000000000459879 [ 206.151624] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 206.158890] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 206.166154] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12de6d4 07:37:06 executing program 4: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000080)={0xbc48}) setsockopt$inet_int(r0, 0x0, 0x31, &(0x7f0000000040), 0x4) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000140)=@sack_info={0x0, 0x1c5bbe65, 0x1}, &(0x7f0000000180)=0xc) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f00000001c0)={r1, @in6={{0xa, 0x4e21, 0x10f, @rand_addr="812ead84fbce57de6b922af0f6463bb9", 0x7}}, 0x4, 0x3ff0000}, &(0x7f00000002c0)=0x90) setsockopt$bt_BT_POWER(r0, 0x112, 0x9, &(0x7f0000000100)=0x9, 0x1) 07:37:06 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x141000, 0x0) ioctl$ASHMEM_SET_SIZE(r2, 0x40087703, 0x8001) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) 07:37:06 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x7, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, 0x0) [ 206.173415] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 07:37:06 executing program 2 (fault-call:8 fault-nth:19): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:06 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x200) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000580)='/dev/zero\x00', 0x82080, 0x0) ioctl$RTC_WIE_OFF(r1, 0x7010) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000040)={0x0, 0x773b5f5f, 0x780, 0xfffffffffffffff9, 0x3}) r2 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/hash_stats\x00', 0x0, 0x0) write$tun(r2, &(0x7f00000000c0)={@void, @val={0x2, 0x85, 0x251b, 0x1000, 0x0, 0xbf6}, @ipv6={0xd5, 0x6, "231090", 0x46a, 0x5e, 0x2, @remote, @loopback, {[@hopopts={0x6, 0xd, [], [@calipso={0x7, 0x28, {0x6, 0x8, 0x3ff, 0x0, [0x100000001, 0x0, 0x3, 0x100]}}, @jumbo={0xc2, 0x4, 0x2}, @enc_lim={0x4, 0x1, 0xedf9}, @ra={0x5, 0x2, 0x2}, @calipso={0x7, 0x30, {0x3, 0xa, 0x8, 0x1, [0x4a1, 0x2, 0x1, 0x9, 0x8]}}]}, @dstopts={0x84, 0x7, [], [@ra={0x5, 0x2, 0x2}, @hao={0xc9, 0x10, @mcast1}, @jumbo={0xc2, 0x4, 0x3cc000000}, @calipso={0x7, 0x20, {0xffffffffffffffff, 0x6, 0x3, 0x1, [0x4, 0xfffffffffffffff8, 0x5]}}]}, @hopopts={0x84, 0x22, [], [@enc_lim, @padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @jumbo={0xc2, 0x4, 0x1}, @generic={0x90, 0xff, "bfaa365ea0a826c18790f68493e1a2ff16e645aa78febf5e296c278db3999c13e1c48dd9832b1a4002ab8133986a87b0188215832b7dba8c7719f60fc3b6333e8f3d2d8ada7337f41f786c614e78fcdf06174b9d29263252441fe11f7f03bcfaf928bc354e9294d038d5c06f774ab46f9fc31bd15d61399b7320800791fbe8c785ca0553a31c6c42a4caa6f1a65d3ac3a3c59c58984ada8feb08dcd951052fcb113cdc4d7da2aa1a0ca62a2c6b20bf74bac83f7131e020b32635a28a29c89e69d462868bfe0982402fb2b28f4339d6ce6876d3fe0c6b1d1327fca51deae47fb6f84b6977aa6718b268eb1dfacf31dcccbe8abf1880b66ce410ba8620160278"}]}, @hopopts={0x4, 0x22, [], [@hao={0xc9, 0x10, @mcast1}, @generic={0x7, 0x8d, "791a9b8d268e3f285170f7fbce806e980c0b435dd7288318e6e89275620729418c8b9bf7c0f7932753cf9379dcfd907cb3156e05c58492bf6cef3c96e533e3e2f99a44ae62852f05ad7c6d8492f4b45acd72f0e0a721df2ab2b517d604cab956c37d7a32f235e1c7f72186f732793cd94b112ea032caadbd6a6d9aed5aca84b8a54c76f23bdd91ca5631359869"}, @calipso={0x7, 0x58, {0x5, 0x14, 0xee40, 0x5629b74e, [0x0, 0x8, 0x10000, 0x80, 0xc5932e6, 0x8, 0x6, 0x7, 0x8001, 0x6]}}, @enc_lim={0x4, 0x1, 0x5}, @enc_lim={0x4, 0x1, 0x2}, @calipso={0x7, 0x10, {0x6, 0x2, 0x1, 0x5, [0x6]}}]}, @srh={0x0, 0x8, 0x4, 0x4, 0x81, 0x20, 0x5, [@loopback, @local, @loopback, @rand_addr="4a38f2115a45045bd052fdc6643a7360"]}], @gre={{0x0, 0x0, 0x1, 0x7, 0x0, 0xffff, 0x0, 0x1, 0x880b, 0x48, 0x0, [0x5, 0x20], "9b93d94b4b9ef641377bf02b43c14c44179a8a4ce3a1a4d0a34f0aabf08c3d73f1187396b471b4b79a59a5e03e531edda4899d66cc38870b54b61e5021c9a3a3b98f9c01ecf1ce26"}, {0x10c6, 0x0, 0xfff, 0x1000, 0x0, 0x0, 0x800, [0x3, 0xfffffffffffffe00], "f98e2c7ed78133acbb8ed28aba4c7b76f4e10b9f1f315cbe44c86f3f4bc550e2a2e1c06e8b61c280dd5bbe2b068dafab094993fae24bd32df379826f748f"}, {0x1, 0x0, 0x401, 0x4, 0x0, 0x0, 0x86dd, [0x8000, 0x7], "6df6"}, {0x8, 0x88be, 0x3, {{0x3, 0x1, 0x80000001, 0x8000000, 0x7fffffff, 0x100, 0x5, 0x6}, 0x1, 0x1}}, {0x8, 0x22eb, 0x0, {{0x3ef28000, 0x2, 0x2, 0x0, 0x3, 0xa, 0xab9, 0x9881}, 0x2, 0x100000001, 0xfff, 0x6, 0x9, 0x0, 0x100000000, 0x8000, 0x400, 0x4}}, {0x8, 0x6558, 0x2, "dd94f3f85e8c92dc86fbb3c10357522f8b9a3c97db9256c6f31e2341e295ad86fe6512524f05ec3fb157bbd92d261763d5fa1d14806debf71a905f4c2d0878bc8d0595010aa2f8c88d3d"}}}}}, 0x49c) [ 206.218213] x86/PAT: syz-executor.2:9911 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 206.235971] x86/PAT: syz-executor.2:9911 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 206.250111] protocol 88fb is buggy, dev hsr_slave_0 [ 206.255182] protocol 88fb is buggy, dev hsr_slave_1 07:37:06 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_SOCK_GET(r2, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xd13e3ac0c35c9a72}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x6c, r3, 0x300, 0x70bd28, 0x25dfdbfe, {}, [@TIPC_NLA_MON={0x14, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}]}, @TIPC_NLA_MON={0x44, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7ff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xffffffff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7e}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000801) close(r1) 07:37:06 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x7, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, 0x0) [ 206.309917] x86/PAT: syz-executor.4:9917 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 206.349735] x86/PAT: syz-executor.2:9926 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 206.381048] FAULT_INJECTION: forcing a failure. [ 206.381048] name failslab, interval 1, probability 0, space 0, times 0 [ 206.398163] CPU: 1 PID: 9926 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 206.405194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 206.414546] Call Trace: [ 206.417139] dump_stack+0x138/0x19c [ 206.420783] should_fail.cold+0x10f/0x159 [ 206.424934] ? anon_vma_clone+0xde/0x470 [ 206.429004] should_failslab+0xdb/0x130 [ 206.432983] kmem_cache_alloc+0x47/0x780 [ 206.437046] ? anon_vma_chain_link+0x142/0x1a0 [ 206.441636] anon_vma_clone+0xde/0x470 [ 206.445536] anon_vma_fork+0x87/0x4d0 [ 206.449348] copy_process.part.0+0x45e2/0x6a00 [ 206.453961] ? __cleanup_sighand+0x50/0x50 [ 206.458197] ? lock_downgrade+0x6e0/0x6e0 [ 206.462353] _do_fork+0x19e/0xce0 [ 206.465806] ? fork_idle+0x280/0x280 [ 206.469522] ? fput+0xd4/0x150 [ 206.472713] ? SyS_write+0x15e/0x230 [ 206.476434] SyS_clone+0x37/0x50 [ 206.479798] ? sys_vfork+0x30/0x30 [ 206.483344] do_syscall_64+0x1e8/0x640 [ 206.487229] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 206.492076] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 206.497260] RIP: 0033:0x459879 [ 206.500446] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 206.508155] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 206.515419] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 206.522687] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 206.529957] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 206.537221] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 206.538010] x86/PAT: syz-executor.4:9930 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 206.577689] x86/PAT: syz-executor.2:9926 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 206.598402] x86/PAT: syz-executor.2:9926 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 206.609893] x86/PAT: syz-executor.4:9930 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:06 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x80200, 0x0) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f00000005c0)={0x76c007df065ed1d1, 0x0, &(0x7f0000ffb000/0x4000)=nil}) ioctl$DRM_IOCTL_AUTH_MAGIC(r1, 0x40046411, &(0x7f0000000580)=0x165) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r1, 0x800443d3, &(0x7f00000000c0)={{0x0, 0x1, 0x10001, 0xdd7, 0x101, 0x9}, 0x800, 0x8, 0x7}) write$binfmt_aout(r1, &(0x7f0000000140)={{0x108, 0x9, 0x0, 0xa0, 0x2d8, 0x2, 0x219, 0xffff}, "24996a74a3", [[], [], [], []]}, 0x425) 07:37:06 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0) ioctl$RTC_EPOCH_SET(r2, 0x4008700e, 0x7014b100) close(r1) 07:37:06 executing program 3: syz_mount_image$iso9660(&(0x7f0000000040)='iso9660\x00', &(0x7f0000000080)='./file0\x00', 0xfc000000000000, 0x6, &(0x7f00000032c0)=[{&(0x7f0000000140)="478d97509edab68ca42def37cb90d2384f8964be71f71172dbfaccd0f9189a3f52c08aa8108c4c933eda629cdbeeb725ca131fe034d56b4afd24b400bae0cb8b56600728f8b89c39c68af4b8326809452074c8b047c85a6819c3f8292143408dc7848bf9619bf89ae803c1c24c04b66ef45156eb137bb891587da6e903d1a9d6f6584b1ad539f8af59026cb7ab43974edc61a2313d6f88b5d52a78959d", 0x9d, 0x7}, {&(0x7f0000000200)="ff77496ba3224fad4b932db06cd45c7760bf39372364324bda5a59a25e0179847cd0e0a7ffd7e70fe2a61fb8a79eca94d092b229ce8bc8dde584a3c577a1c4be6e61c660966a21304e7675c85b01b1127960f69dfba385ac6224ef50c7367abc2123b00c5dfc2fe13f650f393f294d05db009c3669ffeb1b3e58407e42991c5fa0bdca3e65557c3c44892e469a3cff386c97ce28235422914e4cf7ebda829487e853f42b4c6a1af5d3168034273b1d27f0a3ead383c2cd27827ed94153c841df3a236595693aca53b14f865155b5ebb0bc6cf355df0f4af5c460c16233739238027ccb5ac04e1b587ed362fee58d495ca98da2a945ab6eed87eb407f30b67e5e94de3e13bbedf075d1cf2661701b2f4cc539b9bcf1b0c50f635d21f08c2b9b835df400e6eb02578b1f5925a5eca4a46ae1995097c8188ce96eb5925617178ff504eadc8fbec284266978602ac12b63c816c19152fbd301fdc2a53d69e77f4394a826e6f4020df5d4b14f64a1a7820fa8e2398686077a10b04e2b5d2aca9f757b0e54bd293bff01f6bd3721cdbb1639e18f1a716bf6f42dd3e0ceeca1cb2fdedefb5cd6e2db44fcfa05281f4c5bf78486dc376c28ebee5fbab42bb3c8c1bf8cbc01a62f8e0073f998b854b729cbb787b2d64b96408f350ac46b4b8ed911df5efb3d08ff312f41ab26e37c868b755253c70d6ec7c87e744fd6394a5fb95fecb6421545c768333963a156913060f3f966c527ef4758d7b41712b8125dede6fc1491e7bdd3a2bfb272121419cc1642e216aeff1685596392ec5a5cc82f1bfd37bf7aa3d949aa9934cf372c06046fb8b948cd648ca0b1ba36572155995a485dad6c633f602c35744a804d90ef55aa3d44f7a353e25e0a593559cf2f0bf2c2a220078c79c2e0865dee89f3566ee304c99433450dc07d8bb504dce67a60fc986e80d4a743557b08d517247c4a559748a27d42573ff2f9d18561f05e1ff578e683d5b3a5aa8d44c9241acf9f1fc465f3f20fc468bd9ddd988dec8e38f0f8d2f9c2e816276fa189fc950c724f4e999128161017ca920b31238652d3f972da67610e0ada3c1b02991333996922edb97e86f57c13a6e5ff184a2a0061e61f2fd2832934d8a0e98c84b093a107c8613f63b2a3d1add0fddb13b2b209a83672d57cff8ad51b182bca7145a77feb6a2ebfc714a94794680746838e55082257226c8634253618ddaca3a05c9fabac29f07bfacb638cf9319cf91c1de5395ae3aab2e0e2d5d9c7559753c8490db1c0782854b0de66478be825ca5aa89fe9d7f8a9e9c4fb1c588a3830e9503b4d392a465edb8bbec4d248ea69d5a776dbd614e72188bf7fc7e511ea7e25e7fcdf7b36a2ad83972069937e95de31134b4435ca1ecb7cee2f93678ad2bc7ac619988fe24b6f12c58e10fbc9a542e10d7ff0c3e0521e3a3b5c58f5ef122769ee0d67824dd9229227c2589291b673882a850292531e4da08240458139144d148e19bd2499193bd7599d3ab0e7afeb7fcc14e69e667313ef19759102cdebd9fd0c43f45e308cb3f861f151de9d2887f292f0b9f65524b58d7926015f89a9aeceaeb6c7b9aa78e852cd792e8bfb3fccf3fc7810b6bd653b4e69e1c7781ee1ef709cdbd0584b6efd76c923c5eb88c76b1dad2cdbf90c1d405870ae1526c12fc26e74f4dc6f2004ffae587cb46425eec5d09b0a72a55b7fdfb824e86b3035884b950a1cc05c23a5d77732fcc3bf8965cddc304031384a65ae9f453941701ff758bfb77139ce28218caf81b7c3c7ad97933a057c1d75755dac6cab340ee4a30dfbbdeae297153f2ba8b683ddda9b4d2e04213b736e58e06ccf9b79ab980b373b43b7524e9fd13173e2b294744f0aeaf6b12bad1c064c5c89120ed11b8551d85751757b622159eeb40da5183086a9cc60f60a209395c757a2661a596ffc2c1ab82b2106c589231942de34146ea214066fa9c719d8b7289fcaa8bbd6f6ae062ce5cc51a48f19187f1ea59e000db375481bbc02224ee5788fbd44797553f8e004b391dc6254abc6643bdd076d1af5a98ec87546fdc9fdfec6437185e37db2cd42d292662d3ab61ece4bfbda8387756561d18167b3f0551a40ce57b75a07d58b1420b995263ef2f2b073ba5f7eac80cc5945c1b267565b11c6d20b50aa9d104effde81e47553b547bbd339372b6f0657cf0ce2a334c5b9acfd61b367354bc3eb86cb54eb1d1aeea4fa8ef066bbe23e17a1166d570396836af0fdf0d1e127dbdadda670784446abe997cc9cd79ce1174ff61a385ef56c2602ab0cef4802712575bcf4c9e5178815e3a07a358eddb2018ee38e4155a60858dd4167e360745af0dc29548437e1d7fc5042dba1015910a796b6186498668b2e808c930ebe14920f80612219c94617ac150442b6a56bc73296098ba624cc1c4b01eb19c8562d6e7a7e533c9723fcc582a776af953ffe1109ae0c0ec58ede3df17383099a64bc4bff934651421d438448a0893d4520db1ff35e527f3e66c10237fe10f1cb2b0d93d341fc1cb435a744c57c15c58063cc5f02363cc5ae1defe8f810c79b8c5d20969f3cdf1aa1edbff522dd51d4d9e664f80a4d5153a8842c4f533909a82e369ffd535e0efad524c93d64ac8c7cac7189a5ee897270e076f561bb20464439470cabc5ba5cf2d822418c82652d54c27226dc0c72a3c015045886e0f64f6f15ae3976bd39ca274693a446da8a51241978d4c464dad3db7f3254e72358da54e9721cde627fed078de0fb87e41c35993827ef9a3bdce0582d395cdbdf04b86b5d0f1568f44d4e34acace9563f6444c94dddc4d08380eefd04b1fcb4ee22711e6a6c36ad183693d85f6a1ef856709228a89b716fc148af0353646c29fdd75ecdb7bb74d400f711e35ca0bb6dc99c39edf83945023d610a7162b1ffa4428cbf874a64e07f2c4408cf2bdb58a506c65cc27510e496fb010e608255de141062aca88c33ee3a841e6e0be8cfc21f4204acc407ace320caaca3cfad3c7b254e2b7f97cd560f9af3ee67f45556caaaa877f47f7c64b7120295c63f960de8fa387fc7e1bcf8bdeac8923ef7ac331f472adb8540d5d191788d5f4f377e492928b0ca8741f6fb9fb09e42804354c378ffd0bb25772c8654332e599a2665834d2189902924e13b98140ff8d0aa3d45c171bf7f7feefa3ac117f6d7db8f8a53b4423481cb2829c237b5adadd57235e588f80530fd1220c37cdd44ce4ef871c5f54c78e304a1e7bc2d80ef226ac8cc997c193e021a14732383a66a0a83b70729bc066fb4b5024326a8bf80919ea2955f76824bb93b55c64975ea2e3953ce5d09194a188ad0f727315be4294252507ec6d926b599a0f1c96753e198d69dac71aad1fa1e52f578ef1440b662c6c95805548141a164f100fa99b612d130b31611443ec2bb701281dd9cfa564fe1b0682c55020ad88953a0c720f1c7371ae5e77cd98272803483b37675cee4d69c59255b48878ed43d4733b380a18e3911b361ba4924331f17ff5ebe38311aed8a4b7349a60fcf87b7e4ec970817a487b3b8e5ae95cba2680fef949d34b17f51c0fe22232e998fcc85a6e5a0fd879c8f808854a489ccab51df85e7853ca2df5c31d5dcd96d4dda69ad7c3cc8d656695dd07a980228755b1ef76e7723898b77f3b93f3064f17ffc6bb47d03df08f72b406f8ea253911364a5bcd8a5c1fcf78d20c112b3387c0170bbabb3789299a11d2dd945a6b5ebefd6fe136658ac3d3b53d9a9b9fa4c2d179a96573feeb134167e176c372b0a04f8c4cd61ec3c64db19e257d9ffdef26ae9458918338891c232f6575d4233bd0a6a126c8432e0d4b55a75e6a525ceb63ff8c4772cf88b60599598917a6c0662d76dd6ba54d4148ac31a957ca10508b784f4cdaa14977bc2754b34afb4c9e18031a1484f4f98a0e455f2e037c6aa6518cdddf67ded4fc5652eac3fdea1f77d6c4d564a5a53c69ce140ae25de10c4dc181c889d667656b26dd970d038f7583a5f268ed76a92d25e7760eb66612d7ab7ddc49a35db9de568b1e5a0814ecf49c9831933b37e37dca7c517bda4d915e1c487dc891895a3cff8693ed93b5b6eba84782ec87953bf4c9b35bf1a913f97a2114031042dd81827da7b30e3a55e5c61c1230933864f4c5a831559f3970fb60fcc8a8087447d09b7b285d9c6471caaa85de70cb402cf5a0f5abaeda65c38aaadc0f997311fab0d76fb472797f34b83519778873a16176da5e7a0a10ff75f5ad2715be3180f3aab54cfae40d5ebc630b8174cf647b03dbd957418bccc9a15601cf637823c7ad2a2ef60c1d51d29fa1dad273f9b405d2b01a0c53a341383dc38c653c5f3db2b87a1867a1c82cfe83792727e263d50a8b466d415ea9ff45e5b846aa1e16ff6168f4f7e6a668f0573191a13294da8660244cb31829c6365f1424df16cf71da80039241d7da54cb44d24616a864d5488dbf81b8a55350b1d366d314a93f1c6083127d0fc14728b297761ba30a53ab68d2225468f4b6306a7d65e9d8dc5b3a3059f3acc4f3a8b0c8534069e59635d9ee52c0156af78ae7d67e6092e5de1d9e97c6fad83d2a1f35b0ad3367e5062ace86d303312652338837b709d057e9ec48f22d06e565b561cb71f27649686dd7654a7e67027e7b8aac7222cc5c60faa81363bd1c8714526364ab324f85793da01a294a9ff0482c3161b4a03cf20eb64663860b78a238d011fd0cda5fd483f282a33c9957f5cb5103d37184c893c9a29031a0afbbc4ce1978b36d3a3122465ead383b7456527f062c059703d39c4802cf72a9fe4ef939097b149a3439239ca5db94e68035300c1febd5372935ee83e83a3d6f1ee514fcdf72fa6db562dc66baaba809e73c4fa2e73755ef28ba4dc720d69d4eb68bf0aaf41300388f6a5a86611dee75783d61774155149b05e4ae862e13fe7b67bcfd04f18b788b9c355c3b2d60fa262d02efa1e07610eec4a6bd9909094b01646495aede0531c29d9cdfec7a1a7f816711dc9d971af104f2fde7363105dfd9825f027d96d92700f3fd76d23f6b735380b2bd8cbff13dda7eccea5188c7132c240b675ffcaebad0e968720b763eca14f77242f0b2da22fc82cffd0b99a0b43420441d42b64511223de7c4253e6204bca48b851c0f95357d1e8042f1b9d6d0ffd89e85588b138dd826b5ae7ebbfc73888cae59059cbccc4cc7f7c598c90519479f0a4da7ade818c3baa25d06765c0f47ea6552664b896230436da98684d19b1972dc3426595037bd10ba5b706bfb6d0d62f34f18d4ca596f5ca4397145d2e87e790a8f39419620696d5c0b46fb035c7c2af9659268523d5bf27f4a057a49d18d48aa02a0f91938b854e049b7eca4721d33b8dd9a650e7fbf288765ac47a44ac97513e6c03657d344456cd37d7c1af4329997c9fa088ebf957186d344ffddf34a4e68ffe7abf5a1eb0dd6a1e08c475df63f5531b99384d661eac9b05be7cf30e71becd808627e5c2562cc385ad30eeb329b32b298cd62b733fe8a48becd41c5c1c93b9fd77f744077bc940970a1c3f02b8fc8e6b199ecd83e1528b464c52f828f013ee7391789c9969c9c7bb81b6c31b2af94c5aebb71599d9c5e6bffa6a7fcaef3af237bdefee6ac7175b40823bd0d0f6fc55b3a525ee73b80bcf26e4feea55b5c5c3c5883e9548d988040ef5cdac968a3b9069f2526cd599f4bdff38138627b614fe6451552cff2beced604a11253b8b9884cf9e85ef8516292a76a9e89e328a92463c1bd75470f19830dc6ba3629b306e69b28255ae2e938e3f301816", 0x1000, 0x4bf}, {&(0x7f0000001200)="bcacdb200b5ea04204d2e1ae06dccd47681cb6faaf9c758b26ac5040fced54773febaa63a766740a808f87a7f1353834f135a027960b2d87d819db05961f463ab31656c882a30a5567486c85fd8bd4ebf3496f59247b4e01426f728e36044cdc19697243aa38f3479f1443faa134a864c6699a81568df906206ccd77be3cca387855073aa61ab54a13a78bb3301146c052cb4776ddef4bce5adf51dd65dd0371de13f3bb", 0xa4}, {&(0x7f00000012c0)="90550361c856e1909e466225862f150a4773dfa87fbec42464f80704ce0c3b621ce8793136068555ad63c2bc684edae964a100c191bce131365fb97562bf84d388c06d4a3a3430443a9a2b492cd862fdcbe55b44035443aee04ede6b1556529051dc2dd0ccb14d33c5a87774cda5fdf03f996752956cb835c5f6be49c7b386f690e3e847ffb6466fddec130b5cbefc8a0c6f6a7c8bbf6c77e8454f572055b97c8d81199e53204aa5c662d7ae3bf746e64458a985c95e68781e995bb2f6968b0cc6846a6a88b56f31bf9e4765066d95c92286f6ff9189ef48b2444123ba4c955a4deab009211de1f40fc276d2ddcda503aa7519c189936351931df203cbe94b6a7c3360e4c36a593f0eded426860e0ee7952cee6c2b9012634762628d1ed38a00c25d0db86d667ebe8fe4c3f63fc043f8520a524048924607917e34b9b8bd027f0f5315b9cc60e2c52f20b46e3b25840d121e0947d23f422512e631b584bc41545038baf439c1537bc16675958013baa4e67ddb59bdb9119744eae3030d52749b752e1f7d7cc0e3611d642949dc0ef0a1cde554d9e02f93b2124088447ac5717edfba9efe0acaef858e91ac0f508b2171d49f26d64b2f41550466a4dc811ca54cc3129f11a27f5918159325815e47d687f91bfbaa563318179833a8c7f48d1587fe5abbe73431b18553e0cb1a3d95512c799425632077e663971917de1a4a52a28f7e600c0bf9ec87cde21e34733e78816fc80f7a4e36ad04780226743bc908af1b3e91b5d6c51268f0416882f9eb4a483d8d95860e74a024d9442ed69dcb73730a98caa50c900923f7dc4d8f980a9a675d12c5f4cdc01cc8726593d40991421462157fd29db3cfe16c740cb8e59ac789c82fe03ab3fee6b873c86b43a1bb76d68c5fae125f420fbefb07a64b52e83bd93d76f0b0395ef119c0d7d98b0860e279623b2f8e0e1073cd4c3d89b41cdcc23d633affa2524d78cfd36dfdc165a31c724d026ff287986206fe7bdb72827e0de5e62a65347e5ab41e0ed3dded35e43d676be162fa619da2f603ab3f0585f01821f769d646a7a1a999cba337ec6ff712dfae933278846a1dacc56fc753d5613197fa38042a6b73710a21299415cafe4a3e05da329830be686ca2bf672ce1d1922a35113d223fc50dc4ad326522cf8e469833ed96b7a3ef68afe64f170ca342cf1ee9235a54386fe29c40e9e01879e375169abef7885e26002aa7468c1ae31778d8415182aa62af171743ce012a8b6f9b8ae6d6e84ea031bd759c36bfab04e4b4c8e1dfa0f7a4a64aa13d30c05e0854684b2d532fbc111c242039754514b18c6df4976b8201cd503586b47ef30e715e3113751e2f3863a6c83a3648027dd51f4703f0295c2cac9830a6f0e17fe8c4f61a821405a8e1f461bbd283381db9fc25860b4cbfbb4329f44fb5368befb9caf76ff7dc9567e1119626372b77b288789069e77ed4697da7c5c021136a4c49707baef4a99a4aa6a9c48b869e47abf35ca185445a008589cc49d500a04a865cb9f7589184f1f97154f04b61a4784ca3b820babf2c5851b72e895200c8fe2e3156f6e55e9d4a30664e25f7b07e5f1e5356f165e4deaa3845be0b2a782ccdbac7e3ebc79316d306587074180859ac51fb16d6b7d8177c5cf6c2405596baca0d5c767858be61ac84ac88adc9427d8ac05969a3bcc55df247fc7d2de49686cd4a4fa6f3a1cf09163d20b59d32a2fac036d8a839e8f9425658e2374a5e3c03a28ca3394cf6d4629f3bbc6fbc572bae962cd1d000d058f904b6e240e67a7ca95cc32619de9ee8467c4ec9539dc29cf3c0400c958d34d232dc37ba2e8a65f9a52939172c9403b7e9eec7f01509ccbe9deedccec87d60941f0fcec8005ee39a5a7b35e0d89a08f126bdfbe6266e40d8abdf4f0c4dd11850fb5b38a012fd8a1704dc65bb9aca0068525fd0d6214c36187090520393878ddf97a1749cd9c02f19d91375e951a1306abe114368032778cd3794fa9c987616fda553f5451d7d38c53abecf20895c6eeac6ae33ffe52bf03ce6d1d6b19f459641e2bc00bd1b6a4a0a2c5ea3393ddeb95783547ba5237d588bdc12e72d671ecbe3208cc1a0d0ccb57571fcebc14743c4ced02aa5f813f4c0fa73c24d9088ed15d7b30297e062b95e955c6ef53526394bfeab29c0c7fe6407b4f1ef7174b287d23654c97d1c1a8923761ae6ceb26ac7a0aaf161159b60f7c49c42a7a70f377397f4e0461a748945b0bda01cd6a0c5e200749ac7f1c32abc3166d2783431055ea655b0e10024da762477649b991a03bcc9f5e5633c49373935b68fb764dd4c03b17f3dbcdc779be26e4983bdd9c37e417b3779e1481e606546ce608406d18bd7e58a6b439b0fb2d8271817bef1b393f1089bee9fc5493669dfdd3d86618741441c9b4318656289382cb83b14032da784a4338b13224fe2121bc86a4ab1fa2ba2c29802bc9a3ab14ef5855997dacb192eb2e2b627e43114e8d40e21c3f70297ff1cdb4b2c216839688a7ac5801fc308e0ac768338ae1f8e2cfbdb201dc75ed8e2fea8f0f2253ef4e3fa8d823c3e17685456dc4d91e933b94c2b1e3750bf77eb53c0e30149434ce6be33c83ece4be15b2d47fa931c038931e0715e54cdeea7a0963bfa7850aa31a9a538dbc3969e4e0fa446edd1feaa53c29c121737a5a72fa7388ffcd21d1d6ad39d32dae0c8cf90724fba9b6d05adf28168a10c37608ba140ded69a4648aa487c4400a1499664de6c93c80b48662ac27ef2b1d3f867ca3e85ac4104f6263fd847c080e4b9a341fb5242ad6ffa13ee87aebf519d488d1896b434643bd500affc0f112bf4dbdf34039b5b0c81aa45259e61291b2d1a533373422f2b5736ac6d02af4dad0eccf0e3815f05eae38a7e2c069329a4714c9b32bf099e228f3384f5ca8ad8372739c356053c923a82fd6b9849bb4d6fd7a06a69a635343777690e32b9006fc19d1a231207bbaf21910ea6415741a6b8a78a8b5ed3ce7004fbfd2bfd65438f76cecd490214e0ec94e6233917a896b15a2aca340a51d5e2db9ab64f1bc4dde6132dfe065712f648e2805de7b97d629839758287d8060409439be288793638322541280e00518441537062370cd505aeabd2197ec76a3d12e979ed488b0438a269166e9182cefb4fa22767327076117c770f9b1e818dff04c1ea2bd78b8a6a1d08d45a225097d8306cde1d1d1e106256e08c79e2b1bfda81e678c54654d777884133eb0b07c7654bca1af6fbf6a36b8e2aeb952d7825c67ba02dfbf0e1b53fc0e2df854fc9d943aed2ada356d3d7dda6a1a172ebbd82a7ff2a3c3f98a64998b1d2c86f7a3682d4e816ee9f4d3f47a1d47de2601226a907d78b6cbd2f0e7bbfcb217e27aa4f66b37be78733ac4b8b923e6b96eb95a8daf7df9485d949770c8c903edd66094c72a52cbf282ca083d51008044a7ebe7d4365b72be4caa1349f3b96607843cd6833344c04d7b8e511ab17aa90790e17b6a1e7bf3bcbc10c69b67b3d896e68b8cdd70f8400bb78979c4da14bbaa1bb16c029068b4b7445849d4414445757d86aaff3ddb9a02ef0d9ca0cf20c294034e6c39176aecab227c8669a5562f72a22dec11d53a38d2edeef08d2c9295b399bb54a8d73a74fc04036d43d64ec72e48ed729ca6773eb9b41e9788f74905d2a6d9de67d0ea8e9a8ad5252e2e9099b7d81a7ee59deb481d58164360772b4deec1ba3ee78b2003f4c9a0c50ee944ee349d3439485aff2ba16ebe936a2a4643d6d1a59695905d50a1a0c2976d663c966a559429ae56c316292f171923359fb68de47cfb082a6dda328365f5a8344d2a61f6e90c638f38748398a0cf87546f43deb04a2a137a439480103b54b543a8d785ec3112b978d7ca55e04d8b4ff67d56754a37309a2baea1fb60b935c7934b478b9a71229b671e90ca95bfe01ffdc4dbad9dfb071b3fd215582b6690f023e184d524e353747d3c91f2cea339e6b49003511a8ea49fe303d1c7a7769f44075333fcaca1d8345dc15ceb6f3b1ade6badcfc0d020f6428cf285e1772cc74e2ac7d64b74dbe34bfad7a8707c6cc63b539c995145f3267c9dbc42c461bd63bae8fb4e7c9f8226a53c47c1a364890b0bc7dbf3978774b695a01501fb607cc9f75628644c2bde333ad07d783ad71df01537c056bd99017c441e4976ea12a97bb2be42cc3d7597d52846abdcb437676a6fb58c1b50632943acd107ff405699887b84167726595540855b28bc17cad4e40dd93a52364f36beb237622027ea77ce54190a5b2ce5ef0e5aece7a134b578e686d8239fff77725568f6d9ccdd64a909e3d963cc5fda748e4a50001f90d68c81527adcf925c6904d61f060e94e03953e919a9d36f9dc975c1598230f8941213b7958c2fd4fae18b478ad0288a143a90f5c12a1233d578b10342e26f574ef03cd966eed6bd999d104faa6d782daed02c66b81731f4b8f32050ba6d68f30a3623a905d7ebee837f42afddfa133d5b6d1dce15a8efa3c850a116d0ceecec60a07f5c1305bfb1b260a4604155f1803100c3c2eb5c1782ec807f70a2f6656cef05619e2ddfc218df7a47f60584aa0a664fc6653a4a3c0b884ac61aeabfcb95dfef9f3a2b1c7ed48dbffead0e2bbda6cda52325a4a7fa4b7da68d505854d9b4f3f03aaf3f3cf884fa9d0e728c8b72a24aaab112ac3f28586d873d5e4916b6d657e24305e532d327ca9f487f88de4803fcc2b31d4fb4262d556e959b649cac6d99b9ee5250ee11271311d2187c44a2e704286e8deb4904e87c0d0a41b873dcd1e6133c90d10fe4ec1385e965006337f20eb8ff3f187f3c280bced45823748da517e16e98b0b94c429ca23c1f80f889e36b742a641f3817b5b9a002878cf3c9ca300c1a0389f1a5fda5d8b5c9e5f92c035e2d146209916a76fe7095630ebcddf946fd6478fbb5f22ce21fe8494b6722ac87c6410f2ee2c68b1001e59abb829ee053f70083e2f984b582d3b3211b3adf819cab8e149db161419270f2abb5e6ae6b17aca777a1a912d3db946bcf35efc37bdf8bab65936bffd0de78f093dc4957b519c051ad6b6df52e8b02c10b6ec80bbc3ff069fb464ca539bc1ea89d3213a0c4b04b0390b1f5d88a21c159b812879e2b15159e2fe2f6a1df8603f781e6f657ed3e9390dc0f2448fb60a2649aaf5540b31c76b27a260ed5e2935b6a8f65025c445ad6cd26ede812999110a5f45f32086dde6bcb87428329ea0c126495a2b1f01ef67f2bbff04e0d119744e88c58b47ddd05c001dc2e9b257a7557dbf7ac55517bf49b067b50df4e03140fc040d187ea8bc973641d902ca9aa1f036fa2b6b45b2de2ab7046e719d04a0a53b1c295cfbffa4e70c5162cd29d4d0523ea84ef082640211c08a21a5c6313a236d13401a666e06cdb6e92d4b92cff545b050ec59b5bb380412ad9445584de4b256ff5188753bd05e0258bf8a7787d78521cacca3a5eeaabde2a9518c52132f8bbcbb6c8f0ba6d6ad470a837ab405530ae11b20deb3c921b50c4dd6bdb7a9c7d9476830c5999a198f0a53c1b387db6839e00adb0662c97955f7b97adfa369f82dcdbf26eae0559070ef41ddb1316670726ab0a900b9fa127ccbe1b7653aa3dfbdf2ae0da4498f546640c1608f537891fa286a0ff358663f04151d3eb138739005fbcdc5be3475f34f3db1ffa8d075ad2e967e3b45e2c026d370b14d7dd6e454c5c22f09a4098c7a20c0f8f7ffecf89ea0dda3eb65e99f00668744e07d1cf4225baedcf7d1c0c856d357e113385d261833799e0f1de9facde", 0x1000}, {&(0x7f00000022c0)="1e3ca45075e847e379c25158bb0be195e030c02a77b768a7b5066308857c5cfb512b7338e6a9bbfb9639f3c7467906b3a3eb66819d775cd119114c11524a7f1cea9b7e47a1d0661b1ec7b657496bac59146d2853cd640fb262e99d10aa116608b845a96f76bb226b87ff5bc2e35333f3bd2b790e060e73b6a40b9fa513b49d372961dfbe912f36b5b6c6fba11218323141f36011d63132d788d7401c3a51f1982b833c36f640e8a2daa2bc77e2c0f51a946aee22dfb728a236011ac8070c26986b77ddc615bdcc0b6d38be4d9800c87b58b0f2c5a18b5f8e46cdcc00de8c1066ced29a33f2343b9eb10845a2ea2d4c459a01b19a24cf97002174b0cef08289e77143786a67db69681f42ede495f07105118edf5b05d1162a8fe90938728c55ece892f356f937b1b6177a1c8fda22ca611f3bb063400de9dc179edb0e24aa8ca8e9741f68280358c8ac88a320ca7e4ad478efa943e2fd83e75d48a1faadcd4af77f846340da21211492887595b8238edf5ad5f173a9d4a6cd4ab294738704862bae89e242fec07bdd8b14b3d7515409cde63b13edaacdc152067ba3677d8cb4afc5b7766d6a70d3cbc72e145c54b80775362c31ec9c23d77e0155396971186078f7705d5cd1e51030b12b1ff6db1d742ebf17816ed2b55ef3d72c5335a0433ec45a8391cc093a81a5f353e4d5f616162f0854739a6979982ce002dc31b571664ca457dd0c7e6c2fccf4fd93ab5cf7dd5bd0d9272cc994ddd7a02b57c5c20436be61347e7a9c9d98b9379f788837421640fac2d1a9b49328b71f8bc92460aa65ef1c0c0b2e7f4c93571195af0f94f70c10e082541046c8b0369900f1ebe7b08c69111d401f2c2ae1fdaaaea15c068f622b2740afdbf742c8d61bf690fb12141ee00bce0dd81d64d03d073e7adbec8db82917150a7fb95b9195efd7250621d071f4696482b4bd11e9df1abcd2edd229e6c91cee0a43d1792235b5653fbe6dbbc0c0badf9ba7a8bf8e5f7d5d181dbda50b1da3707e636a449bb43b50d033aa78549e909fd5139d096b15b9d3cd664dd3747fb7bb9468fe3c12097c346f1f26e7ae41b3448a6ada521b72ce9c79bef1ab8cfbb79379bcc4a60f66ce0fc59ab8839048d3ad9f3dea959f4b0f5f79f0c58a808f6f53f92006fb2cdf86039f571547a8e41394f6c4def031d9c0642db452acef00f0cea730fd174db5cbc264a0911dde7d5458edbbecb030d07987e587db59b59ef7f17846f1435470e7b3e713e95c7b4abd1b96a813a9f9df5137856b1edc763e1cbb314de60641e7dbe34d9e857936a19d367d328211233e1d92f8f0846ca5e9e413a865b241f84628bbb780ba1c20654d802ee565f38eb5bd2bfaf7e2fc9b1b95ab53457c4f8cd91212d09f2243d1b9a685b37d23e62126c9ef272187b4463ad9a38c7fe05f5c71905d3a4af2018239372d29ffd8d108d9389190c4d72e5ce46de431278db2d01dc80806ebd65124836c14ef4aa1d5d7c091ed05a1b72cb15060551b72f24889767763941a33044eda120020035a87a11f326bd9956d2b77b138872e5f3d761c11db9c95e325b9f99357cedb259d2ce341b25e6dc0976f79ae567b85b74fca87d1fbd14ca78b121716d2766b14e38afc8b0f603c1e55ff9c750d8fc44a3b3b60186b1b5ce61584cc934b27e9b09a795e537d8bf2e19691891624f247c3fa3348bd3f0f7de0a111d5b6062432d48f933ea3f5c918bd0f1d4748a5fc5b26282dcaaaac4e260c0c01dda6e9a38470aa4c8c94188cedbc2dda6ce8ceb0056dd8b57b11feeef549f2f9a8af9e5b584990ca3f762d634a0c74d8ca9f274171fa79fa07bd3e7750fe8098ef17c4098cdae61c114e7ae026c490e26fc7f4eb775a8f3d8a13116220af190cca42ef3568b97c5d5e434a45c9e1eda7830696a7681e3f6c911e53a28aff7d1b6d2bf6c3f109b158e9ebae555b878fb2b4b026d08b9fcbac92b15177f9254428b84c5bf6b86f4def15973075c112320ca1876acb9772100f69838faeb75166fee4af0a0453a23b6d14217d99cfae930584bd61f257e7c8e72e2915e12b84ff740fdd6e11ae34742b03c1442596593a56afcda77f6a2417e3032556dcdd01198a6705633ba56fcf210d1be131ba44e9833ff9621af06a77eb336777652b7235637b0a1f4be3887ffcf398a3f7df7ab597e28cc246c00a8b89116732e4e30529943e181f5627d7ee08b0c5e8396f32fb1bb384c3174f082973f623604a804807629c154da7689a41b16453023884a8646047a4e57bb44918d8cfeea08490bce270e1ba33bfa640f04846c9afe467622eda00db0f28eb7fbb8276b1f4b54132d9b33521c5161b2c75a36d249f5618b052f67818a17768abb8d6658dfac48ff41681e6b3878acff1f9b12f9cee6844247ddeb01d3739639019587ff0be137df5678d99db8b3c17f414ac29e08883a2c3f478226558f3c9fdfefbfcff9291cd226b516d824412944eae136f128592fb3201b60075942886e1aa303a78373d18d0c8b5168a204ccb8be3d53fb1f36947c104bf799ffc660fddbbc7ba33a821d7818b8b4de9b1f51b509eca2c06314aa2f22270dde3147b7c4f04b8b25c140f467b34d8c29d274788f954b5070fb04d07ad22744a6ac65315414fbcc26342f88176a10c0fe5003ec54514584ffc52eb910495ad0f09fca5ba203bf7058540ffe2e7fa1df1c4e59c02d29cccd0f0921a79d114487b2a0c3c71aa6a00b67f86c00632bd1d38674d0a31e4091619b0d3c3a57d9c9a877d5af0a90e5e8acf823e7968c23fea09a7e1284215e902432d46199b0ca71c3ec0ab16dce3a1a65d7a5881a9e7ebacc47e5b116316ec14932d7454a3ff2e0cd8d84ddb85a45e1896ffc13ce46131e6660a79e7cbc14ebf51b81206ecacd54d72777c7833937212fe54931fee4636139ce8b1aa9a8309be88fe583e7b12d83b59f5691c193333a1ef83e30e4cbc7d8a76411eb9ea4c7112d4948ece542fff73d124b718b1ffe4881d7e74dbc03d119e7e69b6a9db943e4355655a2272370e8499d22cc14950ce25bf81e135f1ba99d3c52f5f237da828ecbdeebeb031de02aea2b4dc34a42c4592f0313b12638134b05ec9d275d7b25bce53b9b70a696a9304c21de2025349bdd805ba35638088ed7d55bb3d01319957a5537e66a5db979c40c619cfcca8fd985fb438e3874b74bfdd3d03d6c74351860fcafdd17132fcdd63c466f6c4bc1bec52a28df10448ba8015c060631ccd7e568db585680661623fe1039d43dd78e419cdaf0fcc8ffc53396e28feb3946d473f9cf387d836e2e2be5979f5dc7aa8997f06bd1b8f2561e66346bd9d08fd6bc847a3b47515de404e727dff0a69a59b957cab8b0bd1a79e1de515fef27083a395d4233a10e8bc9dc5fc8a3e7ad0c687975bf876fd8732a3fec25c6d4bc84811e71afb2cf0cb8428142b76b6daaadc738160da49d1fe042c65b6c44bcafc642df9e14da1a07e43bf85f57e1b241ce7b6276f1d3196b139800a77a3eac25ca84868a10cd557a6c6671536fc865260f7226d905c2a947e498dd6b48e05abb5d29e44ca695046535d5960bd3b07493f4872ad513c8e50bdd7a4ef1a15cb127127a9c631060375519781e45407931b510c2b2b092510f4fed1c8a04c4988e4c586f261e75dfbf529679ba370772ed4148f770fee9d164b08821dce8f83d7d4073f9095ae1233326f332590f33c1e0b788da2cae0dea276b2fa3f7134d88879f23467e954cd649d12be53746a578d7b6ba31616a7d378cd30d703d4d99973ef256b4a9156e4f7cf3c02447b391b51d668e17b45890a7e0ffe1740a59fa1b7d5949528e494356fd89f52342bd988e803e3ad641282ffcb167c3f81d02473e8d2cef87bf56ac5838cb824718f8f11751783a5f8178d618db78d988101e8fc2be675de9f4a594d4be844af288f845742e1df59fee4d7ba9a8c58b6de8d101b04d9bf16fbcd7ca5f6465a264237f3dc32ae15c571669e37c138d9d11f6f62aac2d01c82a582d05da4779ada6865e1136257b16e848bc09b96de7c75db5b80ad7a059b57e1fd1eb99ae7bd3a7efa3153eace99c35b7de850a02436b8eea5a6b39d8127450bf85896630b7c135c7f533775cb566a1981b703dd302c0e128ce29255410fd8eb56b29b5a510312b9c22d528f506ace04ca9714ff87f49ee9a8c1f7b959d4d3a9c2e83d8094ed3f66b2229eac217b2f2aa4901f40407f3e701941d87a598686433835bc10b4d31a057d5b62eeb898568fd7ede1c30bbe5c2233ebfd5d3d5f958c1312b952583bb5acac779fd6d6c3e8600025a31f49ed7015de54d0213f460c53e031785a19cf183cd30c2c4020c1753d6aebae3ca87fdb31b9dade9e8e565d2d1373748e68fe40e6566be9fc23c73fef36dffbf122c127b01df3e6be172a4fb24ef411e1e93bd5d5999688f7ba4d0d05333aad0a58bf612a980ffd665bf5438a8c84ebc6f1bbb79d43ad39ceee8d5371151e688a62dc45b4a9c8db1c3b5249cc01dfb2f90797c8b2820411676ad087e7d9f4c8e763d320e148450527968ffb63b2ddca466fba1a2fdde5e00231e7779d8aa18bb4338e2db19a8baa179e55e2197e72f4bd53ffd3b2da71ce54e6fc9c9deb0cae89408bd6eede17cf521323e3e7e5bbe4b0000e03d75c4f3dd4c51fdbda161e90c951707b5a4b4d2f756b6bebcdf436947bbe9c229bef663dd305edaa1ed5e0fd8fd75950e86046f4fe0f183c6aa82f6f3af4ccf16ac1cb50f522344f74ba75002b1c007f41cf5297cf7201678949842be435d2e9b7357436c89e71293489098e9d399f1963e5b49b62b7d148db81d930f3657f01991d7542ab7b2067aa28c446239fc3db2600ed7009eb7133d64272c2e0243c44ab95bc2b33cda9d6d48c9c7591767c732433307f1602c2b28406928eb0a49d521b139c30d3c05aeb794b037dee7c28a8bfd59182622a77f36ff52004963147ebac04d200766e096f63d0825025e9621160956dc70f63bee7f34f8667008d5345981b30a61fbde128ad7ef9bb6ba59ef8ab99530997a899c99ec3549e25b690d72e7deaf950f09a96905d1477d5fbfd0d3bdcc8e196598c30e35492f0b162f15ece44c335ad9765a814588af37af950ef2556be288d55b8c1638774c75967d1ad2cb96f296e935b6268afeca375d1a6e8c80b0696750eaac409650264a86d52dced6f12f4bc232c0fb3c73015d87340b1bb74fc14d101d94e7a1d9d52ae22e0aa3192e9e994d12a6069b63d63e5a14bec629e7c7b425d1d5c25c89e7e5ecd4b510cbbbb28396410c7e6bfb39ce76f06c8eb2b10028cc904e478fe37c96faa34c6eb6d0e6071f07de9088e5eab667276fc9475e0ee3cc8b7d57042827b58bcb2149364a6d431e0eaa6c1e7186dcbd4ae348ede21583dafb845db8b483f2b26bfcdd59079553b7e1f36543f4e08d2b4e44271b9270298a6d2b4140352d1cad5ceb0e7adab1cc893f6291bf0031c313d38df3ce6141548d07a4c8dcf3c3bf389fc284b749392edad3092d781183d18cae32cf979e8e594da7f28569e44686111f342d72f49d99b62b9c99ae962923b01bd3a3c33631004d46097b7e3366a0aa564ab7286c4f13605514e08ef1dc86fafa2227a842ab95b9639b4aaede12199b78b0322d7d54419b48751e62e573bb7fee7af37c1561edf0aadec49bff0a60167709fe5606dbb7ead31ae0d3c445b6833865bc6d9dd184be223542c7a513ecfa2b7219151a013bbe69f8b620cb714f1d430d647c3e3bcd7f3", 0x1000, 0x1}, {&(0x7f00000000c0)="6826ca472a0ef519979a3291de0937bc53cf", 0x12, 0x7}], 0x4000, &(0x7f0000003380)=ANY=[@ANYBLOB="6e6f636f6d70726573732c6d61703d6e6f726d616c2c696f636861727365743d63703836332c7375626a5f747970653d2f6465762f766964656f23002c646f6e745f686173682c646f6e745f61707072618173652c7365636c6162656c2c00"]) r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:06 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x7, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, 0x0) 07:37:06 executing program 2 (fault-call:8 fault-nth:20): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 206.630288] x86/PAT: syz-executor.4:9917 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 206.668837] x86/PAT: syz-executor.4:9943 freeing invalid memtype [mem 0x00000000-0x00000fff] 07:37:06 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x10110) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) stat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000240)) sync() getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000002c0)={{{@in=@broadcast, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in=@local}}, &(0x7f0000000200)=0xe8) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1c) mount$bpf(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x40, &(0x7f0000000500)={[{@mode={'mode', 0x3d, 0x1}}, {@mode={'mode', 0x3d, 0x2}}, {@mode={'mode', 0x3d, 0x10001}}, {@mode={'mode', 0x3d, 0x40}}, {@mode={'mode', 0x3d, 0x400}}, {@mode={'mode', 0x3d, 0xce}}, {@mode={'mode'}}, {@mode={'mode', 0x3d, 0xde9}}, {@mode={'mode', 0x3d, 0x7}}, {@mode={'mode', 0x3d, 0x2}}], [{@hash='hash'}, {@context={'context', 0x3d, 'unconfined_u'}}, {@euid_lt={'euid<', r1}}, {@obj_type={'obj_type', 0x3d, '\']procself'}}, {@uid_eq={'uid', 0x3d, r2}}, {@fscontext={'fscontext', 0x3d, 'root'}}, {@audit='audit'}, {@appraise_type='appraise_type=imasig'}]}) 07:37:06 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x7, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x0, 0x780}) 07:37:06 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x800, 0x38415261, 0x0, 0x0, 0x0, @discrete={0x3, 0x3}}) 07:37:06 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x80) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000000)={@empty, 0x36c7, 0x2, 0xff, 0x4, 0x200, 0x3}, &(0x7f0000000040)=0x20) 07:37:06 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) r1 = getpid() getpgrp(r1) ioctl(r0, 0x1ff, &(0x7f0000000140)="2b203df4a9a111a9e47339d52f7010866a151a635f1e2f1f9f11df3327939d1e2cda14f42c5f8c7f006810a7697c74ef42d6b1645a94890231ae5246eec6b4d5a809da7db7772f405dcedbe9ad984cb6f8a1649790") r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x1, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000080)={'ip6tnl0\x00', @broadcast}) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) [ 206.693897] x86/PAT: syz-executor.4:9943 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 206.748088] x86/PAT: syz-executor.2:9957 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 206.757656] FAULT_INJECTION: forcing a failure. [ 206.757656] name failslab, interval 1, probability 0, space 0, times 0 [ 206.772800] CPU: 0 PID: 9957 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 206.779831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 206.789191] Call Trace: [ 206.791786] dump_stack+0x138/0x19c [ 206.795426] should_fail.cold+0x10f/0x159 [ 206.799584] should_failslab+0xdb/0x130 [ 206.803567] kmem_cache_alloc+0x47/0x780 [ 206.807633] ? anon_vma_chain_link+0x142/0x1a0 [ 206.812232] anon_vma_clone+0xde/0x470 [ 206.816131] anon_vma_fork+0x87/0x4d0 [ 206.819940] copy_process.part.0+0x45e2/0x6a00 [ 206.824549] ? __cleanup_sighand+0x50/0x50 [ 206.828791] ? lock_downgrade+0x6e0/0x6e0 [ 206.832949] _do_fork+0x19e/0xce0 [ 206.836437] ? fork_idle+0x280/0x280 [ 206.840154] ? fput+0xd4/0x150 [ 206.843340] ? SyS_write+0x15e/0x230 [ 206.847045] SyS_clone+0x37/0x50 [ 206.850407] ? sys_vfork+0x30/0x30 [ 206.853948] do_syscall_64+0x1e8/0x640 [ 206.857838] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 206.862687] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 206.866731] Unknown ioctl 35108 [ 206.867866] RIP: 0033:0x459879 [ 206.867873] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 206.867887] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 206.872153] Unknown ioctl 35108 07:37:06 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x7, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x0, 0x780}) 07:37:06 executing program 1: r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x2000, 0x0) ioctl$PPPIOCGNPMODE(r0, 0xc008744c, &(0x7f0000000080)={0xc021}) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x0, 0x0) fanotify_mark(r2, 0xd, 0x48000028, r1, 0x0) r3 = creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r2) ioctl$KDGKBENT(r3, 0x4b46, &(0x7f00000000c0)={0x8001, 0x1, 0x1}) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000), 0x4) 07:37:06 executing program 2 (fault-call:8 fault-nth:21): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 206.874327] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 206.874334] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 206.874340] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 206.874345] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 206.959954] x86/PAT: syz-executor.2:9967 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 206.975277] x86/PAT: syz-executor.4:9976 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:07 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x7, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x0, 0x780}) 07:37:07 executing program 5: openat$vimc1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video1\x00', 0x2, 0x0) r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) clock_gettime(0x0, &(0x7f00000018c0)={0x0, 0x0}) recvmmsg(r1, &(0x7f0000001880)=[{{&(0x7f0000000280)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000300)=""/213, 0xd5}, {&(0x7f0000000400)=""/63, 0x3f}, {&(0x7f0000000440)=""/209, 0xd1}, {&(0x7f0000000540)=""/242, 0xf2}, {&(0x7f0000000640)=""/144, 0x90}, {&(0x7f0000000700)=""/168, 0xa8}, {&(0x7f00000007c0)=""/55, 0x37}], 0x7, &(0x7f0000000880)=""/4096, 0x1000}, 0x9}], 0x1, 0x40010122, &(0x7f0000001900)={r2, r3+30000000}) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) r4 = syz_open_dev$dspn(&(0x7f00000001c0)='/dev/dsp#\x00', 0x8000, 0x21acf2901ef8d64) accept$packet(r4, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) r5 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-control\x00', 0x472082, 0x0) ioctl$VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000140)={0x1, 0x0, 0x4, 0x8, {0x0, 0x2710}, {0x5, 0x8e73c6dc929db2f, 0x101, 0x2, 0x8a9, 0x8, "9d897415"}, 0x7, 0x4, @planes=&(0x7f00000000c0)={0x87c, 0x37, @fd=r5, 0x1000}, 0x4}) [ 207.004457] x86/PAT: syz-executor.2:9967 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:07 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000040)={0x3, 0x2, {0x2, 0x3, 0x100000000, 0x2, 0x852}}) r2 = fanotify_init(0x0, 0x0) fanotify_mark(r2, 0xd, 0x48000028, r0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r2) 07:37:07 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x7, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) [ 207.049211] SELinux: security_context_str_to_sid(root) failed for (dev bpf, type bpf) errno=-22 [ 207.068118] x86/PAT: syz-executor.2:9983 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 207.086591] x86/PAT: syz-executor.4:9989 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 207.108945] FAULT_INJECTION: forcing a failure. [ 207.108945] name failslab, interval 1, probability 0, space 0, times 0 [ 207.126839] x86/PAT: syz-executor.4:9989 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 207.126976] CPU: 0 PID: 9983 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 207.142647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 207.142652] Call Trace: [ 207.142669] dump_stack+0x138/0x19c [ 207.142689] should_fail.cold+0x10f/0x159 [ 207.142707] should_failslab+0xdb/0x130 [ 207.142719] kmem_cache_alloc+0x2d7/0x780 [ 207.159195] x86/PAT: syz-executor.4:9976 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 207.162819] ? anon_vma_clone+0x310/0x470 [ 207.162840] anon_vma_fork+0x1ce/0x4d0 [ 207.162858] copy_process.part.0+0x45e2/0x6a00 [ 207.162902] ? __cleanup_sighand+0x50/0x50 [ 207.162915] ? lock_downgrade+0x6e0/0x6e0 [ 207.187606] _do_fork+0x19e/0xce0 [ 207.187623] ? fork_idle+0x280/0x280 [ 207.187637] ? fput+0xd4/0x150 [ 207.187647] ? SyS_write+0x15e/0x230 [ 207.200565] SyS_clone+0x37/0x50 [ 207.217926] ? sys_vfork+0x30/0x30 [ 207.221474] do_syscall_64+0x1e8/0x640 [ 207.225363] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 207.230203] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 207.235385] RIP: 0033:0x459879 [ 207.238556] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 207.246242] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 207.253490] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 207.260741] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 207.267991] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 207.275248] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 207.293287] x86/PAT: syz-executor.4:9989 freeing invalid memtype [mem 0x00000000-0x00000fff] 07:37:07 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x200) r1 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/mls\x00', 0x0, 0x0) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f00000000c0)={0x3, &(0x7f0000000080)=[{0x0}, {}, {}]}) ioctl$DRM_IOCTL_SWITCH_CTX(r1, 0x40086424, &(0x7f0000000140)={r2, 0x3}) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) setsockopt$IP_VS_SO_SET_TIMEOUT(r1, 0x0, 0x48a, &(0x7f0000000180)={0x7fff, 0xa08, 0x4}, 0xc) 07:37:07 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x7, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) 07:37:07 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') syz_mount_image$iso9660(&(0x7f0000000080)='iso9660\x00', &(0x7f0000000100)='./file0\x00', 0x4, 0x3, &(0x7f0000000580)=[{&(0x7f0000000140)="26c418b9e4369222b26582d71eb2369f0a1a66179991250045b84eeaffcda90b4b22506e9580e4fac7a79f1c4f9e66e1ef9990d6d24cea4de0cccdee2c145400045835bd28deb7453e8e3e8578f35d911fbd18f8cd14626fa39ebce22aa637d6b4592a66629b13fd9ffd6431b196bb4e118a067eb5bbf0c993ff1b6d2ebc968cb2ca89350db54976d48726e85bea0102481ad63750801d78d27843759566ab63464d2a282b9748bf66d019180e7a8c20431607051d13cdc2f6f91239699d3124aaea4ee719e109132300d63dacd9ca8b4bba45ecf56b9aa5c8a6900e652edbc679020f22071384cdb1633355a0876604019c7a51fa97c08a895f7e", 0xfb, 0xfffffffffffffffa}, {&(0x7f00000002c0)="8ad30dc4acdf47b74301522158b5f5e2c64b0357a270fa14d2549893d2af7be608d1ee7c8c6595e27a46652d3995bab5739fcca55bed417c45cb304a6a886dda644c2a9976cc7ddf8722299b31aac89fb5bd811c4ac6e52c8511dee6c05793374ef97744adf70615ba2b32f87affa899c570a6d4b2666b2005e16320df61764073399a07b1b50b209cd2cdee2ac671e1cce0cce9c856c47779813b7ca1f4df1e5a7c949e28595a33807507c257cdd54ae1362530f100bb47a2c3b85bf41ab8a06b1dce0c4e7b641efeaebc02a98285e747249ae938118fcf871d91dcd3", 0xdd, 0x5}, {&(0x7f0000000500)="1a8344017df2db1035f0131335e8711b8f34f3e088fd08f8afe6b29477804c5de0f382175e39395e9237e861eeed7ab7351a81f72e77c9748e57fd9fbb1e542dc3aeb8e1e80d6d25ca143e0e03038785eea8afa691558932d296e0541d620130", 0x60, 0x3}], 0x40000, &(0x7f0000000240)={[{@session={'session', 0x3d, 0x1}}], [{@audit='audit'}, {@rootcontext={'rootcontext', 0x3d, 'user_u'}}]}) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) r1 = msgget$private(0x0, 0x303) msgctl$IPC_RMID(r1, 0x0) 07:37:07 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x8) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) mkdirat(r0, &(0x7f0000000080)='./file0\x00', 0x27) r2 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/avc/hash_stats\x00', 0x0, 0x0) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) connect$bt_rfcomm(r2, &(0x7f0000000380)={0x1f, {0x0, 0x71, 0x3, 0xff, 0xf5a, 0xad}, 0xffffffffffff8000}, 0xa) r3 = creat(&(0x7f0000000180)='./file0\x00', 0x0) signalfd(r3, &(0x7f0000000000)={0x4}, 0x8) ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f0000000040)) sendto$inet6(r3, &(0x7f00000001c0)="ab0abe6b19fde06d1d17b2f228da46c867c010603c680b212a2f0f5ace2866506eb61e8ed937f97576a53a3b274f84daf85553fa4f6930720e355170dc94861da7cd47510493fb445d90806d18fbf8ca69cbb984", 0x54, 0x20000000, &(0x7f00000000c0)={0xa, 0x4e20, 0x3, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x29}}, 0x1000}, 0x1c) close(r1) ioctl$VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000280)={0x2, @win={{0x8, 0xfd, 0x8, 0xfff}, 0x8, 0x7, &(0x7f0000000140)={{0x10000, 0x4b, 0x10000}}, 0x8, &(0x7f0000000240)="3e9c3b53", 0xb5}}) mkdirat(r3, &(0x7f0000000400)='./file0\x00', 0x1) 07:37:07 executing program 2 (fault-call:8 fault-nth:22): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 207.304791] x86/PAT: syz-executor.2:9983 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 207.317105] x86/PAT: syz-executor.4:9989 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 207.338309] x86/PAT: syz-executor.2:9983 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:07 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x24042, 0x0) setsockopt$RXRPC_SECURITY_KEY(r1, 0x110, 0x1, &(0x7f0000000080)='\x00', 0x1) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f00000000c0)={0x0, 0x7d337351, 0x1000, 0x40000, 0x34f644817c2a1efb, @discrete={0x4, 0x4}}) 07:37:07 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x7, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) 07:37:07 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x43, 0x20, r0, &(0x7f0000000000)='./file0\x00') fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r1) [ 207.379448] audit: type=1804 audit(1566718627.390:75): pid=10007 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir332809586/syzkaller.PbyZLg/168/file0" dev="sda1" ino=16659 res=1 07:37:07 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_G_TUNER(r0, 0xc054561d, &(0x7f0000000040)={0x81, "280ff45defa26e1008f79ff2658dd1f113c435717b0db25dfbfcc49d2cf92677", 0x4, 0x800, 0x6, 0x0, 0x1, 0x1, 0x1ff, 0x10000}) gettid() connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r1, 0x0, 0x0) dup3(0xffffffffffffffff, r1, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) r3 = syz_open_dev$media(0x0, 0x100, 0xfffffffffffffffc) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x0, 0xffffffffffffffff}, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$EVIOCREVOKE(0xffffffffffffffff, 0x40044591, &(0x7f0000000040)) ioctl$MON_IOCQ_RING_SIZE(r3, 0x9205) connect$pppoe(r2, &(0x7f0000000080)={0x18, 0x0, {0x2, @link_local, 'bond0\x00'}}, 0x1e) sendmmsg(r2, &(0x7f0000005b40), 0x4000000000001b2, 0x0) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) [ 207.491295] x86/PAT: syz-executor.2:10022 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 207.519424] FAULT_INJECTION: forcing a failure. [ 207.519424] name failslab, interval 1, probability 0, space 0, times 0 [ 207.544638] x86/PAT: syz-executor.4:10035 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 207.566387] x86/PAT: syz-executor.4:10039 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 207.578671] CPU: 0 PID: 10022 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 207.585793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 207.595144] Call Trace: [ 207.597735] dump_stack+0x138/0x19c [ 207.601369] should_fail.cold+0x10f/0x159 [ 207.605521] should_failslab+0xdb/0x130 [ 207.605542] kmem_cache_alloc+0x2d7/0x780 [ 207.613638] ? anon_vma_clone+0x310/0x470 [ 207.613656] anon_vma_fork+0x1ce/0x4d0 [ 207.613673] copy_process.part.0+0x45e2/0x6a00 [ 207.626361] ? __cleanup_sighand+0x50/0x50 [ 207.630596] ? lock_downgrade+0x6e0/0x6e0 [ 207.634749] _do_fork+0x19e/0xce0 [ 207.638210] ? fork_idle+0x280/0x280 [ 207.641930] ? fput+0xd4/0x150 [ 207.645123] ? SyS_write+0x15e/0x230 [ 207.648838] SyS_clone+0x37/0x50 [ 207.652197] ? sys_vfork+0x30/0x30 [ 207.655735] do_syscall_64+0x1e8/0x640 [ 207.659620] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 207.664466] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 207.669648] RIP: 0033:0x459879 [ 207.672830] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 207.680534] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 207.687800] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 207.695060] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 207.702322] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 207.709585] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 207.717071] protocol 88fb is buggy, dev hsr_slave_0 [ 207.722170] protocol 88fb is buggy, dev hsr_slave_1 [ 207.729279] x86/PAT: syz-executor.4:10035 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 207.738601] x86/PAT: syz-executor.2:10022 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 207.756662] x86/PAT: syz-executor.2:10022 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:07 