{0x0}, {0x0}, {0x0}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:55:04 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:04 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:55:04 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xab, &(0x7f00000001c0)="c4fe910c6786cec96ddb5322addee07bee6333b5cacd891969b71832cb470c94d61f3514dca7712c225da4a455f4c9fd98a568097aa4acd6ecd74d473ff2bdb9693122311ae02ee3d3f8fbe0a10fff4bbaef7cd058ec3a54a90a11c890a73cef2d28533220798a410180000000000000c6fa36cea17bd8d700000000000000003f2623193c8ff31a4502a85559ca5fbc21ae2b0927eced002f21edcfdeff5287fd5ac653e58e6cc655d73d"}}], 0x1c) wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b7ecb6974f527cc14538d1efb1ffe03284f6d33265be9c604b293f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x2) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 03:55:04 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f000001e200)=[{0x0, 0x0, &(0x7f000001b140)=[{&(0x7f000001b080)="b5", 0x1}], 0x1}], 0x1, 0x0) recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000001ec0)=""/102400, 0x19000}], 0x1}, 0x0) 03:55:04 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$l2tp(0x2, 0x2, 0x73) sendmmsg$inet(r2, &(0x7f0000004b00)=[{{&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0}}, {{&(0x7f00000013c0)={0x2, 0x0, @broadcast}, 0x10, 0x0}}], 0x2, 0x0) 03:55:04 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = socket$kcm(0x2b, 0x1, 0x0) ioctl$sock_netdev_private(r3, 0x8927, &(0x7f0000000000)=':') r4 = memfd_create(&(0x7f0000000040)='/dev/auts\x00', 0x0) mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x1000005, 0x11, r4, 0x0) rt_sigaction(0x7, &(0x7f0000b4a000)={0xfffffffffffffffd, 0xd0000000, 0x0}, 0x0, 0x8, &(0x7f0000000000)) syz_open_procfs(0x0, &(0x7f0000000080)='net/ip_vs\x00') prctl$PR_SET_DUMPABLE(0x4, 0x0) syz_open_procfs(0x0, &(0x7f0000000700)='auxv\x00') 03:55:05 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000740)=ANY=[@ANYBLOB="b7000000a5510700bfa30000000000001503000028feffff720af0fff8ffffff71a4f0ff00000000b706000001edff9fbd400200000000000406000001ed000071185401000000002d640000000000006a0a00fe00000000850000002e000000b7000000000000009500000000000000023bc065b7a379d179fc9e94af69912461917adef6ee1c8f2b4f8ef1e50beca090f32050e436fe275daf11efd601b6bf01c8e8b1b5e4b092061d054815ae98743d1ace4c46631256dd19aed4d600c095199fe3ff3128e599b0eaeba9d940a891b2a0cefc6475b779000000000000002aace8cddde4b16f5622e34242dddb737f0d79a654883dc8157eb8005e74cc31aff5998e7ca3b74a730877cc504aab7960586cd67087dc588b260c6f31f1733119d6171d5ba749a6fffafee5215b86f10557438928f8a8509df6c1e79df365b8efec2bc69edd1f1d597a78fd6bdca5528cb4a15e8e3a85b49d4b44319c69a7cb1d904045e59ce66b369d0000001e09105812ab7fb5aa360000000000000000000000000000ace3ef8c8724ec7366e993729743e1c5815d041481fc5a1e4ea821593d101057a3df91903045be6a0aabcbb7759c7c540490f58ee530901b66301264446d306e816b8c9bf4aec97afc25b6cf36f96b57f557b2c1b7e351d0272c3d49577c35b9a01dcbd08ef5d20be4f6a6fa96ae346901a79d1202387395b103af486d88bfd6beccfe23fd95dd03387854ecf6e32d406c4e1b6bfb8453220b9d51fb00dc50fb12e98d383b4a8fd300373d3e27c17a391416aa0d20c13a690abb2fc41860e5b18ff14f069248c6b8b38e7b8d4ac181883ee79af06716f5c7aad4da0ba31401fdd9b761eefe866d208208b1df3cdbad651bf0b33c7f6ea6b85a8fb8bbdfdc50dec8e443eddc67fc1c51f4e85fee5fbd5e2a3e4df64734c781a4b2941ca08465578b024845d0c7740da77499697565c8cf1549144b2ca514f614faa491fcda523b64c27ec60470998f8009dd9394b97a56c716d5ce190079f8b5b05e5c16fb6c5b64cb30674e53ef7949e0b71b1b485e543a551458a1bc86a428b3cb18af6a9a400fe9cf245c4a48666aade9032e31f57a3d5ed13984137e1a66e12aa41b1644add969082cc2313a4bb95bdc1b9d9136bb3e02aec22582ed22235a86f232eedf1ef88d178ef9fe7cb2ca55dbdb7deffedbeba282a64fd70d3252d5b25767f04848ad91ab5c18732224c94015624196f12bdb036e72b571f194390f870ca4eebf3888c6f53cc1453d717e96d9015f2ba99e3c91e89e6ca3adae236188408e520a127968b8413b3af89f7f5c8249a3f66c50521a0ce3464e452e13e0"], &(0x7f00000001c0)='GPL\x00'}, 0x48) socket$inet(0x2, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x3da, 0x0) 03:55:05 executing program 2: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x1}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0xffffffffffffff18, &(0x7f0000000100)=[{&(0x7f0000000000)="2f0000001c0005c5ffffff000d000000020000000b000000ec0091c913000180f0ffffeb", 0x1dd}], 0x1}, 0x0) r0 = socket(0x10, 0x80002, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="fc0000001c00071bab0925000900070007ab08000c000000f0007e93210001c000000000000000000000000000039915fa2c1ec28670e9889bb94b46fe0000000a0002", 0xff82) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x3, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="66d0"], 0x5) r2 = pidfd_open(0x0, 0x0) setuid(0x0) write$RDMA_USER_CM_CMD_DISCONNECT(r1, &(0x7f00000004c0)={0xa, 0x4}, 0xc) setreuid(0x0, 0x0) pidfd_send_signal(r2, 0x0, &(0x7f0000000080)={0x0, 0x0, 0xffffffe0}, 0x0) ioctl$VIDIOC_TRY_EXT_CTRLS(r1, 0xc0205649, &(0x7f00000000c0)={0x3c0004, 0x3, 0x3, r2, 0x0, &(0x7f0000000080)={0x9909da, 0x3, [], @value64=0xfff}}) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, 0xffffffffffffffff, 0x0) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYBLOB="66d0"], 0x5) 03:55:05 executing program 5: r0 = socket(0x200000000000011, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) bind$packet(r0, &(0x7f0000000380)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @broadcast}, 0x14) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0}, &(0x7f0000000080)=0x14) r4 = bpf$MAP_CREATE(0x1000000000000, &(0x7f00000000c0)={0x2, 0x800000000000004, 0x400000, 0x1, 0x0, 0xffffffffffffffff, 0x0, [], r3}, 0x40) bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000040)={r4, &(0x7f00000000c0), 0x0}, 0x20) 03:55:05 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 492.944155][T12954] netlink: 176 bytes leftover after parsing attributes in process `syz-executor.2'. [ 492.978430][ T29] audit: type=1326 audit(1593489305.163:26): auid=0 uid=0 gid=0 ses=4 subj=_ pid=12961 comm="syz-executor.3" exe="/root/syz-executor.3" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45f95a code=0x0 03:55:05 executing program 3: socket(0x1, 0x1, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sysvipc/msg\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0) 03:55:07 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:55:07 executing program 2: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x1}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0xffffffffffffff18, &(0x7f0000000100)=[{&(0x7f0000000000)="2f0000001c0005c5ffffff000d000000020000000b000000ec0091c913000180f0ffffeb", 0x1dd}], 0x1}, 0x0) r0 = socket(0x10, 0x80002, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="fc0000001c00071bab0925000900070007ab08000c000000f0007e93210001c000000000000000000000000000039915fa2c1ec28670e9889bb94b46fe0000000a0002", 0xff82) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x3, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="66d0"], 0x5) r2 = pidfd_open(0x0, 0x0) setuid(0x0) write$RDMA_USER_CM_CMD_DISCONNECT(r1, &(0x7f00000004c0)={0xa, 0x4}, 0xc) setreuid(0x0, 0x0) pidfd_send_signal(r2, 0x0, &(0x7f0000000080)={0x0, 0x0, 0xffffffe0}, 0x0) ioctl$VIDIOC_TRY_EXT_CTRLS(r1, 0xc0205649, &(0x7f00000000c0)={0x3c0004, 0x3, 0x3, r2, 0x0, &(0x7f0000000080)={0x9909da, 0x3, [], @value64=0xfff}}) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, 0xffffffffffffffff, 0x0) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYBLOB="66d0"], 0x5) 03:55:07 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:55:07 executing program 5: unshare(0x40000000) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000540)=0xe) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246) ioctl$PPPIOCSFLAGS1(r1, 0x80047458, 0x0) 03:55:07 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet(0x2, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x48}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010002508000000000000", @ANYRES32, @ANYBLOB], 0x28}}, 0x2000000) r1 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fb0\x00', 0x0, 0x0) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0) 03:55:07 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 495.704417][T13004] netlink: 176 bytes leftover after parsing attributes in process `syz-executor.2'. [ 495.727943][T13004] netlink: 176 bytes leftover after parsing attributes in process `syz-executor.2'. 03:55:08 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 495.805529][T13015] IPVS: ftp: loaded support on port[0] = 21 [ 495.903853][T13014] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 03:55:08 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:08 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet(0x2, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x48}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010002508000000000000", @ANYRES32, @ANYBLOB], 0x28}}, 0x2000000) r1 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fb0\x00', 0x0, 0x0) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0) 03:55:08 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 496.109000][T13015] IPVS: ftp: loaded support on port[0] = 21 03:55:08 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:55:08 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 496.157948][T13072] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 497.581241][ T89] tipc: TX() has been purged, node left! [ 498.364792][ T0] NOHZ: local_softirq_pending 08 03:55:10 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:55:10 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet(0x2, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x48}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010002508000000000000", @ANYRES32, @ANYBLOB], 0x28}}, 0x2000000) r1 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fb0\x00', 0x0, 0x0) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0) 03:55:10 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:55:10 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:10 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) syz_genetlink_get_family_id$batadv(0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x28}}, 0x0) r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fb0\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x300000) 03:55:10 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:55:11 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:11 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 498.883638][T13105] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 03:55:11 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) syz_genetlink_get_family_id$batadv(0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x28}}, 0x0) r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fb0\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x300000) 03:55:11 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100)='nl80211\x00') sendmsg$NL80211_CMD_GET_WIPHY(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="1593000000000000000001"], 0x1c}}, 0x0) recvmmsg(r2, &(0x7f0000005580)=[{{0x0, 0x0, &(0x7f00000025c0)=[{&(0x7f0000001200)=""/147, 0x93}, {&(0x7f00000012c0)=""/157, 0x9d}, {&(0x7f0000000280)=""/141, 0x8d}, {&(0x7f00000001c0)=""/174, 0xae}, {&(0x7f0000002640)=""/4103, 0x1007}], 0x5}}], 0x4, 0x0, 0x0) 03:55:11 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:11 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 499.083169][T13119] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 499.858425][T13119] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 03:55:14 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:55:14 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) syz_genetlink_get_family_id$batadv(0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x28}}, 0x0) r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fb0\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x300000) 03:55:14 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:14 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:55:14 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = getpid() r2 = pidfd_open(r1, 0x0) r3 = epoll_create1(0x0) dup3(r2, r3, 0x0) setns(0xffffffffffffffff, 0x20000000) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup2(r0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = getpid() r7 = pidfd_open(r6, 0x0) r8 = epoll_create1(0x0) r9 = dup3(r7, r8, 0x0) setns(r9, 0x20000000) 03:55:14 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:55:14 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:14 executing program 3: 03:55:14 executing program 3: 03:55:14 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) syz_genetlink_get_family_id$batadv(0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x28}}, 0x0) r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fb0\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x300000) 03:55:14 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:55:14 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:17 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:55:17 executing program 3: 03:55:17 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) syz_genetlink_get_family_id$batadv(0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x28}}, 0x0) r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fb0\x00', 0x0, 0x0) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x300000) 03:55:17 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:55:17 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:17 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f", 0x1}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:55:17 executing program 3: 03:55:17 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:17 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) syz_genetlink_get_family_id$batadv(0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x28}}, 0x0) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, 0xffffffffffffffff, 0x300000) 03:55:17 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:55:17 executing program 3: 03:55:17 executing program 3: 03:55:20 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:55:20 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:20 executing program 3: r0 = socket$inet(0x2, 0x1, 0x0) sendto$inet(r0, 0x0, 0x0, 0x24008884, &(0x7f0000000240)={0x2, 0x0, @local}, 0x10) getsockopt$inet_buf(r0, 0x0, 0x50, &(0x7f0000001280)=""/4096, &(0x7f0000000040)=0x1000) 03:55:20 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = dup2(r0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:55:20 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) syz_genetlink_get_family_id$batadv(0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x28}}, 0x0) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, 0xffffffffffffffff, 0x300000) 03:55:20 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f", 0x1}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:55:20 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:20 executing program 3: r0 = socket$inet(0x2, 0x1, 0x0) r1 = dup(r0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000002c0)=0x200, 0x4) connect$inet(r0, &(0x7f0000000780)={0x2, 0x4e23}, 0x10) sendto$inet(r1, &(0x7f0000000200)="96", 0x1, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r2, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) recvfrom(r0, 0x0, 0x0, 0x2000, 0x0, 0x0) 03:55:20 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = dup2(r0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:55:20 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) syz_genetlink_get_family_id$batadv(0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x28}}, 0x0) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, 0xffffffffffffffff, 0x300000) 03:55:20 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:20 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = dup2(r0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:55:23 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f3646023443", 0x32}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:55:23 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='sessionid\x00') utimensat(r0, 0x0, 0x0, 0x0) 03:55:23 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) syz_genetlink_get_family_id$batadv(0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fb0\x00', 0x0, 0x0) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x300000) 03:55:23 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:23 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:55:23 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f", 0x1}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:55:23 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000640)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000001000000000000e000000040000009002000000000000c800000060010000c8000000c8000000e8010000f8010000f8010000f8010000f801000004000000118000000000ffff0000000000007de500f4ffffff0000000000000000000000000000000000007e54a0000000f9ff00000000000000000000000000002700000000000000fd3542290000000000000000000000000000fff700000000440000a000c80000000000000000fdff000000000000000000000030006164647274797065000000000000d25900000000000000000000000000000000000001000f6c0000000000000000280052454a454354000080000000000002000000000000000000d401000000000000000068a30000e0000001b11414bb0000000004000000677265300000000000002000000000000000fffffffffffffff70093af4afb000000000000000000000100000f00000000000000000000000030b8942a9082d4cf00000000000000700098000000000000000000000067c2137b650096ae0000280052454a454354000000080000000000000000000000000000000000000000712a00800000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000008100000000000000000000000000000000000000b93f007000980000000000000000000000000000000000800000002800534554000004000000000000000000000000000000000000000000000001000004000000050f000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000002000000000000000000000097a3eb8d13ab5daa0000000000000000feffffff"], 0x1) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='bridge0\x00', 0x10) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x400000000000030, 0x0) 03:55:23 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:55:23 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:23 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) syz_genetlink_get_family_id$batadv(0x0) socket$netlink(0x10, 0x3, 0x0) r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fb0\x00', 0x0, 0x0) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x300000) [ 511.158747][T13264] x_tables: duplicate underflow at hook 2 [ 511.192111][T13264] x_tables: duplicate underflow at hook 2 03:55:23 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000001040)={0x2, 0x4e23, @loopback}, 0x10) recvmsg(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000001080)=""/4112, 0x1010}], 0x1}, 0x40000104) sendmmsg$inet(r0, &(0x7f0000003680)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000001c0)="2ff5c848b7f43832caeb0e9c7d72a5a35c0f2f391d2e9618e7b36a646d5aaffe12b50daa2302933c14b7f3d5b7323e7d00799aa069821bd9114a40", 0x3b}, {&(0x7f00000002c0)="880e249933e02d31a45e4c85bb333e54aa48ee4409c0ebf6e256b20b37dac77b7c49f55c83e5d5a940386a11fea3d8b34f210e67aa439dc45aac723672c54d4dc3c59050fa2ea1b2d2c27ed669049d9fbc79c47b47dee33266e6170229ce600b84785c12378f29e7c02200318e0e3b6ef081851a8c2300a70925166d153e4718866dc5025f025b500d615a727062", 0x8e}], 0x2}}], 0x1, 0x0) 03:55:23 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 511.353260][T13278] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. 03:55:26 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f3646023443", 0x32}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:55:26 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:55:26 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) syz_genetlink_get_family_id$batadv(0x0) r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fb0\x00', 0x0, 0x0) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x300000) 03:55:26 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:26 executing program 3: clone(0x84007ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() mknod(&(0x7f0000000000)='./file0\x00', 0x10001040, 0x0) execve(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) process_vm_writev(r0, &(0x7f0000001480)=[{&(0x7f0000000180)=""/110, 0x6e}], 0x1, &(0x7f0000002940)=[{&(0x7f0000001500)=""/224, 0xe0}], 0x1, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) 03:55:26 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:55:26 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 514.147971][T13294] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. 03:55:26 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fb0\x00', 0x0, 0x0) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x300000) 03:55:26 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:26 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 514.287580][T13311] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. 03:55:26 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fb0\x00', 0x0, 0x0) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x300000) 03:55:26 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 514.428164][T13320] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. 03:55:29 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f3646023443", 0x32}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:55:29 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:55:29 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fb0\x00', 0x0, 0x0) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x300000) 03:55:29 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:29 executing program 3: 03:55:29 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:55:29 executing program 2: perf_event_open(&(0x7f00000003c0)={0x0, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 517.201122][T13337] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. 03:55:29 executing program 3: 03:55:29 executing program 5: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fb0\x00', 0x0, 0x0) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x300000) 03:55:29 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:29 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd98", 0x4b}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:55:29 executing program 2: perf_event_open(&(0x7f00000003c0)={0x0, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:55:29 executing program 3: [ 517.367424][T13353] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. 03:55:29 executing program 5: r0 = openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x300000) 03:55:29 executing program 3: 03:55:29 executing program 2: perf_event_open(&(0x7f00000003c0)={0x0, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:55:29 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 517.585984][T13368] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 517.598564][T13368] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 03:55:32 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:55:32 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:55:32 executing program 3: 03:55:32 executing program 5: r0 = openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x300000) 03:55:32 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 520.230338][T13380] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 520.240175][T13380] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 03:55:32 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd98", 0x4b}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:55:32 executing program 3: 03:55:32 executing program 5: r0 = openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x300000) 03:55:32 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:32 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:55:32 executing program 5: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fb0\x00', 0x0, 0x0) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x10, r0, 0x300000) 03:55:32 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 520.427438][T13395] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 520.464296][T13395] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 03:55:35 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:55:35 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x1) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:55:35 executing program 5: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fb0\x00', 0x0, 0x0) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x10, r0, 0x300000) 03:55:35 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:55:35 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b0001006272696467650000"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 523.241341][T13414] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 523.277175][T13414] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 03:55:35 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd98", 0x4b}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:55:35 executing program 5: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fb0\x00', 0x0, 0x0) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x10, r0, 0x300000) 03:55:35 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:55:35 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:55:35 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b0001006272696467650000"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:35 executing program 5: openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fb0\x00', 0x0, 0x0) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, 0xffffffffffffffff, 0x300000) [ 523.437747][T13438] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 03:55:35 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 523.499954][T13438] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 03:55:38 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:55:38 executing program 5: openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fb0\x00', 0x0, 0x0) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, 0xffffffffffffffff, 0x300000) 03:55:38 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b0001006272696467650000"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:38 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:55:38 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) [ 526.283111][T13462] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 526.299618][T13462] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 03:55:38 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:55:38 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0", 0x58}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:55:38 executing program 5: openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fb0\x00', 0x0, 0x0) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, 0xffffffffffffffff, 0x300000) 03:55:38 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:38 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:55:38 executing program 5: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fb0\x00', 0x0, 0x0) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) [ 526.475211][T13481] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 03:55:38 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:55:41 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:55:41 executing program 5: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fb0\x00', 0x0, 0x0) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) 03:55:41 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:41 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:55:41 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:55:41 executing program 5: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fb0\x00', 0x0, 0x0) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) [ 529.344084][T13507] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 03:55:41 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0", 0x58}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:55:41 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:41 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = dup2(r0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:55:41 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)) 03:55:41 executing program 5: openat$vcsa(0xffffff9c, &(0x7f0000000240)='/dev/vcsa\x00', 0x195083, 0x0) setgid(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x28483, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000080)='GPL\x00', 0x5, 0xa8, &(0x7f00000002c0)=""/168, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x74) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r0 = syz_open_dev$loop(0x0, 0x0, 0x0) ioctl$LOOP_SET_FD(r0, 0xc02812f8, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1b, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x2}}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) r2 = socket(0x11, 0x800000003, 0x0) bind(r2, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r2, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) sendmsg$nl_route_sched(r1, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newqdisc={0x30, 0x24, 0xd0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7, 0x1, 'fq\x00'}, {0x4}}]}, 0x30}}, 0x0) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000840)={&(0x7f00000017c0)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="ac0002803800010024000100616374697665706f727400"/35, @ANYRES32=0x0, @ANYBLOB="3804010024000100616374697600000000740000000000001be231db6f907e460000000000000000fcff03000300000008000400ee3324e35bf2eacae768bf079378ba06027d9ac85ee2c41bd3efd5d16b24", @ANYRESOCT, @ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="38000100240001006e6f746966795f70656572735f696e74657276616c000000000000000000000005000300030000000800040008000000400001002400010071756575655f6964000000000000000000000000000000000000000000000000050003000300000008000400060000000800", @ANYRES32=0x0, @ANYBLOB="38000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000500030003000000080004000900000040000100240001006c625f74785f686173685f746f5f706f72", @ANYRESOCT=r0, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="3c0002803800010024000100616374697665706f72740000", @ANYRES32, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB, @ANYBLOB, @ANYRES32, @ANYRES32=0x0, @ANYBLOB="40000100240001006c625f706f72745f737461747300000000000000000000000000000000000000050003000b000000080004008000000008000600", @ANYRES32=0x0, @ANYBLOB, @ANYBLOB='\b', @ANYRES32=0x0, @ANYBLOB="40000100240001006d6f64650000000000000000000000000000000000000000000000000000000005000300050000000f000400726f756e64726f62696e000040000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b0000000800040001000100080007000000000040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000", @ANYBLOB, @ANYRES32, @ANYBLOB], 0x854}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000) [ 529.556178][T13524] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 03:55:41 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = dup2(r0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:55:44 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0xffffffffffffffff, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:55:44 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b0001006272696467650000040002800800"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:44 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)) 03:55:44 executing program 5: open_by_handle_at(0xffffffffffffff9c, &(0x7f0000000040)={0x9, 0x20000000001, '['}, 0x0) openat$nvram(0xffffff9c, &(0x7f0000000080)='/dev/nvram\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') gettid() getdents64(r0, &(0x7f0000000100)=""/236, 0x20000103) 03:55:44 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = dup2(r0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:55:44 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0xffffffffffffffff, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) [ 532.444104][ T29] audit: type=1804 audit(1593489344.635:27): pid=13553 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/" dev="sda1" ino=91 res=1 03:55:44 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0", 0x58}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:55:44 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:55:44 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) dup2(r1, r0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:55:44 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0xffffffffffffffff, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:55:44 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b0001006272696467650000040002800800"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:44 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)) [ 532.531390][ T29] audit: type=1804 audit(1593489344.645:28): pid=13553 uid=0 auid=0 ses=4 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/" dev="sda1" ino=91 res=1 03:55:44 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:55:44 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f", 0x5e}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:55:44 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) dup2(r1, r0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:55:44 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:55:44 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:55:45 executing program 5: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_config_ext={0xfffffffffffffefe}, 0x0, 0x0, 0xfffffffe, 0x4, 0x9, 0x0, 0xfff7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x82, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) mount$bpf(0x20000000, &(0x7f0000000100)='./file0\x00', 0x0, 0x823001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x0) pivot_root(&(0x7f0000000340)='./file0\x00', &(0x7f0000000080)='./file0\x00') r0 = socket$nl_route(0x10, 0x3, 0x0) arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0xdab) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) pipe2(&(0x7f00000001c0), 0x4800) chmod(&(0x7f00000002c0)='\x00', 0x86) io_setup(0x9, 0x0) setresuid(0x0, 0x0, 0x0) seccomp$SECCOMP_GET_NOTIF_SIZES(0x3, 0x0, &(0x7f00000000c0)) fchdir(0xffffffffffffffff) r1 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) mq_open(&(0x7f0000000240)='!/^\x00', 0x800, 0x9, &(0x7f0000000280)={0x0, 0x101, 0x7ff}) fchdir(r1) 03:55:45 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:55:45 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b0001006272696467650000040002800800"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:45 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:55:45 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) dup2(r1, r0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:55:45 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 532.965082][T13613] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 03:55:45 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0) [ 533.038155][T13613] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 533.100767][T13613] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 533.134690][T13613] device bridge_slave_0 left promiscuous mode [ 533.144482][T13613] bridge0: port 1(bridge_slave_0) entered disabled state [ 533.163250][T13631] binder: 13630:13631 ioctl c0306201 0 returned -14 03:55:45 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0) [ 533.206960][T13613] device bridge_slave_1 left promiscuous mode [ 533.242476][T13613] bridge0: port 2(bridge_slave_1) entered disabled state [ 533.245504][T13635] binder: 13634:13635 ioctl c0306201 0 returned -14 [ 533.343022][T13613] bond0: (slave bond_slave_0): Releasing backup interface [ 533.731361][T13613] bond0: (slave bond_slave_1): Releasing backup interface [ 533.827486][T13613] device team_slave_0 left promiscuous mode [ 533.919063][T13613] @þ: Port device team_slave_0 removed [ 533.925091][T13613] device team_slave_1 left promiscuous mode [ 534.050268][T13613] @þ: Port device team_slave_1 removed [ 534.056316][T13613] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 534.079198][T13613] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 534.123419][T13613] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 534.130948][T13613] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 534.149109][T13629] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 534.167880][T13639] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 534.184104][T13639] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 534.192388][T13639] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 03:55:47 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f", 0x5e}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:55:47 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0) 03:55:47 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:55:47 executing program 5: 03:55:47 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:48 executing program 5: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'tunl0\x00', 0x0}) [ 535.787850][T13650] binder: 13645:13650 ioctl c0306201 0 returned -14 [ 535.792336][T13651] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 03:55:48 executing program 5: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x40000000002, 0x3, 0x2) connect$unix(r0, &(0x7f00000003c0)=@abs, 0x6e) 03:55:48 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:55:48 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:48 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:55:48 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x73b000, 0x0}) 03:55:48 executing program 5: r0 = socket(0x10, 0x3, 0xc) r1 = dup(r0) sendmsg$IPCTNL_MSG_EXP_GET(r1, &(0x7f0000003a40)={0x0, 0x0, &(0x7f0000003a00)={&(0x7f00000038c0)=ANY=[@ANYBLOB="500000000102050000000000000000000a0000003c0001800c000280050001003a0000002c00018014000300fc020000000000000000000000000000140004"], 0x50}}, 0x0) [ 536.050763][T13673] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 03:55:50 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f", 0x5e}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:55:50 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:50 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x73b000, 0x0}) 03:55:50 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) pipe(0x0) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:55:50 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:55:51 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x73b000, 0x0}) 03:55:51 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:51 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:55:51 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:51 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:55:51 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000002c0), 0x0, 0x73b000, 0x0}) 03:55:51 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:54 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c5995", 0x61}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:55:54 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000002c0), 0x0, 0x73b000, 0x0}) 03:55:54 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:55:54 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:54 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) pipe(0x0) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:55:54 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:54 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000002c0), 0x0, 0x73b000, 0x0}) 03:55:54 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}], 0x2, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:55:54 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r1 = dup(0xffffffffffffffff) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r1}) 03:55:54 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c000000100005070000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:54 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) pipe(0x0) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:55:54 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)) [ 542.167226][T13811] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. 03:55:57 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c5995", 0x61}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:55:57 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r1 = dup(0xffffffffffffffff) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r1}) 03:55:57 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c000000100005070000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:57 executing program 2: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fb0\x00', 0x0, 0x0) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x300000) 03:55:57 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) pipe(0x0) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 544.886299][T13835] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. 03:55:57 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c000000100005070000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:57 executing program 2: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) syz_genetlink_get_family_id$batadv(0x0) r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fb0\x00', 0x0, 0x0) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x300000) [ 545.044519][T13852] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. 03:55:57 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}], 0x2, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:55:57 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r1 = dup(0xffffffffffffffff) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r1}) 03:55:57 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) pipe(0x0) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:55:57 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:55:57 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c0000001000050700000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 545.217325][T13867] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. 03:56:00 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c5995", 0x61}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:56:00 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c0000001000050700000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:56:00 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) pipe(0x0) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:00 executing program 2 (fault-call:4 fault-nth:0): perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:56:00 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) [ 547.945922][T13881] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. [ 547.967849][T13883] FAULT_INJECTION: forcing a failure. [ 547.967849][T13883] name failslab, interval 1, probability 0, space 0, times 1 [ 547.994768][T13883] CPU: 1 PID: 13883 Comm: syz-executor.2 Not tainted 5.8.0-rc2-syzkaller #0 [ 548.003439][T13883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 548.013468][T13883] Call Trace: [ 548.016751][T13883] dump_stack+0x1f0/0x31e [ 548.021063][T13883] should_fail+0x38a/0x4e0 [ 548.025457][T13883] ? tomoyo_realpath_from_path+0xd8/0x630 [ 548.031149][T13883] should_failslab+0x5/0x20 [ 548.035623][T13883] __kmalloc+0x74/0x330 [ 548.039754][T13883] ? tomoyo_realpath_from_path+0xcb/0x630 [ 548.045447][T13883] tomoyo_realpath_from_path+0xd8/0x630 [ 548.050968][T13883] tomoyo_path_number_perm+0x18f/0x690 [ 548.056399][T13883] ? trace_event_raw_event_lock_acquire+0x1f0/0x1f0 [ 548.062968][T13883] ? trace_event_raw_event_lock_acquire+0x1f0/0x1f0 [ 548.069548][T13883] security_file_ioctl+0x55/0xb0 [ 548.074460][T13883] __se_sys_ioctl+0x48/0x160 [ 548.079083][T13883] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 548.085145][T13883] do_syscall_64+0x73/0xe0 [ 548.089535][T13883] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 548.095516][T13883] RIP: 0033:0x45cb19 [ 548.099399][T13883] Code: Bad RIP value. [ 548.103548][T13883] RSP: 002b:00007f342d120c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 548.111928][T13883] RAX: ffffffffffffffda RBX: 00000000004e1d80 RCX: 000000000045cb19 [ 548.119872][T13883] RDX: 00000000200004c0 RSI: 00000000c0306201 RDI: 0000000000000004 [ 548.127823][T13883] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 548.135777][T13883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 03:56:00 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) pipe(0x0) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 548.143723][T13883] R13: 000000000000021e R14: 00000000004c4741 R15: 00007f342d1216d4 03:56:00 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) [ 548.171124][T13883] ERROR: Out of memory at tomoyo_realpath_from_path. 03:56:00 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}], 0x2, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:56:00 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c0000001000050700000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:56:00 executing program 2 (fault-call:4 fault-nth:1): perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:56:00 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) pipe(0x0) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 548.329769][T13900] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. [ 548.350401][T13902] FAULT_INJECTION: forcing a failure. [ 548.350401][T13902] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 548.363650][T13902] CPU: 1 PID: 13902 Comm: syz-executor.2 Not tainted 5.8.0-rc2-syzkaller #0 [ 548.372317][T13902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 548.382369][T13902] Call Trace: [ 548.385656][T13902] dump_stack+0x1f0/0x31e [ 548.389989][T13902] should_fail+0x38a/0x4e0 [ 548.394416][T13902] prepare_alloc_pages+0x28c/0x4a0 [ 548.399529][T13902] __alloc_pages_nodemask+0xbc/0x5e0 [ 548.404831][T13902] ? __lock_acquire+0x116c/0x2c30 [ 548.409872][T13902] kmem_getpages+0x49/0x900 [ 548.414492][T13902] ? check_preemption_disabled+0x40/0x240 [ 548.420250][T13902] cache_grow_begin+0x7b/0x2e0 [ 548.425023][T13902] cache_alloc_refill+0x359/0x3f0 [ 548.430050][T13902] ? check_preemption_disabled+0xb0/0x240 [ 548.435773][T13902] ? debug_smp_processor_id+0x5/0x20 [ 548.441066][T13902] __kmalloc+0x30c/0x330 [ 548.445314][T13902] ? tomoyo_realpath_from_path+0xd8/0x630 [ 548.451039][T13902] tomoyo_realpath_from_path+0xd8/0x630 [ 548.456601][T13902] tomoyo_path_number_perm+0x18f/0x690 [ 548.462063][T13902] ? trace_event_raw_event_lock_acquire+0x1f0/0x1f0 [ 548.468677][T13902] ? trace_event_raw_event_lock_acquire+0x1f0/0x1f0 [ 548.475311][T13902] security_file_ioctl+0x55/0xb0 [ 548.480249][T13902] __se_sys_ioctl+0x48/0x160 [ 548.484841][T13902] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 548.490903][T13902] do_syscall_64+0x73/0xe0 [ 548.495317][T13902] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 548.501204][T13902] RIP: 0033:0x45cb19 [ 548.505087][T13902] Code: Bad RIP value. [ 548.509147][T13902] RSP: 002b:00007f342d0ffc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 548.517555][T13902] RAX: ffffffffffffffda RBX: 00000000004e1d80 RCX: 000000000045cb19 03:56:00 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c0000001000050700000000000000140000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 548.525525][T13902] RDX: 00000000200004c0 RSI: 00000000c0306201 RDI: 0000000000000004 [ 548.533497][T13902] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 548.541466][T13902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 548.549446][T13902] R13: 000000000000021e R14: 00000000004c4741 R15: 00007f342d1006d4 [ 548.657472][T13911] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. 03:56:03 executing program 2 (fault-call:4 fault-nth:2): perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:56:03 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab3", 0x63}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:56:03 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:56:03 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) pipe(0x0) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:03 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c0000001000050700000000000000140000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 550.985821][T13925] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. [ 550.987126][T13926] FAULT_INJECTION: forcing a failure. [ 550.987126][T13926] name failslab, interval 1, probability 0, space 0, times 0 [ 551.021689][T13926] CPU: 1 PID: 13926 Comm: syz-executor.2 Not tainted 5.8.0-rc2-syzkaller #0 03:56:03 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c0000001000050700000000000000140000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 551.030381][T13926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 551.040436][T13926] Call Trace: [ 551.043726][T13926] dump_stack+0x1f0/0x31e [ 551.048058][T13926] should_fail+0x38a/0x4e0 [ 551.052526][T13926] ? binder_get_thread+0x22b/0x810 [ 551.057635][T13926] should_failslab+0x5/0x20 [ 551.062143][T13926] kmem_cache_alloc_trace+0x57/0x300 [ 551.067447][T13926] binder_get_thread+0x22b/0x810 [ 551.072437][T13926] binder_ioctl+0x183/0x7650 [ 551.077023][T13926] ? tomoyo_path_number_perm+0x58f/0x690 [ 551.082670][T13926] ? do_vfs_ioctl+0x6bc/0x16d0 [ 551.087448][T13926] ? binder_poll+0x520/0x520 [ 551.092033][T13926] __se_sys_ioctl+0xf9/0x160 [ 551.096621][T13926] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 551.102691][T13926] do_syscall_64+0x73/0xe0 [ 551.107100][T13926] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 551.112987][T13926] RIP: 0033:0x45cb19 [ 551.116868][T13926] Code: Bad RIP value. [ 551.120929][T13926] RSP: 002b:00007f342d120c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 03:56:03 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab3", 0x63}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 551.123648][T13933] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. [ 551.129329][T13926] RAX: ffffffffffffffda RBX: 00000000004e1d80 RCX: 000000000045cb19 [ 551.129337][T13926] RDX: 00000000200004c0 RSI: 00000000c0306201 RDI: 0000000000000004 [ 551.129343][T13926] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 551.129350][T13926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 551.129356][T13926] R13: 000000000000021e R14: 00000000004c4741 R15: 00007f342d1216d4 [ 551.173810][T13926] binder: 13920:13926 ioctl c0306201 200004c0 returned -12 03:56:03 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:56:03 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) pipe(0x0) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:03 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$int_in(0xffffffffffffffff, 0x40000000af01, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000280)=ANY=[]) r1 = dup(r0) ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, &(0x7f0000000000)={0x0, r1}) 03:56:03 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c000000100005070000000000000014000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:56:03 executing program 2 (fault-call:4 fault-nth:3): perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 551.329708][T13944] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. 03:56:03 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) pipe(0x0) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:03 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$int_in(0xffffffffffffffff, 0x40000000af01, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000280)=ANY=[]) r1 = dup(r0) ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, &(0x7f0000000000)={0x0, r1}) 03:56:03 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c000000100005070000000000000014000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:56:03 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:56:03 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$int_in(0xffffffffffffffff, 0x40000000af01, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000280)=ANY=[]) r1 = dup(r0) ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, &(0x7f0000000000)={0x0, r1}) 03:56:03 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) pipe(0x0) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 551.534535][T13963] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. 03:56:06 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab3", 0x63}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:56:06 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:56:06 executing program 3: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:56:06 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c000000100005070000000000000014000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:56:06 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) pipe(0x0) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:06 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x2, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:56:06 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:56:06 executing program 3: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) [ 554.378310][T13986] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. 