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x20000, 0x0) ioctl$KVM_GET_MP_STATE(r1, 0x8004ae98, &(0x7f0000000080)) ioctl$sock_bt_bnep_BNEPCONNDEL(r1, 0x400442c9, &(0x7f0000000180)={0x3f, @local}) 07:37:07 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x101000, 0x0) ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000400)=ANY=[@ANYBLOB="00000000000000000500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000807fffffff0100000000000000fcffffffc4ffffffff0100000000000000060000000000000000000000000000000000000000000000000000860f9a1149f9afc0005d520000010000000000000001000100000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4ffffff0000000000000000000000000000000000000000000000000000ff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080010000000000000000000000000000001fa300"/512]) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r1, 0xc0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=0xfffffffffffff8c1, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x9, 0x3}, 0x0, 0x0, &(0x7f0000000200)={0x4, 0xe, 0x5, 0x10000}, &(0x7f0000000240)=0x1000, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=0x1}}, 0x10) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000003c0)=r2, 0x4) r3 = syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0x9, 0x420000) fcntl$getownex(r1, 0x10, &(0x7f00000000c0)={0x0, 0x0}) write$cgroup_pid(r3, &(0x7f0000000140)=r4, 0x12) ioctl$UI_SET_MSCBIT(r3, 0x40045568, 0x8) 07:37:07 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x100000101, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0) getsockopt$IPT_SO_GET_ENTRIES(r2, 0x0, 0x41, &(0x7f0000000000)={'raw\x00', 0x8b, "e1679c46424d307d5e36cace5c2b49b5407aca07fcf15bade0d76371ddbc22f071f1bc8774f626f550df2e77e3e6d0688fbf84d6471f4dcbf46bda6e3f1d775fd014b87f31096aeb9fd303354794da612cf8888640e69acefe00a5b70f4880aee52301ded04e270a897e43d7ca609dc8e3dd6b509f3ba662a795eac621885ea444e086d93b09b8f01ad222"}, &(0x7f00000000c0)=0xaf) close(r1) 07:37:07 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000080)={0x0, 0x2}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000180)={r1, 0x10, &(0x7f0000000140)=[@in={0x2, 0x4e23, @broadcast}]}, &(0x7f00000001c0)=0x10) bind$llc(r0, &(0x7f0000000200)={0x1a, 0x118, 0xffffffffffffffff, 0xfffffffffffffffb, 0x6d0, 0x7b59, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, 0x10) 07:37:07 executing program 2 (fault-call:8 fault-nth:23): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:07 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) ioctl$VIDIOC_G_INPUT(r0, 0x80045626, &(0x7f00000000c0)) 07:37:08 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x0, 0x2) ioctl$VT_WAITACTIVE(r1, 0x5607) r2 = fanotify_init(0x0, 0x0) fanotify_mark(r2, 0xd, 0x48000028, r0, 0x0) r3 = creat(&(0x7f0000000180)='./file0\x00', 0x0) close(r2) ioctl$NBD_SET_BLKSIZE(r3, 0xab01, 0x5) ioctl$TIOCMIWAIT(r3, 0x545c, 0x0) [ 207.953608] x86/PAT: syz-executor.2:10055 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 207.956202] x86/PAT: syz-executor.4:10054 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 207.990913] FAULT_INJECTION: forcing a failure. [ 207.990913] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 208.003221] x86/PAT: syz-executor.4:10062 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 208.015966] CPU: 0 PID: 10055 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 208.023082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 208.026602] x86/PAT: syz-executor.4:10062 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 208.032430] Call Trace: [ 208.032450] dump_stack+0x138/0x19c [ 208.032471] should_fail.cold+0x10f/0x159 [ 208.032481] ? __might_sleep+0x93/0xb0 [ 208.032498] __alloc_pages_nodemask+0x1d6/0x7a0 [ 208.032514] ? __alloc_pages_slowpath+0x2930/0x2930 [ 208.046107] x86/PAT: syz-executor.4:10054 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 208.047369] alloc_pages_current+0xec/0x1e0 [ 208.047385] __pmd_alloc+0x41/0x410 [ 208.047398] copy_page_range+0x12b7/0x1bd0 [ 208.047411] ? debug_smp_processor_id+0x1c/0x20 [ 208.053153] x86/PAT: syz-executor.4:10062 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 208.055420] ? perf_trace_lock+0x109/0x500 [ 208.055436] ? SOFTIRQ_verbose+0x10/0x10 [ 208.055465] ? __pmd_alloc+0x410/0x410 [ 208.055475] ? __vma_link_rb+0x247/0x340 [ 208.060272] x86/PAT: syz-executor.4:10062 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 208.065129] copy_process.part.0+0x4764/0x6a00 [ 208.065168] ? __cleanup_sighand+0x50/0x50 [ 208.065178] ? lock_downgrade+0x6e0/0x6e0 [ 208.065194] _do_fork+0x19e/0xce0 [ 208.140441] ? fork_idle+0x280/0x280 [ 208.144160] ? fput+0xd4/0x150 [ 208.147350] ? SyS_write+0x15e/0x230 [ 208.151068] SyS_clone+0x37/0x50 07:37:08 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x800) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x0, 0xffffffffffffffff}) ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r0, 0x80845663, &(0x7f0000000040)={0x0, @reserved}) 07:37:08 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) ioctl$EVIOCSABS2F(r0, 0x401845ef, &(0x7f0000000100)={0x2, 0x2, 0xb7, 0x0, 0x7fff, 0x81}) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000000080)=""/56) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffb000/0x1000)=nil) 07:37:08 executing program 5: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x10000, 0x0) setsockopt$TIPC_CONN_TIMEOUT(r0, 0x10f, 0x82, &(0x7f0000000080)=0x9, 0x4) r1 = syz_open_dev$video(&(0x7f0000000180)='/dev/video#\x00', 0x100000008001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f0000000100)={0x0, 0xc140bba3ff3bff7f, 0x0, 0x0, 0x0, @stepwise={{0x10000000, 0x7f}, {0x1, 0x1}, {0x4, 0x8000}}}) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r0, 0xc0a85322, &(0x7f0000000280)) ioctl$VIDIOC_SUBDEV_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f00000001c0)={0x0, 0x0, [], @raw_data=[0x7, 0xa110, 0x7, 0x1, 0x45, 0x80000001, 0x2, 0x6, 0x59c9, 0x30, 0xd8, 0xfffffffffffffff8, 0xfd8a, 0x9, 0x0, 0x8, 0x7, 0x4, 0x9021, 0x80, 0x8, 0x8, 0x8001, 0x3, 0x7, 0x100000001, 0x2, 0x4, 0x200, 0x5, 0x8]}) ioctl$PIO_FONTRESET(r0, 0x4b6d, 0x0) rt_sigprocmask(0x1, &(0x7f00000000c0)={0xa14}, &(0x7f0000000140), 0x8) ioctl$VIDIOC_S_SELECTION(r1, 0xc040565f, &(0x7f0000000000)={0x4f8af1e21d6864ad, 0x0, 0x2, {0x40, 0x9, 0xff, 0x6}}) 07:37:08 executing program 3: remap_file_pages(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x8, 0xfff, 0x1) r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780, 0x0, 0x0, @stepwise={{0x3, 0xffffffffffffff01}, {0x9, 0x4}, {0x9, 0x9}}}) [ 208.154434] ? sys_vfork+0x30/0x30 [ 208.157978] do_syscall_64+0x1e8/0x640 [ 208.161864] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 208.166710] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 208.166720] RIP: 0033:0x459879 [ 208.175060] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 208.175073] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 208.175078] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 208.175084] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 07:37:08 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_G_TUNER(r0, 0xc054561d, &(0x7f0000000040)={0x81, "280ff45defa26e1008f79ff2658dd1f113c435717b0db25dfbfcc49d2cf92677", 0x4, 0x800, 0x6, 0x0, 0x1, 0x1, 0x1ff, 0x10000}) gettid() connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r1, 0x0, 0x0) dup3(0xffffffffffffffff, r1, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) r3 = syz_open_dev$media(0x0, 0x100, 0xfffffffffffffffc) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x0, 0xffffffffffffffff}, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$EVIOCREVOKE(0xffffffffffffffff, 0x40044591, &(0x7f0000000040)) ioctl$MON_IOCQ_RING_SIZE(r3, 0x9205) connect$pppoe(r2, &(0x7f0000000080)={0x18, 0x0, {0x2, @link_local, 'bond0\x00'}}, 0x1e) sendmmsg(r2, &(0x7f0000005b40), 0x4000000000001b2, 0x0) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) 07:37:08 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) ioctl$VIDIOC_QUERYCTRL(r0, 0xc0445624, &(0x7f0000000040)={0x0, 0xedc629f0029c26e0, "5ff6d95c2f8f609b9ae7fc453140ffede76227772365bc97f8fdff0a6e3f7ef0", 0x4, 0xffff, 0x16, 0x5, 0x80}) 07:37:08 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x4, 0x43353039, 0x780, 0x0, 0x0, @stepwise={{0xb0, 0x2}, {0x80000001, 0xe74}, {0x8001, 0x7}}}) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_INITMSG(r1, 0x84, 0x2, &(0x7f00000001c0), &(0x7f0000000200)=0x8) ioctl$VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000080)={0x2, 0xf, 0x4, 0x80400000, {}, {0x4, 0x1, 0x0, 0x7, 0x3816, 0x40, "4a49e3ae"}, 0x4, 0x1, @userptr=0xfffffffffffff21a, 0x4}) poll(&(0x7f0000000140)=[{r1, 0x200}], 0x1, 0x6) fcntl$F_GET_FILE_RW_HINT(r1, 0x40d, &(0x7f0000000180)) 07:37:08 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x100c8, 0x34, r0, 0x0) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x26, 0x7, "7ac92462a98c8d63aca34b95b3f6128d6f72a44cbae0ad1e79f9b2fd9b7c"}, &(0x7f00000001c0), 0x1400) ioctl$EVIOCGID(r2, 0x80084502, &(0x7f0000000000)=""/177) close(r1) [ 208.175091] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 208.175096] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 208.179619] x86/PAT: syz-executor.2:10055 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 208.205763] x86/PAT: syz-executor.2:10055 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:08 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x4, 0x4000) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) [ 208.320111] protocol 88fb is buggy, dev hsr_slave_0 [ 208.325223] protocol 88fb is buggy, dev hsr_slave_1 07:37:08 executing program 2 (fault-call:8 fault-nth:24): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:08 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x6, 0x0) ioctl$VFIO_IOMMU_GET_INFO(r1, 0x3b70, &(0x7f0000000080)={0x10}) recvfrom$rxrpc(r1, &(0x7f0000000240)=""/211, 0xd3, 0x1, 0x0, 0x0) readv(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)=""/4, 0x4}, {&(0x7f0000000140)=""/174, 0xae}], 0x2) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:08 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x100c8, 0x34, r0, 0x0) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x26, 0x7, "7ac92462a98c8d63aca34b95b3f6128d6f72a44cbae0ad1e79f9b2fd9b7c"}, &(0x7f00000001c0), 0x1400) ioctl$EVIOCGID(r2, 0x80084502, &(0x7f0000000000)=""/177) close(r1) 07:37:08 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2\x00', 0x80, 0x0) ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, &(0x7f0000000140)={0x6, 0x6, 0x9, 0x800, 0x3}) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(r0, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) write$UHID_SET_REPORT_REPLY(r0, &(0x7f0000000180)={0xe, 0x9, 0xdc, 0x6, 0x6c, "c0c67cbf5cabdd2049c0377ab50ed3fe53c3b5fcebb08eddd74b53a1eeb2cd7e5356983d5999b5645d091d774c5779ba22b1ec8bc8e2d80d831a5bce549f232f965bd163b48dfb48ddd068901f27de1e4abdac5351fc883a106ace5c595e68e3bf9371f02ebf4dab6e34a31a"}, 0x78) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) setsockopt$RDS_RECVERR(r1, 0x114, 0x5, &(0x7f0000000080), 0x4) 07:37:08 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000040)={0x0, 0x35315241, 0x749}) 07:37:08 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) r1 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0xfff, 0x480) write$P9_RRENAME(r1, &(0x7f0000000080)={0x7, 0x15, 0x2}, 0x7) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) 07:37:08 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x100c8, 0x34, r0, 0x0) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x26, 0x7, "7ac92462a98c8d63aca34b95b3f6128d6f72a44cbae0ad1e79f9b2fd9b7c"}, &(0x7f00000001c0), 0x1400) ioctl$EVIOCGID(r2, 0x80084502, &(0x7f0000000000)=""/177) close(r1) [ 208.546165] x86/PAT: syz-executor.2:10116 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 208.588933] FAULT_INJECTION: forcing a failure. [ 208.588933] name failslab, interval 1, probability 0, space 0, times 0 [ 208.619865] CPU: 1 PID: 10116 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 208.627086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 208.636436] Call Trace: [ 208.639029] dump_stack+0x138/0x19c [ 208.642672] should_fail.cold+0x10f/0x159 [ 208.646835] should_failslab+0xdb/0x130 [ 208.650816] kmem_cache_alloc+0x2d7/0x780 [ 208.654967] ? alloc_pages_current+0xf4/0x1e0 [ 208.659468] __pmd_alloc+0xbd/0x410 [ 208.663094] copy_page_range+0x12b7/0x1bd0 [ 208.667331] ? debug_smp_processor_id+0x1c/0x20 [ 208.671996] ? perf_trace_lock+0x109/0x500 [ 208.676231] ? SOFTIRQ_verbose+0x10/0x10 [ 208.680303] ? __pmd_alloc+0x410/0x410 [ 208.684184] ? __vma_link_rb+0x247/0x340 [ 208.688247] copy_process.part.0+0x4764/0x6a00 [ 208.692852] ? __cleanup_sighand+0x50/0x50 [ 208.697081] ? lock_downgrade+0x6e0/0x6e0 [ 208.701234] _do_fork+0x19e/0xce0 [ 208.704687] ? fork_idle+0x280/0x280 [ 208.708399] ? fput+0xd4/0x150 [ 208.711585] ? SyS_write+0x15e/0x230 [ 208.715300] SyS_clone+0x37/0x50 [ 208.718659] ? sys_vfork+0x30/0x30 [ 208.722197] do_syscall_64+0x1e8/0x640 [ 208.726077] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 208.730926] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 208.736109] RIP: 0033:0x459879 [ 208.739556] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 208.747265] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 208.754526] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 208.761793] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 208.769060] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 208.776322] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 07:37:08 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x800) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x0, 0xffffffffffffffff}) ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r0, 0x80845663, &(0x7f0000000040)={0x0, @reserved}) 07:37:08 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000080)={@host}) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) recvmsg$kcm(r0, &(0x7f0000000380)={&(0x7f0000000100)=@caif=@dbg, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000180)=""/127, 0x7f}, {&(0x7f00000002c0)=""/138, 0x8a}, {&(0x7f0000000200)=""/3, 0x3}, {&(0x7f0000000500)=""/255, 0xff}, {&(0x7f0000000600)=""/142, 0x8e}, {&(0x7f00000006c0)=""/244, 0xf4}, {&(0x7f0000000240)=""/47, 0x2f}], 0x7, &(0x7f0000000840)=""/120, 0x78}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000b00)={'team0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000b40)={'team0\x00', r1}) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:08 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x100c8, 0x34, r0, 0x0) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x26, 0x7, "7ac92462a98c8d63aca34b95b3f6128d6f72a44cbae0ad1e79f9b2fd9b7c"}, &(0x7f00000001c0), 0x1400) ioctl$EVIOCGID(r2, 0x80084502, &(0x7f0000000000)=""/177) close(r1) 07:37:08 executing program 5: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f00000000c0)={0x0, r0}) r1 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_G_PRIORITY(r1, 0x80045643, 0x2) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f0000000100)={0x32d, 0x35315241}) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/qat_adf_ctl\x00', 0xcc1cf708d5fca4ea, 0x0) ioctl$VIDIOC_QUERYMENU(r2, 0xc02c5625, &(0x7f0000000080)={0xe1, 0x41d, @value=0x1}) 07:37:08 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) r1 = dup(r0) ioctl$TIOCGPTLCK(r1, 0x80045439, &(0x7f0000000040)) 07:37:08 executing program 2 (fault-call:8 fault-nth:25): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 208.805434] x86/PAT: syz-executor.2:10116 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 208.827782] x86/PAT: syz-executor.2:10116 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:08 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x8002) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) [ 208.899356] x86/PAT: syz-executor.4:10131 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 208.915909] x86/PAT: syz-executor.4:10131 freeing invalid memtype [mem 0x00000000-0x00000fff] 07:37:08 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x2, 0x2, 0x8, 0x2, 0x7fffffff}) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000040)={0x0, 0x35315241}) 07:37:09 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x100c8, 0x34, r0, 0x0) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x26, 0x7, "7ac92462a98c8d63aca34b95b3f6128d6f72a44cbae0ad1e79f9b2fd9b7c"}, &(0x7f00000001c0), 0x1400) ioctl$EVIOCGID(r2, 0x80084502, &(0x7f0000000000)=""/177) [ 208.939575] x86/PAT: syz-executor.4:10131 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:09 executing program 3: ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:09 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x800) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x0, 0xffffffffffffffff}) ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r0, 0x80845663, &(0x7f0000000040)={0x0, @reserved}) 07:37:09 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000300)='./file0/../file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) r1 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/cache_stats\x00', 0x0, 0x0) getsockopt$IP6T_SO_GET_INFO(r1, 0x29, 0x40, &(0x7f0000000180)={'mangle\x00'}, &(0x7f0000000040)=0x54) getpeername$packet(r0, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000340)=0x14) getresuid(&(0x7f0000000380)=0x0, &(0x7f0000000500), &(0x7f0000000540)) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000640)={0x0, @remote, @remote}, &(0x7f0000000680)=0xc) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000006c0)={{{@in6=@mcast2, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in=@broadcast}}, &(0x7f00000007c0)=0xe8) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000800)={{{@in6=@ipv4={[], [], @remote}, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @local}}, 0x0, @in6=@initdev}}, &(0x7f0000000900)=0xe8) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000940)={'vcan0\x00', 0x0}) r8 = getuid() sendmsg$nl_xfrm(r1, &(0x7f0000001fc0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000001f80)={&(0x7f0000000980)=@acquire={0x15cc, 0x17, 0x10, 0x70bd26, 0x25dfdbff, {{@in6=@dev={0xfe, 0x80, [], 0x10}, 0x4d3, 0x6c}, @in6=@rand_addr="86b488ec4858cb632677f0d7e331eafa", {@in=@multicast2, @in=@multicast1, 0x4e20, 0x2, 0x4e20, 0x4, 0xa, 0x20, 0x80, 0x2b, r2, r3}, {{@in=@dev={0xac, 0x14, 0x14, 0x20}, @in6=@mcast1, 0x4e24, 0x2, 0x4e24, 0xec, 0xa, 0xa0, 0x80, 0x3c, r4, r5}, {0x1, 0xaf7, 0x5, 0xf3b, 0x3, 0x9, 0x3f, 0x40}, {0x8bf, 0xffffffffffff4e88, 0x73d5a6fe}, 0x100000000, 0x0, 0x2, 0x1, 0x1, 0x2}, 0x8c5, 0x400, 0x5, 0x70bd25}, [@sa={0xe4, 0x6, {{@in=@local, @in6=@ipv4={[], [], @multicast1}, 0x4e21, 0x6, 0x4e24, 0xfff, 0xa, 0x20, 0xa0, 0x1, 0x0, r6}, {@in=@rand_addr=0x3, 0x4d2, 0x33}, @in=@local, {0x20, 0x1f, 0xff, 0x1000, 0x2b, 0x6, 0x5, 0x1}, {0x8, 0x100000000, 0x1f}, {0x6, 0x5, 0x2}, 0x70bd2a, 0x3505, 0x2, 0x2, 0x80, 0x84}}, @policy={0xac, 0x7, {{@in6=@loopback, @in=@empty, 0x4e23, 0x5, 0x4e24, 0xb2b1, 0xa, 0x20, 0x20, 0x4, r7, r8}, {0x4, 0x38b, 0x9039, 0x7, 0xabb5, 0x1, 0x200, 0x6}, {0xfff, 0x9, 0x1e4, 0x1}, 0xfa01, 0x6e6bb0, 0x1, 0x1, 0x3}}, @algo_comp={0x74, 0x3, {{'lzs\x00'}, 0x150, "481a36d22ef014043302b462d66c78ae4a4595924c84e95f740f0770cc478a5aafa2fec7770b62143eb3"}}, @replay_thresh={0x8, 0xb, 0x9}, @tmpl={0x244, 0x5, [{{@in=@local, 0x4d2, 0x2b}, 0x2, @in6=@empty, 0x3501, 0x3, 0x1, 0xdee9, 0x7fff, 0x9, 0x8}, {{@in6=@ipv4={[], [], @rand_addr=0x5}, 0x87d7, 0x32}, 0xa, @in6=@ipv4={[], [], @multicast1}, 0x0, 0x61443df6fc0df90d, 0x2, 0x1f, 0x223, 0x4accf6df, 0x1}, {{@in=@multicast1, 0x4d5, 0xff}, 0x2, @in6=@mcast1, 0x3503, 0x0, 0x3, 0x6, 0x4000000, 0xfffffffffffffff9, 0x4}, {{@in6=@local, 0x4d4, 0x32}, 0x2, @in=@dev={0xac, 0x14, 0x14, 0xa}, 0x3507, 0x3, 0x4d196b0550b38ff5, 0xffffffff, 0x4, 0xffffffff, 0x81}, {{@in6=@local, 0x4d2, 0x3c}, 0xa, @in6=@loopback, 0x3503, 0x4, 0x0, 0x7, 0x112fb9fd, 0xe80, 0x2}, {{@in=@rand_addr=0x20, 0x4d2, 0xff}, 0xa, @in6=@local, 0x0, 0x4, 0x3, 0x6, 0x1, 0x80, 0x9}, {{@in=@multicast2, 0x4d2, 0x32}, 0xa, @in=@multicast2, 0x3503, 0x2, 0x0, 0x1f3d, 0x2, 0x80000001, 0x5}, {{@in=@loopback, 0x4d4, 0x6c}, 0xa, @in6=@ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x0, 0x1, 0x0, 0xffffffffffffff69, 0x1c, 0x6, 0xffffffffffffffff}, {{@in=@broadcast, 0x4d5, 0x7e}, 0xa, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x34ff, 0x0, 0x31a6211eeff929c1, 0xfffffffffffffffe, 0x1, 0x100000000, 0xfff}]}, @lastused={0xc, 0xf, 0x1}, @algo_crypt={0x1048, 0x2, {{'cbc-twofish-avx\x00'}, 0x8000, "01bfc921a6689e2f0a01c82bd786a647679973a62cba9c0d52802e1352c8e925ae4bb454540514fc98294d0f8e682f99e0bc57be6419f1e40f2dace3c6758584c1aaca7ae5c4b4360075b03095058a8861ba19ad80c6f5a5a8c3d17084a88b43434451369af0c5718d9e82a88afa2575b5d2ae806a2eaa0fbdb81a2e9e3da1026e363d27c3f656a09ae856f3a24258e272046731cc96a429e390384997b25fa14510446009769e398e1139269d24edff1b80bf8759e27f8e0ad8b9bee982e841c691fdc21157fb2ee1afa51d349dc6c018d469bdb395d9f4d19bec47075d6c6320ff4ebdaf13327a7bee6129439c087c6936b846a59fb0925c5914d754fe74baf6f99d3e00183eaf9a3ed7c344a43b8ccdceb071ffc53a79d27b41e595fb87ec0dca9fa7e2336b9ceec1b97901657c900669a29e2028ea4394287a037c207858daa1424098faff9b8ebc4eae50a462411ae09bd042a95507b4e6b7a48a5983c487f8de637d468e1b241917d2e29ef5c2b8e4dc7d86e1a06e9cc5f9e0eba5e0562435dd191269b416f8b3648d741afeba72212e5cac6e0ec865d9920346135c0a69bcea46ebc2df20fd49534f50513a38c59cc0f161401207750bb367af55b369cc208e0c7f9d5cb46dc297315212e04acccbae542251dda609c7029e05fe647501eb2bd4c9afe08bf47a44598879816217ab7061c7b74c1ae4a7447d8e3f3eec5abd64e24963909377972ad84b9033c7f1a3fef553334824730b9ff7dcd48bebcac99ce6581b77f44882c843be1f74ff2fc08aeadf54471635ae09d30191ec9b07fd6a5c5b7fcb9055e896bdb50986dbf03ec6777d0d7983718083a782eb726300e4014238e1d85f097d118f2b30a1eb5dfb9e0a1d1953e19b522c6a9bcbc3a30e6d3931839bdd3897e9d488481b3ec1137bf34233034dc343a5972b02fa9ec0653c9c142060a50f3d150a2808d19cbec5826a6b0ce16787e4cfbad8f8dc947d7c16d35ae226b19fa6f7b43e61d4cb683b7ba0f93b2aad196d88f0366ff4154f800af2724b79f1778f60baa5e15ee0d779681df76a6dd9c41c2cc4db0be81bc6735c0c7ad865f1da2b1ecde1a27c3f5a6c1944bdc5c9f29b6c3055145a34d2f958ee66104d4f612ad31929d394a394a3bf33864f7b3110489035cad0a12b8295fe7e7e3afd12cec20597d74c700a0d55d2bf440ffc0b1228e96abfebbb2ac47cd48e7dc78fbcbd13c14844c84bbe773f32b1550007725aaada4a62a78ab21daeb5fda3803e88b542a254cc2ecf185cc90cb00c59596dde726012ed51a8c073196255bc8b3d329fdc809253e7d0643bb9a0010cdfbd76685af5f5ba94818c9524b6a3e5e7b29bfc8ca1fba29c76ed9f4d6258945a3c82944e649fd79fe3422aef9d1995b362ef40a5cdd21564506daf8771ae679fe059415751216301b93d694a9464af08ba498ed60d707c142d4620e063334d6dbaeb6d66e6df857c3755e50c7afb26c45b217d5f5d0362a8273b7e9fc4064388612af66bf1d6b72ed2f818968feb0750ff5cbd04c3d48e5249228e9a406fe045f24a2cb36a4915668caef6671336a28d728d9f89bf13420b7ceef1b520d283d1fad8e1301f613f219cd6aa4209ce98ae1c7f66a32da38e21c6ffb24d6f40e782d4859febf0ac27cec0bcb363c7770d67d825fe345af7cfa35a2e9c645829cd3a99b6b6105c0439d6d342c83b9da14344c095d571d70784e6c52277f31f54ae0301067c97dece653d683991adba9b8917f519bb2c3839271fbb22033d6b915cc8b7b0b3844a65fd175eef2d14c30dc2870086697e6c5b496cd256fc2eccfed0bce921d172a6c74874f1c2c39cf7378e2f946b8a135e9a1de65002be21881bf461ef083bebe74d39d29c3c8afeaab7788e0153a185cbab7c998db3d092feace272bed920d93187af9a3b64e901f64de9b8abe32557d1372bb7e2cc09638158f4675664280bba14289c3f4ee84aa486e3d1205c02b5494834d4c4307a6976901e14e02cc7f6d8f7732f4c4995b1cced7ae595a348a483c8f898d8cd1186230b860972ea4de79e1ae28acd1fab71f3d5f05df756ca7759a1cc84954b82faedf2a24ab71b40b0bc3aae0f99e3d12df0c3d5ed8bb7481febabfc3556c4039d5ec6f4e385d48b1b3f258acfe02f3b6593281c99fb568c33169e4ccd7b99a8ce15d0ec80fd68e05f7427f0cbf9687ab2d2b2e58257e5ae726e4864be62900f26f58c92cab229baefb3353a00297bf25c3b1dcf565030ae09bdfdb28a3f4bc4fbad115759e842aaf2a72fad36d7f6fd64f7aeb49cbc4db02e49ad9cdce05b454d3543baa4a4184a0b3656b4620cc8d8845ea71c5089d4c4860f1cbd4fd7beedad50e70f44fb17c7f38b017707cdddc609557de11e709d318bcb674abd52dbe3d621ac336c2fc157b3ed982e8547cf3525bcc699f99612740cfbe0255e79bfd4cc4377a6eb35d886e9d898c2695b3f8d8bc985a0beca1ebe6e534b5b750f4b31406dd746aa732ba239cb1379bcf10a28cb156b2ecd088308e6130fc8e5fe7d94948f6062b550b166e9385075201044d5456f5815ad16d3dab766f90db5ed715b9a0780b5e788d47d8c40d486cdf8f33ecac17fa387e46d56f228db55f5222cb95eed98e5860604b4f86ebb1410796d5f8709709857df51c1174ef19c7f8cd325ca62c76a9ebe8ec056f692228d9ea4f83c84c4734f102e2ca8a6543d0565cbea619f53080c59c4bfacd449ee598c62bc9764c97510989d9d929f089a04ba9d70c5b537f09ff7907762127b0185213cddda230a65de50541928ea194f11515032b67db02def5ebf1d2e21237d65ac610978522748c747388dd0310d6d879ad5a9031be79980eb91159765c77ba8bea4fdfd2ee8bddb4ebbcf2601c4ac528a03904cd69c75a1b8556ba701f59a9604aaee87697fbd590c1a29bf8a04d40a6b923ec23812a3ccc8578397f11508a698bf9e4c5ddc6e419ed1f368373d09dc92fc919c91b662295c6f899518b3aa36245e924c860a31e1dc9338cb97bb8990aa213b7558f6f096bfbfb0353f3ebc95e70785f77c484ac2846c012e9e5a51841eaecaeec8178f2678ca1edfdee05467805827257e6faa593c07ce7ca987d32ea5505d6aa8bb225d53439045c24c3e71fbb70167746ad4aceda7bec110af57e1e16689131edeaf09f69b60507f9f7c5cd92ad4915e9a01b7c422462c4bde7354239a0e5a5f616c43de0f2c19d1a8143a6460defe81fd06091e1c1ce0feb084cd83a27a1ea96254ec9ca56ebdbe3049f321bf284c1270950bb32c62668726541356d87632fe106af331930402584d6e2f49f81d0747d9d06dea87c5d7e24d8a18f2c9ff0b24a487e16c410abf7cb1fafbe6bac7a608bf836bac65569ca5e198a9b3b8f221ade8bf8292437c701b0cdb99d47f67abce6da4066a9a77162e4cf4aa0643a28c78322fd29701f94203252849775c798b6d6c9f7393cfbd46ba34d676933ab614bd64f5b15ef1003c38bd984c9c05d867db411302af145ade365ecccb442081642edf09933badfeb553323df685d9a30ed7912dbf38234306a4bda4e127c38b74e567a65a7c83cf1b753a38ffb6e0317323d57204e07ca1cb216cadcfd8d4269436719cfe9a967f2f5bff35a609607c9e290e40a541b6ce59d60e429b435476a6fd4060f3cbd15b848a058c00746051c95947d7b22bbf63360fc6d40804f2fc39efe05abbffff1e2a9f5df549bdefc72ef4e17fd59d3c670c83280384fe76079e427d603bc1170c57913f789d54a1405ca16b42cc9dbc030775f016462b13429fbd71396d5dee31692c37f38d69a5900069e674cea48a6a317f0d02ba4508f90a42d096fbe31c64d6fa656afbd526863c1eef45d24496bc97f7c14e426dd87a305ecbd8d3c25f4a991df3f3b4d2ca17feac79a28dff3cdc9d0fa4b75ba54fc86c2567b8a68a560222e7f824253a4ee90ae38fc0e3614a0078a24969dd50144ada2f4633c54770c1641860dda886d93c9afe0a1e89a659588fdfb3e1170d93739a7cd8173740a1064ef9526a1bc518e6d440fef7241611fea763fd5aaf9b82bab02bc58ab6c157d835df24003869e3f17d36f6ea79d81ce01ddb232b79eb370d709049ce1c7a0cf9263dcc1b244426c3190ed8891468247e947ee652ce76cbd33e6c0c5e745fa1be5b54e31f603f491b89788edf24f423c514b6b74fe65769b1b5a4f0c8e10fae49e6e27a08e8750dae01cac53c436039b909b7930f1eb3c7483425de72d815c106d8a3d35a23c2d483489e02d2426d397678e6119efaf874569031db4c398ef97edfc238ee2eb81edb35d8c4da4b75489cbd56bd6fb85ff063a76fd8401ed4628739363a9505e2297c251c4248e2daa24ff8c2e42b22c9083e6b7a079d5937a40eacc21caa67f0b0a14b2caa98505a84a8ab0c9d3492de518ccb3ce75974a8e52c73e29bfd1090cdf5de869ec96b336323faa18cf3d80d907727eed3f4840f574c3b1d10ca35da67d6367ed1ee0fd24966cf347f685f79bbcdc15a6ecb54e5c4a808990ae7c62fc7952c8544be8a33c2d8cd2128ec24533b830b6ad249de24134e6572ac000dd51e98a59623c5651d77bbcd0fe5ff065f7cabf17e2a01fd5a6d904b49303064bff423e99f68aa0f9518c97bc8ba198636047440bad76f30309fa3a2b0da9e089f8874bf76a5aaf0c3f92afeecc4f23436b1291d066fbfbe68da1e9722c1b844dfe62d8196b4aa85b591f97efa847d03de5d59daf1f4150b42243b6cebb698feece006eae41c959d9513411e5179774fb7b91cc6b2e45022a65da68fa431c36ee0c85c6f5afccabbbea95ecfbc4c794d25daa72424b96411dcf4c73b5a7f3579b2492b76320d5d9add68e62beefe27d7c84e01520f96092fb1d9975f219e9a2d775f900dbf5192e266e36c0b06f3ba8249e978c1f210fb80e20cf8b7f22261550844b8ba01544b21fb043029899d26eb45e38e29ee653f4072169df8992b0a442d2395bac9083f6a22d9010e319bffa72f933290f6fedd09b153741d5fe81b59d0528eedce99fc6453f6b45a5900c0f571503d19b03e87b99e0de00d78f4ad6742e5b3f3e342b220f721e4d62a32df6c0c271a535f098dc046bb699d5255a83fd861a5f8ddc4378345b89d227e8ab19073437138c63055239714f204563fa72f6e92eef58b8d2fc66b431afd4c13e9225f446fcb489b1b9e1d45e2950952525c77a200c3676d9b3eb32bec8a2085a1fe82f0b4a57ecf66943fec14a9479966188869992dfca7e664b35984a3fd5631797f032accf419c63bc893574ea703044a4f3fc8fe5fbb7c2ee405069944e5fb6ee57f6ca78ef5d85b79473f4d3953d301531b1a0dfadc751289d8e6d178028b84fffae4ef28955c242fcae19b1918622e6ec5c0b8d5b48810cc892196464b0d6e94535df9bf18782077a15b27075a0d961309f6d43c75a4a4305adaeff377fb0de3edd6321ee5400d8d886d2d065a969f603011b9bc0a1822d8103732586bdcde444ca260cf4cf56723e85b4dfc1c925119e802e7dd7020191cc112dfc94874dee197b0f5644b4b98a08ada3dbe0558c9098cc50580f321d03017c4dd19865530b9d17df2b87c79dd62ee98d841b9848ddf88db99c1136dfca8810a6522bee81dd1a4304c114dca8dc25ae929d4c0c41141db7385c9bed484e42762149b20512a24f664edb7c3cc5823ab416018795faeb810f59eb4eb90b6c35f722e4c612a9b4f556d2aa4040c26ec20370770123002e39008a4"}}]}, 0x15cc}, 0x1, 0x0, 0x0, 0x3b7285c378d22391}, 0x80c4) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) getsockopt(r0, 0x7, 0x400, &(0x7f0000000200)=""/86, &(0x7f0000000100)=0x56) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x200000, 0x3, &(0x7f0000e00000/0x200000)=nil) [ 208.984563] x86/PAT: syz-executor.2:10146 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:09 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x800) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x0, 0xffffffffffffffff}) ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r0, 0x80845663, &(0x7f0000000040)={0x0, @reserved}) 07:37:09 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x60000) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400, 0x20, 0x3f, 0x100000000, 0x2, 0xff, 0xfffffffffffffffb, 0xffffffffffff8f65, 0x3, 0x6, 0xfffffffffffffff9]}) timer_create(0x4, &(0x7f0000000040)={0x0, 0x40, 0x1}, &(0x7f0000000080)=0x0) r2 = semget(0x0, 0x2, 0x200) semctl$IPC_RMID(r2, 0x0, 0x0) ioctl$VIDIOC_G_STD(r0, 0x80085617, &(0x7f0000000140)) timer_gettime(r1, &(0x7f00000000c0)) 07:37:09 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x100c8, 0x34, r0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x26, 0x7, "7ac92462a98c8d63aca34b95b3f6128d6f72a44cbae0ad1e79f9b2fd9b7c"}, &(0x7f00000001c0), 0x1400) [ 209.041321] FAULT_INJECTION: forcing a failure. [ 209.041321] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 209.113627] CPU: 1 PID: 10158 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 209.121490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 209.130833] Call Trace: [ 209.130851] dump_stack+0x138/0x19c [ 209.130869] should_fail.cold+0x10f/0x159 [ 209.130880] ? __might_sleep+0x93/0xb0 [ 209.130896] __alloc_pages_nodemask+0x1d6/0x7a0 [ 209.149782] ? SOFTIRQ_verbose+0x10/0x10 [ 209.153853] ? __alloc_pages_slowpath+0x2930/0x2930 [ 209.158880] alloc_pages_current+0xec/0x1e0 [ 209.163380] pte_alloc_one+0x1a/0x100 [ 209.167180] __pte_alloc+0x2a/0x2d0 [ 209.170812] copy_page_range+0x11ba/0x1bd0 [ 209.175057] ? debug_smp_processor_id+0x1c/0x20 [ 209.179735] ? perf_trace_lock+0x109/0x500 [ 209.183994] ? __pmd_alloc+0x410/0x410 [ 209.187888] copy_process.part.0+0x4764/0x6a00 [ 209.192494] ? __cleanup_sighand+0x50/0x50 [ 209.196731] ? lock_downgrade+0x6e0/0x6e0 [ 209.200890] _do_fork+0x19e/0xce0 [ 209.204345] ? fork_idle+0x280/0x280 [ 209.208053] ? fput+0xd4/0x150 [ 209.208064] ? SyS_write+0x15e/0x230 [ 209.208078] SyS_clone+0x37/0x50 [ 209.218311] ? sys_vfork+0x30/0x30 [ 209.221857] do_syscall_64+0x1e8/0x640 [ 209.225745] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 209.230594] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 209.235777] RIP: 0033:0x459879 [ 209.238964] RSP: 002b:00007fcec12ddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 209.246670] RAX: ffffffffffffffda RBX: 00007fcec12ddc90 RCX: 0000000000459879 [ 209.253936] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 07:37:09 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x100c8, 0x34, r0, 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x26, 0x7, "7ac92462a98c8d63aca34b95b3f6128d6f72a44cbae0ad1e79f9b2fd9b7c"}, &(0x7f00000001c0), 0x1400) 07:37:09 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x800) ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r0, 0x80845663, &(0x7f0000000040)={0x0, @reserved}) 07:37:09 executing program 2 (fault-call:8 fault-nth:26): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:09 executing program 4: r0 = syz_open_dev$rtc(&(0x7f0000000140)='/dev/rtc#\x00', 0x7ffd, 0x40000) ioctl$RTC_RD_TIME(r0, 0x80247009, &(0x7f0000000180)) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0x0, 0x903) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) r3 = openat$cgroup_ro(r2, &(0x7f00000001c0)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) ioctl$SG_SCSI_RESET(r3, 0x2284, 0x0) ioctl$ASHMEM_SET_SIZE(r1, 0x40087703, 0x3) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000100)=0x3, 0x4) 07:37:09 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000200)='/dev/video#\x00', 0x8, 0x581000) r1 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/mls\x00', 0x0, 0x0) ioctl$LOOP_SET_FD(r1, 0x4c00, r0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) 07:37:09 executing program 0: ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(0xffffffffffffffff, 0x80845663, &(0x7f0000000040)={0x0, @reserved}) 07:37:09 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r0, 0xc0305616, &(0x7f0000000040)={0x0, {0x0, 0xa6}}) 07:37:09 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x100c8, 0x34, r0, 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x26, 0x7, "7ac92462a98c8d63aca34b95b3f6128d6f72a44cbae0ad1e79f9b2fd9b7c"}, &(0x7f00000001c0), 0x1400) [ 209.261312] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 209.268681] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12de6d4 [ 209.275946] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 209.289805] x86/PAT: syz-executor.2:10158 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 209.299221] x86/PAT: syz-executor.2:10158 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:09 executing program 0: ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(0xffffffffffffffff, 0x80845663, &(0x7f0000000040)={0x0, @reserved}) 07:37:09 executing program 5: r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f00000002c0)='/selinux/commit_pending_bools\x00', 0x1, 0x0) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000340)='fou\x00') sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x88040}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x20, r1, 0x10, 0x70bd2b, 0x25dfdbfd, {}, [@FOU_ATTR_PORT={0x8, 0x1, 0x4e23}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x80) r2 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r2, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) r3 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f0000000140)={{{@in=@local, @in=@dev}}, {{@in=@local}, 0x0, @in=@broadcast}}, &(0x7f0000000080)=0xe8) [ 209.368804] x86/PAT: syz-executor.4:10185 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:09 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x100c8, 0x34, r0, 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x26, 0x7, "7ac92462a98c8d63aca34b95b3f6128d6f72a44cbae0ad1e79f9b2fd9b7c"}, &(0x7f00000001c0), 0x1400) 07:37:09 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x0, 0x780}) 07:37:09 executing program 0: ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(0xffffffffffffffff, 0x80845663, &(0x7f0000000040)={0x0, @reserved}) [ 209.449987] x86/PAT: syz-executor.2:10200 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 209.473719] x86/PAT: syz-executor.4:10185 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 209.493278] FAULT_INJECTION: forcing a failure. 07:37:09 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x7fff, 0x0) syz_emit_ethernet(0xf1, &(0x7f0000000140)={@remote, @empty, [{[], {0x8100, 0x6a8, 0x0, 0x4}}], {@llc={0x4, {@snap={0xab, 0xab, "f9db", "6095a4", 0x9200, "77ce4c31654fb00d02014398dcde324dc6081c94c3316afe3c611c22dfe1bdfe12a71d3790ab850bdd4425e911733a928cc018c7e629b23b5d51f0a6669dedd714e5c8a3205b5e560d8b1a048fcab67b083cd16f1a27e15f519312fd7d864694a89050d65f2e9117f2809346b1cffac4da20db9766c4ea5c8988a412ae4802adb4de8ae6b573c378ef24a4640ac552f38fc18461a0d30dec0617c33b0e6bc89d44ae97b0f740f6fdb73a2708be681b08e85ef9376b5c9dfd84bde3de3b2e141d51ff84df51cbdaab13945dd04efb7e86039825e563e3"}}}}}, &(0x7f0000000000)={0x1, 0x3, [0x83c, 0xf87, 0x74a, 0xb0f]}) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0xfffffffffffbffff, 0x39565559, 0x0, 0xffffffffffffffff, 0x0, @stepwise={{0x7, 0x80}, {0x2, 0x1}, {0x1, 0x4}}}) syz_open_dev$sndpcmc(&(0x7f0000000240)='/dev/snd/pcmC#D#c\x00', 0x9, 0x400000) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x100, 0x0) ioctl$GIO_CMAP(r1, 0x4b70, &(0x7f00000000c0)) [ 209.493278] name failslab, interval 1, probability 0, space 0, times 0 [ 209.502129] x86/PAT: syz-executor.4:10185 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 209.547838] CPU: 1 PID: 10200 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 209.554999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 209.564356] Call Trace: [ 209.566947] dump_stack+0x138/0x19c [ 209.567185] x86/PAT: syz-executor.4:10202 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 209.570578] should_fail.cold+0x10f/0x159 [ 209.570597] should_failslab+0xdb/0x130 [ 209.570612] kmem_cache_alloc+0x2d7/0x780 [ 209.570631] ptlock_alloc+0x20/0x70 [ 209.570642] pte_alloc_one+0x60/0x100 [ 209.570652] __pte_alloc+0x2a/0x2d0 [ 209.585145] x86/PAT: syz-executor.4:10215 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 209.587404] copy_page_range+0x11ba/0x1bd0 [ 209.587415] ? debug_smp_processor_id+0x1c/0x20 [ 209.587427] ? perf_trace_lock+0x109/0x500 [ 209.592433] x86/PAT: syz-executor.4:10215 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 209.595192] ? __pmd_alloc+0x410/0x410 [ 209.595210] copy_process.part.0+0x4764/0x6a00 [ 209.641443] ? __cleanup_sighand+0x50/0x50 [ 209.645675] ? lock_downgrade+0x6e0/0x6e0 [ 209.649831] _do_fork+0x19e/0xce0 [ 209.653289] ? fork_idle+0x280/0x280 [ 209.657004] ? fput+0xd4/0x150 [ 209.660185] ? SyS_write+0x15e/0x230 [ 209.660201] SyS_clone+0x37/0x50 [ 209.660209] ? sys_vfork+0x30/0x30 [ 209.660224] do_syscall_64+0x1e8/0x640 [ 209.660232] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 209.660250] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 209.660258] RIP: 0033:0x459879 [ 209.660264] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 209.660276] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 209.660282] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 209.660289] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 209.717339] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 209.724587] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 209.735723] x86/PAT: syz-executor.2:10200 freeing invalid memtype [mem 0x00000000-0x00000fff] 07:37:09 executing program 2 (fault-call:8 fault-nth:27): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:09 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) fanotify_init(0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x26, 0x7, "7ac92462a98c8d63aca34b95b3f6128d6f72a44cbae0ad1e79f9b2fd9b7c"}, &(0x7f00000001c0), 0x1400) 07:37:09 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x7, 0x20000) recvfrom$inet(r0, &(0x7f0000000100)=""/33, 0x21, 0x20, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x16}}, 0x10) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1000000, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:09 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x7fff, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f0000000000)) 07:37:09 executing program 0: r0 = syz_open_dev$video(0x0, 0x8001, 0x800) ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r0, 0x80845663, &(0x7f0000000040)={0x0, @reserved}) 07:37:09 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000040)={0xffffffffffffffff}) setsockopt$RXRPC_SECURITY_KEY(r1, 0x110, 0x1, &(0x7f0000000080)='trusted)},#\x00', 0xc) [ 209.744711] x86/PAT: syz-executor.2:10200 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:09 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x26, 0x7, "7ac92462a98c8d63aca34b95b3f6128d6f72a44cbae0ad1e79f9b2fd9b7c"}, &(0x7f00000001c0), 0x1400) 07:37:09 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x0, 0x0, 0x1}) 07:37:09 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) r1 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0xfff, 0x0) getsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000080)=@assoc_value={0x0}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000140)={r2, 0x10001, 0x1, [0x400]}, 0xa) [ 209.801531] x86/PAT: syz-executor.4:10230 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:09 executing program 0: r0 = syz_open_dev$video(0x0, 0x8001, 0x800) ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r0, 0x80845663, &(0x7f0000000040)={0x0, @reserved}) [ 209.878828] x86/PAT: syz-executor.4:10242 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 209.889976] x86/PAT: syz-executor.2:10236 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 209.912562] x86/PAT: syz-executor.4:10242 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:09 executing program 1: creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x26, 0x7, "7ac92462a98c8d63aca34b95b3f6128d6f72a44cbae0ad1e79f9b2fd9b7c"}, &(0x7f00000001c0), 0x1400) 07:37:09 executing program 5: r0 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x10000) ioctl$KVM_REINJECT_CONTROL(r0, 0xae71, &(0x7f0000000080)={0x2}) r1 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f0000000100)={0x0, 0x35395257}) [ 209.925543] FAULT_INJECTION: forcing a failure. [ 209.925543] name failslab, interval 1, probability 0, space 0, times 0 [ 209.980671] CPU: 1 PID: 10236 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 209.987804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 209.997155] Call Trace: [ 209.999752] dump_stack+0x138/0x19c [ 210.003388] should_fail.cold+0x10f/0x159 [ 210.007542] should_failslab+0xdb/0x130 [ 210.011518] kmem_cache_alloc+0x2d7/0x780 [ 210.015682] copy_process.part.0+0x444f/0x6a00 [ 210.020296] ? __cleanup_sighand+0x50/0x50 [ 210.024537] ? lock_downgrade+0x6e0/0x6e0 [ 210.028696] _do_fork+0x19e/0xce0 [ 210.032150] ? fork_idle+0x280/0x280 [ 210.035866] ? fput+0xd4/0x150 [ 210.039061] ? SyS_write+0x15e/0x230 [ 210.042778] SyS_clone+0x37/0x50 [ 210.046141] ? sys_vfork+0x30/0x30 [ 210.049687] do_syscall_64+0x1e8/0x640 [ 210.053571] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 210.058414] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 210.063588] RIP: 0033:0x459879 [ 210.066755] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 210.074442] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 210.081694] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 210.088949] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 210.096197] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 210.103445] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 210.120735] x86/PAT: syz-executor.2:10236 freeing invalid memtype [mem 0x00000000-0x00000fff] 07:37:10 executing program 2 (fault-call:8 fault-nth:28): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:10 executing program 0: r0 = syz_open_dev$video(0x0, 0x8001, 0x800) ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r0, 0x80845663, &(0x7f0000000040)={0x0, @reserved}) 07:37:10 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_TRY_EXT_CTRLS(r0, 0xc0205649, &(0x7f0000000080)={0x9f0000, 0x6, 0x7, [], &(0x7f0000000040)={0x98090b, 0x40, [], @value=0x5}}) r1 = syz_open_dev$sndpcmp(&(0x7f0000000200)='/dev/snd/pcmC#D#p\x00', 0x2, 0x8000) ioctl$TIOCGPKT(r1, 0x80045438, &(0x7f0000000480)) fsetxattr$security_smack_entry(r0, &(0x7f0000000180)='security.SMACK64IPOUT\x00', &(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x12, 0x1) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r0, 0x6612) ioctl$VIDIOC_S_EDID(r1, 0xc0285629, &(0x7f0000000240)={0x0, 0x55d5ee38, 0x8, [], &(0x7f00000000c0)=0x7}) ioctl$TCSETXW(r1, 0x5435, &(0x7f0000000140)={0x8, 0x9, [0x3, 0x6, 0x80, 0x7fff, 0x7], 0x3}) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) ioctl$DRM_IOCTL_MARK_BUFS(r1, 0x40206417, &(0x7f0000000280)={0x8, 0x1, 0x4, 0x0, 0x4, 0x62ce}) 07:37:10 executing program 1: creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x26, 0x7, "7ac92462a98c8d63aca34b95b3f6128d6f72a44cbae0ad1e79f9b2fd9b7c"}, &(0x7f00000001c0), 0x1400) 07:37:10 executing program 4: r0 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/enforce\x00', 0x68000, 0x0) ioctl$EVIOCGABS3F(r0, 0x8018457f, &(0x7f0000000100)=""/255) mkdir(&(0x7f0000000040)='./file0\x00', 0x10) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:10 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xb, 0x40, 0xa9, 0xa37, 0x1, 0x1}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="040040f9ff00000280000085000000006f0094970000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f0000000040)=@raw=[@map={0x18, 0x2, 0x1, 0x0, r1}, @call={0x85, 0x0, 0x0, 0x2c}], &(0x7f0000000140)='GPL\x00', 0x41, 0xffc4, &(0x7f00000004c0)=""/167}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000700)={r2, 0x0, 0xe, 0x0, &(0x7f0000000100)="ba58d6fcaccb7ffce16e1bcfe23b", 0x0}, 0x28) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) [ 210.129439] x86/PAT: syz-executor.2:10236 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:10 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x800) ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r0, 0x80845663, &(0x7f0000000040)={0x0, @reserved}) 07:37:10 executing program 1: creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x26, 0x7, "7ac92462a98c8d63aca34b95b3f6128d6f72a44cbae0ad1e79f9b2fd9b7c"}, &(0x7f00000001c0), 0x1400) [ 210.181654] x86/PAT: syz-executor.4:10265 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:10 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x5, 0x10000) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) timer_create(0x2, &(0x7f0000000240)={0x0, 0x31, 0x2, @thr={&(0x7f0000000140)="bae4f81fc088b2e009966e57574407a3a8189e4df201a6ceced820b1b232b9fe17051fa54cee3d77abdbed83f2257abc117a18c2c64658839872f2021a4ab25023d00852509bf03f5c1050ce1f290c82a23c7ffadf678914f8f9b95b23cc8fc9ae68768cdb3b5a3e8f73d01c53946cb453c167c158ace30c03b825dc7e6c2e62a9ddb3221ee488f1144232cfeb9815014d6c0d42765f605fd3d092a2342d2dcd0bb0d9aa130138690d5d601cf448b269ca3f13a0d6a031e2308091e73898ea82e509bb0f52989eb322036975e292ff067c7cae7c7dd4695186a433ab9a09eafda5e1779d91260b0427975d2f2800cc982050b7", &(0x7f0000000040)="8034232c45bb517adac495ad23f83cb13de60150787a622ff87b8e5372fece43877942f4aea1c78279093a4b94434f26a7e1f2e1b268944793d5594bd3083b58377dc9b1a19a488c3cc2d04b36549d2f4723332fd78b031c64737fb7af47ea27f27b8b6f61e3897c36e002eba3429f8d640bcb31a43e31ecb5c18d1256681c0785fd7fbdade3c910df9ff528764c729433953198b73377e833a0d04062bc"}}, &(0x7f0000000280)=0x0) timer_getoverrun(r1) [ 210.231894] x86/PAT: syz-executor.2:10272 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 210.254322] x86/PAT: syz-executor.4:10275 freeing invalid memtype [mem 0x00000000-0x00000fff] 07:37:10 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x0, 0x2}) r1 = accept(0xffffffffffffffff, &(0x7f0000000040)=@pppoe={0x18, 0x0, {0x0, @random}}, &(0x7f00000000c0)=0x80) getpeername$llc(r1, &(0x7f0000000140)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000000180)=0x10) bind$inet6(r1, &(0x7f00000001c0)={0xa, 0x4e21, 0x3, @mcast1, 0x4}, 0x1c) 07:37:10 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x800) ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r0, 0x80845663, &(0x7f0000000040)={0x0, @reserved}) 07:37:10 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x8, 0x100) r1 = accept4$bt_l2cap(0xffffffffffffffff, 0x0, &(0x7f00000000c0), 0x80800) sendmsg$netlink(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000400)={0x1054, 0x34, 0x200, 0x70bd27, 0x25dfdbfe, "", [@typed={0x8, 0x96, @fd=r1}, @typed={0x38, 0xc, @binary="d86c41a00844ccf0190deb3c93ca18cc07249ad27e29385670d892b3583e32e7adfa6b6a52c80b8c6dfce70ef5fb7834d1"}, @typed={0x4, 0x3f}, @generic="92a2a48f05d58377faab950e1d21a99d971d8a61b6649bf43384d06b5474cf8126f2a46b781d473c148be021c583b6c707a481f319620a9ad0c885469b63c0d169dccdee44dcdfa0cef216bed8044dd1c837261c6eab060a447c495aa31d42a54e4c35165fec9f6d46c56718b8695b6cd30536e26ed974d15ced9d77db32dca6b4625562f14b8fa8cba08fcc1e696e5294eb59f51d012663011f3b0550b27986f53c7981113c04af9f71ca75a6b358164af0bf9b8e3ca09a5a2a8de488bceb274d159654779e04c0441899b6f3fb8fd748e27907892d45069d3c4f61896cdaee4bfbdeaf9eefe29cb80d20207dda4ab9bd560fddf4e688a90e78113e869b5907436575931e5f9e43d9f71b49139e50e9d34f50885916b5226c2321e180b2553ecf2fd5bed89e983bc573e78db847ff6b2bc23dcc27010779b902ba6d9328be8e6399f39de69b9966043a8514d6b066efa6dc8e0e050783c9cd1bb78b846998b3364e6f1d880135ad278db2d9a1342ff316ead8ba489ab3be4025148b6e209d2f5b24ea6bbf3b9e8c7df875ffff438e5b1387b2e98f284f42abeaa2f2e80d0225e7c8216d11a5619af14c70c0aa42dfc15296b9d32178064d683bac5f67c101b91981c48f2562f2adc033749ab5294ab61f80dee117874954985ff164a4106c4eeb81ae0054289ab71eaa50509d295fc6ef52aaebbbd20000f52fe490f01be246cab71dc805860667a1afb1a782ccf68dea3048cc04094a6b0a86b0bea16c1d81c13f91f1909de3a53b7a0e5e744bca2145f3caa73c02d7eeac9e069ae5f67ae719262da71ef00d94e7b6e9c9628ea1f360b886668668e77e2ae4311ddfc203f9924a6b94e4887e7d74622ad5ac2d072fd1c1af258223f56831f7f9074e70b655e6ba5650d790d7c8492146d90f24e8a5d3dc1703cecad56f55033e1063bf15f838e075f6c66ec81d35c1a87af636dfca5c0de4901818b0a6173aa714deede82d0e87ad18bfc1e64d12d05464c8c22ed4be5063336899334e9a5dab50cd91d0fe1975e3d02ca63015f5272c0fce136300394577cb027b8c9cd659b0a10316af540369d4bb27c0819f72bfa58a4449312c378a53ab04a62060912f933a646df344a28184bf6a09c98f84a43ca4ba304465643b471a1ed6a380e28bdc97ca4f3a151d24a368971f9f8ffccdbe837530b0373e2803228ea6991b0df8f57065bc95e558d54ba5c625acc076462e45bc2fabd649e2d2c4aa99aaeba09644ab87026bd65fa68088c41a5fbbdb1884b24f4ddce21823867e51df0991ca048ed902ceb24c3fc77afe9e6730daa9da1814c0caafbcd4c6ee7bfd49389639ed4c2de48fe91519cb2a6d914ec5d734c91348490ee0fe18e641f6b3727f2772265cc28565f18af9a8bc236e0726b146105daa945cede386cc5f72f87be9dbff9719141dd0384ac85bb2887163157de9471a5ae3e2d801ebbd3cf6342e0deadb1e1f0c4c45024aadfb1a780df753e19406c94964ae2413c581629b46b45d61ef7508e1b4267e2fe7123c9c43b88dc12b32dc7ac12a162a68c7105f3a971f94bfe15daf9f58777bef5bf108a8950d3bcabfa0773c5c498015a0a250af1191b7472604cfb1d9b06d16dad463618e3fe666aff5b9f75223b1ca294ebd8b9c080c59e1b36aa9c935f50846cba56e5e74f047b4cdf168a3c11204c62d006786e65bbedbf8f7d7c4c34106405bd3037cc7adf963c2f95aebbfbad7c8f1ad9186b6f6cf2dd061b9ff64c6b96f3619868a3bc948b8ff6be66d0bc56711ac8aed44767bb58521c06aa95425c3fbc225e1c1991f9ca812104bfc9a9457adebcba1220a2cb8905cf947cb10e68998d6fbb71a7b1fba2f82e7cf7b1ac19a112e82124146ed3e405696db34ad3e88a9518e4276c952891b84d6f51726b8755ede3f17d054641bdbd3df90707e1a933d83381fbc369254646ca1f8d084ae054207f5aec9f69f6a5ef904e530a0eb0199600d5979a0155b84cabe00f63f15a85ef5f23a050e21724347c008316741d66e92e5dc2a2b05d91765299b5900731d0b695a4b087981e93d2432adfe8819e8506bf42614475ca1ed20b426829b0c24d904066cae6768443d0f4afbc5c21e615851b5c7f042920f53df1faf95e17dea3fed88f98f1b05cdd692023a99b94a8ce10f4af21d1e2056ce99e28b196629ecb277bf6f1957d20ce8d5f6a03412b360821a7c1966f93ef6ccd9a50727ca28ccca8e896e3742ed4517f2074dc006136a56359d8a38f38dfe9ceaeaf2c817330ae81b4a0a2c51c8eaa330a1a62d62ee1327e750a32c4e3dac3635b7c2687269d7d033b7662ca712b07371b8e7fa1b32a91fba14ed01aa8aa534a85db20a43666d6435a6c1b7da8f8a64667fe57e252627e5fa39aac7c739544ebd08ea1f5cd008e6cdcc7cfcbfebe636c7048112d4f0cf0e1412ef5944444089b5618ef77f9eba8ba01b05b7cb8e83a6bcd28ed7efb1e7f83d6694ab95ce1739f7069c1e778d48af16dc51d0fd9b73c2be88e9e58ae9c3b5e45ce66d8063ba9bc8fba5fbacbe10b9e276d1d879ddfc4ec571a64e5b6d6947857a3b37c65135cfe12fe25fefe97c512fac03d05cc86cc72d92a46bee839703e41513a9008aa64583d97558866d2416e122e100b4a9121f5d559447edda2fcc0dfd0ba34bee71fcb37b9e41c2b99cfef38872ad5906ce082f7d83d24ffb02adccead2e14b6142335b403401bcb644d8a2cd5633efe9cafbca83915f48cc0fbef2781d8b0a64ab0f3a5b970b379a8506241109ff2ce315282e4d796939f00d8c1eec89b38e135052d8bfd506c0da32d604c3dce5f8aea23a8d9a912fe381371a98fa94a5cc26124d65bdc8cded980fdcea776ca3cd08115efa0038045f4dfbda95f2077dd5d6b3d9eb59e2e958a8f52d10306560ef69a0dece75fa2e15940e7cae088a18351aca1d02ecf3415b7f466e4df229a39f0b8f4519dcf5a57d5142cd06f79c45626b1c4ce7dd2785e8d8c3858cdda52eafce613848bd722fa3124f3461d440ff200a77ac01e86efa70da8da68c7d16637557d746f253b0b0f5223bb77a0dee6cec4fd2a7ad36a54dfb1cc691363a2214cf9179343ba8013a15260d79752c0649c0ed86b5e5bd4ba89253b42b09fca46f53f407dbb1e188f9fa4ac26c56c83d583cd8194bdff1b6ebd310c04043851830c53f87c10bbfbaf0396afaedebf1c586709de34b973fa5d49650e56dc15ab26e35578a79cd4a3beef3157e0a15953f33dd2157cf67e51f94d56833c9a711efc669bb0d7ade6d6cb6da28b70a3fff89a9a530f2553f5d6d79cdd01faf97b3bf56a6b8c087ef90c4e3f3427784d4e29dbf72b745864bb6fb6c32c50158aa58c899e0d52edbd5d0c2b26fac8ea8e1724a2591696a2934eeb91fedb4cc31aa32adb9dc1c583d1da737c967da211221c8b4ddb4ab27b875d5b39f9a72746b637edd4b355816003a52a293d1931faba649e4229e75d7fc0db00187a83a3cef9c572dbaf2d20ce30a79043983c220c228149fef5dc4f0bb564f234bb29649b6f5c875975e0ae149c863c306e7d6bd8c2b156664920772e2023fc176a77d439cba4124b4703b98adce289feea0a50ed8e5dee5bcd2e067c5d464557389781ba31b1f946b16f249851de04e5884e2f452b530c57ddab90ee53ab3732c900cffbbcd1be58158486a7ff0d18c50fa04ebb8aa2b598c7cb9062544b85db17b031f62fb40856bc784163f8684bb5bb92ea0964bb1d69d7094af1a34b7ba1b5b64d99ed846d33a8e3248389f2e1ccfb4fc307a3a354ae3d4a7395b2a10e99249ae486f044a6b54e944f040956b7a30f0dc407b6200c33fb752a4fdde62d78b6c9418ab884c7894f100ae1fb980e0a599f76e9ec3dc564ec4697e0ecb797375131068ac3f3f781547340be30f0600196eee4ec4c3e43562e631b28e806db0bf22ae67f4c74d2a35f60b3bad8b047ad69cb4f7b8c9c08ae5a2f6f07e6b19d1324154d117d4894e39b0dabc19a75d5e50be4ce5716b5977d144303d2977d3cc2268452338d7ce618abc617a19a5f4a4ad978af9eaad92a2561e3b9301bf95a522a0e072ac125c9a8fe40732d47080a751c7fa0d34f73b74628c1e537d24a51890c4edf747a83a783f597d0f8d87a06d9444126e199e62f0786a818788950ca7e99fd3abc82df98bf19b942e29ebeff3dcd5c1321c51a209de0b2eca3bf791d7adf6f135ead32a9aa415e62d79cea1144738fb3cfa1ed3710afe5c29e20d73a0cd59662918d07196336a1da79bb50243db4f35238974f41d2dc06eed81b8c2a69a8be259b142a02f6abafd32ece02201815242590e3eac70c8abcd07495e8d8c2310d9a39310f67a7db7afd9fbf76f5354f46216fa2c7479abfea1951369caa810e60702da3ae1f0d5dc2579058c3adab4f826d24f4d3e33f3912f437d58666b4b2ada27b42cd1471391b7e8612a5f8346c8afb8578bf8186d704bcd0738c5f331c9e29d28538ca68b54d6a4705e73fe9d73b93fac776db852f867634941fbcdfea043cd3c3483e348c0d4017759225ca2ee8a8c56f4868608aba2ba73e249a06fdff5232e5dd70dd062216d51bfb3ed91db9788809caac80a38c400623088bc6fac11991541f20d003c4794c9102a4254c98ae0634e1b546adba478d1ac9f958d8997a428d3e0480671b0af83ec32f39677cc5dbcb105dfe7bc5ffb114eb8ae6e166beee25ab74162c859ecc1ca3e32261a7e77677066443fe735bda5756be566655c0e5639a489c1e00985a41969e417ff35ccc5be7043d7078eb3f9733df9fc62601b999d777429ffcdddcf81d33c08002193f074b6b6e9098235537bfc91c59b99c78de1d931c9472c6474649716b27dae540881ca5eeabb91ff1b442a9567e297f1177bd9f875b47380083de6a864889a2d7bcfd7da028354d6c10cff45fd8261369fb28e166a0fde762af38a9a6869ec291b69d1399aefb69f91f6d843b17ed2de30bb14e92187475287039e1c00811a2b3777316b7781c4cf2ad5b814e12875520d5dd90cefff09ce63c0a07c6b4ebbb4f6cbddbf54343beca715c4e0ea88acb731e74baaf4cdead8c9b26300e66952650db5ccc13fbef23bfa356a0c8b8c449748d8079aaf5c8ed173a7b947349b88e6834b57d24a30ce8b3d66c00370f958e60e66eedbfed43a7b941c75be4c3ebc6e59460d401ff707173c5c0ef64ce2a4b5a3e7ef336e99e37e2dc3ce508527b293f3025b85306bdc3fcd3f0da7fdba80898fea72a03a0f35978c561edf8e8db4e63f55aecc89a5f8f1d96ea932d33faf4e594d16ea6bb96cb5012090450dac3bb8c297cbfc86b5dde5aff0e7bb644a07157da80f5d8e709326fd04f476b76bbe7f569e7467e289ea919482d09cbd444f5760bb5b7a2c4c833c294d325a036cb4cc4694e3e1b792ba7db1ad61105b6072ea11cdd8ae2175a18cac5a0255bb81102d53dbaf56e3b9cd4c09516fd3acf80368a7ffc3ccfe8653bb4c2477bed6166ca8e5632c727554d45f7d123d46d0cc40b1b964935d43fae051787059577b3c5715981445d5985dd04bca4dcae3d5b72c9fc910876f0979e4c9e27b8e3411cb590c250a2c2e1aa45688f499a934b6e23508cd988c1d663af08059372424a732864647ff2d49a8c9c32f0bc94f1b41eea94e83b7c9d8cb5782c773acabb132f5d2a0c2100400f4edefc030fdb155e1a773c89a9cc99543b21a524946079a38129f10964806fa192070af6b289a5b584e5dd5fb2f96ea1b560af3cf7a2a35255772"]}, 0x1054}], 0x1, 0x0, 0x0, 0x20000000}, 0x0) r2 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000340)='/selinux/status\x00', 0x0, 0x0) ioctl$sock_inet_SIOCGARP(r2, 0x8954, &(0x7f0000000380)={{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x0, @dev={[], 0x28}}, 0x4, {0x2, 0x4e24, @local}, 'bond_slave_0\x00'}) r3 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) bind$tipc(r2, 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r2, 0x40284504, &(0x7f0000000040)={0x335, 0xd, 0xd75, 0x7, "36131c885f738d4a5184a4f22c48cca17c599f67ca48b99c3a94f11b4d610237"}) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000200)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in=@broadcast}}, &(0x7f0000000300)=0xe8) sendmsg$nl_route_sched(r0, &(0x7f0000001500)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x140400c0}, 0xc, &(0x7f00000014c0)={&(0x7f0000001480)=@getqdisc={0x3c, 0x26, 0x200, 0x70bd25, 0x25dfdbfd, {0x0, r4, {0xffe0, 0xffe0}, {0x4, 0xe7e8b3e8056608af}, {0xffc4fc6729590e53, 0xd}}, [{0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x800) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r3, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780, 0x4}) [ 210.283925] x86/PAT: syz-executor.4:10275 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 210.295844] FAULT_INJECTION: forcing a failure. [ 210.295844] name failslab, interval 1, probability 0, space 0, times 0 [ 210.361162] CPU: 1 PID: 10282 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 210.368301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 210.377662] Call Trace: [ 210.380254] dump_stack+0x138/0x19c [ 210.383893] should_fail.cold+0x10f/0x159 [ 210.388055] should_failslab+0xdb/0x130 [ 210.392040] kmem_cache_alloc+0x2d7/0x780 [ 210.396196] copy_process.part.0+0x444f/0x6a00 [ 210.400808] ? __cleanup_sighand+0x50/0x50 [ 210.405131] ? lock_downgrade+0x6e0/0x6e0 [ 210.409283] _do_fork+0x19e/0xce0 [ 210.412744] ? fork_idle+0x280/0x280 [ 210.416621] ? fput+0xd4/0x150 [ 210.419797] ? SyS_write+0x15e/0x230 [ 210.423493] SyS_clone+0x37/0x50 [ 210.426838] ? sys_vfork+0x30/0x30 [ 210.430372] do_syscall_64+0x1e8/0x640 [ 210.434244] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 210.439070] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 210.444235] RIP: 0033:0x459879 [ 210.447400] RSP: 002b:00007fcec12ddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 210.455083] RAX: ffffffffffffffda RBX: 00007fcec12ddc90 RCX: 0000000000459879 [ 210.462332] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 210.469587] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 210.476833] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12de6d4 [ 210.484091] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 07:37:10 executing program 2 (fault-call:8 fault-nth:29): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:10 executing program 1: r0 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x26, 0x7, "7ac92462a98c8d63aca34b95b3f6128d6f72a44cbae0ad1e79f9b2fd9b7c"}, &(0x7f00000001c0), 0x1400) 07:37:10 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000140)='/dev/video#\x00', 0x4c, 0x80000) r1 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x8, 0x101000) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f00000000c0)=0x1) r2 = dup2(r0, r0) ioctl$SIOCAX25ADDFWD(r2, 0x89ea, &(0x7f0000000040)={@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}) 07:37:10 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) sigaltstack(&(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080)) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:10 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x800) ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r0, 0x80845663, &(0x7f0000000040)={0x0, @reserved}) 07:37:10 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x100000001, 0x400041) r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x101, 0x40000) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000140)=[@in6={0xa, 0x4e21, 0x2, @mcast2, 0x5}, @in={0x2, 0xeb1, @broadcast}, @in6={0xa, 0x4e22, 0xff, @dev={0xfe, 0x80, [], 0x12}, 0x5}], 0x48) prctl$PR_SET_THP_DISABLE(0x29, 0x6) finit_module(r0, &(0x7f0000000040)=':{\x00', 0x3) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:10 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x5, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) [ 210.516634] x86/PAT: syz-executor.2:10282 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 210.538995] x86/PAT: syz-executor.2:10282 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:10 executing program 1: r0 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x26, 0x7, "7ac92462a98c8d63aca34b95b3f6128d6f72a44cbae0ad1e79f9b2fd9b7c"}, &(0x7f00000001c0), 0x1400) 07:37:10 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r0, 0x80845663, &(0x7f0000000040)={0x0, @reserved}) 07:37:10 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x100, 0x0) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r1, 0x84, 0x4, &(0x7f0000000080)=0xff, 0x4) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) [ 210.599666] x86/PAT: syz-executor.4:10309 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:10 executing program 1: r0 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x26, 0x7, "7ac92462a98c8d63aca34b95b3f6128d6f72a44cbae0ad1e79f9b2fd9b7c"}, &(0x7f00000001c0), 0x1400) 07:37:10 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) r1 = request_key(&(0x7f0000000040)='id_resolver\x00', &(0x7f0000000080)={'syz', 0x2}, &(0x7f00000000c0)='/dev/video#\x00', 0xfffffffffffffffa) r2 = request_key(&(0x7f0000000140)='.request_key_auth\x00', &(0x7f0000000180)={'syz', 0x3}, &(0x7f00000001c0)='/dev/video#\x00', 0xfffffffffffffffe) keyctl$negate(0xd, r1, 0x9b3, r2) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000001480)={{{@in6=@empty, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in6}}, &(0x7f0000001580)=0xe8) syz_mount_image$hfsplus(&(0x7f0000000200)='hfsplus\x00', &(0x7f0000000240)='.\x00', 0x0, 0x4, &(0x7f0000001400)=[{&(0x7f0000000280)="ad", 0x1, 0x3}, {&(0x7f00000002c0)="41b862e041d7578bbffc8b265909ba1c8afd395a00eb4bcb7eaaa9173ae7d0c03d5f2303f52b2827c5042b0b48f802e842612943727789463281ef011a24f8877fecf6fc0049808892e3a7e64309275f0d2ef7d481ffd9d835a7efadcc5b995ec650f40fd5318014c639417f62cb8b19ca37b891e5f6e321ee9649432e3167d7754a6c23c09dbea7502b9c28f10b9bc4b96497ca4059b31a1d3089ef2e8b12b115784f6b72f000bd09b7f6c19ad49fa173285807a8339cfffc3a79a2f240c88f34928423996b0f8700575e1e3d4ad25eaefbb1f0c59be778bdd7ff6480406b5b04fc8703b6d8eda382be43451136e0028a776814b4a65132debd7cefb4de0f260256d5e5b677d2ed7131cf55b10128b388576890110aad0352011c08763bf1ff1b50a410e63e83e406780df9e8406d4f14f2ed068050bad59737a6f3c9d01461b4fd6d2eece20d0342a123d22fa0a2d5ca8397678fa1adf38b152902585de670badd492eac8905935da97ccdb83ba56abf45e47f64ef0a7f270d472c168271a89475fa38da352badd6c7a8afd29aa76b6e78134a47ab331d9253906a213dfb79bd0a0645d73ee448756d2c978d0ecb5f0dff691d08e6271cc62e5dfba269d534c2224a3fd4a2b0de20a4e0288ea68a3df63738fd417619e62ec2bb569e83fbee09255f18f34150cdf794427bbc5e24ca400585e6882e17f06368d2789feb372f305e09de5d14b9a2fde0a81cbbc5dbd81adf1adbfe0d904be025db1b3fd4554ff65186dfa46c85bf0c6933e2ec640cb25affdfee08cddb728bcd8e74d782fe6dd6a578ec05258da9d49abb45380e9ec46810085093c4e4bb70bfa30c652c20e48d2d64d83ee62c6cf0173c820b1279706df3384a19f754833e07c0b6b589fce3c9e248daaa8d17d08453199024186ab309bdb96caf647c5e2ec5c9c3d4ca22265865741393c734c5003a3ad473489d08a8b5de8745b1161aef651bf8f2276d91b0020f3f4f89faed5608aebfc72d829f6c7bb43036b8c49e7469e70e59f67eff87635af99b001d6912caeaad623a48b453a1ef9f72a75b6dfd81847107ce0f39439071f7d788ec21a759296d4c3e8daa588866b212f913b6dd76829b5c83540f6a9f02b4460e9491a23e4419651232034aa7424c7a8ce542970cceb32358bf10afe20296c7f6715d31ce129faab88488e43fb92c9256586b6750896f244735a11b3ef5bec866b155ed4015550d8de0a93cf6bd76e2ece97e6e0c20b2befd1294c111041e889ddc5bfc4b01a8f722d811d5b7e9c92b6562af072a46e26039791fb177eca64fbd68beff5298f86377a0ecaaefcd04b440bac0da2a3c923159b958e6f1e38a104b4474c36c33d33498922cd79481732f590822fb9d34c44238d6171566b38e6562659a661c19baa90162ed779aada2a4ce1db0bda3340ceb5db406bf59e7c7de57efd0da2a18117fd22d1d39adae7adeffa5b24f0554ccd622734fcda3c83b55c2d7335abe9f1142e6c04a47a29c442a5ff5c2535e95e29d60003c28aac0358dca59dcd7d9888a114823001535c98ac4dfe6d4c50446b28ae2e8b5e7ee1e17414cf9554c106d4434ff1f4f813619f4cb58b1927bc95b542962dcd6fac3d562e268acf6e8a1ef0c16caaf6c94a0000cec631068288ac0d92bf690afb64ea3eeeeb90f3749c3707ff1fffee22fb9c77f6a3478d97ea35efd25835b2e190fc80ceae1adaad816ad48a4abca264b1e3bfd8265ce837c8423e85d307c5c0f1f6f2c00462a8c75142e59ddadece0d5cfd362f3e2c194602fdfed85cb28ba52ecad4169d9941eeaf877a75589665cbb9de12c78f471de36f6230b39ec64dd1f48ecfd03d8ecfbbbfec51cfa59c1e0ca82d3fef319604c9c42ccf808c0e648aea19b384447c9078c3e0cf71de61554dd184a33dde838565e5b4a8f5821816690872da012b0008e2def7193f1188d403d4da030115403d7cccfacc9c8890f89ef83ea600360ea54d1bfe2c1665b66277e3d0f50eec7aa4303b7551365d6da5f4e9637c7025dc042363b296a91b07e74ef707b364546247688d23294c626a01920257790e51c89651993f86c8b052c9824d785abf8d4601bb7f8c96b45b7408b38503dc49b5fc0cbce7d2c1b0b36415113f9e89b9163f631b6bcf68f9256cc9d57c27523205ba0c0e6f828436425b8d3a91ff06282249a6e48278ba8010ee14c4e9f28f177bd69344b69c957a3cc193b72a1bc1b570bfbe799efc20754d071d7467e11396158b3c768b5fd76fa6aad5ee35b44400662f887aac14bf855d1ecd5adc4df288accb91380766dca62863fbb133e010ba0b863509382bc48b565675be40589f5f3e9875e956be0efb089d4562c8cc814c0f8233eb367a2802267978ed23f729d1b47a4821d8b41665b88d6f0941821fba6e93286467dedb44d796566630d87bc833f9c7187f5176794e676214f3a1a43e897af052e74e721ce68dc275bfa396813a4cb49bda705e036f523d42c395c2928abc7e8558e5658119be5f7a0b7e7d754a09a3ff5273be88e9039fc561f41e05798341e6344f64ec6c053d1e2722bdb4430cf7285f66f3054cb352d6a899dab574640e5b86e5126872028295be2cdbc62819771fcc7489fb441b046a61ae1041b22ec13f748a382412325004a919dae1a9a80e3802269a081bb2ea8728ef1581dfbabef09a482a7b7c7635f04003c04e48cb31e4e589fb6a1774532ddb7047c0e543524a16264e9b097d182f8c7c40d5c8affb07dbf5fbf6638bb75a71d724f86539e03de681a9a88ddef6778c1b934aca7776076b810dfccdabaa2b3033d98108616684034bfdff1a37065a53a9b1da4d3eb81c411364e7d34905b646b4a282fbee8ce0012bb6ab61155726b63005f87e9eefe237ff9e7089010d4681bed2d1e7917221227bc020e2eaa5a21ceaf27fce1fd4db25cb08253f35978a9681d24b0a44c876a4e62b5e794576e7da74e380a17110f62e58a5d5cc9723b22447d5f2058b34e2df357dbf681de07081c3e015fbce3d20b1f8b08a7faf7ce203bf320d2b409c90a0bca6aaf63077c489b806916862ff659d3fb2673d102d600c01b9410df744d0d1160f486124f8cb0eef065d5c21b9ed99ed85f535df5b4de3c08ca6f5412aa71c8b8b491530d693a8746fd1c3f661f7a4c327c20c79902a679cc59ec0ff70be33200c64434369ea83cf9318297e4acd321237068c5f99cf26d4e5c15c7119ee8669158b515c3639bd708656fd4410559417916f28c02e98a8c5fa749b970347b113347616ef673e2efd7706cbaea9e18298f50e88550f9943b1198bface62cc2997e7fea301bb472e3d030c97bee092f6f2e98aa0a6883a7dad076e4d2ff679eb83d9bf842c112f30a1bd1ffba97a87568dbe56b307d35274afc969994db4717026d52c9fbccd9404c173751a2268fbf7a3b1f36e4907206e546d7b0576ce865abf983469bfa5eb8ce7d7e15a750701556b015353759f5a792f20c88c1d612e67d201a82785e40457cea2265ef3792ccda693a70bffb7ff72cdf64f8c72f70c3fcf3e94383269d03e27eb1e5a02e466482e8a23d89671356acb90885b7bc850f380ad3073a48f264b67babe615778e5e4725f890708b6a810d278eb80ed81f6d73db01f4e1f47aab43c00b4fc11ae6ed8cf100221b10aa772088e7f783222ad3d70981f359eaf5333059b66baa2daa3ef8e7fcb47b8c8020bc0b00eeb14aee1ceadae5aaff7dd3e7a83a5860d3d023e798a0462b0817292de137394a17ddaad0316bea14158a9e03d672f87897e18da3c884c146227475425e70c8dc9d2991dd212f23b38d530e19541e51eec266cecdef08564cb8d71da2352e9dd7c8f67e636c31a796143f6111e59352c86b94e2327185c81479477e7b399cbdd66eb8429d9745189d783b431b7895f6eb28bd8843be2267bb4659275d1e768e905aed3c57c4766fb48c16180146128ecba1559623e8975d31fdef262f6c81ea00f8bfe95716fcb64b9ddac5f1c80b43ce1f2d526ba0f0fcc88de49af4789cac1b47cdfd19ed53353458bab8e770510a7fdb30f64bf6487147edf6dd63828c6e7d7c491511d0519d1177df275828227bd52fb7a3309501cc72ace9076046508311d0074c351bdf01b4227bf9180451a4f435b6f6d36081536f640f1fda156e31a55ec4a42622476ff261d6e658128e3943caa758010cbada2d1c11fae9eacb0323ee2905870b8a00990dcacb27be062d586f716be73f519dd7134966ac0d7b2de6a3b3ace4a0c34ec3e05388cb9371ed5ffdfd78bcd9b67bfd2eea41296250454d571022333d416803b5a512f5db9d8c36e1ca039208d9aca70d82bdaaf4529a50a1b33b13440319d68f3d34a3198fe6da388b8cc4c0516c76471dd1f2d12c030bfd8ff14e5f89347fef2ae77c7229824c498d3180018f90bf9c6c1065a079d7c23b613f2f55c94fac8fe05a93df2d7383f50ba85d36c8e20e9de261357fb7da89ad4f24170c97f5ae6627954b20519f452cb6f5d8261b011dc5ccf219a1ec4828175f89cddce175ad5a5a434f33cbd9dcd209029d0e1efbeb7ee1f7a364137deb8eb9c343dbf265daabf0f8a223422bd6f412119d2851b609b036f7ac5ff851443619419d522966b361b24d3c1e06f3c5c830567468610971375696e63b5b4d8b898fdb9aebfc6908513c039547b33e08b326de113c938e20dbd24847237874552c602e6fc4b070c0e66f94a23d461a06e483e6ac990c18931d0eb96e3fd76555937a292309d9eee4b18a394a87c7172cc885d2af70c7447bd9168806f301badc3a86e5f6f771441dd6b46e56772e447817d18528c6b3fb4d9bb60fc715c92e6b43df62bf59ed1480e862d32940c385f9b7ffbbc40808608393001b0de8cc6de6122acfe32b5c505ad77eb3636bab6c24580eab7f154e2863a337bec6dba2495626e81bd2eeac2f73caa53a1fc5dfe8ada231ea5945a86412c3b2503ef2a754fbde40482c7d2905d884aa4ffcfd04ed86fa2ceca21ea698cbc3818d63ab50ab52896c5778bbd7536b481eaea875759f1832e290e855c62a86194b26ee614bd72d32b9aee99c3c2d9beba6fa064e51d1e4c698476ec16287840a4c1ba21e6b2dbeb991678670e8cff9e7a5da4cdf2d3763530b3702da84d71dcff3b49b9acd146f3cebb90ff1d9cbfa21eb0c63a380389ca73d19eed0a31851a0935e62a9127fe52c53e5c92be0898b8ad0592956fba366f7cfa32310c6635b9dba55a55543ce8389a84e1b4e3c884fae7a7d8e376a19b77443aad172bc1cecc6e7e353dc426ea886983d014965fab843fecb9df44e263f61ce45519bd0bacd552bdab9d7a06996fdc748f6f13a57ca3958fe708f92ec80b2d3186f487f46cba477c4f0e9462c04e683f9c9839453f22507d0c02e842d7e5c8c096696b7c2d14c3fc212bcf2612dd2f6256cdabaa0d57611ee49308c21cb404356d63a5345ddd2e3525aff9f9607fd08359a972716e93658893aa81130f5ee1005d0e77959074f7d8c15a82db8c0f22fa623ff448d285ad289fc4ed9d6c8961afdf5a37ff9a6cd693330dc18d564fcd6acde9e4064fec134369ca9c419646912007ed54374a69a443e9900bc5136e020f2adfdfeab15e6d704dc6c6d7097095b58bee393b8616637817190f147533d5a3aa243b7daf2a0343e5a8221ba857a0bc004b444b2956e52c6e06722ba691ec48e9f3faf50a23029541a7d5c9a2095b88b51ff51beeacb5466e63dfd78ffab82b644cb98d91e4958db", 0x1000, 0x2}, {&(0x7f00000012c0)="030f17acf7f72ae4cdac6378db5466775ef812c62a8d76875f87f2a4a0035ebc506a143fcc6488c650e1f18587000b886fd400402bca8821df505eec269133e9aa54402ff2d96ac3bb358b5464ba624689c1a73be4a126fe26018b4746eba28218fbe929caa77480c1ea472606088144039932d01be54dc8708181adfc9cfd44446e4026c46f4bddd65407d782d3f5d098", 0x91, 0x2}, {&(0x7f0000001380)="901dc63720a5421722cd32d41c7a089b729eaa80ddac82c26b4997ae8ed94d729b25f1c88def9056480a455c097a85fe97e86d0106e6d85fd4ebe43ed03d66c77b1cdb0b88b138c2e89e65a30bee5c85ceaa5e4cdf23c9e3d3da8e87a16c6548e39d5157b4ed4355542901e8859f062cacb7720a", 0x74, 0x6}], 0xbdfda6123c0c5d38, &(0x7f00000015c0)={[{@force='force'}, {@uid={'uid', 0x3d, r3}}], [{@subj_role={'subj_role', 0x3d, 'trustedbdev^'}}, {@dont_measure='dont_measure'}, {@permit_directio='permit_directio'}, {@rootcontext={'rootcontext', 0x3d, 'staff_u'}}]}) [ 210.677572] x86/PAT: syz-executor.2:10318 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 210.687702] x86/PAT: syz-executor.4:10309 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 210.714241] x86/PAT: syz-executor.4:10309 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 210.762372] FAULT_INJECTION: forcing a failure. [ 210.762372] name failslab, interval 1, probability 0, space 0, times 0 [ 210.803240] CPU: 0 PID: 10332 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 210.810356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 210.819691] Call Trace: [ 210.822271] dump_stack+0x138/0x19c [ 210.825903] should_fail.cold+0x10f/0x159 [ 210.830046] should_failslab+0xdb/0x130 [ 210.830060] kmem_cache_alloc+0x47/0x780 [ 210.830076] ? anon_vma_chain_link+0x142/0x1a0 [ 210.830090] anon_vma_clone+0xde/0x470 [ 210.846548] anon_vma_fork+0x87/0x4d0 [ 210.850359] copy_process.part.0+0x45e2/0x6a00 [ 210.854950] ? __cleanup_sighand+0x50/0x50 [ 210.859171] ? lock_downgrade+0x6e0/0x6e0 [ 210.863313] _do_fork+0x19e/0xce0 [ 210.866748] ? fork_idle+0x280/0x280 [ 210.870445] ? fput+0xd4/0x150 [ 210.873621] ? SyS_write+0x15e/0x230 [ 210.877315] SyS_clone+0x37/0x50 [ 210.880659] ? sys_vfork+0x30/0x30 [ 210.884180] do_syscall_64+0x1e8/0x640 [ 210.888043] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 210.892866] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 210.898030] RIP: 0033:0x459879 [ 210.901200] RSP: 002b:00007fcec12ddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 210.908888] RAX: ffffffffffffffda RBX: 00007fcec12ddc90 RCX: 0000000000459879 [ 210.916134] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 210.923383] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 210.930634] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12de6d4 [ 210.937904] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 07:37:11 executing program 2 (fault-call:8 fault-nth:30): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:11 executing program 3: r0 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x2, 0x400040) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') sendmsg$IPVS_CMD_GET_CONFIG(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000004}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2400f6ff", @ANYRES16=r1, @ANYBLOB="02002cbd7000ffdbdf250d0000000800040000000000080004001f090000"], 0x24}, 0x1, 0x0, 0x0, 0x80}, 0xc2ead652fabdc41b) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x200000, 0x0) ioctl$EVIOCSABS0(r2, 0x401845c0, &(0x7f0000000080)={0x9, 0x0, 0xa000000000000, 0x7f, 0x2, 0xbd1}) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x0, 0x32314742, 0x780, 0x0, 0x2}) 07:37:11 executing program 0: syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(0xffffffffffffffff, 0x80845663, &(0x7f0000000040)={0x0, @reserved}) 07:37:11 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) ioctl$KVM_SET_LAPIC(r0, 0x4400ae8f, &(0x7f0000000500)={"a682bb231468d03597817f2dc82ab0b62a34708bf24c96bc40aae05497e374e228e159008fccf98972eb28eabafe4a0f5a53260e982b3e28cb0a5b1901ecc202cf8393a49bc6a8797823f9cb27b2675e073dd19402dd9c3027308c78c4cc0d820fa10b7a33bf98a6ac5722a6f14d0d33f54363dfd3389e11ea2f54c6227a4ea919a8d0ee61b5ff0625dab3bfaa1b163a9588ecb01bb627ae42b68e098ea3d6f2bc1d369949187248d331646e1de8771b6a48566a7a067787db172950ac3d2b78b0d04c57353695b79c182b1a699a99f522b3ce8b7a9425bb918cda67b972859e3cbd42e14fcc9da93b9e22c5b28477fe5963cf988abda888e5dc2b132d93426663337eeedbbe5432cdd57b6026a910dda6a8654b2bb8aa8bad5a881a03b0b98351d64b5711a41567f1abc7a595ab9c1d843d94a60eee1905c3e610d0b59fc37855adcdc8417c64badee2c5296c7507c0bdf8b30c4b3b0105c9da0a8962c67b6d60cd6f64560a953543f1a7d9a65be78047bcd2deb3a4b86457f4b5fae9a79aca45f9e5bae1865f043ca9565196ac4ec558cf6d6479f5ed167268953820ae8bb4acfa790f9041c53562aa4228bea5d698b9e9ae9562a4cf624892c76480334b69656219a62b1cd08ebee027c4d60de2f56707800cf2f00fd6cad2e808729fd757d846097f3236b60a198356a12325d9721b058a679b1b27f1aabb2332fb156b32753b023d4efe2bc309b57f031ce85af4e0163867714690df9b8d56ec245b07b26a56af74a72875b281edb1e705819b4da03bc12b3df7125b670b1ceb041aa551340bd2b39aab43406d77a174c5bad75ba6ee1b62786e3d13491dd167c937ecad42781bc8751b7198864907d2b4127ca5a1d05861b1ecc6d5df24453ebc1b3e0f62a0bc61abad2e2b507fdf6ff934b6f51e6b087de51faf2a0e97c3573d58af1d49ec73082b216f653a6c33bcea880d92f17d8f7ced2d71ed65ee2207f4cb27e539c463e254fb4a7bb96a39b8b18e6640adc842ecdeca2ebabd12a7493e25b6fb9e37f6e1c2f2f734b17e92922389da6cdfc4f7253659e5f8c0a78de545f9189590529fd4800e63fb220f29401a7230d57acca67d44c58607da32052b4048600bc52c6e6d9d06fd2df7c6a7c086bd512a6538e22a08cde4073e5c546b5a8b20d80be21c11f8dba04dfa8ad0cf707b18feb404a35c714333291c988bcf0707203a8f25ddf721cca10be9c57df810da159356a8c447801fa71ef30f640a826d95ce7ced286a06c754b881a7c9dbea5938c34cf646cb50c5b3f2116150950fbcac0ca3eb3349fa4ad98e0cd3c02fcd45196c15fdf8bf442c27393f44f5958265f56d6061e2e5868262b5df0cc7c963db4b6ea20ba317870d60a2706f6523604c59ac3a928323733dce6a6313633df68cea0fcb0c9c6fd7af08699d46b6b340af3e86"}) 07:37:11 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(0x0, 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x26, 0x7, "7ac92462a98c8d63aca34b95b3f6128d6f72a44cbae0ad1e79f9b2fd9b7c"}, &(0x7f00000001c0), 0x1400) 07:37:11 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) r1 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x200, 0x0) setsockopt$inet6_udp_encap(r1, 0x11, 0x64, &(0x7f0000000080)=0x3, 0x4) [ 210.960596] x86/PAT: syz-executor.2:10332 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 210.969303] x86/PAT: syz-executor.2:10332 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:11 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(0x0, 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x26, 0x7, "7ac92462a98c8d63aca34b95b3f6128d6f72a44cbae0ad1e79f9b2fd9b7c"}, &(0x7f00000001c0), 0x1400) [ 211.033760] x86/PAT: syz-executor.4:10343 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 211.072686] x86/PAT: syz-executor.2:10353 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:11 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) r1 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x7, 0x0) ioctl$EVIOCGKEY(r1, 0x80404518, &(0x7f0000000140)=""/195) 07:37:11 executing program 0: syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(0xffffffffffffffff, 0x80845663, &(0x7f0000000040)={0x0, @reserved}) 07:37:11 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(0x0, 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x26, 0x7, "7ac92462a98c8d63aca34b95b3f6128d6f72a44cbae0ad1e79f9b2fd9b7c"}, &(0x7f00000001c0), 0x1400) [ 211.109522] FAULT_INJECTION: forcing a failure. [ 211.109522] name failslab, interval 1, probability 0, space 0, times 0 [ 211.127693] x86/PAT: syz-executor.4:10343 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 211.138038] CPU: 0 PID: 10353 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 211.145149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 211.154496] Call Trace: [ 211.157091] dump_stack+0x138/0x19c [ 211.160730] should_fail.cold+0x10f/0x159 [ 211.164642] x86/PAT: syz-executor.4:10343 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 211.164878] ? anon_vma_clone+0xde/0x470 [ 211.177662] should_failslab+0xdb/0x130 [ 211.177676] kmem_cache_alloc+0x47/0x780 [ 211.177690] ? anon_vma_chain_link+0x142/0x1a0 [ 211.177705] anon_vma_clone+0xde/0x470 [ 211.194151] anon_vma_fork+0x87/0x4d0 [ 211.194170] copy_process.part.0+0x45e2/0x6a00 [ 211.194203] ? __cleanup_sighand+0x50/0x50 [ 211.206853] ? lock_downgrade+0x6e0/0x6e0 [ 211.211008] _do_fork+0x19e/0xce0 [ 211.214473] ? fork_idle+0x280/0x280 [ 211.218190] ? fput+0xd4/0x150 [ 211.221389] ? SyS_write+0x15e/0x230 [ 211.225112] SyS_clone+0x37/0x50 [ 211.228476] ? sys_vfork+0x30/0x30 [ 211.232020] do_syscall_64+0x1e8/0x640 [ 211.235907] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 211.240752] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 211.245939] RIP: 0033:0x459879 [ 211.249121] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 07:37:11 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) r1 = syz_open_dev$media(&(0x7f00000000c0)='/dev/media#\x00', 0x1ff84aaa, 0x0) ioctl$EVIOCSABS3F(r1, 0x401845ff, &(0x7f0000000080)={0x9, 0xff, 0x1, 0x7ff, 0x0, 0x8}) getsockopt$inet_tcp_buf(r1, 0x6, 0x1a, &(0x7f0000000140)=""/86, &(0x7f0000000040)=0x56) 07:37:11 executing program 0: syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(0xffffffffffffffff, 0x80845663, &(0x7f0000000040)={0x0, @reserved}) [ 211.256820] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 211.256826] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 211.256832] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 211.256838] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 211.256845] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 07:37:11 executing program 2 (fault-call:8 fault-nth:31): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:11 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) openat$vimc2(0xffffffffffffff9c, &(0x7f0000000100)='/dev/video2\x00', 0x2, 0x0) sendfile(r0, r0, &(0x7f0000000080), 0x2b646192) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:11 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000080)={r0, 0x10, 0x1, 0x101, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0xa}, 0x20) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) 07:37:11 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) r1 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r1, 0x114, 0xa, &(0x7f0000000080)={0x3, "93beb8"}, 0x4) 07:37:11 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r0, 0x80845663, 0x0) 07:37:11 executing program 1: openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x26, 0x7, "7ac92462a98c8d63aca34b95b3f6128d6f72a44cbae0ad1e79f9b2fd9b7c"}, &(0x7f00000001c0), 0x1400) [ 211.303581] x86/PAT: syz-executor.2:10353 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 211.328879] x86/PAT: syz-executor.2:10353 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:11 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r0, 0x80845663, 0x0) 07:37:11 executing program 1: openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x26, 0x7, "7ac92462a98c8d63aca34b95b3f6128d6f72a44cbae0ad1e79f9b2fd9b7c"}, &(0x7f00000001c0), 0x1400) [ 211.416814] x86/PAT: syz-executor.4:10388 freeing invalid memtype [mem 0x00000000-0x00000fff] 07:37:11 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x100, 0x0) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000080)={0x1, @rand_addr=0x3, 0x4e21, 0x4, 'none\x00', 0x28, 0x4, 0x6d}, 0x2c) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) 07:37:11 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0xeeb9867f12592f8, 0x0) setsockopt$IP_VS_SO_SET_DEL(r1, 0x0, 0x484, &(0x7f0000000080)={0x67, @rand_addr=0x5, 0x4e20, 0x2, 'fo\x00', 0x10, 0x7, 0x4d}, 0x2c) [ 211.498217] x86/PAT: syz-executor.2:10396 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 211.510836] x86/PAT: syz-executor.4:10402 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 211.532539] FAULT_INJECTION: forcing a failure. [ 211.532539] name failslab, interval 1, probability 0, space 0, times 0 [ 211.561226] CPU: 1 PID: 10396 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 211.568359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 211.577711] Call Trace: [ 211.580300] dump_stack+0x138/0x19c [ 211.583939] should_fail.cold+0x10f/0x159 [ 211.588091] ? anon_vma_clone+0xde/0x470 [ 211.592161] should_failslab+0xdb/0x130 [ 211.596140] kmem_cache_alloc+0x47/0x780 [ 211.600213] ? anon_vma_chain_link+0x142/0x1a0 [ 211.604802] anon_vma_clone+0xde/0x470 07:37:11 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000200)='/dev/video#\x00', 0xffffffffffffff7f, 0x240) getresuid(&(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)) r1 = syz_open_dev$adsp(&(0x7f00000001c0)='/dev/adsp#\x00', 0x45, 0x40000) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/autofs\x00', 0x400, 0x0) setsockopt$ALG_SET_AEAD_AUTHSIZE(r1, 0x117, 0x5, 0x0, 0x6) ioctl$UI_BEGIN_FF_ERASE(r2, 0xc00c55ca, &(0x7f0000000180)={0x10, 0x100000001, 0x7}) syz_kvm_setup_cpu$x86(r2, r1, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000240)="80a416e16d64260f18700b66b9800000c00f326635000800000f3066b9180600000f32f336700bf30f0964660f38801d650f93e5ba210066b8e9c8a4c866ef66b8440000000f23d80f21f86635000000100f23f8", 0x54}], 0x1, 0x40, &(0x7f0000000300)=[@vmwrite={0x8, 0x0, 0xb1, 0x0, 0x6, 0x0, 0x11, 0x0, 0x7}, @efer={0x2, 0x400}], 0x2) ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r0, 0xc0305616, &(0x7f0000000000)={0x0, {0x7ff, 0x4}}) 07:37:11 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0xd8ac, 0x40081) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) [ 211.608694] anon_vma_fork+0x87/0x4d0 [ 211.612489] copy_process.part.0+0x45e2/0x6a00 [ 211.612525] ? __cleanup_sighand+0x50/0x50 [ 211.612536] ? lock_downgrade+0x6e0/0x6e0 [ 211.612553] _do_fork+0x19e/0xce0 [ 211.612569] ? fork_idle+0x280/0x280 [ 211.632643] ? fput+0xd4/0x150 [ 211.632654] ? SyS_write+0x15e/0x230 [ 211.632672] SyS_clone+0x37/0x50 [ 211.632682] ? sys_vfork+0x30/0x30 [ 211.632696] do_syscall_64+0x1e8/0x640 [ 211.632705] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 211.632725] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 211.642978] RIP: 0033:0x459879 [ 211.642984] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 211.642997] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 211.643003] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 211.643008] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 211.643015] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 211.650407] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 211.699414] x86/PAT: syz-executor.2:10396 freeing invalid memtype [mem 0x00000000-0x00000fff] 07:37:11 executing program 2 (fault-call:8 fault-nth:32): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:11 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r0, 0x80845663, 0x0) 07:37:11 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x240, 0x1) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:11 executing program 1: openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x26, 0x7, "7ac92462a98c8d63aca34b95b3f6128d6f72a44cbae0ad1e79f9b2fd9b7c"}, &(0x7f00000001c0), 0x1400) 07:37:11 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x40c, 0x1) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:11 executing program 5: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0) getsockopt$inet6_buf(r0, 0x29, 0x20, &(0x7f0000000180)=""/41, &(0x7f00000001c0)=0x29) r1 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={r0, 0xc0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=0x87, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0x4, 0x3}, 0x0, 0x0, &(0x7f0000000300)={0x2, 0x2, 0x81}, &(0x7f0000000340)=0x9, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=0x8000}}, 0x10) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000040)=0x1, 0x4) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, r0, 0x0, 0xc, &(0x7f00000004c0)='/dev/video#\x00', r2}, 0x260) openat$mixer(0xffffffffffffff9c, &(0x7f0000000200)='/dev/mixer\x00', 0x204200, 0x0) sched_getparam(r3, &(0x7f00000000c0)) [ 211.733472] x86/PAT: syz-executor.2:10396 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:11 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, 0x0, &(0x7f0000000140)={0x26, 0x7, "7ac92462a98c8d63aca34b95b3f6128d6f72a44cbae0ad1e79f9b2fd9b7c"}, &(0x7f00000001c0), 0x1400) 07:37:11 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f00000002c0)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) socket$isdn_base(0x22, 0x3, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000300), &(0x7f0000000340)=0x4) ioctl$MON_IOCT_RING_SIZE(r1, 0x9204, 0x81281) 07:37:11 executing program 5: r0 = syz_open_dev$audion(&(0x7f0000000140)='/dev/audio#\x00', 0xfffffffffffff4e1, 0x40) accept4$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000002c0)=0x14, 0x80000) ioctl$SG_GET_LOW_DMA(r0, 0x227a, &(0x7f0000000240)) ioctl$VIDIOC_SUBDEV_S_CROP(r0, 0xc038563c, &(0x7f0000000180)={0x0, 0x0, {0x6, 0x1, 0x2, 0x3a34}}) write$cgroup_type(r0, &(0x7f00000001c0)='threaded\x00', 0x9) r1 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x6ea9a4e484096363) ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f00000000c0)=0xffffffff) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000080)=0x10000, 0x4) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) write$cgroup_type(r0, &(0x7f0000000280)='threaded\x00', 0x9) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000340)='/proc/capi/capi20\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNINFO(r0, 0x800442d3, &(0x7f0000000300)={0x0, 0x3, 0xf, @remote, 'ersp\xe3\xc1\x96\xff\x00\x00\x19\x00'}) 07:37:11 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x60000) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400, 0x20, 0x3f, 0x100000000, 0x2, 0xff, 0xfffffffffffffffb, 0xffffffffffff8f65, 0x3, 0x6, 0xfffffffffffffff9]}) timer_create(0x4, &(0x7f0000000040)={0x0, 0x40, 0x1}, &(0x7f0000000080)=0x0) r2 = semget(0x0, 0x2, 0x200) semctl$IPC_RMID(r2, 0x0, 0x0) ioctl$VIDIOC_G_STD(r0, 0x80085617, &(0x7f0000000140)) timer_gettime(r1, &(0x7f00000000c0)) [ 211.854862] x86/PAT: syz-executor.4:10432 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:11 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, 0x0, &(0x7f0000000140)={0x26, 0x7, "7ac92462a98c8d63aca34b95b3f6128d6f72a44cbae0ad1e79f9b2fd9b7c"}, &(0x7f00000001c0), 0x1400) [ 211.918205] x86/PAT: syz-executor.4:10432 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 211.934901] x86/PAT: syz-executor.2:10442 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 211.953135] x86/PAT: syz-executor.4:10432 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:11 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x8000, 0x0) setsockopt$inet_sctp_SCTP_RECVRCVINFO(r1, 0x84, 0x20, &(0x7f00000000c0)=0x3, 0x4) ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0106426, &(0x7f0000000140)={0x3, &(0x7f0000000080)=[{}, {0x0}, {}]}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r1, 0x4010641c, &(0x7f0000000280)={r2, &(0x7f0000000180)=""/232}) [ 211.965897] FAULT_INJECTION: forcing a failure. [ 211.965897] name failslab, interval 1, probability 0, space 0, times 0 [ 211.994682] CPU: 0 PID: 10442 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 212.001798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 212.011144] Call Trace: [ 212.011163] dump_stack+0x138/0x19c [ 212.011184] should_fail.cold+0x10f/0x159 [ 212.017363] should_failslab+0xdb/0x130 [ 212.017383] kmem_cache_alloc+0x2d7/0x780 [ 212.017394] ? anon_vma_clone+0x310/0x470 [ 212.033772] anon_vma_fork+0x1ce/0x4d0 [ 212.037671] copy_process.part.0+0x45e2/0x6a00 [ 212.042279] ? __cleanup_sighand+0x50/0x50 [ 212.046512] ? lock_downgrade+0x6e0/0x6e0 [ 212.050671] _do_fork+0x19e/0xce0 [ 212.054133] ? fork_idle+0x280/0x280 [ 212.057853] ? fput+0xd4/0x150 [ 212.061051] ? SyS_write+0x15e/0x230 [ 212.064773] SyS_clone+0x37/0x50 [ 212.068136] ? sys_vfork+0x30/0x30 [ 212.071677] do_syscall_64+0x1e8/0x640 [ 212.075557] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 212.080410] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 212.085597] RIP: 0033:0x459879 [ 212.088779] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 212.096475] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 212.096481] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 212.096486] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 07:37:12 executing program 2 (fault-call:8 fault-nth:33): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:12 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x60000) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400, 0x20, 0x3f, 0x100000000, 0x2, 0xff, 0xfffffffffffffffb, 0xffffffffffff8f65, 0x3, 0x6, 0xfffffffffffffff9]}) timer_create(0x4, &(0x7f0000000040)={0x0, 0x40, 0x1}, &(0x7f0000000080)=0x0) r2 = semget(0x0, 0x2, 0x200) semctl$IPC_RMID(r2, 0x0, 0x0) ioctl$VIDIOC_G_STD(r0, 0x80085617, &(0x7f0000000140)) timer_gettime(r1, &(0x7f00000000c0)) 07:37:12 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, 0x0, &(0x7f0000000140)={0x26, 0x7, "7ac92462a98c8d63aca34b95b3f6128d6f72a44cbae0ad1e79f9b2fd9b7c"}, &(0x7f00000001c0), 0x1400) 07:37:12 executing program 4: mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:12 executing program 3: socket$inet(0x2, 0x3, 0x3) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x20000, 0x0) ioctl$BLKFLSBUF(r0, 0x1261, &(0x7f0000000080)=0x110) r1 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:12 executing program 5: r0 = syz_open_dev$swradio(&(0x7f0000000040)='/dev/swradio#\x00', 0x0, 0x2) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000140)={&(0x7f0000000080)=[0x4, 0x2, 0x6, 0x3, 0x6, 0x5, 0x58d4], 0x7, 0x8, 0x5, 0x1, 0x100000000, 0x1, {0x80000001, 0x9a68, 0x10000, 0x0, 0x5, 0x9, 0x0, 0xe060, 0xfffffffffffffffa, 0x1f, 0x7, 0x81, 0x3, 0x6, "6c0d4f0ed24cc181cb03afbd3a48db9504aa8b206cb480c1495faa2576ea8cad"}}) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000000c0)) r1 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) [ 212.096492] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 212.096497] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 212.106104] x86/PAT: syz-executor.2:10442 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 212.126543] x86/PAT: syz-executor.2:10442 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:12 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x60000) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400, 0x20, 0x3f, 0x100000000, 0x2, 0xff, 0xfffffffffffffffb, 0xffffffffffff8f65, 0x3, 0x6, 0xfffffffffffffff9]}) timer_create(0x4, &(0x7f0000000040)={0x0, 0x40, 0x1}, &(0x7f0000000080)=0x0) r2 = semget(0x0, 0x2, 0x200) semctl$IPC_RMID(r2, 0x0, 0x0) ioctl$VIDIOC_G_STD(r0, 0x80085617, &(0x7f0000000140)) timer_gettime(r1, &(0x7f00000000c0)) 07:37:12 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x9, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x8000, 0x0) 07:37:12 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f00000001c0), 0x1400) 07:37:12 executing program 5: r0 = syz_open_dev$video4linux(&(0x7f0000000140)='/dev/v4l-subdev#\x00', 0x4, 0x400) ioctl$VIDIOC_QUERY_EXT_CTRL(r0, 0xc0e85667, &(0x7f0000000180)={0x40000000, 0x3, "e935a203e0b7b779cadb3ef6253ec8726a262546a832c7a696953ae5918f1ea7", 0x20, 0x44, 0x0, 0x8001, 0xffff, 0x0, 0xfaa, 0x1, [0x7, 0x8, 0x439, 0x3ff]}) openat$ion(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ion\x00', 0x30300, 0x0) r1 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0xffff, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) r2 = msgget(0x2, 0x40) msgctl$IPC_STAT(r2, 0x2, &(0x7f0000000040)=""/61) prctl$PR_CAP_AMBIENT(0x2f, 0x4, 0x24) 07:37:12 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, &(0x7f0000000080)={0x6, 0x101, 0xe10, 0x2f03, 0x8}) r1 = geteuid() fstat(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_ATTR(r0, &(0x7f0000000180)={0x78, 0x1b8bc78c636565d1, 0x5, {0x80000000, 0x4700, 0x0, {0x4, 0x8, 0x6, 0x0, 0x9, 0xb427, 0x4, 0x6730, 0x9, 0x10, 0x400, r1, r2, 0x0, 0x2a}}}, 0x78) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 212.287588] x86/PAT: syz-executor.2:10479 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:12 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x402000, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r1, 0xc0045520, &(0x7f00000001c0)=0x9) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='cbu\x0f\xb4Q\xcb\x877\x00\x00\x00\x00\x00\xf1\xe6\xc7\xaa\xff\xd8*-\xa8\xf4\xe9\xb5\xec\x90OfD\x1d5u\xd1\x8e\xc0l\x13\xb4\x90\xcf\x9a', 0x0, 0x0) ioctl$VIDIOC_S_EXT_CTRLS(r2, 0xc0205648, &(0x7f0000000180)={0x980000, 0x4, 0x9, [], &(0x7f0000000140)={0x9909ce, 0xfffffffffffffff8, [], @p_u32=&(0x7f00000000c0)=0x3f}}) ioctl$EVIOCGABS2F(r2, 0x8018456f, &(0x7f0000000080)=""/22) [ 212.332969] FAULT_INJECTION: forcing a failure. [ 212.332969] name failslab, interval 1, probability 0, space 0, times 0 [ 212.372817] x86/PAT: syz-executor.4:10490 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 212.414162] CPU: 1 PID: 10479 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 212.421300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 212.430776] Call Trace: [ 212.433373] dump_stack+0x138/0x19c [ 212.437012] should_fail.cold+0x10f/0x159 [ 212.438715] x86/PAT: syz-executor.4:10497 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 212.441166] should_failslab+0xdb/0x130 [ 212.441183] kmem_cache_alloc+0x2d7/0x780 [ 212.441194] ? __pmd_alloc+0x410/0x410 [ 212.441212] copy_process.part.0+0x444f/0x6a00 [ 212.441243] ? __cleanup_sighand+0x50/0x50 [ 212.449973] x86/PAT: syz-executor.4:10497 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 212.453841] ? lock_downgrade+0x6e0/0x6e0 [ 212.453864] _do_fork+0x19e/0xce0 [ 212.453880] ? fork_idle+0x280/0x280 [ 212.453895] ? fput+0xd4/0x150 [ 212.453906] ? SyS_write+0x15e/0x230 [ 212.453921] SyS_clone+0x37/0x50 [ 212.453932] ? sys_vfork+0x30/0x30 [ 212.504295] do_syscall_64+0x1e8/0x640 [ 212.508164] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 212.512990] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 212.518156] RIP: 0033:0x459879 [ 212.521323] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 212.529008] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 212.536256] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 212.543508] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 212.550764] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 07:37:12 executing program 2 (fault-call:8 fault-nth:34): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:12 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f00000001c0), 0x1400) 07:37:12 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x60000) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400, 0x20, 0x3f, 0x100000000, 0x2, 0xff, 0xfffffffffffffffb, 0xffffffffffff8f65, 0x3, 0x6, 0xfffffffffffffff9]}) timer_create(0x4, &(0x7f0000000040)={0x0, 0x40, 0x1}, &(0x7f0000000080)) r1 = semget(0x0, 0x2, 0x200) semctl$IPC_RMID(r1, 0x0, 0x0) ioctl$VIDIOC_G_STD(r0, 0x80085617, &(0x7f0000000140)) 07:37:12 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) pipe(&(0x7f00000000c0)) fallocate(r0, 0x2, 0x100000000001, 0x200000000007b7) ioctl$VIDIOC_QUERYCTRL(r0, 0xc0445624, &(0x7f0000000040)={0x7, 0x102, "bc04bf5a997cc36895e25c8e921021dd2a59ef78f1a73fd36dfd0c4a5add9b5d", 0x216, 0x80, 0x7, 0x8, 0x2}) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0xffffffff00000000, 0x35315241, 0x9}) 07:37:12 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x80, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r0, 0xae44, 0x93e) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) creat(&(0x7f0000000100)='./file0\x00', 0x80) ioctl$sock_bt_bnep_BNEPGETCONNINFO(r1, 0x800442d3, &(0x7f0000000140)={0x43e, 0x4, 0x80, @broadcast, 'veth1_to_bond\x00'}) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:12 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000040)={0x1, 0x0, {0x8000, 0x40, 0x34c0, 0x40}}) ioctl$FIBMAP(r0, 0x1, &(0x7f0000000080)=0x401) 07:37:12 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f00000001c0), 0x1400) [ 212.558017] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 212.574993] x86/PAT: syz-executor.2:10479 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 212.583861] x86/PAT: syz-executor.2:10479 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:12 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x1000, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:12 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x7fff, 0x200005) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000e00000/0x200000)=nil, &(0x7f0000e02000/0x1000)=nil, &(0x7f0000fc0000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000fa9000/0x2000)=nil, &(0x7f0000e74000/0x4000)=nil, &(0x7f0000e7a000/0x2000)=nil, &(0x7f0000f7f000/0x4000)=nil, &(0x7f0000000140)="5b880904538008276d4f9ec58ac91b4543ebaf0c6bc1f9a27512c8122003c84213d16a3dd57f66627d5442bd6de3f30da6965848b6487d466c8a0e21fc32a4ab8ffd34a7dcadc3b8f44ecc0b51afbed37f236c6303db8d4321ce8b88afe5613d974c2cb279feae8d465c9c1abd2c1cc633d4400b474a3f678ad7730a0300a0cd821960a1d2eb77539831ca79a8", 0x8d, r0}, 0x68) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) 07:37:12 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x60000) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400, 0x20, 0x3f, 0x100000000, 0x2, 0xff, 0xfffffffffffffffb, 0xffffffffffff8f65, 0x3, 0x6, 0xfffffffffffffff9]}) timer_create(0x4, &(0x7f0000000040)={0x0, 0x40, 0x1}, &(0x7f0000000080)) r1 = semget(0x0, 0x2, 0x200) semctl$IPC_RMID(r1, 0x0, 0x0) 07:37:12 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x26, 0x0, "7ac92462a98c8d63aca34b95b3f6128d6f72a44cbae0ad1e79f9b2fd9b7c"}, &(0x7f00000001c0), 0x1400) [ 212.716045] x86/PAT: syz-executor.2:10516 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 212.725464] QAT: Invalid ioctl [ 212.735907] x86/PAT: syz-executor.4:10515 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:12 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) r1 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x9, 0x200) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000d00)={0x0, 0xc3, 0x4, [0x40, 0x20, 0x3ff, 0x5]}, &(0x7f0000000d40)=0x10) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000d80)={r2, @in={{0x2, 0x4e24, @multicast1}}, 0x1, 0xd48, 0x0, 0x3, 0x48}, &(0x7f0000000e40)=0x98) r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x0, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r3, 0x0, 0x80, &(0x7f0000000c80)=@broute={'broute\x00', 0x20, 0x6, 0xb04, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000140], 0x0, &(0x7f0000000080), &(0x7f0000000140)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{0x5, 0x40, 0x601f, 'veth0_to_bridge\x00', 'ipddp0\x00', 'bridge_slave_0\x00', 'teql0\x00', @broadcast, [0xff, 0x0, 0x7adf50f17dec4942, 0x0, 0x0, 0xff], @random="da68d5432920", [0xff, 0xff, 0x0, 0xff, 0xff], 0x6e, 0xce, 0x11e, [], [@common=@AUDIT={'AUDIT\x00', 0x8, {{0x1}}}, @common=@NFQUEUE0={'NFQUEUE\x00', 0x8, {{0x8}}}], @common=@log={'log\x00', 