03:56:06 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:56:06 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) pipe(0x0) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:06 executing program 3: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:56:06 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x10, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:56:06 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 554.592028][T14007] binder: 14004:14007 ioctl 10 200004c0 returned -22 [ 554.655252][T14011] binder: 14004:14011 ioctl 10 200004c0 returned -22 03:56:09 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:56:09 executing program 3: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:56:09 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) pipe(0x0) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:09 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:56:09 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x1276, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:56:09 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:56:09 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, 0x0, 0x0, 0x0) 03:56:09 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) pipe(0x0) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 557.442757][T14025] binder: 14018:14025 ioctl 1276 200004c0 returned -22 03:56:09 executing program 3: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:56:09 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, 0x0, 0x0, 0x0) 03:56:09 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) dup(r0) pipe(0x0) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmmsg(r1, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 557.525195][T14036] binder: 14018:14036 ioctl 1276 200004c0 returned -22 03:56:09 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x2203, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 557.654756][T14047] binder: 14044:14047 ioctl 2203 200004c0 returned -22 [ 557.742062][T14055] binder: 14044:14055 ioctl 2203 200004c0 returned -22 03:56:12 executing program 3: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:56:12 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x2, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:56:12 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, 0x0, 0x0, 0x0) 03:56:12 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) dup(r0) pipe(0x0) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmmsg(r1, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:12 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x4c00, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:56:12 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 560.488707][T14067] binder: 14061:14067 ioctl 4c00 200004c0 returned -22 03:56:12 executing program 3: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:56:12 executing program 1 (fault-call:6 fault-nth:0): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 560.583720][T14079] binder: 14061:14079 ioctl 4c00 200004c0 returned -22 03:56:12 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x4c01, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 560.644027][T14085] FAULT_INJECTION: forcing a failure. [ 560.644027][T14085] name failslab, interval 1, probability 0, space 0, times 0 [ 560.686956][T14085] CPU: 1 PID: 14085 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 560.695647][T14085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 560.705696][T14085] Call Trace: [ 560.709002][T14085] dump_stack+0x1f0/0x31e [ 560.713340][T14085] should_fail+0x38a/0x4e0 [ 560.717760][T14085] should_failslab+0x5/0x20 [ 560.722250][T14085] kmem_cache_alloc_node+0x64/0x290 [ 560.727532][T14085] ? __alloc_skb+0x94/0x4f0 [ 560.732017][T14085] __alloc_skb+0x94/0x4f0 [ 560.736372][T14085] ? netlink_autobind+0x28c/0x2c0 [ 560.741381][T14085] netlink_sendmsg+0x7b2/0xd70 [ 560.746140][T14085] ? netlink_getsockopt+0x9e0/0x9e0 [ 560.751351][T14085] ____sys_sendmsg+0x519/0x800 [ 560.756101][T14085] ? import_iovec+0x12a/0x2c0 [ 560.760781][T14085] __sys_sendmmsg+0x45b/0x680 [ 560.765480][T14085] ? ksys_write+0x1b1/0x220 [ 560.769985][T14085] ? ksys_write+0x1b1/0x220 [ 560.774466][T14085] ? check_preemption_disabled+0x40/0x240 [ 560.780173][T14085] ? check_preemption_disabled+0x40/0x240 [ 560.785885][T14085] __x64_sys_sendmmsg+0x9c/0xb0 [ 560.790714][T14085] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 560.796840][T14085] do_syscall_64+0x73/0xe0 [ 560.801249][T14085] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 560.807116][T14085] RIP: 0033:0x45cb19 [ 560.810988][T14085] Code: Bad RIP value. [ 560.815028][T14085] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 560.823414][T14085] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 03:56:13 executing program 3: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) [ 560.831468][T14085] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 560.839430][T14085] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 560.847398][T14085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 560.855346][T14085] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 560.888906][T14093] binder: 14091:14093 ioctl 4c01 200004c0 returned -22 03:56:13 executing program 1 (fault-call:6 fault-nth:1): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:56:13 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) dup(r0) pipe(0x0) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmmsg(r1, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:13 executing program 3: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) [ 560.982915][T14101] FAULT_INJECTION: forcing a failure. [ 560.982915][T14101] name failslab, interval 1, probability 0, space 0, times 0 [ 560.996134][T14102] binder: 14091:14102 ioctl 4c01 200004c0 returned -22 [ 561.043228][T14101] CPU: 1 PID: 14101 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 561.051927][T14101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 561.061981][T14101] Call Trace: [ 561.065279][T14101] dump_stack+0x1f0/0x31e [ 561.069614][T14101] should_fail+0x38a/0x4e0 [ 561.074050][T14101] should_failslab+0x5/0x20 [ 561.078548][T14101] kmem_cache_alloc_node_trace+0x69/0x2b0 [ 561.084269][T14101] ? __kmalloc_node_track_caller+0x37/0x60 [ 561.090070][T14101] __kmalloc_node_track_caller+0x37/0x60 [ 561.095697][T14101] ? netlink_sendmsg+0x7b2/0xd70 [ 561.100625][T14101] __alloc_skb+0xde/0x4f0 [ 561.104952][T14101] netlink_sendmsg+0x7b2/0xd70 [ 561.109716][T14101] ? netlink_getsockopt+0x9e0/0x9e0 [ 561.114928][T14101] ____sys_sendmsg+0x519/0x800 [ 561.119687][T14101] ? import_iovec+0x12a/0x2c0 [ 561.124360][T14101] __sys_sendmmsg+0x45b/0x680 [ 561.129066][T14101] ? ksys_write+0x1b1/0x220 [ 561.133563][T14101] ? ksys_write+0x1b1/0x220 [ 561.138072][T14101] ? check_preemption_disabled+0x40/0x240 [ 561.143787][T14101] ? check_preemption_disabled+0x40/0x240 [ 561.149507][T14101] __x64_sys_sendmmsg+0x9c/0xb0 [ 561.154352][T14101] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 561.160412][T14101] do_syscall_64+0x73/0xe0 [ 561.164828][T14101] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 561.170710][T14101] RIP: 0033:0x45cb19 [ 561.174591][T14101] Code: Bad RIP value. [ 561.178647][T14101] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 561.187043][T14101] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 561.194989][T14101] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 561.202939][T14101] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 561.210894][T14101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 561.219015][T14101] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 562.350590][ T0] NOHZ: local_softirq_pending 08 03:56:15 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x2, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:56:15 executing program 1 (fault-call:6 fault-nth:2): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:56:15 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) pipe(0x0) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:15 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:56:15 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x5000, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:56:15 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 563.502769][T14128] FAULT_INJECTION: forcing a failure. [ 563.502769][T14128] name failslab, interval 1, probability 0, space 0, times 0 [ 563.521513][T14130] binder: 14126:14130 ioctl 5000 200004c0 returned -22 [ 563.534852][T14128] CPU: 0 PID: 14128 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 563.543546][T14128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 563.553607][T14128] Call Trace: [ 563.556907][T14128] dump_stack+0x1f0/0x31e [ 563.561237][T14128] should_fail+0x38a/0x4e0 [ 563.565653][T14128] ? skb_clone+0x1b2/0x370 [ 563.570150][T14128] should_failslab+0x5/0x20 [ 563.574648][T14128] kmem_cache_alloc+0x53/0x2d0 [ 563.579411][T14128] skb_clone+0x1b2/0x370 [ 563.583650][T14128] netlink_deliver_tap+0x478/0x810 [ 563.588768][T14128] netlink_unicast+0x75c/0x940 [ 563.593536][T14128] netlink_sendmsg+0xa57/0xd70 [ 563.598323][T14128] ? netlink_getsockopt+0x9e0/0x9e0 [ 563.603520][T14128] ____sys_sendmsg+0x519/0x800 [ 563.608284][T14128] ? import_iovec+0x12a/0x2c0 [ 563.612962][T14128] __sys_sendmmsg+0x45b/0x680 [ 563.617684][T14128] ? ksys_write+0x1b1/0x220 [ 563.622183][T14128] ? ksys_write+0x1b1/0x220 [ 563.626696][T14128] ? check_preemption_disabled+0x40/0x240 [ 563.632409][T14128] ? check_preemption_disabled+0x40/0x240 [ 563.638132][T14128] __x64_sys_sendmmsg+0x9c/0xb0 [ 563.642981][T14128] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 563.649041][T14128] do_syscall_64+0x73/0xe0 [ 563.653454][T14128] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 563.659341][T14128] RIP: 0033:0x45cb19 [ 563.663221][T14128] Code: Bad RIP value. [ 563.667264][T14128] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 563.675648][T14128] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 563.683715][T14128] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 563.691680][T14128] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 03:56:15 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 563.699637][T14128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 563.707609][T14128] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:56:16 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) pipe(0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 563.819409][T14130] binder: 14126:14130 ioctl 5000 200004c0 returned -22 03:56:16 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:56:16 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x5206, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:56:16 executing program 1 (fault-call:6 fault-nth:3): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 564.012784][T14173] FAULT_INJECTION: forcing a failure. [ 564.012784][T14173] name failslab, interval 1, probability 0, space 0, times 0 [ 564.037839][T14175] binder: 14168:14175 ioctl 5206 200004c0 returned -22 [ 564.045589][T14173] CPU: 0 PID: 14173 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 564.054269][T14173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 564.064325][T14173] Call Trace: [ 564.067616][T14173] dump_stack+0x1f0/0x31e [ 564.071950][T14173] should_fail+0x38a/0x4e0 [ 564.076367][T14173] should_failslab+0x5/0x20 [ 564.080863][T14173] kmem_cache_alloc_node+0x64/0x290 [ 564.086060][T14173] ? __alloc_skb+0x94/0x4f0 [ 564.090563][T14173] __alloc_skb+0x94/0x4f0 [ 564.094986][T14173] ? security_socket_getpeersec_dgram+0x9b/0xc0 [ 564.101225][T14173] netlink_sendmsg+0x7b2/0xd70 [ 564.105993][T14173] ? netlink_getsockopt+0x9e0/0x9e0 03:56:16 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) [ 564.111183][T14173] ____sys_sendmsg+0x519/0x800 [ 564.115946][T14173] ? import_iovec+0x12a/0x2c0 [ 564.120624][T14173] __sys_sendmmsg+0x45b/0x680 [ 564.125331][T14173] ? ksys_write+0x1b1/0x220 [ 564.129832][T14173] ? ksys_write+0x1b1/0x220 [ 564.134333][T14173] ? check_preemption_disabled+0x40/0x240 [ 564.140052][T14173] ? check_preemption_disabled+0x40/0x240 [ 564.145775][T14173] __x64_sys_sendmmsg+0x9c/0xb0 [ 564.150625][T14173] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 564.156687][T14173] do_syscall_64+0x73/0xe0 [ 564.161114][T14173] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 564.166997][T14173] RIP: 0033:0x45cb19 [ 564.170870][T14173] Code: Bad RIP value. [ 564.174931][T14173] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 564.183338][T14173] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 564.191302][T14173] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 564.199265][T14173] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 564.207235][T14173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 564.215198][T14173] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 564.252713][T14188] binder: 14168:14188 ioctl 5206 200004c0 returned -22 03:56:18 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x2, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:56:18 executing program 1 (fault-call:6 fault-nth:4): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:56:18 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:56:18 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:18 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x540e, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 566.575750][T14197] binder: 14195:14197 ioctl 540e 200004c0 returned -22 [ 566.593212][T14199] FAULT_INJECTION: forcing a failure. [ 566.593212][T14199] name failslab, interval 1, probability 0, space 0, times 0 [ 566.623926][T14199] CPU: 0 PID: 14199 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 566.632620][T14199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 566.642680][T14199] Call Trace: [ 566.645970][T14199] dump_stack+0x1f0/0x31e [ 566.650301][T14199] should_fail+0x38a/0x4e0 [ 566.654721][T14199] should_failslab+0x5/0x20 [ 566.659224][T14199] kmem_cache_alloc_node_trace+0x69/0x2b0 [ 566.664959][T14199] ? __kmalloc_node_track_caller+0x37/0x60 [ 566.670809][T14199] __kmalloc_node_track_caller+0x37/0x60 [ 566.676415][T14199] ? netlink_sendmsg+0x7b2/0xd70 [ 566.681327][T14199] __alloc_skb+0xde/0x4f0 [ 566.685632][T14199] ? security_socket_getpeersec_dgram+0x9b/0xc0 [ 566.691845][T14199] netlink_sendmsg+0x7b2/0xd70 [ 566.696624][T14199] ? netlink_getsockopt+0x9e0/0x9e0 [ 566.701793][T14199] ____sys_sendmsg+0x519/0x800 [ 566.706526][T14199] ? import_iovec+0x12a/0x2c0 [ 566.711182][T14199] __sys_sendmmsg+0x45b/0x680 [ 566.715850][T14199] ? ksys_write+0x1b1/0x220 [ 566.720325][T14199] ? ksys_write+0x1b1/0x220 [ 566.724842][T14199] ? check_preemption_disabled+0x40/0x240 [ 566.730543][T14199] ? check_preemption_disabled+0x40/0x240 [ 566.736245][T14199] __x64_sys_sendmmsg+0x9c/0xb0 [ 566.741079][T14199] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 566.747130][T14199] do_syscall_64+0x73/0xe0 [ 566.751532][T14199] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 566.757428][T14199] RIP: 0033:0x45cb19 [ 566.761320][T14199] Code: Bad RIP value. [ 566.765359][T14199] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 03:56:19 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:56:19 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 566.773999][T14199] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 566.781947][T14199] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 566.789896][T14199] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 566.797847][T14199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 566.805787][T14199] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:56:19 executing program 1 (fault-call:6 fault-nth:5): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:56:19 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 566.876112][T14213] binder: 14195:14213 ioctl 540e 200004c0 returned -22 [ 566.920543][T14218] FAULT_INJECTION: forcing a failure. [ 566.920543][T14218] name failslab, interval 1, probability 0, space 0, times 0 [ 566.951803][T14218] CPU: 1 PID: 14218 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 566.960499][T14218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 03:56:19 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x541b, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 566.970550][T14218] Call Trace: [ 566.973841][T14218] dump_stack+0x1f0/0x31e [ 566.978174][T14218] should_fail+0x38a/0x4e0 [ 566.982590][T14218] ? skb_clone+0x1b2/0x370 [ 566.987003][T14218] should_failslab+0x5/0x20 [ 566.991493][T14218] kmem_cache_alloc+0x53/0x2d0 [ 566.996265][T14218] skb_clone+0x1b2/0x370 [ 567.000595][T14218] netlink_deliver_tap+0x478/0x810 [ 567.005731][T14218] netlink_unicast+0x75c/0x940 [ 567.010499][T14218] netlink_sendmsg+0xa57/0xd70 [ 567.015358][T14218] ? netlink_getsockopt+0x9e0/0x9e0 [ 567.020565][T14218] ____sys_sendmsg+0x519/0x800 [ 567.025333][T14218] ? import_iovec+0x12a/0x2c0 [ 567.030006][T14218] __sys_sendmmsg+0x45b/0x680 [ 567.034712][T14218] ? ksys_write+0x1b1/0x220 [ 567.039198][T14218] ? ksys_write+0x1b1/0x220 [ 567.043682][T14218] ? check_preemption_disabled+0x40/0x240 [ 567.049378][T14218] ? check_preemption_disabled+0x40/0x240 [ 567.055099][T14218] __x64_sys_sendmmsg+0x9c/0xb0 [ 567.059934][T14218] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 567.065977][T14218] do_syscall_64+0x73/0xe0 [ 567.070374][T14218] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 567.076240][T14218] RIP: 0033:0x45cb19 [ 567.080108][T14218] Code: Bad RIP value. [ 567.084152][T14218] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 567.092549][T14218] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 567.100510][T14218] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 567.108456][T14218] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 567.116403][T14218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 567.124350][T14218] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 567.136285][T14232] binder: 14229:14232 ioctl 541b 200004c0 returned -22 03:56:19 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:19 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) [ 567.325599][T14232] binder: 14229:14232 ioctl 541b 200004c0 returned -22 03:56:21 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x2, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:56:21 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x5421, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:56:21 executing program 1 (fault-call:6 fault-nth:6): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:56:21 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:56:21 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 569.641266][T14278] FAULT_INJECTION: forcing a failure. [ 569.641266][T14278] name failslab, interval 1, probability 0, space 0, times 0 [ 569.664887][T14278] CPU: 0 PID: 14278 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 569.673584][T14278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 569.683639][T14278] Call Trace: [ 569.686935][T14278] dump_stack+0x1f0/0x31e [ 569.691265][T14278] should_fail+0x38a/0x4e0 [ 569.695682][T14278] should_failslab+0x5/0x20 [ 569.700177][T14278] kmem_cache_alloc_node+0x64/0x290 [ 569.705368][T14278] ? __alloc_skb+0x94/0x4f0 [ 569.709871][T14278] __alloc_skb+0x94/0x4f0 [ 569.714207][T14278] ? security_socket_getpeersec_dgram+0x9b/0xc0 [ 569.720448][T14278] netlink_sendmsg+0x7b2/0xd70 [ 569.725227][T14278] ? netlink_getsockopt+0x9e0/0x9e0 [ 569.730441][T14278] ____sys_sendmsg+0x519/0x800 [ 569.735208][T14278] ? import_iovec+0x12a/0x2c0 [ 569.739887][T14278] __sys_sendmmsg+0x45b/0x680 [ 569.744604][T14278] ? ksys_write+0x1b1/0x220 [ 569.749107][T14278] ? ksys_write+0x1b1/0x220 [ 569.753628][T14278] ? check_preemption_disabled+0x40/0x240 [ 569.759341][T14278] ? check_preemption_disabled+0x40/0x240 [ 569.765064][T14278] __x64_sys_sendmmsg+0x9c/0xb0 [ 569.769912][T14278] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 569.775974][T14278] do_syscall_64+0x73/0xe0 [ 569.780392][T14278] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 569.786277][T14278] RIP: 0033:0x45cb19 03:56:21 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) [ 569.790158][T14278] Code: Bad RIP value. [ 569.794213][T14278] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 569.802615][T14278] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 569.810581][T14278] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 569.818546][T14278] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 569.826511][T14278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 569.834478][T14278] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:56:22 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:56:22 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(0xffffffffffffffff, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:56:22 executing program 1 (fault-call:6 fault-nth:7): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:56:22 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x5424, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:56:22 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmmsg(r1, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 569.961096][T14302] FAULT_INJECTION: forcing a failure. [ 569.961096][T14302] name failslab, interval 1, probability 0, space 0, times 0 [ 569.977761][T14302] CPU: 1 PID: 14302 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 569.986462][T14302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 569.996516][T14302] Call Trace: [ 569.999804][T14302] dump_stack+0x1f0/0x31e [ 570.004144][T14302] should_fail+0x38a/0x4e0 [ 570.008564][T14302] should_failslab+0x5/0x20 [ 570.013063][T14302] kmem_cache_alloc_node_trace+0x69/0x2b0 [ 570.018778][T14302] ? __kmalloc_node_track_caller+0x37/0x60 [ 570.024590][T14302] __kmalloc_node_track_caller+0x37/0x60 [ 570.030231][T14302] ? netlink_sendmsg+0x7b2/0xd70 [ 570.035182][T14302] __alloc_skb+0xde/0x4f0 [ 570.039511][T14302] ? security_socket_getpeersec_dgram+0x9b/0xc0 [ 570.045752][T14302] netlink_sendmsg+0x7b2/0xd70 [ 570.050526][T14302] ? netlink_getsockopt+0x9e0/0x9e0 [ 570.055725][T14302] ____sys_sendmsg+0x519/0x800 [ 570.060491][T14302] ? import_iovec+0x12a/0x2c0 [ 570.065174][T14302] __sys_sendmmsg+0x45b/0x680 [ 570.066363][T14309] ptrace attach of "/root/syz-executor.0"[14308] was attempted by "/root/syz-executor.0"[14309] [ 570.069874][T14302] ? ksys_write+0x1b1/0x220 [ 570.069885][T14302] ? ksys_write+0x1b1/0x220 [ 570.069900][T14302] ? check_preemption_disabled+0x40/0x240 [ 570.069914][T14302] ? check_preemption_disabled+0x40/0x240 [ 570.101178][T14302] __x64_sys_sendmmsg+0x9c/0xb0 [ 570.106014][T14302] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 570.112064][T14302] do_syscall_64+0x73/0xe0 [ 570.116462][T14302] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 570.122341][T14302] RIP: 0033:0x45cb19 [ 570.126216][T14302] Code: Bad RIP value. [ 570.130258][T14302] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 570.138646][T14302] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 570.146600][T14302] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 03:56:22 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 570.154550][T14302] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 570.162500][T14302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 570.170450][T14302] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 570.182446][T14313] binder: 14305:14313 ioctl 5424 200004c0 returned -22 [ 570.300934][T14313] binder: 14305:14313 ioctl 5424 200004c0 returned -22 03:56:24 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x2, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:56:24 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(0xffffffffffffffff, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:56:24 executing program 1 (fault-call:6 fault-nth:8): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:56:24 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmmsg(r1, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:24 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x5450, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:56:24 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(0xffffffffffffffff, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) [ 572.682646][T14338] FAULT_INJECTION: forcing a failure. [ 572.682646][T14338] name failslab, interval 1, probability 0, space 0, times 0 [ 572.711928][T14338] CPU: 0 PID: 14338 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 572.720623][T14338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 572.730680][T14338] Call Trace: [ 572.733979][T14338] dump_stack+0x1f0/0x31e [ 572.738318][T14338] should_fail+0x38a/0x4e0 [ 572.742745][T14338] ? skb_clone+0x1b2/0x370 [ 572.747171][T14338] should_failslab+0x5/0x20 [ 572.751670][T14338] kmem_cache_alloc+0x53/0x2d0 [ 572.756436][T14338] skb_clone+0x1b2/0x370 [ 572.760683][T14338] netlink_deliver_tap+0x478/0x810 [ 572.765815][T14338] netlink_unicast+0x75c/0x940 [ 572.770595][T14338] netlink_sendmsg+0xa57/0xd70 [ 572.775378][T14338] ? netlink_getsockopt+0x9e0/0x9e0 [ 572.780578][T14338] ____sys_sendmsg+0x519/0x800 [ 572.785344][T14338] ? import_iovec+0x12a/0x2c0 [ 572.790026][T14338] __sys_sendmmsg+0x45b/0x680 [ 572.794742][T14338] ? ksys_write+0x1b1/0x220 [ 572.799247][T14338] ? ksys_write+0x1b1/0x220 [ 572.803745][T14338] ? check_preemption_disabled+0x40/0x240 [ 572.809488][T14338] ? check_preemption_disabled+0x40/0x240 [ 572.815217][T14338] __x64_sys_sendmmsg+0x9c/0xb0 [ 572.820064][T14338] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 572.826144][T14338] do_syscall_64+0x73/0xe0 [ 572.830754][T14338] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 572.836644][T14338] RIP: 0033:0x45cb19 [ 572.840528][T14338] Code: Bad RIP value. [ 572.844700][T14338] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 572.853107][T14338] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 572.861162][T14338] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 572.869124][T14338] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 572.877071][T14338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 572.885021][T14338] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:56:25 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x5451, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:56:25 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmmsg(r1, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:25 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:56:25 executing program 1 (fault-call:6 fault-nth:9): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:56:25 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) [ 573.127048][T14379] FAULT_INJECTION: forcing a failure. [ 573.127048][T14379] name failslab, interval 1, probability 0, space 0, times 0 [ 573.175951][T14379] CPU: 0 PID: 14379 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 573.186125][T14379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 573.196180][T14379] Call Trace: [ 573.199482][T14379] dump_stack+0x1f0/0x31e [ 573.203822][T14379] should_fail+0x38a/0x4e0 [ 573.208305][T14379] ? rtnl_newlink+0x77/0x1bf0 [ 573.212987][T14379] should_failslab+0x5/0x20 [ 573.217486][T14379] kmem_cache_alloc_trace+0x57/0x300 [ 573.222865][T14379] rtnl_newlink+0x77/0x1bf0 [ 573.227389][T14379] ? __lock_acquire+0x116c/0x2c30 [ 573.232441][T14379] ? lock_acquire+0x160/0x720 [ 573.237124][T14379] ? rtnetlink_rcv_msg+0x83c/0xd40 [ 573.242236][T14379] ? __sys_sendmmsg+0x45b/0x680 [ 573.247103][T14379] ? __mutex_lock_common+0x582/0x2fc0 [ 573.252490][T14379] ? rtnl_setlink+0x490/0x490 [ 573.257166][T14379] rtnetlink_rcv_msg+0x889/0xd40 [ 573.262124][T14379] ? local_bh_enable+0x5/0x20 [ 573.266804][T14379] ? __local_bh_enable_ip+0x133/0x230 [ 573.272175][T14379] ? __dev_queue_xmit+0x1846/0x2940 [ 573.277384][T14379] ? check_preemption_disabled+0x40/0x240 [ 573.283102][T14379] ? debug_smp_processor_id+0x5/0x20 [ 573.288392][T14379] netlink_rcv_skb+0x190/0x3a0 [ 573.293153][T14379] ? rtnetlink_bind+0x80/0x80 [ 573.297851][T14379] netlink_unicast+0x786/0x940 [ 573.302618][T14379] netlink_sendmsg+0xa57/0xd70 [ 573.307384][T14379] ? netlink_getsockopt+0x9e0/0x9e0 [ 573.312578][T14379] ____sys_sendmsg+0x519/0x800 [ 573.317343][T14379] ? import_iovec+0x12a/0x2c0 [ 573.322020][T14379] __sys_sendmmsg+0x45b/0x680 [ 573.326734][T14379] ? ksys_write+0x1b1/0x220 [ 573.331237][T14379] ? ksys_write+0x1b1/0x220 [ 573.335746][T14379] ? check_preemption_disabled+0x40/0x240 [ 573.341460][T14379] ? check_preemption_disabled+0x40/0x240 [ 573.347191][T14379] __x64_sys_sendmmsg+0x9c/0xb0 [ 573.352044][T14379] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 573.358106][T14379] do_syscall_64+0x73/0xe0 [ 573.362523][T14379] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 573.368408][T14379] RIP: 0033:0x45cb19 [ 573.372288][T14379] Code: Bad RIP value. 03:56:25 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 573.376350][T14379] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 573.384742][T14379] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 573.392730][T14379] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 573.400676][T14379] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 573.408626][T14379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 573.416576][T14379] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:56:27 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x2, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:56:27 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x5452, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:56:27 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:27 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:56:27 executing program 1 (fault-call:6 fault-nth:10): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 575.731914][T14408] FAULT_INJECTION: forcing a failure. [ 575.731914][T14408] name failslab, interval 1, probability 0, space 0, times 0 [ 575.754580][T14408] CPU: 1 PID: 14408 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 575.763278][T14408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 575.773328][T14408] Call Trace: [ 575.776622][T14408] dump_stack+0x1f0/0x31e [ 575.780973][T14408] should_fail+0x38a/0x4e0 [ 575.785410][T14408] should_failslab+0x5/0x20 [ 575.789900][T14408] kmem_cache_alloc_node_trace+0x69/0x2b0 [ 575.795596][T14408] ? __kmalloc_node+0x37/0x60 [ 575.800263][T14408] __kmalloc_node+0x37/0x60 [ 575.804841][T14408] kvmalloc_node+0x81/0x110 [ 575.809331][T14408] alloc_netdev_mqs+0x86/0xf90 [ 575.814133][T14408] ? br_netpoll_disable+0x80/0x80 [ 575.819139][T14408] ? cap_capable+0x23f/0x280 [ 575.823710][T14408] ? cap_capable+0x23f/0x280 [ 575.828278][T14408] ? safesetid_security_capable+0x81/0xf0 [ 575.833977][T14408] ? safesetid_security_capable+0x81/0xf0 [ 575.839677][T14408] rtnl_create_link+0x242/0x9c0 [ 575.844515][T14408] rtnl_newlink+0x12a2/0x1bf0 [ 575.849175][T14408] ? rtnl_newlink+0x891/0x1bf0 [ 575.853935][T14408] ? __lock_acquire+0x116c/0x2c30 [ 575.859073][T14408] ? __mutex_lock_common+0x582/0x2fc0 [ 575.864461][T14408] ? rtnl_setlink+0x490/0x490 [ 575.869117][T14408] rtnetlink_rcv_msg+0x889/0xd40 [ 575.874093][T14408] ? local_bh_enable+0x5/0x20 [ 575.878745][T14408] ? __local_bh_enable_ip+0x133/0x230 [ 575.884095][T14408] ? __dev_queue_xmit+0x1846/0x2940 [ 575.889278][T14408] ? check_preemption_disabled+0x40/0x240 [ 575.894977][T14408] ? debug_smp_processor_id+0x5/0x20 [ 575.900245][T14408] netlink_rcv_skb+0x190/0x3a0 [ 575.904989][T14408] ? rtnetlink_bind+0x80/0x80 [ 575.909666][T14408] netlink_unicast+0x786/0x940 [ 575.914422][T14408] netlink_sendmsg+0xa57/0xd70 [ 575.919178][T14408] ? netlink_getsockopt+0x9e0/0x9e0 [ 575.924356][T14408] ____sys_sendmsg+0x519/0x800 [ 575.929102][T14408] ? import_iovec+0x12a/0x2c0 [ 575.933762][T14408] __sys_sendmmsg+0x45b/0x680 [ 575.938461][T14408] ? ksys_write+0x1b1/0x220 [ 575.942943][T14408] ? ksys_write+0x1b1/0x220 [ 575.947427][T14408] ? check_preemption_disabled+0x40/0x240 [ 575.953137][T14408] ? check_preemption_disabled+0x40/0x240 [ 575.959796][T14408] __x64_sys_sendmmsg+0x9c/0xb0 [ 575.964626][T14408] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 575.970669][T14408] do_syscall_64+0x73/0xe0 [ 575.975063][T14408] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 575.980932][T14408] RIP: 0033:0x45cb19 [ 575.984798][T14408] Code: Bad RIP value. [ 575.988837][T14408] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 575.997317][T14408] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 576.005265][T14408] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 576.013385][T14408] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 576.021341][T14408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 576.029289][T14408] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:56:28 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:28 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x5460, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:56:28 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:56:28 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:28 executing program 1 (fault-call:6 fault-nth:11): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:56:28 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) [ 576.324569][T14445] FAULT_INJECTION: forcing a failure. [ 576.324569][T14445] name failslab, interval 1, probability 0, space 0, times 0 [ 576.385897][T14445] CPU: 1 PID: 14445 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 576.394583][T14445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 576.404632][T14445] Call Trace: [ 576.408010][T14445] dump_stack+0x1f0/0x31e [ 576.412346][T14445] should_fail+0x38a/0x4e0 [ 576.416763][T14445] ? dev_addr_init+0x107/0x410 [ 576.421525][T14445] should_failslab+0x5/0x20 [ 576.426027][T14445] kmem_cache_alloc_trace+0x57/0x300 [ 576.431316][T14445] dev_addr_init+0x107/0x410 [ 576.435919][T14445] alloc_netdev_mqs+0x128/0xf90 [ 576.440768][T14445] ? br_netpoll_disable+0x80/0x80 [ 576.445800][T14445] ? cap_capable+0x23f/0x280 [ 576.450386][T14445] ? cap_capable+0x23f/0x280 [ 576.454973][T14445] ? safesetid_security_capable+0x81/0xf0 [ 576.460776][T14445] ? safesetid_security_capable+0x81/0xf0 [ 576.466496][T14445] rtnl_create_link+0x242/0x9c0 [ 576.471347][T14445] rtnl_newlink+0x12a2/0x1bf0 [ 576.476022][T14445] ? rtnl_newlink+0x891/0x1bf0 [ 576.480800][T14445] ? __lock_acquire+0x116c/0x2c30 [ 576.485870][T14445] ? __mutex_lock_common+0x582/0x2fc0 [ 576.491254][T14445] ? rtnl_setlink+0x490/0x490 [ 576.495923][T14445] rtnetlink_rcv_msg+0x889/0xd40 [ 576.500870][T14445] ? local_bh_enable+0x5/0x20 [ 576.505547][T14445] ? __local_bh_enable_ip+0x133/0x230 [ 576.510916][T14445] ? __dev_queue_xmit+0x1846/0x2940 [ 576.516134][T14445] ? check_preemption_disabled+0x40/0x240 [ 576.521841][T14445] ? debug_smp_processor_id+0x5/0x20 [ 576.527105][T14445] netlink_rcv_skb+0x190/0x3a0 [ 576.531846][T14445] ? rtnetlink_bind+0x80/0x80 [ 576.536511][T14445] netlink_unicast+0x786/0x940 [ 576.541253][T14445] netlink_sendmsg+0xa57/0xd70 [ 576.545993][T14445] ? netlink_getsockopt+0x9e0/0x9e0 [ 576.551164][T14445] ____sys_sendmsg+0x519/0x800 [ 576.555901][T14445] ? import_iovec+0x12a/0x2c0 [ 576.560554][T14445] __sys_sendmmsg+0x45b/0x680 [ 576.565216][T14445] ? ksys_write+0x1b1/0x220 [ 576.569684][T14445] ? ksys_write+0x1b1/0x220 [ 576.574157][T14445] ? check_preemption_disabled+0x40/0x240 [ 576.579844][T14445] ? check_preemption_disabled+0x40/0x240 [ 576.585534][T14445] __x64_sys_sendmmsg+0x9c/0xb0 [ 576.590357][T14445] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 576.596398][T14445] do_syscall_64+0x73/0xe0 [ 576.600802][T14445] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 576.606662][T14445] RIP: 0033:0x45cb19 [ 576.610581][T14445] Code: Bad RIP value. [ 576.614624][T14445] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 576.623017][T14445] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 03:56:28 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 576.630960][T14445] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 576.638904][T14445] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 576.647020][T14445] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 576.654963][T14445] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:56:30 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(0x0, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:56:30 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x5501, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:56:30 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:56:30 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:56:30 executing program 5: sendmsg$key(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:30 executing program 1 (fault-call:6 fault-nth:12): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:56:30 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:56:31 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 578.809038][T14472] FAULT_INJECTION: forcing a failure. [ 578.809038][T14472] name failslab, interval 1, probability 0, space 0, times 0 [ 578.842968][T14477] binder: 14470:14477 ioctl 5501 200004c0 returned -22 [ 578.861879][T14472] CPU: 0 PID: 14472 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 578.870570][T14472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 578.880615][T14472] Call Trace: [ 578.883901][T14472] dump_stack+0x1f0/0x31e [ 578.888232][T14472] should_fail+0x38a/0x4e0 [ 578.892642][T14472] should_failslab+0x5/0x20 [ 578.897138][T14472] kmem_cache_alloc_node_trace+0x69/0x2b0 [ 578.902854][T14472] ? __kmalloc_node+0x37/0x60 [ 578.907539][T14472] __kmalloc_node+0x37/0x60 [ 578.912036][T14472] kvmalloc_node+0x81/0x110 [ 578.916538][T14472] alloc_netdev_mqs+0x607/0xf90 [ 578.921464][T14472] ? br_netpoll_disable+0x80/0x80 [ 578.926493][T14472] ? safesetid_security_capable+0x81/0xf0 [ 578.932196][T14472] ? safesetid_security_capable+0x81/0xf0 [ 578.937904][T14472] rtnl_create_link+0x242/0x9c0 [ 578.942752][T14472] rtnl_newlink+0x12a2/0x1bf0 [ 578.947417][T14472] ? rtnl_newlink+0x891/0x1bf0 [ 578.952184][T14472] ? __lock_acquire+0x116c/0x2c30 [ 578.957248][T14472] ? __mutex_lock_common+0x582/0x2fc0 [ 578.962620][T14472] ? rtnl_setlink+0x490/0x490 [ 578.967286][T14472] rtnetlink_rcv_msg+0x889/0xd40 [ 578.972235][T14472] ? local_bh_enable+0x5/0x20 [ 578.976896][T14472] ? __local_bh_enable_ip+0x133/0x230 [ 578.982251][T14472] ? __dev_queue_xmit+0x1846/0x2940 [ 578.987442][T14472] ? check_preemption_disabled+0x40/0x240 [ 578.993149][T14472] ? debug_smp_processor_id+0x5/0x20 [ 578.998434][T14472] netlink_rcv_skb+0x190/0x3a0 [ 579.003181][T14472] ? rtnetlink_bind+0x80/0x80 [ 579.007850][T14472] netlink_unicast+0x786/0x940 [ 579.012614][T14472] netlink_sendmsg+0xa57/0xd70 [ 579.017383][T14472] ? netlink_getsockopt+0x9e0/0x9e0 [ 579.022567][T14472] ____sys_sendmsg+0x519/0x800 [ 579.027347][T14472] ? import_iovec+0x12a/0x2c0 [ 579.032011][T14472] __sys_sendmmsg+0x45b/0x680 [ 579.036715][T14472] ? ksys_write+0x1b1/0x220 [ 579.041202][T14472] ? ksys_write+0x1b1/0x220 [ 579.045683][T14472] ? check_preemption_disabled+0x40/0x240 [ 579.051376][T14472] ? check_preemption_disabled+0x40/0x240 [ 579.057085][T14472] __x64_sys_sendmmsg+0x9c/0xb0 [ 579.061926][T14472] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 579.067974][T14472] do_syscall_64+0x73/0xe0 [ 579.072376][T14472] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 579.078248][T14472] RIP: 0033:0x45cb19 [ 579.082124][T14472] Code: Bad RIP value. [ 579.086165][T14472] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 579.094567][T14472] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 579.102514][T14472] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 03:56:31 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 579.110467][T14472] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 579.118433][T14472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 579.126392][T14472] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:56:31 executing program 5: sendmsg$key(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:31 executing program 1 (fault-call:6 fault-nth:13): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:56:31 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) [ 579.162459][T14488] binder: 14470:14488 ioctl 5501 200004c0 returned -22 [ 579.267981][T14498] FAULT_INJECTION: forcing a failure. [ 579.267981][T14498] name failslab, interval 1, probability 0, space 0, times 0 [ 579.289493][T14498] CPU: 0 PID: 14498 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 579.298180][T14498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 579.308234][T14498] Call Trace: [ 579.311531][T14498] dump_stack+0x1f0/0x31e [ 579.315867][T14498] should_fail+0x38a/0x4e0 [ 579.320306][T14498] should_failslab+0x5/0x20 [ 579.324809][T14498] kmem_cache_alloc_node_trace+0x69/0x2b0 [ 579.330529][T14498] ? __kmalloc_node+0x37/0x60 [ 579.335217][T14498] __kmalloc_node+0x37/0x60 [ 579.339727][T14498] kvmalloc_node+0x81/0x110 [ 579.344229][T14498] alloc_netdev_mqs+0xb43/0xf90 [ 579.349090][T14498] ? safesetid_security_capable+0x81/0xf0 [ 579.354815][T14498] rtnl_create_link+0x242/0x9c0 [ 579.359674][T14498] rtnl_newlink+0x12a2/0x1bf0 [ 579.364354][T14498] ? rtnl_newlink+0x891/0x1bf0 [ 579.369130][T14498] ? __lock_acquire+0x116c/0x2c30 [ 579.374196][T14498] ? __mutex_lock_common+0x582/0x2fc0 [ 579.379585][T14498] ? rtnl_setlink+0x490/0x490 [ 579.384265][T14498] rtnetlink_rcv_msg+0x889/0xd40 [ 579.389219][T14498] ? local_bh_enable+0x5/0x20 [ 579.393886][T14498] ? __local_bh_enable_ip+0x133/0x230 [ 579.399236][T14498] ? __dev_queue_xmit+0x1846/0x2940 [ 579.404543][T14498] ? check_preemption_disabled+0x40/0x240 [ 579.410246][T14498] ? debug_smp_processor_id+0x5/0x20 [ 579.415515][T14498] netlink_rcv_skb+0x190/0x3a0 [ 579.420265][T14498] ? rtnetlink_bind+0x80/0x80 [ 579.424935][T14498] netlink_unicast+0x786/0x940 [ 579.429697][T14498] netlink_sendmsg+0xa57/0xd70 [ 579.434490][T14498] ? netlink_getsockopt+0x9e0/0x9e0 [ 579.439699][T14498] ____sys_sendmsg+0x519/0x800 [ 579.444481][T14498] ? import_iovec+0x12a/0x2c0 [ 579.449148][T14498] __sys_sendmmsg+0x45b/0x680 [ 579.453972][T14498] ? ksys_write+0x1b1/0x220 [ 579.458450][T14498] ? ksys_write+0x1b1/0x220 [ 579.462929][T14498] ? check_preemption_disabled+0x40/0x240 [ 579.468621][T14498] ? check_preemption_disabled+0x40/0x240 [ 579.474317][T14498] __x64_sys_sendmmsg+0x9c/0xb0 [ 579.479156][T14498] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 579.485282][T14498] do_syscall_64+0x73/0xe0 [ 579.489671][T14498] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 579.495532][T14498] RIP: 0033:0x45cb19 [ 579.499392][T14498] Code: Bad RIP value. [ 579.503429][T14498] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 579.511809][T14498] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 579.519761][T14498] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 579.527705][T14498] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 579.535651][T14498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 579.543614][T14498] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:56:33 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(0x0, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:56:34 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x5509, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:56:34 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:56:34 executing program 5: sendmsg$key(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:34 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:56:34 executing program 1 (fault-call:6 fault-nth:14): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:56:34 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 581.860911][T14517] binder: 14510:14517 ioctl 5509 200004c0 returned -22 [ 581.861618][T14515] FAULT_INJECTION: forcing a failure. [ 581.861618][T14515] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 581.915515][T14515] CPU: 1 PID: 14515 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 581.924204][T14515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 581.934239][T14515] Call Trace: [ 581.937526][T14515] dump_stack+0x1f0/0x31e [ 581.941852][T14515] should_fail+0x38a/0x4e0 [ 581.946955][T14515] prepare_alloc_pages+0x28c/0x4a0 [ 581.952056][T14515] __alloc_pages_nodemask+0xbc/0x5e0 [ 581.957321][T14515] get_zeroed_page+0x13/0x40 [ 581.961885][T14515] dev_alloc_name_ns+0x411/0x780 [ 581.966804][T14515] ? lockdep_init_map_waits+0x2c/0x9a0 [ 581.972265][T14515] register_netdevice+0x552/0x1b80 [ 581.977372][T14515] ? safesetid_security_capable+0x81/0xf0 [ 581.983121][T14515] br_dev_newlink+0x24/0x110 [ 581.987696][T14515] ? br_validate+0x2a0/0x2a0 [ 581.992266][T14515] rtnl_newlink+0x143e/0x1bf0 [ 581.996946][T14515] ? __lock_acquire+0x116c/0x2c30 [ 582.001998][T14515] ? __mutex_lock_common+0x582/0x2fc0 [ 582.007351][T14515] ? trace_event_raw_event_lock_acquire+0x1f0/0x1f0 [ 582.013923][T14515] ? rtnl_setlink+0x490/0x490 [ 582.018588][T14515] rtnetlink_rcv_msg+0x889/0xd40 [ 582.023532][T14515] ? local_bh_enable+0x5/0x20 [ 582.028208][T14515] ? __local_bh_enable_ip+0x133/0x230 [ 582.033563][T14515] ? __dev_queue_xmit+0x1846/0x2940 [ 582.038749][T14515] ? check_preemption_disabled+0x40/0x240 [ 582.044464][T14515] ? debug_smp_processor_id+0x5/0x20 [ 582.049730][T14515] netlink_rcv_skb+0x190/0x3a0 [ 582.054468][T14515] ? rtnetlink_bind+0x80/0x80 [ 582.059138][T14515] netlink_unicast+0x786/0x940 [ 582.063915][T14515] netlink_sendmsg+0xa57/0xd70 [ 582.068679][T14515] ? netlink_getsockopt+0x9e0/0x9e0 [ 582.073851][T14515] ____sys_sendmsg+0x519/0x800 [ 582.078598][T14515] ? import_iovec+0x12a/0x2c0 [ 582.083253][T14515] __sys_sendmmsg+0x45b/0x680 [ 582.087921][T14515] ? ksys_write+0x1b1/0x220 [ 582.092395][T14515] ? ksys_write+0x1b1/0x220 [ 582.096885][T14515] ? check_preemption_disabled+0x40/0x240 [ 582.102576][T14515] ? check_preemption_disabled+0x40/0x240 [ 582.108271][T14515] __x64_sys_sendmmsg+0x9c/0xb0 [ 582.113103][T14515] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 582.119151][T14515] do_syscall_64+0x73/0xe0 [ 582.123543][T14515] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 582.129473][T14515] RIP: 0033:0x45cb19 [ 582.133334][T14515] Code: Bad RIP value. [ 582.137373][T14515] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 582.145766][T14515] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 582.153712][T14515] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 582.161655][T14515] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 582.169601][T14515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 582.177561][T14515] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:56:34 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:56:34 executing program 1 (fault-call:6 fault-nth:15): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 582.210587][T14531] binder: 14510:14531 ioctl 5509 200004c0 returned -22 03:56:34 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:34 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x6364, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 582.295757][T14536] FAULT_INJECTION: forcing a failure. [ 582.295757][T14536] name failslab, interval 1, probability 0, space 0, times 0 [ 582.311715][T14536] CPU: 1 PID: 14536 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 582.320402][T14536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 582.330459][T14536] Call Trace: [ 582.333770][T14536] dump_stack+0x1f0/0x31e [ 582.338115][T14536] should_fail+0x38a/0x4e0 [ 582.342544][T14536] ? register_netdevice+0x6d3/0x1b80 [ 582.347825][T14536] should_failslab+0x5/0x20 [ 582.352313][T14536] kmem_cache_alloc_trace+0x57/0x300 [ 582.357673][T14536] ? lockdep_init_map_waits+0x2c/0x9a0 [ 582.363117][T14536] register_netdevice+0x6d3/0x1b80 [ 582.368212][T14536] ? safesetid_security_capable+0x81/0xf0 [ 582.373919][T14536] br_dev_newlink+0x24/0x110 [ 582.378488][T14536] ? br_validate+0x2a0/0x2a0 [ 582.383180][T14536] rtnl_newlink+0x143e/0x1bf0 [ 582.387857][T14536] ? __lock_acquire+0x116c/0x2c30 [ 582.392939][T14536] ? __mutex_lock_common+0x582/0x2fc0 [ 582.398310][T14536] ? rtnl_setlink+0x490/0x490 [ 582.402964][T14536] rtnetlink_rcv_msg+0x889/0xd40 [ 582.407900][T14536] ? local_bh_enable+0x5/0x20 [ 582.412556][T14536] ? __local_bh_enable_ip+0x133/0x230 [ 582.417909][T14536] ? __dev_queue_xmit+0x1846/0x2940 [ 582.423100][T14536] ? check_preemption_disabled+0x40/0x240 [ 582.428796][T14536] ? debug_smp_processor_id+0x5/0x20 [ 582.434069][T14536] netlink_rcv_skb+0x190/0x3a0 [ 582.438810][T14536] ? rtnetlink_bind+0x80/0x80 [ 582.443480][T14536] netlink_unicast+0x786/0x940 [ 582.448248][T14536] netlink_sendmsg+0xa57/0xd70 [ 582.453004][T14536] ? netlink_getsockopt+0x9e0/0x9e0 [ 582.458188][T14536] ____sys_sendmsg+0x519/0x800 [ 582.462935][T14536] ? import_iovec+0x12a/0x2c0 [ 582.467597][T14536] __sys_sendmmsg+0x45b/0x680 [ 582.472298][T14536] ? ksys_write+0x1b1/0x220 [ 582.476788][T14536] ? ksys_write+0x1b1/0x220 [ 582.481323][T14536] ? check_preemption_disabled+0x40/0x240 [ 582.487138][T14536] ? check_preemption_disabled+0x40/0x240 [ 582.492855][T14536] __x64_sys_sendmmsg+0x9c/0xb0 [ 582.497688][T14536] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 582.503732][T14536] do_syscall_64+0x73/0xe0 [ 582.508144][T14536] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 582.514045][T14536] RIP: 0033:0x45cb19 [ 582.517919][T14536] Code: Bad RIP value. [ 582.521963][T14536] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 582.530350][T14536] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 582.538299][T14536] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 582.546247][T14536] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 582.554196][T14536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 582.562147][T14536] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:56:34 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:56:37 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(0x0, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:56:37 executing program 1 (fault-call:6 fault-nth:16): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:56:37 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:37 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x8912, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:56:37 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:56:37 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 584.898516][T14560] binder: 14556:14560 ioctl 8912 200004c0 returned -22 03:56:37 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 584.942514][T14563] FAULT_INJECTION: forcing a failure. [ 584.942514][T14563] name failslab, interval 1, probability 0, space 0, times 0 [ 584.970971][T14566] binder: 14556:14566 ioctl 8912 200004c0 returned -22 [ 585.019844][T14563] CPU: 0 PID: 14563 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 585.028543][T14563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 585.038594][T14563] Call Trace: [ 585.041871][T14563] dump_stack+0x1f0/0x31e [ 585.046189][T14563] should_fail+0x38a/0x4e0 [ 585.050599][T14563] should_failslab+0x5/0x20 [ 585.055083][T14563] kmem_cache_alloc_node_trace+0x69/0x2b0 [ 585.060781][T14563] ? __kmalloc_node+0x37/0x60 [ 585.065444][T14563] __kmalloc_node+0x37/0x60 [ 585.069949][T14563] kvmalloc_node+0x81/0x110 [ 585.074440][T14563] rhashtable_init+0x4df/0xb00 [ 585.079189][T14563] ? find_next_bit+0xc6/0x110 [ 585.083858][T14563] br_dev_init+0xdb/0x2c0 [ 585.088292][T14563] register_netdevice+0x7e9/0x1b80 [ 585.093403][T14563] ? safesetid_security_capable+0x81/0xf0 [ 585.099103][T14563] br_dev_newlink+0x24/0x110 [ 585.103663][T14563] ? br_validate+0x2a0/0x2a0 [ 585.108283][T14563] rtnl_newlink+0x143e/0x1bf0 [ 585.113007][T14563] ? __lock_acquire+0x116c/0x2c30 [ 585.118033][T14563] ? __mutex_lock_common+0x582/0x2fc0 [ 585.123382][T14563] ? trace_event_raw_event_lock_acquire+0x1f0/0x1f0 [ 585.129956][T14563] ? rtnl_setlink+0x490/0x490 [ 585.134606][T14563] rtnetlink_rcv_msg+0x889/0xd40 [ 585.139636][T14563] ? local_bh_enable+0x5/0x20 [ 585.144292][T14563] ? __local_bh_enable_ip+0x133/0x230 [ 585.149665][T14563] ? __dev_queue_xmit+0x1846/0x2940 [ 585.154859][T14563] ? check_preemption_disabled+0x40/0x240 [ 585.160554][T14563] ? debug_smp_processor_id+0x5/0x20 [ 585.165832][T14563] netlink_rcv_skb+0x190/0x3a0 [ 585.170580][T14563] ? rtnetlink_bind+0x80/0x80 [ 585.175255][T14563] netlink_unicast+0x786/0x940 [ 585.180016][T14563] netlink_sendmsg+0xa57/0xd70 [ 585.184762][T14563] ? netlink_getsockopt+0x9e0/0x9e0 [ 585.189938][T14563] ____sys_sendmsg+0x519/0x800 [ 585.194688][T14563] ? import_iovec+0x12a/0x2c0 [ 585.199344][T14563] __sys_sendmmsg+0x45b/0x680 [ 585.204053][T14563] ? ksys_write+0x1b1/0x220 [ 585.208548][T14563] ? ksys_write+0x1b1/0x220 [ 585.213049][T14563] ? check_preemption_disabled+0x40/0x240 [ 585.218756][T14563] ? check_preemption_disabled+0x40/0x240 [ 585.224455][T14563] __x64_sys_sendmmsg+0x9c/0xb0 [ 585.229295][T14563] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 585.235348][T14563] do_syscall_64+0x73/0xe0 [ 585.239743][T14563] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 585.245609][T14563] RIP: 0033:0x45cb19 [ 585.249471][T14563] Code: Bad RIP value. [ 585.253530][T14563] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 585.261914][T14563] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 585.269859][T14563] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 585.277813][T14563] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 585.285782][T14563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 585.293743][T14563] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:56:37 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x8914, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:56:37 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) [ 585.391181][T14582] binder: 14581:14582 ioctl 8914 200004c0 returned -22 03:56:37 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmmsg(r1, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:37 executing program 1 (fault-call:6 fault-nth:17): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 585.450224][T14589] binder: 14581:14589 ioctl 8914 200004c0 returned -22 03:56:37 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x8933, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 585.574211][T14602] FAULT_INJECTION: forcing a failure. [ 585.574211][T14602] name failslab, interval 1, probability 0, space 0, times 0 [ 585.599933][T14602] CPU: 0 PID: 14602 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 585.608621][T14602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 585.618672][T14602] Call Trace: [ 585.621984][T14602] dump_stack+0x1f0/0x31e [ 585.626340][T14602] should_fail+0x38a/0x4e0 [ 585.630775][T14602] should_failslab+0x5/0x20 [ 585.635280][T14602] kmem_cache_alloc_node_trace+0x69/0x2b0 [ 585.641001][T14602] ? __kmalloc_node+0x37/0x60 [ 585.645680][T14602] __kmalloc_node+0x37/0x60 [ 585.650185][T14602] kvmalloc_node+0x81/0x110 [ 585.654699][T14602] rhashtable_init+0x4df/0xb00 [ 585.659461][T14602] ? find_next_bit+0xc6/0x110 [ 585.664137][T14602] br_dev_init+0x150/0x2c0 [ 585.668562][T14602] register_netdevice+0x7e9/0x1b80 [ 585.673669][T14602] ? safesetid_security_capable+0x81/0xf0 [ 585.679394][T14602] br_dev_newlink+0x24/0x110 [ 585.683997][T14602] ? br_validate+0x2a0/0x2a0 [ 585.688593][T14602] rtnl_newlink+0x143e/0x1bf0 [ 585.693283][T14602] ? __lock_acquire+0x116c/0x2c30 [ 585.698354][T14602] ? __mutex_lock_common+0x582/0x2fc0 [ 585.703760][T14602] ? rtnl_setlink+0x490/0x490 [ 585.708435][T14602] rtnetlink_rcv_msg+0x889/0xd40 [ 585.713390][T14602] ? local_bh_enable+0x5/0x20 [ 585.718063][T14602] ? __local_bh_enable_ip+0x133/0x230 [ 585.723450][T14602] ? __dev_queue_xmit+0x1846/0x2940 [ 585.728660][T14602] ? check_preemption_disabled+0x40/0x240 [ 585.734374][T14602] ? debug_smp_processor_id+0x5/0x20 [ 585.739705][T14602] netlink_rcv_skb+0x190/0x3a0 [ 585.744463][T14602] ? rtnetlink_bind+0x80/0x80 [ 585.749151][T14602] netlink_unicast+0x786/0x940 [ 585.753933][T14602] netlink_sendmsg+0xa57/0xd70 [ 585.758802][T14602] ? netlink_getsockopt+0x9e0/0x9e0 [ 585.764022][T14602] ____sys_sendmsg+0x519/0x800 [ 585.768783][T14602] ? import_iovec+0x12a/0x2c0 [ 585.773472][T14602] __sys_sendmmsg+0x45b/0x680 [ 585.778189][T14602] ? ksys_write+0x1b1/0x220 [ 585.782690][T14602] ? ksys_write+0x1b1/0x220 [ 585.787324][T14602] ? check_preemption_disabled+0x40/0x240 [ 585.793036][T14602] ? check_preemption_disabled+0x40/0x240 [ 585.798796][T14602] __x64_sys_sendmmsg+0x9c/0xb0 [ 585.803639][T14602] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 585.809689][T14602] do_syscall_64+0x73/0xe0 [ 585.814105][T14602] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 585.816602][T14605] binder: 14604:14605 ioctl 8933 200004c0 returned -22 [ 585.819992][T14602] RIP: 0033:0x45cb19 [ 585.830710][T14602] Code: Bad RIP value. [ 585.834763][T14602] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 585.843172][T14602] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 585.851145][T14602] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 585.859153][T14602] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 585.867125][T14602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 585.875098][T14602] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 585.947544][T14621] binder: 14604:14621 ioctl 8933 200004c0 returned -22 03:56:40 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:56:40 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:56:40 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmmsg(r1, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:40 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x8937, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:56:40 executing program 1 (fault-call:6 fault-nth:18): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:56:40 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 587.942048][T14642] FAULT_INJECTION: forcing a failure. [ 587.942048][T14642] name failslab, interval 1, probability 0, space 0, times 0 [ 587.956427][T14645] binder: 14638:14645 ioctl 8937 200004c0 returned -22 [ 587.978264][T14642] CPU: 0 PID: 14642 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 587.986949][T14642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 587.997083][T14642] Call Trace: [ 588.000375][T14642] dump_stack+0x1f0/0x31e [ 588.004726][T14642] should_fail+0x38a/0x4e0 [ 588.009207][T14642] ? br_vlan_init+0x4e/0x1b0 [ 588.013812][T14642] should_failslab+0x5/0x20 [ 588.018315][T14642] kmem_cache_alloc_trace+0x57/0x300 [ 588.023597][T14642] ? rhashtable_init+0x831/0xb00 [ 588.028538][T14642] br_vlan_init+0x4e/0x1b0 [ 588.032961][T14642] br_dev_init+0x188/0x2c0 [ 588.037383][T14642] register_netdevice+0x7e9/0x1b80 [ 588.042499][T14642] ? safesetid_security_capable+0x81/0xf0 [ 588.048223][T14642] br_dev_newlink+0x24/0x110 [ 588.052811][T14642] ? br_validate+0x2a0/0x2a0 [ 588.057409][T14642] rtnl_newlink+0x143e/0x1bf0 [ 588.062103][T14642] ? __lock_acquire+0x116c/0x2c30 [ 588.067160][T14642] ? __mutex_lock_common+0x582/0x2fc0 [ 588.072527][T14642] ? trace_event_raw_event_lock_acquire+0x1f0/0x1f0 [ 588.079113][T14642] ? rtnl_setlink+0x490/0x490 [ 588.083763][T14642] rtnetlink_rcv_msg+0x889/0xd40 [ 588.088704][T14642] ? local_bh_enable+0x5/0x20 [ 588.093352][T14642] ? __local_bh_enable_ip+0x133/0x230 [ 588.098702][T14642] ? __dev_queue_xmit+0x1846/0x2940 [ 588.103877][T14642] ? check_preemption_disabled+0x40/0x240 [ 588.109565][T14642] ? debug_smp_processor_id+0x5/0x20 [ 588.114837][T14642] netlink_rcv_skb+0x190/0x3a0 [ 588.119585][T14642] ? rtnetlink_bind+0x80/0x80 [ 588.124253][T14642] netlink_unicast+0x786/0x940 [ 588.129005][T14642] netlink_sendmsg+0xa57/0xd70 [ 588.133753][T14642] ? netlink_getsockopt+0x9e0/0x9e0 [ 588.138925][T14642] ____sys_sendmsg+0x519/0x800 [ 588.143679][T14642] ? import_iovec+0x12a/0x2c0 [ 588.148341][T14642] __sys_sendmmsg+0x45b/0x680 [ 588.153080][T14642] ? ksys_write+0x1b1/0x220 [ 588.157559][T14642] ? ksys_write+0x1b1/0x220 [ 588.162035][T14642] ? check_preemption_disabled+0x40/0x240 [ 588.167744][T14642] ? check_preemption_disabled+0x40/0x240 [ 588.173545][T14642] __x64_sys_sendmmsg+0x9c/0xb0 [ 588.178378][T14642] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 588.184421][T14642] do_syscall_64+0x73/0xe0 [ 588.188826][T14642] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 588.194708][T14642] RIP: 0033:0x45cb19 [ 588.198570][T14642] Code: Bad RIP value. [ 588.202607][T14642] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 588.210992][T14642] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 588.218945][T14642] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 588.226889][T14642] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 588.234839][T14642] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 03:56:40 executing program 1 (fault-call:6 fault-nth:19): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:56:40 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) [ 588.242783][T14642] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 588.273061][T14660] binder: 14638:14660 ioctl 8937 200004c0 returned -22 03:56:40 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmmsg(r1, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 588.365502][T14665] FAULT_INJECTION: forcing a failure. [ 588.365502][T14665] name failslab, interval 1, probability 0, space 0, times 0 [ 588.403468][T14665] CPU: 1 PID: 14665 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 588.412164][T14665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 588.422215][T14665] Call Trace: [ 588.425507][T14665] dump_stack+0x1f0/0x31e [ 588.429840][T14665] should_fail+0x38a/0x4e0 [ 588.434261][T14665] should_failslab+0x5/0x20 [ 588.438760][T14665] kmem_cache_alloc_node_trace+0x69/0x2b0 [ 588.444477][T14665] ? __kmalloc_node+0x37/0x60 [ 588.449163][T14665] __kmalloc_node+0x37/0x60 [ 588.453654][T14665] kvmalloc_node+0x81/0x110 [ 588.458147][T14665] rhashtable_init+0x4df/0xb00 [ 588.462901][T14665] br_vlan_init+0x74/0x1b0 [ 588.467300][T14665] br_dev_init+0x188/0x2c0 [ 588.471713][T14665] register_netdevice+0x7e9/0x1b80 [ 588.476808][T14665] ? safesetid_security_capable+0x81/0xf0 [ 588.482642][T14665] br_dev_newlink+0x24/0x110 [ 588.487221][T14665] ? br_validate+0x2a0/0x2a0 [ 588.491792][T14665] rtnl_newlink+0x143e/0x1bf0 [ 588.496557][T14665] ? __lock_acquire+0x116c/0x2c30 [ 588.501613][T14665] ? __mutex_lock_common+0x582/0x2fc0 [ 588.507112][T14665] ? rtnl_setlink+0x490/0x490 [ 588.511775][T14665] rtnetlink_rcv_msg+0x889/0xd40 [ 588.516737][T14665] ? local_bh_enable+0x5/0x20 [ 588.521394][T14665] ? __local_bh_enable_ip+0x133/0x230 [ 588.526749][T14665] ? __dev_queue_xmit+0x1846/0x2940 [ 588.531937][T14665] ? check_preemption_disabled+0x40/0x240 [ 588.537636][T14665] ? debug_smp_processor_id+0x5/0x20 [ 588.542909][T14665] netlink_rcv_skb+0x190/0x3a0 [ 588.547650][T14665] ? rtnetlink_bind+0x80/0x80 [ 588.552319][T14665] netlink_unicast+0x786/0x940 [ 588.557089][T14665] netlink_sendmsg+0xa57/0xd70 [ 588.561841][T14665] ? netlink_getsockopt+0x9e0/0x9e0 [ 588.567028][T14665] ____sys_sendmsg+0x519/0x800 [ 588.571773][T14665] ? import_iovec+0x12a/0x2c0 [ 588.576441][T14665] __sys_sendmmsg+0x45b/0x680 [ 588.581146][T14665] ? ksys_write+0x1b1/0x220 [ 588.585634][T14665] ? ksys_write+0x1b1/0x220 [ 588.590123][T14665] ? check_preemption_disabled+0x40/0x240 [ 588.595818][T14665] ? check_preemption_disabled+0x40/0x240 [ 588.601519][T14665] __x64_sys_sendmmsg+0x9c/0xb0 [ 588.606527][T14665] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 588.612592][T14665] do_syscall_64+0x73/0xe0 [ 588.616989][T14665] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 588.622858][T14665] RIP: 0033:0x45cb19 [ 588.626743][T14665] Code: Bad RIP value. [ 588.630785][T14665] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 588.639180][T14665] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 588.647133][T14665] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 588.655084][T14665] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 03:56:40 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x8982, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 588.663032][T14665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 588.670985][T14665] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 588.706529][T14673] binder: 14671:14673 ioctl 8982 200004c0 returned -22 [ 588.814921][T14684] binder: 14671:14684 ioctl 8982 200004c0 returned -22 03:56:41 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmmsg(r1, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:41 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xae01, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 588.969260][T14699] binder: 14695:14699 ioctl ae01 200004c0 returned -22 [ 589.001189][T14703] binder: 14695:14703 ioctl ae01 200004c0 returned -22 03:56:43 executing program 1 (fault-call:6 fault-nth:20): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:56:43 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:56:43 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:56:43 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmmsg(r1, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:43 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xae41, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 590.962007][T14721] FAULT_INJECTION: forcing a failure. [ 590.962007][T14721] name failslab, interval 1, probability 0, space 0, times 0 [ 590.976575][T14719] binder: 14717:14719 ioctl ae41 200004c0 returned -22 [ 590.994305][T14721] CPU: 0 PID: 14721 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 591.002999][T14721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 591.013047][T14721] Call Trace: [ 591.016326][T14721] dump_stack+0x1f0/0x31e [ 591.020647][T14721] should_fail+0x38a/0x4e0 [ 591.025055][T14721] should_failslab+0x5/0x20 [ 591.029542][T14721] kmem_cache_alloc_node_trace+0x69/0x2b0 [ 591.035258][T14721] ? __kmalloc_node+0x37/0x60 [ 591.040023][T14721] __kmalloc_node+0x37/0x60 [ 591.044511][T14721] kvmalloc_node+0x81/0x110 [ 591.049006][T14721] rhashtable_init+0x4df/0xb00 [ 591.053759][T14721] br_vlan_init+0x9e/0x1b0 [ 591.058156][T14721] br_dev_init+0x188/0x2c0 [ 591.062563][T14721] register_netdevice+0x7e9/0x1b80 [ 591.067660][T14721] ? safesetid_security_capable+0x81/0xf0 [ 591.073362][T14721] br_dev_newlink+0x24/0x110 [ 591.077927][T14721] ? br_validate+0x2a0/0x2a0 [ 591.082496][T14721] rtnl_newlink+0x143e/0x1bf0 [ 591.087170][T14721] ? __lock_acquire+0x116c/0x2c30 [ 591.092219][T14721] ? __mutex_lock_common+0x582/0x2fc0 [ 591.097573][T14721] ? trace_event_raw_event_lock_acquire+0x1f0/0x1f0 [ 591.104157][T14721] ? rtnl_setlink+0x490/0x490 [ 591.108814][T14721] rtnetlink_rcv_msg+0x889/0xd40 [ 591.113749][T14721] ? local_bh_enable+0x5/0x20 [ 591.118404][T14721] ? __local_bh_enable_ip+0x133/0x230 [ 591.123755][T14721] ? __dev_queue_xmit+0x1846/0x2940 [ 591.128945][T14721] ? check_preemption_disabled+0x40/0x240 [ 591.134663][T14721] ? debug_smp_processor_id+0x5/0x20 [ 591.139934][T14721] netlink_rcv_skb+0x190/0x3a0 [ 591.144701][T14721] ? rtnetlink_bind+0x80/0x80 [ 591.149372][T14721] netlink_unicast+0x786/0x940 [ 591.154129][T14721] netlink_sendmsg+0xa57/0xd70 [ 591.158884][T14721] ? netlink_getsockopt+0x9e0/0x9e0 [ 591.164065][T14721] ____sys_sendmsg+0x519/0x800 [ 591.168810][T14721] ? import_iovec+0x12a/0x2c0 [ 591.173469][T14721] __sys_sendmmsg+0x45b/0x680 [ 591.178174][T14721] ? ksys_write+0x1b1/0x220 [ 591.182656][T14721] ? ksys_write+0x1b1/0x220 [ 591.187142][T14721] ? check_preemption_disabled+0x40/0x240 [ 591.192848][T14721] ? check_preemption_disabled+0x40/0x240 [ 591.198555][T14721] __x64_sys_sendmmsg+0x9c/0xb0 [ 591.203383][T14721] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 591.209422][T14721] do_syscall_64+0x73/0xe0 [ 591.213819][T14721] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 591.219692][T14721] RIP: 0033:0x45cb19 [ 591.223563][T14721] Code: Bad RIP value. [ 591.227605][T14721] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 591.235991][T14721] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 591.243945][T14721] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 591.251894][T14721] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 03:56:43 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 591.259842][T14721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 591.267788][T14721] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 591.381805][T14739] binder: 14717:14739 ioctl ae41 200004c0 returned -22 03:56:43 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xae80, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:56:43 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmmsg(r1, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:43 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:56:43 executing program 1 (fault-call:6 fault-nth:21): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 591.560506][T14750] binder: 14749:14750 ioctl ae80 200004c0 returned -22 [ 591.656580][T14765] FAULT_INJECTION: forcing a failure. [ 591.656580][T14765] name failslab, interval 1, probability 0, space 0, times 0 [ 591.669911][T14768] binder: 14749:14768 ioctl ae80 200004c0 returned -22 [ 591.710118][T14765] CPU: 0 PID: 14765 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 591.718810][T14765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 591.728866][T14765] Call Trace: [ 591.732162][T14765] dump_stack+0x1f0/0x31e [ 591.736504][T14765] should_fail+0x38a/0x4e0 [ 591.740924][T14765] should_failslab+0x5/0x20 [ 591.745423][T14765] kmem_cache_alloc_node_trace+0x69/0x2b0 [ 591.751156][T14765] ? __kmalloc_node+0x37/0x60 [ 591.755836][T14765] __kmalloc_node+0x37/0x60 [ 591.760340][T14765] kvmalloc_node+0x81/0x110 [ 591.764856][T14765] rhashtable_init+0x4df/0xb00 [ 591.769648][T14765] br_vlan_init+0x9e/0x1b0 [ 591.774084][T14765] br_dev_init+0x188/0x2c0 [ 591.778503][T14765] register_netdevice+0x7e9/0x1b80 [ 591.783617][T14765] ? safesetid_security_capable+0x81/0xf0 [ 591.789397][T14765] br_dev_newlink+0x24/0x110 [ 591.794044][T14765] ? br_validate+0x2a0/0x2a0 [ 591.798631][T14765] rtnl_newlink+0x143e/0x1bf0 [ 591.803324][T14765] ? __lock_acquire+0x116c/0x2c30 [ 591.808400][T14765] ? __mutex_lock_common+0x582/0x2fc0 [ 591.813770][T14765] ? trace_event_raw_event_lock_acquire+0x1f0/0x1f0 [ 591.820373][T14765] ? rtnl_setlink+0x490/0x490 [ 591.825054][T14765] rtnetlink_rcv_msg+0x889/0xd40 [ 591.830044][T14765] ? local_bh_enable+0x5/0x20 [ 591.834718][T14765] ? __local_bh_enable_ip+0x133/0x230 [ 591.840095][T14765] ? __dev_queue_xmit+0x1846/0x2940 [ 591.845297][T14765] ? check_preemption_disabled+0x40/0x240 [ 591.851008][T14765] ? debug_smp_processor_id+0x5/0x20 [ 591.856299][T14765] netlink_rcv_skb+0x190/0x3a0 [ 591.861228][T14765] ? rtnetlink_bind+0x80/0x80 [ 591.865894][T14765] netlink_unicast+0x786/0x940 [ 591.870643][T14765] netlink_sendmsg+0xa57/0xd70 [ 591.875399][T14765] ? netlink_getsockopt+0x9e0/0x9e0 [ 591.880697][T14765] ____sys_sendmsg+0x519/0x800 [ 591.885446][T14765] ? import_iovec+0x12a/0x2c0 [ 591.890107][T14765] __sys_sendmmsg+0x45b/0x680 [ 591.894806][T14765] ? ksys_write+0x1b1/0x220 [ 591.899423][T14765] ? ksys_write+0x1b1/0x220 [ 591.903910][T14765] ? check_preemption_disabled+0x40/0x240 [ 591.909608][T14765] ? check_preemption_disabled+0x40/0x240 [ 591.915315][T14765] __x64_sys_sendmmsg+0x9c/0xb0 [ 591.920156][T14765] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 591.926228][T14765] do_syscall_64+0x73/0xe0 [ 591.930633][T14765] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 591.936518][T14765] RIP: 0033:0x45cb19 [ 591.940403][T14765] Code: Bad RIP value. [ 591.944514][T14765] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 591.952899][T14765] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 03:56:44 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x400454ca, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 591.960852][T14765] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 591.968814][T14765] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 591.976766][T14765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 591.984720][T14765] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:56:44 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 592.069235][T14776] binder: 14775:14776 ioctl 400454ca 200004c0 returned -22 [ 592.139186][T14790] binder: 14775:14790 ioctl 400454ca 200004c0 returned -22 03:56:44 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:56:46 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:56:46 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x400454d8, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:56:46 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:46 executing program 1 (fault-call:6 fault-nth:22): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 593.994439][T14816] FAULT_INJECTION: forcing a failure. [ 593.994439][T14816] name failslab, interval 1, probability 0, space 0, times 0 [ 594.016408][T14817] binder: 14813:14817 ioctl 400454d8 200004c0 returned -22 [ 594.016665][T14816] CPU: 0 PID: 14816 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 594.032298][T14816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 594.042362][T14816] Call Trace: [ 594.045660][T14816] dump_stack+0x1f0/0x31e [ 594.050008][T14816] should_fail+0x38a/0x4e0 [ 594.054441][T14816] ? kobject_set_name_vargs+0x5d/0x110 [ 594.059900][T14816] should_failslab+0x5/0x20 [ 594.064399][T14816] __kmalloc_track_caller+0x72/0x320 [ 594.069686][T14816] kstrdup_const+0x51/0x90 [ 594.074105][T14816] kobject_set_name_vargs+0x5d/0x110 [ 594.079390][T14816] dev_set_name+0x6c/0x90 [ 594.083791][T14816] netdev_register_kobject+0xb1/0x2e0 [ 594.089165][T14816] register_netdevice+0x130a/0x1b80 [ 594.094377][T14816] br_dev_newlink+0x24/0x110 [ 594.098966][T14816] ? br_validate+0x2a0/0x2a0 [ 594.103570][T14816] rtnl_newlink+0x143e/0x1bf0 [ 594.108266][T14816] ? __lock_acquire+0x116c/0x2c30 [ 594.113335][T14816] ? __mutex_lock_common+0x582/0x2fc0 [ 594.118726][T14816] ? rtnl_setlink+0x490/0x490 [ 594.123423][T14816] rtnetlink_rcv_msg+0x889/0xd40 [ 594.128388][T14816] ? local_bh_enable+0x5/0x20 [ 594.133060][T14816] ? __local_bh_enable_ip+0x133/0x230 [ 594.138438][T14816] ? __dev_queue_xmit+0x1846/0x2940 [ 594.143638][T14816] ? check_preemption_disabled+0x40/0x240 [ 594.149338][T14816] ? debug_smp_processor_id+0x5/0x20 [ 594.154626][T14816] netlink_rcv_skb+0x190/0x3a0 [ 594.159372][T14816] ? rtnetlink_bind+0x80/0x80 [ 594.164053][T14816] netlink_unicast+0x786/0x940 [ 594.168811][T14816] netlink_sendmsg+0xa57/0xd70 [ 594.173561][T14816] ? netlink_getsockopt+0x9e0/0x9e0 [ 594.178737][T14816] ____sys_sendmsg+0x519/0x800 [ 594.183481][T14816] ? import_iovec+0x12a/0x2c0 [ 594.188145][T14816] __sys_sendmmsg+0x45b/0x680 [ 594.192844][T14816] ? ksys_write+0x1b1/0x220 [ 594.197326][T14816] ? ksys_write+0x1b1/0x220 [ 594.201815][T14816] ? check_preemption_disabled+0x40/0x240 [ 594.207507][T14816] ? check_preemption_disabled+0x40/0x240 [ 594.213211][T14816] __x64_sys_sendmmsg+0x9c/0xb0 [ 594.218048][T14816] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 594.224096][T14816] do_syscall_64+0x73/0xe0 [ 594.228504][T14816] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 594.234380][T14816] RIP: 0033:0x45cb19 [ 594.238255][T14816] Code: Bad RIP value. [ 594.242309][T14816] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 594.250705][T14816] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 594.258658][T14816] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 594.266608][T14816] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 594.274642][T14816] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 594.282591][T14816] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:56:46 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:56:46 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:56:46 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:46 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 594.442122][T14841] binder: 14813:14841 ioctl 400454d8 200004c0 returned -22 03:56:46 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:46 executing program 1 (fault-call:6 fault-nth:23): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:56:46 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, 0x0) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:56:46 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x4004550a, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 594.583204][T14850] FAULT_INJECTION: forcing a failure. [ 594.583204][T14850] name failslab, interval 1, probability 0, space 0, times 0 [ 594.615072][T14850] CPU: 1 PID: 14850 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 594.623949][T14850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 594.634036][T14850] Call Trace: [ 594.637318][T14850] dump_stack+0x1f0/0x31e [ 594.641633][T14850] should_fail+0x38a/0x4e0 [ 594.646031][T14850] ? device_add+0xd2/0x1960 [ 594.650521][T14850] should_failslab+0x5/0x20 [ 594.655000][T14850] kmem_cache_alloc_trace+0x57/0x300 [ 594.660270][T14850] device_add+0xd2/0x1960 [ 594.664580][T14850] ? kobject_set_name_vargs+0xca/0x110 [ 594.670031][T14850] ? kfree+0x1c/0x220 [ 594.674014][T14850] ? kobject_set_name_vargs+0xca/0x110 [ 594.679491][T14850] ? dev_set_name+0x6c/0x90 [ 594.683998][T14850] netdev_register_kobject+0x151/0x2e0 [ 594.689471][T14850] register_netdevice+0x130a/0x1b80 [ 594.694670][T14850] br_dev_newlink+0x24/0x110 [ 594.699238][T14850] ? br_validate+0x2a0/0x2a0 [ 594.703815][T14850] rtnl_newlink+0x143e/0x1bf0 [ 594.708494][T14850] ? __lock_acquire+0x116c/0x2c30 [ 594.713551][T14850] ? __mutex_lock_common+0x582/0x2fc0 [ 594.718938][T14850] ? rtnl_setlink+0x490/0x490 [ 594.723601][T14850] rtnetlink_rcv_msg+0x889/0xd40 [ 594.728544][T14850] ? local_bh_enable+0x5/0x20 [ 594.733295][T14850] ? __local_bh_enable_ip+0x133/0x230 [ 594.738675][T14850] ? __dev_queue_xmit+0x1846/0x2940 [ 594.743870][T14850] ? check_preemption_disabled+0x40/0x240 [ 594.749565][T14850] ? debug_smp_processor_id+0x5/0x20 [ 594.754837][T14850] netlink_rcv_skb+0x190/0x3a0 [ 594.759578][T14850] ? rtnetlink_bind+0x80/0x80 [ 594.764246][T14850] netlink_unicast+0x786/0x940 [ 594.769000][T14850] netlink_sendmsg+0xa57/0xd70 [ 594.773750][T14850] ? netlink_getsockopt+0x9e0/0x9e0 [ 594.778927][T14850] ____sys_sendmsg+0x519/0x800 [ 594.783673][T14850] ? import_iovec+0x12a/0x2c0 [ 594.788333][T14850] __sys_sendmmsg+0x45b/0x680 [ 594.793027][T14850] ? ksys_write+0x1b1/0x220 [ 594.797506][T14850] ? ksys_write+0x1b1/0x220 [ 594.801990][T14850] ? check_preemption_disabled+0x40/0x240 [ 594.807684][T14850] ? check_preemption_disabled+0x40/0x240 [ 594.813385][T14850] __x64_sys_sendmmsg+0x9c/0xb0 [ 594.818217][T14850] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 594.824268][T14850] do_syscall_64+0x73/0xe0 [ 594.828664][T14850] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 594.834534][T14850] RIP: 0033:0x45cb19 [ 594.838410][T14850] Code: Bad RIP value. [ 594.842452][T14850] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 594.850840][T14850] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 594.858789][T14850] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 594.866757][T14850] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 594.874893][T14850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 594.882848][T14850] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 594.916618][T14859] binder: 14852:14859 ioctl 4004550a 200004c0 returned -22 [ 595.010915][T14865] binder: 14852:14865 ioctl 4004550a 200004c0 returned -22 03:56:49 executing program 1 (fault-call:6 fault-nth:24): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:56:49 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xffffffffffffffff, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:56:49 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, 0x0) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:56:49 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:49 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x40046205, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 597.048935][T14873] FAULT_INJECTION: forcing a failure. [ 597.048935][T14873] name failslab, interval 1, probability 0, space 0, times 0 [ 597.070277][T14873] CPU: 0 PID: 14873 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 597.078974][T14873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 597.089023][T14873] Call Trace: [ 597.092298][T14873] dump_stack+0x1f0/0x31e [ 597.096618][T14873] should_fail+0x38a/0x4e0 [ 597.101017][T14873] ? __kernfs_new_node+0x8b/0x630 [ 597.106018][T14873] should_failslab+0x5/0x20 [ 597.110496][T14873] kmem_cache_alloc+0x53/0x2d0 [ 597.115279][T14873] __kernfs_new_node+0x8b/0x630 [ 597.120130][T14873] ? __lock_acquire+0x116c/0x2c30 [ 597.125156][T14873] ? make_kgid+0x1ca/0x300 [ 597.129569][T14873] kernfs_create_dir_ns+0x90/0x220 [ 597.134748][T14873] sysfs_create_dir_ns+0x114/0x290 [ 597.139848][T14873] kobject_add_internal+0x457/0xa90 [ 597.145034][T14873] kobject_add+0xef/0x190 [ 597.149352][T14873] ? get_device_parent+0x332/0x4c0 [ 597.154443][T14873] device_add+0x53d/0x1960 [ 597.158841][T14873] ? kobject_set_name_vargs+0xca/0x110 [ 597.164287][T14873] ? dev_set_name+0x6c/0x90 [ 597.168777][T14873] netdev_register_kobject+0x151/0x2e0 [ 597.174219][T14873] register_netdevice+0x130a/0x1b80 [ 597.179411][T14873] br_dev_newlink+0x24/0x110 [ 597.183977][T14873] ? br_validate+0x2a0/0x2a0 [ 597.188554][T14873] rtnl_newlink+0x143e/0x1bf0 [ 597.193232][T14873] ? __lock_acquire+0x116c/0x2c30 [ 597.198283][T14873] ? __mutex_lock_common+0x582/0x2fc0 [ 597.203655][T14873] ? rtnl_setlink+0x490/0x490 [ 597.208310][T14873] rtnetlink_rcv_msg+0x889/0xd40 [ 597.213242][T14873] ? local_bh_enable+0x5/0x20 [ 597.217914][T14873] ? __local_bh_enable_ip+0x133/0x230 [ 597.223261][T14873] ? __dev_queue_xmit+0x1846/0x2940 [ 597.228446][T14873] ? check_preemption_disabled+0x40/0x240 [ 597.234141][T14873] ? debug_smp_processor_id+0x5/0x20 [ 597.239411][T14873] netlink_rcv_skb+0x190/0x3a0 [ 597.244152][T14873] ? rtnetlink_bind+0x80/0x80 [ 597.248821][T14873] netlink_unicast+0x786/0x940 [ 597.253576][T14873] netlink_sendmsg+0xa57/0xd70 [ 597.258371][T14873] ? netlink_getsockopt+0x9e0/0x9e0 [ 597.263558][T14873] ____sys_sendmsg+0x519/0x800 [ 597.268314][T14873] ? import_iovec+0x12a/0x2c0 [ 597.272972][T14873] __sys_sendmmsg+0x45b/0x680 [ 597.277669][T14873] ? ksys_write+0x1b1/0x220 [ 597.282168][T14873] ? ksys_write+0x1b1/0x220 [ 597.286661][T14873] ? check_preemption_disabled+0x40/0x240 [ 597.292356][T14873] ? check_preemption_disabled+0x40/0x240 [ 597.298094][T14873] __x64_sys_sendmmsg+0x9c/0xb0 [ 597.302939][T14873] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 597.308979][T14873] do_syscall_64+0x73/0xe0 [ 597.313374][T14873] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 597.319253][T14873] RIP: 0033:0x45cb19 [ 597.323120][T14873] Code: Bad RIP value. [ 597.327171][T14873] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 597.335562][T14873] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 597.343509][T14873] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 597.351460][T14873] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 597.359416][T14873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 597.367449][T14873] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:56:49 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 597.413927][T14873] kobject_add_internal failed for bridge0 (error: -12 parent: net) 03:56:49 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(0x0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:56:49 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, 0x0) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:56:49 executing program 1 (fault-call:6 fault-nth:25): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:56:49 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 597.597916][T14896] FAULT_INJECTION: forcing a failure. [ 597.597916][T14896] name failslab, interval 1, probability 0, space 0, times 0 [ 597.611002][T14896] CPU: 0 PID: 14896 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 597.619767][T14896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 597.629943][T14896] Call Trace: [ 597.633233][T14896] dump_stack+0x1f0/0x31e [ 597.637570][T14896] should_fail+0x38a/0x4e0 [ 597.641989][T14896] ? radix_tree_node_alloc+0x1a4/0x390 03:56:49 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x40046207, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:56:49 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r1 = dup(0xffffffffffffffff) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r1}) [ 597.647443][T14896] should_failslab+0x5/0x20 [ 597.651942][T14896] kmem_cache_alloc+0x53/0x2d0 [ 597.656707][T14896] radix_tree_node_alloc+0x1a4/0x390 [ 597.661985][T14896] idr_get_free+0x2aa/0x8d0 [ 597.666488][T14896] idr_alloc_cyclic+0x16e/0x520 [ 597.671341][T14896] __kernfs_new_node+0xea/0x630 [ 597.676188][T14896] ? __lock_acquire+0x116c/0x2c30 [ 597.681210][T14896] ? make_kgid+0x1ca/0x300 [ 597.685615][T14896] kernfs_create_dir_ns+0x90/0x220 [ 597.690718][T14896] sysfs_create_dir_ns+0x114/0x290 [ 597.695839][T14896] kobject_add_internal+0x457/0xa90 [ 597.701090][T14896] kobject_add+0xef/0x190 [ 597.705425][T14896] ? get_device_parent+0x332/0x4c0 [ 597.710536][T14896] device_add+0x53d/0x1960 [ 597.714957][T14896] ? kobject_set_name_vargs+0xca/0x110 [ 597.720430][T14896] ? dev_set_name+0x6c/0x90 [ 597.724935][T14896] netdev_register_kobject+0x151/0x2e0 [ 597.730395][T14896] register_netdevice+0x130a/0x1b80 [ 597.735598][T14896] br_dev_newlink+0x24/0x110 [ 597.740202][T14896] ? br_validate+0x2a0/0x2a0 [ 597.744794][T14896] rtnl_newlink+0x143e/0x1bf0 [ 597.749477][T14896] ? __lock_acquire+0x116c/0x2c30 [ 597.754539][T14896] ? __mutex_lock_common+0x582/0x2fc0 [ 597.759916][T14896] ? rtnl_setlink+0x490/0x490 [ 597.764590][T14896] rtnetlink_rcv_msg+0x889/0xd40 [ 597.769525][T14896] ? local_bh_enable+0x5/0x20 [ 597.774180][T14896] ? __local_bh_enable_ip+0x133/0x230 [ 597.779541][T14896] ? __dev_queue_xmit+0x1846/0x2940 [ 597.784730][T14896] ? check_preemption_disabled+0x40/0x240 [ 597.790421][T14896] ? debug_smp_processor_id+0x5/0x20 [ 597.795691][T14896] netlink_rcv_skb+0x190/0x3a0 [ 597.800457][T14896] ? rtnetlink_bind+0x80/0x80 [ 597.805160][T14896] netlink_unicast+0x786/0x940 [ 597.809915][T14896] netlink_sendmsg+0xa57/0xd70 [ 597.814672][T14896] ? netlink_getsockopt+0x9e0/0x9e0 [ 597.819852][T14896] ____sys_sendmsg+0x519/0x800 [ 597.824601][T14896] ? import_iovec+0x12a/0x2c0 [ 597.829266][T14896] __sys_sendmmsg+0x45b/0x680 [ 597.834008][T14896] ? ksys_write+0x1b1/0x220 [ 597.838496][T14896] ? ksys_write+0x1b1/0x220 [ 597.842984][T14896] ? check_preemption_disabled+0x40/0x240 [ 597.848691][T14896] ? check_preemption_disabled+0x40/0x240 [ 597.854394][T14896] __x64_sys_sendmmsg+0x9c/0xb0 [ 597.859224][T14896] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 597.865275][T14896] do_syscall_64+0x73/0xe0 [ 597.869668][T14896] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 597.875538][T14896] RIP: 0033:0x45cb19 [ 597.879406][T14896] Code: Bad RIP value. [ 597.883444][T14896] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 597.891839][T14896] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 597.899794][T14896] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 597.907832][T14896] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 597.915785][T14896] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 597.923738][T14896] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:56:50 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:52 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r1 = dup(0xffffffffffffffff) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r1}) 03:56:52 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xffffffffffffffff, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:56:52 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x40046208, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:56:52 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:52 executing program 1 (fault-call:6 fault-nth:26): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 600.114669][T14937] FAULT_INJECTION: forcing a failure. [ 600.114669][T14937] name failslab, interval 1, probability 0, space 0, times 0 [ 600.142683][T14937] CPU: 0 PID: 14937 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 600.151381][T14937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 600.161434][T14937] Call Trace: [ 600.164725][T14937] dump_stack+0x1f0/0x31e [ 600.169056][T14937] should_fail+0x38a/0x4e0 [ 600.173461][T14937] ? __kernfs_new_node+0x8b/0x630 [ 600.178488][T14937] should_failslab+0x5/0x20 [ 600.182975][T14937] kmem_cache_alloc+0x53/0x2d0 [ 600.187716][T14937] __kernfs_new_node+0x8b/0x630 [ 600.192647][T14937] ? kernfs_create_dir_ns+0x1e5/0x220 [ 600.198006][T14937] kernfs_new_node+0x95/0x160 [ 600.202658][T14937] __kernfs_create_file+0x45/0x2d0 [ 600.207743][T14937] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 600.213099][T14937] sysfs_create_file_ns+0x106/0x1b0 [ 600.218272][T14937] device_add+0x66e/0x1960 [ 600.222799][T14937] ? kobject_set_name_vargs+0xca/0x110 [ 600.228241][T14937] ? dev_set_name+0x6c/0x90 [ 600.232739][T14937] netdev_register_kobject+0x151/0x2e0 [ 600.238174][T14937] register_netdevice+0x130a/0x1b80 [ 600.243355][T14937] br_dev_newlink+0x24/0x110 [ 600.247923][T14937] ? br_validate+0x2a0/0x2a0 [ 600.252487][T14937] rtnl_newlink+0x143e/0x1bf0 [ 600.257152][T14937] ? __lock_acquire+0x116c/0x2c30 [ 600.262168][T14937] ? __mutex_lock_common+0x582/0x2fc0 [ 600.267522][T14937] ? rtnl_setlink+0x490/0x490 [ 600.272177][T14937] rtnetlink_rcv_msg+0x889/0xd40 [ 600.277126][T14937] ? local_bh_enable+0x5/0x20 [ 600.281773][T14937] ? __local_bh_enable_ip+0x133/0x230 [ 600.287113][T14937] ? __dev_queue_xmit+0x1846/0x2940 [ 600.292288][T14937] ? check_preemption_disabled+0x40/0x240 [ 600.297987][T14937] ? debug_smp_processor_id+0x5/0x20 [ 600.303258][T14937] netlink_rcv_skb+0x190/0x3a0 [ 600.308001][T14937] ? rtnetlink_bind+0x80/0x80 [ 600.312663][T14937] netlink_unicast+0x786/0x940 [ 600.317410][T14937] netlink_sendmsg+0xa57/0xd70 [ 600.322152][T14937] ? netlink_getsockopt+0x9e0/0x9e0 [ 600.327322][T14937] ____sys_sendmsg+0x519/0x800 [ 600.332061][T14937] ? import_iovec+0x12a/0x2c0 [ 600.336715][T14937] __sys_sendmmsg+0x45b/0x680 [ 600.341414][T14937] ? ksys_write+0x1b1/0x220 [ 600.345913][T14937] ? ksys_write+0x1b1/0x220 [ 600.350405][T14937] ? check_preemption_disabled+0x40/0x240 [ 600.356117][T14937] ? check_preemption_disabled+0x40/0x240 [ 600.361888][T14937] __x64_sys_sendmmsg+0x9c/0xb0 [ 600.366714][T14937] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 600.372750][T14937] do_syscall_64+0x73/0xe0 [ 600.377144][T14937] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 600.383013][T14937] RIP: 0033:0x45cb19 [ 600.386885][T14937] Code: Bad RIP value. [ 600.390935][T14937] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 600.399322][T14937] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 600.407275][T14937] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 600.415246][T14937] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 600.423202][T14937] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 600.431151][T14937] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:56:52 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(0x0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:56:52 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:52 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r1 = dup(0xffffffffffffffff) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r1}) 03:56:52 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x40049409, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:56:52 executing program 1 (fault-call:6 fault-nth:27): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:56:52 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 600.663804][T14959] FAULT_INJECTION: forcing a failure. [ 600.663804][T14959] name failslab, interval 1, probability 0, space 0, times 0 [ 600.709194][T14959] CPU: 0 PID: 14959 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 600.718033][T14959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 600.728091][T14959] Call Trace: [ 600.731392][T14959] dump_stack+0x1f0/0x31e [ 600.735724][T14959] should_fail+0x38a/0x4e0 [ 600.740141][T14959] ? __kernfs_new_node+0x8b/0x630 [ 600.745161][T14959] should_failslab+0x5/0x20 [ 600.749643][T14959] kmem_cache_alloc+0x53/0x2d0 [ 600.754381][T14959] ? __mutex_unlock_slowpath+0x12d/0x590 [ 600.759997][T14959] __kernfs_new_node+0x8b/0x630 [ 600.764826][T14959] ? kernfs_add_one+0x4b7/0x600 [ 600.769667][T14959] kernfs_new_node+0x95/0x160 [ 600.774438][T14959] kernfs_create_link+0x9f/0x1f0 [ 600.779356][T14959] sysfs_do_create_link_sd+0x85/0x100 [ 600.784734][T14959] device_add+0x6ee/0x1960 [ 600.789130][T14959] ? kobject_set_name_vargs+0xca/0x110 [ 600.794563][T14959] ? dev_set_name+0x6c/0x90 [ 600.799044][T14959] netdev_register_kobject+0x151/0x2e0 [ 600.804524][T14959] register_netdevice+0x130a/0x1b80 [ 600.809707][T14959] br_dev_newlink+0x24/0x110 [ 600.814268][T14959] ? br_validate+0x2a0/0x2a0 [ 600.818844][T14959] rtnl_newlink+0x143e/0x1bf0 [ 600.823506][T14959] ? __lock_acquire+0x116c/0x2c30 [ 600.828538][T14959] ? __mutex_lock_common+0x582/0x2fc0 [ 600.833897][T14959] ? rtnl_setlink+0x490/0x490 [ 600.838585][T14959] rtnetlink_rcv_msg+0x889/0xd40 [ 600.843508][T14959] ? local_bh_enable+0x5/0x20 [ 600.848156][T14959] ? __local_bh_enable_ip+0x133/0x230 [ 600.853503][T14959] ? __dev_queue_xmit+0x1846/0x2940 [ 600.858704][T14959] ? check_preemption_disabled+0x40/0x240 [ 600.864437][T14959] ? debug_smp_processor_id+0x5/0x20 [ 600.869711][T14959] netlink_rcv_skb+0x190/0x3a0 [ 600.874455][T14959] ? rtnetlink_bind+0x80/0x80 [ 600.879111][T14959] netlink_unicast+0x786/0x940 [ 600.883857][T14959] netlink_sendmsg+0xa57/0xd70 [ 600.888638][T14959] ? netlink_getsockopt+0x9e0/0x9e0 [ 600.893818][T14959] ____sys_sendmsg+0x519/0x800 [ 600.898557][T14959] ? import_iovec+0x12a/0x2c0 [ 600.903225][T14959] __sys_sendmmsg+0x45b/0x680 [ 600.907903][T14959] ? ksys_write+0x1b1/0x220 [ 600.912380][T14959] ? ksys_write+0x1b1/0x220 [ 600.916865][T14959] ? check_preemption_disabled+0x40/0x240 [ 600.922642][T14959] ? check_preemption_disabled+0x40/0x240 [ 600.928343][T14959] __x64_sys_sendmmsg+0x9c/0xb0 [ 600.933169][T14959] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 600.939302][T14959] do_syscall_64+0x73/0xe0 [ 600.943695][T14959] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 600.949571][T14959] RIP: 0033:0x45cb19 [ 600.953435][T14959] Code: Bad RIP value. [ 600.957473][T14959] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 600.965856][T14959] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 600.973802][T14959] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 600.981747][T14959] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 600.989692][T14959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 600.997649][T14959] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:56:53 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:56:53 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:55 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xffffffffffffffff, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:56:55 executing program 1 (fault-call:6 fault-nth:28): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:56:55 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:56:55 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x40085503, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 603.136726][T14987] binder: 14985:14987 ioctl 40085503 200004c0 returned -22 [ 603.162023][T14986] FAULT_INJECTION: forcing a failure. [ 603.162023][T14986] name failslab, interval 1, probability 0, space 0, times 0 [ 603.175136][T14986] CPU: 1 PID: 14986 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 603.184196][T14986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 603.194248][T14986] Call Trace: [ 603.197537][T14986] dump_stack+0x1f0/0x31e [ 603.201866][T14986] should_fail+0x38a/0x4e0 [ 603.206280][T14986] ? __kernfs_new_node+0x47/0x630 [ 603.211299][T14986] should_failslab+0x5/0x20 [ 603.215804][T14986] __kmalloc_track_caller+0x72/0x320 [ 603.221078][T14986] kstrdup_const+0x51/0x90 [ 603.225469][T14986] __kernfs_new_node+0x47/0x630 [ 603.230292][T14986] ? kernfs_add_one+0x4b7/0x600 [ 603.235121][T14986] kernfs_new_node+0x95/0x160 [ 603.239774][T14986] kernfs_create_link+0x9f/0x1f0 [ 603.244686][T14986] sysfs_do_create_link_sd+0x85/0x100 [ 603.250061][T14986] device_add+0xadf/0x1960 [ 603.254455][T14986] ? kobject_set_name_vargs+0xca/0x110 [ 603.259899][T14986] ? dev_set_name+0x6c/0x90 [ 603.264381][T14986] netdev_register_kobject+0x151/0x2e0 [ 603.269830][T14986] register_netdevice+0x130a/0x1b80 [ 603.275009][T14986] br_dev_newlink+0x24/0x110 [ 603.279569][T14986] ? br_validate+0x2a0/0x2a0 [ 603.284140][T14986] rtnl_newlink+0x143e/0x1bf0 [ 603.288810][T14986] ? __lock_acquire+0x116c/0x2c30 [ 603.293828][T14986] ? __mutex_lock_common+0x582/0x2fc0 [ 603.299195][T14986] ? rtnl_setlink+0x490/0x490 [ 603.303949][T14986] rtnetlink_rcv_msg+0x889/0xd40 [ 603.308869][T14986] ? local_bh_enable+0x5/0x20 [ 603.313516][T14986] ? __local_bh_enable_ip+0x133/0x230 [ 603.318865][T14986] ? __dev_queue_xmit+0x1846/0x2940 [ 603.324056][T14986] ? check_preemption_disabled+0x40/0x240 [ 603.329746][T14986] ? debug_smp_processor_id+0x5/0x20 [ 603.335017][T14986] netlink_rcv_skb+0x190/0x3a0 [ 603.339758][T14986] ? rtnetlink_bind+0x80/0x80 [ 603.344417][T14986] netlink_unicast+0x786/0x940 [ 603.349157][T14986] netlink_sendmsg+0xa57/0xd70 [ 603.353895][T14986] ? netlink_getsockopt+0x9e0/0x9e0 [ 603.359063][T14986] ____sys_sendmsg+0x519/0x800 [ 603.363801][T14986] ? import_iovec+0x12a/0x2c0 [ 603.368453][T14986] __sys_sendmmsg+0x45b/0x680 [ 603.373133][T14986] ? ksys_write+0x1b1/0x220 [ 603.377653][T14986] ? ksys_write+0x1b1/0x220 [ 603.382127][T14986] ? check_preemption_disabled+0x40/0x240 [ 603.387821][T14986] ? check_preemption_disabled+0x40/0x240 [ 603.393521][T14986] __x64_sys_sendmmsg+0x9c/0xb0 [ 603.398345][T14986] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 603.404386][T14986] do_syscall_64+0x73/0xe0 [ 603.408799][T14986] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 603.414670][T14986] RIP: 0033:0x45cb19 [ 603.418530][T14986] Code: Bad RIP value. [ 603.422573][T14986] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 603.430999][T14986] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 603.438942][T14986] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 603.446885][T14986] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 603.454835][T14986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 603.462868][T14986] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 603.487192][T14995] binder: 14985:14995 ioctl 40085503 200004c0 returned -22 03:56:55 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(0x0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:56:55 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:55 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x40086602, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:56:55 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:56:55 executing program 1 (fault-call:6 fault-nth:29): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:56:55 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 603.614321][T15005] binder: 15000:15005 ioctl 40086602 200004c0 returned -22 [ 603.667384][T15008] FAULT_INJECTION: forcing a failure. [ 603.667384][T15008] name failslab, interval 1, probability 0, space 0, times 0 [ 603.686530][T15012] binder: 15000:15012 ioctl 40086602 200004c0 returned -22 [ 603.716263][T15008] CPU: 0 PID: 15008 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 603.724954][T15008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 603.735019][T15008] Call Trace: [ 603.738292][T15008] dump_stack+0x1f0/0x31e [ 603.742625][T15008] should_fail+0x38a/0x4e0 [ 603.747024][T15008] ? __kernfs_new_node+0x8b/0x630 [ 603.752166][T15008] should_failslab+0x5/0x20 [ 603.756645][T15008] kmem_cache_alloc+0x53/0x2d0 [ 603.761414][T15008] __kernfs_new_node+0x8b/0x630 [ 603.766260][T15008] ? kernfs_add_one+0x4b7/0x600 [ 603.771106][T15008] kernfs_new_node+0x95/0x160 [ 603.775786][T15008] kernfs_create_link+0x9f/0x1f0 [ 603.780720][T15008] sysfs_do_create_link_sd+0x85/0x100 [ 603.786087][T15008] device_add+0xadf/0x1960 [ 603.790512][T15008] ? kobject_set_name_vargs+0xca/0x110 [ 603.795965][T15008] ? dev_set_name+0x6c/0x90 [ 603.800472][T15008] netdev_register_kobject+0x151/0x2e0 [ 603.805929][T15008] register_netdevice+0x130a/0x1b80 [ 603.811150][T15008] br_dev_newlink+0x24/0x110 [ 603.815834][T15008] ? br_validate+0x2a0/0x2a0 [ 603.820516][T15008] rtnl_newlink+0x143e/0x1bf0 [ 603.825209][T15008] ? __lock_acquire+0x116c/0x2c30 [ 603.830277][T15008] ? __mutex_lock_common+0x582/0x2fc0 [ 603.835682][T15008] ? rtnl_setlink+0x490/0x490 [ 603.840345][T15008] rtnetlink_rcv_msg+0x889/0xd40 [ 603.845296][T15008] ? local_bh_enable+0x5/0x20 [ 603.849958][T15008] ? __local_bh_enable_ip+0x133/0x230 [ 603.855318][T15008] ? __dev_queue_xmit+0x1846/0x2940 [ 603.860508][T15008] ? check_preemption_disabled+0x40/0x240 [ 603.866204][T15008] ? debug_smp_processor_id+0x5/0x20 [ 603.871476][T15008] netlink_rcv_skb+0x190/0x3a0 [ 603.876230][T15008] ? rtnetlink_bind+0x80/0x80 [ 603.880900][T15008] netlink_unicast+0x786/0x940 [ 603.885646][T15008] netlink_sendmsg+0xa57/0xd70 [ 603.890489][T15008] ? netlink_getsockopt+0x9e0/0x9e0 [ 603.895693][T15008] ____sys_sendmsg+0x519/0x800 [ 603.900449][T15008] ? import_iovec+0x12a/0x2c0 [ 603.905111][T15008] __sys_sendmmsg+0x45b/0x680 [ 603.909796][T15008] ? ksys_write+0x1b1/0x220 [ 603.914377][T15008] ? ksys_write+0x1b1/0x220 [ 603.918861][T15008] ? check_preemption_disabled+0x40/0x240 [ 603.924555][T15008] ? check_preemption_disabled+0x40/0x240 [ 603.930273][T15008] __x64_sys_sendmmsg+0x9c/0xb0 [ 603.935114][T15008] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 603.941268][T15008] do_syscall_64+0x73/0xe0 [ 603.945677][T15008] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 603.951721][T15008] RIP: 0033:0x45cb19 [ 603.955587][T15008] Code: Bad RIP value. [ 603.959626][T15008] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 03:56:56 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x4008ae89, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 603.968040][T15008] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 603.975991][T15008] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 603.983957][T15008] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 603.991967][T15008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 603.999917][T15008] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:56:56 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, 0x0) [ 604.077635][T15023] binder: 15022:15023 ioctl 4008ae89 200004c0 returned -22 [ 604.179658][T15027] binder: 15022:15027 ioctl 4008ae89 200004c0 returned -22 03:56:58 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:58 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:56:58 executing program 1 (fault-call:6 fault-nth:30): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:56:58 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, 0x0) [ 606.192656][T15038] FAULT_INJECTION: forcing a failure. [ 606.192656][T15038] name failslab, interval 1, probability 0, space 0, times 0 [ 606.205656][T15038] CPU: 1 PID: 15038 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 606.214420][T15038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 606.224473][T15038] Call Trace: [ 606.227767][T15038] dump_stack+0x1f0/0x31e [ 606.232099][T15038] should_fail+0x38a/0x4e0 [ 606.236524][T15038] ? __kernfs_new_node+0x8b/0x630 [ 606.241546][T15038] should_failslab+0x5/0x20 [ 606.246035][T15038] kmem_cache_alloc+0x53/0x2d0 [ 606.250796][T15038] __kernfs_new_node+0x8b/0x630 [ 606.255634][T15038] ? kernfs_add_one+0x56/0x600 [ 606.260470][T15038] ? __mutex_lock_common+0x582/0x2fc0 [ 606.265835][T15038] kernfs_new_node+0x95/0x160 [ 606.270501][T15038] __kernfs_create_file+0x45/0x2d0 [ 606.275580][T15038] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 606.280920][T15038] internal_create_group+0x445/0xd20 [ 606.286197][T15038] sysfs_create_groups+0x5d/0x130 [ 606.291260][T15038] device_add+0xbac/0x1960 [ 606.295648][T15038] ? dev_set_name+0x6c/0x90 [ 606.300123][T15038] netdev_register_kobject+0x151/0x2e0 [ 606.305563][T15038] register_netdevice+0x130a/0x1b80 [ 606.310750][T15038] br_dev_newlink+0x24/0x110 [ 606.315312][T15038] ? br_validate+0x2a0/0x2a0 [ 606.319871][T15038] rtnl_newlink+0x143e/0x1bf0 [ 606.324528][T15038] ? __lock_acquire+0x116c/0x2c30 [ 606.329582][T15038] ? __mutex_lock_common+0x582/0x2fc0 [ 606.334947][T15038] ? rtnl_setlink+0x490/0x490 [ 606.339596][T15038] rtnetlink_rcv_msg+0x889/0xd40 [ 606.344516][T15038] ? local_bh_enable+0x5/0x20 [ 606.349176][T15038] ? __local_bh_enable_ip+0x133/0x230 [ 606.354617][T15038] ? __dev_queue_xmit+0x1846/0x2940 [ 606.359793][T15038] ? check_preemption_disabled+0x40/0x240 [ 606.365582][T15038] ? debug_smp_processor_id+0x5/0x20 [ 606.370853][T15038] netlink_rcv_skb+0x190/0x3a0 [ 606.375588][T15038] ? rtnetlink_bind+0x80/0x80 [ 606.380237][T15038] netlink_unicast+0x786/0x940 [ 606.384992][T15038] netlink_sendmsg+0xa57/0xd70 [ 606.389749][T15038] ? netlink_getsockopt+0x9e0/0x9e0 [ 606.394926][T15038] ____sys_sendmsg+0x519/0x800 [ 606.399702][T15038] ? import_iovec+0x12a/0x2c0 [ 606.404448][T15038] __sys_sendmmsg+0x45b/0x680 [ 606.409174][T15038] ? ksys_write+0x1b1/0x220 [ 606.413677][T15038] ? ksys_write+0x1b1/0x220 [ 606.418151][T15038] ? check_preemption_disabled+0x40/0x240 [ 606.423851][T15038] ? check_preemption_disabled+0x40/0x240 [ 606.429557][T15038] __x64_sys_sendmmsg+0x9c/0xb0 [ 606.434401][T15038] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 606.440440][T15038] do_syscall_64+0x73/0xe0 [ 606.444844][T15038] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 606.450717][T15038] RIP: 0033:0x45cb19 [ 606.454576][T15038] Code: Bad RIP value. [ 606.458610][T15038] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 606.467006][T15038] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 606.474955][T15038] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 606.482895][T15038] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 606.490832][T15038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 606.498772][T15038] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:56:58 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:56:58 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x4008ae90, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:56:58 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:56:58 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, 0x0) 03:56:58 executing program 1 (fault-call:6 fault-nth:31): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 606.631402][T15052] binder: 15048:15052 ioctl 4008ae90 200004c0 returned -22 03:56:58 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 606.692881][T15057] binder: 15048:15057 ioctl 4008ae90 200004c0 returned -22 [ 606.745949][T15063] FAULT_INJECTION: forcing a failure. [ 606.745949][T15063] name failslab, interval 1, probability 0, space 0, times 0 [ 606.758788][T15063] CPU: 0 PID: 15063 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 606.767456][T15063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 606.777518][T15063] Call Trace: [ 606.780821][T15063] dump_stack+0x1f0/0x31e [ 606.785196][T15063] should_fail+0x38a/0x4e0 [ 606.789610][T15063] ? __kernfs_new_node+0x8b/0x630 [ 606.794627][T15063] should_failslab+0x5/0x20 [ 606.799313][T15063] kmem_cache_alloc+0x53/0x2d0 [ 606.804067][T15063] __kernfs_new_node+0x8b/0x630 [ 606.808943][T15063] ? kernfs_add_one+0x4b7/0x600 [ 606.813793][T15063] ? kernfs_add_one+0x4b7/0x600 [ 606.818643][T15063] ? __mutex_unlock_slowpath+0x12d/0x590 [ 606.824277][T15063] kernfs_new_node+0x95/0x160 [ 606.828957][T15063] __kernfs_create_file+0x45/0x2d0 [ 606.834058][T15063] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 606.839429][T15063] internal_create_group+0x445/0xd20 [ 606.844705][T15063] sysfs_create_groups+0x5d/0x130 [ 606.849706][T15063] device_add+0xbac/0x1960 [ 606.854112][T15063] ? dev_set_name+0x6c/0x90 [ 606.858617][T15063] netdev_register_kobject+0x151/0x2e0 [ 606.864067][T15063] register_netdevice+0x130a/0x1b80 [ 606.869256][T15063] br_dev_newlink+0x24/0x110 [ 606.873811][T15063] ? br_validate+0x2a0/0x2a0 [ 606.878375][T15063] rtnl_newlink+0x143e/0x1bf0 [ 606.883047][T15063] ? __lock_acquire+0x116c/0x2c30 [ 606.888073][T15063] ? __mutex_lock_common+0x582/0x2fc0 [ 606.893427][T15063] ? rtnl_setlink+0x490/0x490 [ 606.898077][T15063] rtnetlink_rcv_msg+0x889/0xd40 [ 606.903003][T15063] ? local_bh_enable+0x5/0x20 [ 606.907655][T15063] ? __local_bh_enable_ip+0x133/0x230 [ 606.913000][T15063] ? __dev_queue_xmit+0x1846/0x2940 [ 606.918184][T15063] ? check_preemption_disabled+0x40/0x240 [ 606.923877][T15063] ? debug_smp_processor_id+0x5/0x20 [ 606.929139][T15063] netlink_rcv_skb+0x190/0x3a0 [ 606.933875][T15063] ? rtnetlink_bind+0x80/0x80 [ 606.938530][T15063] netlink_unicast+0x786/0x940 [ 606.943298][T15063] netlink_sendmsg+0xa57/0xd70 [ 606.948062][T15063] ? netlink_getsockopt+0x9e0/0x9e0 [ 606.953234][T15063] ____sys_sendmsg+0x519/0x800 [ 606.957980][T15063] ? import_iovec+0x12a/0x2c0 [ 606.962632][T15063] __sys_sendmmsg+0x45b/0x680 [ 606.967330][T15063] ? ksys_write+0x1b1/0x220 [ 606.971801][T15063] ? ksys_write+0x1b1/0x220 [ 606.976275][T15063] ? check_preemption_disabled+0x40/0x240 [ 606.981964][T15063] ? check_preemption_disabled+0x40/0x240 [ 606.987655][T15063] __x64_sys_sendmmsg+0x9c/0xb0 [ 606.992484][T15063] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 606.998517][T15063] do_syscall_64+0x73/0xe0 [ 607.002900][T15063] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 607.008762][T15063] RIP: 0033:0x45cb19 [ 607.012622][T15063] Code: Bad RIP value. [ 607.016661][T15063] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 607.025042][T15063] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 607.032988][T15063] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 03:56:59 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x4008af30, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 607.040932][T15063] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 607.048878][T15063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 607.056823][T15063] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:56:59 executing program 1 (fault-call:6 fault-nth:32): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:56:59 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)) [ 607.106352][T15071] binder: 15070:15071 ioctl 4008af30 200004c0 returned -22 [ 607.127202][T15074] binder: 15070:15074 ioctl 4008af30 200004c0 returned -22 [ 607.200066][T15076] FAULT_INJECTION: forcing a failure. [ 607.200066][T15076] name failslab, interval 1, probability 0, space 0, times 0 [ 607.224878][T15076] CPU: 0 PID: 15076 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 607.233568][T15076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 607.243627][T15076] Call Trace: [ 607.246920][T15076] dump_stack+0x1f0/0x31e [ 607.251271][T15076] should_fail+0x38a/0x4e0 [ 607.255807][T15076] ? __kernfs_new_node+0x8b/0x630 [ 607.260826][T15076] should_failslab+0x5/0x20 [ 607.265331][T15076] kmem_cache_alloc+0x53/0x2d0 [ 607.270178][T15076] __kernfs_new_node+0x8b/0x630 [ 607.275108][T15076] ? kernfs_add_one+0x4b7/0x600 [ 607.279953][T15076] ? kernfs_add_one+0x4b7/0x600 [ 607.284806][T15076] ? __mutex_unlock_slowpath+0x12d/0x590 [ 607.290443][T15076] kernfs_new_node+0x95/0x160 [ 607.295112][T15076] __kernfs_create_file+0x45/0x2d0 [ 607.300218][T15076] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 607.305601][T15076] internal_create_group+0x445/0xd20 [ 607.310894][T15076] sysfs_create_groups+0x5d/0x130 [ 607.315914][T15076] device_add+0xbac/0x1960 [ 607.320341][T15076] ? dev_set_name+0x6c/0x90 [ 607.324850][T15076] netdev_register_kobject+0x151/0x2e0 [ 607.330288][T15076] register_netdevice+0x130a/0x1b80 [ 607.335479][T15076] br_dev_newlink+0x24/0x110 [ 607.340040][T15076] ? br_validate+0x2a0/0x2a0 [ 607.344638][T15076] rtnl_newlink+0x143e/0x1bf0 [ 607.349297][T15076] ? __lock_acquire+0x116c/0x2c30 [ 607.354317][T15076] ? __mutex_lock_common+0x582/0x2fc0 [ 607.359693][T15076] ? rtnl_setlink+0x490/0x490 [ 607.364342][T15076] rtnetlink_rcv_msg+0x889/0xd40 [ 607.369259][T15076] ? local_bh_enable+0x5/0x20 [ 607.373905][T15076] ? __local_bh_enable_ip+0x133/0x230 [ 607.379248][T15076] ? __dev_queue_xmit+0x1846/0x2940 [ 607.384429][T15076] ? check_preemption_disabled+0x40/0x240 [ 607.390119][T15076] ? debug_smp_processor_id+0x5/0x20 [ 607.395380][T15076] netlink_rcv_skb+0x190/0x3a0 [ 607.400117][T15076] ? rtnetlink_bind+0x80/0x80 [ 607.404773][T15076] netlink_unicast+0x786/0x940 [ 607.409517][T15076] netlink_sendmsg+0xa57/0xd70 [ 607.414256][T15076] ? netlink_getsockopt+0x9e0/0x9e0 [ 607.419430][T15076] ____sys_sendmsg+0x519/0x800 [ 607.424167][T15076] ? import_iovec+0x12a/0x2c0 [ 607.428819][T15076] __sys_sendmmsg+0x45b/0x680 [ 607.433517][T15076] ? ksys_write+0x1b1/0x220 [ 607.438012][T15076] ? ksys_write+0x1b1/0x220 [ 607.442496][T15076] ? check_preemption_disabled+0x40/0x240 [ 607.448189][T15076] ? check_preemption_disabled+0x40/0x240 [ 607.453886][T15076] __x64_sys_sendmmsg+0x9c/0xb0 [ 607.458714][T15076] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 607.464751][T15076] do_syscall_64+0x73/0xe0 [ 607.469147][T15076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 607.475014][T15076] RIP: 0033:0x45cb19 [ 607.478872][T15076] Code: Bad RIP value. [ 607.482925][T15076] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 607.491328][T15076] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 607.499267][T15076] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 607.507207][T15076] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 607.515149][T15076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 607.523091][T15076] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:57:01 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:57:01 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:57:01 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)) 03:57:01 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:57:01 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x401070ca, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:57:01 executing program 1 (fault-call:6 fault-nth:33): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:01 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)) 03:57:01 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a3"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 609.629018][T15107] binder: 15104:15107 ioctl 401070ca 200004c0 returned -22 [ 609.672986][T15112] FAULT_INJECTION: forcing a failure. [ 609.672986][T15112] name failslab, interval 1, probability 0, space 0, times 0 [ 609.689468][T15112] CPU: 1 PID: 15112 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 609.698140][T15112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 609.708191][T15112] Call Trace: [ 609.711495][T15112] dump_stack+0x1f0/0x31e [ 609.715815][T15112] should_fail+0x38a/0x4e0 [ 609.720216][T15112] ? __kernfs_new_node+0x8b/0x630 [ 609.725220][T15112] should_failslab+0x5/0x20 [ 609.729700][T15112] kmem_cache_alloc+0x53/0x2d0 [ 609.734450][T15112] __kernfs_new_node+0x8b/0x630 [ 609.739284][T15112] ? kernfs_add_one+0x4b7/0x600 [ 609.744119][T15112] ? kernfs_add_one+0x4b7/0x600 [ 609.748960][T15112] ? __mutex_unlock_slowpath+0x12d/0x590 [ 609.754603][T15112] kernfs_new_node+0x95/0x160 [ 609.759270][T15112] __kernfs_create_file+0x45/0x2d0 [ 609.764373][T15112] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 