0x28, {{0xdd82, "3dec1ba1a9c5fbf48640d8c49c59865c321b162cf169a5d668d1874553c1", 0x2}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffc, 0x2, [{0x3, 0x31, 0x9000, '\x00', 'nlmon0\x00', 'veth1\x00', 'bcsh0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, [0xff, 0x0, 0xd1490e76a965742a, 0xff], @empty, [0xff, 0xdf3b89131c160a3a, 0xff, 0x0, 0x0, 0xff], 0xd6, 0x156, 0x186, [@cpu={'cpu\x00', 0x8, {{0xfffffffffffffffc, 0x1}}}, @realm={'realm\x00', 0x10, {{0x5, 0x7, 0x1}}}], [@common=@NFQUEUE0={'NFQUEUE\x00', 0x8, {{0xf20}}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00', 0x0, 0x0, 0x7}}}], @common=@AUDIT={'AUDIT\x00', 0x8}}, {0x13, 0x1c, 0x9100, 'dummy0\x00', 'lapb0\x00', 'ip6_vti0\x00', 'caif0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, [0x0, 0x0, 0x0, 0xff, 0xff, 0xff], @dev={[], 0x12}, [0x0, 0x0, 0xff, 0x0, 0xff], 0x2be, 0x366, 0x396, [@comment={'comment\x00', 0x100}, @comment={'comment\x00', 0x100}], [@common=@NFQUEUE0={'NFQUEUE\x00', 0x8, {{0x1f}}}, @common=@nflog={'nflog\x00', 0x50, {{0x1, 0xf2, 0x2, 0x0, 0x0, "897213506f91741466934b321c00ea1bcf9c8471ad808b43c9b34b0509556daa0fd7387c1a162d91bad8ccdbeecc71ed984c3116187ca2e47df5e298eadb1671"}}}], @common=@AUDIT={'AUDIT\x00', 0x8, {{0x3}}}}]}, {0x0, '\x00', 0x3, 0xffffffffffffffff, 0x1, [{0x11, 0xc, 0x800, 'ip6gre0\x00', 'bond0\x00', 'veth1_to_bridge\x00', 'ip6tnl0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x8660ac0de51695d0}, [0xff, 0xff, 0xff, 0xff, 0x0, 0xff], @local, [], 0xde, 0x126, 0x15e, [@stp={'stp\x00', 0x48, {{0x6, {0x1, 0x7, 0x1, @dev={[], 0x19}, [0xff, 0x0, 0x0, 0x0, 0xff, 0xff], 0x0, 0xd1, 0x2, 0x716, @broadcast, [0x0, 0x0, 0x0, 0xff, 0x9f3221a3c4a17a34, 0xff], 0x4e24, 0x4e23, 0x10000, 0x0, 0x1, 0x9, 0x800, 0x5, 0x3}, 0x1, 0x300}}}], [@common=@RATEEST={'RATEEST\x00', 0x20, {{'syz1\x00', 0x6, 0x9, 0x7}}}], @common=@dnat={'dnat\x00', 0x10, {{@broadcast, 0xffffffffffffffff}}}}]}, {0x0, '\x00', 0x4, 0xfffffffffffffffc, 0x2, [{0x11, 0x20, 0x22eb, 'nr0\x00', 'bcsh0\x00', 'lapb0\x00', 'veth1_to_team\x00', @random="166d23bf8033", [0x0, 0xff, 0xff, 0xff, 0xff, 0xff], @dev={[], 0x17}, [0x5389cfddc70f2b5b, 0x0, 0x0, 0xff, 0xff], 0x6e, 0x9e, 0xce, [], [@common=@NFQUEUE0={'NFQUEUE\x00', 0x8, {{0x7fff}}}], @common=@redirect={'redirect\x00', 0x8, {{0xfffffffffffffffe}}}}, {0x5, 0x19, 0xabff, 'lo\x00', 'lo\x00', 'teql0\x00', '\x00', @random="41deda27b35d", [0xff, 0x0, 0xff, 0x0, 0xff], @dev={[], 0x1c}, [0x81c61b4e395be015, 0xff, 0xff, 0xff, 0xff, 0xff], 0xce, 0x166, 0x1de, [@arp={'arp\x00', 0x38, {{0x31b, 0xedde, 0xa, @initdev={0xac, 0x1e, 0x1, 0x0}, 0xffffffff, @rand_addr=0x80000001, 0x0, @random="a369771c992d", [0xff, 0xff, 0xff, 0x0, 0xff, 0xff], @local, [0x0, 0xff, 0xff, 0xff, 0x0, 0xff], 0x2, 0xa74b172bbf09f586}}}], [@common=@log={'log\x00', 0x28, {{0xfffffffffffff800, "4bcbb44472f31d0253a8d02d221b20981ec65c6af8901f3f2f5f08084311", 0x4}}}, @common=@ERROR={'ERROR\x00', 0x20, {"0bd639e8ed6d4627b1e05197ee468654ee6d721f5369a3695842aa5a0d4d"}}], @common=@NFLOG={'NFLOG\x00', 0x50, {{0x8, 0x8, 0x6, 0x1, 0x0, "e234a9662b7c996425d5a2e03aa73c810d6d533cd01cb6b8f39d0b393d0fb510b257041668c80aaf73178f47ed2bfb7621d00f724b813b9a2abebd96056ff48f"}}}}]}]}, 0xb7c) [ 212.766199] FAULT_INJECTION: forcing a failure. [ 212.766199] name failslab, interval 1, probability 0, space 0, times 0 [ 212.799828] QAT: Invalid ioctl [ 212.822231] x86/PAT: syz-executor.4:10529 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 212.848253] x86/PAT: syz-executor.4:10529 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 212.853542] CPU: 1 PID: 10528 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 212.864199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 212.873636] Call Trace: [ 212.876231] dump_stack+0x138/0x19c [ 212.879870] should_fail.cold+0x10f/0x159 [ 212.884020] should_failslab+0xdb/0x130 [ 212.887992] kmem_cache_alloc+0x2d7/0x780 [ 212.892151] copy_process.part.0+0x444f/0x6a00 [ 212.896732] ? __cleanup_sighand+0x50/0x50 [ 212.900952] ? lock_downgrade+0x6e0/0x6e0 [ 212.905088] _do_fork+0x19e/0xce0 [ 212.908520] ? fork_idle+0x280/0x280 [ 212.912227] ? fput+0xd4/0x150 [ 212.915407] ? SyS_write+0x15e/0x230 [ 212.919101] SyS_clone+0x37/0x50 [ 212.922443] ? sys_vfork+0x30/0x30 [ 212.925962] do_syscall_64+0x1e8/0x640 [ 212.929825] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 212.934648] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 212.939815] RIP: 0033:0x459879 [ 212.942983] RSP: 002b:00007fcec12ddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 212.950673] RAX: ffffffffffffffda RBX: 00007fcec12ddc90 RCX: 0000000000459879 [ 212.957945] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 212.965202] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 07:37:13 executing program 2 (fault-call:8 fault-nth:35): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:13 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x60000) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400, 0x20, 0x3f, 0x100000000, 0x2, 0xff, 0xfffffffffffffffb, 0xffffffffffff8f65, 0x3, 0x6, 0xfffffffffffffff9]}) timer_create(0x4, &(0x7f0000000040)={0x0, 0x40, 0x1}, &(0x7f0000000080)) semget(0x0, 0x2, 0x200) 07:37:13 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) r1 = semget$private(0x0, 0x3, 0x400) semctl$GETPID(r1, 0x4, 0xb, &(0x7f0000000140)=""/188) openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x100, 0x0) add_key(&(0x7f0000000040)='dns_resolver\x00', &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) 07:37:13 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x8}, &(0x7f00000001c0), 0x1400) 07:37:13 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000, 0x2, &(0x7f0000ffb000/0x1000)=nil) 07:37:13 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x0, 0x0, 0x0, @stepwise={{0x1, 0x3}, {0x3f, 0x40}, {0x9, 0x100}}}) [ 212.972451] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12de6d4 [ 212.979696] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 212.999321] x86/PAT: syz-executor.2:10528 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 213.008119] x86/PAT: syz-executor.2:10528 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:13 executing program 3: pivot_root(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00') r0 = syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x2, 0x2) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140)=@assoc_value={0x0}, &(0x7f0000000180)=0x8) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={r1, 0x3, 0x1, 0x7, 0xbb, 0x8}, 0x14) r2 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r2, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:13 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x8}, 0x0, 0x1400) 07:37:13 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x60000) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400, 0x20, 0x3f, 0x100000000, 0x2, 0xff, 0xfffffffffffffffb, 0xffffffffffff8f65, 0x3, 0x6, 0xfffffffffffffff9]}) timer_create(0x4, &(0x7f0000000040)={0x0, 0x40, 0x1}, &(0x7f0000000080)) 07:37:13 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x5, 0x100) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f00000000c0)={0xfffffffeffffffff, 0x35315241, 0x0, 0x100}) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x80000) bind$isdn(r1, &(0x7f0000000080)={0x22, 0x1, 0x8, 0x0, 0x1eb800000000}, 0x6) 07:37:13 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) ioctl$sock_inet6_udp_SIOCINQ(r0, 0x541b, &(0x7f0000000200)) getsockname(r0, &(0x7f0000000140)=@pppoe={0x18, 0x0, {0x0, @local}}, &(0x7f00000001c0)=0x80) ioctl$SIOCX25GCAUSEDIAG(r0, 0x89e6, &(0x7f0000000100)={0xffffffffffffffc0, 0xffffffffffffff36}) rt_sigprocmask(0x2, &(0x7f00000002c0)={0x2}, &(0x7f00000000c0), 0xffffffffffffffbc) 07:37:13 executing program 3: r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video0\x00', 0x2, 0x0) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000140)={0x4cd8f399c6ca9b, 0x97, 0x3, [], &(0x7f0000000180)={0xa10905, 0x2, [], @p_u16=&(0x7f0000000080)=0x2}}) r1 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x881) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) ioctl$TUNGETSNDBUF(r0, 0x800454d3, &(0x7f00000000c0)) [ 213.151750] x86/PAT: syz-executor.2:10554 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 213.178281] FAULT_INJECTION: forcing a failure. [ 213.178281] name failslab, interval 1, probability 0, space 0, times 0 [ 213.211828] CPU: 1 PID: 10554 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 213.218957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 213.228309] Call Trace: [ 213.230902] dump_stack+0x138/0x19c [ 213.234543] should_fail.cold+0x10f/0x159 [ 213.238695] should_failslab+0xdb/0x130 [ 213.242752] kmem_cache_alloc+0x47/0x780 [ 213.246826] ? __lock_is_held+0xb6/0x140 [ 213.250887] ? check_preemption_disabled+0x3c/0x250 [ 213.255912] anon_vma_clone+0xde/0x470 [ 213.259813] anon_vma_fork+0x87/0x4d0 [ 213.263620] copy_process.part.0+0x45e2/0x6a00 [ 213.268233] ? __cleanup_sighand+0x50/0x50 [ 213.272473] ? lock_downgrade+0x6e0/0x6e0 [ 213.276627] _do_fork+0x19e/0xce0 [ 213.280088] ? fork_idle+0x280/0x280 [ 213.283813] ? fput+0xd4/0x150 [ 213.288478] ? SyS_write+0x15e/0x230 [ 213.292197] SyS_clone+0x37/0x50 [ 213.295558] ? sys_vfork+0x30/0x30 [ 213.299099] do_syscall_64+0x1e8/0x640 [ 213.302977] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 213.307814] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 213.312996] RIP: 0033:0x459879 [ 213.316179] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 213.323890] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 213.331155] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 213.338420] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 213.345680] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 213.352935] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 07:37:13 executing program 2 (fault-call:8 fault-nth:36): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:13 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x2040, 0x0) ioctl$BLKALIGNOFF(r0, 0x127a, &(0x7f0000000100)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:13 executing program 3: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x100, 0x0) ioctl$VIDIOC_G_EDID(r0, 0xc0285628, &(0x7f00000000c0)={0x0, 0x1, 0x0, [], &(0x7f0000000080)=0x1}) r1 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:13 executing program 5: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x2802, 0x0) flock(r0, 0xc) r1 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) 07:37:13 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x8}, 0x0, 0x1400) 07:37:13 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x60000) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400, 0x20, 0x3f, 0x100000000, 0x2, 0xff, 0xfffffffffffffffb, 0xffffffffffff8f65, 0x3, 0x6, 0xfffffffffffffff9]}) [ 213.405596] x86/PAT: syz-executor.2:10577 freeing invalid memtype [mem 0x00000000-0x00000fff] 07:37:13 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x8}, 0x0, 0x1400) [ 213.455234] x86/PAT: syz-executor.2:10577 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 213.457198] QAT: Invalid ioctl [ 213.493367] x86/PAT: syz-executor.2:10593 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:13 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl\x00', 0x240200, 0x0) setsockopt$inet6_MRT6_ADD_MFC(r1, 0x29, 0xcc, &(0x7f0000000140)={{0xa, 0x4e20, 0x3, @remote, 0x80000001}, {0xa, 0x4e20, 0x0, @mcast2, 0x7}, 0xf096, [0x6, 0x7, 0x6, 0x4, 0x5, 0xe6, 0x20, 0x3]}, 0x5c) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x10000, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f00000001c0)=0x2, 0x4) getsockopt$inet_sctp_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$VIDIOC_EXPBUF(r0, 0xc0405610, &(0x7f0000000080)={0x2, 0x3f, 0x7, 0x800, r2}) 07:37:13 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x60000) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400, 0x20, 0x3f, 0x100000000, 0x2, 0xff, 0xfffffffffffffffb, 0xffffffffffff8f65, 0x3, 0x6, 0xfffffffffffffff9]}) 07:37:13 executing program 5: arch_prctl$ARCH_SET_CPUID(0x1012, 0x0) r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x3fc, 0x3631564e, 0x4}) [ 213.504457] x86/PAT: syz-executor.4:10589 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:13 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x8}, &(0x7f00000001c0), 0x0) [ 213.566056] FAULT_INJECTION: forcing a failure. [ 213.566056] name failslab, interval 1, probability 0, space 0, times 0 [ 213.604049] QAT: Invalid ioctl [ 213.604512] CPU: 1 PID: 10603 Comm: syz-executor.2 Not tainted 4.14.139 #35 07:37:13 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000380)='/dev/video#\x00', 0x38000000000000, 0x8000) r1 = add_key(&(0x7f0000000040)='cifs.spnego\x00', &(0x7f0000000080)={'syz', 0x1}, &(0x7f0000000140)="85a0afe3be26093203fcd5ef0b2ce2fa6a17148e7fea85e8447c9e492ea345145de4452e967388c07b9868d819ade9593aa44d4968ec2a4b9fe5fb9126b9239479fd877a1e69cb9f34f837fd52364d44e7c4aadf6a70cbf4080df0a42a5064748025b6a759c1f9b5961d770532b6eabcc6a00b246175a8e8ae6f1c5f077e38717c8addb7e0e246b8d3feea22f676be4367f5fe2d3f06d991a2f8b448640ed816802ae26b5f54e7d0b9e03e4392f8db018efdc11eb7105601d5db47b2781e93d74318f15c", 0xc4, 0xfffffffffffffffa) r2 = add_key(&(0x7f00000000c0)='blacklist\x00', &(0x7f0000000000)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc) r3 = add_key$keyring(&(0x7f0000000280)='keyring\x00', &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_MOVE(0x1e, r1, r2, r3, 0x1) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x200000000, 0x35315241, 0x780}) [ 213.614391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 213.623742] Call Trace: [ 213.626368] dump_stack+0x138/0x19c [ 213.630022] should_fail.cold+0x10f/0x159 [ 213.634182] should_failslab+0xdb/0x130 [ 213.638163] kmem_cache_alloc+0x47/0x780 [ 213.642228] ? anon_vma_chain_link+0x142/0x1a0 [ 213.646813] anon_vma_clone+0xde/0x470 [ 213.650703] anon_vma_fork+0x87/0x4d0 [ 213.654505] copy_process.part.0+0x45e2/0x6a00 [ 213.659110] ? __cleanup_sighand+0x50/0x50 [ 213.663340] ? lock_downgrade+0x6e0/0x6e0 [ 213.667482] _do_fork+0x19e/0xce0 [ 213.670939] ? fork_idle+0x280/0x280 [ 213.674663] ? fput+0xd4/0x150 [ 213.677856] ? SyS_write+0x15e/0x230 [ 213.681578] SyS_clone+0x37/0x50 [ 213.684939] ? sys_vfork+0x30/0x30 [ 213.688494] do_syscall_64+0x1e8/0x640 [ 213.692382] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 213.697234] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 213.702418] RIP: 0033:0x459879 [ 213.704650] x86/PAT: syz-executor.4:10589 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 213.705603] RSP: 002b:00007fcec12ddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 213.716580] x86/PAT: syz-executor.4:10589 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 213.721942] RAX: ffffffffffffffda RBX: 00007fcec12ddc90 RCX: 0000000000459879 [ 213.721948] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 213.721953] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 213.721958] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12de6d4 [ 213.721964] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 07:37:13 executing program 2 (fault-call:8 fault-nth:37): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:13 executing program 0: ioctl$VIDIOC_DV_TIMINGS_CAP(0xffffffffffffffff, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400, 0x20, 0x3f, 0x100000000, 0x2, 0xff, 0xfffffffffffffffb, 0xffffffffffff8f65, 0x3, 0x6, 0xfffffffffffffff9]}) 07:37:13 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:13 executing program 5: prctl$PR_GET_KEEPCAPS(0x7) r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) ioctl$SIOCX25SCUDMATCHLEN(r0, 0x89e7, &(0x7f0000000140)={0x6}) r1 = syz_open_dev$usb(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0xffffffffffffff7f, 0x408e00) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f00000004c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="ae0300007d0cd53edae162a27bee0485e92c76d3c78a1dc525106617934adcb11c3f941722599c2ff7239fe8f251c0a1512ae1432cbeb4a92ff48fc4732904bcafbeda54d2c0f615f10e257fce0e4a81f00cc29de1497490b847c927c06b2c09f2cabd041a3f5c6aa46a4f95a21d9a6a3d8a37a551a7f6f558bc6e2e0c6aec56990e66e9dca8acd7"], &(0x7f0000000380)=0x88) ioctl(r0, 0x72d, &(0x7f00000003c0)="31fc725c9210800ba6f45964b51a76cf44233d7576fd8b90c3d10dbf896d6e191461819b7b5025fe26e6f3d3dc774372c8c19040e2ce400411469f58aba45ec7bf436642beee9a8bad4e6441b6a3abc6339e263070f4b43cfdd3b4bfcc9161dca61cfeffc74a5717404b7f08843348d4f95597281dead90f9d8826feea15bc694b92b0a232883972b237e57bb5ad287199d78d18781f6236d64a95b854924fae17cee9378e45ccf17e2668a54fe27e10d5a0fefdcf2f7d634d88cdb4cf648411d1d65e211a10aeb1c7d75111c845a6bb739cf4a73c701cef496ff529da18dca59cde9637837675971d05d3d9e2f708a0b7827d7b6dd8304630bbf2781047") setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f00000002c0)={r2, @in6={{0xa, 0x4e24, 0x0, @remote, 0xfffffffffffffffc}}, 0x9, 0x1000}, 0x90) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x73, &(0x7f00000001c0)={0x0, 0x7fffffff, 0x30, 0x0, 0x8}, &(0x7f0000000200)=0x18) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000e00)=0x0) migrate_pages(r4, 0xffffffffffffffc0, &(0x7f0000000e40)=0x100000001, &(0x7f0000000e80)=0xfff) get_mempolicy(&(0x7f0000000c80), &(0x7f0000000cc0), 0x1, &(0x7f0000fff000/0x1000)=nil, 0x4) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000d00)=@req={0xb751, 0x3, 0xfffffffffffffffd, 0x100}, 0x10) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000240)={r3, 0x8}, &(0x7f0000000280)=0x8) ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000d40)=0x0) ptrace$setsig(0x4203, r5, 0x94, &(0x7f0000000d80)={0x1a, 0x400, 0x48ac1a2c}) r6 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/mls\x00', 0x0, 0x0) ioctl$SG_GET_TIMEOUT(r6, 0x2202, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000640)={0x0, r1, 0x0, 0x1b, &(0x7f0000000600)='$}$$cpusetposix_acl_access\x00'}, 0x30) r8 = gettid() sendmsg$nl_netfilter(r6, &(0x7f0000000c40)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000c00)={&(0x7f0000000680)={0x570, 0x8, 0x5, 0x400, 0x70bd25, 0x25dfdbfb, {0x1, 0x0, 0x2}, [@typed={0x8, 0x3e, @fd=r6}, @generic="9d7381670227619f4ff910c1900c3d77e3c3f44984fadb1bd0d9eb028488ce6702d76b258a82e775974933b9d092e386e222e10465080a9f2a4e347ab15d613d7e4c469d42d51ae8b8f710d598d7b1e8d0ccb57eaa94c73df32b3d8b55342d9296786b0a617ea24c24003035448cb3a6a5e14c5b3017a68743557a84cc8eeb3d928fbaf29ac617b91d2325848036352f37b48f0efc62729c", @typed={0x10, 0x27, @str='/dev/video#\x00'}, @typed={0x8, 0x56, @ipv4=@rand_addr=0x80000000}, @nested={0x294, 0x5, [@generic="69fcadd32cfbc3f8f7b3f46b2daa7e9705c1924696ab35ff3108c6cfc8568cf61784f54e160836c413e78634b7d47ff8085401c4c7015d436a13b94d06b6e19309b22034ec3f40a083406171e5abe51a2f92e147cce6477bbc9a507e892909ad49b60b278c9f2c40db349d0ea3094c9d3a6a0483142b4905fd179a6095fa800a04654b371831d1f9d24e3f98e5f63fb3a01a03b020fd5d1b3e41d3ea17365b5e5e658b804d55dd865509b5e24da1dc0563a746f6d83c34dfa75625debc41ef79a43ab58ebe8186e93ac64e29feb9ec9889a068cd349a2f7174174184924d69563f72ae45", @generic="b9e9e3bc8f74c79229432eac383a8895b6e61726223e4a80c7bf2f65d728e0a9ec463939fca4525138b495c4fa49d974ffa9002a9ab05059222f921bc5945112fadbc296928e429dcdea2117f05d1e4b50", @typed={0x30, 0x48, @str='}!^mime_typemd5sumcgroup}\'vmnet0wlan0ppp0\x00'}, @typed={0x98, 0x21, @binary="70ac8451fcd803eec33c5d488e5a1a24f6368eda2a9b052a307e6b6bc0289b1198135a7ce99266bfda538c64b2a024a2645f439fe023e328f7eb6a9bdc6f44419e6181312485bb38a4618d310e48cd4462be618eccbd28f0fbbf0c88c097b0a085ecf14466797732339ef5ebdee61a7b3772478f00fa7ca223022ef15b7e122c06fb4db020afbab253e75e70c143b0a692"}, @generic, @typed={0x8, 0x48, @pid=r7}, @generic="dd7610c82058dde1730a10d674b7405dcaefe845b24d0cb7cd2e279ca9a1c8cd25efdf4a9070edcf746ce049f53f0288c8c7785ebc92661172403c3dbecc5684930a85b4ad82e6cc915e0c565b7768614a48273152e6be39308ca0ad68dcb11c53bceecf3e4bda09e66dab7e876b1e20fa931e6a4cedd641a175c3690f708279961f3fc88f07d6dfcb91b4"]}, @nested={0x10c, 0x2b, [@generic="2457bfd8c98199573b30dd4c6fb7e6d4b8f89cfee4779675b31b791830d7018167b972a8d3f0b25c0403926e5097b7b78ea567997fe4863a4c5a671f8c11e824fe0801948b405e76a15216be363fb660be2f6d08f1ba75402608454c95282c134c06aa39d9cbdd49f219ddd383a51066adfe671db63e203ea203994e13a01f9d10d8e238b71ea4879603ec8d980385c14c912970761da172cd4f89909be9931c628f32759b0739de4a5f5907a0596050328930995b0a1dc54d639dc5ab8ecf367d9ade62b7f9ecc7cff8b82c59a0b63f8da13a7e7e3e4eab9071a1e02608ffb4a398b6b682de2b1fca8ff824d947db202ec82b59fb7f1d06ca93f842b75343", @typed={0x8, 0x8a, @fd=r1}]}, @nested={0x74, 0x47, [@typed={0x4, 0x13}, @generic="99c0a048d7d915943e5d4028c36b1d4429b6ea7252348d29894da7f5f845e99ded34dde1a3e7c81818901088d0f4acbea0b135112c4fbb08cb8ef169ddac4c9c168883292cbccf2702c1eeb82a5a05a784bc65e0c62bf912c89786d78d6fd76e4218c4493455c7054ebc"]}, @typed={0x8, 0x54, @pid=r8}, @nested={0x88, 0x6e, [@generic="33869747676fc3eb8124e1ac99fb17972da91b6dedc3d8b28016b7da04b395fa3c5e2bbd1e896f42408e71521af857b6b6b83d6a7a6657846eb43ee31f460b739a70bb325113d8732183e2abf58566f3e643edb5b73f584d616a06e9265103b1105047a5c59d20", @typed={0x14, 0x2a, @ipv6=@initdev={0xfe, 0x88, [], 0x1, 0x0}}, @typed={0x8, 0x22, @u32=0x1d4}]}]}, 0x570}, 0x1, 0x0, 0x0, 0x4000800}, 0x1) getsockname$netlink(r6, &(0x7f0000000080), &(0x7f00000000c0)=0xc) ioctl$SIOCGSTAMPNS(r6, 0x8907, &(0x7f0000000580)) 07:37:13 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/mixer\x00', 0x200, 0x0) setsockopt$inet6_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f0000000200)=@gcm_256={{0x304}, "cd42c1ecfee9e99c", "5bbf7fd5fd45b3a1e1c0304ec2f0fce9fd8c5b9d7563055f037c47cd767fe21a", "d8cdddd2", "e9bbcdb2cd9a0b26"}, 0x38) chdir(&(0x7f00000000c0)='./file0\x00') bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000140)='devtmpfs\x00'}, 0x30) getpriority(0x2, r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) getpeername$netlink(r2, &(0x7f0000000080), &(0x7f0000000100)=0xc) 07:37:13 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x8}, &(0x7f00000001c0), 0x0) [ 213.759774] x86/PAT: syz-executor.2:10593 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 213.776699] x86/PAT: syz-executor.2:10593 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:13 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x0, 0x40000) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) 07:37:13 executing program 0: ioctl$VIDIOC_DV_TIMINGS_CAP(0xffffffffffffffff, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400, 0x20, 0x3f, 0x100000000, 0x2, 0xff, 0xfffffffffffffffb, 0xffffffffffff8f65, 0x3, 0x6, 0xfffffffffffffff9]}) 07:37:13 executing program 1: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x8}, &(0x7f00000001c0), 0x0) [ 213.876080] x86/PAT: syz-executor.2:10629 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 213.910769] x86/PAT: syz-executor.4:10631 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:13 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x8001, 0x20000) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/zero\x00', 0x80000, 0x0) stat(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0xffffffffffffffed) getsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@initdev}, 0x0, @in6=@ipv4}}, &(0x7f00000003c0)=0xe8) setresuid(r4, r6, r5) ioctl$VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000100)={0x1ff, 0x7437220e19ee4030, 0x4, 0x20000, {r1, r2/1000+30000}, {0x3, 0x0, 0x5, 0x7, 0x3f, 0x4, 'YkP*'}, 0x7fffffff, 0x3, @fd=r3, 0x4}) 07:37:14 executing program 0: ioctl$VIDIOC_DV_TIMINGS_CAP(0xffffffffffffffff, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400, 0x20, 0x3f, 0x100000000, 0x2, 0xff, 0xfffffffffffffffb, 0xffffffffffff8f65, 0x3, 0x6, 0xfffffffffffffff9]}) [ 213.935290] FAULT_INJECTION: forcing a failure. [ 213.935290] name failslab, interval 1, probability 0, space 0, times 0 07:37:14 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35377f5f, 0x3ff, 0x0, 0x0, @stepwise={{0x1f, 0x400}, {0x6, 0x5}, {0x3, 0x6}}}) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x250340, 0x0) ioctl$sock_netrom_SIOCDELRT(r1, 0x890c, &(0x7f0000000080)={0x0, @null, @netrom={'nr', 0x0}, 0x800000000007b, 'syz1\x00', @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x6, 0x4, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast]}) [ 214.004965] x86/PAT: syz-executor.4:10646 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 214.020353] CPU: 0 PID: 10637 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 214.027478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 214.036835] Call Trace: [ 214.039434] dump_stack+0x138/0x19c [ 214.043078] should_fail.cold+0x10f/0x159 [ 214.047229] ? anon_vma_clone+0xde/0x470 [ 214.051302] should_failslab+0xdb/0x130 [ 214.055280] kmem_cache_alloc+0x47/0x780 [ 214.059349] ? anon_vma_chain_link+0x142/0x1a0 [ 214.063931] anon_vma_clone+0xde/0x470 [ 214.067830] anon_vma_fork+0x87/0x4d0 [ 214.071642] copy_process.part.0+0x45e2/0x6a00 [ 214.076261] ? __cleanup_sighand+0x50/0x50 [ 214.080497] ? lock_downgrade+0x6e0/0x6e0 [ 214.084650] _do_fork+0x19e/0xce0 [ 214.088110] ? fork_idle+0x280/0x280 [ 214.091827] ? fput+0xd4/0x150 [ 214.095018] ? SyS_write+0x15e/0x230 [ 214.098732] SyS_clone+0x37/0x50 [ 214.099848] x86/PAT: syz-executor.4:10646 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 214.102085] ? sys_vfork+0x30/0x30 [ 214.102102] do_syscall_64+0x1e8/0x640 [ 214.102112] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 214.102130] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 214.118180] RIP: 0033:0x459879 [ 214.128199] RSP: 002b:00007fcec12ddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 214.139070] RAX: ffffffffffffffda RBX: 00007fcec12ddc90 RCX: 0000000000459879 [ 214.146331] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 07:37:14 executing program 2 (fault-call:8 fault-nth:38): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:14 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000040)={0x3f, 0x50313459, 0x0, 0x3, 0x3}) 07:37:14 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000080)={@host}) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) recvmsg$kcm(r0, &(0x7f0000000380)={&(0x7f0000000100)=@caif=@dbg, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000180)=""/127, 0x7f}, {&(0x7f00000002c0)=""/138, 0x8a}, {&(0x7f0000000200)=""/3, 0x3}, {&(0x7f0000000500)=""/255, 0xff}, {&(0x7f0000000600)=""/142, 0x8e}, {&(0x7f00000006c0)=""/244, 0xf4}, {&(0x7f0000000240)=""/47, 0x2f}], 0x7, &(0x7f0000000840)=""/120, 0x78}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000b00)={'team0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000b40)={'team0\x00', r1}) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:14 executing program 0: r0 = syz_open_dev$video(0x0, 0x8001, 0x60000) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400, 0x20, 0x3f, 0x100000000, 0x2, 0xff, 0xfffffffffffffffb, 0xffffffffffff8f65, 0x3, 0x6, 0xfffffffffffffff9]}) 07:37:14 executing program 3: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x2042, 0x0) ioctl$VIDIOC_QUERY_EXT_CTRL(r0, 0xc0e85667, &(0x7f0000000140)={0xc0000000, 0x9, "b6d530683af83d51c864aa4118c13037aeafa422f81b4e9e940212fde7b860c5", 0xffff, 0x89, 0x360, 0x5, 0x40, 0x7ff, 0x89, 0x6, [0xfffffffffffff74f, 0x80000000, 0x3ff, 0x100]}) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000040)={r0, r0}) 07:37:14 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) syz_mount_image$bfs(&(0x7f0000000080)='bfs\x00', &(0x7f0000000100)='./file0\x00', 0x20, 0x3, &(0x7f00000005c0)=[{&(0x7f0000000140)="b3606fe090e5125289a582d8a284f2e8d45c62dd7d320f4c703b046051ddf79dc815b263d7b82ae79abd549c39401a71726e0527f2212495db8899cc2963f0fc37502115e93c60abdf5eb550deb7d273d7c69ece84e37de3ca777b72f6c5898933564f36a150189911fde88834d433571ea4b1f74442103f5c52ec4bbef2d90bf8f0f662da0fba67029c9e740e8612c8fa5a547aada99c5a69ed4d8174108b0f30024388c05e8310888c78da4119b4099e232c4ae016f7483359905b63e86b21f929fe640b46c09e954fd99e8001", 0xce, 0x8}, {&(0x7f00000002c0)="f2c221a83a7ab861ce132aefb37ea6e56152717bf215ade4a50a633b1f4e94691c7c1b2f9ac2ef1c0be18c306373e8bbc24971f5c3fe9b5f6abd1cf55d4fd69dabf8a220c54a4c4d807751c62ca40d4ffea6a399dc9f668e1ff7a849381bb95b0c567f84318c52aedca032a3307c2d00c8981b88d12bcfa5e1b40481474f3d3a70303f6f06458bad988cfd17b010864b9b2a5fe47ebb0453e8faa5d26a5a4c0d3a52067fc6a5a5f6dacff65a20709d865828862837af3b402310a2693df05de27325e8ee378b4c549b4d617d1ed5d4af7543", 0xd2, 0x80}, {&(0x7f0000000500)="2d009c3906ce22fb7166f5453c9a6ceaaf37fdfcc76cfaf4b0c94113fa2a52ee285859c5c6152560b65fa5b1bc85a3ab027fc8be649bf4beb116dbdcda05a44d2598fedc0c21face5b7e64a734c6c1ed012eafbac69c4137e9715bafed06f57d062f0fcea83a9746b6a865e05b8fb87f0cf1464d62f8486e0626244dc9954eeed1a947db4af9", 0x86, 0xffffffffffffffff}], 0x4, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 214.153581] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 214.160873] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12de6d4 [ 214.168125] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 214.191683] x86/PAT: syz-executor.2:10657 freeing invalid memtype [mem 0x00000000-0x00000fff] 07:37:14 executing program 0: r0 = syz_open_dev$video(0x0, 0x8001, 0x60000) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400, 0x20, 0x3f, 0x100000000, 0x2, 0xff, 0xfffffffffffffffb, 0xffffffffffff8f65, 0x3, 0x6, 0xfffffffffffffff9]}) 07:37:14 executing program 5: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x3ffbe33dbe8d3784, 0x0) accept4$vsock_stream(r0, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x1}, 0x10, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000200)="2e0000003200050ad25a80648c6356c10424fc00120000000a000a00053582c1b0acea8b09000380feff0000d1bd", 0x2e}], 0x1}, 0x0) r2 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x2000000000008002, 0x44) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r2, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) [ 214.224884] x86/PAT: syz-executor.2:10657 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 214.247934] x86/PAT: syz-executor.1:10664 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 214.292761] x86/PAT: syz-executor.1:10664 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 214.305185] BFS-fs: bfs_fill_super(): No BFS filesystem on loop4 (magic=00000000) 07:37:14 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r1, 0x29, 0x41, &(0x7f00000000c0)={'mangle\x00', 0x6, "b999b74e7ee0"}, &(0x7f0000000100)=0x2a) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000040)={0x0, 0x77775753, 0x780}) [ 214.336081] x86/PAT: syz-executor.1:10664 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 214.353230] x86/PAT: syz-executor.4:10676 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 214.353491] openvswitch: netlink: Flow set message rejected, Key attribute missing. 07:37:14 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000080)={@host}) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) recvmsg$kcm(r0, &(0x7f0000000380)={&(0x7f0000000100)=@caif=@dbg, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000180)=""/127, 0x7f}, {&(0x7f00000002c0)=""/138, 0x8a}, {&(0x7f0000000200)=""/3, 0x3}, {&(0x7f0000000500)=""/255, 0xff}, {&(0x7f0000000600)=""/142, 0x8e}, {&(0x7f00000006c0)=""/244, 0xf4}, {&(0x7f0000000240)=""/47, 0x2f}], 0x7, &(0x7f0000000840)=""/120, 0x78}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000b00)={'team0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000b40)={'team0\x00', r1}) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:14 executing program 0: r0 = syz_open_dev$video(0x0, 0x8001, 0x60000) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400, 0x20, 0x3f, 0x100000000, 0x2, 0xff, 0xfffffffffffffffb, 0xffffffffffff8f65, 0x3, 0x6, 0xfffffffffffffff9]}) 07:37:14 executing program 5: r0 = syz_open_dev$video(&(0x7f00000000c0)='/dev/video#\x00', 0x9, 0x800) ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, &(0x7f0000000000)={0x1832cc87c4dc7cd, 0x1, @raw_data=[0x1, 0x69e, 0x3, 0x53f4, 0x9, 0xc5, 0x9, 0x9, 0xffff, 0x80000001, 0x7, 0x7, 0x800, 0x5, 0x7f, 0x92]}) [ 214.385607] x86/PAT: syz-executor.2:10679 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 214.402104] x86/PAT: syz-executor.4:10676 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 214.413528] FAULT_INJECTION: forcing a failure. [ 214.413528] name failslab, interval 1, probability 0, space 0, times 0 [ 214.414780] x86/PAT: syz-executor.4:10676 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 214.427379] CPU: 0 PID: 10679 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 214.440552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 214.449905] Call Trace: [ 214.452487] dump_stack+0x138/0x19c [ 214.452506] should_fail.cold+0x10f/0x159 [ 214.452518] ? anon_vma_clone+0xde/0x470 [ 214.464311] should_failslab+0xdb/0x130 [ 214.464324] kmem_cache_alloc+0x47/0x780 [ 214.472328] ? anon_vma_chain_link+0x142/0x1a0 [ 214.472341] anon_vma_clone+0xde/0x470 [ 214.472359] anon_vma_fork+0x87/0x4d0 [ 214.472376] copy_process.part.0+0x45e2/0x6a00 [ 214.489178] ? __cleanup_sighand+0x50/0x50 [ 214.493412] ? lock_downgrade+0x6e0/0x6e0 [ 214.493433] _do_fork+0x19e/0xce0 [ 214.493449] ? fork_idle+0x280/0x280 [ 214.493465] ? fput+0xd4/0x150 [ 214.493476] ? SyS_write+0x15e/0x230 [ 214.511629] SyS_clone+0x37/0x50 [ 214.514989] ? sys_vfork+0x30/0x30 [ 214.518537] do_syscall_64+0x1e8/0x640 [ 214.519614] x86/PAT: syz-executor.4:10676 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 214.522422] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 214.522442] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 214.522451] RIP: 0033:0x459879 [ 214.522457] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 214.522469] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 214.522475] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 214.522481] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 214.522487] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 214.522495] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 214.603369] x86/PAT: syz-executor.1:10689 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 214.633343] x86/PAT: syz-executor.4:10669 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 214.652316] x86/PAT: syz-executor.1:10689 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 214.662018] x86/PAT: syz-executor.4:10669 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 214.670392] x86/PAT: syz-executor.1:10689 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:14 executing program 2 (fault-call:8 fault-nth:39): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:14 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x60000) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400, 0x20, 0x3f, 0x100000000, 0x2, 0xff, 0xfffffffffffffffb, 0xffffffffffff8f65, 0x3, 0x6, 0xfffffffffffffff9]}) 07:37:14 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x80000, 0x0) getsockopt$bt_l2cap_L2CAP_LM(r1, 0x6, 0x3, &(0x7f0000000200), &(0x7f0000000240)=0x4) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e22, @broadcast}}, 0x4a, 0x3}, &(0x7f0000000080)=0x90) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f00000000c0)={0x3, 0x8, 0x8001, 0x0, 0x8, 0xa000000000000000, 0x1f, 0x1, r2}, 0x20) fcntl$setpipe(r1, 0x407, 0x8) preadv(r0, &(0x7f00000017c0)=[{&(0x7f0000000280)=""/163, 0xa3}, {&(0x7f0000000340)=""/123, 0x7b}, {&(0x7f00000003c0)=""/213, 0xd5}, {&(0x7f00000004c0)=""/127, 0x7f}, {&(0x7f0000000540)=""/4096, 0x1000}, {&(0x7f0000001540)=""/178, 0xb2}, {&(0x7f0000001600)=""/60, 0x3c}, {&(0x7f0000001640)=""/184, 0xb8}, {&(0x7f0000001700)=""/141, 0x8d}], 0x9, 0x0) 07:37:14 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x20a004, 0x0) r2 = openat(r1, &(0x7f0000000040)='./file0\x00', 0x1c105, 0x100000080) accept4$nfc_llcp(r2, &(0x7f0000000080), &(0x7f0000000140)=0x60, 0x800) getsockopt$bt_sco_SCO_CONNINFO(r0, 0x11, 0x2, &(0x7f0000000180)=""/12, &(0x7f00000001c0)=0xc) 07:37:14 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000080)={@host}) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) recvmsg$kcm(r0, &(0x7f0000000380)={&(0x7f0000000100)=@caif=@dbg, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000180)=""/127, 0x7f}, {&(0x7f00000002c0)=""/138, 0x8a}, {&(0x7f0000000200)=""/3, 0x3}, {&(0x7f0000000500)=""/255, 0xff}, {&(0x7f0000000600)=""/142, 0x8e}, {&(0x7f00000006c0)=""/244, 0xf4}, {&(0x7f0000000240)=""/47, 0x2f}], 0x7, &(0x7f0000000840)=""/120, 0x78}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000b00)={'team0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000b40)={'team0\x00', r1}) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:14 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-control\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) getpeername$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @empty}, &(0x7f0000000140)=0x10) 07:37:14 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x60000) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400, 0x20, 0x3f, 0x100000000, 0x2, 0xff, 0xfffffffffffffffb, 0xffffffffffff8f65, 0x3, 0x6, 0xfffffffffffffff9]}) [ 214.710877] x86/PAT: syz-executor.2:10679 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 214.719660] x86/PAT: syz-executor.2:10679 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 214.793899] x86/PAT: syz-executor.1:10709 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 214.828460] x86/PAT: syz-executor.1:10709 freeing invalid memtype [mem 0x00000000-0x00000fff] 07:37:14 executing program 5: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20ncci\x00', 0x80800, 0x0) ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r0, 0xc0305616, &(0x7f0000000080)={0x0, {0x7f, 0x2}}) r1 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) 07:37:14 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x60000) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400, 0x20, 0x3f, 0x100000000, 0x2, 0xff, 0xfffffffffffffffb, 0xffffffffffff8f65, 0x3, 0x6, 0xfffffffffffffff9]}) [ 214.829143] x86/PAT: syz-executor.4:10718 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 214.847580] x86/PAT: syz-executor.1:10709 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 214.847604] vivid-003: kernel_thread() failed [ 214.856805] x86/PAT: syz-executor.2:10719 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 214.877551] FAULT_INJECTION: forcing a failure. [ 214.877551] name failslab, interval 1, probability 0, space 0, times 0 07:37:14 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000080)={@host}) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) recvmsg$kcm(r0, &(0x7f0000000380)={&(0x7f0000000100)=@caif=@dbg, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000180)=""/127, 0x7f}, {&(0x7f00000002c0)=""/138, 0x8a}, {&(0x7f0000000200)=""/3, 0x3}, {&(0x7f0000000500)=""/255, 0xff}, {&(0x7f0000000600)=""/142, 0x8e}, {&(0x7f00000006c0)=""/244, 0xf4}, {&(0x7f0000000240)=""/47, 0x2f}], 0x7, &(0x7f0000000840)=""/120, 0x78}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000b00)={'team0\x00'}) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 214.916043] x86/PAT: syz-executor.4:10726 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 214.925982] CPU: 1 PID: 10723 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 214.933107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 214.942454] Call Trace: [ 214.945054] dump_stack+0x138/0x19c [ 214.948697] should_fail.cold+0x10f/0x159 [ 214.952853] should_failslab+0xdb/0x130 [ 214.956828] kmem_cache_alloc+0x2d7/0x780 07:37:15 executing program 5: set_robust_list(&(0x7f0000000140)={&(0x7f0000000040), 0x3b, &(0x7f00000000c0)={&(0x7f0000000080)}}, 0x18) r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r0, 0xc0305602, &(0x7f0000000180)={0x0, 0x8000, 0x3010, 0x1}) [ 214.957207] x86/PAT: syz-executor.4:10718 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 214.960971] ? anon_vma_clone+0x310/0x470 [ 214.960991] anon_vma_fork+0x1ce/0x4d0 [ 214.961008] copy_process.part.0+0x45e2/0x6a00 [ 214.961043] ? __cleanup_sighand+0x50/0x50 [ 214.961056] ? lock_downgrade+0x6e0/0x6e0 [ 214.986495] _do_fork+0x19e/0xce0 [ 214.986510] ? fork_idle+0x280/0x280 [ 214.997768] ? fput+0xd4/0x150 [ 215.000962] ? SyS_write+0x15e/0x230 [ 215.004722] SyS_clone+0x37/0x50 [ 215.008088] ? sys_vfork+0x30/0x30 [ 215.011636] do_syscall_64+0x1e8/0x640 [ 215.015523] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 215.020370] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 215.025559] RIP: 0033:0x459879 [ 215.028751] RSP: 002b:00007fcec12ddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 215.036455] RAX: ffffffffffffffda RBX: 00007fcec12ddc90 RCX: 0000000000459879 [ 215.043726] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 215.050988] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 215.058253] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12de6d4 07:37:15 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000040)={0x5, 0x31435750, 0x7fffffff, 0x0, 0x3, @discrete={0x400, 0x10000}}) syz_init_net_socket$x25(0x9, 0x5, 0x0) [ 215.065515] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 215.141231] x86/PAT: syz-executor.2:10723 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 215.157784] x86/PAT: syz-executor.2:10723 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 215.167944] x86/PAT: syz-executor.1:10741 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:15 executing program 2 (fault-call:8 fault-nth:40): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:15 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) prctl$PR_SET_PDEATHSIG(0x1, 0xa) fsetxattr$security_ima(r0, &(0x7f0000000080)='security.ima\x00', &(0x7f0000000100)=ANY=[@ANYBLOB="02c2a11bfeac09a9228533a8f7a7"], 0xe, 0x0) 07:37:15 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0) r2 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r3 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0)='nbd\x00') r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x200, 0x0) r5 = syz_open_dev$sndpcmc(&(0x7f0000000180)='/dev/snd/pcmC#D#c\x00', 0x2, 0x420000) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='rdma.current\x00', 0x0, 0x0) r7 = dup2(r1, r0) ioctl$TUNGETDEVNETNS(r4, 0x54e3, 0x0) r8 = syz_open_dev$dmmidi(&(0x7f00000002c0)='/dev/dmmidi#\x00', 0xff, 0x4280) pipe(&(0x7f0000000300)={0xffffffffffffffff}) sendmsg$NBD_CMD_STATUS(r2, &(0x7f0000000400)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x54, r3, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@NBD_ATTR_SOCKETS={0x34, 0x7, [{0x8, 0x1, r4}, {0x8, 0x1, r5}, {0x8, 0x1, r6}, {0x8, 0x1, r7}, {0x8, 0x1, r8}, {0x8, 0x1, r9}]}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000}, 0x1) 07:37:15 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400, 0x20, 0x3f, 0x100000000, 0x2, 0xff, 0xfffffffffffffffb, 0xffffffffffff8f65, 0x3, 0x6, 0xfffffffffffffff9]}) 07:37:15 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x1bf7bc35e7332ff8, 0x0, 0x0, 0x0, @stepwise={{0x0, 0x100000001}, {0x1, 0x13d1519e}, {0x1000, 0x200}}}) 07:37:15 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8001, 0x800) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0xfffffffffffffffd, 0x648ad264d0a6a33e, 0x0, 0x0, 0x0, @stepwise={{0x3, 0x9}, {0xdb0, 0x4}, {0x5, 0x10001}}}) 07:37:15 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000080)={@host}) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) recvmsg$kcm(r0, &(0x7f0000000380)={&(0x7f0000000100)=@caif=@dbg, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000180)=""/127, 0x7f}, {&(0x7f00000002c0)=""/138, 0x8a}, {&(0x7f0000000200)=""/3, 0x3}, {&(0x7f0000000500)=""/255, 0xff}, {&(0x7f0000000600)=""/142, 0x8e}, {&(0x7f00000006c0)=""/244, 0xf4}, {&(0x7f0000000240)=""/47, 0x2f}], 0x7, &(0x7f0000000840)=""/120, 0x78}, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 215.183602] x86/PAT: syz-executor.1:10740 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 215.210736] x86/PAT: syz-executor.1:10740 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 215.215306] x86/PAT: syz-executor.4:10749 freeing invalid memtype [mem 0x00000000-0x00000fff] 07:37:15 executing program 0: syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(0xffffffffffffffff, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400, 0x20, 0x3f, 0x100000000, 0x2, 0xff, 0xfffffffffffffffb, 0xffffffffffff8f65, 0x3, 0x6, 0xfffffffffffffff9]}) 07:37:15 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x4401, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x191080, 0x0) [ 215.291572] x86/PAT: syz-executor.2:10757 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 215.295524] x86/PAT: syz-executor.4:10760 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 215.309488] x86/PAT: syz-executor.4:10749 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 215.328073] x86/PAT: syz-executor.4:10749 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:15 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) r1 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x1, 0x141000) ioctl$SNDRV_RAWMIDI_IOCTL_DRAIN(r1, 0x40045731, &(0x7f0000000080)=0x5) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) 07:37:15 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f00000004c0)=ANY=[@ANYBLOB="2a2b65bc992fb01b562621eed798cfe1385a785a957f7cd6bc2040fec48102bfb0412f16ec9d59ba6b8d5b3266f87ff85912679ae4bfabe7be98f2e1c32e47f5d991b05a3eba5ef458f11e9d5fc898c3e170b208f875d3d1404e2e4a7bc2fde9684a45c8fc27e7a6c131beb719ff594d5122a791c88d70b3d0de534f23"], 0x7d) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unlink(&(0x7f0000001e00)='./bus\x00') sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) r2 = getpid() sched_setattr(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x3}, 0x0) getpid() r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = creat(&(0x7f00000003c0)='./file1\x00', 0x0) fanotify_init(0x8, 0x80000) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000001880)={0x0, 0x0}, &(0x7f00000018c0)=0xc) ioctl$DRM_IOCTL_GET_CLIENT(r4, 0xc0286405, &(0x7f0000001900)={0x4, 0x2, r2, 0x0, r5, 0x0, 0x5, 0xc09}) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000100)={{0x2, 0x0, @dev}, {0x1000, @remote}, 0x8, {0x2, 0x0, @broadcast}, '\xb6\xce\x00\x00\xe3\xff\xff\xff\x01\x00\x00\x00\x00\x00\x04\x00'}) r6 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r6, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:15 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/user\x00', 0x2, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 215.354579] FAULT_INJECTION: forcing a failure. [ 215.354579] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 215.374670] x86/PAT: syz-executor.1:10768 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 215.419037] CPU: 1 PID: 10767 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 215.426168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 215.435520] Call Trace: [ 215.435537] dump_stack+0x138/0x19c [ 215.435556] should_fail.cold+0x10f/0x159 [ 215.441731] ? __might_sleep+0x93/0xb0 [ 215.441752] __alloc_pages_nodemask+0x1d6/0x7a0 [ 215.441762] ? save_stack+0x45/0xd0 [ 215.441771] ? kasan_kmalloc+0xce/0xf0 [ 215.441780] ? kasan_slab_alloc+0xf/0x20 [ 215.441795] ? __alloc_pages_slowpath+0x2930/0x2930 [ 215.471076] alloc_pages_current+0xec/0x1e0 [ 215.475403] pte_alloc_one+0x1a/0x100 [ 215.479205] __pte_alloc+0x2a/0x2d0 [ 215.482833] copy_page_range+0x11ba/0x1bd0 [ 215.487063] ? SOFTIRQ_verbose+0x10/0x10 [ 215.491127] ? anon_vma_fork+0x358/0x4d0 [ 215.495195] ? vma_compute_subtree_gap+0x190/0x1f0 [ 215.500133] ? __pmd_alloc+0x410/0x410 [ 215.504027] copy_process.part.0+0x4764/0x6a00 [ 215.508636] ? __cleanup_sighand+0x50/0x50 [ 215.512868] ? lock_downgrade+0x6e0/0x6e0 [ 215.517039] _do_fork+0x19e/0xce0 [ 215.520497] ? fork_idle+0x280/0x280 [ 215.524213] ? fput+0xd4/0x150 [ 215.526740] audit: type=1400 audit(1566718635.540:76): avc: denied { getopt } for pid=10775 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 215.527404] ? SyS_write+0x15e/0x230 [ 215.527421] SyS_clone+0x37/0x50 [ 215.558573] ? sys_vfork+0x30/0x30 [ 215.562121] do_syscall_64+0x1e8/0x640 [ 215.566004] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 215.570850] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 215.576039] RIP: 0033:0x459879 [ 215.579224] RSP: 002b:00007fcec12ddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 215.586931] RAX: ffffffffffffffda RBX: 00007fcec12ddc90 RCX: 0000000000459879 [ 215.594202] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 215.601465] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 215.608731] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12de6d4 [ 215.615992] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 215.637261] x86/PAT: syz-executor.1:10762 freeing invalid memtype [mem 0x00000000-0x00000fff] 07:37:15 executing program 2 (fault-call:8 fault-nth:41): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:15 executing program 0: syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(0xffffffffffffffff, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400, 0x20, 0x3f, 0x100000000, 0x2, 0xff, 0xfffffffffffffffb, 0xffffffffffff8f65, 0x3, 0x6, 0xfffffffffffffff9]}) 07:37:15 executing program 5: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vsock\x00', 0x2, 0x0) ioctl$BLKROSET(r0, 0x125d, &(0x7f00000001c0)) r1 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x5, 0x0, @stepwise={{0x8, 0x9}, {0x9443, 0x5}, {0x4, 0x8001}}}) r2 = open(&(0x7f0000000040)='./file0\x00', 0x20000, 0x1) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e20, 0x623, @ipv4={[], [], @multicast2}, 0x77e3}, 0x1c) ioctl$VIDIOC_DBG_G_REGISTER(r0, 0xc0385650, &(0x7f0000000140)={{0x0, @addr=0x800}, 0x8, 0x7, 0x40}) 07:37:15 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000080)={@host}) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 215.725250] x86/PAT: syz-executor.4:10785 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 215.737668] x86/PAT: syz-executor.4:10785 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 215.758053] x86/PAT: syz-executor.4:10785 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:15 executing program 4: socket$nl_netfilter(0x10, 0x3, 0xc) r0 = accept$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000000180)=0x1c) r1 = geteuid() setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000002c0)={{{@in6=@loopback, @in=@broadcast, 0x4e22, 0x3f, 0x4e21, 0x4, 0xa, 0x20, 0x80, 0x2b, 0x0, r1}, {0x412, 0x80000001, 0x0, 0xab, 0x3a, 0xa4c, 0x3, 0x45}, {0x8000, 0x1, 0x100000000, 0x5b8a}, 0x3, 0x6e6bb6, 0x2, 0x1, 0x3}, {{@in=@loopback, 0x4d5, 0x2b}, 0xa, @in=@broadcast, 0x3504, 0x1, 0x3, 0x8, 0x4, 0x6, 0x4}}, 0xe8) mkdir(&(0x7f0000000200)='./file0/file0\x00', 0x80) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/policy\x00', 0x0, 0x0) ioctl$VIDIOC_G_CTRL(r2, 0xc008561b, &(0x7f0000000100)={0x7d3, 0x40}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:15 executing program 0: syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(0xffffffffffffffff, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400, 0x20, 0x3f, 0x100000000, 0x2, 0xff, 0xfffffffffffffffb, 0xffffffffffff8f65, 0x3, 0x6, 0xfffffffffffffff9]}) [ 215.790754] x86/PAT: syz-executor.1:10791 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 215.802885] Unknown ioctl 4701 [ 215.829913] Unknown ioctl -1070049712 [ 215.838271] x86/PAT: syz-executor.1:10791 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 215.853521] x86/PAT: syz-executor.2:10795 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 215.857029] Unknown ioctl 4701 [ 215.876026] x86/PAT: syz-executor.1:10791 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 215.896312] FAULT_INJECTION: forcing a failure. [ 215.896312] name failslab, interval 1, probability 0, space 0, times 0 07:37:15 executing program 5: keyctl$join(0x1, 0x0) ioctl$DRM_IOCTL_AUTH_MAGIC(0xffffffffffffffff, 0x40046411, &(0x7f0000000080)=0xfffffffffffffffd) r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) 07:37:15 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, 0x0) 07:37:16 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000080)={@host}) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 215.990149] CPU: 1 PID: 10795 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 215.997289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 216.006646] Call Trace: [ 216.009252] dump_stack+0x138/0x19c [ 216.012893] should_fail.cold+0x10f/0x159 [ 216.017050] should_failslab+0xdb/0x130 [ 216.021030] kmem_cache_alloc+0x2d7/0x780 [ 216.025189] ptlock_alloc+0x20/0x70 [ 216.028815] pte_alloc_one+0x60/0x100 [ 216.032619] __pte_alloc+0x2a/0x2d0 [ 216.036247] copy_page_range+0x11ba/0x1bd0 [ 216.040483] ? SOFTIRQ_verbose+0x10/0x10 [ 216.044547] ? anon_vma_fork+0x358/0x4d0 [ 216.048620] ? vma_compute_subtree_gap+0x190/0x1f0 [ 216.053561] ? __pmd_alloc+0x410/0x410 [ 216.057454] copy_process.part.0+0x4764/0x6a00 [ 216.062064] ? __cleanup_sighand+0x50/0x50 [ 216.066293] ? lock_downgrade+0x6e0/0x6e0 [ 216.070445] _do_fork+0x19e/0xce0 [ 216.073896] ? fork_idle+0x280/0x280 [ 216.077612] ? fput+0xd4/0x150 [ 216.080803] ? SyS_write+0x15e/0x230 [ 216.084521] SyS_clone+0x37/0x50 [ 216.087882] ? sys_vfork+0x30/0x30 [ 216.091423] do_syscall_64+0x1e8/0x640 [ 216.095305] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 216.100149] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 216.105334] RIP: 0033:0x459879 [ 216.108525] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 216.116231] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 216.123499] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 216.130764] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 07:37:16 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) getcwd(&(0x7f0000000040)=""/161, 0xa1) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) [ 216.138033] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 216.145292] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 216.244347] x86/PAT: syz-executor.2:10795 freeing invalid memtype [mem 0x00000000-0x00000fff] 07:37:16 executing program 3: r0 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x9, 0x30042) ioctl$VIDIOC_G_INPUT(r0, 0x80045626, &(0x7f0000000080)) modify_ldt$read_default(0x2, &(0x7f00000000c0)=""/50, 0x32) r1 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$KVM_HYPERV_EVENTFD(r0, 0x4018aebd, &(0x7f0000000140)={0x1, r0, 0x1}) connect$bt_sco(r0, &(0x7f0000000180)={0x1f, {0x5, 0x80000000, 0x80, 0x1000, 0x1, 0xffffffff}}, 0x8) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) syz_open_dev$sndtimer(&(0x7f00000001c0)='/dev/snd/timer\x00', 0x0, 0x2000) 07:37:16 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000080)={@host}) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:16 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/checkreqprot\x00', 0x8000, 0x0) ioctl$VIDIOC_DBG_G_REGISTER(r0, 0xc0385650, &(0x7f0000000100)={{0x2, @name="f022d6574c3cd63ce5919e40d08ae866cd95ccba5bcd712bb434e3cc07845cb9"}, 0x8, 0x5, 0x2}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, r0, 0x0, 0xb, &(0x7f0000000140)='+^selinux!