609.769735][T15112] internal_create_group+0x445/0xd20 [ 609.775017][T15112] sysfs_create_groups+0x5d/0x130 [ 609.780028][T15112] device_add+0xbac/0x1960 [ 609.784436][T15112] ? dev_set_name+0x6c/0x90 [ 609.788930][T15112] netdev_register_kobject+0x151/0x2e0 [ 609.794374][T15112] register_netdevice+0x130a/0x1b80 [ 609.799572][T15112] br_dev_newlink+0x24/0x110 [ 609.804139][T15112] ? br_validate+0x2a0/0x2a0 [ 609.808711][T15112] rtnl_newlink+0x143e/0x1bf0 [ 609.813394][T15112] ? __lock_acquire+0x116c/0x2c30 [ 609.818457][T15112] ? __mutex_lock_common+0x582/0x2fc0 [ 609.823836][T15112] ? rtnl_setlink+0x490/0x490 [ 609.828543][T15112] rtnetlink_rcv_msg+0x889/0xd40 [ 609.833514][T15112] ? local_bh_enable+0x5/0x20 [ 609.838180][T15112] ? __local_bh_enable_ip+0x133/0x230 [ 609.843542][T15112] ? __dev_queue_xmit+0x1846/0x2940 [ 609.848756][T15112] ? check_preemption_disabled+0x40/0x240 [ 609.854457][T15112] ? debug_smp_processor_id+0x5/0x20 [ 609.859742][T15112] netlink_rcv_skb+0x190/0x3a0 [ 609.864512][T15112] ? rtnetlink_bind+0x80/0x80 [ 609.869189][T15112] netlink_unicast+0x786/0x940 [ 609.873947][T15112] netlink_sendmsg+0xa57/0xd70 [ 609.878710][T15112] ? netlink_getsockopt+0x9e0/0x9e0 [ 609.883888][T15112] ____sys_sendmsg+0x519/0x800 [ 609.888633][T15112] ? import_iovec+0x12a/0x2c0 [ 609.893294][T15112] __sys_sendmmsg+0x45b/0x680 [ 609.897986][T15112] ? ksys_write+0x1b1/0x220 [ 609.902493][T15112] ? ksys_write+0x1b1/0x220 [ 609.906988][T15112] ? check_preemption_disabled+0x40/0x240 [ 609.912687][T15112] ? check_preemption_disabled+0x40/0x240 [ 609.918395][T15112] __x64_sys_sendmmsg+0x9c/0xb0 [ 609.923228][T15112] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 609.929275][T15112] do_syscall_64+0x73/0xe0 [ 609.933674][T15112] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 609.939554][T15112] RIP: 0033:0x45cb19 [ 609.943442][T15112] Code: Bad RIP value. [ 609.947483][T15112] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 609.955957][T15112] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 609.963907][T15112] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 609.971857][T15112] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 609.979807][T15112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 609.987759][T15112] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:57:02 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a3"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 610.015345][T15116] binder: 15104:15116 ioctl 401070ca 200004c0 returned -22 03:57:02 executing program 3 (fault-call:7 fault-nth:0): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:57:02 executing program 1 (fault-call:6 fault-nth:34): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:02 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a3"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:57:02 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x4010ae74, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 610.206538][T15124] FAULT_INJECTION: forcing a failure. [ 610.206538][T15124] name failslab, interval 1, probability 0, space 0, times 0 [ 610.235650][T15129] FAULT_INJECTION: forcing a failure. [ 610.235650][T15129] name failslab, interval 1, probability 0, space 0, times 0 [ 610.243900][T15124] CPU: 1 PID: 15124 Comm: syz-executor.3 Not tainted 5.8.0-rc2-syzkaller #0 [ 610.256910][T15124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 610.266952][T15124] Call Trace: [ 610.270231][T15124] dump_stack+0x1f0/0x31e [ 610.274544][T15124] should_fail+0x38a/0x4e0 [ 610.278941][T15124] ? tomoyo_realpath_from_path+0xd8/0x630 [ 610.284637][T15124] should_failslab+0x5/0x20 [ 610.289118][T15124] __kmalloc+0x74/0x330 [ 610.293257][T15124] ? tomoyo_realpath_from_path+0xcb/0x630 [ 610.298955][T15124] tomoyo_realpath_from_path+0xd8/0x630 [ 610.304491][T15124] tomoyo_path_number_perm+0x18f/0x690 [ 610.309959][T15124] security_file_ioctl+0x55/0xb0 [ 610.314879][T15124] __se_sys_ioctl+0x48/0x160 [ 610.319448][T15124] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 610.325498][T15124] do_syscall_64+0x73/0xe0 [ 610.329899][T15124] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 610.335767][T15124] RIP: 0033:0x45cb19 [ 610.339630][T15124] Code: Bad RIP value. [ 610.343671][T15124] RSP: 002b:00007f0bb9846c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 610.352057][T15124] RAX: ffffffffffffffda RBX: 00000000004f16c0 RCX: 000000000045cb19 [ 610.360005][T15124] RDX: 0000000020000000 RSI: 000000004008af30 RDI: 0000000000000004 [ 610.367951][T15124] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 610.375899][T15124] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 610.383846][T15124] R13: 0000000000000603 R14: 00000000004c8e64 R15: 00007f0bb98476d4 [ 610.391826][T15129] CPU: 0 PID: 15129 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 610.400529][T15129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 610.410575][T15129] Call Trace: [ 610.413865][T15129] dump_stack+0x1f0/0x31e [ 610.418201][T15129] should_fail+0x38a/0x4e0 [ 610.422622][T15129] ? __kernfs_new_node+0x8b/0x630 [ 610.427646][T15129] should_failslab+0x5/0x20 [ 610.432149][T15129] kmem_cache_alloc+0x53/0x2d0 [ 610.436918][T15129] __kernfs_new_node+0x8b/0x630 [ 610.441766][T15129] ? kernfs_add_one+0x4b7/0x600 [ 610.446618][T15129] ? kernfs_add_one+0x4b7/0x600 [ 610.449297][T15124] ERROR: Out of memory at tomoyo_realpath_from_path. [ 610.451459][T15129] ? __mutex_unlock_slowpath+0x12d/0x590 [ 610.451478][T15129] kernfs_new_node+0x95/0x160 [ 610.451494][T15129] __kernfs_create_file+0x45/0x2d0 [ 610.451508][T15129] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 610.451529][T15129] internal_create_group+0x445/0xd20 [ 610.484166][T15129] sysfs_create_groups+0x5d/0x130 [ 610.489177][T15129] device_add+0xbac/0x1960 [ 610.493581][T15129] ? dev_set_name+0x6c/0x90 [ 610.498107][T15129] netdev_register_kobject+0x151/0x2e0 [ 610.503567][T15129] register_netdevice+0x130a/0x1b80 [ 610.508763][T15129] br_dev_newlink+0x24/0x110 [ 610.513329][T15129] ? br_validate+0x2a0/0x2a0 [ 610.517904][T15129] rtnl_newlink+0x143e/0x1bf0 [ 610.522583][T15129] ? __lock_acquire+0x116c/0x2c30 [ 610.527637][T15129] ? __mutex_lock_common+0x582/0x2fc0 [ 610.533015][T15129] ? rtnl_setlink+0x490/0x490 [ 610.537672][T15129] rtnetlink_rcv_msg+0x889/0xd40 [ 610.542610][T15129] ? local_bh_enable+0x5/0x20 [ 610.547311][T15129] ? __local_bh_enable_ip+0x133/0x230 [ 610.552663][T15129] ? __dev_queue_xmit+0x1846/0x2940 [ 610.557884][T15129] ? check_preemption_disabled+0x40/0x240 [ 610.563581][T15129] ? debug_smp_processor_id+0x5/0x20 [ 610.568852][T15129] netlink_rcv_skb+0x190/0x3a0 [ 610.573593][T15129] ? rtnetlink_bind+0x80/0x80 [ 610.578259][T15129] netlink_unicast+0x786/0x940 [ 610.583018][T15129] netlink_sendmsg+0xa57/0xd70 [ 610.587781][T15129] ? netlink_getsockopt+0x9e0/0x9e0 [ 610.592956][T15129] ____sys_sendmsg+0x519/0x800 [ 610.597699][T15129] ? import_iovec+0x12a/0x2c0 [ 610.602380][T15129] __sys_sendmmsg+0x45b/0x680 [ 610.607078][T15129] ? ksys_write+0x1b1/0x220 [ 610.611559][T15129] ? ksys_write+0x1b1/0x220 [ 610.616048][T15129] ? check_preemption_disabled+0x40/0x240 [ 610.621744][T15129] ? check_preemption_disabled+0x40/0x240 [ 610.627452][T15129] __x64_sys_sendmmsg+0x9c/0xb0 [ 610.632285][T15129] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 610.638329][T15129] do_syscall_64+0x73/0xe0 [ 610.642725][T15129] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 610.648604][T15129] RIP: 0033:0x45cb19 [ 610.652470][T15129] Code: Bad RIP value. [ 610.656549][T15129] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 610.664970][T15129] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 610.672968][T15129] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 610.680920][T15129] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 610.688870][T15129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 610.696820][T15129] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:57:04 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:57:04 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a300"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:57:04 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:57:04 executing program 1 (fault-call:6 fault-nth:35): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:04 executing program 3 (fault-call:7 fault-nth:1): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:57:04 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x4018620d, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:57:04 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a300"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 612.706815][T15158] FAULT_INJECTION: forcing a failure. [ 612.706815][T15158] name failslab, interval 1, probability 0, space 0, times 0 [ 612.717568][T15159] FAULT_INJECTION: forcing a failure. [ 612.717568][T15159] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 612.732716][T15159] CPU: 1 PID: 15159 Comm: syz-executor.3 Not tainted 5.8.0-rc2-syzkaller #0 [ 612.741365][T15159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 612.751405][T15159] Call Trace: [ 612.754683][T15159] dump_stack+0x1f0/0x31e [ 612.758996][T15159] should_fail+0x38a/0x4e0 [ 612.763394][T15159] prepare_alloc_pages+0x28c/0x4a0 [ 612.768486][T15159] __alloc_pages_nodemask+0xbc/0x5e0 [ 612.773748][T15159] ? __lock_acquire+0x116c/0x2c30 [ 612.778810][T15159] kmem_getpages+0x49/0x900 [ 612.783288][T15159] ? check_preemption_disabled+0x40/0x240 [ 612.788994][T15159] cache_grow_begin+0x7b/0x2e0 [ 612.793735][T15159] cache_alloc_refill+0x359/0x3f0 [ 612.798736][T15159] ? check_preemption_disabled+0xb0/0x240 [ 612.804433][T15159] ? debug_smp_processor_id+0x5/0x20 [ 612.809699][T15159] __kmalloc+0x30c/0x330 [ 612.813923][T15159] ? tomoyo_realpath_from_path+0xd8/0x630 [ 612.819636][T15159] tomoyo_realpath_from_path+0xd8/0x630 [ 612.825171][T15159] tomoyo_path_number_perm+0x18f/0x690 [ 612.830625][T15159] ? trace_event_raw_event_lock_acquire+0x1f0/0x1f0 [ 612.837196][T15159] ? trace_event_raw_event_lock_acquire+0x1f0/0x1f0 [ 612.843797][T15159] security_file_ioctl+0x55/0xb0 [ 612.848717][T15159] __se_sys_ioctl+0x48/0x160 [ 612.853291][T15159] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 612.859361][T15159] do_syscall_64+0x73/0xe0 [ 612.863762][T15159] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 612.869632][T15159] RIP: 0033:0x45cb19 [ 612.873510][T15159] Code: Bad RIP value. [ 612.877552][T15159] RSP: 002b:00007f0bb9846c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 612.885949][T15159] RAX: ffffffffffffffda RBX: 00000000004f16c0 RCX: 000000000045cb19 [ 612.893925][T15159] RDX: 0000000020000000 RSI: 000000004008af30 RDI: 0000000000000004 [ 612.901937][T15159] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 612.909901][T15159] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 612.917854][T15159] R13: 0000000000000603 R14: 00000000004c8e64 R15: 00007f0bb98476d4 [ 612.944051][T15158] CPU: 0 PID: 15158 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 612.952747][T15158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 612.962804][T15158] Call Trace: [ 612.966102][T15158] dump_stack+0x1f0/0x31e [ 612.970433][T15158] should_fail+0x38a/0x4e0 [ 612.974841][T15158] ? __kernfs_new_node+0x8b/0x630 [ 612.979842][T15158] should_failslab+0x5/0x20 [ 612.984325][T15158] kmem_cache_alloc+0x53/0x2d0 [ 612.989076][T15158] __kernfs_new_node+0x8b/0x630 [ 612.993900][T15158] ? kernfs_add_one+0x4b7/0x600 [ 612.998726][T15158] ? kernfs_add_one+0x4b7/0x600 [ 613.003555][T15158] ? __mutex_unlock_slowpath+0x12d/0x590 [ 613.009172][T15158] kernfs_new_node+0x95/0x160 [ 613.013831][T15158] __kernfs_create_file+0x45/0x2d0 [ 613.018922][T15158] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 613.024278][T15158] internal_create_group+0x445/0xd20 [ 613.029555][T15158] sysfs_create_groups+0x5d/0x130 [ 613.034568][T15158] device_add+0xbac/0x1960 [ 613.038971][T15158] ? dev_set_name+0x6c/0x90 [ 613.043465][T15158] netdev_register_kobject+0x151/0x2e0 [ 613.048905][T15158] register_netdevice+0x130a/0x1b80 [ 613.054108][T15158] br_dev_newlink+0x24/0x110 [ 613.058674][T15158] ? br_validate+0x2a0/0x2a0 [ 613.063249][T15158] rtnl_newlink+0x143e/0x1bf0 [ 613.067920][T15158] ? __lock_acquire+0x116c/0x2c30 [ 613.072970][T15158] ? __mutex_lock_common+0x582/0x2fc0 [ 613.078330][T15158] ? trace_event_raw_event_lock_acquire+0x1f0/0x1f0 [ 613.084913][T15158] ? rtnl_setlink+0x490/0x490 [ 613.089566][T15158] rtnetlink_rcv_msg+0x889/0xd40 [ 613.094505][T15158] ? local_bh_enable+0x5/0x20 [ 613.099159][T15158] ? __local_bh_enable_ip+0x133/0x230 [ 613.104510][T15158] ? __dev_queue_xmit+0x1846/0x2940 [ 613.109697][T15158] ? check_preemption_disabled+0x40/0x240 [ 613.115390][T15158] ? debug_smp_processor_id+0x5/0x20 [ 613.120654][T15158] netlink_rcv_skb+0x190/0x3a0 [ 613.125393][T15158] ? rtnetlink_bind+0x80/0x80 [ 613.130070][T15158] netlink_unicast+0x786/0x940 [ 613.134841][T15158] netlink_sendmsg+0xa57/0xd70 [ 613.139594][T15158] ? netlink_getsockopt+0x9e0/0x9e0 [ 613.144772][T15158] ____sys_sendmsg+0x519/0x800 [ 613.149514][T15158] ? import_iovec+0x12a/0x2c0 [ 613.154175][T15158] __sys_sendmmsg+0x45b/0x680 [ 613.158871][T15158] ? ksys_write+0x1b1/0x220 [ 613.163350][T15158] ? ksys_write+0x1b1/0x220 [ 613.167833][T15158] ? check_preemption_disabled+0x40/0x240 [ 613.173540][T15158] ? check_preemption_disabled+0x40/0x240 [ 613.179243][T15158] __x64_sys_sendmmsg+0x9c/0xb0 [ 613.184072][T15158] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 613.190114][T15158] do_syscall_64+0x73/0xe0 [ 613.194526][T15158] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 613.200394][T15158] RIP: 0033:0x45cb19 [ 613.204261][T15158] Code: Bad RIP value. 03:57:05 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a300"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 613.208302][T15158] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 613.216728][T15158] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 613.224680][T15158] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 613.232627][T15158] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 613.240575][T15158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 613.248528][T15158] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:57:05 executing program 3 (fault-call:7 fault-nth:2): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:57:05 executing program 1 (fault-call:6 fault-nth:36): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:05 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:57:05 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x40186366, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 613.478429][T15175] FAULT_INJECTION: forcing a failure. [ 613.478429][T15175] name failslab, interval 1, probability 0, space 0, times 0 [ 613.514630][T15175] CPU: 1 PID: 15175 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 613.523328][T15175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 613.533387][T15175] Call Trace: [ 613.536684][T15175] dump_stack+0x1f0/0x31e [ 613.541023][T15175] should_fail+0x38a/0x4e0 [ 613.545454][T15175] ? __kernfs_new_node+0x8b/0x630 [ 613.550481][T15175] should_failslab+0x5/0x20 [ 613.554990][T15175] kmem_cache_alloc+0x53/0x2d0 [ 613.559772][T15175] __kernfs_new_node+0x8b/0x630 [ 613.564621][T15175] ? kernfs_add_one+0x4b7/0x600 [ 613.569482][T15175] ? kernfs_add_one+0x4b7/0x600 [ 613.574335][T15175] ? __mutex_unlock_slowpath+0x12d/0x590 [ 613.579972][T15175] kernfs_new_node+0x95/0x160 [ 613.584655][T15175] __kernfs_create_file+0x45/0x2d0 [ 613.589768][T15175] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 613.595146][T15175] internal_create_group+0x445/0xd20 [ 613.595666][T15173] FAULT_INJECTION: forcing a failure. [ 613.595666][T15173] name failslab, interval 1, probability 0, space 0, times 0 [ 613.600431][T15175] sysfs_create_groups+0x5d/0x130 [ 613.600445][T15175] device_add+0xbac/0x1960 [ 613.600463][T15175] ? dev_set_name+0x6c/0x90 [ 613.627122][T15175] netdev_register_kobject+0x151/0x2e0 [ 613.632587][T15175] register_netdevice+0x130a/0x1b80 [ 613.637803][T15175] br_dev_newlink+0x24/0x110 [ 613.642386][T15175] ? br_validate+0x2a0/0x2a0 [ 613.647008][T15175] rtnl_newlink+0x143e/0x1bf0 [ 613.651707][T15175] ? __lock_acquire+0x116c/0x2c30 [ 613.656773][T15175] ? __mutex_lock_common+0x582/0x2fc0 [ 613.662191][T15175] ? rtnl_setlink+0x490/0x490 [ 613.666863][T15175] rtnetlink_rcv_msg+0x889/0xd40 [ 613.671810][T15175] ? local_bh_enable+0x5/0x20 [ 613.676506][T15175] ? __local_bh_enable_ip+0x133/0x230 [ 613.681871][T15175] ? __dev_queue_xmit+0x1846/0x2940 [ 613.687074][T15175] ? check_preemption_disabled+0x40/0x240 [ 613.692785][T15175] ? debug_smp_processor_id+0x5/0x20 [ 613.698100][T15175] netlink_rcv_skb+0x190/0x3a0 [ 613.702849][T15175] ? rtnetlink_bind+0x80/0x80 [ 613.707537][T15175] netlink_unicast+0x786/0x940 [ 613.712301][T15175] netlink_sendmsg+0xa57/0xd70 [ 613.717071][T15175] ? netlink_getsockopt+0x9e0/0x9e0 [ 613.722265][T15175] ____sys_sendmsg+0x519/0x800 [ 613.727028][T15175] ? import_iovec+0x12a/0x2c0 [ 613.731702][T15175] __sys_sendmmsg+0x45b/0x680 [ 613.736414][T15175] ? ksys_write+0x1b1/0x220 [ 613.740917][T15175] ? ksys_write+0x1b1/0x220 [ 613.745416][T15175] ? check_preemption_disabled+0x40/0x240 [ 613.751130][T15175] ? check_preemption_disabled+0x40/0x240 [ 613.756846][T15175] __x64_sys_sendmmsg+0x9c/0xb0 [ 613.761712][T15175] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 613.767776][T15175] do_syscall_64+0x73/0xe0 [ 613.772183][T15175] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 613.778065][T15175] RIP: 0033:0x45cb19 [ 613.781939][T15175] Code: Bad RIP value. [ 613.785994][T15175] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 613.794397][T15175] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 613.802358][T15175] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 613.810326][T15175] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 613.818298][T15175] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 613.826315][T15175] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 613.837121][T15173] CPU: 0 PID: 15173 Comm: syz-executor.3 Not tainted 5.8.0-rc2-syzkaller #0 [ 613.845806][T15173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 613.855857][T15173] Call Trace: [ 613.859139][T15173] dump_stack+0x1f0/0x31e [ 613.863457][T15173] should_fail+0x38a/0x4e0 [ 613.867917][T15173] ? translate_desc+0x401/0x670 [ 613.872752][T15173] should_failslab+0x5/0x20 [ 613.877233][T15173] kmem_cache_alloc_trace+0x57/0x300 [ 613.882515][T15173] ? lockdep_hardirqs_on_prepare+0x425/0x6e0 [ 613.888494][T15173] ? vhost_iotlb_itree_first+0x89/0x260 [ 613.894036][T15173] translate_desc+0x401/0x670 [ 613.898710][T15173] vhost_vq_init_access+0x3c6/0xb80 [ 613.903896][T15173] vhost_net_ioctl+0x109e/0x1aa0 [ 613.908820][T15173] ? do_vfs_ioctl+0x66/0x16d0 [ 613.913497][T15173] ? __se_sys_ioctl+0x8f/0x160 [ 613.918259][T15173] ? vhost_net_chr_poll+0x50/0x50 [ 613.923261][T15173] __se_sys_ioctl+0xf9/0x160 [ 613.927835][T15173] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 613.933890][T15173] do_syscall_64+0x73/0xe0 [ 613.938288][T15173] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 613.944158][T15173] RIP: 0033:0x45cb19 [ 613.948028][T15173] Code: Bad RIP value. [ 613.952187][T15173] RSP: 002b:00007f0bb9846c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 613.960571][T15173] RAX: ffffffffffffffda RBX: 00000000004f16c0 RCX: 000000000045cb19 [ 613.968519][T15173] RDX: 0000000020000000 RSI: 000000004008af30 RDI: 0000000000000004 [ 613.976467][T15173] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 613.984417][T15173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 613.992474][T15173] R13: 0000000000000603 R14: 00000000004c8e64 R15: 00007f0bb98476d4 03:57:07 executing program 1 (fault-call:6 fault-nth:37): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:07 executing program 3 (fault-call:7 fault-nth:3): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) [ 615.257242][T15198] FAULT_INJECTION: forcing a failure. [ 615.257242][T15198] name failslab, interval 1, probability 0, space 0, times 0 [ 615.270400][T15198] CPU: 1 PID: 15198 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 615.279074][T15198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 615.289128][T15198] Call Trace: [ 615.292417][T15198] dump_stack+0x1f0/0x31e [ 615.296751][T15198] should_fail+0x38a/0x4e0 [ 615.301169][T15198] ? __kernfs_new_node+0x8b/0x630 [ 615.306193][T15198] should_failslab+0x5/0x20 [ 615.310693][T15198] kmem_cache_alloc+0x53/0x2d0 [ 615.315462][T15198] __kernfs_new_node+0x8b/0x630 [ 615.320308][T15198] ? kernfs_add_one+0x4b7/0x600 [ 615.325171][T15198] ? kernfs_add_one+0x4b7/0x600 [ 615.330022][T15198] ? __mutex_unlock_slowpath+0x12d/0x590 [ 615.330269][T15200] FAULT_INJECTION: forcing a failure. [ 615.330269][T15200] name failslab, interval 1, probability 0, space 0, times 0 [ 615.335651][T15198] kernfs_new_node+0x95/0x160 [ 615.335666][T15198] __kernfs_create_file+0x45/0x2d0 [ 615.335679][T15198] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 615.335698][T15198] internal_create_group+0x445/0xd20 [ 615.335722][T15198] sysfs_create_groups+0x5d/0x130 [ 615.373639][T15198] device_add+0xbac/0x1960 [ 615.378058][T15198] ? dev_set_name+0x6c/0x90 [ 615.382564][T15198] netdev_register_kobject+0x151/0x2e0 [ 615.388014][T15198] register_netdevice+0x130a/0x1b80 [ 615.393209][T15198] br_dev_newlink+0x24/0x110 [ 615.397778][T15198] ? br_validate+0x2a0/0x2a0 [ 615.402365][T15198] rtnl_newlink+0x143e/0x1bf0 [ 615.407044][T15198] ? __lock_acquire+0x116c/0x2c30 [ 615.412102][T15198] ? __mutex_lock_common+0x582/0x2fc0 [ 615.417489][T15198] ? rtnl_setlink+0x490/0x490 [ 615.422152][T15198] rtnetlink_rcv_msg+0x889/0xd40 [ 615.427102][T15198] ? local_bh_enable+0x5/0x20 [ 615.431765][T15198] ? __local_bh_enable_ip+0x133/0x230 [ 615.437133][T15198] ? __dev_queue_xmit+0x1846/0x2940 [ 615.442329][T15198] ? check_preemption_disabled+0x40/0x240 [ 615.448033][T15198] ? debug_smp_processor_id+0x5/0x20 [ 615.453313][T15198] netlink_rcv_skb+0x190/0x3a0 [ 615.458065][T15198] ? rtnetlink_bind+0x80/0x80 [ 615.462739][T15198] netlink_unicast+0x786/0x940 [ 615.467519][T15198] netlink_sendmsg+0xa57/0xd70 [ 615.472280][T15198] ? netlink_getsockopt+0x9e0/0x9e0 [ 615.477472][T15198] ____sys_sendmsg+0x519/0x800 [ 615.482221][T15198] ? import_iovec+0x12a/0x2c0 [ 615.486899][T15198] __sys_sendmmsg+0x45b/0x680 [ 615.491600][T15198] ? ksys_write+0x1b1/0x220 [ 615.496093][T15198] ? ksys_write+0x1b1/0x220 [ 615.500588][T15198] ? check_preemption_disabled+0x40/0x240 [ 615.506293][T15198] ? check_preemption_disabled+0x40/0x240 [ 615.512006][T15198] __x64_sys_sendmmsg+0x9c/0xb0 [ 615.516848][T15198] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 615.522899][T15198] do_syscall_64+0x73/0xe0 [ 615.527310][T15198] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 615.533185][T15198] RIP: 0033:0x45cb19 [ 615.537059][T15198] Code: Bad RIP value. [ 615.541113][T15198] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 615.549509][T15198] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 615.557465][T15198] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 615.565423][T15198] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 615.573377][T15198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 615.581332][T15198] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 615.589325][T15200] CPU: 0 PID: 15200 Comm: syz-executor.3 Not tainted 5.8.0-rc2-syzkaller #0 [ 615.598076][T15200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 615.608121][T15200] Call Trace: [ 615.611406][T15200] dump_stack+0x1f0/0x31e [ 615.615741][T15200] should_fail+0x38a/0x4e0 [ 615.620166][T15200] ? translate_desc+0x401/0x670 [ 615.625008][T15200] should_failslab+0x5/0x20 [ 615.629505][T15200] kmem_cache_alloc_trace+0x57/0x300 [ 615.634775][T15200] ? vhost_iotlb_itree_first+0x89/0x260 [ 615.640299][T15200] translate_desc+0x401/0x670 [ 615.644962][T15200] vhost_vq_init_access+0x3c6/0xb80 [ 615.650136][T15200] vhost_net_ioctl+0x109e/0x1aa0 [ 615.655056][T15200] ? vhost_net_chr_poll+0x50/0x50 [ 615.660056][T15200] __se_sys_ioctl+0xf9/0x160 [ 615.664622][T15200] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 615.670662][T15200] do_syscall_64+0x73/0xe0 [ 615.675055][T15200] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 615.681005][T15200] RIP: 0033:0x45cb19 [ 615.684874][T15200] Code: Bad RIP value. [ 615.688920][T15200] RSP: 002b:00007f0bb9846c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 615.697393][T15200] RAX: ffffffffffffffda RBX: 00000000004f16c0 RCX: 000000000045cb19 03:57:07 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:57:07 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, 0x0) ptrace$cont(0x9, r1, 0x0, 0x0) 03:57:07 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:57:07 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x4020940d, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 615.705352][T15200] RDX: 0000000020000000 RSI: 000000004008af30 RDI: 0000000000000004 [ 615.713310][T15200] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 615.721356][T15200] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 615.729308][T15200] R13: 0000000000000603 R14: 00000000004c8e64 R15: 00007f0bb98476d4 03:57:08 executing program 3 (fault-call:7 fault-nth:4): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:57:08 executing program 1 (fault-call:6 fault-nth:38): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:08 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:57:08 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x4020ae46, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:57:08 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 615.975718][T15222] FAULT_INJECTION: forcing a failure. [ 615.975718][T15222] name failslab, interval 1, probability 0, space 0, times 0 [ 615.998868][T15227] binder: 15226:15227 ioctl 4020ae46 200004c0 returned -22 [ 616.028709][T15222] CPU: 1 PID: 15222 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 616.037549][T15222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 616.047606][T15222] Call Trace: [ 616.050894][T15222] dump_stack+0x1f0/0x31e [ 616.055209][T15222] should_fail+0x38a/0x4e0 [ 616.059609][T15222] ? __kernfs_new_node+0x8b/0x630 [ 616.064615][T15222] should_failslab+0x5/0x20 [ 616.069103][T15222] kmem_cache_alloc+0x53/0x2d0 [ 616.073856][T15222] __kernfs_new_node+0x8b/0x630 [ 616.078682][T15222] ? kernfs_add_one+0x4b7/0x600 [ 616.083507][T15222] ? kernfs_add_one+0x4b7/0x600 [ 616.088502][T15222] ? __mutex_unlock_slowpath+0x12d/0x590 [ 616.094114][T15222] kernfs_new_node+0x95/0x160 [ 616.098784][T15222] __kernfs_create_file+0x45/0x2d0 [ 616.103896][T15222] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 616.109246][T15222] internal_create_group+0x445/0xd20 [ 616.114527][T15222] sysfs_create_groups+0x5d/0x130 [ 616.119532][T15222] device_add+0xbac/0x1960 [ 616.123933][T15222] ? dev_set_name+0x6c/0x90 [ 616.128419][T15222] netdev_register_kobject+0x151/0x2e0 [ 616.133853][T15222] register_netdevice+0x130a/0x1b80 [ 616.139054][T15222] br_dev_newlink+0x24/0x110 [ 616.143621][T15222] ? br_validate+0x2a0/0x2a0 [ 616.148186][T15222] rtnl_newlink+0x143e/0x1bf0 [ 616.152849][T15222] ? __lock_acquire+0x116c/0x2c30 [ 616.157903][T15222] ? __mutex_lock_common+0x582/0x2fc0 [ 616.163287][T15222] ? rtnl_setlink+0x490/0x490 [ 616.167971][T15222] rtnetlink_rcv_msg+0x889/0xd40 [ 616.172989][T15222] ? local_bh_enable+0x5/0x20 [ 616.177639][T15222] ? __local_bh_enable_ip+0x133/0x230 [ 616.182988][T15222] ? __dev_queue_xmit+0x1846/0x2940 [ 616.188168][T15222] ? check_preemption_disabled+0x40/0x240 [ 616.193862][T15222] ? debug_smp_processor_id+0x5/0x20 [ 616.199135][T15222] netlink_rcv_skb+0x190/0x3a0 [ 616.203881][T15222] ? rtnetlink_bind+0x80/0x80 [ 616.208542][T15222] netlink_unicast+0x786/0x940 [ 616.213284][T15222] netlink_sendmsg+0xa57/0xd70 [ 616.218035][T15222] ? netlink_getsockopt+0x9e0/0x9e0 [ 616.223211][T15222] ____sys_sendmsg+0x519/0x800 [ 616.227955][T15222] ? import_iovec+0x12a/0x2c0 [ 616.232625][T15222] __sys_sendmmsg+0x45b/0x680 [ 616.237321][T15222] ? ksys_write+0x1b1/0x220 [ 616.241810][T15222] ? ksys_write+0x1b1/0x220 [ 616.246310][T15222] ? check_preemption_disabled+0x40/0x240 [ 616.252002][T15222] ? check_preemption_disabled+0x40/0x240 [ 616.257698][T15222] __x64_sys_sendmmsg+0x9c/0xb0 [ 616.262570][T15222] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 616.268614][T15222] do_syscall_64+0x73/0xe0 [ 616.273021][T15222] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 616.278897][T15222] RIP: 0033:0x45cb19 [ 616.282767][T15222] Code: Bad RIP value. [ 616.286810][T15222] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 616.295201][T15222] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 616.303309][T15222] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 616.311386][T15222] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 616.319334][T15222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 616.327282][T15222] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 616.361821][T15235] binder: 15226:15235 ioctl 4020ae46 200004c0 returned -22 03:57:08 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:57:08 executing program 1 (fault-call:6 fault-nth:39): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:08 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x4040ae70, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 616.556020][T15243] FAULT_INJECTION: forcing a failure. [ 616.556020][T15243] name failslab, interval 1, probability 0, space 0, times 0 [ 616.583099][T15245] binder: 15244:15245 ioctl 4040ae70 200004c0 returned -22 [ 616.585590][T15243] CPU: 0 PID: 15243 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 616.598975][T15243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 616.609023][T15243] Call Trace: [ 616.612300][T15243] dump_stack+0x1f0/0x31e [ 616.616617][T15243] should_fail+0x38a/0x4e0 [ 616.621017][T15243] ? __kernfs_new_node+0x8b/0x630 [ 616.626020][T15243] should_failslab+0x5/0x20 [ 616.630511][T15243] kmem_cache_alloc+0x53/0x2d0 [ 616.635259][T15243] __kernfs_new_node+0x8b/0x630 [ 616.640084][T15243] ? kernfs_add_one+0x4b7/0x600 [ 616.644912][T15243] ? kernfs_add_one+0x4b7/0x600 [ 616.649745][T15243] ? __mutex_unlock_slowpath+0x12d/0x590 [ 616.655365][T15243] kernfs_new_node+0x95/0x160 [ 616.660034][T15243] __kernfs_create_file+0x45/0x2d0 [ 616.665130][T15243] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 616.670489][T15243] internal_create_group+0x445/0xd20 [ 616.675777][T15243] sysfs_create_groups+0x5d/0x130 [ 616.680790][T15243] device_add+0xbac/0x1960 [ 616.685201][T15243] ? dev_set_name+0x6c/0x90 [ 616.689690][T15243] netdev_register_kobject+0x151/0x2e0 [ 616.695155][T15243] register_netdevice+0x130a/0x1b80 [ 616.700346][T15243] br_dev_newlink+0x24/0x110 [ 616.704911][T15243] ? br_validate+0x2a0/0x2a0 [ 616.709518][T15243] rtnl_newlink+0x143e/0x1bf0 [ 616.714199][T15243] ? __lock_acquire+0x116c/0x2c30 [ 616.719251][T15243] ? __mutex_lock_common+0x582/0x2fc0 [ 616.724621][T15243] ? rtnl_setlink+0x490/0x490 [ 616.729279][T15243] rtnetlink_rcv_msg+0x889/0xd40 [ 616.734217][T15243] ? local_bh_enable+0x5/0x20 [ 616.738871][T15243] ? __local_bh_enable_ip+0x133/0x230 [ 616.744221][T15243] ? __dev_queue_xmit+0x1846/0x2940 [ 616.749409][T15243] ? check_preemption_disabled+0x40/0x240 [ 616.755103][T15243] ? debug_smp_processor_id+0x5/0x20 [ 616.760373][T15243] netlink_rcv_skb+0x190/0x3a0 [ 616.765112][T15243] ? rtnetlink_bind+0x80/0x80 [ 616.769779][T15243] netlink_unicast+0x786/0x940 [ 616.774543][T15243] netlink_sendmsg+0xa57/0xd70 [ 616.779296][T15243] ? netlink_getsockopt+0x9e0/0x9e0 [ 616.784472][T15243] ____sys_sendmsg+0x519/0x800 [ 616.789215][T15243] ? import_iovec+0x12a/0x2c0 [ 616.793875][T15243] __sys_sendmmsg+0x45b/0x680 [ 616.798582][T15243] ? ksys_write+0x1b1/0x220 [ 616.803062][T15243] ? ksys_write+0x1b1/0x220 [ 616.807546][T15243] ? check_preemption_disabled+0x40/0x240 [ 616.813241][T15243] ? check_preemption_disabled+0x40/0x240 [ 616.818950][T15243] __x64_sys_sendmmsg+0x9c/0xb0 [ 616.823882][T15243] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 616.829927][T15243] do_syscall_64+0x73/0xe0 [ 616.834324][T15243] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 616.840190][T15243] RIP: 0033:0x45cb19 [ 616.844056][T15243] Code: Bad RIP value. [ 616.848097][T15243] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 616.856494][T15243] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 616.864547][T15243] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 616.872597][T15243] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 616.880558][T15243] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 616.888525][T15243] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 616.964792][T15251] binder: 15244:15251 ioctl 4040ae70 200004c0 returned -22 03:57:11 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:57:11 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:57:11 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x2, &(0x7f0000000000)={0x0, r2}) 03:57:11 executing program 1 (fault-call:6 fault-nth:40): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:11 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x4090ae82, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:57:11 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, 0x0) ptrace$cont(0x9, r1, 0x0, 0x0) [ 618.850237][T15259] FAULT_INJECTION: forcing a failure. [ 618.850237][T15259] name failslab, interval 1, probability 0, space 0, times 0 [ 618.881640][T15259] CPU: 0 PID: 15259 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 618.883099][T15262] binder: 15258:15262 ioctl 4090ae82 200004c0 returned -22 [ 618.890433][T15259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 618.890439][T15259] Call Trace: [ 618.890458][T15259] dump_stack+0x1f0/0x31e [ 618.890474][T15259] should_fail+0x38a/0x4e0 [ 618.890491][T15259] ? __kernfs_new_node+0x8b/0x630 [ 618.890503][T15259] should_failslab+0x5/0x20 [ 618.890513][T15259] kmem_cache_alloc+0x53/0x2d0 [ 618.890540][T15259] __kernfs_new_node+0x8b/0x630 [ 618.890548][T15259] ? kernfs_add_one+0x4b7/0x600 [ 618.890559][T15259] ? kernfs_add_one+0x4b7/0x600 [ 618.890573][T15259] ? __mutex_unlock_slowpath+0x12d/0x590 [ 618.890590][T15259] kernfs_new_node+0x95/0x160 [ 618.890605][T15259] __kernfs_create_file+0x45/0x2d0 [ 618.890617][T15259] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 618.890634][T15259] internal_create_group+0x445/0xd20 [ 618.974449][T15259] sysfs_create_groups+0x5d/0x130 [ 618.979473][T15259] device_add+0xbac/0x1960 [ 618.983874][T15259] ? dev_set_name+0x6c/0x90 [ 618.988359][T15259] netdev_register_kobject+0x151/0x2e0 [ 618.993797][T15259] register_netdevice+0x130a/0x1b80 [ 618.999011][T15259] br_dev_newlink+0x24/0x110 [ 619.003574][T15259] ? br_validate+0x2a0/0x2a0 [ 619.008140][T15259] rtnl_newlink+0x143e/0x1bf0 [ 619.012819][T15259] ? __lock_acquire+0x116c/0x2c30 [ 619.017870][T15259] ? __mutex_lock_common+0x582/0x2fc0 [ 619.023248][T15259] ? rtnl_setlink+0x490/0x490 [ 619.027907][T15259] rtnetlink_rcv_msg+0x889/0xd40 [ 619.032843][T15259] ? local_bh_enable+0x5/0x20 [ 619.037499][T15259] ? __local_bh_enable_ip+0x133/0x230 [ 619.042850][T15259] ? __dev_queue_xmit+0x1846/0x2940 [ 619.048039][T15259] ? check_preemption_disabled+0x40/0x240 [ 619.053733][T15259] ? debug_smp_processor_id+0x5/0x20 [ 619.059004][T15259] netlink_rcv_skb+0x190/0x3a0 [ 619.063747][T15259] ? rtnetlink_bind+0x80/0x80 [ 619.068409][T15259] netlink_unicast+0x786/0x940 [ 619.073159][T15259] netlink_sendmsg+0xa57/0xd70 [ 619.077923][T15259] ? netlink_getsockopt+0x9e0/0x9e0 [ 619.083103][T15259] ____sys_sendmsg+0x519/0x800 [ 619.087847][T15259] ? import_iovec+0x12a/0x2c0 [ 619.092504][T15259] __sys_sendmmsg+0x45b/0x680 [ 619.097200][T15259] ? ksys_write+0x1b1/0x220 [ 619.101680][T15259] ? ksys_write+0x1b1/0x220 [ 619.106164][T15259] ? check_preemption_disabled+0x40/0x240 [ 619.111865][T15259] ? check_preemption_disabled+0x40/0x240 [ 619.117570][T15259] __x64_sys_sendmmsg+0x9c/0xb0 [ 619.122401][T15259] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 619.128440][T15259] do_syscall_64+0x73/0xe0 [ 619.132925][T15259] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 619.138795][T15259] RIP: 0033:0x45cb19 [ 619.142665][T15259] Code: Bad RIP value. [ 619.146706][T15259] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 619.155106][T15259] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 619.163053][T15259] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 619.171188][T15259] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 619.179142][T15259] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 619.187093][T15259] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:57:11 executing program 1 (fault-call:6 fault-nth:41): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:11 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 619.336039][T15279] binder: 15258:15279 ioctl 4090ae82 200004c0 returned -22 03:57:11 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x10, &(0x7f0000000000)={0x0, r2}) 03:57:11 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x41015500, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 619.430507][T15281] FAULT_INJECTION: forcing a failure. [ 619.430507][T15281] name failslab, interval 1, probability 0, space 0, times 0 [ 619.475032][T15288] binder: 15286:15288 ioctl 41015500 200004c0 returned -22 [ 619.476482][T15281] CPU: 0 PID: 15281 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 619.490922][T15281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 619.501077][T15281] Call Trace: [ 619.504353][T15281] dump_stack+0x1f0/0x31e [ 619.508666][T15281] should_fail+0x38a/0x4e0 [ 619.513063][T15281] ? __kernfs_new_node+0x8b/0x630 [ 619.518068][T15281] should_failslab+0x5/0x20 [ 619.522551][T15281] kmem_cache_alloc+0x53/0x2d0 [ 619.527298][T15281] __kernfs_new_node+0x8b/0x630 [ 619.532129][T15281] ? kernfs_add_one+0x4b7/0x600 [ 619.536957][T15281] ? kernfs_add_one+0x4b7/0x600 [ 619.541785][T15281] ? __mutex_unlock_slowpath+0x12d/0x590 [ 619.547401][T15281] kernfs_new_node+0x95/0x160 [ 619.552062][T15281] __kernfs_create_file+0x45/0x2d0 [ 619.557154][T15281] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 619.562513][T15281] internal_create_group+0x445/0xd20 [ 619.567791][T15281] sysfs_create_groups+0x5d/0x130 [ 619.572794][T15281] device_add+0xbac/0x1960 [ 619.577196][T15281] ? dev_set_name+0x6c/0x90 [ 619.581683][T15281] netdev_register_kobject+0x151/0x2e0 [ 619.587143][T15281] register_netdevice+0x130a/0x1b80 [ 619.592333][T15281] br_dev_newlink+0x24/0x110 [ 619.596898][T15281] ? br_validate+0x2a0/0x2a0 [ 619.601466][T15281] rtnl_newlink+0x143e/0x1bf0 [ 619.606140][T15281] ? __lock_acquire+0x116c/0x2c30 [ 619.611197][T15281] ? __mutex_lock_common+0x582/0x2fc0 [ 619.616571][T15281] ? rtnl_setlink+0x490/0x490 [ 619.621225][T15281] rtnetlink_rcv_msg+0x889/0xd40 [ 619.626162][T15281] ? local_bh_enable+0x5/0x20 [ 619.630817][T15281] ? __local_bh_enable_ip+0x133/0x230 [ 619.636167][T15281] ? __dev_queue_xmit+0x1846/0x2940 [ 619.641352][T15281] ? check_preemption_disabled+0x40/0x240 [ 619.647045][T15281] ? debug_smp_processor_id+0x5/0x20 [ 619.652317][T15281] netlink_rcv_skb+0x190/0x3a0 [ 619.657084][T15281] ? rtnetlink_bind+0x80/0x80 [ 619.661747][T15281] netlink_unicast+0x786/0x940 [ 619.666519][T15281] netlink_sendmsg+0xa57/0xd70 [ 619.671271][T15281] ? netlink_getsockopt+0x9e0/0x9e0 [ 619.676448][T15281] ____sys_sendmsg+0x519/0x800 [ 619.681200][T15281] ? import_iovec+0x12a/0x2c0 [ 619.685860][T15281] __sys_sendmmsg+0x45b/0x680 [ 619.690575][T15281] ? ksys_write+0x1b1/0x220 [ 619.695062][T15281] ? ksys_write+0x1b1/0x220 [ 619.699560][T15281] ? check_preemption_disabled+0x40/0x240 [ 619.705286][T15281] ? check_preemption_disabled+0x40/0x240 [ 619.710996][T15281] __x64_sys_sendmmsg+0x9c/0xb0 [ 619.715841][T15281] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 619.721887][T15281] do_syscall_64+0x73/0xe0 [ 619.726298][T15281] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 619.732165][T15281] RIP: 0033:0x45cb19 [ 619.736033][T15281] Code: Bad RIP value. [ 619.740101][T15281] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 619.748489][T15281] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 619.756454][T15281] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 619.764406][T15281] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 619.772359][T15281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 619.780493][T15281] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:57:12 executing program 1 (fault-call:6 fault-nth:42): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 619.887028][T15296] binder: 15286:15296 ioctl 41015500 200004c0 returned -22 [ 619.956590][T15300] FAULT_INJECTION: forcing a failure. [ 619.956590][T15300] name failslab, interval 1, probability 0, space 0, times 0 [ 619.969415][T15300] CPU: 1 PID: 15300 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 619.978088][T15300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 619.988145][T15300] Call Trace: [ 619.991453][T15300] dump_stack+0x1f0/0x31e [ 619.995804][T15300] should_fail+0x38a/0x4e0 [ 620.000216][T15300] ? __kernfs_new_node+0x8b/0x630 03:57:12 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 620.005235][T15300] should_failslab+0x5/0x20 [ 620.009743][T15300] kmem_cache_alloc+0x53/0x2d0 [ 620.014522][T15300] __kernfs_new_node+0x8b/0x630 [ 620.019374][T15300] ? kernfs_add_one+0x4b7/0x600 [ 620.024232][T15300] ? kernfs_add_one+0x4b7/0x600 [ 620.029104][T15300] ? __mutex_unlock_slowpath+0x12d/0x590 [ 620.034833][T15300] kernfs_new_node+0x95/0x160 [ 620.039521][T15300] __kernfs_create_file+0x45/0x2d0 [ 620.044632][T15300] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 620.050012][T15300] internal_create_group+0x445/0xd20 [ 620.055311][T15300] sysfs_create_groups+0x5d/0x130 [ 620.060333][T15300] device_add+0xbac/0x1960 [ 620.064751][T15300] ? dev_set_name+0x6c/0x90 [ 620.069261][T15300] netdev_register_kobject+0x151/0x2e0 [ 620.074724][T15300] register_netdevice+0x130a/0x1b80 [ 620.080067][T15300] br_dev_newlink+0x24/0x110 [ 620.084653][T15300] ? br_validate+0x2a0/0x2a0 [ 620.089229][T15300] rtnl_newlink+0x143e/0x1bf0 [ 620.093896][T15300] ? __lock_acquire+0x116c/0x2c30 [ 620.098922][T15300] ? __mutex_lock_common+0x582/0x2fc0 [ 620.104298][T15300] ? rtnl_setlink+0x490/0x490 [ 620.108966][T15300] rtnetlink_rcv_msg+0x889/0xd40 [ 620.114003][T15300] ? local_bh_enable+0x5/0x20 [ 620.118763][T15300] ? __local_bh_enable_ip+0x133/0x230 [ 620.124125][T15300] ? __dev_queue_xmit+0x1846/0x2940 [ 620.129329][T15300] ? check_preemption_disabled+0x40/0x240 [ 620.135044][T15300] ? debug_smp_processor_id+0x5/0x20 [ 620.140332][T15300] netlink_rcv_skb+0x190/0x3a0 [ 620.145089][T15300] ? rtnetlink_bind+0x80/0x80 [ 620.149754][T15300] netlink_unicast+0x786/0x940 [ 620.154516][T15300] netlink_sendmsg+0xa57/0xd70 [ 620.159277][T15300] ? netlink_getsockopt+0x9e0/0x9e0 [ 620.164505][T15300] ____sys_sendmsg+0x519/0x800 [ 620.169273][T15300] ? import_iovec+0x12a/0x2c0 [ 620.173968][T15300] __sys_sendmmsg+0x45b/0x680 [ 620.178654][T15300] ? ksys_write+0x1b1/0x220 [ 620.183137][T15300] ? ksys_write+0x1b1/0x220 [ 620.187642][T15300] ? check_preemption_disabled+0x40/0x240 [ 620.193342][T15300] ? check_preemption_disabled+0x40/0x240 [ 620.199055][T15300] __x64_sys_sendmmsg+0x9c/0xb0 [ 620.203891][T15300] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 620.209931][T15300] do_syscall_64+0x73/0xe0 [ 620.214335][T15300] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 620.220222][T15300] RIP: 0033:0x45cb19 [ 620.224091][T15300] Code: Bad RIP value. [ 620.228149][T15300] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 620.236546][T15300] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 620.244511][T15300] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 620.252475][T15300] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 620.260444][T15300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 620.268395][T15300] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:57:14 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:57:14 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4c00, &(0x7f0000000000)={0x0, r2}) 03:57:14 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x4138ae84, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:57:14 executing program 1 (fault-call:6 fault-nth:43): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:14 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:57:14 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, 0x0) ptrace$cont(0x9, r1, 0x0, 0x0) [ 621.896433][T15317] FAULT_INJECTION: forcing a failure. [ 621.896433][T15317] name failslab, interval 1, probability 0, space 0, times 0 [ 621.927662][T15320] binder: 15316:15320 ioctl 4138ae84 200004c0 returned -22 [ 621.954465][T15317] CPU: 1 PID: 15317 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 621.963168][T15317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 621.973223][T15317] Call Trace: [ 621.976518][T15317] dump_stack+0x1f0/0x31e [ 621.980835][T15317] should_fail+0x38a/0x4e0 [ 621.985238][T15317] ? __kernfs_new_node+0x8b/0x630 [ 621.990241][T15317] should_failslab+0x5/0x20 [ 621.994759][T15317] kmem_cache_alloc+0x53/0x2d0 [ 621.999516][T15317] __kernfs_new_node+0x8b/0x630 [ 622.004346][T15317] ? kernfs_add_one+0x4b7/0x600 [ 622.009174][T15317] ? kernfs_add_one+0x4b7/0x600 [ 622.014006][T15317] ? __mutex_unlock_slowpath+0x12d/0x590 [ 622.019625][T15317] kernfs_new_node+0x95/0x160 [ 622.024284][T15317] __kernfs_create_file+0x45/0x2d0 [ 622.029372][T15317] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 622.034728][T15317] internal_create_group+0x445/0xd20 [ 622.040004][T15317] sysfs_create_groups+0x5d/0x130 [ 622.045008][T15317] device_add+0xbac/0x1960 [ 622.049423][T15317] ? dev_set_name+0x6c/0x90 [ 622.053916][T15317] netdev_register_kobject+0x151/0x2e0 [ 622.059373][T15317] register_netdevice+0x130a/0x1b80 [ 622.064567][T15317] br_dev_newlink+0x24/0x110 [ 622.069154][T15317] ? br_validate+0x2a0/0x2a0 [ 622.073726][T15317] rtnl_newlink+0x143e/0x1bf0 [ 622.078402][T15317] ? __lock_acquire+0x116c/0x2c30 [ 622.083460][T15317] ? __mutex_lock_common+0x582/0x2fc0 [ 622.088831][T15317] ? rtnl_setlink+0x490/0x490 [ 622.093505][T15317] rtnetlink_rcv_msg+0x889/0xd40 [ 622.098462][T15317] ? local_bh_enable+0x5/0x20 [ 622.103121][T15317] ? __local_bh_enable_ip+0x133/0x230 [ 622.108472][T15317] ? __dev_queue_xmit+0x1846/0x2940 [ 622.113659][T15317] ? check_preemption_disabled+0x40/0x240 [ 622.119375][T15317] ? debug_smp_processor_id+0x5/0x20 [ 622.124663][T15317] netlink_rcv_skb+0x190/0x3a0 [ 622.129411][T15317] ? rtnetlink_bind+0x80/0x80 [ 622.134076][T15317] netlink_unicast+0x786/0x940 [ 622.138828][T15317] netlink_sendmsg+0xa57/0xd70 [ 622.143579][T15317] ? netlink_getsockopt+0x9e0/0x9e0 [ 622.148756][T15317] ____sys_sendmsg+0x519/0x800 [ 622.153498][T15317] ? import_iovec+0x12a/0x2c0 [ 622.158161][T15317] __sys_sendmmsg+0x45b/0x680 [ 622.162860][T15317] ? ksys_write+0x1b1/0x220 [ 622.167346][T15317] ? ksys_write+0x1b1/0x220 [ 622.171827][T15317] ? check_preemption_disabled+0x40/0x240 [ 622.177521][T15317] ? check_preemption_disabled+0x40/0x240 [ 622.183225][T15317] __x64_sys_sendmmsg+0x9c/0xb0 [ 622.188056][T15317] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 622.194098][T15317] do_syscall_64+0x73/0xe0 [ 622.198492][T15317] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 622.204358][T15317] RIP: 0033:0x45cb19 [ 622.208225][T15317] Code: Bad RIP value. [ 622.212275][T15317] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 622.220659][T15317] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 622.228605][T15317] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 622.236553][T15317] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 622.244502][T15317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 622.252450][T15317] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:57:14 executing program 1 (fault-call:6 fault-nth:44): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 622.365156][T15334] binder: 15316:15334 ioctl 4138ae84 200004c0 returned -22 03:57:14 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 622.455202][T15339] FAULT_INJECTION: forcing a failure. [ 622.455202][T15339] name failslab, interval 1, probability 0, space 0, times 0 [ 622.468172][T15339] CPU: 0 PID: 15339 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 622.476842][T15339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 622.486900][T15339] Call Trace: [ 622.490188][T15339] dump_stack+0x1f0/0x31e [ 622.494525][T15339] should_fail+0x38a/0x4e0 [ 622.498942][T15339] ? __kernfs_new_node+0x8b/0x630 [ 622.503967][T15339] should_failslab+0x5/0x20 [ 622.508463][T15339] kmem_cache_alloc+0x53/0x2d0 [ 622.513240][T15339] __kernfs_new_node+0x8b/0x630 [ 622.518087][T15339] ? kernfs_add_one+0x4b7/0x600 [ 622.522935][T15339] ? kernfs_add_one+0x4b7/0x600 [ 622.527785][T15339] ? __mutex_unlock_slowpath+0x12d/0x590 [ 622.533428][T15339] kernfs_new_node+0x95/0x160 [ 622.538105][T15339] __kernfs_create_file+0x45/0x2d0 [ 622.543219][T15339] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 622.548594][T15339] internal_create_group+0x445/0xd20 03:57:14 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4c01, &(0x7f0000000000)={0x0, r2}) [ 622.553885][T15339] sysfs_create_groups+0x5d/0x130 [ 622.558912][T15339] device_add+0xbac/0x1960 [ 622.563340][T15339] ? dev_set_name+0x6c/0x90 [ 622.567847][T15339] netdev_register_kobject+0x151/0x2e0 [ 622.573328][T15339] register_netdevice+0x130a/0x1b80 [ 622.578555][T15339] br_dev_newlink+0x24/0x110 [ 622.583227][T15339] ? br_validate+0x2a0/0x2a0 [ 622.587812][T15339] rtnl_newlink+0x143e/0x1bf0 [ 622.592601][T15339] ? __lock_acquire+0x116c/0x2c30 [ 622.597669][T15339] ? __mutex_lock_common+0x582/0x2fc0 [ 622.603053][T15339] ? rtnl_setlink+0x490/0x490 [ 622.607732][T15339] rtnetlink_rcv_msg+0x889/0xd40 [ 622.612701][T15339] ? local_bh_enable+0x5/0x20 [ 622.617395][T15339] ? __local_bh_enable_ip+0x133/0x230 [ 622.622906][T15339] ? __dev_queue_xmit+0x1846/0x2940 [ 622.628112][T15339] ? check_preemption_disabled+0x40/0x240 [ 622.633822][T15339] ? debug_smp_processor_id+0x5/0x20 [ 622.639096][T15339] netlink_rcv_skb+0x190/0x3a0 [ 622.643842][T15339] ? rtnetlink_bind+0x80/0x80 [ 622.648514][T15339] netlink_unicast+0x786/0x940 [ 622.653267][T15339] netlink_sendmsg+0xa57/0xd70 [ 622.658025][T15339] ? netlink_getsockopt+0x9e0/0x9e0 [ 622.663265][T15339] ____sys_sendmsg+0x519/0x800 [ 622.668008][T15339] ? import_iovec+0x12a/0x2c0 [ 622.672669][T15339] __sys_sendmmsg+0x45b/0x680 [ 622.677378][T15339] ? ksys_write+0x1b1/0x220 [ 622.681878][T15339] ? ksys_write+0x1b1/0x220 [ 622.686386][T15339] ? check_preemption_disabled+0x40/0x240 [ 622.692098][T15339] ? check_preemption_disabled+0x40/0x240 [ 622.697804][T15339] __x64_sys_sendmmsg+0x9c/0xb0 [ 622.702648][T15339] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 622.708701][T15339] do_syscall_64+0x73/0xe0 [ 622.713125][T15339] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 622.719006][T15339] RIP: 0033:0x45cb19 [ 622.722874][T15339] Code: Bad RIP value. [ 622.726936][T15339] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 622.735341][T15339] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 622.743303][T15339] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 03:57:15 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x8004ae98, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 622.751382][T15339] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 622.759425][T15339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 622.767381][T15339] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 622.831294][T15354] binder: 15353:15354 ioctl 8004ae98 200004c0 returned -22 03:57:15 executing program 1 (fault-call:6 fault-nth:45): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 622.874648][T15357] binder: 15353:15357 ioctl 8004ae98 200004c0 returned -22 03:57:15 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 622.920478][T15359] FAULT_INJECTION: forcing a failure. [ 622.920478][T15359] name failslab, interval 1, probability 0, space 0, times 0 [ 622.942537][T15359] CPU: 1 PID: 15359 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 622.951276][T15359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 622.961330][T15359] Call Trace: [ 622.964623][T15359] dump_stack+0x1f0/0x31e [ 622.968949][T15359] should_fail+0x38a/0x4e0 [ 622.973344][T15359] ? __kernfs_new_node+0x8b/0x630 [ 622.978344][T15359] should_failslab+0x5/0x20 [ 622.982818][T15359] kmem_cache_alloc+0x53/0x2d0 [ 622.987566][T15359] __kernfs_new_node+0x8b/0x630 [ 622.992387][T15359] ? kernfs_add_one+0x4b7/0x600 [ 622.997209][T15359] ? kernfs_add_one+0x4b7/0x600 [ 623.002038][T15359] ? __mutex_unlock_slowpath+0x12d/0x590 [ 623.007647][T15359] kernfs_new_node+0x95/0x160 [ 623.012307][T15359] __kernfs_create_file+0x45/0x2d0 [ 623.017393][T15359] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 623.022744][T15359] internal_create_group+0x445/0xd20 [ 623.028184][T15359] sysfs_create_groups+0x5d/0x130 [ 623.033185][T15359] device_add+0xbac/0x1960 [ 623.037579][T15359] ? dev_set_name+0x6c/0x90 [ 623.042059][T15359] netdev_register_kobject+0x151/0x2e0 [ 623.047509][T15359] register_netdevice+0x130a/0x1b80 [ 623.052692][T15359] br_dev_newlink+0x24/0x110 [ 623.057255][T15359] ? br_validate+0x2a0/0x2a0 [ 623.061823][T15359] rtnl_newlink+0x143e/0x1bf0 [ 623.066486][T15359] ? __lock_acquire+0x116c/0x2c30 [ 623.071507][T15359] ? __mutex_lock_common+0x582/0x2fc0 [ 623.076872][T15359] ? rtnl_setlink+0x490/0x490 [ 623.081571][T15359] rtnetlink_rcv_msg+0x889/0xd40 [ 623.086492][T15359] ? local_bh_enable+0x5/0x20 [ 623.091144][T15359] ? __local_bh_enable_ip+0x133/0x230 [ 623.096498][T15359] ? __dev_queue_xmit+0x1846/0x2940 [ 623.101675][T15359] ? check_preemption_disabled+0x40/0x240 [ 623.107365][T15359] ? debug_smp_processor_id+0x5/0x20 [ 623.112628][T15359] netlink_rcv_skb+0x190/0x3a0 [ 623.117368][T15359] ? rtnetlink_bind+0x80/0x80 [ 623.122023][T15359] netlink_unicast+0x786/0x940 [ 623.126781][T15359] netlink_sendmsg+0xa57/0xd70 [ 623.131531][T15359] ? netlink_getsockopt+0x9e0/0x9e0 [ 623.136709][T15359] ____sys_sendmsg+0x519/0x800 [ 623.141456][T15359] ? import_iovec+0x12a/0x2c0 [ 623.146123][T15359] __sys_sendmmsg+0x45b/0x680 [ 623.150793][T15359] ? ksys_write+0x1b1/0x220 [ 623.155269][T15359] ? ksys_write+0x1b1/0x220 [ 623.159749][T15359] ? check_preemption_disabled+0x40/0x240 [ 623.165436][T15359] ? check_preemption_disabled+0x40/0x240 [ 623.171139][T15359] __x64_sys_sendmmsg+0x9c/0xb0 [ 623.175969][T15359] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 623.182005][T15359] do_syscall_64+0x73/0xe0 [ 623.186395][T15359] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 623.192265][T15359] RIP: 0033:0x45cb19 [ 623.196151][T15359] Code: Bad RIP value. [ 623.200188][T15359] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 623.208574][T15359] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 623.216515][T15359] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 623.224465][T15359] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 623.232410][T15359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 623.240354][T15359] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:57:17 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:57:17 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x80085502, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:57:17 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x5404, &(0x7f0000000000)={0x0, r2}) 03:57:17 executing program 1 (fault-call:6 fault-nth:46): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:17 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:57:17 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r1, 0x0, 0x0) [ 624.964425][T15377] binder: 15372:15377 ioctl 80085502 200004c0 returned -22 [ 625.016427][T15381] FAULT_INJECTION: forcing a failure. [ 625.016427][T15381] name failslab, interval 1, probability 0, space 0, times 0 [ 625.020434][T15386] binder: 15372:15386 ioctl 80085502 200004c0 returned -22 [ 625.050582][T15381] CPU: 1 PID: 15381 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 