\x00'}, 0x30) ioprio_set$pid(0x1, r2, 0x3) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:16 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-control\x00', 0x2, 0x0) bind$unix(r1, &(0x7f0000000240)=@file={0x1, './file0\x00'}, 0x6e) 07:37:16 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, 0x0) 07:37:16 executing program 2 (fault-call:8 fault-nth:42): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 216.288628] FAT-fs (loop3): error, invalid access to FAT (entry 0x00006500) [ 216.295725] x86/PAT: syz-executor.2:10795 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 216.315738] FAT-fs (loop3): Filesystem has been set read-only 07:37:16 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000080)={@host}) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:16 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, 0x0) 07:37:16 executing program 5: ioctl$VIDIOC_S_JPEGCOMP(0xffffffffffffffff, 0x408c563e, &(0x7f0000000140)={0x0, 0xe, 0x1e, "61d36077c7644fb1e35229da8b1468fe08069b34e0b1f497bc331123993e11940f8cbe73875b70a73104341a1c71debe7d8effb726e689dbf56953f2", 0x0, "94e831ba4d0f008157f9d5b0ac138a006a31131c5681bde783d7ca56895872a75ea23161b2739171ed743c9a61bd22c9ac0c1bddfc39e2176fcf4528", 0x80}) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) get_thread_area(&(0x7f0000000040)={0x5, 0xffffffffffffffff, 0x400, 0x0, 0x5, 0x1000, 0x40, 0x3ff, 0x2000000000000000, 0x80000000}) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x2000, 0x0) getsockopt$llc_int(r0, 0x10c, 0x9, &(0x7f0000000080), &(0x7f00000000c0)=0x4) [ 216.354454] x86/PAT: syz-executor.4:10827 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 216.381656] x86/PAT: syz-executor.4:10832 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 216.405473] x86/PAT: syz-executor.4:10832 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 216.435702] x86/PAT: syz-executor.2:10835 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:16 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:16 executing program 4: r0 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000100)={&(0x7f0000000080)='./file0\x00', 0x0, 0x18}, 0x10) lseek(r0, 0x0, 0x1) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r1 = accept4$rose(0xffffffffffffffff, &(0x7f0000000140)=@full={0xb, @remote, @remote, 0x0, [@remote, @rose, @netrom, @default, @remote, @netrom]}, &(0x7f0000000180)=0x40, 0x0) r2 = accept$inet(0xffffffffffffffff, 0x0, &(0x7f00000001c0)) sendto(r1, &(0x7f00000002c0)="3a030d805f5a0ac5129a0799ee8bb8cfc25995909d4f06e6cdc203d7ea629a4c4170e77fe7c4624726fd3ab990e174b3614cd60092690c592eea6eeabed165b6b34960184e3d53c71c5a5c0e88d34644a34f053926f2171c1a15c513c77e2ff23a9f8da0441a2fd2e42e1657ee80470b6c275ab350030598557305b643621dad8cf26a84328bf83e7624f22eeb48c494a800cccd2319f1fca9156468e3ee21b01042be883b676acd572539ea77824982b074d4ba4a00058a7aa53d92db47000c9edf35f0e1c170dc46a2ed3c23cc0330447bf5b38f978898485377f5277ccd3ec244c809f38e9f69a09c69", 0xeb, 0x40, &(0x7f0000000200)=@pppol2tp={0x18, 0x1, {0x0, r2, {0x2, 0x4e24, @loopback}, 0x4, 0x2, 0x1}}, 0x80) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) ioctl$EXT4_IOC_MIGRATE(r1, 0x6609) chdir(&(0x7f00000000c0)='./file0\x00') r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:16 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400, 0x20, 0x3f, 0x100000000, 0x2, 0xff, 0xfffffffffffffffb, 0xffffffffffff8f65, 0x3, 0x6]}) [ 216.473825] FAULT_INJECTION: forcing a failure. [ 216.473825] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 216.508107] CPU: 1 PID: 10835 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 216.515244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 216.524598] Call Trace: [ 216.527194] dump_stack+0x138/0x19c [ 216.530827] should_fail.cold+0x10f/0x159 [ 216.530840] ? __might_sleep+0x93/0xb0 [ 216.530858] __alloc_pages_nodemask+0x1d6/0x7a0 [ 216.530869] ? SOFTIRQ_verbose+0x10/0x10 [ 216.530883] ? __alloc_pages_slowpath+0x2930/0x2930 [ 216.538918] alloc_pages_current+0xec/0x1e0 [ 216.538933] pte_alloc_one+0x1a/0x100 [ 216.538943] __pte_alloc+0x2a/0x2d0 [ 216.564360] copy_page_range+0x11ba/0x1bd0 [ 216.568605] ? SOFTIRQ_verbose+0x10/0x10 07:37:16 executing program 3: prctl$PR_SET_MM_MAP_SIZE(0x23, 0xf, &(0x7f00000000c0)) r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) ioctl$VIDIOC_SUBDEV_G_EDID(r0, 0xc0285628, &(0x7f0000000080)={0x0, 0x2, 0x0, [], &(0x7f0000000040)=0x9}) r1 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x5, 0x408102) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000180)=ANY=[@ANYRES32=0x0, @ANYBLOB="b3000000e294338ec54af87ebb87d1b170921bc2d7fb96a378bfbaf5d35fac529d761c35c2274933b2568945d7e4969e6f306a0cf4b1afcc63375d7a2dbd5dd7dbac2b673c81eca3f66f4ae7157bf60a8b7ae841fabd5bb77bded40178480cf118c907d08e3d7cc8b76a8b833a8346438ebdfea3daf975be9bc6c6fe4843f47ef4ed96f55ac2f5c9565eae1dd85015b9f8e5434399b43ec12b4685129fb54ba52dcb83d5dd885d9c8ba7e2b4a452a1ca3ad4cc103ad32a"], &(0x7f0000000240)=0xbb) ioctl$IMCLEAR_L2(r1, 0x80044946, &(0x7f0000000400)=0x74) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000280)={0x0, 0x7bfa, 0x30}, &(0x7f00000002c0)=0xc) getsockopt$inet_sctp_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f0000000300)={r2, 0x1, 0x7, 0x200, 0x8, 0x1ff, 0x5, 0x12d, {r3, @in={{0x2, 0x4e20, @broadcast}}, 0x5, 0x5, 0x1ff, 0x1000, 0x9}}, &(0x7f00000003c0)=0xb0) 07:37:16 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) getegid() fstat(r0, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000001b00)={{{@in=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@remote}}, &(0x7f0000001c00)=0xe8) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000001c40)={{{@in=@empty, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in=@dev}}, &(0x7f0000001d40)=0xe8) r4 = getuid() stat(&(0x7f0000002180)='./file1\x00', &(0x7f00000020c0)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_unix(&(0x7f00000019c0)='./file0\x00', &(0x7f0000001a00)='./file0\x00', &(0x7f0000002140)='9p\x00', 0x40000, &(0x7f0000001fc0)={'trans=unix,', {[], [{@pcr={'pcr', 0x3d, 0x2}}, {@permit_directio='permit_directio'}, {@uid_lt={'uid<', r2}}, {@obj_user={'obj_user'}}, {@uid_lt={'uid<', r3}}, {@euid_lt={'euid<', r4}}, {@smackfshat={'smackfshat'}}, {@euid_lt={'euid<', r1}}, {@uid_lt={'uid<', r5}}]}}) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0xfffffffffffffffe, 0x35395343, 0x4, 0x0, 0x2, @stepwise={{0x0, 0x6}, {0xffff, 0x81}, {0x0, 0xa762}}}) r6 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0) ioctl$DRM_IOCTL_ADD_CTX(r6, 0xc0086420, &(0x7f0000001a40)={0x0}) ioctl$DRM_IOCTL_DMA(r6, 0xc0406429, &(0x7f0000001f40)={r7, 0x2, &(0x7f0000001e40)=[0x2c8, 0x1000], &(0x7f0000001e80)=[0x200, 0x7, 0xa0000000000000, 0x9bf9, 0xf8, 0x3, 0xffffffffa330d134, 0x463], 0x3, 0x7, 0x80000000, &(0x7f0000001ec0)=[0x1, 0x3, 0x0, 0x8, 0x3, 0x6, 0x2], &(0x7f0000001f00)=[0xffff, 0x6, 0x9]}) sendmsg$kcm(r6, &(0x7f0000001880)={&(0x7f0000000140)=@generic={0x4, "8c46b416d0772fccaec5aae5b6608e959b783020c66400ad084a94dd13c2781872f33a1d79df4f2528bbd9143513d23d0c18ec1b524462cc6bcf4b179bb299e8b5f87316c84f64cbe49b484756e8b14ed7d86d20e39a4e8100fcaf42bdc23d9d3dfa1554afae92efb7f21b174144d596bd0d23cc8de3159dc71a2a5da16a"}, 0x80, &(0x7f0000001500)=[{&(0x7f00000001c0)="dcb6490cd420f8dc860fda40b6fbaeb42e58982b371535f25f06ae59e43f8bf46b186e5bc3dc3276349b31615c0013d04b3b6dae3c5fa314f19f02ec25bc4ff9a496bb3f4e6d93d72a3186a85d847c3590f3928b7a958e7d37be9dd3fee2c73564eb3a4881ec0dd5d1577f6377ae61b508386e9b4dbf03cdf68bf72edcc4458492bcdcb4c4bfde95173385b21dd519339e8d051c79abc8b492932c84f04788c6e96b01bae75d267763bdb8", 0xab}, {&(0x7f0000000280)="25e46d0404350e67e829f750010593048dd6b79e9f69b4dfccefb5da4766c35d1893cdb77c35c8b1f567746da2bc7c9a7f315cee6c70ae9a9eb71e5860647f397255b6577c496055a1d82739bf32f13f3b844f8e411bd870d4620264246862d8b59d5e78ed50a4337359b0e687a2a406ad92075832243fa0133ef9fa3b8f0ad8d747287c3b0799d4714202f20fb8bdcca845d47f5689201a1e21a2f05729d2ae984563f888629f8e2f3dc32dcf0c3d46", 0xb0}, {&(0x7f0000000340)="9ff313e2746a3f294a499d3d30f6e38be6a821cb59b6645f29c926c219e0c2687bcadf88c2fc9d2eb3aec0dbe8e02380cb9ef42494050786141bc8b2bee196c05eb09d71de61bd54cb630f03e8e41fb6d60863e3e6ed46564f9494c085ec3496ce4f2f2b198e2508817a0882dbda2e2a7ea237a97721d7908c4e21f30a112f6445e7", 0x82}, {&(0x7f0000000400)="5bda1ed4fb3758f4cb9ff8c1ee1a79f82e7bcbe1d178d6727490ce96a6a1711b2fb60e3a0bfc3f092b56d793f10e87a7bcecfdb5fd0d1d5b4bcc66aeddb835407cbbb09898d5797c73ce75a1a7b3243c4f56fcbc38d8cd04ee2bf7d60e2bbf8cf0888347c8a675cbef75d2b894f3513a447cc20c8234039f5975fbac055c82986bb64d9e6d8608ecfae48f1bcb2a291866c945d8a32dddc82561fcf9416cfefecfea00908b2627d5e92bfed52a063e2cd6ee3d319fd37d2be284b93c0bed62b76b2f380cbc784c2ef3718952e92b32ff5b987cf19e62f1cb1e480af11f8a4ff0bcbe9ed6b30b43213af56d04699def2fe684b1ffb057cdc85f6dea073367f7870d390a163f6cf60d3eafbc696261f4ac42ee6d4a58ec7fe0bab40bf97cd5789f70923983218629fb57e195d2cbb5095a45260710409e00cddfe3f577fda5ed539772c6451bc16a36ef1984e2e3a5692aa8f02852551470f8aed0bce212554ec3f36dae5c20b7114059a58273206e80606517c24379b9e5b14f3f0414d36c64259d47e0e774e40cb93db8ede9fca990f5f11b9dd440128cb67e013cc13f0aca3d5660c48067ad06b40f4ddd3801db407040d1dd0f4849f2d01bbdaa545f4a205c4d78de945b72821670457d429eab7b92f42f5c0819fabf026575117c66cb9f9d3e85e2c58fdc92e8aea92fb213eae306551ce867fc762423e4a27137e3f25febcc15385fc08b40adece03989fc57fbfc8e934d25def22ad7a3fe0e6d07d33f566a97b9d1595cd563ff718b135c5fbc66e6c6e2cd18e20b1630eeb0e401f7ce977f4da88219c37adbfb0a6297aea71d0f2b28ff14660fcc7c65535f6b2cc834c505c6c5248aad093b98a692aafd8b4e7d3ebf4f7fd5f72a86d0283b2915928ab0177352cd3fb9c3110827d3f5235a1421119afcddf4923f5886a366cba132ea0cb0a2b435a9ba8f0084f4a3e47564461a93521dfd5835b1f4e00724ec63c06731f8c419a5b5bd14e245ee753f48b08564d9108560c85f11dc8b6bf2829f2043e74841cdca8e22e6b9e7f491dca78fe40667845d86f36ca4b849aba2711e12e8b2f055ac748d244b0e4ee2789c3d221e36d90947d8323eb62332a51c44775e0f672bc7a00a9e2b211d492d51f79939d39aefe68958334b27f3ac0a63aa9eac507925849c96d95b03460b9df21981f026b51c304d58dae68bd948e61295ffa62e2a48353e3e805d1c0a2c21bcc1cc217576b372101e10098ec4f0a3a00f80762abe0f78437006fef3826865fa07df1eeccfd71e84926c4086a3f4fd9ed19b10aeab93d8e0189f5fc82e710a864a700b5c92fdd9f5094a19b23dd040d7b539c4273a8841af3eb56a750b99637a445ae421cc48ba07935f9a6f6422490249acadd622acb9f7fa45d5184f957954ef2c2f163503e5160edd1ad965ba24b6d0e772cc3a672c04c533f920b40527e3a44c5f822984ce64f5bd80f467cbf937d7e75d7f6cafb89da24ab5542669afe8baeff3f0049788cfb9045d2e86935aaab7c338d7111fd2ac1834c533d69cdbbc769581b2a5950eec990cfd7ee8e87dd5d60be1dcf3cb558f0de41a9377ba82700eedfaa2bdbe965b1d30ab35c0093a8ec4950b77df0e6c446a7be66c8e357cb7fd6e3cdc1184f2465b5312142370184afcffaeb56c1d7fa19d55e61b82ae56954d78b820d9d493ed47276bdc2e82d175b212a5d06258c3fd7fb753554be463ebd540874166f9d7c18435e0f14533d58c90d6e59439409b88474c23ab778bf53f25a4c1cee8bda897ec8d852d9ff2fb44f621163cc7d7b71bbfc86c1a5e595e082c342d8c5f8d84295dfae5ed01bc2a134764b4917bed9e741ab3d2633a55413980886cc2587c341966015b91e0925b3187db33da384664525edcea17157b24375246a73f3e967d589f84d97d7c823f4cdb897e34a3fa428279bd580ccdcb611912f82a17b5fd122dc24b9a3ec51dd6c6e76dfd62cd845ea0fa4851c87eee5a3227fe68a666c697c477b5a3d91898992755a9bfb6019520881fb6575820c16332cced2563d29c6ad87b83e1c06468c0eb94f3a6e2680f12d16ea44475094f3f9241d3871c84d569e20e88451846ee84726b4b6b4551de3d48c883286259ab2edc6caec3b56c57c42df587d2c7a0742ac6da36526d62c09dc0364c56b49fa97946b5027ea93aa0cdc166d97ba9eb9f311341f05c6714a13dc2dec86ff08764376f6e2c8680d935f431d3b422378583578ae62d5e8f6f11742f5e3b1aaa265ae74b5db6f268dd1e5c733078b54fd23932f41ec413e2a66b9a428b98a58e83a466e3993b0ba7b8715f3740fab2bfd7c7023900707796c76e9bb57778a0c1a7740591b6db5d01f9555418a45776d85cd99911f560d57ac63972aff93de97a75f45510bcd65c644b0f82b9941d353f419e96393eadc9192f272c78bc9517587be6d9cfd98e9564a0fe6a2f0219d9047f44de03284d4b672af019d35df4f5d44dc3a581e1a8287dca4324989bda984cd371f52bdb1a642fd3ebf86183dca35475f609773e92572c41f5aee5e8a1288436701e2b595ad3e001fd9e4c78ba2fc68d4f8a0654c932c261ec63c1f8beb9b4235df1c74553c1bfc175be3c7df76099c27bc37d2ea7fc464d17a861bce469b99d229fde6c74f3ba40953a1c3b9c9314a930415f294b5173702b94f83d7086a64aaeb7ad484dcc869456e579ea125dec14180183c16d33d013fb8701b6d309805403a68d6de9b596475ea8b2f48e6f8c548010eb589da0141043911234d2bb66fcb54130993a0aff5f8d92fb77ed29030aa2b7a93268c57f164154efc457d4dc7652adc13cd6f163e8ff9e647854e258f2d976060190f3b22dc1b5908900cd0e6de7eafa2ba05e2912eacb444ff232b80d36a3c118017d36cc3ec374e5649d08bd36e29d6ae575bf3b54c71c892c1732d3760360ffe17657b56bdfacd5bed276b412c1f552bf0f83a09e342b452021126052395d7509092d1785a3b4c34fbe000eed419db481145f07ebd8dfad12990863166954e1eb1d2d5b0d56a0f6b6457fb3da43834f85b36614aded73c0ac600e0a811d25dacfcea6bc8988b92e0c4ae3706ca2e7b01ffda2e1872be63dd17e30db3b4e0444605293b5a4d1d82baade41c587752eb06b7f467fab861caad9613e0a6298da6ca4e2c370bec5d2f629ac01cb0ddbb819aaff8cedb1f7cc6764187b517be4649c9ad8eab83c1743bcef2d3e318beb6b67d70ab9eba070afce727b4302c2f7a6d18705a93994a4606285317457a470e26fe21aad5ef8b68009fcbd18ef9705bb2c004916bea684ca3663309676b2792bae4b48a148cf3e3da1ca9320395994a39d7a3cd9c6c537cf06dd6cf484557d1577d938dc1810e7269067a434f7176480300bad5555b6d0c180d696cf798242c2afb4cc1f2af95acf5b257dd3ce3de1974c82471552786fe5317a61846bfb4863799b8e8f1b7ac505b08ea60c5e33e9d18ead664aba8ae8e7caa68b1b537a1abb78371a9328efc00d75bebe877107e69f7a01deef7114a3c38d3180abedc110e128392b771a5537afe55416c019cc909c254c7a128875b2ae9f71e56d7ef809514e5231204861ef0bd12b7c82bf4177430907eb1bfd7cb2a58289d877f844f390e1dc866437cc901c4d8c893c160e4da34b346131efb3e87bd7ded9336a9c5842921d6332155d0bfc1e19bb236fecb87bbca1fd7662fe5fc73d6fd800072354c043fba44fc4920a86c139967a2b28179517f510041adc84cc8b2e70616ad9b5cf65a6cbe9aa1dd35aed97086a457ce242a4260c828a0aa62f8d2d9b31e6903333575b05e8b486a4b406528cc1d6a559be6c82c8a615be2f89546f8fb4f9a0d19e52a30c6e35936996fa63aeee32bccefba6956475a17f90b7c3ba3d7162b58a36242e68f39d5f876470ee3f8b2d0ae7eab0f7dfe700a30e65bc2f37862cbcb341bc23ef5c9ab35bef7f1da2c0a9cdfc4db2a0e6e6c4193a1ab5b06c4209357027ae884d6bc684995d7ee3c8e2d9911f5f35c3a0f722fd9e8746f98d5449f2c6664d4ac04fe2e67f50e0f0592aaf4e00f5dc6a071b6f2ca0c7ec4c57ecaf5a582052c65be917d3ad2d3ab8b2dbc2ffc9254749a5dee469f26c0cf2aded1e9c0a867732a26efdd15d8ec848465ff87095e2cfafbc8a8f2ee709bd1e2d7e1cbfa8908decc75451c84748f9204ed48b7a33d1ad9434ccaeeb55aa917347111753bbd098a55fe1b6fce5c0f1f9a386cc5e2002aa00f962240654ea6c90332870757f7eaf73b48f6ffb4eebdc418e0caf434cd7b86c43ba6c0c45b8ded273ab87766d60853f86fb62c6a8bff4633c96ba168e41ee236daae7839a26960a39f53ac3887484cc340fd68526afd97337de49efd4ea298d78bf7f6a48278fff8fb5a4ea724798603abb4d5aad84db5cbaa720da8fecb3c85d49c595941ec2c55dd822b8a04f480d8b507d5e3872f368ce172e279e61273ee25966ca782fb71230ab1fb68fab01ceadddaa75853ff8952fc4fb6c3f55bad9639121e64c356ca17cb1fc51b227ff32e1d2e89a2b062279429d6ad53a64328b632952b09085b7d22155f7e03b77cd52e3f95eb87216e328ee72392ee9d2c5a8aa7abe3bc871ee615a0e60822d86a876e9a37ff760428175fb79a453b723a4bcf53f99152adc197872759ce276a432be54f74110c04c0b6b934a50e034dae34ee59cb99150fd2e841836368cb5e1e5fb92a33d5119948a45f96bb109be2f0ae942d58e673cea6a17e59993d426f8189181161f07ceb815cf8bbcbf8bd4233e78473b5e5bbf6ab413e3e764d31b4c0fa324f8fc2085143c648606a51f0652ef2ef44f69b779ee2260aad74c9e4e4cea75a9a9ddff28f7137ff50a3d3e16c56ea1c5d0db49fdcb3986e979b6c2d38da07b294577a1362c25c6cc2bfffd468f92074e51ff886217527a66f2f8c2f58d2b8e757bfd00deca3e69ade354c10582c07330c86250257e0991150c0e44b461056717a84b1bc990b934c1537ef564fc36650079d167011e61aff317394ce445106c104607e15d24fc674cfeefcfb42438678a02e397ba52bf527cab9e0cb1cc7f432f9c989f5141f6d20ae494568e60e1de5eb6a9923b8625be6d69e130876ea2bf79b1d0dc53192bf82394dde0abde655c4ced2265bfac8a897a12322cec5962c573aa01061bb4cdf0a99efef2150a6f7d4d0c7b97471b1e7559c1ca2e948b1f233dcbd5906652625a3ff4c7208878da623529132527b7f6a2349af4b086af25a95c122a88cdd828f42d095446af8755fec4eedb0cbff8f2839eeee39f4c8f9c1e57cbaf37fb56802191941996241dcb0de7db45753095dd6e15cd9ae46c07516e51da3ee7901e13395511794e9a6e3b68f9398e9850363236e5bea4301d632e1737e813fc6d2497a34d5eed74b016d1739663f7986715f61ebd44de2a4681771c61e9bb55ad9e7aadc4b6d987de767529bdeed761103fa351e06b66c2dd37d6ca81ddae09d4bdfc203811bc99542c2a98fe12c7fbb86c919e6dbf775484de9dba548efde3b1cb181ed3cbf36707d0a747612d3b52034a38e527df2ab4d3fa0602208b5d952cd16018e10bcb885e9e7461f9cb32127bd16a47f4d2c8ed19a10a5b785430e1dd3c86815ef426c8d3c5276de4ba6eeaf282eb0cdb91dd6f92bf2a7af6c10f6020fb5d7989440eeaf23cbd916ec18329261eb62bf8de3268e30e9274b6c4da6d6c4315d379520cb0a9dba9173e2c243bb3caa4fdb20cd44cdb3aea65ae71da", 0x1000}, {&(0x7f0000001400)="fcfe61e5bbebbfb06b7d6936717614c09efd964521e301dca446ef9363d663a57fa4021105e4ad07f5a7e5c339e0d4b72f90bad3fb8de9e4de8dd10909a1f1ca7465a45e60cabe139cd6435245af28356df038715ea0de64983bde06f4251fb5d4de9c5d8f2b78bc4627bd3725b836711d95c971d7a4", 0x76}, {&(0x7f0000001480)="d7e4facd8d94fa1c43c9bc36b914b4d964b9c9", 0x13}, {&(0x7f00000014c0)="5290cd81c23c53f7015eed12c9a8852ba7ca8ddcd1b273cc7efe5649", 0x1c}], 0x7, &(0x7f0000001580)=[{0xa0, 0xff, 0x8000, "9b18e6c18a9ebf7395aada84f37a023c77867159567b3f71b63a5373a2751160fb5c4352ea7b8878f51fc0febbe0bd71c79ecaea012563e5496d6d02925fcf84062a69b4f113dcbed107065283d33138af53897d9abeb7f99bed4585087a5ccec348186e6ccc94e13092afdb4500cde98c213408936c401494729cf672ebff75468223abcafee8f185a1"}, {0x38, 0x11f, 0x1ff, "005a23498f7e2eed2bd4bf574fb2d3c0d9ba4e26e50fb7b0d72e9ed69e5b3a16d391227b"}, {0x110, 0x113, 0x8aca, "b61aa9b0d1c5bb5bddcd384bfcae307e14f0ea7f5a4267d3f2561873c8df3e5b907f22995d00dac461f2bc45384d53253752693852e4467e6cbba68699cc87f828e3c97decc85438c5d4d6a59a75d58e57ee81045d02e3078528db5752c206dcd141e97259c78e55cdbbe5d06cc8e7ad185cea19e91cceabc83eace5443e9336d657873d68c19853a674ffe99a63e576e443fdac2f7063e99e961b3083dffb2f774438ee3c84cc42958b83bfda0ec418bf549342a050fca275d781138de77e4ca04d9516b472a65e5f94a3e5a3917580fcd0e789fb49a22666d0d422623fdf344f2f996b940b30ce637372bd6fff700ae7eb5cf7c6c202ac01"}, {0xf0, 0x114, 0x3, "a297be6b4a59628a8740d9b54630e29af93782dacf5c4da8429def5b0ffb3d288dc0c3ad8717fc28c308ab393ede3af4185e7863f5ffe416c69ae295dc7e9ef49891f58a09ffb5ddd93b500ba42c2caef7a061e695e1ccbff1196f57ac8fa30cc7e5bd26207c23d8b8a9d815fe59d4d39fd785236f1480748573ac3d7b5b7a965b416285d6be3a3004ad79d55fa6580be222554f8223f166e7959475e7d8f1e77f7532a1c9ba65dd08d26bd6539da488a5334a80d6b6bd1e0379df9a0d80f87cc55be06a3bfec8d8bccb81fbea11ac6fd29b401d2698723c5375edaae4"}], 0x2d8}, 0x20000000) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r6, 0x84, 0x10, &(0x7f00000018c0)=@sack_info={0x0, 0x3, 0x7}, 0xc) getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f0000000080)=@assoc_value, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r6, 0x84, 0x12, &(0x7f0000001940), &(0x7f0000001980)=0x4) ioctl$TUNGETSNDBUF(r0, 0x800454d3, &(0x7f0000001900)) [ 216.572689] ? __pmd_alloc+0x410/0x410 [ 216.576597] copy_process.part.0+0x4764/0x6a00 [ 216.581201] ? __cleanup_sighand+0x50/0x50 [ 216.581213] ? lock_downgrade+0x6e0/0x6e0 [ 216.581229] _do_fork+0x19e/0xce0 [ 216.593034] ? fork_idle+0x280/0x280 [ 216.593052] ? fput+0xd4/0x150 [ 216.593065] ? SyS_write+0x15e/0x230 [ 216.603656] SyS_clone+0x37/0x50 [ 216.607026] ? sys_vfork+0x30/0x30 [ 216.610575] do_syscall_64+0x1e8/0x640 [ 216.614456] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 216.619307] entry_SYSCALL_64_after_hwframe+0x42/0xb7 07:37:16 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400, 0x20, 0x3f, 0x100000000, 0x2, 0xff, 0xfffffffffffffffb, 0xffffffffffff8f65, 0x3]}) [ 216.624489] RIP: 0033:0x459879 [ 216.624495] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 216.624507] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 216.624513] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 216.624519] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 216.624524] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 216.624532] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 07:37:16 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241}) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000040)=0x0) r2 = syz_open_procfs(r1, &(0x7f00000000c0)='net/l2cap\x00') getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r2, 0x84, 0x12, &(0x7f0000000140), &(0x7f0000000180)=0x4) fcntl$setownex(r0, 0xf, &(0x7f0000000080)={0x1, r1}) [ 216.667235] x86/PAT: syz-executor.1:10856 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:16 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x200000000000, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) r1 = syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x262, 0x210000) timerfd_settime(r1, 0x1, &(0x7f0000000080)={{0x77359400}, {0x77359400}}, &(0x7f00000000c0)) [ 216.718021] x86/PAT: syz-executor.4:10862 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 216.724681] x86/PAT: syz-executor.1:10856 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 216.745894] x86/PAT: syz-executor.2:10835 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 216.752142] x86/PAT: syz-executor.4:10866 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 216.761148] x86/PAT: syz-executor.1:10856 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 216.763613] x86/PAT: syz-executor.4:10866 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 216.778773] x86/PAT: syz-executor.2:10835 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:16 executing program 2 (fault-call:8 fault-nth:43): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:16 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400, 0x20, 0x3f, 0x100000000, 0x2, 0xff, 0xfffffffffffffffb, 0xffffffffffff8f65]}) 07:37:16 executing program 3: r0 = accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000180)=0xe, 0x800) fsetxattr$security_capability(r0, &(0x7f00000000c0)='security.capability\x00', &(0x7f0000000140)=@v1={0x1000000, [{0xbb, 0x7f}]}, 0xc, 0x1) r1 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780}) 07:37:16 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000140)={0x0, 0x35315241}) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000040)={0x0, 0x32315258, 0x2448, 0x21fd, 0x3, @discrete={0x3cf, 0xffffffffffffffff}}) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/sloppy_tcp\x00', 0x2, 0x0) ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f00000000c0)={0x0, 0x0, 0xd9}) ioctl$VIDIOC_G_PRIORITY(r1, 0x80045643, 0x2) 07:37:16 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:16 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000080)={0x0, 0x6}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000140)={r1, 0x3ff, 0x7, 0x76ae, 0x8, 0xff}, &(0x7f0000000180)=0x14) recvmsg(r0, &(0x7f0000000380)={&(0x7f00000001c0)=@pptp={0x18, 0x2, {0x0, @remote}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000002c0)=""/129, 0x81}, {&(0x7f0000000500)=""/242, 0xf2}, {&(0x7f0000000600)=""/171, 0xab}, {&(0x7f00000006c0)=""/186, 0xba}], 0x4, &(0x7f0000000780)=""/84, 0x54}, 0x10000) 07:37:16 executing program 3: pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f0000000080)=0x56) r1 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f0000000100)={0x0, 0x35315241, 0x780, 0x400000003e45ed61, 0x3}) 07:37:16 executing program 5: ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0xfffffffffffffffc, 0x35315241, 0x1f, 0x0, 0x3}) 07:37:16 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400, 0x20, 0x3f, 0x100000000, 0x2, 0xff, 0xfffffffffffffffb]}) 07:37:17 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 216.983431] x86/PAT: syz-executor.2:10891 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 216.991386] x86/PAT: syz-executor.4:10896 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:17 executing program 3: r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0) ioctl$GIO_SCRNMAP(r0, 0x4b40, &(0x7f0000000080)=""/27) r1 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f0000000100)={0x10000, 0x35315241, 0x780}) ioctl$VIDIOC_DBG_G_CHIP_INFO(r0, 0xc0c85666, &(0x7f0000000140)={{0x1, @name="944f5d045dff11561d6dd8500a01e7d3946fa987311abaffde690ed2e38f94e6"}, "533b4463330a796ea615c7909e88262d706a9afee10152a1a48ca7a4668d711c", 0x3}) 07:37:17 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/user\x00', 0x2, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 217.025121] FAULT_INJECTION: forcing a failure. [ 217.025121] name failslab, interval 1, probability 0, space 0, times 0 [ 217.064433] CPU: 1 PID: 10891 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 217.067033] x86/PAT: syz-executor.4:10908 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 217.071569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 217.071576] Call Trace: [ 217.071595] dump_stack+0x138/0x19c [ 217.071613] should_fail.cold+0x10f/0x159 [ 217.071632] should_failslab+0xdb/0x130 [ 217.071648] kmem_cache_alloc+0x2d7/0x780 [ 217.071665] ptlock_alloc+0x20/0x70 [ 217.071677] pte_alloc_one+0x60/0x100 [ 217.071687] __pte_alloc+0x2a/0x2d0 [ 217.071702] copy_page_range+0x11ba/0x1bd0 [ 217.071713] ? SOFTIRQ_verbose+0x10/0x10 [ 217.071746] ? __pmd_alloc+0x410/0x410 [ 217.071764] copy_process.part.0+0x4764/0x6a00 [ 217.071800] ? __cleanup_sighand+0x50/0x50 [ 217.071811] ? lock_downgrade+0x6e0/0x6e0 [ 217.071827] _do_fork+0x19e/0xce0 [ 217.071841] ? fork_idle+0x280/0x280 [ 217.071855] ? fput+0xd4/0x150 [ 217.071866] ? SyS_write+0x15e/0x230 [ 217.071880] SyS_clone+0x37/0x50 [ 217.095269] x86/PAT: syz-executor.5:10906 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 217.096066] ? sys_vfork+0x30/0x30 [ 217.096084] do_syscall_64+0x1e8/0x640 [ 217.109652] x86/PAT: syz-executor.5:10906 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 217.111927] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 217.111946] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 217.111955] RIP: 0033:0x459879 [ 217.111961] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 217.111973] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 217.111979] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 217.111984] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 217.111989] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 217.111996] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 217.117547] x86/PAT: syz-executor.5:10906 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 217.197869] x86/PAT: syz-executor.2:10891 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 217.232126] x86/PAT: syz-executor.4:10908 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:17 executing program 2 (fault-call:8 fault-nth:44): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:17 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400, 0x20, 0x3f, 0x100000000, 0x2, 0xff]}) 07:37:17 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:17 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/user\x00', 0x2, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:17 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000080)=0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000100)=0x0) tgkill(r0, r1, 0x33) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:17 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x10) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x80000, 0x0) unlinkat(r0, &(0x7f0000000100)='./file0\x00', 0x200) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 217.233434] x86/PAT: syz-executor.2:10891 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:17 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:17 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400, 0x20, 0x3f, 0x100000000, 0x2]}) [ 217.343250] x86/PAT: syz-executor.5:10923 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 217.362427] x86/PAT: syz-executor.4:10924 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 217.377432] x86/PAT: syz-executor.3:10925 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 217.403379] x86/PAT: syz-executor.5:10923 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 217.416274] x86/PAT: syz-executor.2:10928 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 217.416713] x86/PAT: syz-executor.3:10925 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 217.436205] x86/PAT: syz-executor.4:10930 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 217.438057] FAULT_INJECTION: forcing a failure. [ 217.438057] name failslab, interval 1, probability 0, space 0, times 0 [ 217.459384] x86/PAT: syz-executor.5:10923 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 217.471963] x86/PAT: syz-executor.4:10930 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 217.479265] CPU: 0 PID: 10928 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 217.487746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 07:37:17 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:17 executing program 3 (fault-call:2 fault-nth:0): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x8}, &(0x7f00000001c0), 0x1400) [ 217.488814] x86/PAT: syz-executor.3:10925 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 217.497090] Call Trace: [ 217.497106] dump_stack+0x138/0x19c [ 217.497123] should_fail.cold+0x10f/0x159 [ 217.497138] should_failslab+0xdb/0x130 [ 217.497148] kmem_cache_alloc+0x2d7/0x780 [ 217.497167] copy_process.part.0+0x444f/0x6a00 [ 217.528939] ? __cleanup_sighand+0x50/0x50 [ 217.533176] ? lock_downgrade+0x6e0/0x6e0 [ 217.537363] _do_fork+0x19e/0xce0 [ 217.540815] ? fork_idle+0x280/0x280 [ 217.544517] ? fput+0xd4/0x150 [ 217.547685] ? SyS_write+0x15e/0x230 [ 217.551384] SyS_clone+0x37/0x50 [ 217.554730] ? sys_vfork+0x30/0x30 [ 217.558249] do_syscall_64+0x1e8/0x640 [ 217.562112] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 217.566938] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 217.572107] RIP: 0033:0x459879 [ 217.575275] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 217.582961] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 217.590213] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 07:37:17 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x8003f1) r1 = open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000000c0)) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000500)={0x0, 0xffffffff}) 07:37:17 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400, 0x20, 0x3f, 0x100000000, 0x2]}) [ 217.597469] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 217.604723] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 217.611971] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 217.633611] x86/PAT: syz-executor.2:10928 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 217.644985] x86/PAT: syz-executor.2:10928 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:17 executing program 2 (fault-call:8 fault-nth:45): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:17 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) recvfrom$unix(r0, &(0x7f0000000080)=""/31, 0x1f, 0x2, &(0x7f0000000100)=@file={0xa15a774b392f1480, './file0\x00'}, 0x6e) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:17 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 217.756623] FAULT_INJECTION: forcing a failure. [ 217.756623] name failslab, interval 1, probability 0, space 0, times 0 [ 217.769536] x86/PAT: syz-executor.2:10950 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 217.773541] audit: type=1804 audit(1566718637.790:77): pid=10944 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir303416479/syzkaller.Xqy0vd/193/bus" dev="sda1" ino=17024 res=1 07:37:17 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400, 0x20, 0x3f, 0x100000000]}) [ 217.789539] FAULT_INJECTION: forcing a failure. [ 217.789539] name failslab, interval 1, probability 0, space 0, times 0 [ 217.822283] x86/PAT: syz-executor.4:10951 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 217.862458] CPU: 0 PID: 10946 Comm: syz-executor.3 Not tainted 4.14.139 #35 [ 217.866204] x86/PAT: syz-executor.4:10951 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 217.869593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 217.869599] Call Trace: [ 217.869616] dump_stack+0x138/0x19c [ 217.869637] should_fail.cold+0x10f/0x159 [ 217.869653] should_failslab+0xdb/0x130 [ 217.894406] x86/PAT: syz-executor.4:10951 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 217.897982] kmem_cache_alloc+0x2d7/0x780 [ 217.897998] ? lock_downgrade+0x6e0/0x6e0 [ 217.898014] getname_flags+0xcb/0x580 [ 217.898028] ? __mutex_unlock_slowpath+0x71/0x800 [ 217.911526] x86/PAT: syz-executor.4:10956 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 217.914766] ? check_preemption_disabled+0x3c/0x250 [ 217.914781] user_path_at_empty+0x2f/0x50 [ 217.914797] SyS_name_to_handle_at+0xdc/0x430 [ 217.914813] ? vfs_dentry_acceptable+0x10/0x10 07:37:18 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400, 0x20, 0x3f]}) [ 217.919913] x86/PAT: syz-executor.4:10951 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 217.922738] ? SyS_write+0x15e/0x230 [ 217.922754] ? do_syscall_64+0x53/0x640 [ 217.922767] ? vfs_dentry_acceptable+0x10/0x10 [ 217.922779] do_syscall_64+0x1e8/0x640 [ 217.922789] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 217.922807] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 217.922816] RIP: 0033:0x459879 [ 217.935457] x86/PAT: syz-executor.4:10951 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 217.936478] RSP: 002b:00007f2b82cd2c78 EFLAGS: 00000246 ORIG_RAX: 000000000000012f [ 217.936490] RAX: ffffffffffffffda RBX: 00007f2b82cd2c90 RCX: 0000000000459879 [ 217.936496] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000000000003 [ 217.936502] RBP: 000000000075bf20 R08: 0000000000001400 R09: 0000000000000000 [ 217.936508] R10: 00000000200001c0 R11: 0000000000000246 R12: 00007f2b82cd36d4 [ 217.936514] R13: 00000000004c5fb9 R14: 00000000004dac60 R15: 0000000000000005 [ 217.997793] CPU: 1 PID: 10950 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 218.038485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 07:37:18 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400, 0x20]}) [ 218.038491] Call Trace: [ 218.038506] dump_stack+0x138/0x19c [ 218.038522] should_fail.cold+0x10f/0x159 [ 218.038537] should_failslab+0xdb/0x130 [ 218.076583] kmem_cache_alloc+0x47/0x780 [ 218.080655] ? __lock_is_held+0xb6/0x140 [ 218.084715] ? check_preemption_disabled+0x3c/0x250 [ 218.089742] anon_vma_clone+0xde/0x470 [ 218.093643] anon_vma_fork+0x87/0x4d0 [ 218.097453] copy_process.part.0+0x45e2/0x6a00 [ 218.102063] ? __cleanup_sighand+0x50/0x50 [ 218.106302] ? lock_downgrade+0x6e0/0x6e0 [ 218.110459] _do_fork+0x19e/0xce0 [ 218.113914] ? fork_idle+0x280/0x280 [ 218.117636] ? fput+0xd4/0x150 [ 218.120860] ? SyS_write+0x15e/0x230 [ 218.120878] SyS_clone+0x37/0x50 [ 218.120886] ? sys_vfork+0x30/0x30 [ 218.120900] do_syscall_64+0x1e8/0x640 [ 218.120909] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 218.120925] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 218.120936] RIP: 0033:0x459879 [ 218.140213] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 218.140226] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 07:37:18 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:18 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 218.140231] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 218.140237] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 218.140243] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 218.140249] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 07:37:18 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mremap(&(0x7f0000ff8000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000ffc000/0x3000)=nil) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 218.333384] x86/PAT: syz-executor.2:10969 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 218.348093] x86/PAT: syz-executor.2:10969 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:18 executing program 3 (fault-call:2 fault-nth:1): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x8}, &(0x7f00000001c0), 0x1400) [ 218.374940] x86/PAT: syz-executor.4:10971 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 218.412297] x86/PAT: syz-executor.4:10971 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 218.461077] x86/PAT: syz-executor.4:10971 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 218.488058] FAULT_INJECTION: forcing a failure. [ 218.488058] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 218.499895] CPU: 1 PID: 10978 Comm: syz-executor.3 Not tainted 4.14.139 #35 [ 218.506995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 218.516348] Call Trace: [ 218.518935] dump_stack+0x138/0x19c [ 218.522566] should_fail.cold+0x10f/0x159 [ 218.526723] __alloc_pages_nodemask+0x1d6/0x7a0 [ 218.531390] ? fs_reclaim_acquire+0x20/0x20 [ 218.535717] ? __alloc_pages_slowpath+0x2930/0x2930 [ 218.540742] cache_grow_begin+0x80/0x400 [ 218.544801] kmem_cache_alloc+0x6a6/0x780 [ 218.548949] ? lock_downgrade+0x6e0/0x6e0 [ 218.553097] getname_flags+0xcb/0x580 [ 218.556895] ? __mutex_unlock_slowpath+0x71/0x800 [ 218.561732] ? check_preemption_disabled+0x3c/0x250 [ 218.566758] user_path_at_empty+0x2f/0x50 [ 218.570904] SyS_name_to_handle_at+0xdc/0x430 [ 218.575401] ? vfs_dentry_acceptable+0x10/0x10 [ 218.579980] ? SyS_write+0x15e/0x230 [ 218.583695] ? do_syscall_64+0x53/0x640 [ 218.587662] ? vfs_dentry_acceptable+0x10/0x10 [ 218.592242] do_syscall_64+0x1e8/0x640 [ 218.596120] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 218.600963] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 218.606144] RIP: 0033:0x459879 [ 218.609324] RSP: 002b:00007f2b82cd2c78 EFLAGS: 00000246 ORIG_RAX: 000000000000012f [ 218.617027] RAX: ffffffffffffffda RBX: 00007f2b82cd2c90 RCX: 0000000000459879 [ 218.624289] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000000000003 [ 218.631555] RBP: 000000000075bf20 R08: 0000000000001400 R09: 0000000000000000 [ 218.638816] R10: 00000000200001c0 R11: 0000000000000246 R12: 00007f2b82cd36d4 [ 218.646086] R13: 00000000004c5fb9 R14: 00000000004dac60 R15: 0000000000000005 07:37:18 executing program 5: socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xf7c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x80002, 0x0) sendmmsg$inet(r0, &(0x7f0000000180)=[{{&(0x7f0000000140)={0x2, 0x4e24, @empty}, 0x10, 0x0}}], 0x1, 0x0) 07:37:18 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40, 0x400]}) 07:37:18 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:18 executing program 2 (fault-call:8 fault-nth:46): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:18 executing program 4: getpeername(0xffffffffffffffff, &(0x7f0000000a40)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, &(0x7f0000000ac0)=0x80) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000b40)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_DISABLE(r0, &(0x7f0000000fc0)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000f80)={&(0x7f0000000b80)=ANY=[@ANYBLOB="c8030000", @ANYRES16=r1, @ANYBLOB="000325bd7000fcdbdf25020000001000060008000100fcff0100040002007c00050054000200080003007f0000000800030009000000080001000c0000000800030006000000080003003f000000080001001000000008000200000000800800020000000000080001001e00000008000200050000001c000200080001000b00000008000200ff0100000800040005000000080001006574680044000700080001000200000008000100d27b00000c000300010000000000000008000200070000000800020002000000080002007b4400000c000300840a000000000000240101002400020008000300c30d00000800040003000000080003000300000008000400010000000800030003d1bb002c0004001400010002004e220000000000000000000000001400020002004e2100000000000000000000000034000200080002005a000000080003000100000008000200ffffff7f080001000500000008000200000444000400200001000a004e2100000003fe88000000000000000000000000010105000000200002000a004e200000000800000000000000000000ffffac1414bbc1ffffff08000300018000002c0004001400010002004e220000000000000000000000001400020002008001ac1e000100000000000000001c0002000800010005000000080003007f000000080001001d0000000800020004000400cc0005000800010069620000080001007564700044000200080001001a0000000800010019000000080001000e00000008000100090000000800040009000000080004002f0600000800010001000000080004000000000008000100696200000c00020008000200f30000000800010069620000040002004c000200080002003f000000080001000600000008000300000000000800030001000000080003000300000008000400ff01000008000200050000000800030006000000080003000100010008000100657468003400070008000100ea0100000800020089ffffff0800010004a700000c00b60000020000000000000c0004000600000000000000b80004003c00070008000300ff7f00000800030008000000080004000104000008000400590000000800030003000000080001001f00000008000100130000000c00010073797a30000000000c00010073797a300000000024000700080001000d0000000800020003000000080004000700000008000300400000001400010062726f6164636173742d6c696e6b00001400010062726f6164636173742d6c696e6b00001400010062726f6164636173742d6c696e6b0000"], 0x3c8}}, 0x4000010) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20ncci\x00', 0x795b7813014c13e8, 0x0) ioctl$PPPIOCGNPMODE(r2, 0xc008744c, &(0x7f0000000100)={0x802f}) bind$ax25(r0, &(0x7f00000001c0)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x2}, [@null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast]}, 0x48) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r2, 0x4040534e, &(0x7f0000000140)={0x2, @tick=0x8001, 0x9, {0x4}, 0x42, 0x3, 0x7}) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:18 executing program 3 (fault-call:2 fault-nth:2): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x8}, &(0x7f00000001c0), 0x1400) [ 218.731969] audit: type=1804 audit(1566718638.750:78): pid=10952 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir303416479/syzkaller.Xqy0vd/193/bus" dev="sda1" ino=17024 res=1 07:37:18 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40]}) [ 218.783728] x86/PAT: syz-executor.4:10987 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 218.794752] FAULT_INJECTION: forcing a failure. [ 218.794752] name failslab, interval 1, probability 0, space 0, times 0 [ 218.831314] x86/PAT: syz-executor.2:10991 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 218.832343] x86/PAT: syz-executor.4:10994 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 218.851239] CPU: 0 PID: 10989 Comm: syz-executor.3 Not tainted 4.14.139 #35 [ 218.858362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 218.867718] Call Trace: [ 218.870316] dump_stack+0x138/0x19c [ 218.873958] should_fail.cold+0x10f/0x159 [ 218.878118] should_failslab+0xdb/0x130 [ 218.882102] __kmalloc+0x2f0/0x7a0 [ 218.883109] FAULT_INJECTION: forcing a failure. [ 218.883109] name failslab, interval 1, probability 0, space 0, times 0 [ 218.885646] ? kasan_check_write+0x14/0x20 [ 218.885659] ? SyS_name_to_handle_at+0x21d/0x430 [ 218.885676] SyS_name_to_handle_at+0x21d/0x430 [ 218.910385] ? vfs_dentry_acceptable+0x10/0x10 [ 218.914962] ? SyS_write+0x15e/0x230 [ 218.918673] ? do_syscall_64+0x53/0x640 [ 218.922645] ? vfs_dentry_acceptable+0x10/0x10 [ 218.927221] do_syscall_64+0x1e8/0x640 [ 218.931098] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 218.935939] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 218.941118] RIP: 0033:0x459879 [ 218.944300] RSP: 002b:00007f2b82cd2c78 EFLAGS: 00000246 ORIG_RAX: 000000000000012f [ 218.952005] RAX: ffffffffffffffda RBX: 00007f2b82cd2c90 RCX: 0000000000459879 [ 218.959270] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000000000003 [ 218.966526] RBP: 000000000075bf20 R08: 0000000000001400 R09: 0000000000000000 [ 218.973787] R10: 00000000200001c0 R11: 0000000000000246 R12: 00007f2b82cd36d4 07:37:19 executing program 1: mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 218.981048] R13: 00000000004c5fb9 R14: 00000000004dac60 R15: 0000000000000005 [ 218.988326] CPU: 1 PID: 10998 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 218.991525] x86/PAT: syz-executor.4:10994 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 218.995428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 218.995434] Call Trace: [ 218.995449] dump_stack+0x138/0x19c [ 218.995467] should_fail.cold+0x10f/0x159 [ 218.995482] should_failslab+0xdb/0x130 07:37:19 executing program 4: r0 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) openat$pidfd(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self\x00', 0x400000, 0x0) 07:37:19 executing program 1: mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 219.011859] x86/PAT: syz-executor.4:11000 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 219.013474] kmem_cache_alloc+0x47/0x780 [ 219.013490] ? anon_vma_chain_link+0x142/0x1a0 [ 219.013503] anon_vma_clone+0xde/0x470 [ 219.019533] x86/PAT: syz-executor.4:11000 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 219.019697] anon_vma_fork+0x87/0x4d0 [ 219.019715] copy_process.part.0+0x45e2/0x6a00 [ 219.019747] ? __cleanup_sighand+0x50/0x50 [ 219.026605] x86/PAT: syz-executor.4:11000 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:19 executing program 1: mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:19 executing program 1: mkdir(0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 219.027820] ? lock_downgrade+0x6e0/0x6e0 [ 219.027840] _do_fork+0x19e/0xce0 [ 219.027854] ? fork_idle+0x280/0x280 [ 219.090206] ? fput+0xd4/0x150 [ 219.093395] ? SyS_write+0x15e/0x230 [ 219.097107] SyS_clone+0x37/0x50 [ 219.100475] ? sys_vfork+0x30/0x30 [ 219.104019] do_syscall_64+0x1e8/0x640 [ 219.107910] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 219.112762] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 219.117954] RIP: 0033:0x459879 [ 219.122064] RSP: 002b:00007fcec12ddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 219.129789] RAX: ffffffffffffffda RBX: 00007fcec12ddc90 RCX: 0000000000459879 [ 219.137158] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 219.144424] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 219.151685] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12de6d4 [ 219.158936] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 219.199420] x86/PAT: syz-executor.2:11010 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 219.217365] audit: type=1400 audit(1566718639.230:79): avc: denied { map } for pid=11012 comm="syz-executor.4" path="/selinux/avc/cache_threshold" dev="selinuxfs" ino=25 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:security_t:s0 tclass=file permissive=1 [ 219.219133] x86/PAT: syz-executor.4:11013 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 219.259483] x86/PAT: syz-executor.2:11010 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:19 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xf7c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000200)='Q', 0x1, 0xfffffffffffffffb) keyctl$chown(0x4, r0, 0x0, 0x0) 07:37:19 executing program 1: mkdir(0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:19 executing program 3 (fault-call:2 fault-nth:3): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x8}, &(0x7f00000001c0), 0x1400) 07:37:19 executing program 2 (fault-call:8 fault-nth:47): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:19 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2, 0x40]}) 07:37:19 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) accept4(r0, &(0x7f0000000ac0)=@xdp={0x2c, 0x0, 0x0}, &(0x7f0000000b40)=0x80, 0x0) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000b80)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @remote, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x8, 0x4f, 0x0, 0x0, 0x9, 0x40, r1}) [ 219.290213] x86/PAT: syz-executor.4:11017 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 219.299009] x86/PAT: syz-executor.4:11017 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 219.308619] x86/PAT: syz-executor.4:11013 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 219.318228] x86/PAT: syz-executor.4:11017 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 219.326997] x86/PAT: syz-executor.4:11017 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:19 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0xc) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x8}, &(0x7f00000001c0), 0x1400) 07:37:19 executing program 1: mkdir(0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:19 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8, 0x2]}) 07:37:19 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) iopl(0x4) creat(&(0x7f0000000180)='./file0\x00', 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={r0, &(0x7f0000000000)="912f98cb17536ac35c5c7f9ceffec3e40a14"}, 0x10) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000240)=ANY=[@ANYBLOB="af534237dd963e321e66b6d93489517c2a43b7b6e375f7d6c851bfd93c5e77c9c5434dbc80ad1c38cad8b313e1d53dc22e5701337427d67a1de350ced810ce72f2faf2b47693b0981948ff00efb147e8b8ff7c3668ddb481a1ce59a8cee37a0c5d0b43f30161d8a8955d21c3cb1c383cd1c6e9ce733fc4c16ddd116dd9135cbac9f8ded9ad57bbecbbbbb144e7505792f2e1b7e6f96bd25dbc175dc6b7429c8d79bdaf1fe5214aa9475f0cc4f7076d033cf70b06a032bf3c90105ed0ee51a683eea6a0b6953c33cfc3d9c7953836a19f79a05d9a91ad4cd3ae960dad636854c20015"], &(0x7f00000001c0), 0x1400) [ 219.414997] x86/PAT: syz-executor.2:11025 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 219.440710] x86/PAT: syz-executor.4:11034 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 219.451989] FAULT_INJECTION: forcing a failure. [ 219.451989] name failslab, interval 1, probability 0, space 0, times 0 07:37:19 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) shutdown(r0, 0x1) [ 219.497265] x86/PAT: syz-executor.4:11042 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 219.514278] CPU: 1 PID: 11025 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 219.521412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 219.530765] Call Trace: [ 219.533365] dump_stack+0x138/0x19c [ 219.537009] should_fail.cold+0x10f/0x159 [ 219.541162] ? anon_vma_clone+0xde/0x470 07:37:19 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8, 0x8]}) [ 219.545237] should_failslab+0xdb/0x130 [ 219.549216] kmem_cache_alloc+0x47/0x780 [ 219.553287] ? anon_vma_chain_link+0x142/0x1a0 [ 219.557875] anon_vma_clone+0xde/0x470 [ 219.561770] anon_vma_fork+0x87/0x4d0 [ 219.561788] copy_process.part.0+0x45e2/0x6a00 [ 219.561817] ? __cleanup_sighand+0x50/0x50 [ 219.570173] ? lock_downgrade+0x6e0/0x6e0 [ 219.570190] _do_fork+0x19e/0xce0 [ 219.570204] ? fork_idle+0x280/0x280 [ 219.570219] ? fput+0xd4/0x150 [ 219.570229] ? SyS_write+0x15e/0x230 [ 219.570245] SyS_clone+0x37/0x50 07:37:19 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000400)="11dca50d5c0bcfe47bf070") sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)="2e0000001e000503ed0080648c6394f20531d20004000f4009000500000000000000009700d0bdff0f0000000000", 0x2e}], 0x1}, 0x0) [ 219.570253] ? sys_vfork+0x30/0x30 [ 219.570267] do_syscall_64+0x1e8/0x640 [ 219.570277] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 219.608225] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 219.613412] RIP: 0033:0x459879 [ 219.616592] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 219.624315] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 219.624321] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 219.624332] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 07:37:19 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:19 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000180)='./file0\x00', 0x2) write$ppp(r0, &(0x7f0000000040)="50787b96d53563ea7c55b2a99eb85430cd89e7a03e", 0x15) ioctl$VIDIOC_G_INPUT(r1, 0x80045626, &(0x7f0000000000)) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x8}, &(0x7f00000001c0), 0x1400) [ 219.624338] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 219.624345] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 219.641286] x86/PAT: syz-executor.4:11042 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 219.723439] x86/PAT: syz-executor.4:11034 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 219.743760] x86/PAT: syz-executor.4:11061 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 219.754049] x86/PAT: syz-executor.4:11061 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:19 executing program 2 (fault-call:8 fault-nth:48): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:19 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff, 0x8]}) 07:37:19 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:19 executing program 5: madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) mincore(&(0x7f00002cd000/0x1000)=nil, 0x1000, 0x0) 07:37:19 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)=ANY=[@ANYBLOB="00758e5c4eeaf172"], &(0x7f00000001c0), 0x1400) 07:37:19 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 219.804441] x86/PAT: syz-executor.2:11065 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 219.813246] x86/PAT: syz-executor.2:11065 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:19 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95, 0xfff]}) 07:37:19 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xf7c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='attr/fscreate\x00') write$FUSE_NOTIFY_STORE(r0, 0x0, 0x0) 07:37:19 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="08080000200000003d31e3249f59b5c1e68655a298c2519c2769eee5c4dcae1f4661e944a426"], &(0x7f00000001c0), 0x1400) mlockall(0x2) faccessat(r1, &(0x7f0000000140)='./file0\x00', 0x8, 0x400) mknodat(r1, &(0x7f0000000040)='./file1\x00', 0x2, 0x2) r2 = semget$private(0x0, 0x2, 0x69) semop(r2, &(0x7f0000000080)=[{0x1, 0x3f, 0x800}, {0x2, 0x1, 0x1000}, {0x4, 0x400, 0x1000}, {0x3, 0x5, 0x1800}, {0x2, 0x9, 0x800}], 0x5) 07:37:19 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:19 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9, 0x95]}) [ 219.899614] x86/PAT: syz-executor.4:11081 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 219.918804] x86/PAT: syz-executor.2:11083 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 219.946871] FAULT_INJECTION: forcing a failure. [ 219.946871] name failslab, interval 1, probability 0, space 0, times 0 [ 219.980339] CPU: 1 PID: 11083 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 219.987481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 219.996837] Call Trace: 07:37:20 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902, 0x9]}) [ 219.999434] dump_stack+0x138/0x19c [ 220.003077] should_fail.cold+0x10f/0x159 [ 220.007233] should_failslab+0xdb/0x130 [ 220.011218] kmem_cache_alloc+0x2d7/0x780 [ 220.015497] ? anon_vma_clone+0x310/0x470 [ 220.019653] anon_vma_fork+0xe9/0x4d0 [ 220.023459] copy_process.part.0+0x45e2/0x6a00 [ 220.028068] ? __cleanup_sighand+0x50/0x50 [ 220.032306] ? lock_downgrade+0x6e0/0x6e0 [ 220.036448] _do_fork+0x19e/0xce0 [ 220.039904] ? fork_idle+0x280/0x280 [ 220.043626] ? fput+0xd4/0x150 [ 220.046817] ? SyS_write+0x15e/0x230 [ 220.050541] SyS_clone+0x37/0x50 [ 220.053906] ? sys_vfork+0x30/0x30 [ 220.057447] do_syscall_64+0x1e8/0x640 [ 220.061331] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 220.066177] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 220.071361] RIP: 0033:0x459879 [ 220.074548] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 220.082256] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 220.089523] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 220.096803] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 220.104173] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 220.111440] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 220.120424] x86/PAT: syz-executor.4:11093 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 220.137424] x86/PAT: syz-executor.2:11083 freeing invalid memtype [mem 0x00000000-0x00000fff] 07:37:20 executing program 2 (fault-call:8 fault-nth:49): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:20 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:20 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17, 0x902]}) 07:37:20 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="080000000000000036f74c2dbe0aeb5750b1d3faab1c6ec38632a272d42306031393890fc8d10753c4f63f94d7c9e5e1b81ea335d3abc3b8f9d0e39e3109fa143bca1ad28f426d91f3d94b6b6616656c751b83f8789d69ca996f8aa25c01a64d5c8ea2f26c03e19661ddf064742110894ef5bf9daced272651a8833c6099bb7e3b5c5b741b56bf7c8b2e44985a663294a68a083678381d782a0ef2f50d99397c8627d2b249db6526bf1f552ff2389b929732bb"], &(0x7f00000001c0), 0x1400) 07:37:20 executing program 4: mkdir(&(0x7f0000000180)='./file0\x00', 0x4) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x5, 0x200000) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f00000001c0)=0x3) r1 = openat$cgroup_ro(r0, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) sigaltstack(&(0x7f0000ffe000/0x2000)=nil, &(0x7f00000000c0)) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) ioctl$KVM_X86_SETUP_MCE(r0, 0x4008ae9c, &(0x7f0000000100)={0x1a, 0x1, 0x3f}) write$P9_RAUTH(r1, &(0x7f0000000080)={0x14, 0x67, 0x1, {0x42, 0x1, 0x8}}, 0x14) 07:37:20 executing program 5: syz_emit_ethernet(0x42, &(0x7f0000000000)={@local, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, 0x0, @remote, @initdev}, @tipc=@payload_direct={{{{0x20, 0x0, 0x0, 0x0, 0x0, 0x8}}}}}}}}, 0x0) [ 220.154234] x86/PAT: syz-executor.2:11083 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:20 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:20 executing program 3: r0 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x4, 0x2000) sendfile(r0, r0, 0x0, 0x49e) ioctl$VIDIOC_G_MODULATOR(r0, 0xc0445636, &(0x7f0000000040)={0xff, "769527c3200ceb6563b74a0c5870bdcd585148401f6742bc61697af00527d500", 0x10, 0x3, 0xdaa0, 0x2, 0x3}) ioctl$KVM_GET_NR_MMU_PAGES(r0, 0xae45, 0x1) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000240)={0x5, 0x7fffffff, 0x2, 0xb6}) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x4) name_to_handle_at(r1, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)=ANY=[@ANYBLOB='\t\x00\x00\x00\x00\x00\x00\x00'], &(0x7f00000001c0), 0x1400) ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000000200)={0x3, r2}) write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000280)={0x35, 0x6, 0x0, {0x3, 0x3, 0xc, 0x0, '/dev/amidi#\x00'}}, 0x35) 07:37:20 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6, 0xa17]}) 07:37:20 executing program 5: r0 = socket$unix(0x1, 0x2, 0x0) getsockopt(r0, 0x0, 0x2, 0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpeername(r0, 0x0, 0x0) 07:37:20 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) bind$rose(r0, &(0x7f0000000080)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x1, @null}, 0x1c) [ 220.318568] FAULT_INJECTION: forcing a failure. [ 220.318568] name failslab, interval 1, probability 0, space 0, times 0 07:37:20 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 220.371194] CPU: 1 PID: 11123 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 220.378377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 220.387736] Call Trace: [ 220.390337] dump_stack+0x138/0x19c [ 220.393979] should_fail.cold+0x10f/0x159 [ 220.398140] should_failslab+0xdb/0x130 [ 220.402129] kmem_cache_alloc+0x2d7/0x780 [ 220.406285] ? anon_vma_clone+0x310/0x470 [ 220.410441] anon_vma_fork+0x1ce/0x4d0 [ 220.414337] copy_process.part.0+0x45e2/0x6a00 [ 220.418948] ? __cleanup_sighand+0x50/0x50 [ 220.423195] ? lock_downgrade+0x6e0/0x6e0 [ 220.427355] _do_fork+0x19e/0xce0 [ 220.430814] ? fork_idle+0x280/0x280 [ 220.434537] ? fput+0xd4/0x150 [ 220.437731] ? SyS_write+0x15e/0x230 [ 220.441446] SyS_clone+0x37/0x50 [ 220.441456] ? sys_vfork+0x30/0x30 [ 220.441471] do_syscall_64+0x1e8/0x640 [ 220.441480] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 220.441497] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 220.441506] RIP: 0033:0x459879 [ 220.441512] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 220.441523] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 220.441529] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 220.441534] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 220.441540] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 220.441546] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 220.463284] x86/PAT: syz-executor.2:11123 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:20 executing program 2 (fault-call:8 fault-nth:50): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:20 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:20 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7, 0x6]}) 07:37:20 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000180)='./file0\x00', 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, &(0x7f0000000000)=0x13fa, 0x8) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x8}, &(0x7f00000001c0), 0x1400) 07:37:20 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48, 0xfffffffffffffff7]}) [ 220.478709] x86/PAT: syz-executor.4:11136 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:20 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xf7c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000500)=[{&(0x7f00000001c0), 0x0, 0x401}], 0x1000, &(0x7f0000000580)={[{@noquota='noquota'}, {@usrjquota='usrjquota='}], [{@uid_lt={'uid<'}}, {@smackfstransmute={'smackfstransmute', 0x3d, 'wlan0&'}}, {@smackfsroot={'smackfsroot'}}, {@audit='audit'}]}) 07:37:20 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:20 executing program 3: creat(&(0x7f0000000180)='./file0\x00', 0x100) name_to_handle_at(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x8}, &(0x7f00000001c0), 0x1400) 07:37:20 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81, 0x48]}) [ 220.665507] x86/PAT: syz-executor.4:11158 freeing invalid memtype [mem 0x00000000-0x00000fff] 07:37:20 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) renameat(r0, &(0x7f0000000080)='./file0/file0\x00', r0, &(0x7f0000000100)='./file0/file0\x00') mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000) [ 220.720837] FAULT_INJECTION: forcing a failure. [ 220.720837] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 220.757427] CPU: 0 PID: 11163 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 220.764566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 220.764571] Call Trace: [ 220.764588] dump_stack+0x138/0x19c [ 220.764606] should_fail.cold+0x10f/0x159 [ 220.784288] ? __might_sleep+0x93/0xb0 [ 220.788218] __alloc_pages_nodemask+0x1d6/0x7a0 [ 220.788230] ? save_stack+0x45/0xd0 [ 220.796504] ? kasan_kmalloc+0xce/0xf0 [ 220.800395] ? kasan_slab_alloc+0xf/0x20 [ 220.804468] ? __alloc_pages_slowpath+0x2930/0x2930 [ 220.809511] alloc_pages_current+0xec/0x1e0 [ 220.813840] pte_alloc_one+0x1a/0x100 [ 220.817639] __pte_alloc+0x2a/0x2d0 07:37:20 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x200300, 0x0) ioctl$KVM_GET_CPUID2(r1, 0xc008ae91, &(0x7f0000000080)={0x1, 0x0, [{}]}) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="0800009cfad46e188f9b83ac3051f0ec98830000000000004000000000"], &(0x7f00000001c0), 0x1400) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000001740)={0x0, 0x0}, &(0x7f0000001780)=0xc) syz_mount_image$btrfs(&(0x7f0000000140)='btrfs\x00', &(0x7f0000000200)='./file0\x00', 0x2a8, 0x7, &(0x7f0000001680)=[{&(0x7f0000000240)="f780e80a4fb122e7171d315164df3e5ea635e4d3a7a58195e772b3fe7ce2b29e43c34c5db3c2e4b13aaf684f98e1aee1c5391dc366f774dd51ea381cc5789b4add658cbc1f5ff50d081df4fb43982eab00ee7154c58c26987324c61e071b0549dc8cfb27b31cf5c981e73eaf54846f2f99c4e37b8a630f6579e7c006776bc9adc38f45889a00aff0be6b41e65cbe34bc775c9818a92db78a35c4083dce760a78488c55b2c1819744f7de55212af0276b60a395a9bc60add145", 0xb9, 0x2}, {&(0x7f0000000300)="eb4785e69a1b434840928b41e4cb2b7e6fc7a37bee0e665e118f64af724dc1117fc2558a153494105654287b27d61db3913ea8bce5772f379fd638538ae5a32656de97936df7d95294a8ad2fde6903424baf49f94df2856be321c2158bd04e920bbae7cd8409d36cf7573ad2da70d4ec526ef2cbca8dfb019c9c405249737daad6dde827912b568d7d600b94368d57cbc203adfc4257401bf22cc4c94e4bedb3bcd9eafa6797ed66a9ffcc85c9a34b35", 0xb0, 0x2}, {&(0x7f00000003c0)="aef23ca85678559189aa26572f2cafbb29baf77a2fa7ae0d6320ad2061111615f4994f48c3af9a4a06aad3a987d576076cc5b16f229ccaf608d17cd36fc6f4a1a19143beb87fd13bf68f3e810b91fb89eb0e0f8cf1c88a26299a00c62fd60e4e80468e93e4420c9dfd0f52f8981500191c73595042806e0f26947f3afbbb336c5310478de008ff9f8e8d05bc5c59df4b9d4f2f", 0x93, 0x2}, {&(0x7f0000000480)="95ee5b30e33ac5eb1748072b1a2d95f1e126c239e7e308e42c31598b90f7a02ac777ca195540c052b71da6759dfbecbf0ef043d283eae563b46313a13138f9fdc74fe1ce823df20ef8f205a8c9474e4cab0efcae643e5839247e29a88ca993e9a1ac929fe92cd4d95cfe49677c428ef8598829afe9c1cd5d5b8c4138263757c3c7eabe26a08c0c14f2133fa742f8eac9ad6a3fc007241e118d4b8c5bde464bf51c276e", 0xa3, 0x28e4d748}, {&(0x7f0000000540)="d294cca3868bbbbd2389d0f2133dee01d4bb72ba", 0x14, 0x7}, {&(0x7f0000000580)="16045c9237eab8df89603085fe0deb8774f0a377c8145aa76ba1c5cc8a4fe07b961eb98ae757b3e932fb7d537764316669b7d12f6bff3223ae79bc06b190126eeacd5af56c23db297b8976732c7a5777592dd357999d5c945c14d0a046f49849dba3a64da2766280528cffad6597157b33447d93518d2a67cad6ba02ba89bb9b07edf944578ed8945bbcd9a7d5d19abc28d06eac0b92fe95a55bef33d0217afc390af9f71fb54dd06f319c7355242c132ed8b93c6894fdeb2553b7abea5e699eadd6b4b6d10d34acee7be97d2d0a", 0xce, 0x6}, {&(0x7f0000000680)="bbee76a9ac960123164ad65799d749910224e0168f050262b8795d11991a89d721fc0bb9a8971e6ab05f31276b68cf78abfa13a2e6ba29ca1af94dfdbeb269f65798d8419a774579985d344a248bed7d72e8032f4018cc3950014f9e33e8af93b8d48659f8ef1ff409a7f01ee8880c26fa3eb32e407446f2bfa09f5fb357811e0623a1585198c5f47208ea5b9b397054a8ef552d7214eabcb94de88b5b12b67337f59d7b0dbf6c0075dfa25c3b441c22df92e7c323b5059f09b92d5706a830d8fb23c7f08ba0136cc1e9e3c353eb9b41fd732558de43d33cb44eab55c59af097497dc59b8886dd33a7db49baa475b52827a3ee2ef8d6a2904d12cdb14e07ecafced5848dbdfe276f3c035f243012144e5a66fc735811d55a5c3bc9ff002681dc7aa4d073b67832d63b1477a678155c18d07b8535689159ecc70beb735f929f263b72e5d2c8864636df0d0d8ca401ab54bf04021802a19b638b26a8c1a602d138738e1071443c2747cbdbd1c7dcd5fd812885780ce4b4ad427dd99a035cd789e1e26cf8bf9de1d548c58db7a4bb458f6bd7e6ac0189d797d3e0fa7cdbff120284af505af7f23f9f3a9c35e40644e6f90e26212798f96037d032dc485a2d6aaf1c55024160802a6696b278a3fbb2fb1453b3249f5067ffcd8dc338421196aa84389e92d03a297e89c8d4fe294ffb123d67f9c9cf519b35eb7449220e8d3738c742538f6dc4e9fa902b4ce91abaaa935f7b876330416764d4f90af82b3093dc1da74cf00b58638ce1f7d55874d3f9f746372a4b13020f29cd57034e435060b47ef115bba0d8ec147bb75666b9c2271563ad5ae86161bc46b451a2fe95565aa40f674235aeafaf03c4b2ae627d4299ef94d45c53a59f77469fdfc129ec6ae165ad1e7e333f20a3031e5da2af00056c2b5034dcf50fdf79c7abef42128a7557253be603b0274779ce512f301545a166ec90746db27f9b0fbf79ef3becd418eff479b2e2ad7a20881855407822fb30e23a91a95a093181d5c61c253652d8565233191b76557df0e82df33f96ae93de4a06ff2c28f4bf424f143a4316bc8a8562b286745d9745dd1107366154eb7e49d2535aa6d53a52917aee9a9ae47a412063da6c5b9e4e53bbe17ad095e2edbc7e1b2e1e1a1b7148e99b36c8964680ad3a6eea8e8fb4efe79c88ed5d75324c09e7c515dda69404ea99ae8fa4c8ca231708c914c53182de751e60e3b5f1540122c5696ef26acd3fa906c0845e21ed77627d681bcc0f782dc65b17aa1ddaf339d065803e7d7d990369a8b2fcf0e6698e2360970c518ca7c1c7d766c0fd8afd4f9f2f760279fbeb06c82ae81432dd56d8d6eba3372503037d23c4d8370744cb0cb3b0eeec75a2385bba5fd5355ad31a122657076c1b731653c8ce62aa0fe1b3edf6949be19ff101235706c77f00d43a138993f14d8baf7c83ebb282ee4ed779fac3cf6b5cc0ad96852f3e3e49d7693d9c45acb48170b0a8169bd2bce1844d138875f31c782d207f3d9fbbbaae0893cd25fe5229a067bdacebac726824fe9c956fd0a94cab518859844182d27462a69841da40208c57303502c9d4933fbaf0b1e4dec19c29904d95b31fdd8235dcbfea7f32b5a286163e5ad9970c92a27c3379624b5b75ae52f75b8c2fd685e50120293689301aff2f93393adc56bc2db4464c22504a76fbb9ac740923831e1a119f8992a6f9d38569bc319ab6772dadc6e13fd31a70da370c8257a81c9b0b7716c86db87795159b0bf3d6777b5d63f492fc831b18928258a1f869253242950e9a51f43d624db9d7c8a3a1296ad0d519af30ea7fb4ef7f81c2f861fc1ffb72fbdd89c34d13b3c3e50ea25a10a6b75693894f8c39cc28e7452acab9d9987099d806bb9febdec7273693a475fd2e88e8aeee9e426103495929cd8fb16c2efb86a26815591ff5335bd320af1f9f61538909d6b692168aac947a332c6b889343c22eda9f6bf305419c08842f9ce86e015753cabfada6fe4de4c1a131b0a3c332435b38c2b4279cb946033e07e64228b8c4e35b346d321e4f45f7a6c39724d38be560f67f6a642b195f3b2c3c8bea278367d30b65a1ac580f68c5ef37fbdaa177fc8cceb459a151838ba74785af1d04344528520a023d1df8d39319a4f73f1f2d5a53dafb8ba67baf9fd4e448b930fd9802929997a1936dd85033d3b4a9695353e408f60508c06a5827a585c57685c1f732793fa89677fd01a0398846fd146f7bedb167a462b290d49403b9401d82a8fb1aa8bab9a8967f7aa9c62795c8cd03f608e88329b1cbf4f496e5d84a139d1eb1e9d479e1101def618f1b80b6344fde9f9c61721453d8c33f2e042bdb43065b5024477bed27e0e621bac929036c3ba429b060e798e4acf928ee4c7e4e1d5c152b5741f8cd3285d0e964978b988b28c5fb2c278af37548733edc9d28dcc660f866caa051a8644825c743ef88c2f0aac7aab94393f6e5d362fb967e044a1192e7341978bf4816a4fdc632de9ea211dff48a1a47497b408b6d37f7032753dfd395db5b0f99271edbf1f2aa59805852ddb41bb31432232a478d405ebaef044e60e18101abe935d9233145903427dc6e9220cc6f4842ac600d0d139cac2c5ebd7972d26f7faeeabf7a45132c36fb226650c43d09b5faaff70be339527169c8be329dd90fb7186da866bb747658dd3a46329891acc75e3d2e23d1b3479ebedbc7da06353326b1fe4d1f00ab8558cfe4b5db77f4292b021ad806a80e584d6e9e019bc38cd89fff29fae7f55251bcdc30bb4c579ccebf5751ed27b82cbc8547ab37ec7c4f0403de1c0afff508b90fca93645aa4bb94a540bc9b698ac1cfc71e25aa5fac1efe8302409ce32147bc38b0b4edd5c52a8f523b736fb25d43ca70e585e53a98b86d757bb7ae5fdbb32f9dc7bf77b25e7b3c518f038b49f5512dd7960c427a601beebf7ad3cf8257f5064ef2eadfefd7dd0dd05f43d72ba6bcedd7b9d7fa72c766f4c25244ea7e05e0a6b651249edda7cd264a7b39903a29e5e7117eb55363e8c6d0a34c9b4364e4346c25251332118682e105bd212e13bee319fc1e54bf0829ca0aec6ff5b42b2472eccfe4bbef3756f3e69aca13b1ddf495ae3e99ed665dd6929ce4e5aab0588051d47fe2366b0591cb745cc8b1f4efdc8c382a06efcddafd407048a0676fdd8947473d3c7bfa168b18b0761731f5ce3f230ce4eb0d9abfaac8021092679d828b448bf8cb8b604e895c7fe51ce7ec950b10933b87cd1103001d6c87206df8409bc2db560871adaa36c5dff769f0ff229db75057798d1f7019291b8dfaf34cb1103841b69986b60925195f82b55fa7317eed730a98037dc623f155cc1875e8d5f1d89b8b79cbb7eefce1ad3e3e93d057b5fde4ce0930f834b802dcc0729a14822cd43e6869d192077e9cdb02c676e3d0a542ee5b2973731392872dcb3b96455f594e1741d98ce7e0d499134d99d003c13fc11e192ea235620ac6739584898df7f121cba961ff3d2a9ae0479693dcb69491d3c23e48a16909dea0838dc97017b06353e516644d21666baa08cf85ce8a4090d0e506180356014bbf3f62756451f579c47cdcc8a0e812b3d3f4042a6b6e4590e392f997cc2724db61fc7e0e16cfe2e85dcc706b421a689fcfdcc3d90d95b06c58482201405d29f93ac8bd1473f0f42a56c61aeadee7c42caece5b4a955dd672e0ff60db44e56328239d61c25242c9793a2523bf86d943f0b243903f88284618bb4981105e064fa76a5729f5ecf3ab0be59bab8d81e257aff4536bc4fde40ad35aacd474ab4bf3236d5b55d696f93ac5ab91e04608634bf09f588d0f12c1eb1c4625d118d4ffae46c95b6592834f09a2e6776f3dcc7fdc2f3010efcf15c4b7dcd9324a5fb56226f16a849432d6419ac8fdf8e8527ab2ef8bc0a640aff784d5937d50036a24554b30769677c43afaaeb27ca0cac2083aacf5325909752642458b270215c92ffdbfa450b7d9afdbc3ef966563753003d1b8f04fbdc42f0305ab6f2188d260391c17a910177d2a48ea1ef8b495849efc56e942aab1dfee0a412f18363bb227859d928d2ebe61c3e717e81afed9caec3c936ec0a808ba48afe84ed90c75adf1d08ada605c3a63fe38c8c408f41252f2be093c148762c01af40e90625b3c1439adf2fb80ca824e5f10aff5421411455a2bb5700d82ef11b47dc8772839b62ae4c4cf863c466c7103f7e8b3c4b8d19f9ccfc3fc90f40799f962db040687b4819f350038de0cf08389e398f18b1a429c1bf1bce1c2cc6d4b0b15a7e6ddb759225cc68d4577b98be1d7f457dd24abbe2990510429e543c32f48c8fc3a6fd095cf6df76a447269c7de93031d336756d16414065a98a0ece64bb6657055c259a4ab16990db05973dd873546b369ff5437ed1f829f88c1b1e09d4cb4897befdebaad88f4fda2a8810d26443fffbaf394130452109751658133e9cc312da8ccacf8719613616ed0bc2616d01792d0aca57de1ef0b392aa93d1f137193e9351c5017139250e80376dd4477340ae938e7297627f221711eaa4f26cde3bce622d54174ed8a408fde93aae4b263f74641b24e5d75b1bd07bf397fd7abf92b3d016f0d39e2fda31f6a66e71dfc86ec0ee6eaa1334102828caf2d3278b4816dee6b4b37eeb64866e4e04e1e2243e104506c926e97a02bbf117de5cf469bf498df7423497cd7fd8fff4af340a956b297d19f20e740d39becd39a75835896f457bafa0d99a03019762c4b0325801821f8ff3853ba41f625c989987000b48c7fb91c47e64f58a11175ced0fe5829a5d747633bf790a97db5c2a1f3d4028b824d87858ae2f6a9dc334fd03ca11d5ae3c59020c40d3021287568cc51be8d80561ad6c302f13477dd1a0c23e33bc1ba495c5cb2e2eab1d5b610e93a2aae28bd3381753a026f22db9eac90b3fe4d68b0e9b5fba40120af0c612a1dae4f869b652d624b461f4e27fb4e463b97681b74e3d5e4c2ef46f5815f2ba007df34f1c8a837f1957d714226b66ceef57e0d7aaf80d7c4306330805d7d49e2fdd7f1623e2fd6c1aa7c78a648997c64fa464ec451404992dc4ba42cf5e819a7c08b903ffadaa3b88d9cd726d468df099c25b2a66507e27a8c4846144f35bc21d658ef1870708b2ec9deddf0acdd9ebdb30e0151fce28b80d69640f2a579e9f2159eb314c287726dd481d30c8d5f16742007145c9be01e856bbbece1b35bbee28de871288768114835e6e31db1db38c2821825c59b15b69ccd40c3572921975fba94e5951b5e07fee5d7a2c1a55e5dab0d8be3acbb4e017380302e9682262eae44e1198080527d1be2a371ae1820a3748b8c7f0cacb23644f51cf2c5cb09eb5a7f6641a53b875469cdf80c970d95f27c880a5611363fdc42dbce659ab84da98e5f13285ca07d6493ab523872f54a078972dc6a9c47f092ce08eb2fc703be4a3a6cba80cd9bfd3a75d0debbb165d7e6bcc62bf2785df76090c77486795a156b62954c52e41e19885068f8947e03067d2306b6a60d3ab452907e35714b874d085dce31f3d19897d624604ab98a6e7c7778f26091f4be183a0a3e73a1ba4d61fb0348ba7c98b532d4764065c88682e474350fd8eb96a9a08a09486e399e5fa801014b1a89267a27946fb9152713afca330c2d8a923dbec0354e6121ce326a2214204c015fe5373d9b89f90b1325405f5a7e7f818236db63170d3ca6b0a1d041960b40dd4a0d8d02cc0c08f70e263da923f77d62a1026084e3b01cafe2bd6cc4a5dcb6b3b87ece6ac0527ddd3d887656fa3941", 0x1000, 0x8}], 0x2001800, &(0x7f00000017c0)={[{@degraded='degraded'}], [{@mask={'mask', 0x3d, '^MAY_READ'}}, {@smackfstransmute={'smackfstransmute', 0x3d, 'systemkeyringem1)[*cgroupvboxnet0vmnet0&cgroup'}}, {@dont_measure='dont_measure'}, {@uid_gt={'uid>', r3}}, {@appraise='appraise'}, {@defcontext={'defcontext', 0x3d, 'unconfined_u'}}, {@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '/dev/full\x00'}}, {@pcr={'pcr', 0x3d, 0x1d}}]}) [ 220.821265] copy_page_range+0x11ba/0x1bd0 [ 220.825499] ? SOFTIRQ_verbose+0x10/0x10 [ 220.829562] ? anon_vma_fork+0x358/0x4d0 [ 220.833643] ? __pmd_alloc+0x410/0x410 [ 220.837536] copy_process.part.0+0x4764/0x6a00 [ 220.837566] ? __cleanup_sighand+0x50/0x50 [ 220.846346] ? lock_downgrade+0x6e0/0x6e0 [ 220.850503] _do_fork+0x19e/0xce0 [ 220.853961] ? fork_idle+0x280/0x280 [ 220.857680] ? fput+0xd4/0x150 [ 220.860875] ? SyS_write+0x15e/0x230 [ 220.864588] SyS_clone+0x37/0x50 [ 220.867932] ? sys_vfork+0x30/0x30 [ 220.871456] do_syscall_64+0x1e8/0x640 [ 220.875320] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 220.880143] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 220.885309] RIP: 0033:0x459879 [ 220.888476] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 220.896423] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 220.903672] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 220.910924] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 07:37:20 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2, 0x81]}) [ 220.918180] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 220.925429] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 220.953896] x86/PAT: syz-executor.2:11154 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:21 executing program 2 (fault-call:8 fault-nth:51): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:21 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:21 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8, 0x2]}) 07:37:21 executing program 5: syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040)) sched_setattr(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = creat(&(0x7f0000000140)='./file0\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x8200003) syz_open_dev$sndseq(&(0x7f00000001c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0x80404509, &(0x7f0000000000)=""/7) 07:37:21 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 221.036694] x86/PAT: syz-executor.4:11184 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:21 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000180)='./file0\x00', 0x0) openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x80080, 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000008723380482a08cce61d1c8a6169a75222c6a9728fa60e29f97ad61be867917bc3f064b8dfef15c0634ce53e8255ee67bfd65b40f4d6c850805a76b05fa07cc8c99bd49abe19f55c4312e0acf342e5c9281963427615dfbc655c30644e6edc680fe41e766f0a90a9eecac4df41fc4627d0803182466a3e522439f9a4dcc4e3747d409de8c63f7bc606783c987be70871cc96fb268995f73cdd0de4183ab74c0afa4053f1a5adee0e38aa51503a95b8b0921"], &(0x7f00000001c0), 0x1400) r2 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000240)='SEG6\x00') sendmsg$SEG6_CMD_GET_TUNSRC(r1, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, r2, 0x100, 0x70bd2c, 0x25dfdbfc, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x8}, @SEG6_ATTR_SECRET={0xc, 0x4, [0xd8b3, 0x6]}, @SEG6_ATTR_DST={0x14, 0x1, @empty}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000) 07:37:21 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1, 0x0, 0x8]}) [ 221.078975] x86/PAT: syz-executor.4:11184 freeing invalid memtype [mem 0x00000000-0x00000fff] 07:37:21 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 221.158276] x86/PAT: syz-executor.2:11199 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 221.160774] x86/PAT: syz-executor.4:11184 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 221.203805] FAULT_INJECTION: forcing a failure. [ 221.203805] name failslab, interval 1, probability 0, space 0, times 0 [ 221.238648] x86/PAT: syz-executor.4:11191 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 221.254761] CPU: 0 PID: 11199 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 221.261891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 221.264260] x86/PAT: syz-executor.4:11210 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 221.271256] Call Trace: [ 221.271274] dump_stack+0x138/0x19c [ 221.271297] should_fail.cold+0x10f/0x159 [ 221.279978] x86/PAT: syz-executor.4:11210 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 221.282520] should_failslab+0xdb/0x130 [ 221.282533] kmem_cache_alloc+0x2d7/0x780 [ 221.282553] ptlock_alloc+0x20/0x70 [ 221.312896] pte_alloc_one+0x60/0x100 [ 221.316675] __pte_alloc+0x2a/0x2d0 [ 221.320279] copy_page_range+0x11ba/0x1bd0 [ 221.324494] ? SOFTIRQ_verbose+0x10/0x10 [ 221.328534] ? anon_vma_fork+0x358/0x4d0 [ 221.332583] ? __pmd_alloc+0x410/0x410 [ 221.336462] copy_process.part.0+0x4764/0x6a00 [ 221.341045] ? __cleanup_sighand+0x50/0x50 [ 221.345257] ? lock_downgrade+0x6e0/0x6e0 [ 221.349385] _do_fork+0x19e/0xce0 [ 221.352820] ? fork_idle+0x280/0x280 [ 221.356515] ? fput+0xd4/0x150 [ 221.359689] ? SyS_write+0x15e/0x230 [ 221.363387] SyS_clone+0x37/0x50 [ 221.366729] ? sys_vfork+0x30/0x30 [ 221.370251] do_syscall_64+0x1e8/0x640 [ 221.374113] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 221.378932] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 221.384094] RIP: 0033:0x459879 [ 221.387281] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 221.394965] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 07:37:21 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='hfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) munlock(&(0x7f0000ffb000/0x4000)=nil, 0x4000) 07:37:21 executing program 5: syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040)) sched_setattr(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = creat(&(0x7f0000000140)='./file0\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x8200003) syz_open_dev$sndseq(&(0x7f00000001c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0x80404509, &(0x7f0000000000)=""/7) 07:37:21 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000180)='./file0\x00', 0x0) ioctl$GIO_FONTX(r1, 0x4b6b, &(0x7f0000000000)) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x8}, &(0x7f00000001c0), 0x1400) 07:37:21 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff, 0x1]}) [ 221.402212] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 221.409469] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 221.416717] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 221.423965] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 221.495024] x86/PAT: syz-executor.2:11199 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 221.545171] x86/PAT: syz-executor.2:11199 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:21 executing program 2 (fault-call:8 fault-nth:52): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:21 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:21 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51, 0xff]}) 07:37:21 executing program 3: openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x8000, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x8}, &(0x7f00000001c0), 0x1400) 07:37:21 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000080)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x2}}, 0xa) 07:37:21 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x4000, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000500)='pids.current\x00', 0x275a, 0x0) sendto$netrom(r1, &(0x7f0000002080)="2bd0c1b4dc43efdc1cfec447eaaba2f78af06767681d083d29d9375524bfc97286813241ded408f805b49ed465a1b995ff5e206fe359bbaf2a55f8f7573f1f40481c3ea6d63f78d0d24e8700f067b4d6dea26f7f09ebb027c2bda2d0c3c66fa8bfb334966cf6be9cb102d522c7fce31952363a43737acbafb63298fd06f34cf8313ca2aca8b1615cdb17e5ff4aa902dcc73851734181b94579de81e7fae4a452e57f270731656900889b7c418af0e3cb4b62733fbb01283abdc857186a17c0d577f03f86d4498e14cf90c4e067ef42ecd3ef1183d31959011d6a938cc4bbbc6c", 0xe0, 0x4008080, &(0x7f0000002180)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x7}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48) recvmmsg(r0, &(0x7f0000001f00)=[{{&(0x7f0000000140)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f0000000640)=[{&(0x7f00000002c0)=""/225, 0xe1}, {&(0x7f00000001c0)=""/112, 0x70}, {&(0x7f00000003c0)=""/189, 0xbd}, {&(0x7f0000000000)=""/25, 0x19}, {&(0x7f0000000540)=""/206, 0xce}, {&(0x7f0000000480)=""/120, 0x78}], 0x6, &(0x7f00000006c0)=""/95, 0x5f}, 0x6}, {{&(0x7f0000000740)=@ipx, 0x80, &(0x7f0000000240)=[{&(0x7f00000007c0)=""/75, 0x4b}, {&(0x7f0000000840)=""/171, 0xab}, {&(0x7f0000000900)=""/216, 0xd8}], 0x3, &(0x7f0000000a00)=""/197, 0xc5}, 0x6}, {{0x0, 0x0, &(0x7f0000000b00), 0x0, &(0x7f0000000b40)=""/190, 0xbe}, 0x3}, {{0x0, 0x0, &(0x7f0000000cc0)=[{&(0x7f0000000c00)=""/5, 0x5}, {&(0x7f0000000c40)=""/106, 0x6a}], 0x2, &(0x7f0000000d00)=""/90, 0x5a}, 0x3}, {{0x0, 0x0, &(0x7f0000001e80)=[{&(0x7f0000000d80)=""/236, 0xec}, {&(0x7f0000000e80)=""/4096, 0x1000}], 0x2, &(0x7f0000001ec0)=""/37, 0x25}, 0x8}], 0x5, 0x40, &(0x7f0000002040)={0x77359400}) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:21 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:21 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2, 0x51]}) 07:37:21 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)={0x8, 0x2}, &(0x7f0000000040), 0x1400) 07:37:21 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) getdents64(r1, &(0x7f00000002c0)=""/186, 0x28a) getdents(r1, &(0x7f0000000140)=""/2, 0x450) getdents(r1, &(0x7f0000000180)=""/223, 0xdf) getdents64(r1, &(0x7f0000000540)=""/91, 0x5b) getdents(r1, &(0x7f0000000000)=""/84, 0x54) 07:37:21 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) ioctl$RNDGETENTCNT(r0, 0x80045200, &(0x7f0000000180)) ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000100)={0x4, 0x47504a50, 0x0, @discrete={0x9, 0x7}}) ioctl$KVM_SET_NR_MMU_PAGES(r0, 0xae44, 0x0) r1 = socket$inet6_sctp(0xa, 0x80005, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000000080)={0x0, 0x0, 0x8, 0x1, 0x1, 0x1, 0x1}, 0x20) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000500)=ANY=[@ANYBLOB="73656375726900000000000000000000000000000000000000000e10000004a23b32084b799b640200000000000000000000b002000050010000880300008803000088030000880300008803000004000000000000000000", @ANYPTR=&(0x7f0000000140)=ANY=[@ANYBLOB='\x00'/64], @ANYBLOB="ac1e0001ac1414bbffffff00ffffffff626373663000000000000000000000006e657464657673696d30000000000000000000000000000000000000ff0000000000000000000000000000000000000000000000000000000000ff000000000000000000000000000000020002420000000000000000000000000000f0005001000000000000000000000000000000000000000000000000280074746c00000000000000000000000000000000000000000000000000000002050000000000003000616464727479706500000000000000000000000000000000000000000000080001080000000000000000000000006000534554000000000000000000000000000000000000000000000000000000070000000600000007000000ff0f0000090000000300000006000000059400000300000006000000080000000800000000000000b00500000100000001040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001801600100000000000000000000000000000000000000000000000030006168000000000000000000000000000000000000000000000000000000008000000004000000000000000000000050006d756c7469706f727400000000000000000000000000000000000000000102024e244e204e224e244e244e204e214e244e224e244e204e244e204e244e20000000000001019f0000010100000000480049444c4554494d45520000000000000000000000000000000000000000000000008073797a3100000000000000000000000000000000000000000000000006000000000000007f000001e0000001ffffff00ff000000696662300000000000000000000000006e723000000000000000000000000000000000000000000000000000ff0000000000000000000000000000000000000000000000000000000000ff0000000000000000000000000000006c00012d00000000000000000000000000009800d800000000000000000000000000000000000000000000000000400052415445455354000000000000000000000000000000000000000000000073797a30000000000000000000000000077f0000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff00000000"], 0x480) [ 221.764012] x86/PAT: syz-executor.2:11248 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 221.803586] x86/PAT: syz-executor.1:11257 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:21 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x2]}) [ 221.817981] FAULT_INJECTION: forcing a failure. [ 221.817981] name failslab, interval 1, probability 0, space 0, times 0 [ 221.837650] x86/PAT: syz-executor.4:11261 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 221.856409] x86/PAT: syz-executor.1:11257 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 221.866615] CPU: 1 PID: 11262 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 221.873736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 221.883091] Call Trace: [ 221.885695] dump_stack+0x138/0x19c [ 221.889335] should_fail.cold+0x10f/0x159 [ 221.893493] should_failslab+0xdb/0x130 [ 221.897475] kmem_cache_alloc+0x2d7/0x780 [ 221.901638] copy_process.part.0+0x444f/0x6a00 [ 221.906247] ? __cleanup_sighand+0x50/0x50 [ 221.910485] ? lock_downgrade+0x6e0/0x6e0 [ 221.914637] _do_fork+0x19e/0xce0 [ 221.918244] ? fork_idle+0x280/0x280 [ 221.921958] ? fput+0xd4/0x150 [ 221.925154] ? SyS_write+0x15e/0x230 [ 221.928877] SyS_clone+0x37/0x50 [ 221.932233] ? sys_vfork+0x30/0x30 [ 221.932247] do_syscall_64+0x1e8/0x640 [ 221.932256] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 221.932272] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 221.932280] RIP: 0033:0x459879 [ 221.932286] RSP: 002b:00007fcec12ddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 221.932297] RAX: ffffffffffffffda RBX: 00007fcec12ddc90 RCX: 0000000000459879 [ 221.932303] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 221.932308] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 221.932316] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12de6d4 [ 221.977146] x86/PAT: syz-executor.4:11270 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 221.982357] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 221.983930] x86/PAT: syz-executor.1:11257 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:22 executing program 2 (fault-call:8 fault-nth:53): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:22 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x8, 0xfffffffffffffffc}, &(0x7f00000001c0), 0x1400) 07:37:22 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x\x11k4\xd3\x1b\x05\xaf\xf0\x1eyRN\xc9\xc6V\x00\x02\x00\x00\x00\x00\x00\x00\x00', 0x275a, 0x0) r1 = creat(&(0x7f0000000200)='./bus\x00', 0x0) fallocate(r1, 0x0, 0x0, 0x2000002) fallocate(r0, 0x0, 0x0, 0x110003) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000000)={0x0, r1}) write$cgroup_int(r0, &(0x7f0000000040), 0x12) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lseek(r0, 0x0, 0x3) 07:37:22 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8001, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data}) 07:37:22 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:22 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) ioctl$sock_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000080)) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) r1 = getegid() setgid(r1) [ 221.999377] x86/PAT: syz-executor.4:11270 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 222.025886] x86/PAT: syz-executor.2:11262 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 222.039989] x86/PAT: syz-executor.2:11262 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:22 executing program 3: r0 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000080)=0x1) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = creat(&(0x7f0000000140)='./file0\x00', 0x100000000) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r2, 0xc0305710, &(0x7f0000000000)={0x1, 0x6f59e59d, 0x6, 0x9}) name_to_handle_at(r1, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000240)=ANY=[@ANYBLOB="060000002384c09d91b944fb98f700002aaf83a52ae68e16db9560b6f75fd72e1aa576e0c3b5b072dabebb5054a101fb49c5f51296c1d39a0cf1b129c1377ed48ac5b0290d1dba6b96d429adf3a5229381317db611f393189b032349bd106667c76dff48e0e580b11b926c2500d0f3dabfbb8fee6fa2ab7d4475dae09bafd24501c906b55d090018483c8755d144651457ebe587ff50db4830e74792990b2c6ef8fe6c3c16324ac9a4be3ec6e28318e711a82726add94f8798aadbfc8a8ae52329afb140c14eb1ae8e87797cde1a1a1339216f33199da0339522b421b854b7406c97bf090017087465e7aca0851918b3845ca730a5f04872018016c835d1b7527280e1e69fb220928e8e3f75feb861318dde4a764319293eb5d05f4ae31529485d14243faa9cfdd30015c2abeeca352df19fb47d9697c62c6b930addac90b0dac4ebca24ce8d71a7fa9329f32fde01a3246ea494a1ded23e2fbe4739cb7b0140d3f1d4ab196a2fe974a362d59810f26178a212fc0dfe65eb87ba4081049e610dc2997cee171c053e0e03448d872a0344233a6d8a7c3f4124c4c109f5524257a00d2d474cd4b1d7030f130c729f37270a29b8ce83c092f155de9062416311be42f559dd"], &(0x7f00000001c0), 0x1400) [ 222.135388] x86/PAT: syz-executor.2:11282 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 222.169509] x86/PAT: syz-executor.1:11285 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:22 executing program 0: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, &(0x7f0000000800)=ANY=[@ANYBLOB="6d016e0b573be8239bc194e5552d08b2e11f16966f3e0e74ce4c919a3323002004fe166a90ad44dc1a4afdee54183aec1fc78245551f51b2d7fb8fa51576d1f241965832e3625b6ffb5ca1e9925ff49810948f3a8b01e3503d8c0da6ab7c290882daa3ad1eee65be6a8d7f5837054b3ce60176e109c974877f6a0794ab26d14e0b2b56a22c9b966beadaa45bf9760f8f5ab5b64e0a22d7edd3c834fbb88e93c488a6af7d8a202d3a0045c3c1e46c3039d8a28256c0636c01d9987e698016fb5edd826d3484dc23d0ba94646d8e037390c9c43e22d6e954b15e7d1813451eb762bc1152291adea185e800866d22c87deccee7325087f5bcb9b1e65f6582345025b28ed606ad95b2028c447a20901c30a133add5b125028aacc8d47761a3d4721274430d2bda00bd4497f5e127896b66b5837d1be6a22ae92f3f799c5d7b5d242f60f81ae2c3920482c4a2df9d5ffbd7eebdcd1ab2788db69a2797cb"], 0x1) clone(0x1000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000680)='/selinux/status\x00', 0x0, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x202200}, 0xc, &(0x7f0000000240)={&(0x7f0000001a80)={0x15ac, 0x35, 0x400, 0x70bd25, 0x25dfdbff, {0x9}, [@generic="dc3a798619d0d690eecb93ca7c8451662920742c4b1c070b8285a10bb26fc3698b27f628dadde95a41c6a8c9e37c25ea99679599e9d5ed785186f742fdf892e1aced3c02f60ff9e182178ec84e737f1010def1bed88be288b29cc8dc3e453d2998d0210e253cbffdfa43c977a0889f5727867fc1ca0574dbb5c08f7752fa3d06916adcc76b4ae13c60c0b64b0d3ea082c36f582157dd8b0c4d24e936ef864d81111afea2f6daed86ae1d1e0c62f64870c2c514b8867704a225d9736aa6d45a5490dc323142c96efe8042e4ab25c49fe229d5fb2dddc7e8e3b226f248a5bc3792edb90884a2d468f4e8d370e5fea8001498f0a7d161e1a3", @generic="80bfbe66ecbd7dbd14adaae8c2b23f444375c707a553f9b255415b5b1bb8b281a0e9238cec9d27ab52a0ef269cbe0177c9a2f3a416d287cd27a8d8d9689516b0551eba8624", @typed={0x8, 0x64, @u32=0x8001}, @typed={0x8, 0x60, @ipv4=@remote}, @generic="e853195b4850ca78d903df4f578b7532f32f6c37bdb86e7dc7b29b034f57d1705a5aaeaf81dadc17c39fef37f80a55f4d72e1ce9ef12a6a120636597fdb22bc87af88d6cb0da6a018eb9ec8754351e8c62ccb7c3059acf590b08e0f7e7e349ed8496669016d3ceee812d62be2986bb18fc8b8b2b81f0d4ffb0f2a4e9ae648e8236cf204cc8f76ccd4812ea9beb190f2b196c865616220a1dd6116bf650c728", @typed={0x8, 0x33, @fd=r0}, @typed={0x3c, 0x51, @binary="f40f43f5ac2af7ff3ef3843dfee1f543d2bfb18748a3642fc48772b547cbe8fa38d5ae194bc23f7550c4fab36f450a1c2996b6fcfbdf32"}, @typed={0x18, 0x9, @str='lo+nodevnodeveth1\x00'}, @nested={0x1350, 0x8d, [@generic="c4f60bebd1dd2c80e563f3d5c3e4af9658a49cf54415ff9a54d77f9948e9707600998d67887e0198f2cfc1fd96dd4ea8982f5c471a1440f317ed789e7c8ecc28d9199c7539f1fefacba70ae15cd5bbdd7e47c8ddf12aadc08d0c36bdb79d5290b986a13d73ea15336af7c991bdeccc9b6afad4e1496e1ada907470a30f38508d24269ef6e80f02451ba0ba08683120ad14b1fef1a46ee6350629ff770d07123560d279a929a1e67b4dc883bef153c5967d01630dc43890d61cc4ddd6ae12f90fd30abaa263ad3aec0aebfb195f6e50508bcfa0c996ecbba83d1d50d993a317176cfdcca074417b9ff12c8bd8dee75ce7b59bb764bcb3", @generic="86603728060237a826831b8e5fd2adb8a75943a630bb65e5ea92c9ec49a7ce738a79c55d900c586f310d310bf56b1e55dafb59270dc931eedbf584f41bab89d5294633795c8ee636e31fc277e5b328473049c0ef4706a52cb968f400ae24f12a37dec79aca5382901a4a1734c39a081a3bbcb79894b41630a8be9a47c9deec6187e1b8a3648eedfed092d293743795d31ee1207e7a39de4711adf32c069c6512d264bfa2378a2bb6f4a8e5d5ed5b6acc6cba164adcf69462c291a32fe5b9e307d8f304aec652758822ea127253bbc6", @typed={0x4, 0x7}, @typed={0x4, 0x4e}, @generic="f7c5f091bf8fee60446892d7107c728c7302941485e86fc75b8e026a432194dcc5dfac10e7aaab7cc20b9d360afb450967d70a6432c401713f190f8a7118b69dbb98ab14af881c1e38852d35a39a298106e8092ceb2731bc703b26a160187c26a0", @generic="bd232a44ba5999e06ea9594e99bffdf43b7acf96edafce29b43dca9c37a43ad22d2f09551d0da2ac4961ab272c0f8f2c345eeedf9ad405a1080bb5afbd1047194962d0bc23857795f20d261c5b17ade6d4684f824bbc5eaf4aa213f8e387e6e52a01670c1cb4c1955d1509737ed19a1082aee977022a72b39d6daf1b04ff058d451824dbd069b1f17b61bd705d0333818c2d4b3b16e020de1ea80468bfb48eb4beb9f4f51499aa435c17a1d860e96a5e78f595185fbb759aea45dc45051d2b36fa0135374a1a80562fda9f953fd2a3e5a0bdc66f5a99b9b02f19cf50c4093bb79f1ecfed6d59797edac2a4853e", @typed={0x8, 