625.059364][T15381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 625.069407][T15381] Call Trace: [ 625.072684][T15381] dump_stack+0x1f0/0x31e [ 625.077003][T15381] should_fail+0x38a/0x4e0 [ 625.081403][T15381] ? __kernfs_new_node+0x8b/0x630 [ 625.086404][T15381] should_failslab+0x5/0x20 [ 625.090882][T15381] kmem_cache_alloc+0x53/0x2d0 [ 625.095628][T15381] __kernfs_new_node+0x8b/0x630 [ 625.100478][T15381] ? kernfs_add_one+0x4b7/0x600 [ 625.105303][T15381] ? kernfs_add_one+0x4b7/0x600 [ 625.110222][T15381] ? __mutex_unlock_slowpath+0x12d/0x590 [ 625.115839][T15381] kernfs_new_node+0x95/0x160 [ 625.120500][T15381] __kernfs_create_file+0x45/0x2d0 [ 625.125614][T15381] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 625.130976][T15381] internal_create_group+0x445/0xd20 [ 625.136262][T15381] sysfs_create_groups+0x5d/0x130 [ 625.141270][T15381] device_add+0xbac/0x1960 [ 625.145675][T15381] ? dev_set_name+0x6c/0x90 [ 625.150167][T15381] netdev_register_kobject+0x151/0x2e0 [ 625.155612][T15381] register_netdevice+0x130a/0x1b80 [ 625.160808][T15381] br_dev_newlink+0x24/0x110 [ 625.165374][T15381] ? br_validate+0x2a0/0x2a0 [ 625.169951][T15381] rtnl_newlink+0x143e/0x1bf0 [ 625.174747][T15381] ? __lock_acquire+0x116c/0x2c30 [ 625.179932][T15381] ? __mutex_lock_common+0x582/0x2fc0 [ 625.185303][T15381] ? rtnl_setlink+0x490/0x490 [ 625.189957][T15381] rtnetlink_rcv_msg+0x889/0xd40 [ 625.194894][T15381] ? local_bh_enable+0x5/0x20 [ 625.199549][T15381] ? __local_bh_enable_ip+0x133/0x230 [ 625.204898][T15381] ? __dev_queue_xmit+0x1846/0x2940 [ 625.210089][T15381] ? check_preemption_disabled+0x40/0x240 [ 625.215790][T15381] ? debug_smp_processor_id+0x5/0x20 [ 625.221070][T15381] netlink_rcv_skb+0x190/0x3a0 [ 625.225821][T15381] ? rtnetlink_bind+0x80/0x80 [ 625.230488][T15381] netlink_unicast+0x786/0x940 [ 625.235244][T15381] netlink_sendmsg+0xa57/0xd70 [ 625.239996][T15381] ? netlink_getsockopt+0x9e0/0x9e0 [ 625.245174][T15381] ____sys_sendmsg+0x519/0x800 [ 625.249919][T15381] ? import_iovec+0x12a/0x2c0 [ 625.254581][T15381] __sys_sendmmsg+0x45b/0x680 [ 625.259286][T15381] ? ksys_write+0x1b1/0x220 [ 625.263769][T15381] ? ksys_write+0x1b1/0x220 [ 625.268254][T15381] ? check_preemption_disabled+0x40/0x240 [ 625.273953][T15381] ? check_preemption_disabled+0x40/0x240 [ 625.279746][T15381] __x64_sys_sendmmsg+0x9c/0xb0 [ 625.284576][T15381] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 625.290618][T15381] do_syscall_64+0x73/0xe0 [ 625.295013][T15381] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 625.300879][T15381] RIP: 0033:0x45cb19 [ 625.304834][T15381] Code: Bad RIP value. [ 625.308876][T15381] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 625.317281][T15381] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 625.325247][T15381] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 625.333195][T15381] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 625.341160][T15381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 625.349114][T15381] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:57:17 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x80086301, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:57:17 executing program 1 (fault-call:6 fault-nth:47): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 625.467833][T15395] binder: 15394:15395 ioctl 80086301 200004c0 returned -22 03:57:17 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:57:17 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x5408, &(0x7f0000000000)={0x0, r2}) [ 625.565064][T15402] binder: 15394:15402 ioctl 80086301 200004c0 returned -22 [ 625.589532][T15401] FAULT_INJECTION: forcing a failure. [ 625.589532][T15401] name failslab, interval 1, probability 0, space 0, times 0 03:57:17 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x80404508, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 625.651618][T15401] CPU: 0 PID: 15401 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 625.660332][T15401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 625.670387][T15401] Call Trace: [ 625.673671][T15401] dump_stack+0x1f0/0x31e [ 625.678018][T15401] should_fail+0x38a/0x4e0 [ 625.682417][T15401] ? __kernfs_new_node+0x8b/0x630 [ 625.687428][T15401] should_failslab+0x5/0x20 [ 625.691907][T15401] kmem_cache_alloc+0x53/0x2d0 [ 625.696664][T15401] __kernfs_new_node+0x8b/0x630 [ 625.701523][T15401] ? kernfs_add_one+0x4b7/0x600 [ 625.706355][T15401] ? kernfs_add_one+0x4b7/0x600 [ 625.711210][T15401] ? __mutex_unlock_slowpath+0x12d/0x590 [ 625.716848][T15401] kernfs_new_node+0x95/0x160 [ 625.721518][T15401] __kernfs_create_file+0x45/0x2d0 [ 625.726618][T15401] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 625.732072][T15401] internal_create_group+0x445/0xd20 [ 625.737379][T15401] sysfs_create_groups+0x5d/0x130 [ 625.742388][T15401] device_add+0xbac/0x1960 [ 625.746795][T15401] ? dev_set_name+0x6c/0x90 [ 625.751290][T15401] netdev_register_kobject+0x151/0x2e0 [ 625.756733][T15401] register_netdevice+0x130a/0x1b80 [ 625.761930][T15401] br_dev_newlink+0x24/0x110 [ 625.766499][T15401] ? br_validate+0x2a0/0x2a0 [ 625.771086][T15401] rtnl_newlink+0x143e/0x1bf0 [ 625.775858][T15401] ? __lock_acquire+0x116c/0x2c30 [ 625.780922][T15401] ? __mutex_lock_common+0x582/0x2fc0 [ 625.786275][T15401] ? trace_event_raw_event_lock_acquire+0x1f0/0x1f0 [ 625.792947][T15401] ? rtnl_setlink+0x490/0x490 [ 625.797608][T15401] rtnetlink_rcv_msg+0x889/0xd40 [ 625.802546][T15401] ? local_bh_enable+0x5/0x20 [ 625.807202][T15401] ? __local_bh_enable_ip+0x133/0x230 [ 625.812555][T15401] ? __dev_queue_xmit+0x1846/0x2940 [ 625.817746][T15401] ? check_preemption_disabled+0x40/0x240 [ 625.823441][T15401] ? debug_smp_processor_id+0x5/0x20 [ 625.828718][T15401] netlink_rcv_skb+0x190/0x3a0 [ 625.833460][T15401] ? rtnetlink_bind+0x80/0x80 [ 625.838157][T15401] netlink_unicast+0x786/0x940 [ 625.842932][T15401] netlink_sendmsg+0xa57/0xd70 [ 625.847697][T15401] ? netlink_getsockopt+0x9e0/0x9e0 [ 625.852884][T15401] ____sys_sendmsg+0x519/0x800 [ 625.857639][T15401] ? import_iovec+0x12a/0x2c0 [ 625.862308][T15401] __sys_sendmmsg+0x45b/0x680 [ 625.867010][T15401] ? ksys_write+0x1b1/0x220 [ 625.871494][T15401] ? ksys_write+0x1b1/0x220 [ 625.875983][T15401] ? check_preemption_disabled+0x40/0x240 [ 625.881692][T15401] ? check_preemption_disabled+0x40/0x240 [ 625.887395][T15401] __x64_sys_sendmmsg+0x9c/0xb0 [ 625.892226][T15401] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 625.898268][T15401] do_syscall_64+0x73/0xe0 [ 625.902666][T15401] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 625.908536][T15401] RIP: 0033:0x45cb19 [ 625.912403][T15401] Code: Bad RIP value. [ 625.916447][T15401] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 625.924839][T15401] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 625.932791][T15401] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 625.940745][T15401] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 625.948699][T15401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 625.956652][T15401] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 625.992985][T15412] binder: 15409:15412 ioctl 80404508 200004c0 returned -22 [ 626.085653][T15412] binder: 15409:15412 ioctl 80404508 200004c0 returned -22 03:57:18 executing program 1 (fault-call:6 fault-nth:48): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 626.183569][T15421] FAULT_INJECTION: forcing a failure. [ 626.183569][T15421] name failslab, interval 1, probability 0, space 0, times 0 [ 626.205403][T15421] CPU: 0 PID: 15421 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 626.214095][T15421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 626.224149][T15421] Call Trace: [ 626.227440][T15421] dump_stack+0x1f0/0x31e [ 626.231774][T15421] should_fail+0x38a/0x4e0 [ 626.236187][T15421] ? __kernfs_new_node+0x8b/0x630 [ 626.241203][T15421] should_failslab+0x5/0x20 [ 626.245707][T15421] kmem_cache_alloc+0x53/0x2d0 [ 626.250471][T15421] __kernfs_new_node+0x8b/0x630 [ 626.255362][T15421] ? kernfs_add_one+0x4b7/0x600 [ 626.260202][T15421] ? kernfs_add_one+0x4b7/0x600 [ 626.265048][T15421] ? __mutex_unlock_slowpath+0x12d/0x590 [ 626.270695][T15421] kernfs_new_node+0x95/0x160 [ 626.275373][T15421] __kernfs_create_file+0x45/0x2d0 [ 626.280484][T15421] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 626.285869][T15421] internal_create_group+0x445/0xd20 [ 626.291147][T15421] sysfs_create_groups+0x5d/0x130 [ 626.296151][T15421] device_add+0xbac/0x1960 [ 626.300548][T15421] ? dev_set_name+0x6c/0x90 [ 626.305043][T15421] netdev_register_kobject+0x151/0x2e0 [ 626.310488][T15421] register_netdevice+0x130a/0x1b80 [ 626.315670][T15421] br_dev_newlink+0x24/0x110 [ 626.320232][T15421] ? br_validate+0x2a0/0x2a0 [ 626.324807][T15421] rtnl_newlink+0x143e/0x1bf0 [ 626.329477][T15421] ? __lock_acquire+0x116c/0x2c30 [ 626.334501][T15421] ? __mutex_lock_common+0x582/0x2fc0 [ 626.339858][T15421] ? rtnl_setlink+0x490/0x490 [ 626.344518][T15421] rtnetlink_rcv_msg+0x889/0xd40 [ 626.349450][T15421] ? local_bh_enable+0x5/0x20 [ 626.354110][T15421] ? __local_bh_enable_ip+0x133/0x230 [ 626.359463][T15421] ? __dev_queue_xmit+0x1846/0x2940 [ 626.364658][T15421] ? check_preemption_disabled+0x40/0x240 [ 626.370365][T15421] ? debug_smp_processor_id+0x5/0x20 [ 626.375630][T15421] netlink_rcv_skb+0x190/0x3a0 [ 626.380365][T15421] ? rtnetlink_bind+0x80/0x80 [ 626.385036][T15421] netlink_unicast+0x786/0x940 [ 626.389796][T15421] netlink_sendmsg+0xa57/0xd70 [ 626.394538][T15421] ? netlink_getsockopt+0x9e0/0x9e0 [ 626.399711][T15421] ____sys_sendmsg+0x519/0x800 [ 626.404462][T15421] ? import_iovec+0x12a/0x2c0 [ 626.409139][T15421] __sys_sendmmsg+0x45b/0x680 [ 626.413827][T15421] ? ksys_write+0x1b1/0x220 [ 626.418305][T15421] ? ksys_write+0x1b1/0x220 [ 626.422786][T15421] ? check_preemption_disabled+0x40/0x240 [ 626.428491][T15421] ? check_preemption_disabled+0x40/0x240 [ 626.434197][T15421] __x64_sys_sendmmsg+0x9c/0xb0 [ 626.439040][T15421] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 626.445176][T15421] do_syscall_64+0x73/0xe0 [ 626.449594][T15421] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 626.455472][T15421] RIP: 0033:0x45cb19 [ 626.459479][T15421] Code: Bad RIP value. [ 626.463536][T15421] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 626.471918][T15421] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 626.479862][T15421] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 626.487811][T15421] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 626.495780][T15421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 626.503729][T15421] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:57:20 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:57:20 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:57:20 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x80dc5521, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:57:20 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x541b, &(0x7f0000000000)={0x0, r2}) 03:57:20 executing program 1 (fault-call:6 fault-nth:49): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:20 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r1, 0x0, 0x0) [ 628.081654][T15440] binder: 15434:15440 ioctl 80dc5521 200004c0 returned -22 [ 628.091972][T15439] FAULT_INJECTION: forcing a failure. [ 628.091972][T15439] name failslab, interval 1, probability 0, space 0, times 0 [ 628.108428][T15439] CPU: 0 PID: 15439 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 628.117192][T15439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 628.127337][T15439] Call Trace: [ 628.130627][T15439] dump_stack+0x1f0/0x31e [ 628.135183][T15439] should_fail+0x38a/0x4e0 [ 628.139599][T15439] ? __kernfs_new_node+0x8b/0x630 [ 628.144622][T15439] should_failslab+0x5/0x20 [ 628.149115][T15439] kmem_cache_alloc+0x53/0x2d0 [ 628.153888][T15439] __kernfs_new_node+0x8b/0x630 [ 628.158718][T15439] ? kernfs_add_one+0x4b7/0x600 [ 628.163542][T15439] ? kernfs_add_one+0x4b7/0x600 [ 628.168516][T15439] ? __mutex_unlock_slowpath+0x12d/0x590 [ 628.174148][T15439] kernfs_new_node+0x95/0x160 [ 628.178823][T15439] __kernfs_create_file+0x45/0x2d0 [ 628.183945][T15439] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 628.189309][T15439] internal_create_group+0x445/0xd20 [ 628.194591][T15439] sysfs_create_groups+0x5d/0x130 [ 628.199601][T15439] device_add+0xbac/0x1960 [ 628.204037][T15439] ? dev_set_name+0x6c/0x90 [ 628.208526][T15439] netdev_register_kobject+0x151/0x2e0 [ 628.213982][T15439] register_netdevice+0x130a/0x1b80 [ 628.219176][T15439] br_dev_newlink+0x24/0x110 [ 628.223747][T15439] ? br_validate+0x2a0/0x2a0 [ 628.228326][T15439] rtnl_newlink+0x143e/0x1bf0 [ 628.233008][T15439] ? __lock_acquire+0x116c/0x2c30 [ 628.238065][T15439] ? __mutex_lock_common+0x582/0x2fc0 [ 628.243413][T15439] ? trace_event_raw_event_lock_acquire+0x1f0/0x1f0 [ 628.249999][T15439] ? rtnl_setlink+0x490/0x490 [ 628.254681][T15439] rtnetlink_rcv_msg+0x889/0xd40 [ 628.259634][T15439] ? local_bh_enable+0x5/0x20 [ 628.264309][T15439] ? __local_bh_enable_ip+0x133/0x230 [ 628.269680][T15439] ? __dev_queue_xmit+0x1846/0x2940 [ 628.274889][T15439] ? check_preemption_disabled+0x40/0x240 [ 628.280595][T15439] ? debug_smp_processor_id+0x5/0x20 [ 628.285872][T15439] netlink_rcv_skb+0x190/0x3a0 [ 628.290618][T15439] ? rtnetlink_bind+0x80/0x80 [ 628.295290][T15439] netlink_unicast+0x786/0x940 [ 628.300066][T15439] netlink_sendmsg+0xa57/0xd70 [ 628.304837][T15439] ? netlink_getsockopt+0x9e0/0x9e0 [ 628.310033][T15439] ____sys_sendmsg+0x519/0x800 [ 628.314807][T15439] ? import_iovec+0x12a/0x2c0 [ 628.319564][T15439] __sys_sendmmsg+0x45b/0x680 [ 628.324271][T15439] ? ksys_write+0x1b1/0x220 [ 628.328757][T15439] ? ksys_write+0x1b1/0x220 [ 628.333240][T15439] ? check_preemption_disabled+0x40/0x240 [ 628.338969][T15439] ? check_preemption_disabled+0x40/0x240 [ 628.344694][T15439] __x64_sys_sendmmsg+0x9c/0xb0 [ 628.349536][T15439] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 628.355583][T15439] do_syscall_64+0x73/0xe0 [ 628.359993][T15439] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 628.365875][T15439] RIP: 0033:0x45cb19 [ 628.369750][T15439] Code: Bad RIP value. [ 628.373794][T15439] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 628.382191][T15439] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 628.390142][T15439] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 628.398088][T15439] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 628.406041][T15439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 628.414003][T15439] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 628.456208][T15451] binder: 15434:15451 ioctl 80dc5521 200004c0 returned -22 03:57:20 executing program 1 (fault-call:6 fault-nth:50): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:20 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x8138ae83, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:57:20 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:57:20 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x5421, &(0x7f0000000000)={0x0, r2}) [ 628.597061][T15456] FAULT_INJECTION: forcing a failure. [ 628.597061][T15456] name failslab, interval 1, probability 0, space 0, times 0 [ 628.622745][T15461] binder: 15457:15461 ioctl 8138ae83 200004c0 returned -22 [ 628.651539][T15456] CPU: 0 PID: 15456 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 628.660285][T15456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 628.670337][T15456] Call Trace: [ 628.673627][T15456] dump_stack+0x1f0/0x31e [ 628.677959][T15456] should_fail+0x38a/0x4e0 [ 628.682364][T15456] ? __kernfs_new_node+0x8b/0x630 [ 628.687378][T15456] should_failslab+0x5/0x20 [ 628.691883][T15456] kmem_cache_alloc+0x53/0x2d0 [ 628.696646][T15456] __kernfs_new_node+0x8b/0x630 [ 628.701492][T15456] ? kernfs_add_one+0x4b7/0x600 [ 628.706330][T15456] ? kernfs_add_one+0x4b7/0x600 [ 628.711174][T15456] ? __mutex_unlock_slowpath+0x12d/0x590 [ 628.716803][T15456] kernfs_new_node+0x95/0x160 [ 628.721590][T15456] __kernfs_create_file+0x45/0x2d0 [ 628.726707][T15456] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 628.732073][T15456] internal_create_group+0x445/0xd20 [ 628.737362][T15456] sysfs_create_groups+0x5d/0x130 [ 628.742381][T15456] device_add+0xbac/0x1960 [ 628.746794][T15456] ? dev_set_name+0x6c/0x90 [ 628.751289][T15456] netdev_register_kobject+0x151/0x2e0 [ 628.756740][T15456] register_netdevice+0x130a/0x1b80 [ 628.761947][T15456] br_dev_newlink+0x24/0x110 [ 628.766518][T15456] ? br_validate+0x2a0/0x2a0 [ 628.771098][T15456] rtnl_newlink+0x143e/0x1bf0 [ 628.775787][T15456] ? __lock_acquire+0x116c/0x2c30 [ 628.780850][T15456] ? __mutex_lock_common+0x582/0x2fc0 [ 628.786256][T15456] ? rtnl_setlink+0x490/0x490 [ 628.790930][T15456] rtnetlink_rcv_msg+0x889/0xd40 [ 628.795894][T15456] ? local_bh_enable+0x5/0x20 [ 628.800574][T15456] ? __local_bh_enable_ip+0x133/0x230 [ 628.805960][T15456] ? __dev_queue_xmit+0x1846/0x2940 [ 628.811178][T15456] ? check_preemption_disabled+0x40/0x240 [ 628.816902][T15456] ? debug_smp_processor_id+0x5/0x20 [ 628.822196][T15456] netlink_rcv_skb+0x190/0x3a0 [ 628.826958][T15456] ? rtnetlink_bind+0x80/0x80 [ 628.831641][T15456] netlink_unicast+0x786/0x940 [ 628.836401][T15456] netlink_sendmsg+0xa57/0xd70 [ 628.841162][T15456] ? netlink_getsockopt+0x9e0/0x9e0 [ 628.846358][T15456] ____sys_sendmsg+0x519/0x800 [ 628.851141][T15456] ? import_iovec+0x12a/0x2c0 [ 628.855819][T15456] __sys_sendmmsg+0x45b/0x680 [ 628.860505][T15456] ? ksys_write+0x1b1/0x220 [ 628.864993][T15456] ? ksys_write+0x1b1/0x220 [ 628.869481][T15456] ? check_preemption_disabled+0x40/0x240 [ 628.875196][T15456] ? check_preemption_disabled+0x40/0x240 [ 628.880909][T15456] __x64_sys_sendmmsg+0x9c/0xb0 [ 628.885749][T15456] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 628.891801][T15456] do_syscall_64+0x73/0xe0 [ 628.896207][T15456] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 628.902085][T15456] RIP: 0033:0x45cb19 [ 628.905957][T15456] Code: Bad RIP value. [ 628.910012][T15456] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 628.918415][T15456] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 628.926380][T15456] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 628.934345][T15456] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 628.942312][T15456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 628.950277][T15456] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 629.000779][T15470] binder: 15457:15470 ioctl 8138ae83 200004c0 returned -22 03:57:21 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x81785501, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:57:21 executing program 1 (fault-call:6 fault-nth:51): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 629.110216][T15477] FAULT_INJECTION: forcing a failure. [ 629.110216][T15477] name failslab, interval 1, probability 0, space 0, times 0 [ 629.134306][T15477] CPU: 1 PID: 15477 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 629.143001][T15477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 629.153069][T15477] Call Trace: [ 629.156367][T15477] dump_stack+0x1f0/0x31e [ 629.160710][T15477] should_fail+0x38a/0x4e0 [ 629.165132][T15477] ? __kernfs_new_node+0x8b/0x630 [ 629.170145][T15477] should_failslab+0x5/0x20 [ 629.174632][T15477] kmem_cache_alloc+0x53/0x2d0 [ 629.179385][T15477] __kernfs_new_node+0x8b/0x630 [ 629.184215][T15477] ? kernfs_add_one+0x4b7/0x600 [ 629.189070][T15477] ? kernfs_add_one+0x4b7/0x600 [ 629.193907][T15477] ? __mutex_unlock_slowpath+0x12d/0x590 [ 629.199523][T15477] kernfs_new_node+0x95/0x160 [ 629.204187][T15477] __kernfs_create_file+0x45/0x2d0 [ 629.209279][T15477] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 629.214637][T15477] internal_create_group+0x445/0xd20 [ 629.219922][T15477] sysfs_create_groups+0x5d/0x130 [ 629.224930][T15477] device_add+0xbac/0x1960 [ 629.229334][T15477] ? dev_set_name+0x6c/0x90 [ 629.233825][T15477] netdev_register_kobject+0x151/0x2e0 [ 629.239268][T15477] register_netdevice+0x130a/0x1b80 [ 629.244552][T15477] br_dev_newlink+0x24/0x110 [ 629.249117][T15477] ? br_validate+0x2a0/0x2a0 [ 629.253691][T15477] rtnl_newlink+0x143e/0x1bf0 [ 629.258368][T15477] ? __lock_acquire+0x116c/0x2c30 [ 629.263435][T15477] ? __mutex_lock_common+0x582/0x2fc0 [ 629.268809][T15477] ? rtnl_setlink+0x490/0x490 [ 629.273480][T15477] rtnetlink_rcv_msg+0x889/0xd40 [ 629.278436][T15477] ? local_bh_enable+0x5/0x20 [ 629.283094][T15477] ? __local_bh_enable_ip+0x133/0x230 [ 629.288471][T15477] ? __dev_queue_xmit+0x1846/0x2940 [ 629.293665][T15477] ? check_preemption_disabled+0x40/0x240 [ 629.299362][T15477] ? debug_smp_processor_id+0x5/0x20 [ 629.304639][T15477] netlink_rcv_skb+0x190/0x3a0 [ 629.309388][T15477] ? rtnetlink_bind+0x80/0x80 [ 629.314063][T15477] netlink_unicast+0x786/0x940 [ 629.318816][T15477] netlink_sendmsg+0xa57/0xd70 [ 629.323570][T15477] ? netlink_getsockopt+0x9e0/0x9e0 [ 629.328747][T15477] ____sys_sendmsg+0x519/0x800 [ 629.333496][T15477] ? import_iovec+0x12a/0x2c0 [ 629.338160][T15477] __sys_sendmmsg+0x45b/0x680 [ 629.342873][T15477] ? ksys_write+0x1b1/0x220 [ 629.347384][T15477] ? ksys_write+0x1b1/0x220 [ 629.351869][T15477] ? check_preemption_disabled+0x40/0x240 [ 629.357833][T15477] ? check_preemption_disabled+0x40/0x240 [ 629.363542][T15477] __x64_sys_sendmmsg+0x9c/0xb0 [ 629.368375][T15477] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 629.374418][T15477] do_syscall_64+0x73/0xe0 [ 629.378816][T15477] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 629.384688][T15477] RIP: 0033:0x45cb19 [ 629.388559][T15477] Code: Bad RIP value. [ 629.392727][T15477] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 629.401113][T15477] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 629.409149][T15477] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 629.417099][T15477] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 629.425049][T15477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 629.432999][T15477] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:57:21 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 629.456792][T15481] binder: 15476:15481 ioctl 81785501 200004c0 returned -22 [ 629.581668][T15487] binder: 15476:15487 ioctl 81785501 200004c0 returned -22 03:57:23 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:57:23 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x5450, &(0x7f0000000000)={0x0, r2}) 03:57:23 executing program 1 (fault-call:6 fault-nth:52): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:23 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="020700"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:57:23 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0x9000aea4, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:57:23 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r1, 0x0, 0x0) [ 631.146392][T15499] FAULT_INJECTION: forcing a failure. [ 631.146392][T15499] name failslab, interval 1, probability 0, space 0, times 0 [ 631.175356][T15504] binder: 15494:15504 ioctl 9000aea4 200004c0 returned -22 [ 631.190074][T15499] CPU: 1 PID: 15499 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 631.198857][T15499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 631.208892][T15499] Call Trace: [ 631.212167][T15499] dump_stack+0x1f0/0x31e [ 631.216485][T15499] should_fail+0x38a/0x4e0 [ 631.220883][T15499] ? __kernfs_new_node+0x8b/0x630 [ 631.225886][T15499] should_failslab+0x5/0x20 [ 631.230364][T15499] kmem_cache_alloc+0x53/0x2d0 [ 631.235116][T15499] __kernfs_new_node+0x8b/0x630 [ 631.239952][T15499] ? kernfs_add_one+0x4b7/0x600 [ 631.244779][T15499] ? kernfs_add_one+0x4b7/0x600 [ 631.249618][T15499] ? __mutex_unlock_slowpath+0x12d/0x590 [ 631.255241][T15499] kernfs_new_node+0x95/0x160 [ 631.259897][T15499] __kernfs_create_file+0x45/0x2d0 [ 631.264984][T15499] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 631.270339][T15499] internal_create_group+0x445/0xd20 [ 631.275618][T15499] sysfs_create_groups+0x5d/0x130 [ 631.280618][T15499] device_add+0xbac/0x1960 [ 631.285015][T15499] ? dev_set_name+0x6c/0x90 [ 631.289496][T15499] netdev_register_kobject+0x151/0x2e0 [ 631.294934][T15499] register_netdevice+0x130a/0x1b80 [ 631.300114][T15499] br_dev_newlink+0x24/0x110 [ 631.304676][T15499] ? br_validate+0x2a0/0x2a0 [ 631.309249][T15499] rtnl_newlink+0x143e/0x1bf0 [ 631.313911][T15499] ? __lock_acquire+0x116c/0x2c30 [ 631.318943][T15499] ? __mutex_lock_common+0x582/0x2fc0 [ 631.324300][T15499] ? rtnl_setlink+0x490/0x490 [ 631.328957][T15499] rtnetlink_rcv_msg+0x889/0xd40 [ 631.333878][T15499] ? local_bh_enable+0x5/0x20 [ 631.338527][T15499] ? __local_bh_enable_ip+0x133/0x230 [ 631.343874][T15499] ? __dev_queue_xmit+0x1846/0x2940 [ 631.349056][T15499] ? check_preemption_disabled+0x40/0x240 [ 631.354862][T15499] ? debug_smp_processor_id+0x5/0x20 [ 631.360124][T15499] netlink_rcv_skb+0x190/0x3a0 [ 631.364860][T15499] ? rtnetlink_bind+0x80/0x80 [ 631.369583][T15499] netlink_unicast+0x786/0x940 [ 631.374347][T15499] netlink_sendmsg+0xa57/0xd70 [ 631.379100][T15499] ? netlink_getsockopt+0x9e0/0x9e0 [ 631.384281][T15499] ____sys_sendmsg+0x519/0x800 [ 631.389025][T15499] ? import_iovec+0x12a/0x2c0 [ 631.393680][T15499] __sys_sendmmsg+0x45b/0x680 [ 631.398359][T15499] ? ksys_write+0x1b1/0x220 [ 631.402835][T15499] ? ksys_write+0x1b1/0x220 [ 631.407314][T15499] ? check_preemption_disabled+0x40/0x240 [ 631.413005][T15499] ? check_preemption_disabled+0x40/0x240 [ 631.418706][T15499] __x64_sys_sendmmsg+0x9c/0xb0 [ 631.423623][T15499] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 631.429811][T15499] do_syscall_64+0x73/0xe0 [ 631.434216][T15499] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 631.440086][T15499] RIP: 0033:0x45cb19 [ 631.443956][T15499] Code: Bad RIP value. [ 631.448000][T15499] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 631.456398][T15499] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 631.464354][T15499] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 631.472303][T15499] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 631.480258][T15499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 631.488216][T15499] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 631.518761][T15510] binder: 15494:15510 ioctl 9000aea4 200004c0 returned -22 03:57:23 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0045878, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:57:23 executing program 1 (fault-call:6 fault-nth:53): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:23 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="020700"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 631.658521][T15518] FAULT_INJECTION: forcing a failure. [ 631.658521][T15518] name failslab, interval 1, probability 0, space 0, times 0 [ 631.672074][T15518] CPU: 0 PID: 15518 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 631.680756][T15518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 631.690947][T15518] Call Trace: [ 631.694247][T15518] dump_stack+0x1f0/0x31e [ 631.698576][T15518] should_fail+0x38a/0x4e0 [ 631.702995][T15518] ? __kernfs_new_node+0x8b/0x630 [ 631.708023][T15518] should_failslab+0x5/0x20 [ 631.712515][T15518] kmem_cache_alloc+0x53/0x2d0 [ 631.717276][T15518] __kernfs_new_node+0x8b/0x630 [ 631.722109][T15518] ? kernfs_add_one+0x4b7/0x600 [ 631.726956][T15518] ? kernfs_add_one+0x4b7/0x600 [ 631.731795][T15518] ? __mutex_unlock_slowpath+0x12d/0x590 [ 631.737418][T15518] kernfs_new_node+0x95/0x160 [ 631.742090][T15518] __kernfs_create_file+0x45/0x2d0 [ 631.747191][T15518] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 631.752559][T15518] internal_create_group+0x445/0xd20 [ 631.757841][T15518] sysfs_create_groups+0x5d/0x130 [ 631.762849][T15518] device_add+0xbac/0x1960 [ 631.767269][T15518] ? dev_set_name+0x6c/0x90 [ 631.771757][T15518] netdev_register_kobject+0x151/0x2e0 [ 631.777206][T15518] register_netdevice+0x130a/0x1b80 [ 631.782401][T15518] br_dev_newlink+0x24/0x110 [ 631.786966][T15518] ? br_validate+0x2a0/0x2a0 [ 631.791555][T15518] rtnl_newlink+0x143e/0x1bf0 [ 631.796234][T15518] ? __lock_acquire+0x116c/0x2c30 [ 631.801291][T15518] ? __mutex_lock_common+0x582/0x2fc0 [ 631.806667][T15518] ? rtnl_setlink+0x490/0x490 [ 631.811365][T15518] rtnetlink_rcv_msg+0x889/0xd40 [ 631.816305][T15518] ? local_bh_enable+0x5/0x20 [ 631.820966][T15518] ? __local_bh_enable_ip+0x133/0x230 [ 631.826317][T15518] ? __dev_queue_xmit+0x1846/0x2940 [ 631.831503][T15518] ? check_preemption_disabled+0x40/0x240 [ 631.837197][T15518] ? debug_smp_processor_id+0x5/0x20 [ 631.842466][T15518] netlink_rcv_skb+0x190/0x3a0 [ 631.847208][T15518] ? rtnetlink_bind+0x80/0x80 [ 631.851905][T15518] netlink_unicast+0x786/0x940 [ 631.856658][T15518] netlink_sendmsg+0xa57/0xd70 [ 631.861435][T15518] ? netlink_getsockopt+0x9e0/0x9e0 [ 631.866622][T15518] ____sys_sendmsg+0x519/0x800 [ 631.871486][T15518] ? import_iovec+0x12a/0x2c0 [ 631.876166][T15518] __sys_sendmmsg+0x45b/0x680 [ 631.880885][T15518] ? ksys_write+0x1b1/0x220 [ 631.885393][T15518] ? ksys_write+0x1b1/0x220 [ 631.889887][T15518] ? check_preemption_disabled+0x40/0x240 [ 631.895595][T15518] ? check_preemption_disabled+0x40/0x240 [ 631.901304][T15518] __x64_sys_sendmmsg+0x9c/0xb0 [ 631.906171][T15518] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 631.912217][T15518] do_syscall_64+0x73/0xe0 [ 631.916618][T15518] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 631.922487][T15518] RIP: 0033:0x45cb19 [ 631.926380][T15518] Code: Bad RIP value. [ 631.930448][T15518] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 631.938837][T15518] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 631.946787][T15518] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 631.954736][T15518] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 631.962684][T15518] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 631.970633][T15518] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:57:24 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0045878, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:57:24 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x5451, &(0x7f0000000000)={0x0, r2}) 03:57:24 executing program 1 (fault-call:6 fault-nth:54): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 632.197486][T15538] FAULT_INJECTION: forcing a failure. [ 632.197486][T15538] name failslab, interval 1, probability 0, space 0, times 0 [ 632.211217][T15538] CPU: 1 PID: 15538 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 632.219892][T15538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 632.229938][T15538] Call Trace: [ 632.233235][T15538] dump_stack+0x1f0/0x31e [ 632.237571][T15538] should_fail+0x38a/0x4e0 [ 632.242012][T15538] ? __kernfs_new_node+0x8b/0x630 [ 632.247036][T15538] should_failslab+0x5/0x20 [ 632.251541][T15538] kmem_cache_alloc+0x53/0x2d0 [ 632.256314][T15538] __kernfs_new_node+0x8b/0x630 [ 632.261172][T15538] ? kernfs_add_one+0x4b7/0x600 [ 632.266023][T15538] ? kernfs_add_one+0x4b7/0x600 [ 632.270877][T15538] ? __mutex_unlock_slowpath+0x12d/0x590 [ 632.276512][T15538] kernfs_new_node+0x95/0x160 [ 632.281191][T15538] __kernfs_create_file+0x45/0x2d0 [ 632.286294][T15538] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 632.291668][T15538] internal_create_group+0x445/0xd20 [ 632.296934][T15538] sysfs_create_groups+0x5d/0x130 [ 632.301932][T15538] device_add+0xbac/0x1960 [ 632.306325][T15538] ? dev_set_name+0x6c/0x90 [ 632.310810][T15538] netdev_register_kobject+0x151/0x2e0 [ 632.316246][T15538] register_netdevice+0x130a/0x1b80 [ 632.321513][T15538] br_dev_newlink+0x24/0x110 [ 632.326073][T15538] ? br_validate+0x2a0/0x2a0 [ 632.330639][T15538] rtnl_newlink+0x143e/0x1bf0 [ 632.335297][T15538] ? __lock_acquire+0x116c/0x2c30 [ 632.340347][T15538] ? __mutex_lock_common+0x582/0x2fc0 [ 632.345715][T15538] ? rtnl_setlink+0x490/0x490 [ 632.350371][T15538] rtnetlink_rcv_msg+0x889/0xd40 [ 632.355303][T15538] ? local_bh_enable+0x5/0x20 [ 632.359964][T15538] ? __local_bh_enable_ip+0x133/0x230 [ 632.365311][T15538] ? __dev_queue_xmit+0x1846/0x2940 [ 632.370509][T15538] ? check_preemption_disabled+0x40/0x240 [ 632.376212][T15538] ? debug_smp_processor_id+0x5/0x20 [ 632.381478][T15538] netlink_rcv_skb+0x190/0x3a0 [ 632.386222][T15538] ? rtnetlink_bind+0x80/0x80 [ 632.390894][T15538] netlink_unicast+0x786/0x940 [ 632.395639][T15538] netlink_sendmsg+0xa57/0xd70 [ 632.400382][T15538] ? netlink_getsockopt+0x9e0/0x9e0 [ 632.405554][T15538] ____sys_sendmsg+0x519/0x800 [ 632.410291][T15538] ? import_iovec+0x12a/0x2c0 [ 632.414943][T15538] __sys_sendmmsg+0x45b/0x680 [ 632.419626][T15538] ? ksys_write+0x1b1/0x220 [ 632.424103][T15538] ? ksys_write+0x1b1/0x220 [ 632.428585][T15538] ? check_preemption_disabled+0x40/0x240 [ 632.434276][T15538] ? check_preemption_disabled+0x40/0x240 [ 632.439980][T15538] __x64_sys_sendmmsg+0x9c/0xb0 [ 632.444820][T15538] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 632.450867][T15538] do_syscall_64+0x73/0xe0 [ 632.455260][T15538] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 632.461231][T15538] RIP: 0033:0x45cb19 [ 632.465214][T15538] Code: Bad RIP value. [ 632.469251][T15538] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 632.477633][T15538] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 632.485588][T15538] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 632.493549][T15538] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 632.501500][T15538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 632.509441][T15538] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:57:26 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:57:26 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="020700"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:57:26 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0046209, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:57:26 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x5452, &(0x7f0000000000)={0x0, r2}) 03:57:26 executing program 1 (fault-call:6 fault-nth:55): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:26 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, 0x0, 0x0, 0x0) [ 634.216019][T15559] FAULT_INJECTION: forcing a failure. [ 634.216019][T15559] name failslab, interval 1, probability 0, space 0, times 0 [ 634.232333][T15559] CPU: 1 PID: 15559 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 634.241028][T15559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 634.251081][T15559] Call Trace: [ 634.254373][T15559] dump_stack+0x1f0/0x31e [ 634.258714][T15559] should_fail+0x38a/0x4e0 [ 634.263126][T15559] ? __kernfs_new_node+0x8b/0x630 [ 634.268130][T15559] should_failslab+0x5/0x20 [ 634.272613][T15559] kmem_cache_alloc+0x53/0x2d0 [ 634.277367][T15559] __kernfs_new_node+0x8b/0x630 [ 634.282245][T15559] ? kernfs_add_one+0x4b7/0x600 [ 634.287076][T15559] ? kernfs_add_one+0x4b7/0x600 [ 634.291913][T15559] ? __mutex_unlock_slowpath+0x12d/0x590 [ 634.297546][T15559] kernfs_new_node+0x95/0x160 [ 634.302209][T15559] __kernfs_create_file+0x45/0x2d0 [ 634.307291][T15559] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 634.312644][T15559] internal_create_group+0x445/0xd20 [ 634.317910][T15559] sysfs_create_groups+0x5d/0x130 [ 634.322911][T15559] device_add+0xbac/0x1960 [ 634.327306][T15559] ? dev_set_name+0x6c/0x90 [ 634.331788][T15559] netdev_register_kobject+0x151/0x2e0 [ 634.337223][T15559] register_netdevice+0x130a/0x1b80 [ 634.342497][T15559] br_dev_newlink+0x24/0x110 [ 634.347060][T15559] ? br_validate+0x2a0/0x2a0 [ 634.351627][T15559] rtnl_newlink+0x143e/0x1bf0 [ 634.356289][T15559] ? __lock_acquire+0x116c/0x2c30 [ 634.361315][T15559] ? __mutex_lock_common+0x582/0x2fc0 [ 634.366671][T15559] ? trace_event_raw_event_lock_acquire+0x1f0/0x1f0 [ 634.373288][T15559] ? rtnl_setlink+0x490/0x490 [ 634.377938][T15559] rtnetlink_rcv_msg+0x889/0xd40 [ 634.382871][T15559] ? local_bh_enable+0x5/0x20 [ 634.387523][T15559] ? __local_bh_enable_ip+0x133/0x230 [ 634.392873][T15559] ? __dev_queue_xmit+0x1846/0x2940 [ 634.398054][T15559] ? check_preemption_disabled+0x40/0x240 [ 634.403743][T15559] ? debug_smp_processor_id+0x5/0x20 [ 634.409004][T15559] netlink_rcv_skb+0x190/0x3a0 [ 634.413740][T15559] ? rtnetlink_bind+0x80/0x80 [ 634.418408][T15559] netlink_unicast+0x786/0x940 [ 634.423160][T15559] netlink_sendmsg+0xa57/0xd70 [ 634.427922][T15559] ? netlink_getsockopt+0x9e0/0x9e0 [ 634.433095][T15559] ____sys_sendmsg+0x519/0x800 [ 634.437835][T15559] ? import_iovec+0x12a/0x2c0 [ 634.442490][T15559] __sys_sendmmsg+0x45b/0x680 [ 634.447161][T15559] ? ksys_write+0x1b1/0x220 [ 634.451663][T15559] ? ksys_write+0x1b1/0x220 [ 634.456144][T15559] ? check_preemption_disabled+0x40/0x240 [ 634.461877][T15559] ? check_preemption_disabled+0x40/0x240 [ 634.467585][T15559] __x64_sys_sendmmsg+0x9c/0xb0 [ 634.472425][T15559] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 634.478502][T15559] do_syscall_64+0x73/0xe0 [ 634.482891][T15559] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 634.488756][T15559] RIP: 0033:0x45cb19 [ 634.492620][T15559] Code: Bad RIP value. [ 634.496671][T15559] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 634.505053][T15559] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 634.512994][T15559] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 634.520937][T15559] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 634.528881][T15559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 634.536825][T15559] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:57:26 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="02070000"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:57:26 executing program 1 (fault-call:6 fault-nth:56): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:26 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc00464c9, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:57:26 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x5460, &(0x7f0000000000)={0x0, r2}) 03:57:26 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="02070000"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 634.696287][T15578] FAULT_INJECTION: forcing a failure. [ 634.696287][T15578] name failslab, interval 1, probability 0, space 0, times 0 [ 634.736669][T15582] binder: 15579:15582 ioctl c00464c9 200004c0 returned -22 [ 634.745913][T15578] CPU: 1 PID: 15578 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 634.754690][T15578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 634.764748][T15578] Call Trace: [ 634.768051][T15578] dump_stack+0x1f0/0x31e [ 634.772404][T15578] should_fail+0x38a/0x4e0 [ 634.776831][T15578] ? __kernfs_new_node+0x8b/0x630 [ 634.781867][T15578] should_failslab+0x5/0x20 [ 634.786376][T15578] kmem_cache_alloc+0x53/0x2d0 [ 634.791143][T15578] __kernfs_new_node+0x8b/0x630 [ 634.795997][T15578] ? kernfs_add_one+0x4b7/0x600 [ 634.800850][T15578] ? kernfs_add_one+0x4b7/0x600 [ 634.805709][T15578] ? __mutex_unlock_slowpath+0x12d/0x590 [ 634.811365][T15578] kernfs_new_node+0x95/0x160 [ 634.816047][T15578] __kernfs_create_file+0x45/0x2d0 [ 634.821277][T15578] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 634.826688][T15578] internal_create_group+0x445/0xd20 [ 634.831987][T15578] sysfs_create_groups+0x5d/0x130 [ 634.837014][T15578] device_add+0xbac/0x1960 [ 634.841438][T15578] ? dev_set_name+0x6c/0x90 [ 634.845936][T15578] netdev_register_kobject+0x151/0x2e0 [ 634.851376][T15578] register_netdevice+0x130a/0x1b80 [ 634.856655][T15578] br_dev_newlink+0x24/0x110 [ 634.861218][T15578] ? br_validate+0x2a0/0x2a0 [ 634.865785][T15578] rtnl_newlink+0x143e/0x1bf0 [ 634.870447][T15578] ? __lock_acquire+0x116c/0x2c30 [ 634.875492][T15578] ? __mutex_lock_common+0x582/0x2fc0 [ 634.880889][T15578] ? rtnl_setlink+0x490/0x490 [ 634.885555][T15578] rtnetlink_rcv_msg+0x889/0xd40 [ 634.890487][T15578] ? local_bh_enable+0x5/0x20 [ 634.895143][T15578] ? __local_bh_enable_ip+0x133/0x230 [ 634.900604][T15578] ? __dev_queue_xmit+0x1846/0x2940 [ 634.905788][T15578] ? check_preemption_disabled+0x40/0x240 [ 634.911483][T15578] ? debug_smp_processor_id+0x5/0x20 [ 634.916779][T15578] netlink_rcv_skb+0x190/0x3a0 [ 634.921539][T15578] ? rtnetlink_bind+0x80/0x80 [ 634.926209][T15578] netlink_unicast+0x786/0x940 [ 634.930969][T15578] netlink_sendmsg+0xa57/0xd70 [ 634.935724][T15578] ? netlink_getsockopt+0x9e0/0x9e0 [ 634.940960][T15578] ____sys_sendmsg+0x519/0x800 [ 634.945704][T15578] ? import_iovec+0x12a/0x2c0 [ 634.950364][T15578] __sys_sendmmsg+0x45b/0x680 [ 634.955073][T15578] ? ksys_write+0x1b1/0x220 [ 634.959561][T15578] ? ksys_write+0x1b1/0x220 [ 634.964174][T15578] ? check_preemption_disabled+0x40/0x240 [ 634.969866][T15578] ? check_preemption_disabled+0x40/0x240 [ 634.975562][T15578] __x64_sys_sendmmsg+0x9c/0xb0 [ 634.980458][T15578] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 634.986500][T15578] do_syscall_64+0x73/0xe0 [ 634.990893][T15578] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 634.996756][T15578] RIP: 0033:0x45cb19 [ 635.000619][T15578] Code: Bad RIP value. [ 635.004655][T15578] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 635.013033][T15578] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 635.020986][T15578] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 635.028948][T15578] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 635.036894][T15578] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 635.044839][T15578] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 635.092229][T15594] binder: 15579:15594 ioctl c00464c9 200004c0 returned -22 03:57:27 executing program 1 (fault-call:6 fault-nth:57): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 635.171125][T15598] FAULT_INJECTION: forcing a failure. [ 635.171125][T15598] name failslab, interval 1, probability 0, space 0, times 0 [ 635.185710][T15598] CPU: 1 PID: 15598 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 635.194392][T15598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 635.204454][T15598] Call Trace: [ 635.207743][T15598] dump_stack+0x1f0/0x31e [ 635.212075][T15598] should_fail+0x38a/0x4e0 [ 635.216593][T15598] ? __kernfs_new_node+0x8b/0x630 [ 635.221609][T15598] should_failslab+0x5/0x20 [ 635.226109][T15598] kmem_cache_alloc+0x53/0x2d0 [ 635.230873][T15598] __kernfs_new_node+0x8b/0x630 [ 635.235717][T15598] ? kernfs_add_one+0x4b7/0x600 [ 635.240559][T15598] ? kernfs_add_one+0x4b7/0x600 [ 635.245406][T15598] ? __mutex_unlock_slowpath+0x12d/0x590 [ 635.251035][T15598] kernfs_new_node+0x95/0x160 [ 635.255713][T15598] __kernfs_create_file+0x45/0x2d0 [ 635.260825][T15598] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 635.266198][T15598] internal_create_group+0x445/0xd20 [ 635.271494][T15598] sysfs_create_groups+0x5d/0x130 [ 635.276516][T15598] device_add+0xbac/0x1960 [ 635.280938][T15598] ? dev_set_name+0x6c/0x90 [ 635.285436][T15598] netdev_register_kobject+0x151/0x2e0 [ 635.290893][T15598] register_netdevice+0x130a/0x1b80 [ 635.296105][T15598] br_dev_newlink+0x24/0x110 [ 635.300689][T15598] ? br_validate+0x2a0/0x2a0 [ 635.305267][T15598] rtnl_newlink+0x143e/0x1bf0 [ 635.309931][T15598] ? __lock_acquire+0x116c/0x2c30 [ 635.314955][T15598] ? __mutex_lock_common+0x582/0x2fc0 [ 635.320314][T15598] ? rtnl_setlink+0x490/0x490 [ 635.324961][T15598] rtnetlink_rcv_msg+0x889/0xd40 [ 635.329878][T15598] ? local_bh_enable+0x5/0x20 [ 635.334527][T15598] ? __local_bh_enable_ip+0x133/0x230 [ 635.339870][T15598] ? __dev_queue_xmit+0x1846/0x2940 [ 635.345051][T15598] ? check_preemption_disabled+0x40/0x240 [ 635.350736][T15598] ? debug_smp_processor_id+0x5/0x20 [ 635.355995][T15598] netlink_rcv_skb+0x190/0x3a0 [ 635.360727][T15598] ? rtnetlink_bind+0x80/0x80 [ 635.365377][T15598] netlink_unicast+0x786/0x940 [ 635.370113][T15598] netlink_sendmsg+0xa57/0xd70 [ 635.374853][T15598] ? netlink_getsockopt+0x9e0/0x9e0 [ 635.380021][T15598] ____sys_sendmsg+0x519/0x800 [ 635.384757][T15598] ? import_iovec+0x12a/0x2c0 [ 635.389406][T15598] __sys_sendmmsg+0x45b/0x680 [ 635.394096][T15598] ? ksys_write+0x1b1/0x220 [ 635.398589][T15598] ? ksys_write+0x1b1/0x220 [ 635.403073][T15598] ? check_preemption_disabled+0x40/0x240 [ 635.408757][T15598] ? check_preemption_disabled+0x40/0x240 [ 635.414449][T15598] __x64_sys_sendmmsg+0x9c/0xb0 [ 635.419277][T15598] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 635.425318][T15598] do_syscall_64+0x73/0xe0 [ 635.429704][T15598] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 635.435572][T15598] RIP: 0033:0x45cb19 [ 635.439431][T15598] Code: Bad RIP value. [ 635.443486][T15598] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 635.451870][T15598] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 635.459814][T15598] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 635.467758][T15598] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 635.475702][T15598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 635.483646][T15598] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:57:29 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0085504, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:57:29 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:57:29 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x5501, &(0x7f0000000000)={0x0, r2}) 03:57:29 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="02070000"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:57:29 executing program 1 (fault-call:6 fault-nth:58): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:29 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, 0x0, 0x0, 0x0) [ 637.246981][T15621] FAULT_INJECTION: forcing a failure. [ 637.246981][T15621] name failslab, interval 1, probability 0, space 0, times 0 [ 637.262747][T15621] CPU: 1 PID: 15621 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 637.267938][T15620] binder: 15608:15620 ioctl c0085504 200004c0 returned -22 [ 637.271552][T15621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 637.271558][T15621] Call Trace: [ 637.271592][T15621] dump_stack+0x1f0/0x31e [ 637.271610][T15621] should_fail+0x38a/0x4e0 [ 637.271627][T15621] ? __kernfs_new_node+0x8b/0x630 [ 637.271644][T15621] should_failslab+0x5/0x20 [ 637.310308][T15621] kmem_cache_alloc+0x53/0x2d0 [ 637.315057][T15621] __kernfs_new_node+0x8b/0x630 [ 637.319883][T15621] ? kernfs_add_one+0x4b7/0x600 [ 637.324712][T15621] ? kernfs_add_one+0x4b7/0x600 [ 637.329541][T15621] ? __mutex_unlock_slowpath+0x12d/0x590 [ 637.335158][T15621] kernfs_new_node+0x95/0x160 [ 637.339827][T15621] __kernfs_create_file+0x45/0x2d0 [ 637.344943][T15621] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 637.350302][T15621] internal_create_group+0x445/0xd20 [ 637.355580][T15621] sysfs_create_groups+0x5d/0x130 [ 637.360587][T15621] device_add+0xbac/0x1960 [ 637.364989][T15621] ? dev_set_name+0x6c/0x90 [ 637.369476][T15621] netdev_register_kobject+0x151/0x2e0 [ 637.374915][T15621] register_netdevice+0x130a/0x1b80 [ 637.380106][T15621] br_dev_newlink+0x24/0x110 [ 637.384692][T15621] ? br_validate+0x2a0/0x2a0 [ 637.389261][T15621] rtnl_newlink+0x143e/0x1bf0 [ 637.393934][T15621] ? __lock_acquire+0x116c/0x2c30 [ 637.398988][T15621] ? __mutex_lock_common+0x582/0x2fc0 [ 637.404365][T15621] ? rtnl_setlink+0x490/0x490 [ 637.409022][T15621] rtnetlink_rcv_msg+0x889/0xd40 [ 637.413964][T15621] ? local_bh_enable+0x5/0x20 [ 637.418618][T15621] ? __local_bh_enable_ip+0x133/0x230 [ 637.423967][T15621] ? __dev_queue_xmit+0x1846/0x2940 [ 637.429161][T15621] ? check_preemption_disabled+0x40/0x240 [ 637.434856][T15621] ? debug_smp_processor_id+0x5/0x20 [ 637.440127][T15621] netlink_rcv_skb+0x190/0x3a0 [ 637.444866][T15621] ? rtnetlink_bind+0x80/0x80 [ 637.449540][T15621] netlink_unicast+0x786/0x940 [ 637.454291][T15621] netlink_sendmsg+0xa57/0xd70 [ 637.459057][T15621] ? netlink_getsockopt+0x9e0/0x9e0 [ 637.464232][T15621] ____sys_sendmsg+0x519/0x800 [ 637.468974][T15621] ? import_iovec+0x12a/0x2c0 [ 637.473637][T15621] __sys_sendmmsg+0x45b/0x680 [ 637.478335][T15621] ? ksys_write+0x1b1/0x220 [ 637.482816][T15621] ? ksys_write+0x1b1/0x220 [ 637.487302][T15621] ? check_preemption_disabled+0x40/0x240 [ 637.492998][T15621] ? check_preemption_disabled+0x40/0x240 [ 637.498701][T15621] __x64_sys_sendmmsg+0x9c/0xb0 [ 637.503530][T15621] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 637.509570][T15621] do_syscall_64+0x73/0xe0 [ 637.513969][T15621] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 637.519845][T15621] RIP: 0033:0x45cb19 [ 637.523711][T15621] Code: Bad RIP value. [ 637.527840][T15621] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 637.536358][T15621] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 03:57:29 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 637.544554][T15621] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 637.552598][T15621] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 637.560545][T15621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 637.568489][T15621] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 637.676297][T15630] binder: 15608:15630 ioctl c0085504 200004c0 returned -22 03:57:29 executing program 1 (fault-call:6 fault-nth:59): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 637.752792][T15634] FAULT_INJECTION: forcing a failure. [ 637.752792][T15634] name failslab, interval 1, probability 0, space 0, times 0 [ 637.778995][T15634] CPU: 1 PID: 15634 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 637.787715][T15634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 637.797765][T15634] Call Trace: [ 637.801053][T15634] dump_stack+0x1f0/0x31e [ 637.805389][T15634] should_fail+0x38a/0x4e0 [ 637.809815][T15634] ? __kernfs_new_node+0x8b/0x630 [ 637.814927][T15634] should_failslab+0x5/0x20 [ 637.819426][T15634] kmem_cache_alloc+0x53/0x2d0 [ 637.824193][T15634] __kernfs_new_node+0x8b/0x630 [ 637.829041][T15634] ? kernfs_add_one+0x4b7/0x600 [ 637.833888][T15634] ? kernfs_add_one+0x4b7/0x600 [ 637.838736][T15634] ? __mutex_unlock_slowpath+0x12d/0x590 [ 637.844375][T15634] kernfs_new_node+0x95/0x160 [ 637.849043][T15634] __kernfs_create_file+0x45/0x2d0 [ 637.854228][T15634] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 637.859606][T15634] internal_create_group+0x445/0xd20 [ 637.864901][T15634] sysfs_create_groups+0x5d/0x130 [ 637.869910][T15634] device_add+0xbac/0x1960 [ 637.874320][T15634] ? dev_set_name+0x6c/0x90 [ 637.878812][T15634] netdev_register_kobject+0x151/0x2e0 [ 637.884260][T15634] register_netdevice+0x130a/0x1b80 [ 637.889469][T15634] br_dev_newlink+0x24/0x110 [ 637.894067][T15634] ? br_validate+0x2a0/0x2a0 [ 637.898640][T15634] rtnl_newlink+0x143e/0x1bf0 [ 637.903315][T15634] ? __lock_acquire+0x116c/0x2c30 [ 637.908377][T15634] ? __mutex_lock_common+0x582/0x2fc0 [ 637.913753][T15634] ? rtnl_setlink+0x490/0x490 [ 637.918410][T15634] rtnetlink_rcv_msg+0x889/0xd40 [ 637.923353][T15634] ? local_bh_enable+0x5/0x20 [ 637.928021][T15634] ? __local_bh_enable_ip+0x133/0x230 [ 637.933381][T15634] ? __dev_queue_xmit+0x1846/0x2940 [ 637.938571][T15634] ? check_preemption_disabled+0x40/0x240 [ 637.944267][T15634] ? debug_smp_processor_id+0x5/0x20 [ 637.949538][T15634] netlink_rcv_skb+0x190/0x3a0 [ 637.954282][T15634] ? rtnetlink_bind+0x80/0x80 [ 637.958952][T15634] netlink_unicast+0x786/0x940 [ 637.963705][T15634] netlink_sendmsg+0xa57/0xd70 [ 637.968458][T15634] ? netlink_getsockopt+0x9e0/0x9e0 [ 637.973636][T15634] ____sys_sendmsg+0x519/0x800 [ 637.978389][T15634] ? import_iovec+0x12a/0x2c0 [ 637.983052][T15634] __sys_sendmmsg+0x45b/0x680 [ 637.987758][T15634] ? ksys_write+0x1b1/0x220 [ 637.992247][T15634] ? ksys_write+0x1b1/0x220 [ 637.996750][T15634] ? check_preemption_disabled+0x40/0x240 [ 638.002444][T15634] ? check_preemption_disabled+0x40/0x240 [ 638.008148][T15634] __x64_sys_sendmmsg+0x9c/0xb0 [ 638.012978][T15634] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 638.019022][T15634] do_syscall_64+0x73/0xe0 [ 638.023418][T15634] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 638.029286][T15634] RIP: 0033:0x45cb19 [ 638.033155][T15634] Code: Bad RIP value. [ 638.037198][T15634] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 638.045587][T15634] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 03:57:29 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:57:30 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc008ae05, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 638.053533][T15634] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 638.061481][T15634] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 638.069431][T15634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 638.077379][T15634] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 638.089643][T15640] binder: 15638:15640 ioctl c008ae05 200004c0 returned -22 [ 638.136670][T15644] binder: 15638:15644 ioctl c008ae05 200004c0 returned -22 03:57:30 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x6364, &(0x7f0000000000)={0x0, r2}) 03:57:30 executing program 1 (fault-call:6 fault-nth:60): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:30 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc01064c7, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 638.275082][T15649] FAULT_INJECTION: forcing a failure. [ 638.275082][T15649] name failslab, interval 1, probability 0, space 0, times 0 [ 638.297220][T15649] CPU: 0 PID: 15649 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 638.306149][T15649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 638.316201][T15649] Call Trace: [ 638.319491][T15649] dump_stack+0x1f0/0x31e [ 638.323932][T15649] should_fail+0x38a/0x4e0 [ 638.328365][T15649] ? __kernfs_new_node+0x8b/0x630 [ 638.333422][T15649] should_failslab+0x5/0x20 [ 638.337918][T15649] kmem_cache_alloc+0x53/0x2d0 [ 638.342768][T15649] __kernfs_new_node+0x8b/0x630 [ 638.347649][T15649] ? kernfs_add_one+0x4b7/0x600 [ 638.352497][T15649] ? kernfs_add_one+0x4b7/0x600 [ 638.357353][T15649] ? __mutex_unlock_slowpath+0x12d/0x590 [ 638.363004][T15649] kernfs_new_node+0x95/0x160 [ 638.367686][T15649] __kernfs_create_file+0x45/0x2d0 [ 638.372798][T15649] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 638.378176][T15649] internal_create_group+0x445/0xd20 [ 638.383476][T15649] sysfs_create_groups+0x5d/0x130 [ 638.388501][T15649] device_add+0xbac/0x1960 [ 638.392921][T15649] ? dev_set_name+0x6c/0x90 [ 638.397429][T15649] netdev_register_kobject+0x151/0x2e0 [ 638.399630][T15654] binder: 15653:15654 ioctl c01064c7 200004c0 returned -22 [ 638.402889][T15649] register_netdevice+0x130a/0x1b80 [ 638.402926][T15649] br_dev_newlink+0x24/0x110 [ 638.419880][T15649] ? br_validate+0x2a0/0x2a0 [ 638.424456][T15649] rtnl_newlink+0x143e/0x1bf0 [ 638.429226][T15649] ? __lock_acquire+0x116c/0x2c30 [ 638.434280][T15649] ? __mutex_lock_common+0x582/0x2fc0 [ 638.439654][T15649] ? rtnl_setlink+0x490/0x490 [ 638.444317][T15649] rtnetlink_rcv_msg+0x889/0xd40 [ 638.449268][T15649] ? local_bh_enable+0x5/0x20 [ 638.453926][T15649] ? __local_bh_enable_ip+0x133/0x230 [ 638.459288][T15649] ? __dev_queue_xmit+0x1846/0x2940 [ 638.464476][T15649] ? check_preemption_disabled+0x40/0x240 [ 638.470170][T15649] ? debug_smp_processor_id+0x5/0x20 [ 638.475441][T15649] netlink_rcv_skb+0x190/0x3a0 [ 638.480181][T15649] ? rtnetlink_bind+0x80/0x80 [ 638.484849][T15649] netlink_unicast+0x786/0x940 [ 638.489603][T15649] netlink_sendmsg+0xa57/0xd70 [ 638.494361][T15649] ? netlink_getsockopt+0x9e0/0x9e0 [ 638.499539][T15649] ____sys_sendmsg+0x519/0x800 [ 638.504289][T15649] ? import_iovec+0x12a/0x2c0 [ 638.508951][T15649] __sys_sendmmsg+0x45b/0x680 [ 638.513652][T15649] ? ksys_write+0x1b1/0x220 [ 638.518132][T15649] ? ksys_write+0x1b1/0x220 [ 638.522614][T15649] ? check_preemption_disabled+0x40/0x240 [ 638.528311][T15649] ? check_preemption_disabled+0x40/0x240 [ 638.534019][T15649] __x64_sys_sendmmsg+0x9c/0xb0 [ 638.538857][T15649] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 638.544901][T15649] do_syscall_64+0x73/0xe0 [ 638.549300][T15649] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 638.555177][T15649] RIP: 0033:0x45cb19 [ 638.559045][T15649] Code: Bad RIP value. [ 638.563093][T15649] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 638.571484][T15649] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 638.579430][T15649] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 638.587378][T15649] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 638.595329][T15649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 638.603278][T15649] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 638.676022][T15662] binder: 15653:15662 ioctl c01064c7 