0x3, @fd=r0}, @generic="07274ea75c4ba88a185e4848190dfe48ce17dd04141799fbf2b0a4f2829fe3a5517fd1b54e5cc6e93277f03056fee51a22b52e01918379fca393cfe36a32b8a1d0dd345e1a849753b3c9daf3fc126a3af990a5410563c4d237fa0356fed324d9430a3c1e8e929afdb07fcc0caca5b6f0cfcc61d88895091c2c9eebe44e8be8e0a623bd95065dab8ac82433bac20668b49d58d99f47ce6b317aabbc890d157f68608d032f97a8b822016a1d365f9a18fcef1616b2e0945123cbc759d33be1cd88cd958045be58bae2c102d2760652907ea89fd7a84c11f0dd080d2b4fc846a9a562c1805144f7a16763047f0067d490723b8cf569c5af90f3775f2f7f95e30b01239b4b2e16ef27bfb70ba202e8284dbf467a29e3bbe233175174ec4ab25d2f932494f78a15fbc24477b5bb42288c9b29afb856dc198021c85b7291ffbbc8179bb8de4eda16400c951bdb19fc180ecde123d6c53e8a05acc910230401955c2be7609ae9092fc286ef17f2539c376d7d7d28dcca3912ca0c69939d2f9b3661e2818c06709baab5c413714aab8d9098ed9407d2334dc23bbb996963f9385bca111d645a6821b891303cee9d30341eff23a585bca4b0166b1107a54c267ce6aa3d2bf5d39dfd980b96b830e87b1a6999f7d7fb4b671a554006a35ac32c4529a4bf4099ad9fdc35922914b8d877dd4044a86616c0c4b3d3d125eda379e5a0df857c95dafb40841e846885e88bf9d9c2f2fbacd98384b68d8fe4bcd717c7189cd26e2a044c985419b5e4694f9c8e6da0e237cf2864679b6fb5b989b4d14e75f358a66a7973c29293b89ff0b5c8cc0a7e958abc21f6637e72e698d3cf8aec31cd64c8d408727e22893390c427586c1e0e93a5faff3d9efd21c9bd79a0bce4d53c1b12cefcfa921895d9b33fe184ce85991b7b0536bb08021f23b267a7402d16bf493abd723c304ed15a8e6f634457f54bc6040bae099c6d847d646837f1f42e0842d966b0c1da3342b068c1877159d3219c9a0cf856ac2592a128c2561bcccaa652799dfab8e16e7800cbcfc78d7dee4b91595c98734ce6aba1c3a4bf756284f3c0ac08f319ef5c5b8bf32657c0b0443af7826cabf1ae21196fa7344c425f34bb907ac8415ac9430e4771a5beaa8dce6a2d5116cadbf4e5660993ec777beb57b34a889a90a9b6ac92111d1c8d34d1b54984cae2f76fdd874124ac1650e44861ee8997ae586c247a6d99a550de718cd5591b240f4f32553905bd4be13914a21e7b3e26c98ef6c7b3f9e40e342f5bff0c62d844c28753d6ab98b7a10fb17284894eb1b633e384951e422bb9cd43c03c45248c2a5d94377abb537d239e936745ec5276ad65a59713cc2f0b6c7b5b8b8e2b9b85c001437afaecfd4f1afc5fb70c8f34041d271369f256db57b59a0c02a95c6393e680702d05a4aa339a3532c1c5d9b95dafbdb701950578dcddb241efa98084166532c498c906c86c9399737e3c96ee7723774049ee462caf28d81cc85dc8cdb2677514a9751f8415eacc69ebefb772296debc369b829778f1e4cc5ee582c9b5bb09e5b555c897db7fec09573d4b03bc61aa5dd37f3fc0ba9aa94a249be0b54e9357131dd22b20952567d67a58929a8c745285be7866fefe9279a7dc8814301b30d4f2df5913769b26dc2067dd1f2640943be3649e5696337a757d87d7d021fd86dd72947030705dbff88572ff10aaaed6133cf125a04efe4424af6ff86547ff771ada244943595ed840c383f61ca47ae54bcfbd59390c6b18efb802e3ca6aaaf0a54e21b6b117a8ebf5cda3a1968a69d5159bda17cd7fe38a2fd7989b711a0be685dc6546e1982dd4514a3351eb2c35d7c16f49ecb0cb6302e1b0acc515e3389831bcdec6f80e854727ef4e993031b4650622ef518ed204fe4b259e7d93b49cb86065f104f63ca3a33ddc227734bec4864a4b74ab1b81571de558145b80fa8bd32c6968c580c6cb3ddf7d7027e7a9bceb277cbfb2031f97bf71527f574f357f9de100450cced7882d59e16691f348d8a4e9ef8e4a1244886cefbf6d7331a772fec3a2e13d1278e104ef83c20df6b8bb687c5444ec170a0aa2bddfae4044b25cffdb165254c5fc13ac57b5e991e0293a6c1ffa36af78e19a322b368374bc4a38b71db0fd1812b4867c1406e04b88b5861e3eed87739ad3d335b021c17803ef5d0fbe691375dcf5422d73665bf760a874e230ef4da209e24ef59a09f3161ba37835ebf91ee8bc95bd12d8dd2175b856350b09684bf424bd89dee7f819d46f69702c7c090349ac221bb8417741fc19398f8893d07f415c840a8ec75cd6ca8f761527b283c81507924a90a51d3bedca686cb34720f84d285bc948cfabf34cb4b2d0244c621411aa446e347610017ade61dc4e5a179bd7a447d96cf9b8d6e95bb8f3e28a9f3556d1fdb4647636ecb886fe091d5c9722110ddd038a4f141fa2b3455c028b8a36600cac2f6289383840ead126bf85999ec943b48e8d54343e0dc20b5a1f5eff535a1614087652831392ab0cde64aa725f43be563f0bf99beeb07d764c6390d35dc7f3e883cbcb3310e212b2b5704caf9eb3b4cb4976dce35eb14f501f8fbc652890fb58ca9fc91df01fca8698b3f5a95247f517be9cdaebc0fbe06356da493b2efd1bcd997f9c9b99a06ec93e95b84610c0b99fac4b9fea12b30615101565091760d97a585bd90abec1e6c55dd686fc7088d07aa53c4151d251c0f300ae7025f7e05bada2f1380e35337e6927d6472bc392f3af42b96a048d952f7b2a4cb44b1c821447eb17491c201ba8104f3e2e0f4a40d8291b99cc8a926da312c13576b56ca2e7c91ae2f7cf4bf75c7020738f4b4c398fa45ba0c5089f77865a6f07bfda966da0dbe1e87ebac63146aaa033feed39759eae80f825c006554a1e0b92178bbf61bc9f5b2e8fbba9e56928eeb8c7d5cf74c20e9b419b697365947fa29086af0454bfd867913cc6754eda79cc3f89e304a172958ae5c65c82bc59f34da664f2b1650c7b93c2a3bb3749a1667195c7d0beb9d0ef0349916e13ad9fbbc8ecfecbcbedb60bbd2fa1ebe1735b8af750f4a2ab2153287fe255dc10da655efb49df95e52d2e8d9d8e1962d79ab8060e1a16cc2a2cadd57c8ae941d2949cfe85a3df4a756fb51f579430ac0096cebf03ce2d338c69161ed6b2642fe6bf91bd37f1c1f61451e322b9c0b708686cd61fd618567f0284feb111da9efb0c00ba2c947ce5935ce68dedd8d1b0c6736de952a8c92f4ba23aa57a48eba155a411fa4a8d2ad324341b635312f72f12789d43533b583939accd4ec029aa42af6e5d2ac52b7a42fe45dc20f1711479d3aa5e36cb2f282a157848094e65cbd57ac4474a34892b2edd4d2ab57b0bed68e9ff2dc92867e828c4366fbb4b778d6e826ba4cfedda02691598a2a264bace7cb2503650453c159c8d7f80b90f829a0300ad20d37b1aa3b62d33a67a1dc8490045ebeb610e12f0e331ddda44ed2a6869da6eb7fe0ed0474535c935fa3755192682f2315ddb843df9f00b3f0f615ae77e436f16abeed468c734a465e37e6aafcd12e1cd74ef93beee327ef4cc885f0b22895a395fe6be463e5e6f6e3291a249e8c42e8a69e1f2eba8a9265095c0a742e64e5ba2d903af5d044bddb682908181f7c1714c223988bb3a1d751c348efcdf81c1702ba00488b21da5ec948669b321699ea6bacd4b38bab58f27c5707ca2362d094b20b8a5d2def2b0731913fb26e4869bac0ae1ea7888086842dbc9466321ad7f3f394bc4ca8f63d835f30f066a07490867d4cdbea691d8289a6ab14da64637f027e4a5f2d5c2c490e22f691090bf50885f879a9fba9496bacea63c05038e95830235deaea487f39496da55d8afce13a124002e6f949827f3ff9a24fd80e6874a2081fd26c88309b5edc14abc810cd35fc6ba91a33fd90b7265f79e6360b08bddfd572c70397354c36f9d725a06687dfa24024f5df0d502587b0d43bf2c8b9bbb68cb78ff85d2361e18db6ffd64d7eee6d52a61ecd1cc9090b4e3c56942e5a1ee8103095a2b4aa14e6f583efe4fa3d7ea2e563b761cef21102adb459844521c659f60d761c81e4e1275b5b3595e62fc90772483517ef21a94fb28835cd6c84a2abd96557f154bac4c73b62edc3d9234260c729c771d03b9009574c338a0bca6a76582a9f928e9802e04bb6c22522029d25e5ebfd52b0fe83ce8eb6ddeec762a24cf99bc23bad971d3d5842137e27c7884b0cb6e4696cd4c3a045215cd661e508f45e3fdf8620dbdc096a20edfbc0d98d77070d7394c6510794696c0cd46941d80809a35ac46e5f64f18d01556ac610667b95e553f611ca522ada47aacc27042dcb212111fa5360adb9e654498d8531e9dfcb6a70d3d7fd2314d183ccae4d32b4dfd8119364599013506a8523009000893abf5f29d19198d10333bd08df9623d32238e3ce9cc5b3d908e6d7cf7e22d164ae00942da5d60c764630b865a9c34a15843503822be733df85b8db904eede99bb66efdfde2a5f591158b8351bbbbf63b441ac8715292aa995952bee865a1a5b4d6232ddd2a3de78b7e375381e588f396503170482a41dc05b55fce694b36311d63fb18424abc341c4bfaeca94699feba7cdfc8038c60aa5722d13688fc4af16b8641392a48a4a36482b47efb525f40db0bc2673bcfc0105f2a8bfb7617ca71c6d082b29e040eda0c4f554e528e541f408ad980cf9c754b14c0cf38d2a7ae61166ecd081b5b7dd2a0a65b352d58f5f9d3f2ff9ed7f803735b00287d4cdd7c832e2089f24491f510b673c950bb2e094edf5ead8662c106dececbdb585e6f6776c513462ec2dbedea3a8adc22ca9737de88f1668f8c8ac837ee04fd2f8eb327b1b8682a53d09ef4f13e2dc20e6fbfa80bd1abe604a0b18cb9dc87987a684cf93a9921a7d2294045a4ad470eac422d8767feaae499495f0f1e0ee6da6ce8671552fb09996687374ceb2bb83e959bd6cfd8dcf7c8530a970580fb58aee7af836adc5e81a6a73ad4c8f1b4af6f04c094c7b567c4b0e1ccb9e1a683af3977a41e54fd66c1f7bfb9ebcd44deeee168e93d7a6cbec06b44ee4c9c2b18649268cc7955dd6a4c40bee93c7039ec59e12c0f348cb65575aeac8e3b3759dc0ac74831ed328271daff72329d490b08c56d3552b51e548c37c3e3b7b3f0590243751ebb823e6fca7543017d748b5908a913862485749441e6345829163c9aa321de26af4fc920be545cd6626487ec4cc088cadedce5dc919179beb82a2e0741a8b3e50f00c03246910b10d6314a5ebd0f44a15afe6fcc5dd204766feef41ead941edd2a64ffec16fe3f113e1f6c86653e9e4015abb22ad6300d1b926f6b2b71e493cfe388c06a8f4bf4c535af8d979686dbffa36b79a620794917f9cd7f624b076d576a62397c8c8bf18e0c09a06d25ba02ba5d2c11eb4d97323feafbc8d3fa3ebc4ab31f6e98d0b9d8ae8faa80b87712503baf66770f5a4a15434b4ae7c85bbe8f6a285a25f73d97afd8f533df9cdc9188c29a902e0d8e34423b41f3ada83593c0e44d1c27e5240eea62e8c58dfca95792c7ad0fa17ef9a4f5139df3c09f19d8e2e62dd2e68a020eee4fb4a6e9dc41ff560b7ea4499c12bdf233cf66d7e3ec753ed5a75a5f13fc1a84bd4fad3ae57b0af96f13184fa090f3176dd1dc10192a9968a311c17434e0a300c7525dd92ea889b6e975614387de7c8ecb9c07575b8a626e2df33d5d6b930184deba8660aa5933f2028e8b939216764f9577c269691e2e01444c9ca512c7c84c73583f722da9", @typed={0x14, 0x7c, @ipv6=@mcast1}, @typed={0x14, 0x21, @ipv6=@rand_addr="e6fdba7736e6f38b38d3572183f84b90"}]}]}, 0x15ac}, 0x1, 0x0, 0x0, 0x8000}, 0x4) ioctl$RTC_EPOCH_READ(r0, 0x8008700d, &(0x7f00000006c0)) r1 = dup(r0) ioctl$TUNGETFEATURES(r1, 0x800454cf, &(0x7f0000000640)) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$int_out(r1, 0x753c55b8e35273af, &(0x7f00000002c0)) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[]}}, 0x0) fsetxattr$trusted_overlay_opaque(r0, 0x0, &(0x7f0000000480)='y\x00', 0xfffffd54, 0x4) rt_sigpending(&(0x7f0000000140), 0x8) ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f0000000180)={{0x2, 0x4e20, @loopback}, {0x1, @broadcast}, 0x40, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x2b}}, 'irlan0\x00'}) writev(r1, 0x0, 0xffffffffffffff0f) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab31, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) [ 222.186637] x86/PAT: syz-executor.4:11289 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 222.197182] x86/PAT: syz-executor.1:11285 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 222.214546] FAULT_INJECTION: forcing a failure. [ 222.214546] name failslab, interval 1, probability 0, space 0, times 0 [ 222.242483] x86/PAT: syz-executor.1:11285 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 222.252676] x86/PAT: syz-executor.4:11296 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 222.256069] CPU: 1 PID: 11291 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 222.268468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 222.277809] Call Trace: [ 222.277825] dump_stack+0x138/0x19c [ 222.277842] should_fail.cold+0x10f/0x159 [ 222.277857] should_failslab+0xdb/0x130 [ 222.277870] kmem_cache_alloc+0x47/0x780 [ 222.277883] ? __lock_is_held+0xb6/0x140 [ 222.277895] ? check_preemption_disabled+0x3c/0x250 [ 222.305289] anon_vma_clone+0xde/0x470 [ 222.309188] anon_vma_fork+0x87/0x4d0 [ 222.312996] copy_process.part.0+0x45e2/0x6a00 [ 222.315767] x86/PAT: syz-executor.4:11296 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 222.317602] ? __cleanup_sighand+0x50/0x50 [ 222.317615] ? lock_downgrade+0x6e0/0x6e0 [ 222.334639] _do_fork+0x19e/0xce0 [ 222.338103] ? fork_idle+0x280/0x280 [ 222.341819] ? fput+0xd4/0x150 [ 222.341831] ? SyS_write+0x15e/0x230 [ 222.341848] SyS_clone+0x37/0x50 [ 222.341857] ? sys_vfork+0x30/0x30 [ 222.341871] do_syscall_64+0x1e8/0x640 [ 222.341881] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 222.341898] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 222.341907] RIP: 0033:0x459879 [ 222.355661] RSP: 002b:00007fcec12ddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 222.380407] RAX: ffffffffffffffda RBX: 00007fcec12ddc90 RCX: 0000000000459879 07:37:22 executing program 5: r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0x4}, 0x10) write(r0, &(0x7f00000000c0)="2400000016005f0214fffffffffffff8070000000000000000000000080009000d000000", 0x24) 07:37:22 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f00000002c0)=ANY=[@ANYBLOB="08004204c0cd535aba87a900638a8a440000000000009be504b9bea421473f6e1500d26655f1f6dbf62ef56a6344e8ff9dee9d510ccf066d8d41f0dfefcb502e95c80cf9fd1495a7ab097bcdd1dd10ddabd58f0405000000000000004ef5cb8259f9782e7982e9b6bfd77cd99c8dd68847dcaa134fb2b027bdd977d409e8313b4a39f558d532155ed8edb0ac3eb6f145cc926769bfd0eb70ed27cbaba7b33512ae04ae37c09c695c4505312dab7ec82e2f3d3bf7d73bd670aec6fd518a2c8976f59b223d21be49dab8f9b1a8f6ead3c7018da6cab5a6fc435ea02da02823912b47196ec25d0ea11a473d1e0b6b4ce3ec2c447bf4f565eb8d9807e6c804e6d12cf6adc0a1b89291ff7f0000000000003b991eccf8c6917a59be8b3394c0a3be09608746da2501b46c1a0900007c74ad7e162c482b084adfdfefefd422984a17a13186c7237d44a69bc46073b2fee9c0ba7a03f77ef5a8342c0e00806fe68fcaa5dd40f09cbc92d90697c67cb18d531e978b02"], &(0x7f00000001c0), 0x1400) 07:37:22 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x8}, &(0x7f00000001c0), 0x1400) 07:37:22 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) sched_setaffinity(r0, 0x8, &(0x7f0000000140)=0x9) ptrace$pokeuser(0x8, r0, 0x0, 0x0) [ 222.387677] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 222.394952] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 222.402221] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12de6d4 [ 222.409488] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 222.430009] x86/PAT: syz-executor.4:11310 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 222.442127] x86/PAT: syz-executor.4:11310 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 222.474617] x86/PAT: syz-executor.4:11310 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:22 executing program 2 (fault-call:8 fault-nth:54): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:22 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:22 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:22 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)=ANY=[@ANYBLOB="00fdb9364c7b2c0e"], &(0x7f00000001c0), 0x1400) [ 222.566567] x86/PAT: syz-executor.2:11320 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 222.600830] x86/PAT: syz-executor.1:11325 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 222.616370] x86/PAT: syz-executor.2:11320 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 222.639947] x86/PAT: syz-executor.4:11327 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:22 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000180)='./file0\x00', 0x0) setsockopt$inet_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000200)={0x1c}, 0x4) sendmsg$inet_sctp(r1, &(0x7f0000000780)={&(0x7f0000000240)=@in={0x2, 0x4e21, @multicast1}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000280)="c60350c4f24b5c31d06a65f65777c11dc50c9acf", 0x14}, {&(0x7f00000002c0)="a718c634ca1f2c0daca60c379b9aab4bce328c9b81a457c55b44be8650322c32ad7e2489d3b8057976ea2d7ba3afa791b091d0ed40f7a41bac", 0x39}, {&(0x7f0000000300)="14f744e1ef4bb7cb3270def9b16efe112d3c1c32fb630b875ff5129bb0b5c5d124b3198ae7c0160130accc3cfb88d1cc04b9cf95387f8c187fa725301bcc5142015ff511a06ed6c47527ef608b2a157e47f7ddcd9227e5a8512760da06d49e2eca2bb7d71384d2bf918b6f8c18da985f87a02500", 0x74}, {&(0x7f0000000380)="47198bf85faeb31f118e5e5a44254d55d1da3b27adfc5c92b0ae9e48ff710b3ff9be298adb65bd1d0ff3279a680ae1c7f98f11dac8865cc722a52b015338fc53767864d5d3b6e393e093c8b218b08c8af1", 0x51}, {&(0x7f0000000400)="014c6191e314cfe341316daa418d88aa5fa26d49cb41fb21f226f333410889771c58d8b96b05675f755db5c80468c2a7d99c0f35441dd5356fb42ed67688045717ceabcdc92f8ffa3c60e4f4ebf7407e966897fdc8b60b7d0ccfb7f5e58ef6bb8e4d3d08e468b0b58e33a3c2f0f6cd77e1c173b8350ac49f7db114718df118fb10c06168c6a62d8f694b9104b8cce59281b38a089fea51356862467df289b18edcab7e232032f73b893d6876c89a88ba65f67b1e8142aceb7dc0f1", 0xbb}, {&(0x7f00000004c0)="37f8c002b9f5e29e43b9c3e8bc17fef80c9700aab592de2bdaacf8d9dc216f825d58eecbcd8af63b9eb1a8452e5015485de1daa7eb32bf", 0x37}, {&(0x7f0000000500)="44a3f26f14b93116459427445212b45cd42667f803baad51fd4cbef224bfc65d0255e6b0dfd50302dbe4aa7aa861c334d7c372c2a3633d7db0c2507848377a86202f9b9f3337fec9bca09f60f9366831673f1e93ccceffc674ddda459c8ea3c8a2552619be0b234e2b3d74cf996362574b3e5b537789e5bb17d30bc4591794e2630c582d96a8fb47eeccefee5be5b155500f8102b1849633a7f3c8d67dbeea0e7fb4035c3728abde43f0b19b36db078431cc6ecedce79b4d3e91704f48d34c812349546aa77567c4b5eec848223a114224fd4d0962ec5c68148d53fb", 0xdc}, {&(0x7f0000000600)="555931bf808c26e86c232ac033dad609a83f20bf847397e2385fc26afc5522f276c52c17eee2a0b7eafab43f4bb95f76bb614ff53988a0b290c5f9b339d3b06cf982227c38d33ee15b4e59df6ea0c208c5ce0d94e06f0960df689801b96ed0fc2c3fb98a6c51b53d05030d89731e7339cebe1d821117970cd280a03480f3c1e981e1f4ca10a2c3890112d66ebe5a6c71e5f910", 0x93}], 0x8, &(0x7f0000000740), 0x0, 0x40000}, 0x80) ioctl$sock_proto_private(r1, 0x89e5, &(0x7f00000007c0)="77094018d45c955950d5e4fd01340c301b21097ee5f78bb6dbad0153c191050cb9266f63a8ee5377a74247dbee7a5242581453e9c2535cd2a3299a7c9a55b8f889dab5c60c446074ec488628a6fe52e6da8ff3396edafb7ae76d2876f61aa125d1fda1ea36784d72b8691fad335f1e2c0c710a869db10e2525bee3dde58a2f4c5d7cb32da3df886b5a1de076d3c08e664af47c52313a71c09873927eef96d7176a30e23e3a7b31dfd6e20503ecbd9a7b6f009faa2f0462cd624eab3623f8f50c") chroot(&(0x7f0000000000)='./file0/file0\x00') name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x8}, &(0x7f00000001c0), 0x1400) ioctl$FIDEDUPERANGE(r1, 0xc0189436, &(0x7f0000000040)={0x0, 0x5, 0x2, 0x0, 0x0, [{r1, 0x0, 0x6}, {r1, 0x0, 0x4}]}) [ 222.661592] x86/PAT: syz-executor.1:11325 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 222.679768] x86/PAT: syz-executor.2:11331 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 222.706917] x86/PAT: syz-executor.4:11333 freeing invalid memtype [mem 0x00000000-0x00000fff] 07:37:22 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x10, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 222.715973] x86/PAT: syz-executor.1:11325 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 222.731149] x86/PAT: syz-executor.4:11333 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 222.738226] FAULT_INJECTION: forcing a failure. [ 222.738226] name failslab, interval 1, probability 0, space 0, times 0 07:37:22 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = dup3(r0, r0, 0x80000) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000000000)={0x3, {{0x2, 0x4e22, @remote}}}, 0x88) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x8}, &(0x7f00000001c0), 0x1400) [ 222.783648] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 222.802972] CPU: 0 PID: 11335 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 222.810106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 222.819498] Call Trace: [ 222.822089] dump_stack+0x138/0x19c [ 222.825729] should_fail.cold+0x10f/0x159 [ 222.829892] should_failslab+0xdb/0x130 [ 222.833873] kmem_cache_alloc+0x2d7/0x780 [ 222.838023] ? anon_vma_clone+0x310/0x470 [ 222.842185] anon_vma_fork+0xe9/0x4d0 [ 222.845995] copy_process.part.0+0x45e2/0x6a00 [ 222.850471] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 222.850606] ? __cleanup_sighand+0x50/0x50 [ 222.850620] ? lock_downgrade+0x6e0/0x6e0 [ 222.859806] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 222.863849] _do_fork+0x19e/0xce0 [ 222.863865] ? fork_idle+0x280/0x280 [ 222.863879] ? fput+0xd4/0x150 [ 222.863890] ? SyS_write+0x15e/0x230 [ 222.863907] SyS_clone+0x37/0x50 [ 222.863916] ? sys_vfork+0x30/0x30 [ 222.863930] do_syscall_64+0x1e8/0x640 [ 222.863941] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 222.890979] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 222.890989] RIP: 0033:0x459879 [ 222.890994] RSP: 002b:00007fcec12ddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 222.891005] RAX: ffffffffffffffda RBX: 00007fcec12ddc90 RCX: 0000000000459879 [ 222.891011] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 222.891016] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 222.891023] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12de6d4 [ 222.891028] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 222.918047] x86/PAT: syz-executor.2:11335 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 222.943227] x86/PAT: syz-executor.2:11335 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 222.985718] EXT4-fs (loop0): orphan cleanup on readonly fs [ 222.995766] EXT4-fs error (device loop0): ext4_orphan_get:1261: comm syz-executor.0: bad orphan inode 609091586 [ 223.008205] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue 07:37:23 executing program 3: r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/checkreqprot\x00', 0x0, 0x0) r1 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/status\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000080)='./file0/file0\x00', r1, &(0x7f00000002c0)='./file0\x00') r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x400200, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(r3, 0xc0bc5310, &(0x7f0000000200)) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f00000003c0)='./file0/file0\x00', 0xfffffffffffffffe, 0x1, &(0x7f0000000480)=[{&(0x7f0000000400)="ed3f6b9990cced3bf9a73a95b1cc67ea15377cd9724b1ae2b837ffa1a1e02481bf0dacab63e02d40685586e69782cfc030e89e8ab12a695581009e010715a25c52ca3e9e82be4ed78749e81205b4bcedcf9f9f66a3adaa0451bd54f5", 0x5c, 0x8}], 0x880008, &(0x7f0000000540)=ANY=[@ANYBLOB="7571756f74612c696b6565702c716e6f656ebb6a89fb3d31a0d817a92432fe666f7263652c6e8c00000069643c66756e633d4649524d574152455f434845434b2c646566636f6e746578743d757365725f752c00"]) name_to_handle_at(r2, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="0800000000000000aa87ddb499a353af3d39dc428dbafca640f36c4cdbece60ef3a2ed5bbcda15751701e3043c2a9e753b205f91ad8f60f14c73d88c3350b1a4476da1f951fb5ad148693a25b03e3d78547998a9726450542d2e5e7bce80c608974a54f030100ba9bef6fba0a96ff1c95b9427ce29ad00e67ae7d86b6cc362a1bfc7a1194bf90dc537"], &(0x7f00000001c0), 0x1400) 07:37:23 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r0, &(0x7f0000000080)={0x20000004}) ioctl$RNDCLEARPOOL(r0, 0x5206, &(0x7f0000000100)=0xfff) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:23 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x10, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:23 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca5055e0bcfe47bf070") mount$9p_tcp(&(0x7f0000000180)='127.0.0.1\x00', &(0x7f0000000200)='./file0\x00', &(0x7f0000000280)='9p\x00', 0x0, &(0x7f00000006c0)={'trans=tcp,', {'port'}}) [ 223.161804] x86/PAT: syz-executor.4:11358 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 223.178492] x86/PAT: syz-executor.4:11360 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 223.187349] x86/PAT: syz-executor.4:11360 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 223.196519] x86/PAT: syz-executor.4:11358 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:23 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xf7c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000500), 0x0, 0x0) 07:37:23 executing program 2 (fault-call:8 fault-nth:55): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:23 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x10, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 223.206857] x86/PAT: syz-executor.4:11360 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 223.224327] x86/PAT: syz-executor.4:11360 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:23 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000fea000/0x13000)=nil, 0x13000, 0x1000000, 0x12, r0, 0x0) mount(&(0x7f0000000080)=@loop={'/dev/loop', 0x0}, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='dax\x00', 0x40080, &(0x7f0000000500)='mem\x00\x00\x00\x00\x00\x00\a\x13') setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000180)=[@in6={0xa, 0x4e21, 0x6, @loopback, 0x100000001}, @in={0x2, 0x4e24, @multicast1}, @in={0x2, 0x4e24, @empty}, @in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x4e22, 0x30, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x20}}, 0x4}, @in6={0xa, 0x4e23, 0x2, @rand_addr="016c4c82cf686063429d4338c1d544c2", 0x200}, @in={0x2, 0x4e23, @empty}, @in={0x2, 0x4e24, @multicast1}], 0xa4) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) open(&(0x7f0000000240)='./file0\x00', 0x800, 0x4) 07:37:23 executing program 3: r0 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/status\x00', 0x0, 0x0) ioctl$BLKROSET(r0, 0x125d, &(0x7f0000000040)=0xfff) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r1, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x8}, &(0x7f00000001c0), 0x1400) [ 223.293541] 9pnet: p9_fd_create_tcp (11375): problem connecting socket to 127.0.0.1 [ 223.302297] x86/PAT: syz-executor.2:11374 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:23 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:23 executing program 0: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) r1 = socket$netlink(0x10, 0x3, 0x4) writev(r1, &(0x7f000051c000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560284470080ffe00600000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x48}], 0x1) 07:37:23 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = dup(0xffffffffffffffff) ioctl$KDSIGACCEPT(r0, 0x4b4e, 0x2c) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) sendmmsg$alg(r0, &(0x7f00000040c0)=[{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000100)="5382b45e0308e0d934f6552b41ff77c724ddeb741551e9a466a7aa9fbb9f1f5d117058277d7b8e7df8d0544dec1dc827afed6c5ba4f6547ee08f445d74e357ff8be8255981faa3f31b4e507d277768b7f429dae8617970069f0b6aad42450f8b5c0963b9aa96c9685607de5b7ba82e9e28906770fd89c5ae7369844292ad3c23943adfd8869d3c0701f52d31423f807a6f98eb85cd8ff8575718d5d74937c558f24b0a1277fc545a840a12e27313fb40e94c3bd11d4514dc38ea8bf6172d007837fe45b8", 0xc4}, {&(0x7f0000000200)="6e54901d47828fdaf928fc7214e2b5a72aa370604c5a03d2b801c508ab29bb41c36cd668934ea3b398d03247880a22163479d320dc228efebf67e50b4ee7fa2b81b39ceeb33df3c9bdd922e2e19beaecbcefa700", 0x54}, {&(0x7f00000002c0)="89088b83f19e76f93ec3c59ac8b382927d23b33c924a0454bcf62389151709974be7461a623a805898f0ce457aa8834b9b4e0dc94b35d069036cd2cee7dff252eb36f0f2e3b3358407cc88c95082a61d8c4a5f691bed06141c65c66b80bb507ba624e41c7b97429b298409158fe31022df3956a770d720480c13b6d74c01066ab244400a844a44c0e438d31191bb88c9f2fbcfaaa8343457370e7e7f0597d279df88ee818d7541a4fbc7e5c6dd57", 0xae}, {&(0x7f0000000500)="8fa680235dd040ab04b70ea3fd718c164a9ecac72f9dc92bbd41ed010b335d9257d102e5de9fccad9e38fa2f65543670a0d2a1ee48f456a5e69cda37637965c7c095aca846544bb7f29e007fafe06f5c76a9574b78878805379bc0151eed7d87c7984ca7e219a2575f5594d2e992557d851cb1aa81bcb1140bd1b5189678092d43954a1a71ad284cff5230c609787b0feed0c1274f3eb042376328f928df691a1014dc66f9041f286d7433680b22c67b9dbbb8919869949114361ab86cd919a3561151781f8d961909144d73", 0xcc}, {&(0x7f0000000600)="226b227b00f2d1c43c2861065573786e21a76d1bf3e6c4b5c684443ebfd40098544e05336453cbfdc08e165cda803f0017071855f28bff07536f306a096f05726c60c98558a9fa0c47acfae53fe63cf10686e38a5094bf962182d516c54b43f8b585a2db145dda", 0x67}, {&(0x7f0000000080)="a84adda278507659ec0d720b8e0933ded028d04e907adefebeda645ecaa8b90b82bb48023ebb6985721c6b2d2e2fb2a8a7fc", 0x32}, {&(0x7f0000000380)="c036888ca1f8d19d5a66c335be27208d46ee4db7633ab4a4d3e68edff1923a2577c9", 0x22}], 0x7, &(0x7f0000000700)=[@iv={0x80, 0x117, 0x2, 0x6b, "d9a9ff9c40e303fd4238e911b3a3c33a2b6d31df63030ed76972a693057addf243e2ed083ce6eb9e9fe92ed94d0295ec258bb49d4c32c2042500e970748bf8772687e84f8ff6f74e62b52f346db1d05bd5310ff749e647c664a4129951ce286acb814f4d94c166f18ce3b4"}, @assoc={0x18, 0x117, 0x4, 0x4}, @op={0x18}, @iv={0x40, 0x117, 0x2, 0x2b, "fce624fc2493ed3426298c5c84bf4e1992e4abc3083a5c79f2071ffe8446e64650ef36479068d59454a4ce"}, @op={0x18, 0x117, 0x3, 0x1}, @iv={0x1018, 0x117, 0x2, 0x1000, "f4852f4b1049b51202a5b2aee2af1b57d865db7a83b4b08ad019a5ae8006975d09847ee237349e75ad711a26b9b98e55060750394c08f759ecf496a90740ccb417078a727f979d4bf99ebe64237c57fde6c0efa6ac2f0b4ab9836816540ca0ec375e41d0e8ec4c23cb47001befc47359b8e2405c2b2b4b3f6308f2f482f08c5e300bf23be8948049a23881da2678401b2506e084cfbf4601315c6ab6e3aacc316996338ae63920c425d91815996f725e5186f15bbdf0819d0d9537f072c6b1e174b9ef004ad3489239f583b5a0e32c6d2a9e6c48b989fef9fc9aa1b203f244a03c364e9db37acb4032a0a9f8c31581b450cd3e092c2e3e2e2f8105d9ba5fb47296a363834e99491b281333533bd2e66984f9b8939fdb4775a118028d2f21b0335ff1bbcd0583bb03f90184ae1d857904bdd30ad78b3241e621a8565a0cf5ab95dbe992a0ce0b9e19dcc10b5cf44a388239bae39fcf5a8bc47ea1e99b069ccccd57d2ce62b23b383f288aab3964e5867feaf638a62fb294062f4e03481d2e80dcde2bffac8a5a5afde80b04ff63a4b1c2e7bcaceb0c86eee70dd7f7a9fbb3bf2f69dd691a3874922d90104efcf1082195c69137cb8c5213cac4c11afc1896b1aa476239951ef81beeceedf93aff4a2f248708bf6ade3d162b8041326aa03e83169c04ec6fdda6af8aad9ae6d37507174589acabda962ba15328812fa0ef127837e4843bf0da87046f3e26caeb2181c3598530f532acb864cb6b75a8f4ba2d5fc91d3b1ad9fe07c2abfc9baf1ab82b08d42f8485a8022cac47607ec0d2c8af6a25c7c50d66507d3961e5a6ef3ca05ce5e1dd6b51673522b06d0d7029dda908802c076905f3e9846d8d693050cb4b21f4a533334c511662c50858cd382c40fc42900368d870dbce2742774974bc02ac8486e42e654bb582b346f17fb40c402f58c9ca722e2c83aad2e785cc3c1b2652b0a5f05883164944be4cb0f827a30892f559f307621fb7d976df11c4dc09c18cf06a8c88bf65c06a387ef7c0e17b2b8ba85f2f7a44a7fe5e86b864021b58e3e159a81c7c88bc2f24a8e1e71751c97e413980dbbd379213b7f0c62c4197c80f6271c9bed5e0f9e05b24120475173db2d262381275303f05f44b9dc1ee2b48d7e69a8a678a84d463fd00bf459e4eb30dfdcb440b7d213923ce6cdfe80a7684e84963baf305ce3a958eac69e2ea7faa9b55cf7c8540ef9f017f3dd88141c464b090710426c0fda5ce30fa0ea66cbd7fedfb555397ee0052d5d166be09dd7b56b1b90000640d3f64a21cb449eacda481b2ad415f6f76cf3357549b8f08fcdba95778b29283ad12fe860e6e50896f6842b7f3200878bebb35518183e7d65c318b888f11df502cad91d24cdfa52d150dfa384168ce968c354abf1a672189fcc0451fdc4e901cdc65502ded4594905bac160ca211c3858697c130c25138f2351442d2a0d600121389c3e42781b587463eb05fc10cb82cf76bfff2fc49f3fffdb01687e1f7ea41d1df0e7c1c1fccdef458cc865afd368e54fa627a1387ad5a2c71c3bb244355f1b758b765c421956118aa65966081483f2ff6a9c19afeeb8fadd6a02b5fae55ac7a739b58654aa84d29357e910f598f40409afbac91dbf6aa568776aaf5d084d81d97037e8119c63ccaaf44051cdfc7c5727490e2dc7d9af0da0a44de988f1fcbc0de045607c1a90031da85b1d7a5b9fc89a0fb83f39cd881d93ab364ac99533bc410d198168adcb40f887188cb201448299d885ffa8f57eea2d20fa6bcc74cfdfbd7eacc736159a13e08007578a519024b08e9faffd5cb61cc76d269bc47011c099ce106ee0e023019d81cd5c7faca077533409c5a0693796450ff3c4f2c9941ec5d2c692a7b41b4e079dba2304127658579dd6d03d583cefa4c3baee00319b31710298622f46ec5abf6f005f4a51e1228496c6e558a4dd7f8e1bac7072a3f1e2029d604e6ac0360a7eb88738e98c1caddba7990a4030c9779710c642c9ac11ac414fdf8ac502194f8099474763adc02f956bad2eb6001d0b34e978d69d7d2cd94ac0a1f8f4560856f84a69aad141560ba60df8493df42eac4958a1523dbcb7af92e6f2b7d0242443f5928afb9ff30423b17e5a3fed594b930653a2b88cb8422888d40a514447a24932384bde81c36c2cd2f2f3e670269557de75f79270a28c715498ff769505e3ac90f2ec689c5c0bfd73fee6389d6e55f62a561ace6a64af6b507058d7cff34a8875e8940a41ec22576361c47d14c043d742698b8f1c05e03cbd6a6cbb39865df7b1159ddbfa3889f4bd840ebd85be6a3d9eec890dcf4b8329bec2d93ef0a129416a8407cd4c05736891f1bd24ed9ab0111be726a6a79d992a9ec3795b070e200ef45f8676163281514268f10805aab4d06bcc4b9b7cb2b935ab1bb7ef381c2197b19e4f80eb21602c33d6ea41e7ad50d5b10af054802c190d356b845cf3c2d6c1f42279a6fb21c0c14f5da000773ac99cbb5041e803ed84dd93f9567bcc5125e69746b560a5091f797186f1c23ae34542ed8011d4d07e7f6a1d285360010029b2f0299371fe107b26710cc829341d238757d73da5fdd0084d0a8d704ed668af4e8d42d2cccfbef73933e67ff1dd3eed67b96054607f01cbefd61028fa82aed4345749b105d0bc3a90cb4d1a6a07ef932564d7a1625c1bf923c2cdf2ffada8bff7cf6c38f8aa6fc2d65dc89889a838477e515e48fa86e014393b589464d8f8e8c7aec61a3ac92de5f0b87593a6a343fdd4d2bf3d86a7b1640253eadb105ee205643f6c1b95fd6de53dcc62011094159bafb35e1ec224dd0362b9a42545021db7df9e4843e9e0acc9f4a4ce75d48dbd4a6dd2ca7543430cde02012ee87512808a4a2602a7a585c41d2a4941181c8be96c5ac0102d52edd1e26a4a138ff628333a3d8d472af326268a2568056191643fac730ba18bc13ea5b01e0d73c4984d68511919e2d2dda901f3c9cb64bd6da811fbb5a2200b6f8511d7701d3e37b4498f881fa0053ee623eb3e9ed2d9f6992127f6a2aa5eec21b86d2d9f29bab3af7feb9c341841304dbe58096d12a8f6805df39eea5dda3a936d59db2346b6a0588ce2c0bd66e5688ae6b947879b0fc5a9252cc02b212a452640a95a935b2520dd3d013baeea609b37cf31a6119662a850deb92f9440b879ead170879400a5a0f1c1cd66f623bb1b5ac7a845956466d902efb22ec3b6b4feeb7779d768b82e297ce2bdbc3ecd59309b75c46e107b0236ee1fc760e616719e24684ef9b83601305038ad811de91f9118744dfe2641245567938918fb488dabbb1f4f23bf90fc5255644af1a095854886f2ff76ff6bad844bd306f51c795bcad6bb2def97b321d089bece0892fc5790b068a49b49071f0072a78ec2759fc1da0f6493554bb7363a07a95adaf6dc4dd0da322383ae9bf1e3f7cc9372f40b45e73e1db6a513fa92f7dcf90d422c3d20a70a5254930f09b6b87d877a5a7a2dbb45e79ca2992d97c3fa5847f9612774d23025d28b3a25d0759f28bcc02690869bc2e743b85578ef895246098eb0ef0089b1144aa446e56c992f493a193bb8547cb5a24aebd180fdf8dbb1fbc879cd99c0ffb8195d7a9fde5bc4ccc0d0828efdfaefd84cd9d6c20b462285c0153b905222078b824d8cb62a3711c465c45d347bf7e1c5f577b0b7ca667957854b58a7438c678c57e933d88e06c0e002aeb8d46b0ac88b83d0f1782e4412a6cc6d512b1f1101509ac84828e8db3e5c731b18d8a329ba7e824b0ed56c970528b5e1bc5fcccab4f035eec8cd5128d7ae4755cdd698681f0f8ff2318112609a31502dbc9cd6de23903011706078b7f09ffef4b2f44c38803c1c39d4a04d417af1fd1f8a0a7f5c9179c2db417bf79e6d2b704eac1b865103e893001a63e094251f1459043ee1c6e9714f5d256811e619b049a8790ec93b2d1e7e15c79d9c0ce1ac3bfad6929dcd079c5b82637c90c3a1f0eebbf3aaf7eef7305163f0d5b50f2901de0c8f7cff8922af19f2fb6d24a3a6f14eefb98c58cc1cd90c19d18d5bdb38e391ccca70ff9752b96e3b1d152ea3795919a41f0f6c3277ef062f51fbf6b783a39dceed763daba63e5ff1e16c7a5522327e2d53679cbd3569af94808e2a192b770a043901e844322ecc80615ff9b1fe98a1ceed04ed6875d43f69ae59b9b37e3bf948f6636bd0ef11fef6e1ad3e96ac7d48554a25f8a1b4debe1fb923924931bf6e0787bf4bece8f8d0b782ebbf5db42270cf8529cc496bf61d182708b231a616764b458859573b461c16aeb665c48be1b2974d0f84d8f4f727f461100b19c302cd9bc4a63f70357f730124c154548a79169664f44de3a4944ef4a00b409b1be9fa4fe3688d2804d9bb9b99d14b5437e5d1f4ad1608b27066676f6beae686f9a0800fdeca0609e0577d430f4e168b1462fccd852efda5399d954fcc0b1dfa5565218371b8d05bfa814c70bf2057cb744484105ddb711d83e31826b3ecb29ceaf257a9cda5999448c7a72c5abab54bed914b5738a4f9ca0a27a67d383bb6630973e3fa76208144f4cdbd73322c508a9380daa22d616e246c72e2f07f1ff1514d78da99805936fa024fa70638920ed0a5b4ca86d02ad9066b7b43ef8cef72b4766a143d1f41f4714991e4d5d5882189dfed6c4421dde06856bb384da7b116fff5ec0f6f2423eda86935189864d9c7fba9c1f7708010eebfac51a957a17212df467788a090d450ef5d777f8060a799adb68c38a65b69c9810097d9c60f7a6560734c3ed6338edcf223bfc38cd78dc0f0473358f91ea7f523285e7d44e09b4b0837505dc35022ebf541952008cc5cdebffb3421153e6997d79c5bf53d56743f70cd5251138d4d54a3cc9de61383d890598e29e201261671a67d44e188a9a685ee2f7f6e05d8284c5c837862c39256df2fcc13280309e262f9340afd0f7f38d3e43e215fc8285b0d0462bc64c46ce9651383bb963e011d167c53a1d4278462ab2a47afb90388c87f0b2527fbb53f8691615d2838f131fcaa6a4588fb832f9f3bafb5d93652a78dbecf8a55a229fad657c37d3e4149851cd592872744c1cbf72309ab17c97f3fdbfdc7b88d092c3360cfc6f1b7470dda6d1dcce56a9fa68922d93fc43cd77e2eb4b0f4c71cbe787c654ee15225d38bd5b867d1e95bb424acd297940304df1daf4e183a92ab6fa20634efc5714de6b2c7ae0690998099d0040cf7eaa9f584048dbb81aca147e78f0e91d86766af46fe29960fd51a23fd41fe7a6f89fa0e29c0cb2c20620dfa97e0c6b031aa512c3ce334c5dd85ea18c82edeb0413494fda699bbea4e6d8a708bac3fc7045828c241bda3997880f77ae318b11f864015db5563d39ab15f440ade2ee239ae98cb82f6f1a882928932dba523e0f5f99ae54122bf21b341af3802fc3dbf8029cf20907b53c415b22b326d561139ec37953c57d7c1a2cc06d7e22e2d8d53dac7c8ce759e99aa08d25932fc7c960ba615463115f4665fcede675eca30752eaaacb91d2070f95c0f2d17a00f6a6639936534dd619507bfc360c106f1f4190e74de4155fa755f3e8e0dc48c3bf301241914364d09fe8797288d641819010a77adbaae76e29bef7e473c92448b1de70964025bb3a5758a8cf6883394ddb0c4dfcf7aa6cd53073868c05f58c08b3f788c11b8690abeef9d0620cb1f1b1a21848bad604c78b602d50343b1dab97fadd2206f37d1ba89d5defb083d351edd9e76f151791479f7ec8b7a55412e94258377d56827de082998df19e4df1601959f378"}], 0x1120, 0x8800}, {0x0, 0x0, &(0x7f00000018c0)=[{&(0x7f0000001840)="a25126b66836457e08068a3bec11a14d7a731c30aaf0fbb40d285d8eec9486a89c655a1f00ef50f7877792752191407813eb1ac2cad17726e7a0726630a3923e05a4d60045a4a6282538318871adea77d5229654c9156d2731ea", 0x5a}], 0x1, &(0x7f0000001900)=[@assoc={0x18, 0x117, 0x4, 0x40}], 0x18, 0x4000000}, {0x0, 0x0, &(0x7f00000019c0)=[{&(0x7f0000001940)="b2c45b64195683661e3e005ed9417c8e4b4e572cea7bf9a2d40dd7edb4e50ba943f4c03bf02f38a5c4855547197215b32e4d8718f48f26da767537dab9c70a68670fae1f4202d45bd7bd739b6f171b73b1cb", 0x52}], 0x1, &(0x7f0000001a00)=[@op={0x18, 0x117, 0x3, 0x1}, @iv={0x68, 0x117, 0x2, 0x4f, "05322a10ebc63f8d6ae70f177ff750add57691c2f8ce150db7322a3b8b7a7aab74f192c065a38171288fa450ccd94f77ac93ec9c46de7dbf4bab354a70016dff236f625d152226aeb9d1a323e0c3d2"}, @assoc={0x18, 0x117, 0x4, 0xffffffffffffff81}, @iv={0x70, 0x117, 0x2, 0x59, "6a636697390188c6557f537eb9e97b0927f6921a9e49246d32662a2a216380cb3812938e9b4a96136ec97fce02e197af30da7472e39361114d36363417426932a5ad05de62b6d481615d9179ad7fa4cfef7b913bdfd8588b2b"}, @assoc={0x18, 0x117, 0x4, 0x2}, @op={0x18, 0x117, 0x3, 0x1}, @op={0x18}, @assoc={0x18, 0x117, 0x4, 0x1000}, @op={0x18, 0x117, 0x3, 0x1}], 0x180, 0x10}, {0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000001b80)="69ee11ea3a5ef73835200d275a8a97820ebaf248435872df721516ec1a22433a57908dfb870d96da0af61d35c220efccdec48d7dd2734de3098082076448a43e68c04f60d3e622519d0ff5c6c0798c639dc2177f6f377da48a4826bf0701d37e", 0x60}, {&(0x7f0000001c00)="e500685e3505e400b58187d70b639aa53c8baaba6a3f7f1c16a3c9616f00139047a6c60ff3e21b1445ba5691d732", 0x2e}, {&(0x7f0000001c40)="4bebcb1f8dfca90137cafda2b4e831688faa3dc725ded62c7dbf61a07bdbadd963a53864957fe8054860a0b5ba16618485e1db846966e02412f7775b033cf172e85f71e6bb7c9168fe772c4781f0b3cd20506c7746a5810e3f9989b23085d61c0f70c9e8a6f21288f2c8c4e2264cec79878c44e3c8ea5ce8493f0416120b366748b9e3b3743723260ff01c8e1d606db7a4a871c962d93354ed79fb85b7e6dbdb52b3f812d3accb2a0db0d4d5d88707813e0d637d1cae44075cac6117531cee9ce8ecdab27878866afd9b32536d052a272e8f7a7f79e51fe433a270ea9a10d2fafb4a63add85ffc393724a6", 0xeb}], 0x3, &(0x7f0000001d80)=[@iv={0x58, 0x117, 0x2, 0x42, "bdd4ca5506bfa9808bd979eef7633d1c1d57d1ebb13121fced80cd62ad96b7603d7d8b85317e1a29c66e4e6f8d37a8152396d90d045c967828f5ab107c49acfcd207"}], 0x58, 0x40000}, {0x0, 0x0, &(0x7f0000003180)=[{&(0x7f0000001e00)="c3967ee8d5a59fdd8783978fef166b61dbc19a75f3faafb4f0393a367ae4089e23d99c8ffdf18d83d3a171c6e58f0bd29b46be2121b322de926775f5f420a2f89f57983080db98da7a19fd019f527ce5b21cf06dec3cca1a4144ede5a2cbdfdf9720594045102fd45480a0a1a6f7ff371a2b30630da09683eadfb7f96bc9b7a59850a5241cf0ff3ff910ee8a5cda870dca05640629fadf2410d285a0e1f5941d400d604e6d7fa06fec948fd23a0677ddc77a270c590792246ea3f694bf5927f1846842ea75678fa1dd4ad70d24f125c941393d5837233e6ff5e1e177f29b88501e8f7a2d06efdde207d4abf0851cfc450c6f9d73381173589cbe0ebadd1d4f345846b5b9d557b73c471695ce4a60208904d726c58f9cb592c0a398dc4a46a74393f7cc86c1dec5cf42ede33b6e44e2aa520b0b041fa72f54a9b2789d44a4f0ab4d77f39884c6ec867312507b3e54c058b3b5b81db662b61c43e1fa211496c9d7e8ee0d62564cadb0d6bed556e319f7266188d32660967da71afa01afe14081b267a0024d727d697e2addf23fec348e99cbe53d1faba935e208e36dd7d39cdf9e20d63bcc4fe2de929847f5abafd111233ba17a18f216f16ad2c6c8e3bfb301fc94ae56035f0c00a4f71b6f20a16f2efcca0c70c42883cb0dbd8c8fdf69d1533c1c5d27da4023fef1e76d684b758dcddcbe24b9a15b96695d5bedf49023288ce6df1d41986f82742031fbbb48f202c4f4e8c5e9a9fb932c82924dd53e4fd53a9977fc3a63e2adf3867e71d5b9d938c675a5418d84e7ff5c5154736bfe6434b33119e043b31a423e0962ad0e0e166d999cbccac1a09557cd82002bb9e73a585884ee319e8ec3553f3ea0db71ea387ff8a4988363015d06009eea10f4503aecb81a00fd17d118ee1950488cc1e73eed121cf826c12300945cfce6a0d3e6608e2d2df06415befa4383affc05e50c294f8191ba1043280919fd1fd7852c98778fb1a84394e2c02922ea46ea72686fdbbeea1c27c51263a3f590ea84ae14dbea5815c74d6f318cb527c3c51eac16ebbaf1df1e41816451d51f470ec36d0d49410aaa0ee91e722720fc0556f2eabf2e969a055460062a9aa001a6e3c4278f7aa119f3495c2baf5f118b340acd6a5afa30749f7cd3b5547287201ce9685fe9c7546188e5051f6e9473c5e163260064f11a607ac0a0b7547bc48d9bdac87168eb2c66a1f2e2718396f74c94149895fa04485ae15c5b14f62e2a78e8ffe138b7bb30e0c38c9b650a25df23d5438bcd4c62951d960b260b0237794843c202c029058b2e986094ecbe46e9ed1bcf0f371c113b20e6e0e3a982cc20b160c791f727f9a3f2276980c8739a74b7c9d3ddaddb10b26eb5123017bb4357a6c90540ec2149b05c7152bd291284e10d74bbc776ee000f79f2e1ad8b8edc36ea0acba98b83e9879990fff47d4eb333b3b2e056b819bd1b522de5b06437643d1266d71cbbce7fe198979902b70a89a7a0a59efe334831ead016bd56cdefd7e2dd98f2965c4ac4cb83b0bbdafb90949585110456d0ab5e54223e4609bec1c92adc233d511a908719a64759dde24fc3fd39aeccd583b95aeef15a8ab7cc1b7e2924cf26626ed449da82f459599678d8db1eff6671b6f290f3f75569cd29e9f1243b7529b6f6ccb197484eb0eb6abf1c79b752a67010cf407224ca542b558c539db66f1bfbc91e566994a5d511813745215fef00a202e15f799b97bfede3c9d1a07555b3e4d2fd16fc6a89b61048e8d33170f6119101d36036c27969787f4d13193d0a5b5c9a5d4e8f3ca6e346c3498920ba9a06d18e98ac39092b4a1038a557cd31d38a658250904ccdfb707a922560872858514a842aaa3eccb5bf5f151aae7f388a2a4c130e338aff98632d8759a5ffa5a2b69eac4804b6aaa1f23d3e4c66b4dd94d571641aec69ff3028657be6e2c62f331528104827221ffaa760077defc4a41d72f465fe5b74e13ab7b5672b2d0a5e2e9c91bd6805be79ffc80fad0800f9f80768c65a7e47f27cdc5a883bbd5db7069f9b2a1ae7e6121208ef6840e684a914911a17d9fcfca61417adc6aeec849f32cb07b1f5cd67b14bf000e908af61be0a5fd1395abe12403c273325f709a8f575b8e081303592339375b0c2127f611c7533f9d2bb075f8ecf230d5636c53600350d199278ac996f761c8a8cc88f6a3a80812bfef8873b9e6072ab1384d21a0e9704b037419303ff02df2c8735d57c06502d983d6cceda06af1e72e87299fcbbf3f352a13b141eac7de045efbc64908f09714b422296cf9e46aa966f8bf2801967bdea8e8a22363f96e4e18c9de024f42c074fd0f7902ac0b9b9fd5f6a91248f6a421ba63d96e82b8a9f9184a53f0d0aa250c4f9db8234896f35d9c3a0429e860bfc5e3972b9d26930c3e5194a05e739da44f0b5bba2018d596be6d1b703e4be57e1679dd034ebed019ece79e22d16a86f582e76863fa8eaa5a54a9762e18b7fbd70d0882bebb20995a5f55c0fe82de46a9f6fd74de1cddb8244611b812ef8186e1ba40aa2fb7a8459244e63e38963ed705009e2b1ce152d144b2e0bc40eb1c92981242edf5801d636205f8fdc55738f634be9833557906d88b8ef74700907edfd62bf9a11cc059d7f1896f13685b33ac54e4fedff89a45a536126083845844a2a0f42d9daced0d8ca91bace14e3bfb1edf1226ddf1a6e033b075f73b1fd674d4c7d52d4fba1cef6757818127a19105c1a958f2fb47021e7c3eecc18de4a3eb3ac59ef7141e038df2b6173170f06f77b1ae16ec2535e22d19a592961002ccb176cef6c01fee2c5218801ccee4ea7c888dbcad6cc9b2ba8cc28b85436a40f3775d60beaebde8bfe22e96db5f7a062db838726372a0672de2ee6f02e311a6ca0348305ca8abe34f3dfe471aca10105d80daa88337d079ea18e9b06ebfd4f672995b97802ffb0187f611e153536bb25ccbb29fbba7eecf1993efe69465798854be84844cc19b8c88a23e2397a02f4d1257c20f6357aa2705bd5c18d6fccb76c86e848dfe1c89998f91a77ddedef97a27f05cc550e3b61156d314b75a43ea02ef256b59d296301e21a71e3678e94492e04b87be5bbbea3d6a77d15e7618aac76d404506c36ca44d31d9ec808dd887c6eda4724f79c1108117f7f89c1d0ff098f205e38056ff8e4899eb8b67be5c6412420f71fbcc0639129a27fda8660377f733733cbf77013638357326cb93df975b219dac59b05c66e13146d57c231563a3ee8e680e55fa9e4d9dc0ff2cc0a783601a67a7874bb852dc0c14d4acb4363a4e5c32fef112603b1f28ca22d6a80cd2a661098eee7ee883f5902250768ad971846a58a2cf983e5699efb2ee4f4c55540c669b588b81b1afb85a30d674354fc30ecea9398c401d7761cf4b4fa0ff052561a59f63951c29297afc60d65a5e9b2fd486ca986f083ed9463eca351ab05819413be56a19e215ebb914fa229d3dcff9d501b011b3a7fcc8aa9742696acd8971060b19a53a05a3554e82d70ffee1015ce01b8045767d176e0d8ea4911448fe5e2c9400d505b734e13538dd9c016ef97c3a9716d757191bc04602018f8f298da508fcf51c85a262584846b1a2039d21b44b366c634b50d47a6a6f23fcfcbda405c32b903c7eea7b30806aa76681b2d0aa50119136ae475ba67f2e1494e17b9920b6c6d9ef9c5dec22f59beb55b81a025dd62dbe7a4d8d3cd143d7bec93bc604dfaf3ca2cb06324895848cde11f1225dfc1e0faecbb5243da4eef65887f13e5550108fa941ccb42087518ab90bbe50c40ba7fb0126f3c5073aa1710e4239adca4d7ca0395a4406e70df2da1eb0c97029d06dffc069a6eb8d92646b432dca4d5d0d0c3cd3cf850b5213de57e35b405788f049748f9793468f3cd4d02a54eeddda8b84d06845965a2338c4d0936bfb6832f14d51ff6ab79bf74302ec470414eaa38c5c761ec52302f3492acdd35ff597d455124941fbefe256af8a1233323fec14f891efa8bbed0c7155826267c019fcae3d07d91f20837e78c3ca7bf61f24de26f2ec6f939cf2b4807e30a71bbcfae4e380542a0389669d94145868c2b6f987b15d7f73da183a99f41e029abd3aec4139b8be2da4b11100c08633457bfad298b5be1675a726076d7709a103cb053c277893bc538e9a542cef3fa02bbd8fa3bb337a6cb189efa5dc48fccad3c184dd031f4eb7d542f8e2826d80edb5c85dfd2ed43646f9585bfb689b45fca531c7631a005bdba566500f9272b3e329a7844a458cfaa5d8e824a3cc6ffa2935b674b389fdbf025f78c75dd53379678f15be2c4371743d22bc195ccd87a0580d0ee431d4e4888e1c97c27d2fdbade06d274e1d8f18ea502bfe7bf18337a532512232234148f50422252f28f47a7ed437038c19085adac118be14e7b85fbdfca817f77e1e5a618a0336faa60e74c67032269ae68899ec8d5936893bc8e5dc6b1a1ad6441b4bfc93ebd725690f045e8d3697a9e88056fcd45e6a239b9c3150f0eaabfdbdb33315cfb7ac557d6303f637c5a8bc70c5582f6a86431af8404fe4db9b716599a60909a81b3bc77cd2ad9cd4799d0d5ad1d2be8b5a90593b3b27e21dcbc7c9804b2ae235e5c50d70290d7a4c453d22f5b86a20eb74f733043019d43e9c2555e51e4124f5a70fdbe9aaf7116b3787e0128dc77a5f4ba9bcde44d32643863fef2e5623df73fd9c62f4ea6ffc0bab2ad9218ee1e0b551dc1cddcf43aa05c3b867a5a68f625eefb391b280b01c855cb611000dcccdd56c77cb795c3d3f5f6792fee44c09a82cc08375b0df0b629a43ac2ce2219ab6e7a8d859fda9579f8453922c32caedac35cf55266b92787feeae5c4ab26903edec4c97b431ea5496c0f506a1a696cd6ed5e37eed9214500bcce6f9d0dbd4a62f756344af09fdd144ad5382a3a15445bc496e1fa9b88c54a84dae426afd4b03887d8223666160f0b02781b4895e849a90ec200bb169fbb15b2789b6aa5235f94167ed1bdc7af722be8e175a695a7e5c26846a1f5b6ff37fc9fffc1bd9112898ade67f96b5a832a7c1f53cbc54f331dc8f4fa2349c4f3bd5c0dc1bd43d0df28c6ad8cc5997cb80306c913d628de331eabd962ba1ebbf408326d3ad5802bd22a1253b3704575e228ae9524bd1699b0dbcdf1d4e23d5a0acc594ce7515cf4255b036cae8d9e033387f536fa927ee01c6aa28c37f7b4579d957380cbb91afab5ba54dc8243b56b9a337bac110d07f9bfb6e0810016bc0b8ac5928ddc4711faa01619e87840856a5f1d25ca3d4ee77ef26363032ac5dfabd7ec45186d3fe793c3b30c3158fe75b72ae58cfc2687496763937a76454a79c6575cf7de6bf2bad19b5816eef4643a75d9b5cb235d377746d954bc9090432893f8efd5a7426c3cb3eb29dc6acc785179bbfd85b556151b57f1a2230c91247039855cf7c4b923a0736c5f057e9e00b6fc7671de38ca3d5547838e4b2509dc9d9b0c90a7cb1de6068465d62c6329d5eb61bd924c1c2f9034d10fe5796dc4b12ee025543e610da3bf3e762781c1ac70af21a83d3191b0e54441576353434675bdecaa3248b0e9a82596ce3b75f7a9f9c4914cd835d0bb52347562abe042d7bb5fde769bfbd078731e08d58c9336487dce51ce5ebb89060c3555ba3a99e5f0af9b935b1547c905001d0a989dd1dd90af65ba4051e58b518f0213419d766926ab652edfb1e476e1eb336ff8a1713e40c08e976ca1c8062ed60d233d71457526e33d5cbbd9719a93fa4434903c4c12c5da33c8710c39abdf6ca651f846", 0x1000}, {&(0x7f0000002e00)="c714d93f06825f9a7cc4ef082a2afc2fc78b8648905f70df01b988bc166ec77e5a1656b88b2456d435e379a617a4c9f6c6a44d0e37798840c47cad69273e73051e8cea98b9314bddec21465b", 0x4c}, {&(0x7f0000002e80)="662f0cb20aa173922cd3f2f25b3e1c7ce5f534a3de054bf34ff3b624691e10df08e0f176f0b0fc5c86118658b57a15d7b2c8b4b99a7e456fa63c7e069f75ff94b21c3142062530208d8e0ccee3a27d681985d8d91e28aba3db62015bb1bea748738fb3cf1b504c415c83e03a743b2a09d44507034fb4d1b1456c89b8ce9579f9acdc16ff615a5ef684e9e4f325d9227255fccb185dfe2ea54e40d0ad3a575abeb5ac4e9c79e0a4afe87a793798f33f76d8a4860ab4b724a6eac6006a0505784772c17e3ebfcc02a8e7e3e4288383a06f47a98ee3e2406ecb6399d354e0d304622b", 0xe1}, {&(0x7f0000002f80)="0c83ae818e4c7cbcce63a8350d1f5a9c3ce4dfbbf57c7767d745920aeb569847e71e6f8760f94412e97fa75405d668910e02662cb5cd465f5260bcbb7c9cf2ab15bc3d1630a53b3ab3b5431abca57bfe07977b19438d96eb2fe2de3ead9d29724be69a75ffda0e8eec19e2c445e1fd569644863ec34ccd82f665642ad9c9a781174fb95c8820a458be0401edbd317c5e01630035e9811aaf75e932d40299d754db85858d0479e1ec64aed851b40cba8d9a5d2bd669a2f1b97fb8106bf0244e9a77198835b183958be7d43d4b6e503fa9b2c1aaa9af068412d56ad1d0263d5fc75b9a427536edda41077c6e9ef2d7f05e", 0xf0}, {&(0x7f0000003080)="e3931a52dcc9f5c2e130d541fa84ab479da170bd11c626482b4669168aca7e1e417cd2800cf91a766d1040e8cca8768fbf289cce70aec6b9ded2ff2fd74d6a7d0904", 0x42}, {&(0x7f0000003100)="3c137bd71c915db1216e72452e6e550375c0283b1693f3ab363a13124c141fe151577f3ae160f289368020bcdebf3aff126d55e35c3987c22b7d31786220216929affa48f4519407f80ad6b312", 0x4d}], 0x6, &(0x7f0000003200)=[@iv={0xf8, 0x117, 0x2, 0xe1, "491f0d6d85866243094f3f440d76cee30acdafa86c0ffec0874670dacf2a8ac1e59cb75371d221f42bc98280816163438b6de54ec0b2cb7db8657571d45cfd2129f1c9fd6cc222bc6398b3df47498e1db0da21205bfafe03072d9040f94d0073a6162e40ae7b2d4b87e2bfa5a9d781751b7b08d651b84f9ac7cc780e77b6ec6817defced9ef9b35095de721df76820e4fdd79405906b6e2d06bcf60a190038914e11964b9d83cd1d79862806d476260d2ba0503eeea34f1264ece94e6cd0dd83c280aa7440f19039d5df01c336d67a2353f5e584ff2fe5bba15ec8d1ee45fa8c8c"}, @iv={0x110, 0x117, 0x2, 0xfc, "2f6d153c163856271245a5784039f4806fe09a059271a7330ae8d004ff1f5ce3a20a5e378c80591491897dce5ee512b98242c47974ae8a79f7c3bae9a0af49aeb0048a180314dd5b09b108c86e83c62a9e586d97f406d8106c9a4428896d6a3ce505390a400532f8683ac027faf3984a14bc7c7f45833c0c9d4b4b7cdae2568021bffb33ed884740b5e380d4763fee821c3301ba4f01c3ab0958b0d22927359671afe326036abd328d30c657593b2c9665b881e8021974fd05cca56b524e173eb7511618dd0d4109e084d109b78c715da737c6425366606a0e50e4c5000290af2f92e633a67f3fc6176192beb398c1a4f9eb382ddb469d12895c1ea5"}, @op={0x18, 0x117, 0x3, 0x1}, @iv={0x68, 0x117, 0x2, 0x4d, "263874dfd5ca08bb679dcc4208a5a5fdd564b207c6d5d9fe844a4069cccdd95ea409b85af4701e64a720917c0e04117ca465fbd55c8952b2b8e4f2d8bdefbc55d6c588ce6ccb4f42f5ca00a2d3"}, @op={0x18}, @op={0x18}, @assoc={0x18, 0x117, 0x4, 0x9}, @iv={0xa0, 0x117, 0x2, 0x88, "551c89e6f9152841391c948d1cda017234efdcec1cf6455bb97b1c0a4708601ed077ff85cf84c84a836c2f554a8a8bc38f207f827a5d63176a40a465702e935f553e282d84d181450d6d9b3b400f75f6483d2d9c8b79db928e8a51ef48223998588875e581b6f8bb4793e95645746e7338b6541d466d4d3a56e0f77720e5cd20d9d4834e24130b0a"}, @op={0x18, 0x117, 0x3, 0x1}], 0x388, 0x80}, {0x0, 0x0, &(0x7f00000037c0)=[{&(0x7f00000035c0)="8eb67c04caaa9db086609ead3cce0b4d63947ba9411c7dfec29cdbbdaa54e2", 0x1f}, {&(0x7f0000003600)="d503990a793318e08b72c3765b8cb9db3cfce62a249b7f586f1decc391f206c7c54da22728cb06bdff944b528466bf0c33047506aeca76d8ecd478f6358e59bcb1c5dccf5006fdd241fa6d3a7f4ce9622214f047251a287a69f0211c58a048332a0a2094ac79bea47d9326696c750ad6e5374a7af059c1e26094f073345afec00d3d55cf0593383bc71a39829757b96dc9730913e9365832b7c3d51d345ce2eedf519624a8ab4b5afb81476ea2be7143cd4fb24be3e16d4d55d407ba69bdc29507930fc4399cf5903233e941a58dad031dd7b46eb70e68ea54da8fd24fe8bf1562f262ef27769e4b924ca43018be511be7425b23e6c946eb18", 0xf9}, {&(0x7f0000003700)="e7804b69612014946a953c7aedf1d6886124385e7da70c5196ea90bf1752b517dcbcf6c82b21c1e62cb54baeea56509343d0b81e29580c56bfe96fffa838c2", 0x3f}, {&(0x7f0000003740)="79486951a9dec3b93ac4553afbb16a146323c56d2c799b930ea3783ecfd1ed8613", 0x21}, {&(0x7f0000003780)="983b888fe6f654c8952ad4b395b8528eb241252987c2b5fa388b6542d2942898f0", 0x21}], 0x5, &(0x7f0000003840)=[@op={0x18, 0x117, 0x3, 0x1}, @iv={0xe0, 0x117, 0x2, 0xc6, "c90f50331fd0a8661d6ceb613045e63428e5cf5e2fbbf4bfae4e41a9ce325c9e1c0a74deb2ffa91e804ad86d6465e71a2bbfe95af95343ff3ec5545ad63f3207450236e85a4ec45f84b0b1b6639f09a51843c13d259c4a6ebd287c0713a4d12dcc83fd2da3ff9c6de789c0e830a9f351e0a63832a4461f619f738d0517f5df3b93fc4a775a09d8087530420f1cf5ae5e8f3e751f2c37640a69949ba0da2ae8c63858f12102ef0697b32c170451b2d1873522f302a90645490dade506ce73fcb6f4f1ab6e26dc"}, @op={0x18}, @op={0x18, 0x117, 0x3, 0x1}, @iv={0x78, 0x117, 0x2, 0x5f, "77a6acb47399153bb42a5ea76250bb224bbcd707e75613418b261ddb7a5b06f4b5da0c2ce68657004cbcf2244e05989d9e9ef9e3a0048518aba14555bf788fec1f8325ce7aa717d926e07c2f49573cd5178449e36e299f6f5d026f7b90c826"}], 0x1a0, 0x20008005}, {0x0, 0x0, &(0x7f0000003cc0)=[{&(0x7f0000003a00)="006209644a5314265fd2b6c88e303df215835806eeed87ff269eea344dba58766e8b4dd4265cf57d2580fd9a3c7086bf0d1e1a21d64e4bf76869d12f8bef1b371e3058841586b36db6737b486ed4b87542260c0eb0f7fe693aa81a84b4aaa3b17b67f3e3d73a9f4e5e44236defc3e9fe282abbe148788e522affd1471c0f04ec6e777e17e9724c30622d4325ed4ebf651715063fd8bb190143085888ef021a478be033b00e903d738bebcb5291e6556f8d717d08787222b6d2ad64d4cef6", 0xbe}, {&(0x7f0000003ac0)="b3124b74c47c2b8fbf1927e5de6c6cb757427c615834a7f63e80c916b6a97984e6bc65bb163471f2e5e6aa146790ee8478d410a01330d9c3f1349a32b50434e257d96d2eb5b28003954cfca71cab04e6985238d1136ac5c5153e6cc491f7070265b677d69654a46b12ff1a7934ee805c3eea7c901a1ba3cb672acbcc980ea2c981fccc21806dcb4141d63594720a46f7078a52d75986f1320bcd5187a1dcfd77790f66", 0xa3}, {&(0x7f0000003b80)="8219eb5f7d23be4fbbf53da4188022a95c76db4c3712c0f1b68225585ee1e5e576dbeae801f11060e493a7aa235d08d4eba4f0335a1bcd895262618c6149b1c48e328617747e9e60a986000060e7729ba708268ca67d79", 0x57}, {&(0x7f0000003c00)}, {&(0x7f0000003c40)="f87f0ad5e2e9b1b6879f7d0b1c96b6bc51ba0e8ad875c5e79be194605e63c56959e8ae4a29f7cd5faaffc4e2a0e35d62126f89ce862d9a1109bbc9e0aaa6c491e7a7fa86ed047c5ab70e2f5f3ad70cb47a5a9c39d704e209eecb6ab09d8436f131b4b36e4addc1dfb21a507097ef84399da410fcbb4439e097a87e45bd3155", 0x7f}], 0x5, 0x0, 0x0, 0x80}, {0x0, 0x0, &(0x7f0000003ec0)=[{&(0x7f0000003d40)="3a4828d7c9f58a88f8dfce08dfb283b00e04300aa9006cd4a5ec7fe6c4e8d45c82c593f181cf7ffd54e4737e21", 0x2d}, {&(0x7f0000003d80)="377b35bd464312ca74759fcfdd737588a8987fffd49c472ead2cdc4edfac1973f10c477e14ec2bbfaa11758b5f2038a22ed342cc796e703c59471afe374c0acc1e2150dc1179e4d79b86c1f9eb2c937b696678d5b98261daf787d134d4b431cdc58b8ceb839bae9f2f9eea70b81b9ab2365a47ab7565a29e2572e9f153817fbc61c4474fc3d4936cf350e315b952802bf85e2a575127af3d030a5dcd3452d84b508d08d3134d228178f6862bf8", 0xad}, {&(0x7f0000003e40)}, {&(0x7f0000003e80)="2208e0019849665caaadcba7d7955b94d45653543f50d21602e1a2ef4d47279702be9242f682f64d4c3676d4f8e23f7c0b2ea262b93dab5f", 0x38}], 0x4, 0x0, 0x0, 0x40000}, {0x0, 0x0, &(0x7f0000003f40)=[{&(0x7f0000003f00)="a3fc393de710b145fb035598ee79cd965637475693a888", 0x17}], 0x1, &(0x7f0000003f80)=[@iv={0xf8, 0x117, 0x2, 0xe2, "26fc91fb31bfa2e590186a36083f4221b63b4980d16969ae1af71e90b6e1aee6fb533e869f3e03183002a8972d71c0430ad1ba4588d5cdb0b0ca34ea96ca2d8a6ddc4619b59264f944e338d43863a53c5b1dfafa11e042c0ddfdac1fbcb623dd256f1f922dbf0ba8038a8f60eb76b580c0ada90d01c7eb4fe9011b786af6fe5bc26ecd50c3347bdf8ef7eb3b46f8fda4a5edf1d7e3a6a8bc0ddf40b7e5085febcd99256aca09733c86815fa1bed8c6a87bbb9685cd495a80f7b085a17a2a51d75a3d34b7b4b667afdaa09c307cb4f908100742a983232a9e7d7d3b50b3d08c06129f"}, @op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x4}], 0x128, 0x40000}], 0x9, 0x20000001) [ 223.375609] x86/PAT: syz-executor.4:11386 freeing invalid memtype [mem 0x00011000-0x00011fff] [ 223.378064] FAULT_INJECTION: forcing a failure. [ 223.378064] name failslab, interval 1, probability 0, space 0, times 0 [ 223.389897] x86/PAT: syz-executor.4:11387 freeing invalid memtype [mem 0x00000000-0x00010fff] 07:37:23 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x408002, 0x10008) lsetxattr$security_smack_entry(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000080)='security.SMACK64IPIN\x00', &(0x7f0000000140)='vmnet1&\x00', 0x8, 0x3) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="08000000000000000e0f3b5223f7003c0ca9680eaed8190c395a836ba6402556"], &(0x7f00000001c0), 