200004c0 returned -22 03:57:32 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:57:32 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:57:32 executing program 1 (fault-call:6 fault-nth:61): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:32 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x8912, &(0x7f0000000000)={0x0, r2}) 03:57:32 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc018620b, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:57:32 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, 0x0, 0x0, 0x0) [ 640.285248][T15674] FAULT_INJECTION: forcing a failure. [ 640.285248][T15674] name failslab, interval 1, probability 0, space 0, times 0 [ 640.311343][T15674] CPU: 0 PID: 15674 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 640.320042][T15674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 640.330088][T15674] Call Trace: [ 640.333387][T15674] dump_stack+0x1f0/0x31e [ 640.337731][T15674] should_fail+0x38a/0x4e0 [ 640.342163][T15674] ? __kernfs_new_node+0x8b/0x630 [ 640.347178][T15674] should_failslab+0x5/0x20 [ 640.351659][T15674] kmem_cache_alloc+0x53/0x2d0 [ 640.356415][T15674] __kernfs_new_node+0x8b/0x630 [ 640.361240][T15674] ? kernfs_add_one+0x4b7/0x600 [ 640.366066][T15674] ? kernfs_add_one+0x4b7/0x600 [ 640.370894][T15674] ? __mutex_unlock_slowpath+0x12d/0x590 [ 640.376518][T15674] kernfs_new_node+0x95/0x160 [ 640.381257][T15674] __kernfs_create_file+0x45/0x2d0 [ 640.386349][T15674] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 640.391700][T15674] internal_create_group+0x445/0xd20 [ 640.396985][T15674] sysfs_create_groups+0x5d/0x130 [ 640.402081][T15674] device_add+0xbac/0x1960 [ 640.406475][T15674] ? dev_set_name+0x6c/0x90 [ 640.410960][T15674] netdev_register_kobject+0x151/0x2e0 [ 640.416399][T15674] register_netdevice+0x130a/0x1b80 [ 640.421597][T15674] br_dev_newlink+0x24/0x110 [ 640.426170][T15674] ? br_validate+0x2a0/0x2a0 [ 640.430734][T15674] rtnl_newlink+0x143e/0x1bf0 [ 640.435395][T15674] ? __lock_acquire+0x116c/0x2c30 [ 640.440443][T15674] ? __mutex_lock_common+0x582/0x2fc0 [ 640.445798][T15674] ? trace_event_raw_event_lock_acquire+0x1f0/0x1f0 [ 640.452379][T15674] ? rtnl_setlink+0x490/0x490 [ 640.457046][T15674] rtnetlink_rcv_msg+0x889/0xd40 [ 640.461982][T15674] ? local_bh_enable+0x5/0x20 [ 640.466644][T15674] ? __local_bh_enable_ip+0x133/0x230 [ 640.472001][T15674] ? __dev_queue_xmit+0x1846/0x2940 [ 640.477308][T15674] ? check_preemption_disabled+0x40/0x240 [ 640.483126][T15674] ? debug_smp_processor_id+0x5/0x20 [ 640.488386][T15674] netlink_rcv_skb+0x190/0x3a0 [ 640.493219][T15674] ? rtnetlink_bind+0x80/0x80 [ 640.497873][T15674] netlink_unicast+0x786/0x940 [ 640.502723][T15674] netlink_sendmsg+0xa57/0xd70 [ 640.507483][T15674] ? netlink_getsockopt+0x9e0/0x9e0 [ 640.512760][T15674] ____sys_sendmsg+0x519/0x800 [ 640.517508][T15674] ? import_iovec+0x12a/0x2c0 [ 640.522179][T15674] __sys_sendmmsg+0x45b/0x680 [ 640.526859][T15674] ? ksys_write+0x1b1/0x220 [ 640.531334][T15674] ? ksys_write+0x1b1/0x220 [ 640.535815][T15674] ? check_preemption_disabled+0x40/0x240 [ 640.541508][T15674] ? check_preemption_disabled+0x40/0x240 [ 640.547220][T15674] __x64_sys_sendmmsg+0x9c/0xb0 [ 640.552073][T15674] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 640.558217][T15674] do_syscall_64+0x73/0xe0 [ 640.562620][T15674] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 640.568487][T15674] RIP: 0033:0x45cb19 [ 640.572402][T15674] Code: Bad RIP value. [ 640.576452][T15674] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 640.584833][T15674] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 640.592781][T15674] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 640.600736][T15674] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 640.608688][T15674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 640.616667][T15674] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:57:32 executing program 1 (fault-call:6 fault-nth:62): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:32 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc018620c, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:57:32 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, 0x0}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 640.759320][T15694] FAULT_INJECTION: forcing a failure. [ 640.759320][T15694] name failslab, interval 1, probability 0, space 0, times 0 [ 640.784165][T15696] binder: 15695:15696 ioctl c018620c 200004c0 returned -22 [ 640.789453][T15694] CPU: 0 PID: 15694 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 640.800129][T15694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 640.810262][T15694] Call Trace: [ 640.813537][T15694] dump_stack+0x1f0/0x31e [ 640.817863][T15694] should_fail+0x38a/0x4e0 [ 640.822266][T15694] ? __kernfs_new_node+0x8b/0x630 [ 640.827280][T15694] should_failslab+0x5/0x20 [ 640.831764][T15694] kmem_cache_alloc+0x53/0x2d0 [ 640.836515][T15694] __kernfs_new_node+0x8b/0x630 [ 640.841343][T15694] ? kernfs_add_one+0x4b7/0x600 [ 640.846173][T15694] ? kernfs_add_one+0x4b7/0x600 [ 640.851005][T15694] ? __mutex_unlock_slowpath+0x12d/0x590 [ 640.856624][T15694] kernfs_new_node+0x95/0x160 [ 640.861285][T15694] __kernfs_create_file+0x45/0x2d0 [ 640.866386][T15694] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 640.871742][T15694] internal_create_group+0x445/0xd20 [ 640.877048][T15694] sysfs_create_groups+0x5d/0x130 [ 640.882077][T15694] device_add+0xbac/0x1960 [ 640.886488][T15694] ? dev_set_name+0x6c/0x90 [ 640.890979][T15694] netdev_register_kobject+0x151/0x2e0 [ 640.896426][T15694] register_netdevice+0x130a/0x1b80 [ 640.901621][T15694] br_dev_newlink+0x24/0x110 [ 640.906189][T15694] ? br_validate+0x2a0/0x2a0 [ 640.910771][T15694] rtnl_newlink+0x143e/0x1bf0 [ 640.915451][T15694] ? __lock_acquire+0x116c/0x2c30 [ 640.920505][T15694] ? __mutex_lock_common+0x582/0x2fc0 [ 640.925889][T15694] ? rtnl_setlink+0x490/0x490 [ 640.930545][T15694] rtnetlink_rcv_msg+0x889/0xd40 [ 640.935483][T15694] ? local_bh_enable+0x5/0x20 [ 640.940248][T15694] ? __local_bh_enable_ip+0x133/0x230 [ 640.945602][T15694] ? __dev_queue_xmit+0x1846/0x2940 [ 640.950798][T15694] ? check_preemption_disabled+0x40/0x240 [ 640.956492][T15694] ? debug_smp_processor_id+0x5/0x20 [ 640.961764][T15694] netlink_rcv_skb+0x190/0x3a0 [ 640.966545][T15694] ? rtnetlink_bind+0x80/0x80 [ 640.971212][T15694] netlink_unicast+0x786/0x940 [ 640.975963][T15694] netlink_sendmsg+0xa57/0xd70 [ 640.980711][T15694] ? netlink_getsockopt+0x9e0/0x9e0 [ 640.985885][T15694] ____sys_sendmsg+0x519/0x800 [ 640.990654][T15694] ? import_iovec+0x12a/0x2c0 [ 640.995315][T15694] __sys_sendmmsg+0x45b/0x680 [ 641.000012][T15694] ? ksys_write+0x1b1/0x220 [ 641.004497][T15694] ? ksys_write+0x1b1/0x220 [ 641.008980][T15694] ? check_preemption_disabled+0x40/0x240 [ 641.014764][T15694] ? check_preemption_disabled+0x40/0x240 [ 641.020492][T15694] __x64_sys_sendmmsg+0x9c/0xb0 [ 641.025323][T15694] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 641.031374][T15694] do_syscall_64+0x73/0xe0 [ 641.035778][T15694] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 641.041647][T15694] RIP: 0033:0x45cb19 [ 641.045513][T15694] Code: Bad RIP value. [ 641.049555][T15694] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 641.058044][T15694] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 641.065995][T15694] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 641.073945][T15694] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 641.081894][T15694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 641.089925][T15694] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:57:33 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x8933, &(0x7f0000000000)={0x0, r2}) 03:57:33 executing program 1 (fault-call:6 fault-nth:63): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 641.185305][T15705] binder: 15695:15705 ioctl c018620c 200004c0 returned -22 03:57:33 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc01864c6, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 641.299388][T15708] FAULT_INJECTION: forcing a failure. [ 641.299388][T15708] name failslab, interval 1, probability 0, space 0, times 0 [ 641.318434][T15708] CPU: 1 PID: 15708 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 641.327126][T15708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 641.337275][T15708] Call Trace: [ 641.340797][T15708] dump_stack+0x1f0/0x31e [ 641.345141][T15708] should_fail+0x38a/0x4e0 [ 641.349558][T15708] ? __kernfs_new_node+0x8b/0x630 [ 641.354580][T15708] should_failslab+0x5/0x20 [ 641.359079][T15708] kmem_cache_alloc+0x53/0x2d0 [ 641.363827][T15708] __kernfs_new_node+0x8b/0x630 [ 641.368671][T15708] ? kernfs_add_one+0x4b7/0x600 [ 641.373505][T15708] ? __kernfs_create_file+0x252/0x2d0 [ 641.378853][T15708] ? make_kgid+0x1ca/0x300 [ 641.383247][T15708] kernfs_create_dir_ns+0x90/0x220 [ 641.388355][T15708] internal_create_group+0x1e2/0xd20 [ 641.393630][T15708] sysfs_create_groups+0x5d/0x130 [ 641.398633][T15708] device_add+0x862/0x1960 [ 641.403039][T15708] ? device_add+0xb31/0x1960 [ 641.407621][T15708] netdev_register_kobject+0x151/0x2e0 [ 641.413067][T15708] register_netdevice+0x130a/0x1b80 [ 641.418260][T15708] br_dev_newlink+0x24/0x110 [ 641.422827][T15708] ? br_validate+0x2a0/0x2a0 [ 641.427399][T15708] rtnl_newlink+0x143e/0x1bf0 [ 641.432079][T15708] ? __lock_acquire+0x116c/0x2c30 [ 641.437136][T15708] ? __mutex_lock_common+0x582/0x2fc0 [ 641.442517][T15708] ? rtnl_setlink+0x490/0x490 [ 641.447172][T15708] rtnetlink_rcv_msg+0x889/0xd40 [ 641.452110][T15708] ? local_bh_enable+0x5/0x20 [ 641.456764][T15708] ? __local_bh_enable_ip+0x133/0x230 [ 641.462121][T15708] ? __dev_queue_xmit+0x1846/0x2940 [ 641.467322][T15708] ? check_preemption_disabled+0x40/0x240 [ 641.473017][T15708] ? debug_smp_processor_id+0x5/0x20 [ 641.478287][T15708] netlink_rcv_skb+0x190/0x3a0 [ 641.483033][T15708] ? rtnetlink_bind+0x80/0x80 [ 641.487699][T15708] netlink_unicast+0x786/0x940 [ 641.492453][T15708] netlink_sendmsg+0xa57/0xd70 [ 641.497225][T15708] ? netlink_getsockopt+0x9e0/0x9e0 [ 641.502400][T15708] ____sys_sendmsg+0x519/0x800 [ 641.507142][T15708] ? import_iovec+0x12a/0x2c0 [ 641.511799][T15708] __sys_sendmmsg+0x45b/0x680 [ 641.516501][T15708] ? ksys_write+0x1b1/0x220 [ 641.520978][T15708] ? ksys_write+0x1b1/0x220 [ 641.525461][T15708] ? check_preemption_disabled+0x40/0x240 [ 641.531158][T15708] ? check_preemption_disabled+0x40/0x240 [ 641.536868][T15708] __x64_sys_sendmmsg+0x9c/0xb0 [ 641.541698][T15708] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 641.547739][T15708] do_syscall_64+0x73/0xe0 [ 641.552135][T15708] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 641.558006][T15708] RIP: 0033:0x45cb19 [ 641.561892][T15708] Code: Bad RIP value. [ 641.565945][T15708] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 641.574332][T15708] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 641.582279][T15708] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 641.590227][T15708] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 641.598178][T15708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 641.606136][T15708] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 641.632146][T15715] binder: 15712:15715 ioctl c01864c6 200004c0 returned -22 [ 641.790910][T15715] binder: 15712:15715 ioctl c01864c6 200004c0 returned -22 03:57:35 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:57:35 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, 0x0}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:57:35 executing program 1 (fault-call:6 fault-nth:64): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:35 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x8982, &(0x7f0000000000)={0x0, r2}) 03:57:35 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0189436, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:57:35 executing program 4 (fault-call:11 fault-nth:0): r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) [ 643.299114][T15731] FAULT_INJECTION: forcing a failure. [ 643.299114][T15731] name failslab, interval 1, probability 0, space 0, times 0 [ 643.318917][T15731] CPU: 1 PID: 15731 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 643.327620][T15731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 643.337691][T15731] Call Trace: [ 643.341000][T15731] dump_stack+0x1f0/0x31e [ 643.345340][T15731] should_fail+0x38a/0x4e0 [ 643.349783][T15731] ? __kernfs_new_node+0x8b/0x630 [ 643.354793][T15731] should_failslab+0x5/0x20 [ 643.359279][T15731] kmem_cache_alloc+0x53/0x2d0 [ 643.364046][T15731] __kernfs_new_node+0x8b/0x630 [ 643.368879][T15731] ? kernfs_add_one+0x4b7/0x600 [ 643.373725][T15731] ? __kernfs_create_file+0x252/0x2d0 [ 643.379077][T15731] ? make_kgid+0x1ca/0x300 [ 643.383474][T15731] kernfs_create_dir_ns+0x90/0x220 [ 643.388568][T15731] internal_create_group+0x1e2/0xd20 [ 643.393847][T15731] sysfs_create_groups+0x5d/0x130 [ 643.398856][T15731] device_add+0x862/0x1960 [ 643.403255][T15731] ? device_add+0xb31/0x1960 [ 643.407842][T15731] netdev_register_kobject+0x151/0x2e0 [ 643.413286][T15731] register_netdevice+0x130a/0x1b80 [ 643.418493][T15731] br_dev_newlink+0x24/0x110 [ 643.423060][T15731] ? br_validate+0x2a0/0x2a0 [ 643.427676][T15731] rtnl_newlink+0x143e/0x1bf0 [ 643.432356][T15731] ? __lock_acquire+0x116c/0x2c30 [ 643.437427][T15731] ? __mutex_lock_common+0x582/0x2fc0 [ 643.442825][T15731] ? rtnl_setlink+0x490/0x490 [ 643.447486][T15731] rtnetlink_rcv_msg+0x889/0xd40 [ 643.452426][T15731] ? local_bh_enable+0x5/0x20 [ 643.457082][T15731] ? __local_bh_enable_ip+0x133/0x230 [ 643.462437][T15731] ? __dev_queue_xmit+0x1846/0x2940 [ 643.467655][T15731] ? check_preemption_disabled+0x40/0x240 [ 643.473354][T15731] ? debug_smp_processor_id+0x5/0x20 [ 643.478636][T15731] netlink_rcv_skb+0x190/0x3a0 [ 643.483377][T15731] ? rtnetlink_bind+0x80/0x80 [ 643.488054][T15731] netlink_unicast+0x786/0x940 [ 643.492819][T15731] netlink_sendmsg+0xa57/0xd70 [ 643.497582][T15731] ? netlink_getsockopt+0x9e0/0x9e0 [ 643.502765][T15731] ____sys_sendmsg+0x519/0x800 [ 643.507518][T15731] ? import_iovec+0x12a/0x2c0 [ 643.512183][T15731] __sys_sendmmsg+0x45b/0x680 [ 643.516888][T15731] ? ksys_write+0x1b1/0x220 [ 643.521384][T15731] ? ksys_write+0x1b1/0x220 [ 643.525909][T15731] ? check_preemption_disabled+0x40/0x240 [ 643.531604][T15731] ? check_preemption_disabled+0x40/0x240 [ 643.537308][T15731] __x64_sys_sendmmsg+0x9c/0xb0 [ 643.542140][T15731] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 643.548181][T15731] do_syscall_64+0x73/0xe0 [ 643.552575][T15731] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 643.558444][T15731] RIP: 0033:0x45cb19 [ 643.562313][T15731] Code: Bad RIP value. [ 643.566354][T15731] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 643.574743][T15731] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 643.582692][T15731] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 643.590643][T15731] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 643.598592][T15731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 643.606540][T15731] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:57:35 executing program 1 (fault-call:6 fault-nth:65): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:36 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, 0x0}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 643.817335][T15752] FAULT_INJECTION: forcing a failure. [ 643.817335][T15752] name failslab, interval 1, probability 0, space 0, times 0 [ 643.841836][T15752] CPU: 1 PID: 15752 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 643.850531][T15752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 643.860589][T15752] Call Trace: [ 643.863934][T15752] dump_stack+0x1f0/0x31e [ 643.868290][T15752] should_fail+0x38a/0x4e0 [ 643.872698][T15752] ? __kernfs_new_node+0x8b/0x630 [ 643.877700][T15752] should_failslab+0x5/0x20 [ 643.882192][T15752] kmem_cache_alloc+0x53/0x2d0 [ 643.886965][T15752] __kernfs_new_node+0x8b/0x630 [ 643.891853][T15752] ? kernfs_add_one+0x4b7/0x600 [ 643.896709][T15752] kernfs_new_node+0x95/0x160 [ 643.901376][T15752] __kernfs_create_file+0x45/0x2d0 [ 643.906471][T15752] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 643.911841][T15752] internal_create_group+0x445/0xd20 [ 643.917113][T15752] sysfs_create_groups+0x5d/0x130 [ 643.922118][T15752] device_add+0x862/0x1960 [ 643.926516][T15752] ? device_add+0xb31/0x1960 [ 643.931092][T15752] netdev_register_kobject+0x151/0x2e0 [ 643.936545][T15752] register_netdevice+0x130a/0x1b80 [ 643.941726][T15752] br_dev_newlink+0x24/0x110 [ 643.946295][T15752] ? br_validate+0x2a0/0x2a0 [ 643.950886][T15752] rtnl_newlink+0x143e/0x1bf0 [ 643.955548][T15752] ? __lock_acquire+0x116c/0x2c30 [ 643.960568][T15752] ? __mutex_lock_common+0x582/0x2fc0 [ 643.965934][T15752] ? rtnl_setlink+0x490/0x490 [ 643.970588][T15752] rtnetlink_rcv_msg+0x889/0xd40 [ 643.975533][T15752] ? local_bh_enable+0x5/0x20 [ 643.980220][T15752] ? __local_bh_enable_ip+0x133/0x230 [ 643.985584][T15752] ? __dev_queue_xmit+0x1846/0x2940 [ 643.990766][T15752] ? check_preemption_disabled+0x40/0x240 [ 643.996459][T15752] ? debug_smp_processor_id+0x5/0x20 [ 644.001731][T15752] netlink_rcv_skb+0x190/0x3a0 [ 644.006470][T15752] ? rtnetlink_bind+0x80/0x80 [ 644.011124][T15752] netlink_unicast+0x786/0x940 [ 644.015868][T15752] netlink_sendmsg+0xa57/0xd70 [ 644.020627][T15752] ? netlink_getsockopt+0x9e0/0x9e0 [ 644.025809][T15752] ____sys_sendmsg+0x519/0x800 [ 644.030554][T15752] ? import_iovec+0x12a/0x2c0 [ 644.035218][T15752] __sys_sendmmsg+0x45b/0x680 [ 644.039949][T15752] ? ksys_write+0x1b1/0x220 [ 644.044434][T15752] ? ksys_write+0x1b1/0x220 [ 644.048954][T15752] ? check_preemption_disabled+0x40/0x240 [ 644.054654][T15752] ? check_preemption_disabled+0x40/0x240 [ 644.060358][T15752] __x64_sys_sendmmsg+0x9c/0xb0 [ 644.065206][T15752] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 644.071283][T15752] do_syscall_64+0x73/0xe0 [ 644.075682][T15752] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 644.081549][T15752] RIP: 0033:0x45cb19 [ 644.085411][T15752] Code: Bad RIP value. [ 644.089464][T15752] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 644.097858][T15752] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 644.105802][T15752] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 03:57:36 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0205648, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 644.113745][T15752] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 644.121696][T15752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 644.129652][T15752] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:57:36 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0xab00, &(0x7f0000000000)={0x0, r2}) [ 644.177529][T15761] binder: 15759:15761 ioctl c0205648 200004c0 returned -22 [ 644.215011][T15763] binder: 15759:15763 ioctl c0205648 200004c0 returned -22 03:57:36 executing program 1 (fault-call:6 fault-nth:66): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:36 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 644.341198][T15770] FAULT_INJECTION: forcing a failure. [ 644.341198][T15770] name failslab, interval 1, probability 0, space 0, times 0 [ 644.368517][T15770] CPU: 1 PID: 15770 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 644.377206][T15770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 644.387269][T15770] Call Trace: [ 644.390565][T15770] dump_stack+0x1f0/0x31e [ 644.394890][T15770] should_fail+0x38a/0x4e0 [ 644.399283][T15770] ? __kernfs_new_node+0x8b/0x630 [ 644.404290][T15770] should_failslab+0x5/0x20 [ 644.408791][T15770] kmem_cache_alloc+0x53/0x2d0 [ 644.413568][T15770] __kernfs_new_node+0x8b/0x630 [ 644.418422][T15770] ? kernfs_add_one+0x4b7/0x600 [ 644.423261][T15770] ? kernfs_add_one+0x4b7/0x600 [ 644.428087][T15770] ? __mutex_unlock_slowpath+0x12d/0x590 [ 644.433709][T15770] kernfs_new_node+0x95/0x160 [ 644.438375][T15770] __kernfs_create_file+0x45/0x2d0 [ 644.443459][T15770] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 644.448808][T15770] internal_create_group+0x445/0xd20 [ 644.454073][T15770] sysfs_create_groups+0x5d/0x130 [ 644.459074][T15770] device_add+0x862/0x1960 [ 644.463467][T15770] ? device_add+0xb31/0x1960 [ 644.468044][T15770] netdev_register_kobject+0x151/0x2e0 [ 644.473489][T15770] register_netdevice+0x130a/0x1b80 [ 644.478680][T15770] br_dev_newlink+0x24/0x110 [ 644.483241][T15770] ? br_validate+0x2a0/0x2a0 [ 644.487838][T15770] rtnl_newlink+0x143e/0x1bf0 [ 644.492508][T15770] ? __lock_acquire+0x116c/0x2c30 [ 644.497527][T15770] ? __mutex_lock_common+0x582/0x2fc0 [ 644.502883][T15770] ? rtnl_setlink+0x490/0x490 [ 644.507661][T15770] rtnetlink_rcv_msg+0x889/0xd40 [ 644.512586][T15770] ? local_bh_enable+0x5/0x20 [ 644.517245][T15770] ? __local_bh_enable_ip+0x133/0x230 [ 644.522587][T15770] ? __dev_queue_xmit+0x1846/0x2940 [ 644.527766][T15770] ? check_preemption_disabled+0x40/0x240 [ 644.533457][T15770] ? debug_smp_processor_id+0x5/0x20 [ 644.538728][T15770] netlink_rcv_skb+0x190/0x3a0 [ 644.543467][T15770] ? rtnetlink_bind+0x80/0x80 [ 644.548119][T15770] netlink_unicast+0x786/0x940 [ 644.552877][T15770] netlink_sendmsg+0xa57/0xd70 [ 644.557620][T15770] ? netlink_getsockopt+0x9e0/0x9e0 [ 644.562795][T15770] ____sys_sendmsg+0x519/0x800 [ 644.567532][T15770] ? import_iovec+0x12a/0x2c0 [ 644.572183][T15770] __sys_sendmmsg+0x45b/0x680 [ 644.576851][T15770] ? ksys_write+0x1b1/0x220 [ 644.581323][T15770] ? ksys_write+0x1b1/0x220 [ 644.585812][T15770] ? check_preemption_disabled+0x40/0x240 [ 644.591499][T15770] ? check_preemption_disabled+0x40/0x240 [ 644.597188][T15770] __x64_sys_sendmmsg+0x9c/0xb0 [ 644.602010][T15770] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 644.608043][T15770] do_syscall_64+0x73/0xe0 [ 644.612429][T15770] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 644.618293][T15770] RIP: 0033:0x45cb19 [ 644.622154][T15770] Code: Bad RIP value. [ 644.626190][T15770] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 644.634568][T15770] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 644.642520][T15770] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 644.650496][T15770] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 644.658449][T15770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 644.666392][T15770] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:57:38 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:57:38 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc020660b, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:57:38 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:57:38 executing program 1 (fault-call:6 fault-nth:67): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:38 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0xae01, &(0x7f0000000000)={0x0, r2}) 03:57:38 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) [ 646.409553][T15789] FAULT_INJECTION: forcing a failure. [ 646.409553][T15789] name failslab, interval 1, probability 0, space 0, times 0 [ 646.434023][T15789] CPU: 0 PID: 15789 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 646.442733][T15789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 646.452797][T15789] Call Trace: [ 646.456098][T15789] dump_stack+0x1f0/0x31e [ 646.460451][T15789] should_fail+0x38a/0x4e0 [ 646.464879][T15789] ? __kernfs_new_node+0x8b/0x630 [ 646.469907][T15789] should_failslab+0x5/0x20 [ 646.474412][T15789] kmem_cache_alloc+0x53/0x2d0 [ 646.479180][T15789] __kernfs_new_node+0x8b/0x630 [ 646.484054][T15789] ? kernfs_add_one+0x4b7/0x600 [ 646.488904][T15789] ? kernfs_add_one+0x4b7/0x600 [ 646.493743][T15789] ? __mutex_unlock_slowpath+0x12d/0x590 [ 646.499359][T15789] kernfs_new_node+0x95/0x160 [ 646.504047][T15789] __kernfs_create_file+0x45/0x2d0 [ 646.509141][T15789] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 646.514499][T15789] internal_create_group+0x445/0xd20 [ 646.519866][T15789] sysfs_create_groups+0x5d/0x130 [ 646.524874][T15789] device_add+0x862/0x1960 [ 646.529271][T15789] ? device_add+0xb31/0x1960 [ 646.533854][T15789] netdev_register_kobject+0x151/0x2e0 [ 646.539322][T15789] register_netdevice+0x130a/0x1b80 [ 646.544515][T15789] br_dev_newlink+0x24/0x110 [ 646.549080][T15789] ? br_validate+0x2a0/0x2a0 [ 646.553654][T15789] rtnl_newlink+0x143e/0x1bf0 [ 646.558336][T15789] ? __lock_acquire+0x116c/0x2c30 [ 646.563389][T15789] ? __mutex_lock_common+0x582/0x2fc0 [ 646.568763][T15789] ? rtnl_setlink+0x490/0x490 [ 646.573418][T15789] rtnetlink_rcv_msg+0x889/0xd40 [ 646.578352][T15789] ? local_bh_enable+0x5/0x20 [ 646.583006][T15789] ? __local_bh_enable_ip+0x133/0x230 [ 646.588387][T15789] ? __dev_queue_xmit+0x1846/0x2940 [ 646.593593][T15789] ? check_preemption_disabled+0x40/0x240 [ 646.599287][T15789] ? debug_smp_processor_id+0x5/0x20 [ 646.604558][T15789] netlink_rcv_skb+0x190/0x3a0 [ 646.609298][T15789] ? rtnetlink_bind+0x80/0x80 [ 646.613966][T15789] netlink_unicast+0x786/0x940 [ 646.618725][T15789] netlink_sendmsg+0xa57/0xd70 [ 646.623478][T15789] ? netlink_getsockopt+0x9e0/0x9e0 [ 646.628656][T15789] ____sys_sendmsg+0x519/0x800 [ 646.633400][T15789] ? import_iovec+0x12a/0x2c0 [ 646.638059][T15789] __sys_sendmmsg+0x45b/0x680 [ 646.642769][T15789] ? ksys_write+0x1b1/0x220 [ 646.647247][T15789] ? ksys_write+0x1b1/0x220 [ 646.651740][T15789] ? check_preemption_disabled+0x40/0x240 [ 646.657472][T15789] ? check_preemption_disabled+0x40/0x240 [ 646.663174][T15789] __x64_sys_sendmmsg+0x9c/0xb0 [ 646.668004][T15789] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 646.674085][T15789] do_syscall_64+0x73/0xe0 [ 646.678486][T15789] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 646.684354][T15789] RIP: 0033:0x45cb19 [ 646.688221][T15789] Code: Bad RIP value. [ 646.692260][T15789] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 646.700645][T15789] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 646.708591][T15789] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 646.716539][T15789] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 646.724490][T15789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 646.732437][T15789] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:57:39 executing program 1 (fault-call:6 fault-nth:68): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:39 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc02464bb, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 646.897926][T15811] FAULT_INJECTION: forcing a failure. [ 646.897926][T15811] name failslab, interval 1, probability 0, space 0, times 0 03:57:39 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0xae41, &(0x7f0000000000)={0x0, r2}) 03:57:39 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 646.955664][T15811] CPU: 1 PID: 15811 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 646.964364][T15811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 646.974414][T15811] Call Trace: [ 646.977710][T15811] dump_stack+0x1f0/0x31e [ 646.982054][T15811] should_fail+0x38a/0x4e0 [ 646.986467][T15811] ? __kernfs_new_node+0x8b/0x630 [ 646.991491][T15811] should_failslab+0x5/0x20 [ 646.995985][T15811] kmem_cache_alloc+0x53/0x2d0 [ 647.000747][T15811] __kernfs_new_node+0x8b/0x630 [ 647.005619][T15811] ? kernfs_add_one+0x4b7/0x600 [ 647.010465][T15811] ? kernfs_add_one+0x4b7/0x600 [ 647.015301][T15811] ? __mutex_unlock_slowpath+0x12d/0x590 [ 647.020922][T15811] kernfs_new_node+0x95/0x160 [ 647.025585][T15811] __kernfs_create_file+0x45/0x2d0 [ 647.030685][T15811] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 647.036043][T15811] internal_create_group+0x445/0xd20 [ 647.041323][T15811] sysfs_create_groups+0x5d/0x130 [ 647.046348][T15811] device_add+0x862/0x1960 [ 647.050747][T15811] ? device_add+0xb31/0x1960 [ 647.055336][T15811] netdev_register_kobject+0x151/0x2e0 [ 647.060778][T15811] register_netdevice+0x130a/0x1b80 [ 647.065974][T15811] br_dev_newlink+0x24/0x110 [ 647.070540][T15811] ? br_validate+0x2a0/0x2a0 [ 647.075112][T15811] rtnl_newlink+0x143e/0x1bf0 [ 647.079799][T15811] ? __lock_acquire+0x116c/0x2c30 [ 647.084855][T15811] ? __mutex_lock_common+0x582/0x2fc0 [ 647.090227][T15811] ? rtnl_setlink+0x490/0x490 [ 647.094888][T15811] rtnetlink_rcv_msg+0x889/0xd40 [ 647.099824][T15811] ? local_bh_enable+0x5/0x20 [ 647.104478][T15811] ? __local_bh_enable_ip+0x133/0x230 [ 647.109829][T15811] ? __dev_queue_xmit+0x1846/0x2940 [ 647.115017][T15811] ? check_preemption_disabled+0x40/0x240 [ 647.120717][T15811] ? debug_smp_processor_id+0x5/0x20 [ 647.125985][T15811] netlink_rcv_skb+0x190/0x3a0 [ 647.130725][T15811] ? rtnetlink_bind+0x80/0x80 [ 647.135398][T15811] netlink_unicast+0x786/0x940 [ 647.140151][T15811] netlink_sendmsg+0xa57/0xd70 [ 647.144907][T15811] ? netlink_getsockopt+0x9e0/0x9e0 [ 647.150106][T15811] ____sys_sendmsg+0x519/0x800 [ 647.154865][T15811] ? import_iovec+0x12a/0x2c0 [ 647.159528][T15811] __sys_sendmmsg+0x45b/0x680 [ 647.164231][T15811] ? ksys_write+0x1b1/0x220 [ 647.168714][T15811] ? ksys_write+0x1b1/0x220 [ 647.173197][T15811] ? check_preemption_disabled+0x40/0x240 [ 647.178891][T15811] ? check_preemption_disabled+0x40/0x240 [ 647.184596][T15811] __x64_sys_sendmmsg+0x9c/0xb0 [ 647.189425][T15811] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 647.195466][T15811] do_syscall_64+0x73/0xe0 [ 647.199868][T15811] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 647.205739][T15811] RIP: 0033:0x45cb19 [ 647.209617][T15811] Code: Bad RIP value. [ 647.213675][T15811] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 647.222064][T15811] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 647.230027][T15811] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 647.237983][T15811] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 647.245933][T15811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 647.253881][T15811] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 647.296789][T15818] binder: 15814:15818 ioctl c02464bb 200004c0 returned -22 03:57:39 executing program 1 (fault-call:6 fault-nth:69): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 647.414895][T15828] binder: 15814:15828 ioctl c02464bb 200004c0 returned -22 03:57:39 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 647.550365][T15833] FAULT_INJECTION: forcing a failure. [ 647.550365][T15833] name failslab, interval 1, probability 0, space 0, times 0 [ 647.576357][T15833] CPU: 0 PID: 15833 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 647.585049][T15833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 647.595115][T15833] Call Trace: [ 647.598412][T15833] dump_stack+0x1f0/0x31e [ 647.602742][T15833] should_fail+0x38a/0x4e0 [ 647.607157][T15833] ? __kernfs_new_node+0x8b/0x630 [ 647.612181][T15833] should_failslab+0x5/0x20 [ 647.616684][T15833] kmem_cache_alloc+0x53/0x2d0 [ 647.621438][T15833] __kernfs_new_node+0x8b/0x630 [ 647.626275][T15833] ? kernfs_add_one+0x4b7/0x600 [ 647.631099][T15833] ? kernfs_add_one+0x4b7/0x600 [ 647.635922][T15833] ? __mutex_unlock_slowpath+0x12d/0x590 [ 647.641528][T15833] kernfs_new_node+0x95/0x160 [ 647.646187][T15833] __kernfs_create_file+0x45/0x2d0 [ 647.651388][T15833] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 647.656750][T15833] internal_create_group+0x445/0xd20 [ 647.662021][T15833] sysfs_create_groups+0x5d/0x130 [ 647.667020][T15833] device_add+0x862/0x1960 [ 647.671409][T15833] ? device_add+0xb31/0x1960 [ 647.675977][T15833] netdev_register_kobject+0x151/0x2e0 [ 647.681409][T15833] register_netdevice+0x130a/0x1b80 [ 647.686593][T15833] br_dev_newlink+0x24/0x110 [ 647.691151][T15833] ? br_validate+0x2a0/0x2a0 [ 647.695819][T15833] rtnl_newlink+0x143e/0x1bf0 [ 647.700475][T15833] ? __lock_acquire+0x116c/0x2c30 [ 647.705603][T15833] ? __mutex_lock_common+0x582/0x2fc0 [ 647.710958][T15833] ? rtnl_setlink+0x490/0x490 [ 647.715619][T15833] rtnetlink_rcv_msg+0x889/0xd40 [ 647.720545][T15833] ? local_bh_enable+0x5/0x20 [ 647.725205][T15833] ? __local_bh_enable_ip+0x133/0x230 [ 647.730549][T15833] ? __dev_queue_xmit+0x1846/0x2940 [ 647.735727][T15833] ? check_preemption_disabled+0x40/0x240 [ 647.741419][T15833] ? debug_smp_processor_id+0x5/0x20 [ 647.746681][T15833] netlink_rcv_skb+0x190/0x3a0 [ 647.751417][T15833] ? rtnetlink_bind+0x80/0x80 [ 647.756070][T15833] netlink_unicast+0x786/0x940 [ 647.760812][T15833] netlink_sendmsg+0xa57/0xd70 [ 647.765552][T15833] ? netlink_getsockopt+0x9e0/0x9e0 [ 647.770724][T15833] ____sys_sendmsg+0x519/0x800 [ 647.775459][T15833] ? import_iovec+0x12a/0x2c0 [ 647.780107][T15833] __sys_sendmmsg+0x45b/0x680 [ 647.784786][T15833] ? ksys_write+0x1b1/0x220 [ 647.789264][T15833] ? ksys_write+0x1b1/0x220 [ 647.793741][T15833] ? check_preemption_disabled+0x40/0x240 [ 647.799477][T15833] ? check_preemption_disabled+0x40/0x240 [ 647.805190][T15833] __x64_sys_sendmmsg+0x9c/0xb0 [ 647.810014][T15833] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 647.816053][T15833] do_syscall_64+0x73/0xe0 [ 647.820445][T15833] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 647.826310][T15833] RIP: 0033:0x45cb19 [ 647.830171][T15833] Code: Bad RIP value. [ 647.834206][T15833] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 647.842593][T15833] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 647.850586][T15833] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 647.858532][T15833] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 647.866478][T15833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 647.874428][T15833] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:57:41 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:57:41 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306203, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:57:41 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0xae60, &(0x7f0000000000)={0x0, r2}) 03:57:41 executing program 1 (fault-call:6 fault-nth:70): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:41 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 649.439368][T15851] binder: 15846:15851 ioctl c0306203 200004c0 returned -22 [ 649.475944][T15853] FAULT_INJECTION: forcing a failure. [ 649.475944][T15853] name failslab, interval 1, probability 0, space 0, times 0 03:57:41 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:57:41 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x20, r0, 0x0, 0x0) [ 649.529637][T15853] CPU: 0 PID: 15853 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 649.538455][T15853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 649.548528][T15853] Call Trace: [ 649.551827][T15853] dump_stack+0x1f0/0x31e [ 649.556169][T15853] should_fail+0x38a/0x4e0 [ 649.560592][T15853] ? __kernfs_new_node+0x8b/0x630 [ 649.565615][T15853] should_failslab+0x5/0x20 [ 649.570218][T15853] kmem_cache_alloc+0x53/0x2d0 [ 649.574991][T15853] __kernfs_new_node+0x8b/0x630 03:57:41 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/capi/capi20ncci\x00', 0x20000, 0x0) sendmsg$DEVLINK_CMD_PORT_SPLIT(r1, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000380)={&(0x7f0000000440)={0xf8, 0x0, 0x10, 0x70bd2a, 0x25dfdbfd, {}, [{{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0x9, 0x6}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x2}}, {0x8, 0x9, 0x3}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x1000}}, {0x8, 0x9, 0x5}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x1}}, {0x8, 0x9, 0x7}}]}, 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x20004000) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) semop(0x0, &(0x7f0000000000)=[{0x2, 0x7fff}, {0x0, 0x1}], 0x2) semctl$SEM_STAT(0x0, 0x3, 0x12, &(0x7f0000000400)=""/42) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$VIDIOC_S_MODULATOR(r4, 0x40445637, &(0x7f0000000000)={0x0, "ee4f0112030e5e0b47e2f6216a66367bd4b6b5193c92473c4067819ebabf05ee", 0x1, 0x2cdb, 0x2, 0x4, 0x2}) ptrace$cont(0x9, r2, 0x0, 0x0) [ 649.579840][T15853] ? kernfs_add_one+0x4b7/0x600 [ 649.584693][T15853] ? kernfs_add_one+0x4b7/0x600 [ 649.589545][T15853] ? __mutex_unlock_slowpath+0x12d/0x590 [ 649.595308][T15853] kernfs_new_node+0x95/0x160 [ 649.599989][T15853] __kernfs_create_file+0x45/0x2d0 [ 649.605099][T15853] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 649.610479][T15853] internal_create_group+0x445/0xd20 [ 649.615780][T15853] sysfs_create_groups+0x5d/0x130 [ 649.620906][T15853] device_add+0x862/0x1960 [ 649.625323][T15853] ? device_add+0xb31/0x1960 [ 649.629930][T15853] netdev_register_kobject+0x151/0x2e0 [ 649.635384][T15853] register_netdevice+0x130a/0x1b80 [ 649.640567][T15853] br_dev_newlink+0x24/0x110 [ 649.645128][T15853] ? br_validate+0x2a0/0x2a0 [ 649.649700][T15853] rtnl_newlink+0x143e/0x1bf0 [ 649.654360][T15853] ? __lock_acquire+0x116c/0x2c30 [ 649.660363][T15853] ? __mutex_lock_common+0x582/0x2fc0 [ 649.665729][T15853] ? trace_event_raw_event_lock_acquire+0x1f0/0x1f0 [ 649.672344][T15853] ? rtnl_setlink+0x490/0x490 [ 649.677016][T15853] rtnetlink_rcv_msg+0x889/0xd40 [ 649.681941][T15853] ? local_bh_enable+0x5/0x20 [ 649.686592][T15853] ? __local_bh_enable_ip+0x133/0x230 [ 649.691945][T15853] ? __dev_queue_xmit+0x1846/0x2940 [ 649.697146][T15853] ? check_preemption_disabled+0x40/0x240 [ 649.702857][T15853] ? debug_smp_processor_id+0x5/0x20 [ 649.708130][T15853] netlink_rcv_skb+0x190/0x3a0 [ 649.712933][T15853] ? rtnetlink_bind+0x80/0x80 [ 649.717660][T15853] netlink_unicast+0x786/0x940 [ 649.722548][T15853] netlink_sendmsg+0xa57/0xd70 [ 649.727295][T15853] ? netlink_getsockopt+0x9e0/0x9e0 [ 649.732539][T15853] ____sys_sendmsg+0x519/0x800 [ 649.737297][T15853] ? import_iovec+0x12a/0x2c0 [ 649.741968][T15853] __sys_sendmmsg+0x45b/0x680 [ 649.746661][T15853] ? ksys_write+0x1b1/0x220 [ 649.751137][T15853] ? ksys_write+0x1b1/0x220 [ 649.755618][T15853] ? check_preemption_disabled+0x40/0x240 [ 649.761313][T15853] ? check_preemption_disabled+0x40/0x240 [ 649.767012][T15853] __x64_sys_sendmmsg+0x9c/0xb0 [ 649.771849][T15853] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 649.777913][T15853] do_syscall_64+0x73/0xe0 [ 649.782325][T15853] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 649.788199][T15853] RIP: 0033:0x45cb19 [ 649.792068][T15853] Code: Bad RIP value. [ 649.796126][T15853] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 649.804630][T15853] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 649.812579][T15853] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 649.820527][T15853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 649.828476][T15853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 649.836438][T15853] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 649.863549][T15869] binder: 15846:15869 ioctl c0306203 200004c0 returned -22 03:57:42 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306205, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:57:42 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write$FUSE_STATFS(r3, &(0x7f0000000000)={0x60, 0x0, 0x8, {{0x7, 0x200, 0x1000, 0x6, 0x2, 0x81, 0x8001, 0x7fff}}}, 0x60) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:57:42 executing program 1 (fault-call:6 fault-nth:71): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:42 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 650.009354][T15879] FAULT_INJECTION: forcing a failure. [ 650.009354][T15879] name failslab, interval 1, probability 0, space 0, times 0 [ 650.039518][T15882] binder: 15878:15882 ioctl c0306205 200004c0 returned -22 [ 650.044268][T15879] CPU: 1 PID: 15879 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 650.055458][T15879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 650.065519][T15879] Call Trace: [ 650.068815][T15879] dump_stack+0x1f0/0x31e [ 650.073140][T15879] should_fail+0x38a/0x4e0 [ 650.077544][T15879] ? __kernfs_new_node+0x8b/0x630 [ 650.082552][T15879] should_failslab+0x5/0x20 [ 650.087032][T15879] kmem_cache_alloc+0x53/0x2d0 [ 650.091784][T15879] __kernfs_new_node+0x8b/0x630 [ 650.096615][T15879] ? kernfs_add_one+0x4b7/0x600 [ 650.101445][T15879] ? kernfs_add_one+0x4b7/0x600 [ 650.106281][T15879] ? __mutex_unlock_slowpath+0x12d/0x590 [ 650.111900][T15879] kernfs_new_node+0x95/0x160 [ 650.116567][T15879] __kernfs_create_file+0x45/0x2d0 [ 650.121662][T15879] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 650.127029][T15879] internal_create_group+0x445/0xd20 [ 650.132313][T15879] sysfs_create_groups+0x5d/0x130 [ 650.137325][T15879] device_add+0x862/0x1960 [ 650.141726][T15879] ? device_add+0xb31/0x1960 [ 650.146315][T15879] netdev_register_kobject+0x151/0x2e0 [ 650.151764][T15879] register_netdevice+0x130a/0x1b80 [ 650.156968][T15879] br_dev_newlink+0x24/0x110 [ 650.161535][T15879] ? br_validate+0x2a0/0x2a0 [ 650.166107][T15879] rtnl_newlink+0x143e/0x1bf0 [ 650.170781][T15879] ? __lock_acquire+0x116c/0x2c30 [ 650.175835][T15879] ? __mutex_lock_common+0x582/0x2fc0 [ 650.181213][T15879] ? rtnl_setlink+0x490/0x490 [ 650.185872][T15879] rtnetlink_rcv_msg+0x889/0xd40 [ 650.190809][T15879] ? local_bh_enable+0x5/0x20 [ 650.195464][T15879] ? __local_bh_enable_ip+0x133/0x230 [ 650.200815][T15879] ? __dev_queue_xmit+0x1846/0x2940 [ 650.206003][T15879] ? check_preemption_disabled+0x40/0x240 [ 650.211800][T15879] ? debug_smp_processor_id+0x5/0x20 [ 650.217072][T15879] netlink_rcv_skb+0x190/0x3a0 [ 650.221813][T15879] ? rtnetlink_bind+0x80/0x80 [ 650.226575][T15879] netlink_unicast+0x786/0x940 [ 650.231330][T15879] netlink_sendmsg+0xa57/0xd70 [ 650.236084][T15879] ? netlink_getsockopt+0x9e0/0x9e0 [ 650.241260][T15879] ____sys_sendmsg+0x519/0x800 [ 650.246006][T15879] ? import_iovec+0x12a/0x2c0 [ 650.250666][T15879] __sys_sendmmsg+0x45b/0x680 [ 650.255367][T15879] ? ksys_write+0x1b1/0x220 [ 650.259848][T15879] ? ksys_write+0x1b1/0x220 [ 650.264341][T15879] ? check_preemption_disabled+0x40/0x240 [ 650.270039][T15879] ? check_preemption_disabled+0x40/0x240 [ 650.275748][T15879] __x64_sys_sendmmsg+0x9c/0xb0 [ 650.280581][T15879] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 650.286627][T15879] do_syscall_64+0x73/0xe0 [ 650.291132][T15879] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 650.297092][T15879] RIP: 0033:0x45cb19 [ 650.300962][T15879] Code: Bad RIP value. 03:57:42 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0xae80, &(0x7f0000000000)={0x0, r2}) [ 650.305007][T15879] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 650.313407][T15879] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 650.321401][T15879] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 650.329353][T15879] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 650.337307][T15879] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 650.345263][T15879] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 650.411195][T15889] binder: 15878:15889 ioctl c0306205 200004c0 returned -22 03:57:42 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0481273, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:57:42 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_genetlink_get_family_id$nl80211(&(0x7f0000001c40)='nl80211\x00') r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write$smackfs_ptrace(r3, &(0x7f00000002c0)=0x1, 0x14) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x2b}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x541400, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r4, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x20, 0x140e, 0x400, 0x70bd25, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x20}, 0x1, 0x0, 0x0, 0x4800}, 0x4884c) process_vm_writev(r0, &(0x7f0000001840)=[{&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f0000001300)=""/165, 0xa5}, {&(0x7f00000013c0)=""/230, 0xe6}, {&(0x7f00000014c0)=""/61, 0x3d}, {&(0x7f0000001500)=""/168, 0xa8}, {&(0x7f00000015c0)=""/149, 0x95}, {&(0x7f0000001680)=""/151, 0x97}, {&(0x7f0000001740)=""/140, 0x8c}, {&(0x7f0000001800)=""/29, 0x1d}], 0x9, &(0x7f0000001c00)=[{&(0x7f0000001900)=""/194, 0xc2}, {&(0x7f0000001a00)=""/76, 0x4c}, {&(0x7f0000001a80)=""/222, 0xde}, {&(0x7f0000001b80)=""/78, 0x4e}], 0x4, 0x0) ptrace$cont(0x9, r1, 0x0, 0x0) 03:57:42 executing program 1 (fault-call:6 fault-nth:72): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 650.570349][T15906] binder: 15901:15906 ioctl c0481273 200004c0 returned -22 03:57:42 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0xaf01, &(0x7f0000000000)={0x0, r2}) [ 650.647988][T15916] ptrace attach of "/root/syz-executor.4"[15912] was attempted by "/root/syz-executor.4"[15916] [ 650.677310][T15917] FAULT_INJECTION: forcing a failure. [ 650.677310][T15917] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 650.690646][T15917] CPU: 1 PID: 15917 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 650.699400][T15917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 650.703527][T15918] binder: 15901:15918 ioctl c0481273 200004c0 returned -22 [ 650.709454][T15917] Call Trace: [ 650.719942][T15917] dump_stack+0x1f0/0x31e [ 650.724290][T15917] should_fail+0x38a/0x4e0 [ 650.728715][T15917] prepare_alloc_pages+0x28c/0x4a0 [ 650.733845][T15917] __alloc_pages_nodemask+0xbc/0x5e0 [ 650.739146][T15917] kmem_getpages+0x49/0x900 [ 650.743660][T15917] cache_grow_begin+0x7b/0x2e0 [ 650.748408][T15917] cache_alloc_refill+0x359/0x3f0 [ 650.753418][T15917] ? check_preemption_disabled+0xb0/0x240 [ 650.759115][T15917] ? debug_smp_processor_id+0x5/0x20 [ 650.764428][T15917] ? __kernfs_new_node+0x8b/0x630 [ 650.769425][T15917] kmem_cache_alloc+0x2b5/0x2d0 [ 650.774255][T15917] __kernfs_new_node+0x8b/0x630 [ 650.779105][T15917] ? kernfs_add_one+0x4b7/0x600 [ 650.783932][T15917] ? kernfs_add_one+0x4b7/0x600 [ 650.788763][T15917] ? __mutex_unlock_slowpath+0x12d/0x590 [ 650.794385][T15917] kernfs_new_node+0x95/0x160 [ 650.799062][T15917] __kernfs_create_file+0x45/0x2d0 [ 650.804155][T15917] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 650.809524][T15917] internal_create_group+0x445/0xd20 [ 650.814804][T15917] sysfs_create_groups+0x5d/0x130 [ 650.819809][T15917] device_add+0x862/0x1960 [ 650.824206][T15917] ? device_add+0xb31/0x1960 [ 650.828814][T15917] netdev_register_kobject+0x151/0x2e0 [ 650.834321][T15917] register_netdevice+0x130a/0x1b80 [ 650.839530][T15917] br_dev_newlink+0x24/0x110 [ 650.844121][T15917] ? br_validate+0x2a0/0x2a0 [ 650.848697][T15917] rtnl_newlink+0x143e/0x1bf0 [ 650.853397][T15917] ? __lock_acquire+0x116c/0x2c30 [ 650.858466][T15917] ? __mutex_lock_common+0x582/0x2fc0 [ 650.863830][T15917] ? trace_event_raw_event_lock_acquire+0x1f0/0x1f0 [ 650.870417][T15917] ? rtnl_setlink+0x490/0x490 [ 650.875081][T15917] rtnetlink_rcv_msg+0x889/0xd40 [ 650.880033][T15917] ? local_bh_enable+0x5/0x20 [ 650.884696][T15917] ? __local_bh_enable_ip+0x133/0x230 [ 650.890046][T15917] ? __dev_queue_xmit+0x1846/0x2940 [ 650.895234][T15917] ? check_preemption_disabled+0x40/0x240 [ 650.900926][T15917] ? debug_smp_processor_id+0x5/0x20 [ 650.906195][T15917] netlink_rcv_skb+0x190/0x3a0 [ 650.910939][T15917] ? rtnetlink_bind+0x80/0x80 [ 650.915606][T15917] netlink_unicast+0x786/0x940 [ 650.920363][T15917] netlink_sendmsg+0xa57/0xd70 [ 650.925118][T15917] ? netlink_getsockopt+0x9e0/0x9e0 [ 650.930296][T15917] ____sys_sendmsg+0x519/0x800 [ 650.935044][T15917] ? import_iovec+0x12a/0x2c0 [ 650.939709][T15917] __sys_sendmmsg+0x45b/0x680 [ 650.944520][T15917] ? ksys_write+0x1b1/0x220 [ 650.949002][T15917] ? ksys_write+0x1b1/0x220 [ 650.953487][T15917] ? check_preemption_disabled+0x40/0x240 [ 650.959185][T15917] ? check_preemption_disabled+0x40/0x240 [ 650.964893][T15917] __x64_sys_sendmmsg+0x9c/0xb0 [ 650.969733][T15917] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 650.975783][T15917] do_syscall_64+0x73/0xe0 [ 650.980188][T15917] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 650.986065][T15917] RIP: 0033:0x45cb19 [ 650.989940][T15917] Code: Bad RIP value. [ 650.993981][T15917] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 651.002370][T15917] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 651.010409][T15917] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 651.018361][T15917] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 651.026315][T15917] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 651.034271][T15917] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:57:43 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:57:44 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x20, r0, 0x0, 0x0) 03:57:44 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0d05640, &(0x7f00000004c0)={0xc, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:57:44 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0xaf02, &(0x7f0000000000)={0x0, r2}) 03:57:44 executing program 1 (fault-call:6 fault-nth:73): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:44 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 652.650708][T15959] FAULT_INJECTION: forcing a failure. [ 652.650708][T15959] name failslab, interval 1, probability 0, space 0, times 0 [ 652.671579][T15959] CPU: 1 PID: 15959 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 652.673807][T15963] binder: 15955:15963 ioctl c0d05640 200004c0 returned -22 [ 652.680272][T15959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 652.680279][T15959] Call Trace: [ 652.680302][T15959] dump_stack+0x1f0/0x31e [ 652.680319][T15959] should_fail+0x38a/0x4e0 [ 652.680336][T15959] ? __kernfs_new_node+0x8b/0x630 [ 652.680348][T15959] should_failslab+0x5/0x20 [ 652.680358][T15959] kmem_cache_alloc+0x53/0x2d0 [ 652.680371][T15959] __kernfs_new_node+0x8b/0x630 [ 652.680383][T15959] ? kernfs_add_one+0x4b7/0x600 [ 652.733388][T15959] ? kernfs_add_one+0x4b7/0x600 [ 652.738223][T15959] ? __mutex_unlock_slowpath+0x12d/0x590 [ 652.743841][T15959] kernfs_new_node+0x95/0x160 [ 652.748504][T15959] __kernfs_create_file+0x45/0x2d0 [ 652.753598][T15959] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 652.758976][T15959] internal_create_group+0x445/0xd20 [ 652.764262][T15959] sysfs_create_groups+0x5d/0x130 [ 652.769277][T15959] device_add+0x862/0x1960 [ 652.773685][T15959] ? device_add+0xb31/0x1960 [ 652.778274][T15959] netdev_register_kobject+0x151/0x2e0 [ 652.783724][T15959] register_netdevice+0x130a/0x1b80 [ 652.788930][T15959] br_dev_newlink+0x24/0x110 [ 652.793583][T15959] ? br_validate+0x2a0/0x2a0 [ 652.798156][T15959] rtnl_newlink+0x143e/0x1bf0 [ 652.802831][T15959] ? __lock_acquire+0x116c/0x2c30 [ 652.807878][T15959] ? __mutex_lock_common+0x582/0x2fc0 [ 652.813267][T15959] ? rtnl_setlink+0x490/0x490 [ 652.817933][T15959] rtnetlink_rcv_msg+0x889/0xd40 [ 652.822915][T15959] ? local_bh_enable+0x5/0x20 [ 652.827579][T15959] ? __local_bh_enable_ip+0x133/0x230 [ 652.832942][T15959] ? __dev_queue_xmit+0x1846/0x2940 [ 652.838140][T15959] ? check_preemption_disabled+0x40/0x240 [ 652.843867][T15959] ? debug_smp_processor_id+0x5/0x20 [ 652.849146][T15959] netlink_rcv_skb+0x190/0x3a0 [ 652.853897][T15959] ? rtnetlink_bind+0x80/0x80 [ 652.858591][T15959] netlink_unicast+0x786/0x940 [ 652.863360][T15959] netlink_sendmsg+0xa57/0xd70 [ 652.868127][T15959] ? netlink_getsockopt+0x9e0/0x9e0 [ 652.873332][T15959] ____sys_sendmsg+0x519/0x800 [ 652.878105][T15959] ? import_iovec+0x12a/0x2c0 [ 652.882775][T15959] __sys_sendmmsg+0x45b/0x680 [ 652.887473][T15959] ? ksys_write+0x1b1/0x220 [ 652.891965][T15959] ? ksys_write+0x1b1/0x220 [ 652.896451][T15959] ? check_preemption_disabled+0x40/0x240 [ 652.902146][T15959] ? check_preemption_disabled+0x40/0x240 [ 652.907844][T15959] __x64_sys_sendmmsg+0x9c/0xb0 [ 652.912684][T15959] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 652.918736][T15959] do_syscall_64+0x73/0xe0 [ 652.923139][T15959] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 652.929012][T15959] RIP: 0033:0x45cb19 [ 652.933083][T15959] Code: Bad RIP value. [ 652.937145][T15959] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 652.945537][T15959] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 652.953491][T15959] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 652.961562][T15959] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 652.969618][T15959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 652.977572][T15959] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:57:45 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x20, r0, 0x0, 0x0) [ 653.005829][T15968] ptrace attach of "/root/syz-executor.0"[15966] was attempted by "/root/syz-executor.0"[15968] [ 653.071426][T15977] binder: 15955:15977 ioctl c0d05640 200004c0 returned -22 03:57:45 executing program 1 (fault-call:6 fault-nth:74): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:45 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) socket$key(0xf, 0x3, 0x2) sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 653.250736][T15989] FAULT_INJECTION: forcing a failure. [ 653.250736][T15989] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 653.263968][T15989] CPU: 1 PID: 15989 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 653.272645][T15989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 653.282702][T15989] Call Trace: [ 653.285980][T15989] dump_stack+0x1f0/0x31e [ 653.290284][T15989] should_fail+0x38a/0x4e0 [ 653.294691][T15989] prepare_alloc_pages+0x28c/0x4a0 [ 653.299794][T15989] __alloc_pages_nodemask+0xbc/0x5e0 [ 653.305057][T15989] kmem_getpages+0x49/0x900 [ 653.309542][T15989] cache_grow_begin+0x7b/0x2e0 [ 653.314288][T15989] cache_alloc_refill+0x359/0x3f0 [ 653.319292][T15989] ? check_preemption_disabled+0xb0/0x240 [ 653.324986][T15989] ? debug_smp_processor_id+0x5/0x20 [ 653.330251][T15989] ? __kernfs_new_node+0x8b/0x630 [ 653.335253][T15989] kmem_cache_alloc+0x2b5/0x2d0 [ 653.340086][T15989] __kernfs_new_node+0x8b/0x630 [ 653.344914][T15989] ? kernfs_add_one+0x4b7/0x600 [ 653.349744][T15989] ? kernfs_add_one+0x4b7/0x600 [ 653.354582][T15989] ? __mutex_unlock_slowpath+0x12d/0x590 [ 653.360198][T15989] kernfs_new_node+0x95/0x160 [ 653.364975][T15989] __kernfs_create_file+0x45/0x2d0 [ 653.370075][T15989] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 653.375444][T15989] internal_create_group+0x445/0xd20 [ 653.380716][T15989] sysfs_create_groups+0x5d/0x130 [ 653.385727][T15989] device_add+0x862/0x1960 [ 653.390121][T15989] ? device_add+0xb31/0x1960 [ 653.394700][T15989] netdev_register_kobject+0x151/0x2e0 [ 653.400139][T15989] register_netdevice+0x130a/0x1b80 [ 653.405447][T15989] br_dev_newlink+0x24/0x110 [ 653.410071][T15989] ? br_validate+0x2a0/0x2a0 [ 653.414646][T15989] rtnl_newlink+0x143e/0x1bf0 [ 653.419316][T15989] ? __lock_acquire+0x116c/0x2c30 [ 653.424347][T15989] ? __mutex_lock_common+0x582/0x2fc0 [ 653.429714][T15989] ? rtnl_setlink+0x490/0x490 [ 653.434371][T15989] rtnetlink_rcv_msg+0x889/0xd40 [ 653.439316][T15989] ? local_bh_enable+0x5/0x20 [ 653.443974][T15989] ? __local_bh_enable_ip+0x133/0x230 [ 653.449334][T15989] ? __dev_queue_xmit+0x1846/0x2940 [ 653.454528][T15989] ? check_preemption_disabled+0x40/0x240 [ 653.460226][T15989] ? debug_smp_processor_id+0x5/0x20 [ 653.465496][T15989] netlink_rcv_skb+0x190/0x3a0 [ 653.470246][T15989] ? rtnetlink_bind+0x80/0x80 [ 653.474944][T15989] netlink_unicast+0x786/0x940 [ 653.479690][T15989] netlink_sendmsg+0xa57/0xd70 [ 653.484439][T15989] ? netlink_getsockopt+0x9e0/0x9e0 [ 653.489616][T15989] ____sys_sendmsg+0x519/0x800 [ 653.494457][T15989] ? import_iovec+0x12a/0x2c0 [ 653.499118][T15989] __sys_sendmmsg+0x45b/0x680 [ 653.503802][T15989] ? ksys_write+0x1b1/0x220 [ 653.508281][T15989] ? ksys_write+0x1b1/0x220 [ 653.512763][T15989] ? check_preemption_disabled+0x40/0x240 [ 653.518458][T15989] ? check_preemption_disabled+0x40/0x240 [ 653.524163][T15989] __x64_sys_sendmmsg+0x9c/0xb0 [ 653.528993][T15989] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 653.535059][T15989] do_syscall_64+0x73/0xe0 [ 653.539552][T15989] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 653.545552][T15989] RIP: 0033:0x45cb19 [ 653.549450][T15989] Code: Bad RIP value. [ 653.553512][T15989] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 653.562031][T15989] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 653.569984][T15989] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 653.577995][T15989] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 653.585946][T15989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 653.593897][T15989] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:57:45 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x20004004, &(0x7f0000000040)={0xa, 0x20004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0xc498ead121f97dd6) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000280)=@gcm_128={{0x304}, "d44eb8e9308ec7c6", "442065238929350ade91900b51fc9534", '\t\x00 \x00', '\x00\x00\x00\x00\x00\x00\x00\a'}, 