0x1400) [ 223.469494] CPU: 1 PID: 11383 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 223.476624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 223.476630] Call Trace: [ 223.476646] dump_stack+0x138/0x19c [ 223.476665] should_fail.cold+0x10f/0x159 [ 223.476684] should_failslab+0xdb/0x130 [ 223.500330] kmem_cache_alloc+0x2d7/0x780 [ 223.504478] ? anon_vma_clone+0x310/0x470 [ 223.508630] anon_vma_fork+0x1ce/0x4d0 [ 223.512524] copy_process.part.0+0x45e2/0x6a00 07:37:23 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) [ 223.517140] ? __cleanup_sighand+0x50/0x50 [ 223.521376] ? lock_downgrade+0x6e0/0x6e0 [ 223.525531] _do_fork+0x19e/0xce0 [ 223.528986] ? fork_idle+0x280/0x280 [ 223.532706] ? fput+0xd4/0x150 [ 223.535901] ? SyS_write+0x15e/0x230 [ 223.539622] SyS_clone+0x37/0x50 [ 223.542988] ? sys_vfork+0x30/0x30 [ 223.546523] do_syscall_64+0x1e8/0x640 [ 223.550664] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 223.555512] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 223.555523] RIP: 0033:0x459879 07:37:23 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000001640)={0x90, 0x0, "0a80e2d097d0e5d00ddb0cff76c41df5e47f3d124fc79822aaa3f8069c69936b5608029aeac54b1b68dc86502b506e90e5541521e6ee92f8fa499652576699b3666814eb84c26f119a94b09a81af8d9ddef307f86840fcb49ca04d3d4f604fc043a39429cff705f5843f45ab409f8b6943fda80544d6e3ff03e7778817cb45771259eb936b70c2b1"}, &(0x7f00000001c0), 0x1400) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000001380)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000001400)={{{@in6=@local, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in=@broadcast}}, &(0x7f0000001500)=0xe8) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r1, 0x84, 0x4, &(0x7f0000000140)=0x9, 0x4) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000040)='./file0\x00', 0x6, 0x3, &(0x7f0000001300)=[{&(0x7f0000000200)="cdebdae4c5868542b1d323fd4aed35e74d624a8e814272762041100261564b71fd979b61996684b64153b8184cf1cd4b913196fadc129e8d63fa03058bd6db60ee8d18139305c8af2d5a3bcef84162527e379d91e4be2107e3da4d32b88e0906145fcc4efb7b8f", 0x67, 0x7}, {&(0x7f0000000280)="a724361214989581876ebb353151548cca8c7b80a3fb55ed2f3931c18d12ac1bbb5481d0294f45378db36439a8f3d9f7cfb321df163202d33c923b7539547b1b4e2c50b28a161901ce12", 0x4a, 0x5}, {&(0x7f0000000300)="43706ad8a940fa1ab2f506ba058b56dd3cefaa5f7ca3de53a68937a8e73a25553dcc25fedd92f82a3f0cbfbcd588aa9323c595a969086220da5f92c92afe7df0516c2289253c6592259ee142cceadc9c769f947f7f0874a7e372546f68030cfe4b1ac67d3211c814fad20d817c9bf22238acf63ed6f64a33eca1568a35f1bf3de82d4a69969c7df3c30e2307afb0eeb708a057e29ef92b87986f5e43da58a96bcca7ff373b93ecd4c36336a58bd03a4c57dd9ca8b56100304ce58c629e85c1f7522988d0698ed9f9b3a770ab80dee3b2c4276e4a358a2459ab3755703d0d6387c3503eec8b595d1a5200fd7385387ba25ad02c93f9881ed9f7fcc57077851cf465d674e5893c5faa527eab593f276b81bec7c2ea695de3af754690ec0341232d26888956f3b6a70653723a83e4b9470640e6b24ce6321640fd8b057efd0e3fe345cad6728099a50a817fb5a1d86550a1e751882e338e4b132a3eab1b9c4f5582dc9cf686209436aa65f3b01b316cecabf5eb7b8af597483d8862b7651b0416f8c2e776563105084d328efd2c5b255db07899e7190ac6205c0e63c1c2ea3e615684f47b3ba8257e6e396c925b8ec78e91b92ef18eb97e0562f405743807e11cac4aee79fe411be6b7719f9da4af8f520c8983bf82ac7b2c665cadab753657b944a1513f81de3a53d387067324687e6fb505faeecfd04a7a64fd2d4d2f2b144181b7b99d7a8e75181695bbfbe38fc12d412a78eb0d7a0bc3ce6688b0fcadcbf2f7fc3e6bbe40578c1de137d3a3981ffc78aff7b1d99c2a435b6a8c1a2e5cdb89fa281ffde44eb96fa87b72c559fa195d6c34f855ed8b8167b7ef03839e5c76019412522a326f2ea9fd0831f9b0a7f22c927187fc722affe8dc349d9c975656c12a771bea581dedc2874a471f8ceec59839be5790df5e9325e3acc557272bd915af1c9a230c566f5845fbf0a58dacc6dbd8f61873fa431ccd62e18ddbfb5f9ac6d9ac7fab249f819200350286f0d3f9045559402d4ff58c4fd259c82ad2966ecc3b3ad3ec561f296ef07480b55b26250fc2e5f834de7b09c2eb43e5494d7d12ea3b5c05312962bd1f3ec833d3d8006660995e546253dc8fa664fb221d996850b97f6ab248549c53047676d73431db917eb71e6b88a04864b0385536a711b0fba6c0c8ede33d32f944965b6700a066d77ee4cb54b2f76d6c9267a541e33cde170dc342a8ddde29eb2cba369a5cc2c6c7f8bf5bd53d948f52dd1e43991efcf1cb20531bfbdeef28d1063b4f6e2080519d5d02112a67d08b342ebf124fc61c9b2da8dd0495ca1078049ea7626266308c7c7bfd01a5c9569aa1828384a60b42dc0249b774ec9f948f7ac6335591a90d684b45bcc4270aa1bce7bf1b63ec67a2f4eaf2c73ccf975f54fdd9816156f585f7f41f44d521edf71c3f867c5336429f99877c93b66034dd04fa78fb57d540d8150ba4a36a4d93eaa8682013443c6bdaba1c12ab88d752a46fc247180498c7cd29bb5d42032a35f4cfc9b96123214c6b8895d61f095eec66db9b37383ec85b108f1fb0abbab6bcb487ad5e42c4a8962bb5a858359d69ce416c85832822a12472fe0b58383b2db658e9ecb99243e696098eb8bff4fdc7937deb1c70be55173cb61bee43cf4accd57a1a6c2c70c86a9d7c5cdb9785210e0eb58afbddaa31d8a8c035f899dcd55a825592e0bc8daae501c2a78e118d4f2bd73884449f8bb47d57b3350994bb3f705ec9947756fad0f228ff642975bdd7af80288e7e6e0a63827956678d24b01ecdaef6f37ae18646b97e205f0da33cdff82e43677485816cf9c3ef66746072ac2a5b78f9d25c598833d1a072dbe450221672336c3a695516ca2c3fd4bf726bebb6274830be95a0e02e6b5d3cf5f69716f080541d3eb92ee1d87c73909757bb173e3c68709d877a1d8816d8227a5b0cb1ebe01f72a6eb2775978196921542b78900bcabd112ea7e4b403a8dc2b78bc2ea838153aced6230697717729b0c6fdd5f8667dce19c54c5f5fd28edb1c2ae0cbc2d0a07745f0388d8c80a0453dbbf63d9d4057c221c6283eb151487d743bbdc85b339ab41be9bf22706a8c78a9f4d6d638dbf668b6262e325d27a487e555cb0b61d60879b9ab3a669f072799cc12c86e73e7f0c5cbd3e815a299f1584106b2845e9de27fa912243e9ace90b9cda0ba4e1a84fc9e5eaf70928783ba0f1b02cd55f4cbfeaf2c005b2ea324039ecb798a9782cb72e1a2c56cc427e6c2129c686af3a83157c450a3ff6f7d5b463525c3accb803e89d94a3bb0d65247816fb0d2b0d1b4c1b4162e899de505d602ce3c61dc65a45d6898892ba2f64e1723bb3a4c1cb8edca42b6d182bee17120d634820fa8eed2078511c664f8651b6e3a007712c793b4ced427818d4938e500db80c626e68c379e292b4d3a1c7306ff4bfadac105dcca8167101a64584240f871293307bf7093c0c2297fb50dfd8be10377f49944b34f60aab83fb20b8fa62899636c125a77d8b987af4c80b7b10076dcf5434474d94f5f409073967705902ead40d1eed4183c73f7008b61fcc29ea6f9099ae685ad0b9e0d40d8476ac877f2b71aa866b6b45be16536249bbd6a41331a46361746f58f95446ac8936b94ebbd4d4af4d76a57de97909f6279185b075f61370f5981ac4e7474f11192528062913df8b5b80d83876c41513bf42221221fed208c8163fdccc7842c3f1e7d1fa902146fb2610ad81b624d5e903b90b1d83704a593fb7107f6e75968fd694305fcd2973385e2c43b778b55de0ff93f11ca4283032686f1f54a4995438a0fa175fb20586d5ef639a5d8853e784ec2491c45e9d4aca1ef3667b8b8fb810fa2bba57f030ac44ef27f4d19bd3ec48d7c015b6234f3b58e5cee1d587930cdaf850e4431a0bc1aa139820219a7117266abc52856e8ac218c9fa73f5bc73802ea3a946d3d2b1fa30e71bcbe890206b366f679b7f02c8a9c607362289a646b2ee15ef25c7178cce668fe85baed705b103ea0a90e2edd058e41a76bc8e5b11739a186b7a32998193ee7b9a7ac214b02c3909234ea142c9048fb730df25f761b6d519712d54535aea8aa0728e6c94fb936e19bd2a4f67b24b0d81d54b3097326adf29f9b0e1d1e6c2a6940b7013670b093a4be3fa54d8e42481636c4890d2b9174679dee34f7dd10cf64f2fc9652a2d21e6f3d05ef9d1edb92b96baf27602b4c000afdb3ca3d2c2e56ac4ade086f3dcac1e5f807d713a91381d70696241bede4b041d6b4f65c3db5c9dc64d915bb71948df7bbf805338dab96dbb7064c8370b73bd6ceee1620c801df293c104af01df0a7b7f838205e40a3143c4324fc2f23ba367562862fd0898fe6bebaeb3ae21203b7afa91ff2c34e7e103addc7d51a3e10deb6a5a6493cdc2de77d25cf984cdcc192ab9e59464a22a1a4156d66a34a3e8bdb0afb6aacecdb3738bfb23769e3b4bc3ff91ef164085f7bd4cfe10ca87c1daa81ca5d30ce5233b619883265234a9a0299170afaa26d8e557b83faed0575ab71d225f73e92368b76f80013ca4bf54e7cdd6899bf1054d50d9d40d8f0b96de6cf012cec4cbef1a18e8df3b433ca89bd79ec3b9bbf8c0131d1c2422d42c4efb896c82b390df4a9aaec9974ab420daf61cbe4b980e87f48ef30ec40ce6a235f40c52e9da931f3259beb0a8d156ceed1c1f9060e2fdb340ff564b3be5fa3c903fb9ef05a73ada7235904e216bb804ea95de847b276bde854c44f1e439cd843b412efa33caded41a38f592f59bcefe17c3bb0777a8bde0d21d8fdaa8714551b6f74dfbbdd400b967169c5a025c22befa540f1e2c184b35ad9677797ac21dad1ce4ee3ad9eeb7b62ecd545e4c345abfa28d72de932735b5fab67c207c0f40b4ae461d3b42fcebe143a86bd4d352b971e40787f02645ae142bec6c4727b0e1619c200abde648b6f0445f37da79479cfc9f9171db0ad0f81332a265256ab58673d3db05b7c7bd6a9dcaa6d6c3b03093e8935a05c4b765ade5b82ebf2f2d039344f3940d63382a7b5e05c59aea5df4d64ccc6216f246b9398cf12012e94763c3ccd0a1dd1f403b1fa08602e5c10fe8c681306cebd74f8524ab14036eaebf8acdf9c3c9e1e3a1e677d1a261a8e1b831cb283b54890d76f34b310df4f1634d66ff97362337797366891fec533a826e6976f5529502c97b4056059d7147e01f34abe4b136f87675557a483e4595e2652975cbce3d1f68346aede4ea16ae570c29b2ab62839b5e49ee8cc983bd94f3f3d909c4827a5f48f5279150836ec2ad2ba9bded14ccc537a0ddf07de1de60f8424b277f9de7e40a4fd65ff6753b1d83d98a1124bd7a398e80dddcde376e03fea99008bb1d7404962876679175b0fe8e025f00eb434a7727242b4ed04d6f9e3f3069a85298da62e4ecd41b80ac559e6ff7edff6c2a395328c10b8529a70909f2258a9f6c67a83fa1d9fc33dfb4a31f0ae3e415157dbad96d8ae0656f46c2cd05f873aaa8efdf882c7cb06e6b5f956f6dee9fd4001d47a772e809127e8acba59a34a434ecb355b4975c701ac91f439e766869a506340c850771b51bc93b2ec0684bd739967a90ba739ee033ff958237791c33adb10dfc385332133f081ce0a8a3f3da27ca6f1e8a130606ce5fe612973d65382abfbcd0751d1cf5e1f96620c9c5094d68b74224ebf24fec129d135858dbba60f844648b21bdf9068c8dc3ca9a69b83349b4b23058ccb6b693d794b38f800de945b6013aaf47931358ab39e184d1e0bcd0e4f3ca3b9d6dd23f7abdbab7c5f012cb4473a398482da2c45fe0e42f18b694e99ffe9c155ef9ba1fb7cb0c2f74a7acfe73486d60065f4399fe868a66cf3a77cca96f827e91d238c51d9e06f1fa088cb89d3cfd42c056f70e7330fa80cd61c4eba162333aed2c2296039e9db5ecfdf870058e9075f4d27b11a0cc0404ae5f2eead5731fe3d48c95612fcda9dc7ff218d1fc5f5b745b5a15b2d5613e64efabe75ce906960aae467e454cfc0e43f609f2715eeea697fe798f26bab3219406a6db2d7d54be99f15e73fb7e6bad00e8f9b5321aee3a9b6047ca3451e3a93bbe042f2cc78184f45627e7ea77a37121a6936bdfac374d8ea2ba437f169429a7825917aec8316183a46f2463dc19fc8faf7a9daae5b1b801dc7a5e4f21591eb2f9101892692c58aee71e8c983a9bfd6809a2c8b8a71a382a953bd6995626cf0bd804af671ce74c03887dc6d40fae8418692f3a620ff3e6aaa2bc2108128d3c462263b1de50789fe22e957178bbc9cf6a78ba613115dbb65cfcf8b14b3d0da88fdb779d65d8adcd314ef0065bc543ec0ee8927444678f4c8d6eb4f204a7f29aaed5f39dc1c0dce787f00cc980116bd0ac528f7fe77931ad09f3b858fcd018a1a9789a3edf24b3a23df36e935946fe5197fd6f4ce26289d9c50ba6793c36ac2b164bbf324cadaaa9ad39417acacad31b2357f1b2e139c3b9d7276967ef07574c151480ba354ecac26095a888a266292c670cba84d66a98a77f9f9a501dcafce2c199fde355ec0a9caa51c88dfc6379b1f96c5a095cf6f54d15a7edab1a5c043567213cec7c6ad87305e14ccfad2e0ab55018c24a6669579694969cd5720df13355f925ff1f55d92f841874fb9cc6cc440136352ff652f411e70fd159d0599ff9e7210ca4012fb1f01455b7176916493c1c36877610ad450dd491918a05e14faabc49605f1db3ea0ddd60a67a10a2ade494b761ab3bfdbe1ea8dee81a3db10cec9d0e177a214aad6b9a36154e5c9b6dcd8ea6710b436d", 0x1000, 0x6}], 0x10, &(0x7f0000001540)={[{@autodefrag='autodefrag'}, {@noflushoncommit='noflushoncommit'}, {@datasum='datasum'}, {@ssd='ssd'}, {@fragment_metadata='fragment=metadata'}, {@clear_cache='clear_cache'}, {@compress='compress'}, {@clear_cache='clear_cache'}], [{@uid_lt={'uid<', r2}}, {@obj_role={'obj_role', 0x3d, '}wlan1cpuset]'}}, {@obj_role={'obj_role', 0x3d, '%/-self(selinuxnodev!)D'}}, {@appraise='appraise'}, {@appraise='appraise'}, {@euid_eq={'euid', 0x3d, r3}}, {@seclabel='seclabel'}, {@dont_hash='dont_hash'}, {@subj_type={'subj_type', 0x3d, 'nodev'}}]}) [ 223.563889] RSP: 002b:00007fcec12ddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 223.571682] RAX: ffffffffffffffda RBX: 00007fcec12ddc90 RCX: 0000000000459879 [ 223.571689] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 223.571694] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 223.571699] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12de6d4 [ 223.571704] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 223.623093] x86/PAT: syz-executor.2:11383 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 223.639331] x86/PAT: syz-executor.4:11406 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 223.654289] x86/PAT: syz-executor.2:11383 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:23 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:23 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000006c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8fff7ff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b7050000000000006a0a00fe000000008500000012000000b70000000000000095000000000000004e62"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0xe, 0x0, &(0x7f0000000080)="52d3814e7fffff3bad6c48eff04c", 0x0, 0x37a}, 0x28) 07:37:23 executing program 2 (fault-call:8 fault-nth:56): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 223.674483] x86/PAT: syz-executor.4:11413 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 223.702180] x86/PAT: syz-executor.4:11413 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 223.714731] x86/PAT: syz-executor.4:11406 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:23 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x0, &(0x7f0000ffb000/0x1000)=nil) [ 223.727923] x86/PAT: syz-executor.4:11406 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 223.765347] x86/PAT: syz-executor.4:11406 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:23 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)=ANY=[@ANYBLOB="2b00000000e70008"], &(0x7f00000001c0), 0x1400) 07:37:23 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r0, 0x40045542, &(0x7f0000000080)=0x8b1) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) getsockopt$inet_dccp_buf(r0, 0x21, 0x80, &(0x7f0000000100)=""/185, &(0x7f00000001c0)=0xb9) [ 223.827142] x86/PAT: syz-executor.2:11427 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:23 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fuse\x00', 0x2, 0x0) r0 = timerfd_create(0x7, 0x80000) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(0xffffffffffffffff, 0xc0a85320, &(0x7f0000000180)={{0x80}, 'port0\x00'}) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='attr/sockcreate\x00') ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r1, 0x40a85321, 0x0) timerfd_settime(r0, 0x0, &(0x7f0000000000)={{}, {0x0, 0x5}}, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0) r3 = socket$inet(0x10, 0x3, 0x0) sendmsg(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a63540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aab05741d1434c9680337f900"/76, 0x4c}], 0x1}, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x8060, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r3, &(0x7f0000001380), 0x4000056, 0x3a, &(0x7f0000000200)={0x77359400}) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x10042, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000000300)=0x13, 0xfffffffffffffed4) clock_gettime(0x1, &(0x7f0000005200)) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = fcntl$dupfd(r2, 0x406, 0xffffffffffffffff) ioctl$KVM_S390_INTERRUPT_CPU(r4, 0x4010ae94, &(0x7f0000000100)={0xff, 0x4, 0xfff}) r5 = creat(&(0x7f0000002840)='./file0\x00', 0x0) write$P9_RREADDIR(r5, &(0x7f0000000440)=ANY=[@ANYBLOB="8700000029020000000000240300000036990fd93ff7aaf4654d5b020000000000000001000000010000000507002e2f66696c6530010100000008000000000000000100000000000000ff07002e5266696c6530040000000008000000000000001c060000000000000868ff65308003000000020000000000000038400000000000ecf256b2155896922680ba26f1d9466efd2b3b9e2d3850fb3450ff16283affb1a75c4ae4a27bbc13f3571c6e984e9cb68004ecca23a43cadd27dbfd5100d6c20dcc881c801a6640fb612375855957e19dd944d8dec0000000000"], 0x87) [ 223.872666] FAULT_INJECTION: forcing a failure. [ 223.872666] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 223.892005] CPU: 1 PID: 11427 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 223.899150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 223.908503] Call Trace: [ 223.911081] dump_stack+0x138/0x19c [ 223.914695] should_fail.cold+0x10f/0x159 [ 223.918827] ? __might_sleep+0x93/0xb0 [ 223.922699] __alloc_pages_nodemask+0x1d6/0x7a0 [ 223.927352] ? save_stack+0xa9/0xd0 [ 223.930964] ? __alloc_pages_slowpath+0x2930/0x2930 [ 223.935959] ? anon_vma_fork+0x1ce/0x4d0 [ 223.940001] ? copy_process.part.0+0x45e2/0x6a00 [ 223.944747] ? _do_fork+0x19e/0xce0 [ 223.948360] ? __lock_acquire+0x5f7/0x4620 [ 223.952581] alloc_pages_current+0xec/0x1e0 [ 223.956889] pte_alloc_one+0x1a/0x100 [ 223.960673] copy_huge_pmd+0x7d/0x8c0 [ 223.964454] ? add_mm_counter_fast.part.0+0x30/0x30 [ 223.969453] ? debug_smp_processor_id+0x1c/0x20 [ 223.974105] copy_page_range+0x69a/0x1bd0 [ 223.978232] ? SOFTIRQ_verbose+0x10/0x10 [ 223.982276] ? anon_vma_fork+0x358/0x4d0 [ 223.986318] ? find_held_lock+0x35/0x130 [ 223.990364] ? vma_compute_subtree_gap+0x190/0x1f0 [ 223.995281] ? __rb_insert_augmented+0x22f/0xdf0 [ 224.000039] ? __pmd_alloc+0x410/0x410 [ 224.003910] ? __vma_link_rb+0x247/0x340 [ 224.007956] copy_process.part.0+0x4764/0x6a00 [ 224.012537] ? __cleanup_sighand+0x50/0x50 [ 224.016946] ? lock_downgrade+0x6e0/0x6e0 [ 224.021079] _do_fork+0x19e/0xce0 [ 224.024516] ? fork_idle+0x280/0x280 [ 224.028216] ? fput+0xd4/0x150 [ 224.031390] ? SyS_write+0x15e/0x230 [ 224.035087] SyS_clone+0x37/0x50 [ 224.038433] ? sys_vfork+0x30/0x30 [ 224.041956] do_syscall_64+0x1e8/0x640 [ 224.045845] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 224.050702] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 224.055878] RIP: 0033:0x459879 [ 224.059051] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 224.066741] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 224.073992] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 224.081246] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 224.088495] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 224.095747] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 224.146703] x86/PAT: syz-executor.4:11440 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 224.166872] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.5'. [ 224.186965] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.5'. [ 224.189472] x86/PAT: syz-executor.4:11445 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 224.197493] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.5'. [ 224.206978] x86/PAT: syz-executor.2:11427 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 224.216064] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.5'. [ 224.228469] x86/PAT: syz-executor.2:11427 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 224.232022] x86/PAT: syz-executor.4:11440 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 224.254432] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.5'. [ 224.266462] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.5'. [ 224.276349] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.5'. [ 224.286139] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.5'. [ 224.295188] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.5'. [ 224.326001] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.5'. 07:37:24 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008106e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) 07:37:24 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)=ANY=[@ANYBLOB="080000000b000018"], &(0x7f00000001c0), 0x1400) 07:37:24 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x0, &(0x7f0000ffb000/0x1000)=nil) 07:37:24 executing program 2 (fault-call:8 fault-nth:57): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:24 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$VIDIOC_G_AUDIO(r0, 0x80345621, &(0x7f0000000080)) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) ioctl$VIDIOC_ENUMINPUT(r0, 0xc050561a, &(0x7f00000002c0)={0x141a, "51265449ce6596f20349c9eb8ce2c37a05dbc200abefa866bbbb923ae715a283", 0x1, 0x2, 0x1, 0x8000, 0x10000, 0x8}) sendto$llc(r0, &(0x7f0000000100)="74e4ef9816c7906b89f486d7fb528ac58529b1232eeb380a4401a9c02b23892c8006d99813c0ac4ac00c3ebc5af19642408e6e9c2bdc58392fa73025a4840cbeec691c1e8fe9af988ea489c28c26177d3e213369e738688237141fab9e7f47349acf01a087e317cfc162641c7aa67338be9e2f8d42b4f4e9b2ceeb77b91cc0186a381126f73a7b3b700e21f02731fc286b6ecd69e9040721378c161eaa01084b20a9b792ef5aefb0a7ac583268596a59c02734fc4ab18e28ff20190ee6b30404bccfd39a05dd2602471cf72d5973869e7236d04e462dc8ca947962471340b8da1ac2b711a686e6131747dcda632a4b0547227b", 0xf3, 0x0, &(0x7f0000000200)={0x1a, 0x4, 0x7, 0x7, 0x9, 0x100000001, @random="5cf5a1dd12ca"}, 0x10) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:24 executing program 5: clone(0x41be, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000000c0)) ptrace(0x10, r0) ptrace(0x4208, r0) 07:37:24 executing program 0: r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000015c0)={'vcan0\x00', 0x0}) connect(r0, &(0x7f0000000000)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80) sendmsg$can_bcm(r0, &(0x7f0000000280)={&(0x7f0000000080)={0x1d, r1}, 0x38e, &(0x7f0000000100)={&(0x7f0000000200)={0x1, 0x802, 0x0, {}, {0x0, 0x2710}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "0e2d917e34ce9107204a901595207635b6d7f49202b2367823d901dde408f53e5f8597a09210247ee08a6f67494eab17b0009e3194e51a8400bc551d0592b4d2"}}, 0x80}}, 0x0) 07:37:24 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x8}, &(0x7f00000001c0), 0x1400) fanotify_mark(r1, 0x15, 0x1002, r0, &(0x7f0000000000)='./file0\x00') openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x0, 0x0) [ 224.435759] x86/PAT: syz-executor.2:11460 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 224.465707] x86/PAT: syz-executor.4:11464 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:24 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x0, &(0x7f0000ffb000/0x1000)=nil) 07:37:24 executing program 3: r0 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000680)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f00000006c0)={0x7f, 0x81, 0x4, 0x0, 0x0, [], [], [], 0x1, 0xd457}) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/commit_pending_bools\x00', 0x1, 0x0) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_NAME_TABLE_GET(r2, &(0x7f00000004c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x3210044b}, 0xc, &(0x7f0000000480)={&(0x7f0000000280)={0x1fc, r3, 0x4, 0x70bd2d, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x16c, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x35}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_NAME={0x14, 0x1, @l2={'eth', 0x3a, 'syzkaller1\x00'}}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x19}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @multicast1}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x7, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x7}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x5}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @rand_addr=0x64456a65}}, {0x14, 0x2, @in={0x2, 0x4e24, @broadcast}}}}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xc9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0xffffffff, @rand_addr="9562d070acd013fd36b9260e6299bd41", 0x5}}, {0x14, 0x2, @in={0x2, 0x4e21, @rand_addr=0x9}}}}, @TIPC_NLA_BEARER_NAME={0x18, 0x1, @l2={'ib', 0x3a, 'veth1_to_team\x00'}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffffffffffd}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffffffffffa}]}]}, @TIPC_NLA_SOCK={0x38, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8001}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x10001}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x10000}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xf46b}]}, @TIPC_NLA_MON={0x44, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x10000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xe8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8}]}]}, 0x1fc}, 0x1, 0x0, 0x0, 0x1}, 0x4000) r4 = creat(&(0x7f0000000180)='./file0\x00', 0x0) mknodat(r4, &(0x7f0000000000)='./file0\x00', 0x500, 0xd39f) name_to_handle_at(r1, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)={0x58, 0x0, "abbe8d6fc04ae6b2b64697a1be293f76662f1cad9422cea24cf28823238e6dbdd220d87e7846356dd76c4c58e98f8ee03227ca748be6bc623aeaa31749401eac249620ba75ff679871fc717941ec155e"}, &(0x7f00000001c0), 0x1400) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000580)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_TOL(r4, &(0x7f0000000980)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x402020}, 0xc, &(0x7f00000005c0)={&(0x7f0000000900)={0x68, r5, 0x10, 0x70bd2c, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x100000001, @link='syz0\x00'}}}, ["", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x850) sendmsg$TIPC_NL_MON_PEER_GET(r2, &(0x7f0000000640)={&(0x7f0000000500), 0xc, &(0x7f0000000600)={&(0x7f0000000800)=ANY=[@ANYBLOB="88000000", @ANYRES16=r3, @ANYBLOB="000228bd7000fbdbdf25130000001400090008000100fffeffff08000100008000001c000900080002000300000008000100000200000800010000000000440007000c00040074736f0000000000080001000700000008000100090000000c00030005000000000000000c00030008000000000000000c0004000000000000000000244722f77e5318e7ce30bc804820a64919b6bde3ec50287afb8dba942abc131aaf12007e32910bd4e017024302126bf0713fa190f4b5eb35f95c8134e2a27669a3e0924ad6221295a2d9d2416c0a5763a4"], 0x88}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) 07:37:24 executing program 5: [ 224.484809] ptrace attach of "/root/syz-executor.5"[11458] was attempted by "/root/syz-executor.5"[11465] [ 224.513390] FAULT_INJECTION: forcing a failure. [ 224.513390] name failslab, interval 1, probability 0, space 0, times 0 [ 224.554294] CPU: 1 PID: 11474 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 224.558444] x86/PAT: syz-executor.4:11476 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 224.561420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 224.561425] Call Trace: [ 224.561444] dump_stack+0x138/0x19c [ 224.561464] should_fail.cold+0x10f/0x159 [ 224.561482] should_failslab+0xdb/0x130 [ 224.561498] kmem_cache_alloc+0x2d7/0x780 [ 224.561512] ? __lock_acquire+0x5f7/0x4620 07:37:24 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000180)='./file0\x00', 0x0) ioctl$KDGKBMODE(r1, 0x4b44, &(0x7f0000000000)) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x8}, &(0x7f00000001c0), 0x1400) [ 224.561527] ptlock_alloc+0x20/0x70 [ 224.589905] x86/PAT: syz-executor.4:11476 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 224.589940] pte_alloc_one+0x60/0x100 [ 224.618284] copy_huge_pmd+0x7d/0x8c0 [ 224.622090] ? add_mm_counter_fast.part.0+0x30/0x30 [ 224.627113] ? debug_smp_processor_id+0x1c/0x20 [ 224.631811] copy_page_range+0x69a/0x1bd0 [ 224.635985] ? SOFTIRQ_verbose+0x10/0x10 [ 224.640142] ? anon_vma_fork+0x358/0x4d0 [ 224.644204] ? find_held_lock+0x35/0x130 [ 224.648266] ? vma_compute_subtree_gap+0x190/0x1f0 07:37:24 executing program 5: 07:37:24 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x10004, 0x0) r1 = creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x8}, &(0x7f00000001c0), 0x1400) write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000000)={0x1, 0x4}, 0x2) [ 224.653210] ? __rb_insert_augmented+0x22f/0xdf0 [ 224.657978] ? __pmd_alloc+0x410/0x410 [ 224.661954] ? __vma_link_rb+0x247/0x340 [ 224.666035] copy_process.part.0+0x4764/0x6a00 [ 224.670635] ? __cleanup_sighand+0x50/0x50 [ 224.674873] ? lock_downgrade+0x6e0/0x6e0 [ 224.679033] _do_fork+0x19e/0xce0 [ 224.682491] ? fork_idle+0x280/0x280 [ 224.686211] ? fput+0xd4/0x150 [ 224.689404] ? SyS_write+0x15e/0x230 [ 224.693123] SyS_clone+0x37/0x50 [ 224.696492] ? sys_vfork+0x30/0x30 [ 224.700069] do_syscall_64+0x1e8/0x640 07:37:24 executing program 5: [ 224.703962] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 224.708812] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 224.713999] RIP: 0033:0x459879 [ 224.717203] RSP: 002b:00007fcec12ddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 224.724910] RAX: ffffffffffffffda RBX: 00007fcec12ddc90 RCX: 0000000000459879 [ 224.732178] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 224.739454] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 224.746723] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12de6d4 07:37:24 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x15) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x8}, &(0x7f00000001c0), 0x1400) 07:37:24 executing program 2 (fault-call:8 fault-nth:58): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:24 executing program 5: 07:37:24 executing program 0: r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000015c0)={'vcan0\x00', 0x0}) connect(r0, &(0x7f0000000000)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80) sendmsg$can_bcm(r0, &(0x7f0000000280)={&(0x7f0000000080)={0x1d, r1}, 0x38e, &(0x7f0000000100)={&(0x7f0000000200)={0x1, 0x802, 0x0, {}, {0x0, 0x2710}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "0e2d917e34ce9107204a901595207635b6d7f49202b2367823d901dde408f53e5f8597a09210247ee08a6f67494eab17b0009e3194e51a8400bc551d0592b4d2"}}, 0x80}}, 0x0) 07:37:24 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_tcp(&(0x7f0000000080)='127.0.0.1\x00', &(0x7f0000000100)='./file0\x00', &(0x7f00000002c0)='9p\x00', 0x400, &(0x7f0000000500)={'trans=tcp,', {'port', 0x3d, 0x4e22}, 0x2c, {[{@cache_mmap='cache=mmap'}], [{@audit='audit'}, {@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@seclabel='seclabel'}, {@appraise='appraise'}, {@smackfstransmute={'smackfstransmute', 0x3d, 'mem\x00\x00\x00\x00\x00\x00\a\x13'}}, {@mask={'mask', 0x3d, 'MAY_APPEND'}}, {@euid_eq={'euid', 0x3d, r1}}]}}) ioctl$TIOCSSERIAL(r0, 0x541f, &(0x7f0000000780)={0x6, 0x1, 0x0, 0x8, 0x9, 0x43076c0, 0x8000, 0x1c73af48, 0x4a, 0x1, 0x8d04, 0x12, 0x1, 0x7, &(0x7f00000006c0)=""/160, 0x4, 0x800, 0x1}) setxattr$trusted_overlay_upper(&(0x7f0000000200)='./file0/../file0\x00', &(0x7f0000000240)='trusted.overlay.upper\x00', &(0x7f0000000140)={0x0, 0xfb, 0x95, 0x1, 0x0, "b7547b7e5b97cd00", "23133c9bb65725f1f1f1cfce993533c414bb57cf85616efd1f934e84ecfac43dc6ff37ae7e2aa0e8ae4c5145243f3d11017d34143c01969788eaeeb333507d0d78f85554f9a69bffc9f098b3c4df41d0f9f32e81d4e8a7f31b6cd3a07bcbf46f41ca9c58aed6029a0d1f58e41d0cad6f30e59ff99f0abfa205fb2b59be37f7fe"}, 0x95, 0x3) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:24 executing program 1: 07:37:24 executing program 5: [ 224.753990] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 224.774513] x86/PAT: syz-executor.2:11474 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 224.783373] x86/PAT: syz-executor.2:11474 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:24 executing program 1: 07:37:24 executing program 5: [ 224.869244] 9pnet: p9_fd_create_tcp (11505): problem connecting socket to 127.0.0.1 [ 224.899660] x86/PAT: syz-executor.2:11508 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:24 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000180)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000000)=0x6, 0x4) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x8}, &(0x7f00000001c0), 0x1400) 07:37:24 executing program 1: 07:37:24 executing program 0: r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000015c0)={'vcan0\x00', 0x0}) connect(r0, &(0x7f0000000000)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80) sendmsg$can_bcm(r0, &(0x7f0000000280)={&(0x7f0000000080)={0x1d, r1}, 0x38e, &(0x7f0000000100)={&(0x7f0000000200)={0x1, 0x802, 0x0, {}, {0x0, 0x2710}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "0e2d917e34ce9107204a901595207635b6d7f49202b2367823d901dde408f53e5f8597a09210247ee08a6f67494eab17b0009e3194e51a8400bc551d0592b4d2"}}, 0x80}}, 0x0) [ 224.917005] x86/PAT: syz-executor.4:11512 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 224.932848] FAULT_INJECTION: forcing a failure. [ 224.932848] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 224.988313] x86/PAT: syz-executor.4:11512 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 224.993548] CPU: 0 PID: 11508 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 225.004124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 225.013482] Call Trace: [ 225.016075] dump_stack+0x138/0x19c [ 225.019714] should_fail.cold+0x10f/0x159 [ 225.023521] x86/PAT: syz-executor.4:11512 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 225.023864] ? __might_sleep+0x93/0xb0 [ 225.036483] __alloc_pages_nodemask+0x1d6/0x7a0 [ 225.041162] ? __alloc_pages_slowpath+0x2930/0x2930 [ 225.041563] 9pnet: p9_fd_create_tcp (11512): problem connecting socket to 127.0.0.1 [ 225.046185] ? lock_downgrade+0x6e0/0x6e0 [ 225.046199] alloc_pages_current+0xec/0x1e0 [ 225.046213] pte_alloc_one+0x1a/0x100 [ 225.066225] __pte_alloc+0x2a/0x2d0 [ 225.069861] copy_page_range+0x11ba/0x1bd0 [ 225.074101] ? SOFTIRQ_verbose+0x10/0x10 [ 225.078162] ? anon_vma_fork+0x358/0x4d0 [ 225.082233] ? vma_compute_subtree_gap+0x190/0x1f0 [ 225.087174] ? __pmd_alloc+0x410/0x410 [ 225.091066] copy_process.part.0+0x4764/0x6a00 [ 225.091098] ? __cleanup_sighand+0x50/0x50 [ 225.099872] ? lock_downgrade+0x6e0/0x6e0 [ 225.104027] _do_fork+0x19e/0xce0 [ 225.107489] ? fork_idle+0x280/0x280 [ 225.111214] ? fput+0xd4/0x150 [ 225.114403] ? SyS_write+0x15e/0x230 [ 225.118101] SyS_clone+0x37/0x50 [ 225.121450] ? sys_vfork+0x30/0x30 [ 225.124995] do_syscall_64+0x1e8/0x640 [ 225.128861] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 225.133687] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 225.138854] RIP: 0033:0x459879 [ 225.142023] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 225.149722] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 225.156971] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 225.164220] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 225.171472] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 225.178718] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 07:37:25 executing program 2 (fault-call:8 fault-nth:59): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:25 executing program 5: 07:37:25 executing program 0: r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000015c0)={'vcan0\x00', 0x0}) connect(r0, &(0x7f0000000000)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80) sendmsg$can_bcm(r0, &(0x7f0000000280)={&(0x7f0000000080)={0x1d, r1}, 0x38e, &(0x7f0000000100)={&(0x7f0000000200)={0x1, 0x802, 0x0, {}, {0x0, 0x2710}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "0e2d917e34ce9107204a901595207635b6d7f49202b2367823d901dde408f53e5f8597a09210247ee08a6f67494eab17b0009e3194e51a8400bc551d0592b4d2"}}, 0x80}}, 0x0) 07:37:25 executing program 1: 07:37:25 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) r1 = getpgrp(0xffffffffffffffff) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r1, 0x6, &(0x7f0000000080)=""/9) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:25 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x8}, &(0x7f00000001c0), 0x1400) ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0106426, &(0x7f0000000040)={0x8, &(0x7f0000000000)=[{}, {0x0}, {}, {}, {}, {}, {}, {}]}) ioctl$DRM_IOCTL_SWITCH_CTX(r1, 0x40086424, &(0x7f0000000080)={r2, 0x3}) [ 225.198630] x86/PAT: syz-executor.2:11508 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 225.207858] x86/PAT: syz-executor.2:11508 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:25 executing program 5: 07:37:25 executing program 1: 07:37:25 executing program 0: r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000015c0)={'vcan0\x00', 0x0}) sendmsg$can_bcm(r0, &(0x7f0000000280)={&(0x7f0000000080)={0x1d, r1}, 0x38e, &(0x7f0000000100)={&(0x7f0000000200)={0x1, 0x802, 0x0, {}, {0x0, 0x2710}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "0e2d917e34ce9107204a901595207635b6d7f49202b2367823d901dde408f53e5f8597a09210247ee08a6f67494eab17b0009e3194e51a8400bc551d0592b4d2"}}, 0x80}}, 0x0) [ 225.255600] x86/PAT: syz-executor.4:11531 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 225.280522] x86/PAT: syz-executor.4:11535 freeing invalid memtype [mem 0x00000000-0x00000fff] 07:37:25 executing program 5: 07:37:25 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x7fff) openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x10083, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x8}, &(0x7f00000001c0), 0x1400) 07:37:25 executing program 1: [ 225.336925] x86/PAT: syz-executor.2:11540 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 225.370494] x86/PAT: syz-executor.4:11535 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 225.410582] FAULT_INJECTION: forcing a failure. [ 225.410582] name failslab, interval 1, probability 0, space 0, times 0 [ 225.458799] CPU: 1 PID: 11548 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 225.465945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 225.475299] Call Trace: [ 225.477894] dump_stack+0x138/0x19c [ 225.481545] should_fail.cold+0x10f/0x159 [ 225.485734] should_failslab+0xdb/0x130 [ 225.489722] kmem_cache_alloc+0x2d7/0x780 [ 225.493878] ? lock_downgrade+0x6e0/0x6e0 [ 225.498043] ptlock_alloc+0x20/0x70 [ 225.501668] pte_alloc_one+0x60/0x100 [ 225.501679] __pte_alloc+0x2a/0x2d0 [ 225.501691] copy_page_range+0x11ba/0x1bd0 [ 225.501701] ? SOFTIRQ_verbose+0x10/0x10 [ 225.501713] ? anon_vma_fork+0x358/0x4d0 [ 225.501732] ? vma_compute_subtree_gap+0x190/0x1f0 [ 225.501752] ? __pmd_alloc+0x410/0x410 [ 225.501770] copy_process.part.0+0x4764/0x6a00 [ 225.501801] ? __cleanup_sighand+0x50/0x50 [ 225.509189] ? lock_downgrade+0x6e0/0x6e0 [ 225.509209] _do_fork+0x19e/0xce0 [ 225.546829] ? fork_idle+0x280/0x280 [ 225.550540] ? fput+0xd4/0x150 [ 225.553728] ? SyS_write+0x15e/0x230 [ 225.557432] SyS_clone+0x37/0x50 [ 225.560779] ? sys_vfork+0x30/0x30 [ 225.564301] do_syscall_64+0x1e8/0x640 [ 225.568166] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 225.573007] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 225.578184] RIP: 0033:0x459879 [ 225.581352] RSP: 002b:00007fcec12ddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 225.589038] RAX: ffffffffffffffda RBX: 00007fcec12ddc90 RCX: 0000000000459879 [ 225.596288] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 07:37:25 executing program 2 (fault-call:8 fault-nth:60): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:25 executing program 5: 07:37:25 executing program 0: r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000015c0)={'vcan0\x00', 0x0}) sendmsg$can_bcm(r0, &(0x7f0000000280)={&(0x7f0000000080)={0x1d, r1}, 0x38e, &(0x7f0000000100)={&(0x7f0000000200)={0x1, 0x802, 0x0, {}, {0x0, 0x2710}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "0e2d917e34ce9107204a901595207635b6d7f49202b2367823d901dde408f53e5f8597a09210247ee08a6f67494eab17b0009e3194e51a8400bc551d0592b4d2"}}, 0x80}}, 0x0) 07:37:25 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x8000, 0x2) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:25 executing program 1: 07:37:25 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000080)={0xffac}, &(0x7f0000000000), 0x1000) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='trusted.overlay.redirect\x00', &(0x7f0000000140)='./file0/file0\x00', 0xe, 0x2) [ 225.603546] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 225.610938] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12de6d4 [ 225.618215] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 225.628258] x86/PAT: syz-executor.2:11548 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 225.637187] x86/PAT: syz-executor.2:11548 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:25 executing program 1: 07:37:25 executing program 0: r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000015c0)={'vcan0\x00', 0x0}) sendmsg$can_bcm(r0, &(0x7f0000000280)={&(0x7f0000000080)={0x1d, r1}, 0x38e, &(0x7f0000000100)={&(0x7f0000000200)={0x1, 0x802, 0x0, {}, {0x0, 0x2710}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "0e2d917e34ce9107204a901595207635b6d7f49202b2367823d901dde408f53e5f8597a09210247ee08a6f67494eab17b0009e3194e51a8400bc551d0592b4d2"}}, 0x80}}, 0x0) 07:37:25 executing program 5: 07:37:25 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x2, 0x0) arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x4) r1 = creat(&(0x7f0000000180)='./file0\x00', 0x10012) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x8}, &(0x7f00000001c0), 0x1400) connect$bt_rfcomm(r1, &(0x7f0000000040)={0x1f, {0x3, 0x3298a65f, 0xb10a, 0x3, 0xfffffffffffffff8, 0x7}, 0xa8c}, 0xa) [ 225.724441] x86/PAT: syz-executor.4:11564 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:25 executing program 1: 07:37:25 executing program 5: [ 225.782366] x86/PAT: syz-executor.2:11572 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 225.812127] x86/PAT: syz-executor.4:11564 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 225.851718] FAULT_INJECTION: forcing a failure. [ 225.851718] name failslab, interval 1, probability 0, space 0, times 0 [ 225.863534] x86/PAT: syz-executor.4:11564 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 225.898338] CPU: 0 PID: 11582 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 225.905530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 225.914889] Call Trace: [ 225.917482] dump_stack+0x138/0x19c [ 225.921126] should_fail.cold+0x10f/0x159 [ 225.925283] should_failslab+0xdb/0x130 [ 225.925300] kmem_cache_alloc+0x2d7/0x780 [ 225.933417] ? __pmd_alloc+0x410/0x410 [ 225.933438] copy_process.part.0+0x444f/0x6a00 [ 225.933473] ? __cleanup_sighand+0x50/0x50 [ 225.946135] ? lock_downgrade+0x6e0/0x6e0 [ 225.950297] _do_fork+0x19e/0xce0 [ 225.953752] ? fork_idle+0x280/0x280 [ 225.957452] ? fput+0xd4/0x150 [ 225.960630] ? SyS_write+0x15e/0x230 [ 225.964326] SyS_clone+0x37/0x50 [ 225.967669] ? sys_vfork+0x30/0x30 [ 225.971189] do_syscall_64+0x1e8/0x640 [ 225.975072] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 225.979898] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 225.985064] RIP: 0033:0x459879 [ 225.988231] RSP: 002b:00007fcec12ddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 225.995918] RAX: ffffffffffffffda RBX: 00007fcec12ddc90 RCX: 0000000000459879 [ 226.003167] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 226.010428] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 226.017678] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12de6d4 [ 226.024943] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 226.035514] x86/PAT: syz-executor.2:11582 freeing invalid memtype [mem 0x00000000-0x00000fff] 07:37:26 executing program 2 (fault-call:8 fault-nth:61): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 07:37:26 executing program 0: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000000)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80) sendmsg$can_bcm(r0, &(0x7f0000000280)={&(0x7f0000000080), 0x38e, &(0x7f0000000100)={&(0x7f0000000200)={0x1, 0x802, 0x0, {}, {0x0, 0x2710}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "0e2d917e34ce9107204a901595207635b6d7f49202b2367823d901dde408f53e5f8597a09210247ee08a6f67494eab17b0009e3194e51a8400bc551d0592b4d2"}}, 0x80}}, 0x0) 07:37:26 executing program 1: 07:37:26 executing program 5: 07:37:26 executing program 4: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) bind$unix(r0, &(0x7f0000000100)=@abs={0xabc9a6a0ba625885, 0x0, 0x4e21}, 0x6e) syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x3, 0x20000) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffb000/0x1000)=nil) 07:37:26 executing program 3: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xbab66d4153e2b75e, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x8}, &(0x7f00000001c0), 0x1400) [ 226.044595] x86/PAT: syz-executor.2:11582 freeing invalid memtype [mem 0x00002000-0x00002fff] 07:37:26 executing program 1: 07:37:26 executing program 5: 07:37:26 executing program 0: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000000)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80) sendmsg$can_bcm(r0, &(0x7f0000000280)={&(0x7f0000000080), 0x38e, &(0x7f0000000100)={&(0x7f0000000200)={0x1, 0x802, 0x0, {}, {0x0, 0x2710}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "0e2d917e34ce9107204a901595207635b6d7f49202b2367823d901dde408f53e5f8597a09210247ee08a6f67494eab17b0009e3194e51a8400bc551d0592b4d2"}}, 0x80}}, 0x0) 07:37:26 executing program 3: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vga_arbiter\x00', 0x4000, 0x0) r1 = getuid() r2 = getegid() mount$fuseblk(&(0x7f0000000000)='/dev/loop0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='fuseblk\x00', 0x8000, &(0x7f0000000240)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@allow_other='allow_other'}, {@default_permissions='default_permissions'}], [{@defcontext={'defcontext', 0x3d, 'sysadm_u'}}, {@subj_type={'subj_type', 0x3d, 'self@wlan0,ppp1'}}]}}) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r3, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x8}, &(0x7f00000001c0), 0x1400) write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000340)={0x2b, 0x6, 0x0, {0x4, 0x3, 0x2, 0x0, '-('}}, 0x2b) [ 226.130373] x86/PAT: syz-executor.4:11595 freeing invalid memtype [mem 0x00001000-0x00001fff] 07:37:26 executing program 1: 07:37:26 executing program 5: [ 226.192966] x86/PAT: syz-executor.2:11600 freeing invalid memtype [mem 0x00001000-0x00001fff] [ 226.214417] x86/PAT: syz-executor.4:11608 freeing invalid memtype [mem 0x00000000-0x00000fff] [ 226.230794] FAULT_INJECTION: forcing a failure. [ 226.230794] name failslab, interval 1, probability 0, space 0, times 0 [ 226.254701] x86/PAT: syz-executor.4:11608 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 226.298767] CPU: 1 PID: 11600 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 226.305906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 226.315260] Call Trace: [ 226.317866] dump_stack+0x138/0x19c [ 226.321507] should_fail.cold+0x10f/0x159 [ 226.325671] should_failslab+0xdb/0x130 [ 226.329656] kmem_cache_alloc_trace+0x2e9/0x790 [ 226.334329] ? pat_pagerange_is_ram+0x90/0xf0 [ 226.338828] ? __init_cache_modes+0x240/0x240 [ 226.343322] reserve_memtype+0x164/0x640 [ 226.347370] ? lock_downgrade+0x6e0/0x6e0 [ 226.351511] ? pat_init+0x420/0x420 [ 226.355118] ? __init_cache_modes+0x240/0x240 [ 226.359606] reserve_pfn_range+0x11c/0x390 [ 226.363831] ? arch_io_reserve_memtype_wc+0x80/0x80 [ 226.368831] ? copy_process.part.0+0x444f/0x6a00 [ 226.373589] ? SyS_clone+0x37/0x50 [ 226.377110] ? do_syscall_64+0x1e8/0x640 [ 226.381153] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 226.386496] track_pfn_copy+0x14a/0x190 [ 226.390457] ? reserve_pfn_range+0x390/0x390 [ 226.394857] ? debug_smp_processor_id+0x1c/0x20 [ 226.399508] ? perf_trace_lock+0x109/0x500 [ 226.403732] ? check_preemption_disabled+0x3c/0x250 [ 226.408748] copy_page_range+0x1255/0x1bd0 [ 226.412967] ? debug_smp_processor_id+0x1c/0x20 [ 226.417639] ? perf_trace_lock+0x109/0x500 [ 226.421854] ? save_trace+0x290/0x290 [ 226.425635] ? SOFTIRQ_verbose+0x10/0x10 [ 226.429676] ? copy_process.part.0+0x41de/0x6a00 [ 226.434414] ? vma_compute_subtree_gap+0x190/0x1f0 [ 226.439325] ? vma_gap_callbacks_rotate+0x62/0x80 [ 226.444151] ? __rb_insert_augmented+0x22f/0xdf0 [ 226.448886] ? __pmd_alloc+0x410/0x410 [ 226.452767] ? __vma_link_rb+0x247/0x340 [ 226.456824] copy_process.part.0+0x4764/0x6a00 [ 226.461403] ? __cleanup_sighand+0x50/0x50 [ 226.465620] ? lock_downgrade+0x6e0/0x6e0 [ 226.469766] _do_fork+0x19e/0xce0 [ 226.473214] ? fork_idle+0x280/0x280 [ 226.476915] ? fput+0xd4/0x150 [ 226.480185] ? SyS_write+0x15e/0x230 [ 226.483881] SyS_clone+0x37/0x50 [ 226.487226] ? sys_vfork+0x30/0x30 [ 226.490757] do_syscall_64+0x1e8/0x640 [ 226.494645] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 226.499480] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 226.504649] RIP: 0033:0x459879 [ 226.507818] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 226.515509] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 226.522756] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 226.530006] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 226.537262] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 226.544511] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 226.553544] ------------[ cut here ]------------ [ 226.558316] WARNING: CPU: 1 PID: 11600 at arch/x86/mm/pat.c:1020 untrack_pfn+0x1dc/0x220 [ 226.558350] kobject: 'loop5' (ffff8880a4b5b4a0): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 226.566532] Kernel panic - not syncing: panic_on_warn set ... [ 226.566532] [ 226.566542] CPU: 1 PID: 11600 Comm: syz-executor.2 Not tainted 4.14.139 #35 [ 226.566547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 226.566551] Call Trace: [ 226.566563] dump_stack+0x138/0x19c [ 226.566577] panic+0x1f2/0x426 [ 226.566588] ? add_taint.cold+0x16/0x16 [ 226.613106] ? untrack_pfn+0x1dc/0x220 [ 226.616986] ? __warn.cold+0x14/0x36 [ 226.620700] ? untrack_pfn+0x1dc/0x220 [ 226.624663] __warn.cold+0x2f/0x36 [ 226.628184] ? ist_end_non_atomic+0x10/0x10 [ 226.632488] ? untrack_pfn+0x1dc/0x220 [ 226.636358] report_bug+0x216/0x254 [ 226.639968] do_error_trap+0x1bb/0x310 [ 226.643851] ? math_error+0x360/0x360 [ 226.647640] ? lock_downgrade+0x6e0/0x6e0 [ 226.651782] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 226.656615] do_invalid_op+0x1b/0x20 [ 226.660323] invalid_op+0x1b/0x40 [ 226.663786] RIP: 0010:untrack_pfn+0x1dc/0x220 [ 226.668277] RSP: 0018:ffff88808ed8f948 EFLAGS: 00010246 [ 226.673627] RAX: 0000000000040000 RBX: ffff888092cb3880 RCX: ffffc90009651000 [ 226.680890] RDX: 0000000000040000 RSI: ffffffff812a656c RDI: 0000000000000001 [ 226.688174] RBP: ffff88808ed8f9d8 R08: ffff8880596d0500 R09: 0000000000000000 [ 226.695512] R10: 0000000000000000 R11: ffff8880596d0500 R12: 1ffff11011db1f2a [ 226.702779] R13: 0000000000000000 R14: 0000000000000000 R15: ffff88808ed8f9b0 [ 226.710057] ? untrack_pfn+0x1dc/0x220 [ 226.713935] ? untrack_pfn+0x1dc/0x220 [ 226.717803] ? track_pfn_insert+0x150/0x150 [ 226.722122] ? vm_normal_page_pmd+0x360/0x360 [ 226.726607] ? uprobe_munmap+0x94/0x210 [ 226.730563] unmap_single_vma+0x182/0x2c0 [ 226.734707] unmap_vmas+0xac/0x170 [ 226.738227] exit_mmap+0x285/0x4e0 [ 226.741752] ? SyS_munmap+0x30/0x30 [ 226.745373] ? kmem_cache_free+0x244/0x2b0 [ 226.749586] ? __khugepaged_exit+0xcf/0x3d0 [ 226.753888] ? lock_downgrade+0x6e0/0x6e0 [ 226.758019] mmput+0x114/0x440 [ 226.761204] copy_process.part.0+0x4743/0x6a00 [ 226.765787] ? __cleanup_sighand+0x50/0x50 [ 226.770004] ? lock_downgrade+0x6e0/0x6e0 [ 226.774139] _do_fork+0x19e/0xce0 [ 226.777581] ? fork_idle+0x280/0x280 [ 226.781292] ? fput+0xd4/0x150 [ 226.784482] ? SyS_write+0x15e/0x230 [ 226.788186] SyS_clone+0x37/0x50 [ 226.791532] ? sys_vfork+0x30/0x30 [ 226.795056] do_syscall_64+0x1e8/0x640 [ 226.798921] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 226.803759] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 226.808938] RIP: 0033:0x459879 [ 226.812106] RSP: 002b:00007fcec12fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 226.819792] RAX: ffffffffffffffda RBX: 00007fcec12fec90 RCX: 0000000000459879 [ 226.827046] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 226.834304] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 226.841564] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcec12ff6d4 [ 226.848836] R13: 00000000004bfd46 R14: 00000000004d1af8 R15: 0000000000000006 [ 226.857645] Kernel Offset: disabled [ 226.861293] Rebooting in 86400 seconds..