0x28) sendto$inet6(r3, &(0x7f0000000080)="39a110", 0xffffffffffffffc1, 0x40, 0x0, 0xfffffffffffffe5b) ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000000000)={r3}) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:57:45 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:57:45 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x400454ca, &(0x7f0000000000)={0x0, r2}) 03:57:45 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) socket$key(0xf, 0x3, 0x2) sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:57:46 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) socket$key(0xf, 0x3, 0x2) sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:57:46 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x2, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:57:46 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x2a) ptrace$setregs(0xf, r1, 0x400, &(0x7f0000000240)="768b5f5407bc2522ed9a6c8e1458e9d23a69b492d6e5cf7b2a0eb54376271a4794d914cda9a554a6d0b64829fc89faac24086d83f312e5dab396365a7ac207652911a0fb24d77997d5f37b872468f3ee7f898da3079dc4b74704d6eb01566684264d3339ce9f3fabd5bd6133bd5ef9ffd77721e7f4348b0c878a985e484c3e3a051cc7d80ddb4d200f1b71787571381e8944ba7c46613f690f17ddf51d98d99ea1fd28cc18910a3b3fb6e7bbeb698cdf0800f14c3f6a704b50b9c7f20306ef35c34a73a109c6cb6c22c1b889ddc61e170d63e94452d65965eb94f2093fc1a03d797c09be49e153c669") ptrace$cont(0x9, r1, 0x0, 0x0) 03:57:46 executing program 1 (fault-call:6 fault-nth:75): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:46 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, 0x0, 0x0, 0x0) [ 653.902604][T16026] binder: 16019:16026 unknown command 16392 [ 653.926206][T16028] FAULT_INJECTION: forcing a failure. [ 653.926206][T16028] name failslab, interval 1, probability 0, space 0, times 0 [ 653.941534][T16026] binder: 16019:16026 ioctl c0306201 200004c0 returned -22 [ 654.006606][T16028] CPU: 0 PID: 16028 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 654.015444][T16028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 654.025688][T16028] Call Trace: [ 654.028974][T16028] dump_stack+0x1f0/0x31e [ 654.033300][T16028] should_fail+0x38a/0x4e0 [ 654.037708][T16028] ? __kernfs_new_node+0x8b/0x630 [ 654.042719][T16028] should_failslab+0x5/0x20 [ 654.047380][T16028] kmem_cache_alloc+0x53/0x2d0 [ 654.052145][T16028] __kernfs_new_node+0x8b/0x630 [ 654.056977][T16028] ? kernfs_add_one+0x4b7/0x600 [ 654.061813][T16028] ? kernfs_add_one+0x4b7/0x600 [ 654.066659][T16028] ? __mutex_unlock_slowpath+0x12d/0x590 [ 654.072291][T16028] kernfs_new_node+0x95/0x160 [ 654.077071][T16028] __kernfs_create_file+0x45/0x2d0 [ 654.082169][T16028] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 654.087533][T16028] internal_create_group+0x445/0xd20 [ 654.092828][T16028] sysfs_create_groups+0x5d/0x130 [ 654.097840][T16028] device_add+0x862/0x1960 [ 654.102241][T16028] ? device_add+0xb31/0x1960 [ 654.106828][T16028] netdev_register_kobject+0x151/0x2e0 [ 654.112286][T16028] register_netdevice+0x130a/0x1b80 [ 654.117489][T16028] br_dev_newlink+0x24/0x110 [ 654.122089][T16028] ? br_validate+0x2a0/0x2a0 [ 654.126678][T16028] rtnl_newlink+0x143e/0x1bf0 [ 654.131362][T16028] ? __lock_acquire+0x116c/0x2c30 [ 654.136428][T16028] ? __mutex_lock_common+0x582/0x2fc0 [ 654.141785][T16028] ? trace_event_raw_event_lock_acquire+0x1f0/0x1f0 [ 654.148373][T16028] ? rtnl_setlink+0x490/0x490 [ 654.153038][T16028] rtnetlink_rcv_msg+0x889/0xd40 [ 654.158019][T16028] ? local_bh_enable+0x5/0x20 [ 654.162684][T16028] ? __local_bh_enable_ip+0x133/0x230 [ 654.168047][T16028] ? __dev_queue_xmit+0x1846/0x2940 [ 654.173387][T16028] ? check_preemption_disabled+0x40/0x240 [ 654.179103][T16028] ? debug_smp_processor_id+0x5/0x20 [ 654.184390][T16028] netlink_rcv_skb+0x190/0x3a0 [ 654.189146][T16028] ? rtnetlink_bind+0x80/0x80 [ 654.193833][T16028] netlink_unicast+0x786/0x940 [ 654.198603][T16028] netlink_sendmsg+0xa57/0xd70 [ 654.203362][T16028] ? netlink_getsockopt+0x9e0/0x9e0 [ 654.208542][T16028] ____sys_sendmsg+0x519/0x800 [ 654.213296][T16028] ? import_iovec+0x12a/0x2c0 [ 654.217973][T16028] __sys_sendmmsg+0x45b/0x680 [ 654.222683][T16028] ? ksys_write+0x1b1/0x220 [ 654.227260][T16028] ? ksys_write+0x1b1/0x220 [ 654.231759][T16028] ? check_preemption_disabled+0x40/0x240 [ 654.237466][T16028] ? check_preemption_disabled+0x40/0x240 [ 654.243180][T16028] __x64_sys_sendmmsg+0x9c/0xb0 [ 654.248199][T16028] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 654.254254][T16028] do_syscall_64+0x73/0xe0 [ 654.258666][T16028] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 654.264640][T16028] RIP: 0033:0x45cb19 [ 654.268516][T16028] Code: Bad RIP value. [ 654.272569][T16028] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 654.280971][T16028] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 654.288929][T16028] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 654.296883][T16028] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 654.304839][T16028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 654.312796][T16028] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 654.594357][T16043] binder: 16019:16043 unknown command 16392 [ 654.600289][T16043] binder: 16019:16043 ioctl c0306201 200004c0 returned -22 03:57:48 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 03:57:48 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x40049409, &(0x7f0000000000)={0x0, r2}) 03:57:48 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(0x0, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0xc498ead121f97dd6) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000280)=@gcm_128={{0x304}, "d44eb8e9308ec7c6", "442065238929350ade91900b51fc9534", '\t\x00 \x00', '\x00\x00\x00\x00\x00\x00\x00\a'}, 0x28) sendto$inet6(0xffffffffffffffff, &(0x7f00000002c0)="3910000001f4e8062a02e194a1f563acdd371c3ce47212f4f535d07192400be8104656ef8ed73bd46c79e807d28211da99989006a284ab0a96fb9c4c11cb078d0e96d00f292c8d55e4f6ea39a466309c3f5d2957fe9fc03d819e7e16eca480c84a78cfe0d4a8d81e647d57cca28c865248de5e91a3a8588299cc69b59b1cc777d5fc082db59f7820c8ff5111c66e", 0x7d, 0x1e16cee5c75cd3f8, 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000001880)={{{@in6=@private2, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@empty}}, &(0x7f0000000040)=0xe8) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r4, 0xee01) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000019c0)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x4e23, 0x5, 0x4e24, 0x0, 0x2, 0xa0, 0x80, 0x5e, r2, r4}, {0x100000000, 0x6, 0x0, 0x80000000, 0x1, 0x1, 0x401, 0x2}, {0x9, 0x4, 0x0, 0x69}, 0x3, 0x6e6bb9, 0x2, 0x0, 0x1, 0x1}, {{@in=@broadcast, 0x4d5, 0x2b}, 0x2, @in6=@mcast2, 0x3500, 0x0, 0x1, 0x7, 0x8, 0xde, 0x5}}, 0xe8) 03:57:48 executing program 1 (fault-call:6 fault-nth:76): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:48 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, 0x0, 0x0, 0x0) 03:57:48 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x3, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 656.095204][T16053] FAULT_INJECTION: forcing a failure. [ 656.095204][T16053] name failslab, interval 1, probability 0, space 0, times 0 [ 656.116683][T16053] CPU: 1 PID: 16053 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 656.124133][T16060] binder: 16052:16060 unknown command 64 [ 656.125660][T16053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 656.125666][T16053] Call Trace: [ 656.125685][T16053] dump_stack+0x1f0/0x31e [ 656.125704][T16053] should_fail+0x38a/0x4e0 [ 656.125722][T16053] ? __kernfs_new_node+0x8b/0x630 [ 656.125734][T16053] should_failslab+0x5/0x20 [ 656.125744][T16053] kmem_cache_alloc+0x53/0x2d0 [ 656.125762][T16053] __kernfs_new_node+0x8b/0x630 [ 656.131557][T16060] binder: 16052:16060 ioctl c0306201 200004c0 returned -22 [ 656.141485][T16053] ? kernfs_add_one+0x4b7/0x600 [ 656.141503][T16053] ? kernfs_add_one+0x4b7/0x600 [ 656.141516][T16053] ? __mutex_unlock_slowpath+0x12d/0x590 [ 656.141533][T16053] kernfs_new_node+0x95/0x160 [ 656.141549][T16053] __kernfs_create_file+0x45/0x2d0 [ 656.141563][T16053] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 656.141585][T16053] internal_create_group+0x445/0xd20 [ 656.141614][T16053] sysfs_create_groups+0x5d/0x130 [ 656.141630][T16053] device_add+0x862/0x1960 [ 656.141645][T16053] ? device_add+0xb31/0x1960 [ 656.141673][T16053] netdev_register_kobject+0x151/0x2e0 [ 656.235005][T16053] register_netdevice+0x130a/0x1b80 [ 656.240205][T16053] br_dev_newlink+0x24/0x110 [ 656.244778][T16053] ? br_validate+0x2a0/0x2a0 [ 656.249353][T16053] rtnl_newlink+0x143e/0x1bf0 [ 656.254052][T16053] ? __lock_acquire+0x116c/0x2c30 [ 656.259108][T16053] ? __mutex_lock_common+0x582/0x2fc0 [ 656.264498][T16053] ? rtnl_setlink+0x490/0x490 [ 656.269164][T16053] rtnetlink_rcv_msg+0x889/0xd40 [ 656.274126][T16053] ? local_bh_enable+0x5/0x20 [ 656.278786][T16053] ? __local_bh_enable_ip+0x133/0x230 [ 656.284143][T16053] ? __dev_queue_xmit+0x1846/0x2940 [ 656.289333][T16053] ? check_preemption_disabled+0x40/0x240 [ 656.295032][T16053] ? debug_smp_processor_id+0x5/0x20 [ 656.300418][T16053] netlink_rcv_skb+0x190/0x3a0 [ 656.305173][T16053] ? rtnetlink_bind+0x80/0x80 [ 656.309841][T16053] netlink_unicast+0x786/0x940 [ 656.314675][T16053] netlink_sendmsg+0xa57/0xd70 [ 656.319435][T16053] ? netlink_getsockopt+0x9e0/0x9e0 [ 656.324617][T16053] ____sys_sendmsg+0x519/0x800 [ 656.329364][T16053] ? import_iovec+0x12a/0x2c0 [ 656.334049][T16053] __sys_sendmmsg+0x45b/0x680 [ 656.338750][T16053] ? ksys_write+0x1b1/0x220 [ 656.343235][T16053] ? ksys_write+0x1b1/0x220 [ 656.347720][T16053] ? check_preemption_disabled+0x40/0x240 [ 656.353422][T16053] ? check_preemption_disabled+0x40/0x240 [ 656.359130][T16053] __x64_sys_sendmmsg+0x9c/0xb0 [ 656.363970][T16053] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 656.370027][T16053] do_syscall_64+0x73/0xe0 [ 656.374427][T16053] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 656.380487][T16053] RIP: 0033:0x45cb19 [ 656.384361][T16053] Code: Bad RIP value. [ 656.388406][T16053] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 656.396798][T16053] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 656.404752][T16053] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 656.412709][T16053] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 656.420662][T16053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 656.428616][T16053] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 656.489121][T16069] binder: 16052:16069 unknown command 64 [ 656.501160][T16069] binder: 16052:16069 ioctl c0306201 200004c0 returned -22 03:57:48 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x4, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:57:48 executing program 1 (fault-call:6 fault-nth:77): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:48 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, 0x0, 0x0, 0x0) 03:57:48 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x40085503, &(0x7f0000000000)={0x0, r2}) [ 656.636354][T16073] FAULT_INJECTION: forcing a failure. [ 656.636354][T16073] name failslab, interval 1, probability 0, space 0, times 0 [ 656.660940][T16074] binder: 16071:16074 unknown command 0 [ 656.672104][T16074] binder: 16071:16074 ioctl c0306201 200004c0 returned -22 [ 656.698529][T16073] CPU: 1 PID: 16073 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 656.707316][T16073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 656.717363][T16073] Call Trace: [ 656.720643][T16073] dump_stack+0x1f0/0x31e [ 656.724958][T16073] should_fail+0x38a/0x4e0 [ 656.729404][T16073] ? __kernfs_new_node+0x8b/0x630 [ 656.734407][T16073] should_failslab+0x5/0x20 [ 656.738891][T16073] kmem_cache_alloc+0x53/0x2d0 [ 656.743636][T16073] __kernfs_new_node+0x8b/0x630 [ 656.748465][T16073] ? kernfs_add_one+0x4b7/0x600 [ 656.753296][T16073] ? kernfs_add_one+0x4b7/0x600 [ 656.758128][T16073] ? __mutex_unlock_slowpath+0x12d/0x590 [ 656.763744][T16073] kernfs_new_node+0x95/0x160 [ 656.768404][T16073] __kernfs_create_file+0x45/0x2d0 [ 656.773498][T16073] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 656.778879][T16073] internal_create_group+0x445/0xd20 [ 656.784170][T16073] sysfs_create_groups+0x5d/0x130 [ 656.789194][T16073] device_add+0x862/0x1960 [ 656.793593][T16073] ? device_add+0xb31/0x1960 [ 656.798194][T16073] netdev_register_kobject+0x151/0x2e0 [ 656.803638][T16073] register_netdevice+0x130a/0x1b80 [ 656.808825][T16073] br_dev_newlink+0x24/0x110 [ 656.813394][T16073] ? br_validate+0x2a0/0x2a0 [ 656.818013][T16073] rtnl_newlink+0x143e/0x1bf0 [ 656.822687][T16073] ? __lock_acquire+0x116c/0x2c30 [ 656.827762][T16073] ? __mutex_lock_common+0x582/0x2fc0 [ 656.833157][T16073] ? rtnl_setlink+0x490/0x490 [ 656.837815][T16073] rtnetlink_rcv_msg+0x889/0xd40 [ 656.842745][T16073] ? local_bh_enable+0x5/0x20 [ 656.847404][T16073] ? __local_bh_enable_ip+0x133/0x230 [ 656.852760][T16073] ? __dev_queue_xmit+0x1846/0x2940 [ 656.858056][T16073] ? check_preemption_disabled+0x40/0x240 [ 656.863786][T16073] ? debug_smp_processor_id+0x5/0x20 [ 656.869052][T16073] netlink_rcv_skb+0x190/0x3a0 [ 656.873812][T16073] ? rtnetlink_bind+0x80/0x80 [ 656.878490][T16073] netlink_unicast+0x786/0x940 [ 656.883251][T16073] netlink_sendmsg+0xa57/0xd70 [ 656.888022][T16073] ? netlink_getsockopt+0x9e0/0x9e0 [ 656.893208][T16073] ____sys_sendmsg+0x519/0x800 [ 656.897954][T16073] ? import_iovec+0x12a/0x2c0 [ 656.902612][T16073] __sys_sendmmsg+0x45b/0x680 [ 656.907301][T16073] ? ksys_write+0x1b1/0x220 [ 656.911783][T16073] ? ksys_write+0x1b1/0x220 [ 656.916272][T16073] ? check_preemption_disabled+0x40/0x240 [ 656.921972][T16073] ? check_preemption_disabled+0x40/0x240 [ 656.927678][T16073] __x64_sys_sendmmsg+0x9c/0xb0 [ 656.932512][T16073] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 656.938556][T16073] do_syscall_64+0x73/0xe0 [ 656.942955][T16073] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 656.948825][T16073] RIP: 0033:0x45cb19 [ 656.952707][T16073] Code: Bad RIP value. [ 656.956750][T16073] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 656.965138][T16073] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 656.973092][T16073] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 656.981045][T16073] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 656.988998][T16073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 656.996953][T16073] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:57:49 executing program 1 (fault-call:6 fault-nth:78): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:49 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, 0x0}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 657.191872][T16089] FAULT_INJECTION: forcing a failure. [ 657.191872][T16089] name failslab, interval 1, probability 0, space 0, times 0 [ 657.238690][T16089] CPU: 0 PID: 16089 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 657.247401][T16089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 657.257473][T16089] Call Trace: [ 657.260777][T16089] dump_stack+0x1f0/0x31e [ 657.265129][T16089] should_fail+0x38a/0x4e0 [ 657.269565][T16089] ? __kernfs_new_node+0x8b/0x630 [ 657.274603][T16089] should_failslab+0x5/0x20 [ 657.279151][T16089] kmem_cache_alloc+0x53/0x2d0 [ 657.283927][T16089] __kernfs_new_node+0x8b/0x630 [ 657.288786][T16089] ? kernfs_add_one+0x4b7/0x600 [ 657.293647][T16089] ? kernfs_add_one+0x4b7/0x600 [ 657.298584][T16089] ? __mutex_unlock_slowpath+0x12d/0x590 [ 657.304228][T16089] kernfs_new_node+0x95/0x160 [ 657.308916][T16089] __kernfs_create_file+0x45/0x2d0 [ 657.314065][T16089] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 657.319452][T16089] internal_create_group+0x445/0xd20 [ 657.324762][T16089] sysfs_create_groups+0x5d/0x130 [ 657.329879][T16089] device_add+0x862/0x1960 [ 657.334305][T16089] ? device_add+0xb31/0x1960 [ 657.338925][T16089] netdev_register_kobject+0x151/0x2e0 [ 657.344395][T16089] register_netdevice+0x130a/0x1b80 [ 657.349625][T16089] br_dev_newlink+0x24/0x110 [ 657.354233][T16089] ? br_validate+0x2a0/0x2a0 [ 657.358814][T16089] rtnl_newlink+0x143e/0x1bf0 [ 657.363495][T16089] ? __lock_acquire+0x116c/0x2c30 [ 657.368548][T16089] ? __mutex_lock_common+0x582/0x2fc0 [ 657.373904][T16089] ? trace_event_raw_event_lock_acquire+0x1f0/0x1f0 [ 657.380491][T16089] ? rtnl_setlink+0x490/0x490 [ 657.385159][T16089] rtnetlink_rcv_msg+0x889/0xd40 [ 657.390116][T16089] ? local_bh_enable+0x5/0x20 [ 657.394790][T16089] ? __local_bh_enable_ip+0x133/0x230 [ 657.400147][T16089] ? __dev_queue_xmit+0x1846/0x2940 [ 657.405341][T16089] ? check_preemption_disabled+0x40/0x240 [ 657.411044][T16089] ? debug_smp_processor_id+0x5/0x20 [ 657.416322][T16089] netlink_rcv_skb+0x190/0x3a0 [ 657.421072][T16089] ? rtnetlink_bind+0x80/0x80 [ 657.425755][T16089] netlink_unicast+0x786/0x940 [ 657.430513][T16089] netlink_sendmsg+0xa57/0xd70 [ 657.435278][T16089] ? netlink_getsockopt+0x9e0/0x9e0 [ 657.440459][T16089] ____sys_sendmsg+0x519/0x800 [ 657.445211][T16089] ? import_iovec+0x12a/0x2c0 [ 657.449877][T16089] __sys_sendmmsg+0x45b/0x680 [ 657.454584][T16089] ? ksys_write+0x1b1/0x220 [ 657.459092][T16089] ? ksys_write+0x1b1/0x220 [ 657.463603][T16089] ? check_preemption_disabled+0x40/0x240 [ 657.469305][T16089] ? check_preemption_disabled+0x40/0x240 [ 657.475023][T16089] __x64_sys_sendmmsg+0x9c/0xb0 [ 657.479956][T16089] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 657.486003][T16089] do_syscall_64+0x73/0xe0 [ 657.490406][T16089] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 657.496284][T16089] RIP: 0033:0x45cb19 [ 657.500167][T16089] Code: Bad RIP value. [ 657.504215][T16089] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 657.512608][T16089] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 657.520649][T16089] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 657.528602][T16089] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 657.536558][T16089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 657.544513][T16089] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 657.597492][T16099] binder: 16071:16099 unknown command 0 [ 657.609805][T16099] binder: 16071:16099 ioctl c0306201 200004c0 returned -22 03:57:51 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 03:57:51 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008ae89, &(0x7f0000000000)={0x0, r2}) 03:57:51 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x37) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:57:51 executing program 1 (fault-call:6 fault-nth:79): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:51 executing program 5 (fault-call:8 fault-nth:0): sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:57:51 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x5, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 659.144365][T16108] FAULT_INJECTION: forcing a failure. [ 659.144365][T16108] name failslab, interval 1, probability 0, space 0, times 0 [ 659.162977][T16109] FAULT_INJECTION: forcing a failure. [ 659.162977][T16109] name failslab, interval 1, probability 0, space 0, times 0 [ 659.178649][T16111] binder: 16106:16111 unknown command 0 [ 659.180272][T16108] CPU: 0 PID: 16108 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 659.192872][T16108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 659.193322][T16111] binder: 16106:16111 ioctl c0306201 200004c0 returned -22 [ 659.202919][T16108] Call Trace: [ 659.202939][T16108] dump_stack+0x1f0/0x31e [ 659.202956][T16108] should_fail+0x38a/0x4e0 [ 659.202974][T16108] should_failslab+0x5/0x20 [ 659.202984][T16108] kmem_cache_alloc_node+0x64/0x290 [ 659.202996][T16108] ? __alloc_skb+0x94/0x4f0 [ 659.203009][T16108] __alloc_skb+0x94/0x4f0 [ 659.203028][T16108] pfkey_sendmsg+0x148/0xf00 [ 659.203050][T16108] ? smack_socket_sendmsg+0x100/0x450 [ 659.203065][T16108] ? tomoyo_socket_sendmsg_permission+0x217/0x320 [ 659.203085][T16108] ? security_socket_sendmsg+0x9d/0xb0 [ 659.203094][T16108] ? pfkey_release+0x330/0x330 [ 659.203110][T16108] ____sys_sendmsg+0x519/0x800 [ 659.271876][T16108] ? import_iovec+0x12a/0x2c0 [ 659.276546][T16108] __sys_sendmmsg+0x45b/0x680 [ 659.281253][T16108] ? ksys_write+0x1b1/0x220 [ 659.285746][T16108] ? ksys_write+0x1b1/0x220 [ 659.290227][T16108] ? check_preemption_disabled+0x40/0x240 [ 659.295923][T16108] ? check_preemption_disabled+0x40/0x240 [ 659.301623][T16108] __x64_sys_sendmmsg+0x9c/0xb0 [ 659.306453][T16108] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 659.312511][T16108] do_syscall_64+0x73/0xe0 [ 659.316915][T16108] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 659.322784][T16108] RIP: 0033:0x45cb19 [ 659.326651][T16108] Code: Bad RIP value. [ 659.330696][T16108] RSP: 002b:00007ff3802e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 659.339083][T16108] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 659.347034][T16108] RDX: 032bc45944b084a6 RSI: 0000000020000180 RDI: 0000000000000005 [ 659.354984][T16108] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 659.362967][T16108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 659.370921][T16108] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007ff3802e56d4 [ 659.414780][T16109] CPU: 0 PID: 16109 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 659.423476][T16109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 659.433535][T16109] Call Trace: [ 659.436834][T16109] dump_stack+0x1f0/0x31e [ 659.441171][T16109] should_fail+0x38a/0x4e0 [ 659.445595][T16109] ? __kernfs_new_node+0x8b/0x630 [ 659.450619][T16109] should_failslab+0x5/0x20 [ 659.455113][T16109] kmem_cache_alloc+0x53/0x2d0 [ 659.459855][T16109] __kernfs_new_node+0x8b/0x630 [ 659.464679][T16109] ? kernfs_add_one+0x4b7/0x600 [ 659.469518][T16109] ? kernfs_add_one+0x4b7/0x600 [ 659.474355][T16109] ? __mutex_unlock_slowpath+0x12d/0x590 [ 659.479961][T16109] kernfs_new_node+0x95/0x160 [ 659.484625][T16109] __kernfs_create_file+0x45/0x2d0 [ 659.489708][T16109] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 659.495060][T16109] internal_create_group+0x445/0xd20 [ 659.500338][T16109] sysfs_create_groups+0x5d/0x130 [ 659.505340][T16109] device_add+0x862/0x1960 [ 659.509731][T16109] ? device_add+0xb31/0x1960 [ 659.514302][T16109] netdev_register_kobject+0x151/0x2e0 [ 659.519840][T16109] register_netdevice+0x130a/0x1b80 [ 659.525024][T16109] br_dev_newlink+0x24/0x110 [ 659.529593][T16109] ? br_validate+0x2a0/0x2a0 [ 659.534171][T16109] rtnl_newlink+0x143e/0x1bf0 [ 659.538847][T16109] ? __lock_acquire+0x116c/0x2c30 [ 659.543870][T16109] ? __mutex_lock_common+0x582/0x2fc0 [ 659.549225][T16109] ? rtnl_setlink+0x490/0x490 [ 659.553879][T16109] rtnetlink_rcv_msg+0x889/0xd40 [ 659.558801][T16109] ? local_bh_enable+0x5/0x20 [ 659.563456][T16109] ? __local_bh_enable_ip+0x133/0x230 [ 659.568815][T16109] ? __dev_queue_xmit+0x1846/0x2940 [ 659.574038][T16109] ? check_preemption_disabled+0x40/0x240 [ 659.581206][T16109] ? debug_smp_processor_id+0x5/0x20 [ 659.586468][T16109] netlink_rcv_skb+0x190/0x3a0 [ 659.591206][T16109] ? rtnetlink_bind+0x80/0x80 [ 659.595863][T16109] netlink_unicast+0x786/0x940 [ 659.600614][T16109] netlink_sendmsg+0xa57/0xd70 [ 659.605355][T16109] ? netlink_getsockopt+0x9e0/0x9e0 [ 659.610536][T16109] ____sys_sendmsg+0x519/0x800 [ 659.615284][T16109] ? import_iovec+0x12a/0x2c0 [ 659.619938][T16109] __sys_sendmmsg+0x45b/0x680 [ 659.624631][T16109] ? ksys_write+0x1b1/0x220 [ 659.629109][T16109] ? ksys_write+0x1b1/0x220 [ 659.633591][T16109] ? check_preemption_disabled+0x40/0x240 [ 659.639283][T16109] ? check_preemption_disabled+0x40/0x240 [ 659.644981][T16109] __x64_sys_sendmmsg+0x9c/0xb0 [ 659.649873][T16109] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 659.655912][T16109] do_syscall_64+0x73/0xe0 [ 659.660305][T16109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 659.666220][T16109] RIP: 0033:0x45cb19 [ 659.670178][T16109] Code: Bad RIP value. [ 659.674342][T16109] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 659.682722][T16109] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 659.690679][T16109] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 659.698760][T16109] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 659.706706][T16109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 659.714697][T16109] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 659.755683][T16123] binder: 16106:16123 unknown command 0 03:57:51 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = accept4$ax25(r3, &(0x7f0000000000)={{}, [@remote, @bcast, @default, @bcast, @default, @netrom, @netrom, @rose]}, &(0x7f00000001c0)=0x48, 0x80000) ioctl$SIOCAX25GETUID(r4, 0x89e0, &(0x7f0000000240)={0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0xffffffffffffffff}) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(0x0, 0x40) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000280)=0x0) ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, &(0x7f00000002c0)=r5) 03:57:52 executing program 5 (fault-call:8 fault-nth:1): sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 659.765742][T16123] binder: 16106:16123 ioctl c0306201 200004c0 returned -22 03:57:52 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x6, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:57:52 executing program 1 (fault-call:6 fault-nth:80): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 659.871607][T16134] ptrace attach of "/root/syz-executor.4"[16127] was attempted by "/root/syz-executor.4"[16134] [ 659.888999][T16135] FAULT_INJECTION: forcing a failure. [ 659.888999][T16135] name failslab, interval 1, probability 0, space 0, times 0 [ 659.908948][T16137] binder: 16136:16137 unknown command 0 [ 659.914735][T16137] binder: 16136:16137 ioctl c0306201 200004c0 returned -22 [ 659.940384][T16139] FAULT_INJECTION: forcing a failure. [ 659.940384][T16139] name failslab, interval 1, probability 0, space 0, times 0 [ 659.958861][T16135] CPU: 1 PID: 16135 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 659.967560][T16135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 659.977614][T16135] Call Trace: [ 659.980902][T16135] dump_stack+0x1f0/0x31e [ 659.985223][T16135] should_fail+0x38a/0x4e0 [ 659.989626][T16135] should_failslab+0x5/0x20 [ 659.994109][T16135] kmem_cache_alloc_node_trace+0x69/0x2b0 [ 659.999806][T16135] ? __kmalloc_node_track_caller+0x37/0x60 [ 660.005605][T16135] __kmalloc_node_track_caller+0x37/0x60 [ 660.011215][T16135] ? pfkey_sendmsg+0x148/0xf00 [ 660.015964][T16135] __alloc_skb+0xde/0x4f0 [ 660.020280][T16135] pfkey_sendmsg+0x148/0xf00 [ 660.024864][T16135] ? smack_socket_sendmsg+0x100/0x450 [ 660.030218][T16135] ? tomoyo_socket_sendmsg_permission+0x217/0x320 [ 660.036621][T16135] ? security_socket_sendmsg+0x9d/0xb0 [ 660.042058][T16135] ? pfkey_release+0x330/0x330 [ 660.046805][T16135] ____sys_sendmsg+0x519/0x800 [ 660.051554][T16135] ? import_iovec+0x12a/0x2c0 [ 660.056234][T16135] __sys_sendmmsg+0x45b/0x680 [ 660.060947][T16135] ? ksys_write+0x1b1/0x220 [ 660.065442][T16135] ? ksys_write+0x1b1/0x220 [ 660.069938][T16135] ? check_preemption_disabled+0x40/0x240 [ 660.075661][T16135] ? check_preemption_disabled+0x40/0x240 [ 660.081370][T16135] __x64_sys_sendmmsg+0x9c/0xb0 [ 660.086204][T16135] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 660.092247][T16135] do_syscall_64+0x73/0xe0 [ 660.096659][T16135] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 660.102532][T16135] RIP: 0033:0x45cb19 [ 660.106398][T16135] Code: Bad RIP value. [ 660.110439][T16135] RSP: 002b:00007ff3802e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 660.118833][T16135] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 660.126991][T16135] RDX: 032bc45944b084a6 RSI: 0000000020000180 RDI: 0000000000000005 03:57:52 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008ae90, &(0x7f0000000000)={0x0, r2}) [ 660.134954][T16135] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 660.142910][T16135] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 660.150870][T16135] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007ff3802e56d4 [ 660.180638][T16139] CPU: 0 PID: 16139 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 660.181336][T16140] binder: 16136:16140 unknown command 0 [ 660.189324][T16139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 660.189331][T16139] Call Trace: [ 660.189349][T16139] dump_stack+0x1f0/0x31e [ 660.189366][T16139] should_fail+0x38a/0x4e0 [ 660.189383][T16139] ? __kernfs_new_node+0x8b/0x630 [ 660.189396][T16139] should_failslab+0x5/0x20 [ 660.189405][T16139] kmem_cache_alloc+0x53/0x2d0 [ 660.189420][T16139] __kernfs_new_node+0x8b/0x630 [ 660.189435][T16139] ? kernfs_add_one+0x4b7/0x600 [ 660.189448][T16139] ? kernfs_add_one+0x4b7/0x600 [ 660.189463][T16139] ? __mutex_unlock_slowpath+0x12d/0x590 [ 660.189480][T16139] kernfs_new_node+0x95/0x160 [ 660.189496][T16139] __kernfs_create_file+0x45/0x2d0 [ 660.189511][T16139] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 660.189532][T16139] internal_create_group+0x445/0xd20 [ 660.189560][T16139] sysfs_create_groups+0x5d/0x130 [ 660.189576][T16139] device_add+0x862/0x1960 [ 660.189590][T16139] ? device_add+0xb31/0x1960 [ 660.189619][T16139] netdev_register_kobject+0x151/0x2e0 [ 660.189638][T16139] register_netdevice+0x130a/0x1b80 [ 660.189670][T16139] br_dev_newlink+0x24/0x110 [ 660.189680][T16139] ? br_validate+0x2a0/0x2a0 [ 660.189694][T16139] rtnl_newlink+0x143e/0x1bf0 [ 660.189727][T16139] ? __lock_acquire+0x116c/0x2c30 [ 660.189786][T16139] ? __mutex_lock_common+0x582/0x2fc0 [ 660.189820][T16139] ? rtnl_setlink+0x490/0x490 [ 660.189832][T16139] rtnetlink_rcv_msg+0x889/0xd40 [ 660.189864][T16139] ? local_bh_enable+0x5/0x20 [ 660.189876][T16139] ? __local_bh_enable_ip+0x133/0x230 [ 660.189890][T16139] ? __dev_queue_xmit+0x1846/0x2940 [ 660.189916][T16139] ? check_preemption_disabled+0x40/0x240 [ 660.189924][T16139] ? debug_smp_processor_id+0x5/0x20 [ 660.189946][T16139] netlink_rcv_skb+0x190/0x3a0 [ 660.189956][T16139] ? rtnetlink_bind+0x80/0x80 [ 660.189976][T16139] netlink_unicast+0x786/0x940 [ 660.190000][T16139] netlink_sendmsg+0xa57/0xd70 [ 660.190024][T16139] ? netlink_getsockopt+0x9e0/0x9e0 [ 660.190037][T16139] ____sys_sendmsg+0x519/0x800 [ 660.190052][T16139] ? import_iovec+0x12a/0x2c0 [ 660.190072][T16139] __sys_sendmmsg+0x45b/0x680 [ 660.190136][T16139] ? ksys_write+0x1b1/0x220 [ 660.190147][T16139] ? ksys_write+0x1b1/0x220 [ 660.190162][T16139] ? check_preemption_disabled+0x40/0x240 [ 660.190172][T16139] ? check_preemption_disabled+0x40/0x240 [ 660.190190][T16139] __x64_sys_sendmmsg+0x9c/0xb0 [ 660.190203][T16139] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 660.190212][T16139] do_syscall_64+0x73/0xe0 [ 660.190225][T16139] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 660.190234][T16139] RIP: 0033:0x45cb19 [ 660.190238][T16139] Code: Bad RIP value. [ 660.190245][T16139] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 660.190256][T16139] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 660.190263][T16139] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 660.190269][T16139] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 660.190275][T16139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 03:57:52 executing program 5 (fault-call:8 fault-nth:2): sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 660.190282][T16139] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 660.499631][T16140] binder: 16136:16140 ioctl c0306201 200004c0 returned -22 [ 660.561007][T16153] FAULT_INJECTION: forcing a failure. [ 660.561007][T16153] name failslab, interval 1, probability 0, space 0, times 0 [ 660.579887][T16153] CPU: 1 PID: 16153 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 660.588565][T16153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 660.598613][T16153] Call Trace: [ 660.601909][T16153] dump_stack+0x1f0/0x31e [ 660.606240][T16153] should_fail+0x38a/0x4e0 [ 660.610662][T16153] ? skb_clone+0x1b2/0x370 [ 660.615096][T16153] should_failslab+0x5/0x20 [ 660.619597][T16153] kmem_cache_alloc+0x53/0x2d0 [ 660.624356][T16153] ? _copy_from_iter_full+0x4ce/0xaa0 [ 660.629729][T16153] skb_clone+0x1b2/0x370 [ 660.633999][T16153] pfkey_sendmsg+0x3c6/0xf00 [ 660.638588][T16153] ? smack_socket_sendmsg+0x100/0x450 [ 660.643945][T16153] ? tomoyo_socket_sendmsg_permission+0x217/0x320 [ 660.650343][T16153] ? security_socket_sendmsg+0x9d/0xb0 [ 660.655778][T16153] ? pfkey_release+0x330/0x330 [ 660.660588][T16153] ____sys_sendmsg+0x519/0x800 [ 660.665369][T16153] ? import_iovec+0x12a/0x2c0 [ 660.670029][T16153] __sys_sendmmsg+0x45b/0x680 [ 660.674700][T16153] ? ksys_write+0x1b1/0x220 [ 660.679181][T16153] ? ksys_write+0x1b1/0x220 [ 660.683661][T16153] ? check_preemption_disabled+0x40/0x240 [ 660.689348][T16153] ? check_preemption_disabled+0x40/0x240 [ 660.695042][T16153] __x64_sys_sendmmsg+0x9c/0xb0 [ 660.699884][T16153] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 660.706016][T16153] do_syscall_64+0x73/0xe0 [ 660.710410][T16153] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 660.716277][T16153] RIP: 0033:0x45cb19 [ 660.720142][T16153] Code: Bad RIP value. [ 660.724183][T16153] RSP: 002b:00007ff3802e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 660.732574][T16153] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 660.740530][T16153] RDX: 032bc45944b084a6 RSI: 0000000020000180 RDI: 0000000000000005 [ 660.748476][T16153] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 660.756431][T16153] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 660.764479][T16153] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007ff3802e56d4 03:57:54 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 03:57:54 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x7, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:57:54 executing program 1 (fault-call:6 fault-nth:81): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:54 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008ae93, &(0x7f0000000000)={0x0, r2}) 03:57:54 executing program 5 (fault-call:8 fault-nth:3): sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 662.157729][T16172] binder: 16164:16172 unknown command 0 [ 662.159528][T16168] FAULT_INJECTION: forcing a failure. [ 662.159528][T16168] name failslab, interval 1, probability 0, space 0, times 0 [ 662.169103][T16172] binder: 16164:16172 ioctl c0306201 200004c0 returned -22 [ 662.181451][T16168] CPU: 0 PID: 16168 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 662.192158][T16168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 662.202191][T16168] Call Trace: [ 662.205462][T16168] dump_stack+0x1f0/0x31e [ 662.209772][T16168] should_fail+0x38a/0x4e0 [ 662.214171][T16168] ? __kernfs_new_node+0x8b/0x630 [ 662.219173][T16168] should_failslab+0x5/0x20 [ 662.223741][T16168] kmem_cache_alloc+0x53/0x2d0 [ 662.228506][T16168] __kernfs_new_node+0x8b/0x630 [ 662.233437][T16168] ? kernfs_add_one+0x4b7/0x600 [ 662.238268][T16168] ? kernfs_add_one+0x4b7/0x600 [ 662.243101][T16168] ? __mutex_unlock_slowpath+0x12d/0x590 [ 662.248719][T16168] kernfs_new_node+0x95/0x160 [ 662.253380][T16168] __kernfs_create_file+0x45/0x2d0 [ 662.258469][T16168] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 662.263832][T16168] internal_create_group+0x445/0xd20 [ 662.269111][T16168] sysfs_create_groups+0x5d/0x130 [ 662.274118][T16168] device_add+0x862/0x1960 [ 662.278532][T16168] ? device_add+0xb31/0x1960 [ 662.283114][T16168] netdev_register_kobject+0x151/0x2e0 [ 662.288554][T16168] register_netdevice+0x130a/0x1b80 [ 662.293748][T16168] br_dev_newlink+0x24/0x110 [ 662.298312][T16168] ? br_validate+0x2a0/0x2a0 [ 662.302881][T16168] rtnl_newlink+0x143e/0x1bf0 [ 662.307557][T16168] ? __lock_acquire+0x116c/0x2c30 [ 662.312612][T16168] ? __mutex_lock_common+0x582/0x2fc0 [ 662.317992][T16168] ? trace_event_raw_event_lock_acquire+0x1f0/0x1f0 [ 662.324574][T16168] ? rtnl_setlink+0x490/0x490 [ 662.329227][T16168] rtnetlink_rcv_msg+0x889/0xd40 [ 662.334168][T16168] ? local_bh_enable+0x5/0x20 [ 662.338821][T16168] ? __local_bh_enable_ip+0x133/0x230 [ 662.344171][T16168] ? __dev_queue_xmit+0x1846/0x2940 [ 662.349358][T16168] ? check_preemption_disabled+0x40/0x240 [ 662.355066][T16168] ? debug_smp_processor_id+0x5/0x20 [ 662.360337][T16168] netlink_rcv_skb+0x190/0x3a0 [ 662.365087][T16168] ? rtnetlink_bind+0x80/0x80 [ 662.369756][T16168] netlink_unicast+0x786/0x940 [ 662.374509][T16168] netlink_sendmsg+0xa57/0xd70 [ 662.379259][T16168] ? netlink_getsockopt+0x9e0/0x9e0 [ 662.384445][T16168] ____sys_sendmsg+0x519/0x800 [ 662.389188][T16168] ? import_iovec+0x12a/0x2c0 [ 662.393934][T16168] __sys_sendmmsg+0x45b/0x680 [ 662.398638][T16168] ? check_preemption_disabled+0x40/0x240 [ 662.404363][T16168] ? check_preemption_disabled+0x40/0x240 [ 662.410056][T16168] ? check_preemption_disabled+0x40/0x240 [ 662.415758][T16168] __x64_sys_sendmmsg+0x9c/0xb0 [ 662.420589][T16168] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 662.426636][T16168] do_syscall_64+0x73/0xe0 [ 662.431032][T16168] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 662.436920][T16168] RIP: 0033:0x45cb19 [ 662.440790][T16168] Code: Bad RIP value. [ 662.444833][T16168] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 662.453219][T16168] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 662.461170][T16168] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 662.469143][T16168] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 662.477090][T16168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 662.485039][T16168] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 662.508887][T16178] FAULT_INJECTION: forcing a failure. [ 662.508887][T16178] name failslab, interval 1, probability 0, space 0, times 0 [ 662.535460][T16178] CPU: 1 PID: 16178 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 662.544149][T16178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 662.554210][T16178] Call Trace: [ 662.557503][T16178] dump_stack+0x1f0/0x31e [ 662.561837][T16178] should_fail+0x38a/0x4e0 [ 662.566256][T16178] should_failslab+0x5/0x20 [ 662.570747][T16178] kmem_cache_alloc_node+0x64/0x290 [ 662.575918][T16178] ? __alloc_skb+0x94/0x4f0 [ 662.580394][T16178] __alloc_skb+0x94/0x4f0 [ 662.584697][T16178] pfkey_sendmsg+0xbb2/0xf00 [ 662.589279][T16178] ? security_socket_sendmsg+0x9d/0xb0 [ 662.594796][T16178] ? pfkey_release+0x330/0x330 [ 662.599528][T16178] ____sys_sendmsg+0x519/0x800 [ 662.604262][T16178] ? import_iovec+0x12a/0x2c0 [ 662.608921][T16178] __sys_sendmmsg+0x45b/0x680 [ 662.613584][T16178] ? ksys_write+0x1b1/0x220 [ 662.618055][T16178] ? ksys_write+0x1b1/0x220 [ 662.622529][T16178] ? check_preemption_disabled+0x40/0x240 [ 662.628239][T16178] ? check_preemption_disabled+0x40/0x240 [ 662.633931][T16178] __x64_sys_sendmmsg+0x9c/0xb0 [ 662.638764][T16178] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 662.644799][T16178] do_syscall_64+0x73/0xe0 [ 662.649186][T16178] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 662.655048][T16178] RIP: 0033:0x45cb19 [ 662.658951][T16178] Code: Bad RIP value. [ 662.663019][T16178] RSP: 002b:00007ff3802c3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 662.671392][T16178] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 662.679380][T16178] RDX: 032bc45944b084a6 RSI: 0000000020000180 RDI: 0000000000000005 [ 662.687330][T16178] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 662.695367][T16178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 662.703313][T16178] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007ff3802c46d4 03:57:54 executing program 1 (fault-call:6 fault-nth:82): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 662.730310][T16181] binder: 16164:16181 unknown command 0 [ 662.736062][T16181] binder: 16164:16181 ioctl c0306201 200004c0 returned -22 [ 662.791633][T16184] FAULT_INJECTION: forcing a failure. [ 662.791633][T16184] name failslab, interval 1, probability 0, space 0, times 0 [ 662.804611][T16184] CPU: 1 PID: 16184 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 662.813474][T16184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 662.823523][T16184] Call Trace: [ 662.826812][T16184] dump_stack+0x1f0/0x31e [ 662.831149][T16184] should_fail+0x38a/0x4e0 [ 662.835568][T16184] ? __kernfs_new_node+0x8b/0x630 [ 662.840603][T16184] should_failslab+0x5/0x20 [ 662.845100][T16184] kmem_cache_alloc+0x53/0x2d0 [ 662.849859][T16184] __kernfs_new_node+0x8b/0x630 [ 662.854706][T16184] ? kernfs_add_one+0x4b7/0x600 [ 662.859553][T16184] ? kernfs_add_one+0x4b7/0x600 [ 662.864402][T16184] ? __mutex_unlock_slowpath+0x12d/0x590 [ 662.870036][T16184] kernfs_new_node+0x95/0x160 [ 662.874721][T16184] __kernfs_create_file+0x45/0x2d0 [ 662.879833][T16184] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 662.885289][T16184] internal_create_group+0x445/0xd20 03:57:55 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) r3 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r3, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f00000001c0)={&(0x7f0000000040)='./file0\x00', 0x0, 0x18}, 0x10) tkill(r3, 0x3c) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r3, 0x0, 0x0) [ 662.890583][T16184] sysfs_create_groups+0x5d/0x130 [ 662.895616][T16184] device_add+0x862/0x1960 [ 662.900031][T16184] ? device_add+0xb31/0x1960 [ 662.904630][T16184] netdev_register_kobject+0x151/0x2e0 [ 662.910090][T16184] register_netdevice+0x130a/0x1b80 [ 662.915309][T16184] br_dev_newlink+0x24/0x110 [ 662.919892][T16184] ? br_validate+0x2a0/0x2a0 [ 662.924480][T16184] rtnl_newlink+0x143e/0x1bf0 [ 662.929156][T16184] ? __lock_acquire+0x116c/0x2c30 [ 662.934185][T16184] ? __mutex_lock_common+0x582/0x2fc0 [ 662.939573][T16184] ? rtnl_setlink+0x490/0x490 [ 662.944232][T16184] rtnetlink_rcv_msg+0x889/0xd40 [ 662.949158][T16184] ? local_bh_enable+0x5/0x20 [ 662.953821][T16184] ? __local_bh_enable_ip+0x133/0x230 [ 662.959178][T16184] ? __dev_queue_xmit+0x1846/0x2940 [ 662.964360][T16184] ? check_preemption_disabled+0x40/0x240 [ 662.970049][T16184] ? debug_smp_processor_id+0x5/0x20 [ 662.975320][T16184] netlink_rcv_skb+0x190/0x3a0 [ 662.980087][T16184] ? rtnetlink_bind+0x80/0x80 [ 662.984744][T16184] netlink_unicast+0x786/0x940 [ 662.989604][T16184] netlink_sendmsg+0xa57/0xd70 [ 662.994346][T16184] ? netlink_getsockopt+0x9e0/0x9e0 [ 662.999516][T16184] ____sys_sendmsg+0x519/0x800 [ 663.004272][T16184] ? import_iovec+0x12a/0x2c0 [ 663.008954][T16184] __sys_sendmmsg+0x45b/0x680 [ 663.013628][T16184] ? ksys_write+0x1b1/0x220 [ 663.018113][T16184] ? ksys_write+0x1b1/0x220 [ 663.022619][T16184] ? check_preemption_disabled+0x40/0x240 [ 663.028312][T16184] ? check_preemption_disabled+0x40/0x240 [ 663.034011][T16184] __x64_sys_sendmmsg+0x9c/0xb0 [ 663.038840][T16184] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 663.044879][T16184] do_syscall_64+0x73/0xe0 [ 663.049275][T16184] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 663.055154][T16184] RIP: 0033:0x45cb19 [ 663.059016][T16184] Code: Bad RIP value. [ 663.063054][T16184] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 663.071442][T16184] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 663.079402][T16184] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 03:57:55 executing program 5 (fault-call:8 fault-nth:4): sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 663.087342][T16184] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 663.095291][T16184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 663.103242][T16184] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:57:55 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x8, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:57:55 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af00, &(0x7f0000000000)={0x0, r2}) [ 663.195646][T16199] binder: 16197:16199 unknown command 0 [ 663.201415][T16199] binder: 16197:16199 ioctl c0306201 200004c0 returned -22 03:57:55 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast1, 0x77}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20004004, &(0x7f0000000040)={0xa, 0x20004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000280)=@gcm_128={{0x304}, "d44eb8e9308ec7c6", "442065238929350ade91900b51fc9534", '\t\x00 \x00', '\x00\x00\x00\x00\x00\x00\x00\a'}, 0x28) sendto$inet6(r2, &(0x7f0000000080)="39a110", 0xffffffffffffffc1, 0x40, 0x0, 0xfffffffffffffe5b) fcntl$getflags(r2, 0x402) ptrace$setregs(0xd, r1, 0x1, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) getsockopt$netlink(r3, 0x10e, 0xa, &(0x7f00000001c0)=""/179, &(0x7f0000000100)=0xb3) [ 663.244341][T16202] FAULT_INJECTION: forcing a failure. [ 663.244341][T16202] name failslab, interval 1, probability 0, space 0, times 0 [ 663.267427][T16203] binder: 16197:16203 unknown command 0 [ 663.286695][T16203] binder: 16197:16203 ioctl c0306201 200004c0 returned -22 [ 663.303070][T16202] CPU: 0 PID: 16202 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 663.311741][T16202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 663.321779][T16202] Call Trace: [ 663.325055][T16202] dump_stack+0x1f0/0x31e [ 663.329364][T16202] should_fail+0x38a/0x4e0 [ 663.333773][T16202] should_failslab+0x5/0x20 [ 663.338251][T16202] kmem_cache_alloc_node_trace+0x69/0x2b0 [ 663.343951][T16202] ? __kmalloc_node_track_caller+0x37/0x60 [ 663.349746][T16202] __kmalloc_node_track_caller+0x37/0x60 [ 663.355353][T16202] ? pfkey_sendmsg+0xbb2/0xf00 [ 663.360094][T16202] __alloc_skb+0xde/0x4f0 [ 663.364403][T16202] pfkey_sendmsg+0xbb2/0xf00 [ 663.368983][T16202] ? security_socket_sendmsg+0x9d/0xb0 [ 663.374413][T16202] ? pfkey_release+0x330/0x330 [ 663.379238][T16202] ____sys_sendmsg+0x519/0x800 [ 663.383977][T16202] ? import_iovec+0x12a/0x2c0 [ 663.388672][T16202] __sys_sendmmsg+0x45b/0x680 [ 663.393394][T16202] ? ksys_write+0x1b1/0x220 [ 663.397901][T16202] ? ksys_write+0x1b1/0x220 [ 663.402379][T16202] ? check_preemption_disabled+0x40/0x240 [ 663.408069][T16202] ? check_preemption_disabled+0x40/0x240 [ 663.413772][T16202] __x64_sys_sendmmsg+0x9c/0xb0 [ 663.418604][T16202] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 663.424643][T16202] do_syscall_64+0x73/0xe0 [ 663.429037][T16202] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 663.434905][T16202] RIP: 0033:0x45cb19 [ 663.438768][T16202] Code: Bad RIP value. [ 663.442806][T16202] RSP: 002b:00007ff3802c3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 03:57:55 executing program 1 (fault-call:6 fault-nth:83): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 663.451215][T16202] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 663.459195][T16202] RDX: 032bc45944b084a6 RSI: 0000000020000180 RDI: 0000000000000005 [ 663.467141][T16202] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 663.475185][T16202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 663.483138][T16202] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007ff3802c46d4 [ 663.577898][T16214] FAULT_INJECTION: forcing a failure. [ 663.577898][T16214] name failslab, interval 1, probability 0, space 0, times 0 [ 663.597944][T16214] CPU: 1 PID: 16214 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 663.606739][T16214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 663.616833][T16214] Call Trace: [ 663.620121][T16214] dump_stack+0x1f0/0x31e [ 663.624452][T16214] should_fail+0x38a/0x4e0 [ 663.628871][T16214] ? __kernfs_new_node+0x8b/0x630 [ 663.633897][T16214] should_failslab+0x5/0x20 [ 663.638404][T16214] kmem_cache_alloc+0x53/0x2d0 [ 663.643185][T16214] __kernfs_new_node+0x8b/0x630 [ 663.648030][T16214] ? kernfs_add_one+0x4b7/0x600 [ 663.652890][T16214] ? kernfs_add_one+0x4b7/0x600 [ 663.657742][T16214] ? __mutex_unlock_slowpath+0x12d/0x590 [ 663.663363][T16214] kernfs_new_node+0x95/0x160 [ 663.668058][T16214] __kernfs_create_file+0x45/0x2d0 [ 663.673176][T16214] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 663.678557][T16214] internal_create_group+0x445/0xd20 [ 663.683864][T16214] sysfs_create_groups+0x5d/0x130 [ 663.688890][T16214] device_add+0x862/0x1960 [ 663.693307][T16214] ? device_add+0xb31/0x1960 [ 663.697918][T16214] netdev_register_kobject+0x151/0x2e0 [ 663.703365][T16214] register_netdevice+0x130a/0x1b80 [ 663.708677][T16214] br_dev_newlink+0x24/0x110 [ 663.713249][T16214] ? br_validate+0x2a0/0x2a0 [ 663.717847][T16214] rtnl_newlink+0x143e/0x1bf0 [ 663.722522][T16214] ? __lock_acquire+0x116c/0x2c30 [ 663.727580][T16214] ? __mutex_lock_common+0x582/0x2fc0 [ 663.732926][T16214] ? trace_event_raw_event_lock_acquire+0x1f0/0x1f0 [ 663.739594][T16214] ? rtnl_setlink+0x490/0x490 [ 663.744247][T16214] rtnetlink_rcv_msg+0x889/0xd40 [ 663.749191][T16214] ? local_bh_enable+0x5/0x20 [ 663.753851][T16214] ? __local_bh_enable_ip+0x133/0x230 [ 663.759199][T16214] ? __dev_queue_xmit+0x1846/0x2940 [ 663.764442][T16214] ? check_preemption_disabled+0x40/0x240 [ 663.770133][T16214] ? debug_smp_processor_id+0x5/0x20 [ 663.775397][T16214] netlink_rcv_skb+0x190/0x3a0 [ 663.780132][T16214] ? rtnetlink_bind+0x80/0x80 [ 663.784793][T16214] netlink_unicast+0x786/0x940 [ 663.789551][T16214] netlink_sendmsg+0xa57/0xd70 [ 663.794304][T16214] ? netlink_getsockopt+0x9e0/0x9e0 [ 663.799496][T16214] ____sys_sendmsg+0x519/0x800 [ 663.804234][T16214] ? import_iovec+0x12a/0x2c0 [ 663.808889][T16214] __sys_sendmmsg+0x45b/0x680 [ 663.813568][T16214] ? ksys_write+0x1b1/0x220 [ 663.818042][T16214] ? ksys_write+0x1b1/0x220 [ 663.822520][T16214] ? check_preemption_disabled+0x40/0x240 [ 663.828211][T16214] ? check_preemption_disabled+0x40/0x240 [ 663.833910][T16214] __x64_sys_sendmmsg+0x9c/0xb0 [ 663.838739][T16214] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 663.844779][T16214] do_syscall_64+0x73/0xe0 [ 663.849176][T16214] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 663.855044][T16214] RIP: 0033:0x45cb19 [ 663.858909][T16214] Code: Bad RIP value. [ 663.862960][T16214] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 663.871381][T16214] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 663.879344][T16214] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 663.887285][T16214] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 663.895231][T16214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 663.903174][T16214] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:57:57 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x9, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:57:57 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x0) 03:57:57 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20004004, &(0x7f0000000040)={0xa, 0x20004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0xc498ead121f97dd6) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000280)=@gcm_128={{0x304}, "d44eb8e9308ec7c6", "442065238929350ade91900b51fc9534", '\t\x00 \x00', '\x00\x00\x00\x00\x00\x00\x00\a'}, 0x28) sendto$inet6(r1, &(0x7f0000000080)="39a110", 0xffffffffffffffc1, 0x40, 0x0, 0xfffffffffffffe5b) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r1, 0xc0406618, &(0x7f0000000000)={{0x2, 0x0, @reserved="5cc29f87087dc1e52f3aa8f5cd0577fbd2ba1663732614c0c902c4e1e7b992f7"}}) r2 = gettid() wait4(r2, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000780)=[{&(0x7f0000000140)=""/174, 0xae}, {&(0x7f00000002c0)=""/182, 0xb6}, {&(0x7f0000000380)=""/253, 0xfd}, {&(0x7f0000000480)=""/157, 0x9d}, {&(0x7f0000000540)=""/172, 0xac}, {&(0x7f0000000600)=""/74, 0x4a}, {&(0x7f0000000680)=""/244, 0xf4}], 0x7, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$DRM_IOCTL_AGP_ACQUIRE(0xffffffffffffffff, 0x6430) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r2, 0x0, 0x0) 03:57:57 executing program 5 (fault-call:8 fault-nth:5): sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:57:57 executing program 1 (fault-call:6 fault-nth:84): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:57 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af25, &(0x7f0000000000)={0x0, r2}) 03:57:57 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100), 0x10000000000002b0, 0xd) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) [ 665.206203][T16232] FAULT_INJECTION: forcing a failure. [ 665.206203][T16232] name failslab, interval 1, probability 0, space 0, times 0 [ 665.221361][T16233] binder: 16228:16233 unknown command 0 [ 665.236291][T16233] binder: 16228:16233 ioctl c0306201 200004c0 returned -22 [ 665.252900][T16232] CPU: 1 PID: 16232 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 665.261635][T16232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 665.268549][T16243] FAULT_INJECTION: forcing a failure. [ 665.268549][T16243] name failslab, interval 1, probability 0, space 0, times 0 [ 665.271679][T16232] Call Trace: [ 665.271697][T16232] dump_stack+0x1f0/0x31e [ 665.271716][T16232] should_fail+0x38a/0x4e0 [ 665.271732][T16232] ? __kernfs_new_node+0x8b/0x630 [ 665.271744][T16232] should_failslab+0x5/0x20 [ 665.271753][T16232] kmem_cache_alloc+0x53/0x2d0 [ 665.271774][T16232] __kernfs_new_node+0x8b/0x630 [ 665.315610][T16232] ? kernfs_add_one+0x4b7/0x600 [ 665.320490][T16232] ? kernfs_add_one+0x4b7/0x600 [ 665.325345][T16232] ? __mutex_unlock_slowpath+0x12d/0x590 [ 665.330985][T16232] kernfs_new_node+0x95/0x160 [ 665.335665][T16232] __kernfs_create_file+0x45/0x2d0 [ 665.340774][T16232] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 665.346151][T16232] internal_create_group+0x445/0xd20 [ 665.351455][T16232] sysfs_create_groups+0x5d/0x130 [ 665.356474][T16232] device_add+0x862/0x1960 [ 665.360878][T16232] ? device_add+0xb31/0x1960 [ 665.365471][T16232] netdev_register_kobject+0x151/0x2e0 [ 665.370925][T16232] register_netdevice+0x130a/0x1b80 [ 665.376125][T16232] br_dev_newlink+0x24/0x110 [ 665.380697][T16232] ? br_validate+0x2a0/0x2a0 [ 665.385276][T16232] rtnl_newlink+0x143e/0x1bf0 [ 665.389981][T16232] ? __lock_acquire+0x116c/0x2c30 [ 665.395037][T16232] ? __mutex_lock_common+0x582/0x2fc0 [ 665.400431][T16232] ? rtnl_setlink+0x490/0x490 [ 665.405102][T16232] rtnetlink_rcv_msg+0x889/0xd40 [ 665.410059][T16232] ? local_bh_enable+0x5/0x20 [ 665.414730][T16232] ? __local_bh_enable_ip+0x133/0x230 [ 665.420099][T16232] ? __dev_queue_xmit+0x1846/0x2940 [ 665.425301][T16232] ? check_preemption_disabled+0x40/0x240 [ 665.431026][T16232] ? debug_smp_processor_id+0x5/0x20 [ 665.436302][T16232] netlink_rcv_skb+0x190/0x3a0 [ 665.441043][T16232] ? rtnetlink_bind+0x80/0x80 [ 665.445708][T16232] netlink_unicast+0x786/0x940 [ 665.450470][T16232] netlink_sendmsg+0xa57/0xd70 [ 665.455227][T16232] ? netlink_getsockopt+0x9e0/0x9e0 [ 665.460413][T16232] ____sys_sendmsg+0x519/0x800 [ 665.465188][T16232] ? import_iovec+0x12a/0x2c0 [ 665.469856][T16232] __sys_sendmmsg+0x45b/0x680 [ 665.474568][T16232] ? ksys_write+0x1b1/0x220 [ 665.479054][T16232] ? ksys_write+0x1b1/0x220 [ 665.483543][T16232] ? check_preemption_disabled+0x40/0x240 [ 665.489276][T16232] ? check_preemption_disabled+0x40/0x240 [ 665.494986][T16232] __x64_sys_sendmmsg+0x9c/0xb0 [ 665.499825][T16232] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 665.505865][T16232] do_syscall_64+0x73/0xe0 [ 665.510259][T16232] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 665.516126][T16232] RIP: 0033:0x45cb19 [ 665.519993][T16232] Code: Bad RIP value. [ 665.524064][T16232] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 665.532450][T16232] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 665.540402][T16232] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 665.548355][T16232] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 03:57:57 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) listen(r4, 0x0) sendmsg$nl_generic(r3, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="580000003f00000828bd7000fbdbdf251c000000280011002f9df1b1b660cbadf431df8eba72f7ccbf70dc5bcb58b8c1bcbcb0239f32986fa16417ac14000d8008003100", @ANYRES32=r4, @ANYBLOB="080070d6c8d5a034fd04ffffffff0800"], 0x58}, 0x1, 0x0, 0x0, 0x800}, 0x2004c000) [ 665.556303][T16232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 665.564256][T16232] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 665.585920][T16243] CPU: 1 PID: 16243 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 665.594604][T16243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 665.604653][T16243] Call Trace: [ 665.607944][T16243] dump_stack+0x1f0/0x31e [ 665.612274][T16243] should_fail+0x38a/0x4e0 [ 665.616736][T16243] ? skb_clone+0x1b2/0x370 [ 665.621146][T16243] should_failslab+0x5/0x20 [ 665.625640][T16243] kmem_cache_alloc+0x53/0x2d0 [ 665.630420][T16243] skb_clone+0x1b2/0x370 [ 665.634673][T16243] pfkey_broadcast_one+0x98/0x340 [ 665.639698][T16243] pfkey_broadcast+0x375/0x3a0 [ 665.644492][T16243] pfkey_sendmsg+0xccb/0xf00 [ 665.649208][T16243] ? security_socket_sendmsg+0x9d/0xb0 [ 665.654645][T16243] ? pfkey_release+0x330/0x330 [ 665.659428][T16243] ____sys_sendmsg+0x519/0x800 [ 665.664177][T16243] ? import_iovec+0x12a/0x2c0 [ 665.668834][T16243] __sys_sendmmsg+0x45b/0x680 [ 665.673527][T16243] ? ksys_write+0x1b1/0x220 [ 665.678013][T16243] ? ksys_write+0x1b1/0x220 [ 665.682517][T16243] ? check_preemption_disabled+0x40/0x240 [ 665.688229][T16243] ? check_preemption_disabled+0x40/0x240 [ 665.693953][T16243] __x64_sys_sendmmsg+0x9c/0xb0 [ 665.698783][T16243] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 665.704824][T16243] do_syscall_64+0x73/0xe0 [ 665.709220][T16243] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 665.715093][T16243] RIP: 0033:0x45cb19 [ 665.718962][T16243] Code: Bad RIP value. [ 665.723013][T16243] RSP: 002b:00007ff3802c3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 665.731431][T16243] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 665.739383][T16243] RDX: 032bc45944b084a6 RSI: 0000000020000180 RDI: 0000000000000005 [ 665.747335][T16243] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 665.755284][T16243] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 665.763233][T16243] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007ff3802c46d4 [ 665.875004][T16265] binder: 16228:16265 unknown command 0 [ 665.881068][T16265] binder: 16228:16265 ioctl c0306201 200004c0 returned -22 03:57:58 executing program 1 (fault-call:6 fault-nth:85): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:57:58 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0xa, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:57:58 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4010641a, &(0x7f0000000000)={0x0, r2}) 03:57:58 executing program 4: gettid() prctl$PR_SET_PTRACER(0x59616d61, 0x0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="8000", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x40) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x40) process_vm_writev(0x0, &(0x7f0000000080), 0x3, 0x0, 0xfffffffffffffffc, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 03:57:58 executing program 5 (fault-call:8 fault-nth:6): sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 666.066344][T16272] FAULT_INJECTION: forcing a failure. [ 666.066344][T16272] name failslab, interval 1, probability 0, space 0, times 0 [ 666.073680][T16275] binder: 16270:16275 unknown command 0 [ 666.108226][T16275] binder: 16270:16275 ioctl c0306201 200004c0 returned -22 [ 666.109835][T16281] ptrace attach of "/root/syz-executor.4"[16278] was attempted by "/root/syz-executor.4"[16281] [ 666.123096][T16272] CPU: 0 PID: 16272 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 666.134816][T16272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 666.144867][T16272] Call Trace: [ 666.148158][T16272] dump_stack+0x1f0/0x31e [ 666.152495][T16272] should_fail+0x38a/0x4e0 [ 666.156917][T16272] ? __kernfs_new_node+0x8b/0x630 [ 666.161944][T16272] should_failslab+0x5/0x20 [ 666.166441][T16272] kmem_cache_alloc+0x53/0x2d0 [ 666.171196][T16272] __kernfs_new_node+0x8b/0x630 [ 666.176036][T16272] ? wake_up_q+0xa0/0xe0 [ 666.180280][T16272] ? __mutex_unlock_slowpath+0x565/0x590 [ 666.185912][T16272] kernfs_new_node+0x95/0x160 [ 666.190593][T16272] __kernfs_create_file+0x45/0x2d0 [ 666.195704][T16272] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 666.201076][T16272] internal_create_group+0x445/0xd20 [ 666.206368][T16272] sysfs_create_groups+0x5d/0x130 [ 666.211401][T16272] device_add+0x862/0x1960 [ 666.215818][T16272] ? device_add+0xb31/0x1960 [ 666.220416][T16272] netdev_register_kobject+0x151/0x2e0 [ 666.225878][T16272] register_netdevice+0x130a/0x1b80 [ 666.231104][T16272] br_dev_newlink+0x24/0x110 [ 666.235710][T16272] ? br_validate+0x2a0/0x2a0 [ 666.240311][T16272] rtnl_newlink+0x143e/0x1bf0 [ 666.245001][T16272] ? __lock_acquire+0x116c/0x2c30 [ 666.250087][T16272] ? __mutex_lock_common+0x582/0x2fc0 [ 666.255495][T16272] ? rtnl_setlink+0x490/0x490 [ 666.260171][T16272] rtnetlink_rcv_msg+0x889/0xd40 [ 666.265132][T16272] ? local_bh_enable+0x5/0x20 [ 666.269807][T16272] ? __local_bh_enable_ip+0x133/0x230 [ 666.275176][T16272] ? __dev_queue_xmit+0x1846/0x2940 [ 666.280393][T16272] ? check_preemption_disabled+0x40/0x240 [ 666.286113][T16272] ? debug_smp_processor_id+0x5/0x20 [ 666.291435][T16272] netlink_rcv_skb+0x190/0x3a0 [ 666.296196][T16272] ? rtnetlink_bind+0x80/0x80 [ 666.300879][T16272] netlink_unicast+0x786/0x940 [ 666.305696][T16272] netlink_sendmsg+0xa57/0xd70 [ 666.310463][T16272] ? netlink_getsockopt+0x9e0/0x9e0 [ 666.315657][T16272] ____sys_sendmsg+0x519/0x800 [ 666.320419][T16272] ? import_iovec+0x12a/0x2c0 [ 666.325100][T16272] __sys_sendmmsg+0x45b/0x680 [ 666.329838][T16272] ? ksys_write+0x1b1/0x220 [ 666.334351][T16272] ? ksys_write+0x1b1/0x220 [ 666.338862][T16272] ? check_preemption_disabled+0x40/0x240 [ 666.344578][T16272] ? check_preemption_disabled+0x40/0x240 [ 666.350317][T16272] __x64_sys_sendmmsg+0x9c/0xb0 [ 666.355175][T16272] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 666.361243][T16272] do_syscall_64+0x73/0xe0 [ 666.365655][T16272] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 666.371543][T16272] RIP: 0033:0x45cb19 [ 666.375425][T16272] Code: Bad RIP value. [ 666.379480][T16272] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 666.387888][T16272] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 666.395849][T16272] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 666.403816][T16272] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 666.411806][T16272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 666.419772][T16272] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 [ 666.453421][T16289] FAULT_INJECTION: forcing a failure. [ 666.453421][T16289] name failslab, interval 1, probability 0, space 0, times 0 [ 666.481089][T16289] CPU: 0 PID: 16289 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 666.489765][T16289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 666.499804][T16289] Call Trace: [ 666.503073][T16289] dump_stack+0x1f0/0x31e [ 666.507576][T16289] should_fail+0x38a/0x4e0 [ 666.511971][T16289] should_failslab+0x5/0x20 [ 666.516449][T16289] kmem_cache_alloc_node+0x64/0x290 [ 666.521620][T16289] ? __alloc_skb+0x94/0x4f0 [ 666.526097][T16289] __alloc_skb+0x94/0x4f0 [ 666.530417][T16289] pfkey_sendmsg+0x148/0xf00 [ 666.535016][T16289] ? smack_socket_sendmsg+0x100/0x450 [ 666.540387][T16289] ? tomoyo_socket_sendmsg_permission+0x217/0x320 [ 666.546811][T16289] ? security_socket_sendmsg+0x9d/0xb0 [ 666.552361][T16289] ? pfkey_release+0x330/0x330 [ 666.557120][T16289] ____sys_sendmsg+0x519/0x800 [ 666.561899][T16289] ? import_iovec+0x12a/0x2c0 [ 666.566584][T16289] __sys_sendmmsg+0x45b/0x680 [ 666.571291][T16289] ? ksys_write+0x1b1/0x220 [ 666.575793][T16289] ? ksys_write+0x1b1/0x220 [ 666.580294][T16289] ? check_preemption_disabled+0x40/0x240 [ 666.586005][T16289] ? check_preemption_disabled+0x40/0x240 [ 666.591717][T16289] __x64_sys_sendmmsg+0x9c/0xb0 [ 666.596543][T16289] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 666.602580][T16289] do_syscall_64+0x73/0xe0 [ 666.606968][T16289] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 666.612832][T16289] RIP: 0033:0x45cb19 [ 666.616698][T16289] Code: Bad RIP value. [ 666.620742][T16289] RSP: 002b:00007ff3802c3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 666.629126][T16289] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 666.637071][T16289] RDX: 032bc45944b084a6 RSI: 0000000020000180 RDI: 0000000000000005 [ 666.645016][T16289] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 666.652962][T16289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 666.660924][T16289] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007ff3802c46d4 [ 666.687446][T16296] binder: 16270:16296 unknown command 0 [ 666.697787][T16296] binder: 16270:16296 ioctl c0306201 200004c0 returned -22 03:58:00 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x0) 03:58:00 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) ptrace$cont(0x7, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r2, 0xee01) r3 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f00000002c0)={0x0, 0x0, 0x0}, &(0x7f0000000100)=0x5f) setresgid(r4, 0xee00, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002dc0)=[{&(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000001440)=[{&(0x7f00000001c0)="81", 0x1}, {&(0x7f0000000240)="8c48aaf5713402b82bb6e384aaaab026cac2043bb7a655fe33f6628b200a3d4f350de01a26da4a07c3cacceebf691b7ea00f8210", 0x34}, {&(0x7f0000000280)="4ef66a048cc81351f8a90dd2ad2a8c98354d57769108e3942f583338cdc4b24dcaf4346aa085ede0379b34406483dc05af1e05099c6301991e42a233d660da11ed9dbdfabfd35b3ddba427d1323881a335d9f58e7a3e4efca084942a2da6976b6a5f6bd73c3967f081df4783a060436f3ea950fc016a560b26fabccfae357a71270151a05c3baee752b8a56d2258b4b31a0497670f88ff90486c2bbcf965f50f69c0af9cff89dcd2fca5b8155fb32a83a96c40213228755d4b7da5789774755f294f391aa5c041036c5aa2f8747e2a6147d9ca7b63f482716356d6e591660cbb821a3145d8a6a0132a8a7f40409d985dcf9144b576fbace462308b90f9403d31be8c6d630b1ce3d7bef7c3ba7046214ae9bc68f9cbad1ec4fd2d1fb151c3604bc3e7f711aacd7c8324bf8e8398d599e28afcbdc556abf549d517996ecf3dfb5337e3545d4316c4e70b1a87d8b29f0e69a2d7415b2ad7dab25ba5365ec72468da9ab6b9df577125476ecd3ad9d31473c31f83e40d1f7fe57185c516d220382c0e59e90c54162fdafd5e8d8cd00f43f21ff2cd48d87a6dea61337f3e16f9b71f0dee13229e8cb6680a5646fdfe766ac8928d5c6efd1d7a5fc8ca9acf2b07c800d3fcd730c990086c6e353924f6d297742a4b7e387b5ada3f15ef955ce13fb3e5caefb1d35d4e9681fbdcb1e1312e471d3fdeb20c388059c4497c2055980d0ff80df856569ae5d965dd474bf29a09701e8576f4f95f6c1e216f7ec5de40808e08f0ae7d146a7ba167535046d7142385c6197679cb7cbb547da24ee6c3ca3b3e2b9816805e49e560e8457fe3f7b395a987031602b0421cad3143881a9d9788dd2c5d600cdccd243e28d35b6878e38954bc9d27f12d4ae73b0554a0a206079e85613db853ee85930d601c0cba057b55fc3ddc2c5ff2a9b717c9f93f01c06330e955dfbdb0c808abd5aac5065a50714e7b5a54e6e4a29ddcdbb3088feb702aa40ed532f1f934ab36846be0a8121e6f8b4a383f7c4dd33133e7149369f209d22b4d089c2b9c1f94b709c191cd95027f3af366ffcf8619e3e64d27c968076ddb97245787ff8d4e0bc15d2cc0ef3435b54b3792a279387888c25b37b05aecc4890e7ecf47d5af0e9f20ae218dc920be53beaaf050c979f8775ffd12cbaa272b697a30414833a8bfa3235b68a72dce270467d39cfb295a36d54491444b760a73f1f4d3db46908465bb5e0084ef3a4cd40ddea9271619c905a77a430226007a1ac9a7e99f7f851f02d81863be2a142e269edd3768eb397618443088573533a528d4b8504f75c081bc36bf7cffd413c6d972023f53f7b7fe0bf2df8687056a3db91895b755f40ba0c4fa0f022321d6c9c4433f17d2f5b6d606542b1cf5f1a5bee43ea7b858922889a1ea610ee47221f5c218161e6cfa6974749901a16af4110cacfc3659015513f225a6994e587d106605e4455fb6e4e46e8b6b862126f75bbe5f3c7e4c0b8f79aa0109912fca6ce97fe3972082a91bc60e2b697960c411232602fd06a374df019dd7460ee0f9ee7c8b585ab0986f1ffb3fe03ffce7a5e4c78266351360e0945180f41bafa96f8c9668a47d621258513a8ae4d2da806f02b5198c549ce69ad6932e348149e296536dd78e3d4f6e0215f9519bbe2d95060d11d8f861dd09cf7e6c98bffea519ced6182b59be7e4054667770c3d9e3f1bf88efb05d624f2e9cb40493cb2f310859e36de221436c52557ce638ebab351457c4c4dcd162c9a0548a48a55c99628b3802abab39393be59585f11b3359022b072473e158f3026cfe29ab327c206fac66714f617dfa7791aee83ab68f01824d57e7688091aaf31b92a8dd181ac1f0f102ce09792eeb87b68b88dc4ddc35f0a5c3335ef2510fe4281fd5b7e5a2e3723bf292a626a53cf16da344661a80bd9436a962f6ea66ef7e08206fad494ba29c28a79518fd37b26da6035accca09b777e65ac9795bf1b2fc31592e0149290580fb0e3923736c4bff8c36644f8ba5937f5cad407b9841096e90b736beb8f4be1a953c33db38dc60357904f9d8a26d038fe96444e08c1d4d915986e5ebdd2c22d968e0fad5c3bd3b0b7744b67d0a3a4672342f595e88acc82c0bd2db9be811030ff43f6bf3ea7baf9a318c8e0061ea8c22b9c16ca8d480f28a8b5b5506ae52f2d502ff1bea4d545b325564b527b6255ca6f7b2d1ae097913b2cc85b988feb09e03a66e2db12dc4d0c1c510497fe46d45dde6e2a78ceeb8d6a4e049b4127e373d43d518e428200b682d502389492b7fa484dd30039f5322dc96f2c2b6368bc11a0cedb3bac8fbcfac4f34ec04dd38b5d1c3c21f0354773ab5fe78357d04ced39ae7415344485cf21235a54d203c2cb3a365450c325f267172ef746c370127d2b473784b2accd3f2f2a2deafb2759ff8f1a5bf7904b6426defc0160e5679cdbe1dadff76fbad85097f5fe9aac16fd0af06a2496b961362185a22a64dd8e4b28b842809879c31edc6fb372f21cc2c37a73e9816015043eb4c58b969aff826bf5f8fa5f190da980192fe32dff2d2c6ca8735e3958aeecb48afa48acf0a6848f3e65664ffdb1fb4cf4ce66607496cf273aae5b35b6a330a838f8d70164f59eedb7ecfd116e88e53c627f4bb39663ad045d83a684bf98bc681140dd42b7acebbc64bef51eb4f7f641c4d9a6d44dafd6cc58d436763d51c3b59a5c2c7e1ddca1df8f9a5c3c591297d8263c16c8a0012cae003c440aa74b2379a6bd63b547a0405df0f26de57d7b358056362df92b8d25282e467ea1ddb411533c371fac24e5dfcc14194194d559101eef4da95c470db208284350308c8ef569e3805b1b918ab0b99d53002b1838f097fad17e6580a9d638a450ae0d54a033573f6348cee65e08421f5c1d3d54add881f4c82d2bd63879a94c3ef790a357166b54f2357b9c4ddb0f3ec619ec48f60b28983bb1bcf8588728339598a945939a7609878f139e3e5550376bad9f2c65d1d853329bffca54fbbd868a18992839062d3b9b27f178f6ce92237ae3c6866e3d91add466338e0a185e022f2e603bcfd88de300067f3fe63fb1d6491e9d691874aff2a6787d82a5caf8a3dd78ba66d1e17355807a1b53e1291021e4799588e9dd3420298275eddc430848494030f5a76067be1f955a249ee5e149cf0549ed8a43ce4e012a5e7c62c95b19305573950a9093ba4f253cb4175a9f41d6b77574c114b48b16daafed954d8be3c3b750fe3e3b57af29c8b52900bc4363fb9832b0016d6286599133ca1db7f7c129b804dd9001ff60f0d98e014dc5458b170eeef05e2f66f34af0d017b33ad5ff98fab095aa3c2cae3a66169a76a3afe07616312308b266d5ccfa813050f1cfc410fd0db4209496adeec936ef5cb0f1a680d92196c1b92f4d1ec9171e9553771581b43c757322b88be67156da128956b3687f2c12370cdd5c49707b05ff0d6a50217ec54099b0ad98d9a7ed63119372e5a0fee7434c1e43e29144007f00f57693c879292e4541fe750d7c4a12d998a7c73d57f528ebf9354164e3e309fb6b4eb5704542abb13fee2a6a8f383b1e3248f5756cae862cd2c6dfd107d53de0c56adb85d16ec0983acb71fecc22502df33e8e51b934cc23ce818ddd12f4325e38ea99e29d75e6c154a9a995f5b61999d9dc0112be9d6dfdbee14d1a5d109bc345fd98eb579b7de5b812e75e56825ad87cc838ffc402f9864226fe1cafe6b070bf47f08e737ad1566fe1da2e9be0df3893012bd15e41ab8cb2995ecb0aaf6f68f5fd20ae118c88ad2d0e11728a6554e9a4823d3f6e0d3270abbaf44da369bf514abcec5c01b4bfacbd1654db6d0eb96b4f44d5fdc0ab2b127213d034d972326edf2a0cfe3a1710596949ef0a92bd074da318f1779f0f876bd6ffd2eb310a443b279ac6e5ad83b50179ec4547d423c939bd3187c40dbe5b1051328492e801edf616e6166e2fd38067a0385749fc6bb65700e74f452b6a589dcc5af50474aa0e93363b77ce82aedc2c9b7c9123274783283f72b9af3c8af02a9f92aac3f46228d2e4f30c56965397fe81792072470127e65297c45050cc5c92aa4329c1fe44279854609be040b24124ddf140c6c1d8f77cb4233398c1238c4ec8e63b6b5255fe9720642ad3e62bd1bd8c238a28591bed34be81043f9d01dab81420591252a2188fcf942b37fff3a77e9d49f55a644de052f12b33028d34bd721392d35f6cad5fab2b0365c30b74dbcfb92ff2a97bb8dee35075aae62fd0e8c978b668a821a1525ab4b8aab5b40472aa2462e644320b1cdd81eb033601cfcac1dec625b5c2ea12d6941d6306995e481bbdfa1c3c804b238178fc870555731f9ebb82d9ab5a7b6cbbdd94bfc86e49af9a9c3168614e8783973afd78dfc3bb9ad551ecd185062142fe66f4e2fee1d84c2018ba0d2a0c3f805b1bea6879052c807ab5514a384774f1ed512e1da5bf1154876e1c41f5f45e721ad6d2b255250ce60fa66bce63bb042720675e05d10ea7e4d0e8628c31117befd8633186e9614419909ec93dd748e4df2322476c6bcb1af782db0b7ebf94ad7a85580883ff3ae989f9959b66954124be9faaf1b9a68d5e8b2d53edb16f303bd5f2bc46e4b404a6f18e5917fafd48eb21c4e07123cc62a88e15d79a38f30d769af6ecf1e808b2f6852e6528a099bdf16c679a7e4714eac17c77d833a192b47c45621b7a1b23a1b460ca2f9e3ee5aeb2b9f2ab85eac12c65cc88e89a9d7c6851c91fc4df1c5ec7f5b5869a6f1c997b92c2bb31f1e3266378bd14b19734b5a8df6b003ffec8f0ad4ce89d629d5ce53bfa3597413258984c959420b31cab36940ddbf2d49063390007bf10e25310b6a002e1a8565ea134f40139718c378ef5bb4e2c669310fd326c0ed27473932670934a4ed4cb6f982d4d0942ab09cf3b74e860db31caf697cd2817bd91d5f4cd7cf3cc45dee5f3f8d4a18c0e67eae652286e38a172b2ee8a7aca09ad44139f4913c53ec30666e72acaefe6548db1d3404419261fd055f4a0b0ce3d60924630ac8ba526066a9b1829d80c6a6512686a8304d79e545d92cd80c449a833800aab830e3004277075713d16987d7429fa1237aaae8da60a78566c0a92153f453f5142bf1dbaac7dc87f84d0534aafe9e970b35ea4986054a63537f4e62e4a9beae75cf7afbbb5ff1d92f5524ef558a6977ec9dd305f7bae83c847ae0b6c345fa39cb7f5b200b9b9978458d182bfa25b525ac45f4e23aa1ca5df2e64f09ed69b5e6dcc9526fe3c935b860fdf0aa83eeb2e80bd32b013a55abf33d89d49cd84080c540772f9da4e2c5fd89c56de8caf1bae17eac1cb65e72cb198491de1879ba4c3b95a0d2c955908c0b8cf9922beea85a69fc06a8fa5173637edd08c1f0986f346efaa8938f8594217c2506bdbc5b03b9db4e041391fab5e632f0764c186540abdcf0fc439963dff5f4c640e22c4d5976dcc1ac34a1606e3c75a3541cd9a0bdd31e51f8085c052868b9c12ceb3103b16ef68544035b8b1997fb07837c6e86905029a0a614010fffad2ed4a22b6529612cf9c7a0173f52dc16928b69716bfcf7834c654788fea5217347e896413d7e52cfa410910477b208e88a3d320c748463cba6ee43fe210dedc1e88f581edbda3982293236574820e7c822486bd1be34591888b65e92ce5bae69d07cc2532ddee4714b79aab70d5dd12ccc311ac6e9dad916ebece9ac4ad0e3d7b52dd4d1f1b0917ec52bf055b58fbfc19bdfb3ba7f5235e18dd1063a4de89d295c01b1d9551b490c2826492ea042a143", 0x1000}, {&(0x7f0000001280)="883895786306b31d40d8eee91425bf3b8f0cfee4ef10ff76e0cdb08f0dde9b73e17d018e936b6dfd0021d1c6ddae22525382217bda0722928a6a590a87b2c5ce0fc13a271478be3f9663c135cb1a99884923c0ac16f85aed20f946e82c853b193daf9d2a0be42aaba15ab659342a64f5f149ad9b98a7c70f2f625f4da7d90892b89431d147e3d0026daf3f8e8fe0d74366b67223fad7dcd98c852657511567deba028499e8f8f8ac3212a811c0f8786c5a26489dd104258a64898843ebed4b5d781672d91e3ccad4cbc2a8f64a72594a46c00e8ffec331e1cbe6ec9b41c99c7cddbf5a66785a8e7d60397ec5772299cf5d3e6e051ded60fc", 0xf8}, {&(0x7f0000001380)="949167e6d54db2959c0e4d9f56e7d383089fcc5166e052294f5ae2b3cfd49f4aba0399b79d5308c64b1f84b1d240365d3c9b9ad72d9ecf255cf7907216f851943545bab7e343ebf256ead5afb5210ffe7b86adb9828a6bc5f402627dd2d09118a767bc90e5a1ae636b8906f59d8684d93cddf3c61e458a091406cd915e4c01c9f2ced87e80cf910681b9ea9fcf6b348bc7066805f4c3bb459fc8cc28d35df9c9d68a97", 0xa3}], 0x5, 0x0, 0x0, 0x4810}, {&(0x7f00000014c0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000001a80)=[{&(0x7f0000001540)="eb84efbfa44c61e9d8571ecce9364bae", 0x10}, {&(0x7f0000001580)="fc8bd3848c9af769417d2ecdcf4b7dca918188a466bfca24da36ed073002d9d4ad83d121bb58b7f8dd8faa91e5c6812046e7c08d6b8e9298868ed44cf2ca63230c650e2a3a032c9606e788f7576344a5b0d4d0e71750ba2c403b47cb5f1aa582216f316d888e039a45104a750687d0f61ed87a4d92adf10507e9c896ad63e1efbe92466c90395e34fe7e101fde5664b041077fa541ba1fe428fbb580beaabf7b2dcd26f71ff2a092527b89", 0xab}, {&(0x7f0000001640)="3713e71a7866a79b46189c8074cb91801dc7a7a1f12bd103f00ce189dc7d2a3ac53e1279cc3715b6fee25a18870bbf361e2e94f0241fad7771995ebca7899eea2185b159c13ff542e10e6f95bc5b3a6ba2dd23e90841533386f2b673b0467a11e75752d593663c20ccc8", 0x6a}, {&(0x7f00000016c0)="313b7f8a0c597258cc0b1d31ed1eb112c693b5293125c3ebafdcbedc51e0d58856c3f76f92e03e5f2de892d72f698bb35eb17c53a70ef9b06ba2507605b443b25cc2190c3af0222e1b2dd75e492a", 0x4e}, {&(0x7f0000001740)="96460640c4ea0cae4a47e96a12a09fc8d64005956d407249abd01cf723f54ac59e2106758026791b", 0x28}, {&(0x7f0000001780)="fb424b1e6606b1d96c500e58e58594e46f3e0aae85555df4797ec784c44a28b8ebb2d72d5bbe0cc874ae81f2a60577c1a3102cf28bc3e215530d6258d46ebcf547f6b739919f393840c5bf334fc1807bf2e5bd9559dc504fc695508109c15cdbdd2265b2450f22c35d62a41fe0847f4cf5153d261ba73c3595acfc688910e43a07aca11380b1af9caf5ebbda8729f7666b917d4d218e34486196f1d6ad7ef764f43aba2f03a0303afcb74b7b7ef2c1228ce3906e984248e62e362da049053fb0a3199fd661e7bc274f32e27d3c06", 0xce}, {&(0x7f0000001880)="83e31081a83fe49ebb78c795daf8fb3880170a9d2a701ab4c4950cc8060240c6f9bc31848f57604c7d2ecdddd83d68a385f8423d8f024413da8e50b31ee6d9d5e2ca4375ca4a578a4120f66f353fc025ab85d50d9ffae016e9af340c524ec2fefcfd4c34e38e02e64c28ce8454f67cc98cd9c39feea5d1d3e553cee90ecdf1f3c607d617e803ea7a474464750ae164a3ee9b3d53039ccc7d93bc47a1fb62ef2d58ace288b04735aa77da0bc67bcb98e8758a08b79bc504dc", 0xb8}, {&(0x7f0000001940)="3a8c01f11b91881e3dbb77eeaf282af2ef3d28dac18418890c58ac62dd52ba108325f090c2b0e143", 0x28}, {&(0x7f0000001980)="b5eb56798b70c1d3d09222a0eca804e4250a183f6ef37c8c316717cae55172cf137a24c648b95dd2626addd1144b01334b3e101445d2b20be51ae992de9e5253a14077af44e986e253209b8113f57cfeea418bdd5bb66faf6dd12e3856f3b9e3a9520c8bfaf30395eb8e189527058fd78447ad6f3c23479489eb2918ad6c54a53aa401f65d7f543bb8d49e9bc62374e9237027be727a5470eea0bed79e61c1f51b52fa5e6e882cdcc8343fe46edcc9c26f3a89a02aea0aee51a3ae9c2092b1f8164a", 0xc2}], 0x9, 0x0, 0x0, 0x180}, {&(0x7f0000001b40)=@abs={0x0, 0x0, 0x4e22}, 0x6e, &(0x7f0000001c00)=[{&(0x7f0000001bc0)="3e8f7296f78149e8d2ca19bd77f3b7b36e", 0x11}], 0x1, &(0x7f0000001e00)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x80, 0x40810}, {&(0x7f0000001e80)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000002000)=[{&(0x7f0000001f00)="dc9ab69b4e76c4baec3277cfc718d8afa6b986cc1408fa2f94bb784959f66af2558984a7071d8b5b7a26187672d391ceac8d2beef784e953f9f7b7ca98a3157779dda511051ad2dadb5bb68fff517d39e1d6212efc942a8bb1ccf12c33b6c52af69a78452dd87db3c95b2ba3f9cfda95c3231618", 0x74}, {&(0x7f0000001f80)="82aa40e8c5539fafac3030d4ef63929a49efcee7ee0d5968e202785f6556e9fc8b3efea024cc2ad900b723eca346ea2023c449c4ee96778fea9db66ff21c4e4d1144238c89ad9185a15399100a90b528e923d8f197056ef74cf232cbe720becfb4fe4318ccb53042b2217299638c1865729e55960dfd37", 0x77}], 0x2, &(0x7f0000002080)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x90, 0x400c881}, {&(0x7f0000002140)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f00000026c0)=[{&(0x7f00000021c0)="2a3d3ba3653df5101474c77c444c93c566e09c5c39a592399141d293c612f28dff2bc522896a100d24c0c721198d430fd523e525ce36fab618a1a810dfc625dc72536c7c627d1caeee9dc67ee1d8f6250f87ccb8d1175b7d4f93719ba0e24ef8b5e42cc44bb436dfa672761c8c14968eeb82446744bea66dcbc9779c7c5d9fad3b9effc354f47ac8d20fb71490d60ee6792d7e165fd68063b685e6d6b5e967cd76108d9cb284b1c14519697c3536260f5df09894270154f6a540b4dcdc19cfd1eaf86dc3862ef5ca91efd6996b6f6b911a3e70952943796ea6c04f7a6c8b4e83d6e15125e8b253762265930c4f3e", 0xee}, {&(0x7f00000022c0)="0a51a4d3621be3201243a5d648121804dbdb892a83e5f8c2b894ec3d5b316dad5fda9148f81c8a432ddf7ab2b37093b9ebcd8ebecd994ecaecf96d4ad9472f427716b743225a2f71426b96cfb62b059a42fba01a839cf9ec1d28b9714a9760f55129fba517bd69080c7e3b4f6fe9b9c280feb2cbb8d59f66a9dd4d6f605bcd24d95e285934d10105902126bc3bf3650f71d9bf970a08fab934a0545604df2cd3f3fbce3ab5e353c7c205d3943606b8bddb371e5add20110e7c0e11a84ae007ab9ca4ae6b3d997b27aff909ad2bdd70aed2830b28e8d3bff3307cb8a9ba", 0xdd}, {&(0x7f00000023c0)="4993ae7abcd7ec0d2fcb63bd77b2f22a831652bce52cec779bfca5811a6a5799d58d278255d96add29ccdbeb68d68633ae716c2c94330d058f12033962615573cd1a4ebd22c394f747745f22e0e0980bd4adf08e2c4a6ec25de4e1882696c5bae8f0aea9b9ff65846c37f3c2b551079da28b11fa2d37c80462845fcc076a48daafd0524ec2876263fe88d50d8338c29d31f48f399b28d2ded088c287e3344f995e", 0xa1}, {&(0x7f0000002480)="5df266e0393da46062ed5bf9eafbe8926942f6c2ccb23ab3004bc889f496a8f691c0219c62457f1a7ce0528040705e4b5763d1f18d41e6ab8b5b163f89930935b55b6fa47f17aff3f74296ebd760ef63a11c40ee9ecc851e", 0x58}, {&(0x7f0000002500)="f3f33ac8c9cf559f886bccf81549677d12a00ce7a3f585a9fbc4445b39cc5e2c1fa99a76293c48e2725e71b18fe8e8e168267140ac33171e8347a6021211773476cc43986d818bd84eb96cef1c09344c4ee190a17db3ed5484cde1e0cf8d72fbd67c6ad733089bf02e12d8506cd7a96ca60b0ed960fd2f22ca177986320a3a2e12ee475f73151058da48085ba7df1f6e24b639fbd533bb491bf8eac6313ff1e62277c23d8755266cffbd4a3b75f876ee3a67ed9b05f1acbd52d9a6877da79130d210a13e0aec99b338", 0xc9}, {&(0x7f0000002600)="f1df05e60a8494b12b938bad3ec41bb7cab2dcd6a3a93b167608c06cdd6fc8915594451e973e3b5ec20b54c21981cd870f4ec4666f4900b92435a221d00fc489c112a9c93accb2d1d3d2ca0fd328bf23fcf5753a710e6e479d86484c6c0197d99240851b0757c7f454494e575e806f1afb6fef937d0cd4dc7d46af3fcd7c51532eef", 0x82}], 0x6}, {&(0x7f0000002740)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000002a40)=[{&(0x7f00000027c0)="0b5e549ffa8350309f58827f9d7eedce26bc5ff4138c2ab75a6bd72f42413333902e39670d4b97f364ee08916ddd845a73f4a72315e7ed4b41bd0934933b3e04f61e98c8b29190570da612d7fdbbcf685169d2c3e9cae39ed3610cbd30d72b1697550557302a8acd693dceaf2ed25e219c6c42b49e15bd8d30895b27e095dbd7e374b2f5eeabc79a283b037579089838", 0x90}, {&(0x7f0000002880)="da9f3c663250748ae4df7c747593bcb47235fb57262de9fcaabe506b319223662b65ee824a78890ddb32bdd175a96294f3667219a8d99fdd47f57ae16dba9e015739daaee74364ed57c4a49b60fda9b0b9f2d6762f63113e05db6bddfc387d99869ddd9a026f97e8b8751940c3a23bd7e0c9e9d5c3875f10db9075a2ca3401e3fe9bbec8ac6a6cb6af9f461963f76305426671fddc474353b89869b373e0c4", 0x9f}, {&(0x7f0000002940)="55f29a0675653d083a201dc8f57f7f71cf54dc674bf1568375cce081aa0bec4c807370279b190ead7925a69b5905c2f1fba3340baa0b79633ce504769485272248a310ff7377fdc21d1abd95b27c9a8fe71d18350fa8ca4b96ced7ad172ffc11e7968dcb672cea97f1cad6c0cad80cd95c86a1a848ea781f466a107a846871c50fa2dfa3d47b2d7ccef2a93c7fbd19649252053c578ef4e5b75282a03ced41322b8dd0738c7bb3eb9fb6f7e4c25f6d35a9a33f3dd7aa0bee02dff92208fe72d374a3fd3fb1d6a475256b97206d20bb57ada123c48241b1f341cc11967405e7b4f2a9f8c07dd44b4c9ee4ea", 0xeb}], 0x3, &(0x7f0000002c80)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, r2, r4}}}], 0x118, 0x8091}], 0x6, 0x80c0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = gettid() wait4(0x0, 0x0, 0x1000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r5, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r5, 0x3c) ptrace$setregs(0xd, r5, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r5, 0x0, 0x0) 03:58:00 executing program 1 (fault-call:6 fault-nth:86): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:58:00 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x40186366, &(0x7f0000000000)={0x0, r2}) 03:58:00 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0xb, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:00 executing program 5 (fault-call:8 fault-nth:7): sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:58:00 executing program 4: r0 = gettid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) timer_create(0x5, 0x0, 0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$DRM_IOCTL_RES_CTX(r6, 0xc0106426, &(0x7f0000000040)={0x7, &(0x7f0000000000)=[{}, {}, {}, {}, {}, {}, {}]}) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r4, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r4, 0x3c) ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r4, 0x40000000000, 0x1004) [ 668.254326][T16307] FAULT_INJECTION: forcing a failure. [ 668.254326][T16307] name failslab, interval 1, probability 0, space 0, times 0 [ 668.268955][T16306] FAULT_INJECTION: forcing a failure. [ 668.268955][T16306] name failslab, interval 1, probability 0, space 0, times 0 [ 668.308269][T16311] binder: 16305:16311 unknown command 0 [ 668.321509][T16311] binder: 16305:16311 ioctl c0306201 200004c0 returned -22 [ 668.329115][T16307] CPU: 0 PID: 16307 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 668.329125][T16307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 668.347832][T16307] Call Trace: [ 668.351123][T16307] dump_stack+0x1f0/0x31e [ 668.355450][T16307] should_fail+0x38a/0x4e0 [ 668.359856][T16307] should_failslab+0x5/0x20 [ 668.364338][T16307] kmem_cache_alloc_node_trace+0x69/0x2b0 [ 668.370034][T16307] ? __kmalloc_node_track_caller+0x37/0x60 [ 668.375841][T16307] __kmalloc_node_track_caller+0x37/0x60 [ 668.381465][T16307] ? pfkey_sendmsg+0x148/0xf00 [ 668.386218][T16307] __alloc_skb+0xde/0x4f0 [ 668.390539][T16307] pfkey_sendmsg+0x148/0xf00 [ 668.395129][T16307] ? smack_socket_sendmsg+0x100/0x450 [ 668.400515][T16307] ? tomoyo_socket_sendmsg_permission+0x217/0x320 [ 668.406917][T16307] ? security_socket_sendmsg+0x9d/0xb0 [ 668.412354][T16307] ? pfkey_release+0x330/0x330 [ 668.417099][T16307] ____sys_sendmsg+0x519/0x800 [ 668.421846][T16307] ? import_iovec+0x12a/0x2c0 [ 668.426510][T16307] __sys_sendmmsg+0x45b/0x680 [ 668.431209][T16307] ? ksys_write+0x1b1/0x220 [ 668.435690][T16307] ? ksys_write+0x1b1/0x220 [ 668.440178][T16307] ? check_preemption_disabled+0x40/0x240 [ 668.445921][T16307] ? check_preemption_disabled+0x40/0x240 [ 668.451634][T16307] __x64_sys_sendmmsg+0x9c/0xb0 [ 668.456466][T16307] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 668.462509][T16307] do_syscall_64+0x73/0xe0 [ 668.466902][T16307] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 668.472791][T16307] RIP: 0033:0x45cb19 [ 668.476656][T16307] Code: Bad RIP value. [ 668.480694][T16307] RSP: 002b:00007ff3802e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 668.489092][T16307] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 668.497038][T16307] RDX: 032bc45944b084a6 RSI: 0000000020000180 RDI: 0000000000000005 [ 668.505075][T16307] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 668.513024][T16307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 668.520972][T16307] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007ff3802e56d4 [ 668.535349][T16306] CPU: 0 PID: 16306 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 668.544057][T16306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 668.554120][T16306] Call Trace: [ 668.557431][T16306] dump_stack+0x1f0/0x31e [ 668.561767][T16306] should_fail+0x38a/0x4e0 [ 668.566191][T16306] ? __kernfs_new_node+0x8b/0x630 [ 668.571212][T16306] should_failslab+0x5/0x20 [ 668.575711][T16306] kmem_cache_alloc+0x53/0x2d0 [ 668.580485][T16306] __kernfs_new_node+0x8b/0x630 [ 668.585328][T16306] ? kernfs_add_one+0x4b7/0x600 [ 668.590191][T16306] ? kernfs_add_one+0x4b7/0x600 [ 668.595041][T16306] ? __mutex_unlock_slowpath+0x12d/0x590 [ 668.600693][T16306] kernfs_new_node+0x95/0x160 [ 668.605372][T16306] __kernfs_create_file+0x45/0x2d0 [ 668.610483][T16306] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 668.615885][T16306] internal_create_group+0x445/0xd20 [ 668.621196][T16306] sysfs_create_groups+0x5d/0x130 [ 668.626225][T16306] device_add+0x862/0x1960 [ 668.630641][T16306] ? device_add+0xb31/0x1960 [ 668.635277][T16306] netdev_register_kobject+0x151/0x2e0 [ 668.640740][T16306] register_netdevice+0x130a/0x1b80 [ 668.645958][T16306] br_dev_newlink+0x24/0x110 [ 668.650544][T16306] ? br_validate+0x2a0/0x2a0 [ 668.655143][T16306] rtnl_newlink+0x143e/0x1bf0 [ 668.659868][T16306] ? __lock_acquire+0x116c/0x2c30 [ 668.664955][T16306] ? __mutex_lock_common+0x582/0x2fc0 [ 668.670358][T16306] ? rtnl_setlink+0x490/0x490 [ 668.675046][T16306] rtnetlink_rcv_msg+0x889/0xd40 [ 668.680009][T16306] ? local_bh_enable+0x5/0x20 [ 668.684788][T16306] ? __local_bh_enable_ip+0x133/0x230 [ 668.690205][T16306] ? __dev_queue_xmit+0x1846/0x2940 [ 668.695420][T16306] ? check_preemption_disabled+0x40/0x240 [ 668.701162][T16306] ? debug_smp_processor_id+0x5/0x20 [ 668.706563][T16306] netlink_rcv_skb+0x190/0x3a0 [ 668.711338][T16306] ? rtnetlink_bind+0x80/0x80 [ 668.716021][T16306] netlink_unicast+0x786/0x940 [ 668.720771][T16306] netlink_sendmsg+0xa57/0xd70 [ 668.725558][T16306] ? netlink_getsockopt+0x9e0/0x9e0 [ 668.730753][T16306] ____sys_sendmsg+0x519/0x800 [ 668.735510][T16306] ? import_iovec+0x12a/0x2c0 [ 668.740192][T16306] __sys_sendmmsg+0x45b/0x680 [ 668.744917][T16306] ? check_preemption_disabled+0x40/0x240 [ 668.750631][T16306] ? check_preemption_disabled+0x40/0x240 [ 668.756330][T16306] ? check_preemption_disabled+0x40/0x240 [ 668.762057][T16306] __x64_sys_sendmmsg+0x9c/0xb0 [ 668.766901][T16306] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 668.772961][T16306] do_syscall_64+0x73/0xe0 [ 668.777367][T16306] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 668.783244][T16306] RIP: 0033:0x45cb19 [ 668.787122][T16306] Code: Bad RIP value. [ 668.791209][T16306] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 668.799611][T16306] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 668.807575][T16306] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 668.815533][T16306] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 668.823486][T16306] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 668.831459][T16306] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:58:01 executing program 5 (fault-call:8 fault-nth:8): sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 668.935342][T16329] FAULT_INJECTION: forcing a failure. [ 668.935342][T16329] name failslab, interval 1, probability 0, space 0, times 0 [ 668.950506][T16329] CPU: 0 PID: 16329 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 668.959207][T16329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 668.969248][T16329] Call Trace: [ 668.972517][T16329] dump_stack+0x1f0/0x31e [ 668.976853][T16329] should_fail+0x38a/0x4e0 [ 668.981242][T16329] ? skb_clone+0x1b2/0x370 [ 668.985645][T16329] should_failslab+0x5/0x20 [ 668.990128][T16329] kmem_cache_alloc+0x53/0x2d0 [ 668.994861][T16329] ? _copy_from_iter_full+0x4ce/0xaa0 [ 669.000206][T16329] skb_clone+0x1b2/0x370 [ 669.004431][T16329] pfkey_sendmsg+0x3c6/0xf00 [ 669.009010][T16329] ? smack_socket_sendmsg+0x100/0x450 [ 669.014356][T16329] ? tomoyo_socket_sendmsg_permission+0x217/0x320 [ 669.020746][T16329] ? security_socket_sendmsg+0x9d/0xb0 [ 669.026191][T16329] ? pfkey_release+0x330/0x330 [ 669.030935][T16329] ____sys_sendmsg+0x519/0x800 [ 669.035675][T16329] ? import_iovec+0x12a/0x2c0 [ 669.040322][T16329] __sys_sendmmsg+0x45b/0x680 [ 669.045021][T16329] ? ksys_write+0x1b1/0x220 [ 669.049512][T16329] ? ksys_write+0x1b1/0x220 [ 669.054005][T16329] ? check_preemption_disabled+0x40/0x240 [ 669.059693][T16329] ? check_preemption_disabled+0x40/0x240 [ 669.065413][T16329] __x64_sys_sendmmsg+0x9c/0xb0 [ 669.070248][T16329] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 669.076283][T16329] do_syscall_64+0x73/0xe0 [ 669.080686][T16329] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 669.086555][T16329] RIP: 0033:0x45cb19 [ 669.090428][T16329] Code: Bad RIP value. [ 669.094464][T16329] RSP: 002b:00007ff3802e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 669.102850][T16329] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 669.110800][T16329] RDX: 032bc45944b084a6 RSI: 0000000020000180 RDI: 0000000000000005 [ 669.118742][T16329] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 669.126689][T16329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 03:58:01 executing program 1 (fault-call:6 fault-nth:87): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 669.134633][T16329] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007ff3802e56d4 [ 669.169400][T16333] binder: 16305:16333 unknown command 0 03:58:01 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4018aee1, &(0x7f0000000000)={0x0, r2}) [ 669.195068][T16333] binder: 16305:16333 ioctl c0306201 200004c0 returned -22 [ 669.234894][T16339] FAULT_INJECTION: forcing a failure. [ 669.234894][T16339] name failslab, interval 1, probability 0, space 0, times 0 03:58:01 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0xc, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 669.297329][T16339] CPU: 1 PID: 16339 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 669.306246][T16339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 669.316416][T16339] Call Trace: [ 669.319721][T16339] dump_stack+0x1f0/0x31e [ 669.324188][T16339] should_fail+0x38a/0x4e0 [ 669.328605][T16339] ? __kernfs_new_node+0x8b/0x630 [ 669.333617][T16339] should_failslab+0x5/0x20 [ 669.338189][T16339] kmem_cache_alloc+0x53/0x2d0 [ 669.342940][T16339] __kernfs_new_node+0x8b/0x630 [ 669.347769][T16339] ? kernfs_add_one+0x4b7/0x600 [ 669.352694][T16339] ? kernfs_add_one+0x4b7/0x600 [ 669.357531][T16339] ? __mutex_unlock_slowpath+0x12d/0x590 [ 669.363153][T16339] kernfs_new_node+0x95/0x160 [ 669.367817][T16339] __kernfs_create_file+0x45/0x2d0 [ 669.372998][T16339] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 669.378353][T16339] internal_create_group+0x445/0xd20 [ 669.383755][T16339] sysfs_create_groups+0x5d/0x130 [ 669.388758][T16339] device_add+0x862/0x1960 [ 669.393170][T16339] ? device_add+0xb31/0x1960 [ 669.397770][T16339] netdev_register_kobject+0x151/0x2e0 [ 669.403212][T16339] register_netdevice+0x130a/0x1b80 [ 669.408401][T16339] br_dev_newlink+0x24/0x110 [ 669.412963][T16339] ? br_validate+0x2a0/0x2a0 [ 669.417535][T16339] rtnl_newlink+0x143e/0x1bf0 [ 669.422305][T16339] ? __lock_acquire+0x116c/0x2c30 [ 669.427454][T16339] ? __mutex_lock_common+0x582/0x2fc0 [ 669.432827][T16339] ? rtnl_setlink+0x490/0x490 [ 669.437493][T16339] rtnetlink_rcv_msg+0x889/0xd40 [ 669.442426][T16339] ? local_bh_enable+0x5/0x20 [ 669.447079][T16339] ? __local_bh_enable_ip+0x133/0x230 [ 669.452429][T16339] ? __dev_queue_xmit+0x1846/0x2940 [ 669.457638][T16339] ? check_preemption_disabled+0x40/0x240 [ 669.463335][T16339] ? debug_smp_processor_id+0x5/0x20 [ 669.468603][T16339] netlink_rcv_skb+0x190/0x3a0 [ 669.473364][T16339] ? rtnetlink_bind+0x80/0x80 [ 669.478026][T16339] netlink_unicast+0x786/0x940 [ 669.482775][T16339] netlink_sendmsg+0xa57/0xd70 [ 669.487527][T16339] ? netlink_getsockopt+0x9e0/0x9e0 [ 669.492705][T16339] ____sys_sendmsg+0x519/0x800 [ 669.497453][T16339] ? import_iovec+0x12a/0x2c0 [ 669.502122][T16339] __sys_sendmmsg+0x45b/0x680 [ 669.506817][T16339] ? ksys_write+0x1b1/0x220 [ 669.511313][T16339] ? ksys_write+0x1b1/0x220 [ 669.515797][T16339] ? check_preemption_disabled+0x40/0x240 [ 669.521519][T16339] ? check_preemption_disabled+0x40/0x240 [ 669.527230][T16339] __x64_sys_sendmmsg+0x9c/0xb0 [ 669.532060][T16339] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 669.538120][T16339] do_syscall_64+0x73/0xe0 [ 669.542519][T16339] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 669.548391][T16339] RIP: 0033:0x45cb19 [ 669.552264][T16339] Code: Bad RIP value. [ 669.556306][T16339] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 669.564695][T16339] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 669.572657][T16339] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 669.580608][T16339] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 669.588558][T16339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 669.596518][T16339] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:58:01 executing program 5 (fault-call:8 fault-nth:9): sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 669.738532][T16357] FAULT_INJECTION: forcing a failure. [ 669.738532][T16357] name failslab, interval 1, probability 0, space 0, times 0 [ 669.758084][T16357] CPU: 1 PID: 16357 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 669.766782][T16357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 669.776830][T16357] Call Trace: [ 669.780126][T16357] dump_stack+0x1f0/0x31e [ 669.784458][T16357] should_fail+0x38a/0x4e0 [ 669.788873][T16357] should_failslab+0x5/0x20 [ 669.793382][T16357] kmem_cache_alloc_node+0x64/0x290 [ 669.798573][T16357] ? __alloc_skb+0x94/0x4f0 [ 669.803071][T16357] __alloc_skb+0x94/0x4f0 [ 669.807414][T16357] pfkey_sendmsg+0x148/0xf00 [ 669.812012][T16357] ? smack_socket_sendmsg+0x100/0x450 [ 669.817384][T16357] ? tomoyo_socket_sendmsg_permission+0x217/0x320 [ 669.823791][T16357] ? security_socket_sendmsg+0x9d/0xb0 [ 669.829227][T16357] ? pfkey_release+0x330/0x330 [ 669.833967][T16357] ____sys_sendmsg+0x519/0x800 [ 669.838730][T16357] ? import_iovec+0x12a/0x2c0 [ 669.843387][T16357] __sys_sendmmsg+0x45b/0x680 [ 669.848261][T16357] ? ksys_write+0x1b1/0x220 [ 669.852740][T16357] ? ksys_write+0x1b1/0x220 [ 669.857220][T16357] ? check_preemption_disabled+0x40/0x240 [ 669.862914][T16357] ? check_preemption_disabled+0x40/0x240 [ 669.868609][T16357] __x64_sys_sendmmsg+0x9c/0xb0 [ 669.873444][T16357] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 669.879496][T16357] do_syscall_64+0x73/0xe0 [ 669.883885][T16357] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 669.889746][T16357] RIP: 0033:0x45cb19 [ 669.893605][T16357] Code: Bad RIP value. [ 669.897636][T16357] RSP: 002b:00007ff3802e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 669.906019][T16357] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 669.913973][T16357] RDX: 032bc45944b084a6 RSI: 0000000020000180 RDI: 0000000000000005 [ 669.921920][T16357] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 669.929873][T16357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 669.937835][T16357] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007ff3802e56d4 03:58:03 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x0) 03:58:03 executing program 1 (fault-call:6 fault-nth:88): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:58:03 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0xd, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:03 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4020940d, &(0x7f0000000000)={0x0, r2}) 03:58:03 executing program 5 (fault-call:8 fault-nth:10): sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:58:03 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) setsockopt$bt_hci_HCI_DATA_DIR(r2, 0x0, 0x1, &(0x7f0000000000), 0x4) ptrace$cont(0x9, r1, 0x0, 0x0) [ 671.294928][T16367] FAULT_INJECTION: forcing a failure. [ 671.294928][T16367] name failslab, interval 1, probability 0, space 0, times 0 [ 671.341770][T16368] FAULT_INJECTION: forcing a failure. [ 671.341770][T16368] name failslab, interval 1, probability 0, space 0, times 0 [ 671.350163][T16367] CPU: 0 PID: 16367 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 671.363072][T16367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 671.373129][T16367] Call Trace: [ 671.376407][T16367] dump_stack+0x1f0/0x31e [ 671.380730][T16367] should_fail+0x38a/0x4e0 [ 671.385144][T16367] should_failslab+0x5/0x20 03:58:03 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000100)='SEG6\x00') sendmsg$SEG6_CMD_SETHMAC(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x30, r4, 0x5, 0x0, 0x0, {}, [@SEG6_ATTR_SECRET={0x4}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x9}, @SEG6_ATTR_ALGID={0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x7}]}, 0x30}, 0x1, 0x6c}, 0x0) sendmsg$SEG6_CMD_DUMPHMAC(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000240)={0x68, r4, 0x100, 0x70bd28, 0x25dfdbfc, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x2}, @SEG6_ATTR_SECRET={0x14, 0x4, [0x6, 0x4, 0x20, 0x80]}, @SEG6_ATTR_SECRET={0x18, 0x4, [0x6, 0x8, 0x3, 0x0, 0x400]}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x4}, @SEG6_ATTR_SECRET={0x18, 0x4, [0x3, 0xfffffffb, 0xffff, 0x69eb, 0x7]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) r5 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r5, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r5, 0x3c) ptrace$setregs(0xd, r5, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r5, 0x0, 0x0) [ 671.389621][T16367] kmem_cache_alloc_node_trace+0x69/0x2b0 [ 671.395313][T16367] ? __kmalloc_node_track_caller+0x37/0x60 [ 671.401094][T16367] __kmalloc_node_track_caller+0x37/0x60 [ 671.406730][T16367] ? pfkey_sendmsg+0x148/0xf00 [ 671.411471][T16367] __alloc_skb+0xde/0x4f0 [ 671.415803][T16367] pfkey_sendmsg+0x148/0xf00 [ 671.420401][T16367] ? smack_socket_sendmsg+0x100/0x450 [ 671.425773][T16367] ? tomoyo_socket_sendmsg_permission+0x217/0x320 [ 671.432181][T16367] ? security_socket_sendmsg+0x9d/0xb0 [ 671.437644][T16367] ? pfkey_release+0x330/0x330 [ 671.442404][T16367] ____sys_sendmsg+0x519/0x800 [ 671.447163][T16367] ? import_iovec+0x12a/0x2c0 [ 671.451833][T16367] __sys_sendmmsg+0x45b/0x680 [ 671.456541][T16367] ? ksys_write+0x1b1/0x220 [ 671.461038][T16367] ? ksys_write+0x1b1/0x220 [ 671.465538][T16367] ? check_preemption_disabled+0x40/0x240 [ 671.471247][T16367] ? check_preemption_disabled+0x40/0x240 [ 671.476963][T16367] __x64_sys_sendmmsg+0x9c/0xb0 [ 671.481802][T16367] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 671.487845][T16367] do_syscall_64+0x73/0xe0 [ 671.492243][T16367] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 671.498148][T16367] RIP: 0033:0x45cb19 [ 671.502014][T16367] Code: Bad RIP value. [ 671.506080][T16367] RSP: 002b:00007ff3802e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 671.514465][T16367] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 671.522412][T16367] RDX: 032bc45944b084a6 RSI: 0000000020000180 RDI: 0000000000000005 [ 671.530362][T16367] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 671.538311][T16367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 671.546264][T16367] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007ff3802e56d4 [ 671.554236][T16368] CPU: 1 PID: 16368 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 671.562906][T16368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 671.572955][T16368] Call Trace: [ 671.576254][T16368] dump_stack+0x1f0/0x31e [ 671.580599][T16368] should_fail+0x38a/0x4e0 [ 671.585021][T16368] ? __kernfs_new_node+0x8b/0x630 [ 671.590040][T16368] should_failslab+0x5/0x20 [ 671.594535][T16368] kmem_cache_alloc+0x53/0x2d0 [ 671.599294][T16368] __kernfs_new_node+0x8b/0x630 [ 671.604138][T16368] ? kernfs_add_one+0x4b7/0x600 [ 671.608986][T16368] ? __kernfs_create_file+0x252/0x2d0 [ 671.614446][T16368] ? make_kgid+0x1ca/0x300 [ 671.618869][T16368] kernfs_create_dir_ns+0x90/0x220 [ 671.624108][T16368] internal_create_group+0x1e2/0xd20 [ 671.629403][T16368] dpm_sysfs_add+0x59/0x260 [ 671.633905][T16368] device_add+0xc5e/0x1960 [ 671.638320][T16368] ? device_add+0xb31/0x1960 [ 671.642926][T16368] netdev_register_kobject+0x151/0x2e0 [ 671.648382][T16368] register_netdevice+0x130a/0x1b80 [ 671.653589][T16368] br_dev_newlink+0x24/0x110 [ 671.658171][T16368] ? br_validate+0x2a0/0x2a0 [ 671.662768][T16368] rtnl_newlink+0x143e/0x1bf0 [ 671.667451][T16368] ? __lock_acquire+0x116c/0x2c30 [ 671.672517][T16368] ? __mutex_lock_common+0x582/0x2fc0 [ 671.677903][T16368] ? rtnl_setlink+0x490/0x490 [ 671.682575][T16368] rtnetlink_rcv_msg+0x889/0xd40 [ 671.687519][T16368] ? local_bh_enable+0x5/0x20 [ 671.692196][T16368] ? __local_bh_enable_ip+0x133/0x230 [ 671.697560][T16368] ? __dev_queue_xmit+0x1846/0x2940 [ 671.702768][T16368] ? check_preemption_disabled+0x40/0x240 [ 671.708474][T16368] ? debug_smp_processor_id+0x5/0x20 [ 671.713749][T16368] netlink_rcv_skb+0x190/0x3a0 [ 671.718576][T16368] ? rtnetlink_bind+0x80/0x80 [ 671.723244][T16368] netlink_unicast+0x786/0x940 [ 671.727999][T16368] netlink_sendmsg+0xa57/0xd70 [ 671.732747][T16368] ? netlink_getsockopt+0x9e0/0x9e0 [ 671.737922][T16368] ____sys_sendmsg+0x519/0x800 [ 671.742676][T16368] ? import_iovec+0x12a/0x2c0 [ 671.747340][T16368] __sys_sendmmsg+0x45b/0x680 [ 671.752017][T16368] ? ksys_write+0x1b1/0x220 [ 671.756494][T16368] ? ksys_write+0x1b1/0x220 [ 671.760992][T16368] ? check_preemption_disabled+0x40/0x240 [ 671.766798][T16368] ? check_preemption_disabled+0x40/0x240 [ 671.772514][T16368] __x64_sys_sendmmsg+0x9c/0xb0 [ 671.777354][T16368] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 671.783424][T16368] do_syscall_64+0x73/0xe0 [ 671.787849][T16368] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 671.793717][T16368] RIP: 0033:0x45cb19 [ 671.797693][T16368] Code: Bad RIP value. [ 671.801819][T16368] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 671.810212][T16368] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 671.818271][T16368] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 671.826267][T16368] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 671.834308][T16368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 03:58:04 executing program 0 (fault-call:10 fault-nth:0): prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:58:04 executing program 5 (fault-call:8 fault-nth:11): sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) [ 671.842258][T16368] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:58:04 executing program 1 (fault-call:6 fault-nth:89): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 671.960234][T16397] FAULT_INJECTION: forcing a failure. [ 671.960234][T16397] name failslab, interval 1, probability 0, space 0, times 0 [ 672.000358][T16397] CPU: 1 PID: 16397 Comm: syz-executor.5 Not tainted 5.8.0-rc2-syzkaller #0 [ 672.009143][T16397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 672.017441][T16401] FAULT_INJECTION: forcing a failure. [ 672.017441][T16401] name failslab, interval 1, probability 0, space 0, times 0 [ 672.019180][T16397] Call Trace: [ 672.019209][T16397] dump_stack+0x1f0/0x31e [ 672.019226][T16397] should_fail+0x38a/0x4e0 [ 672.019240][T16397] ? skb_clone+0x1b2/0x370 [ 672.019249][T16397] should_failslab+0x5/0x20 [ 672.019261][T16397] kmem_cache_alloc+0x53/0x2d0 [ 672.057555][T16397] ? _copy_from_iter_full+0x4ce/0xaa0 [ 672.062928][T16397] skb_clone+0x1b2/0x370 [ 672.067169][T16397] pfkey_sendmsg+0x3c6/0xf00 [ 672.071754][T16397] ? smack_socket_sendmsg+0x100/0x450 [ 672.077154][T16397] ? tomoyo_socket_sendmsg_permission+0x217/0x320 [ 672.083571][T16397] ? security_socket_sendmsg+0x9d/0xb0 [ 672.089020][T16397] ? pfkey_release+0x330/0x330 [ 672.093772][T16397] ____sys_sendmsg+0x519/0x800 [ 672.098525][T16397] ? import_iovec+0x12a/0x2c0 [ 672.103201][T16397] __sys_sendmmsg+0x45b/0x680 [ 672.107909][T16397] ? ksys_write+0x1b1/0x220 [ 672.112410][T16397] ? ksys_write+0x1b1/0x220 [ 672.116917][T16397] ? check_preemption_disabled+0x40/0x240 [ 672.122634][T16397] ? check_preemption_disabled+0x40/0x240 [ 672.128359][T16397] __x64_sys_sendmmsg+0x9c/0xb0 [ 672.133212][T16397] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 672.139267][T16397] do_syscall_64+0x73/0xe0 [ 672.143689][T16397] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 672.149571][T16397] RIP: 0033:0x45cb19 [ 672.153437][T16397] Code: Bad RIP value. 03:58:04 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) read$hidraw(r3, &(0x7f0000000000)=""/79, 0x4f) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) [ 672.157488][T16397] RSP: 002b:00007ff3802e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 672.165871][T16397] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 672.173850][T16397] RDX: 032bc45944b084a6 RSI: 0000000020000180 RDI: 0000000000000005 [ 672.181806][T16397] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 672.189755][T16397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 672.197791][T16397] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007ff3802e56d4 [ 672.225273][T16401] CPU: 1 PID: 16401 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 672.233976][T16401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 672.244070][T16401] Call Trace: [ 672.247365][T16401] dump_stack+0x1f0/0x31e [ 672.251704][T16401] should_fail+0x38a/0x4e0 [ 672.256120][T16401] ? __kernfs_new_node+0x8b/0x630 [ 672.261147][T16401] should_failslab+0x5/0x20 [ 672.265664][T16401] kmem_cache_alloc+0x53/0x2d0 [ 672.270432][T16401] __kernfs_new_node+0x8b/0x630 [ 672.275280][T16401] ? kernfs_add_one+0x4b7/0x600 [ 672.280124][T16401] ? __kernfs_create_file+0x252/0x2d0 [ 672.285483][T16401] ? make_kgid+0x1ca/0x300 [ 672.289891][T16401] kernfs_create_dir_ns+0x90/0x220 [ 672.294992][T16401] internal_create_group+0x1e2/0xd20 [ 672.300297][T16401] dpm_sysfs_add+0x59/0x260 [ 672.304883][T16401] device_add+0xc5e/0x1960 [ 672.309296][T16401] ? device_add+0xb31/0x1960 [ 672.313892][T16401] netdev_register_kobject+0x151/0x2e0 [ 672.319341][T16401] register_netdevice+0x130a/0x1b80 [ 672.324552][T16401] br_dev_newlink+0x24/0x110 [ 672.329125][T16401] ? br_validate+0x2a0/0x2a0 [ 672.333703][T16401] rtnl_newlink+0x143e/0x1bf0 [ 672.338374][T16401] ? __lock_acquire+0x116c/0x2c30 [ 672.343440][T16401] ? __mutex_lock_common+0x582/0x2fc0 [ 672.348843][T16401] ? rtnl_setlink+0x490/0x490 [ 672.353517][T16401] rtnetlink_rcv_msg+0x889/0xd40 [ 672.358462][T16401] ? local_bh_enable+0x5/0x20 [ 672.363131][T16401] ? __local_bh_enable_ip+0x133/0x230 [ 672.368498][T16401] ? __dev_queue_xmit+0x1846/0x2940 03:58:04 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0xe, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 672.373701][T16401] ? check_preemption_disabled+0x40/0x240 [ 672.379413][T16401] ? debug_smp_processor_id+0x5/0x20 [ 672.384700][T16401] netlink_rcv_skb+0x190/0x3a0 [ 672.389459][T16401] ? rtnetlink_bind+0x80/0x80 [ 672.394227][T16401] netlink_unicast+0x786/0x940 [ 672.398998][T16401] netlink_sendmsg+0xa57/0xd70 [ 672.403778][T16401] ? netlink_getsockopt+0x9e0/0x9e0 [ 672.408961][T16401] ____sys_sendmsg+0x519/0x800 [ 672.413731][T16401] ? import_iovec+0x12a/0x2c0 [ 672.418395][T16401] __sys_sendmmsg+0x45b/0x680 [ 672.423099][T16401] ? ksys_write+0x1b1/0x220 [ 672.427584][T16401] ? ksys_write+0x1b1/0x220 [ 672.432071][T16401] ? check_preemption_disabled+0x40/0x240 [ 672.437769][T16401] ? check_preemption_disabled+0x40/0x240 [ 672.443474][T16401] __x64_sys_sendmmsg+0x9c/0xb0 [ 672.448391][T16401] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 672.454436][T16401] do_syscall_64+0x73/0xe0 [ 672.458830][T16401] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 672.464700][T16401] RIP: 0033:0x45cb19 [ 672.468567][T16401] Code: Bad RIP value. [ 672.472609][T16401] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 672.480995][T16401] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 672.488949][T16401] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 672.496904][T16401] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 672.504940][T16401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 672.512896][T16401] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:58:04 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4020ae46, &(0x7f0000000000)={0x0, r2}) 03:58:04 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000300)=[{0x0}, {0x0}, {&(0x7f0000000380)=""/71, 0x47}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000240)=""/133, 0x85}, {&(0x7f0000000040)=""/60, 0x3c}], 0x6, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:58:04 executing program 1 (fault-call:6 fault-nth:90): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:58:04 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x10, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:04 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x402c542c, &(0x7f0000000000)={0x0, r2}) 03:58:05 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 03:58:05 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x40) ptrace$setregs(0xd, r2, 0x3, &(0x7f00000001c0)="f4aca8304a4cabf7cc65b582f78509457d87c245a6058b0217614788c55328a60000130000") ptrace$setopts(0x4206, r2, 0x0, 0x100006) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/71, 0x47}], 0x1000000000000157, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PIO_CMAP(r4, 0x4b71, &(0x7f0000000140)={0x59, 0x8, 0xfffffffffffffeff, 0x1, 0x815, 0x800}) ptrace$cont(0x9, r1, 0x0, 0x0) [ 672.782395][T16439] FAULT_INJECTION: forcing a failure. [ 672.782395][T16439] name failslab, interval 1, probability 0, space 0, times 0 [ 672.850317][T16439] CPU: 1 PID: 16439 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 672.859059][T16439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 672.869107][T16439] Call Trace: [ 672.872398][T16439] dump_stack+0x1f0/0x31e [ 672.876732][T16439] should_fail+0x38a/0x4e0 [ 672.881244][T16439] ? __kernfs_new_node+0x8b/0x630 [ 672.886347][T16439] should_failslab+0x5/0x20 [ 672.890843][T16439] kmem_cache_alloc+0x53/0x2d0 [ 672.895635][T16439] __kernfs_new_node+0x8b/0x630 [ 672.900511][T16439] kernfs_new_node+0x95/0x160 [ 672.905206][T16439] __kernfs_create_file+0x45/0x2d0 [ 672.910317][T16439] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 672.915692][T16439] sysfs_merge_group+0x15b/0x2c0 [ 672.920632][T16439] dpm_sysfs_add+0xbd/0x260 [ 672.925147][T16439] device_add+0xc5e/0x1960 [ 672.929560][T16439] ? device_add+0xb31/0x1960 [ 672.934157][T16439] netdev_register_kobject+0x151/0x2e0 [ 672.939615][T16439] register_netdevice+0x130a/0x1b80 [ 672.944824][T16439] br_dev_newlink+0x24/0x110 [ 672.949410][T16439] ? br_validate+0x2a0/0x2a0 [ 672.954019][T16439] rtnl_newlink+0x143e/0x1bf0 [ 672.958713][T16439] ? __lock_acquire+0x116c/0x2c30 [ 672.963780][T16439] ? __mutex_lock_common+0x582/0x2fc0 [ 672.969167][T16439] ? rtnl_setlink+0x490/0x490 [ 672.973839][T16439] rtnetlink_rcv_msg+0x889/0xd40 [ 672.978797][T16439] ? local_bh_enable+0x5/0x20 [ 672.983466][T16439] ? __local_bh_enable_ip+0x133/0x230 [ 672.988809][T16439] ? __dev_queue_xmit+0x1846/0x2940 [ 672.994005][T16439] ? check_preemption_disabled+0x40/0x240 [ 672.999695][T16439] ? debug_smp_processor_id+0x5/0x20 [ 673.004959][T16439] netlink_rcv_skb+0x190/0x3a0 [ 673.009695][T16439] ? rtnetlink_bind+0x80/0x80 [ 673.014350][T16439] netlink_unicast+0x786/0x940 [ 673.019092][T16439] netlink_sendmsg+0xa57/0xd70 [ 673.023834][T16439] ? netlink_getsockopt+0x9e0/0x9e0 [ 673.029004][T16439] ____sys_sendmsg+0x519/0x800 [ 673.033740][T16439] ? import_iovec+0x12a/0x2c0 [ 673.038392][T16439] __sys_sendmmsg+0x45b/0x680 [ 673.043091][T16439] ? ksys_write+0x1b1/0x220 [ 673.047636][T16439] ? ksys_write+0x1b1/0x220 [ 673.052117][T16439] ? check_preemption_disabled+0x40/0x240 [ 673.057827][T16439] ? check_preemption_disabled+0x40/0x240 [ 673.063546][T16439] __x64_sys_sendmmsg+0x9c/0xb0 [ 673.068390][T16439] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 673.074556][T16439] do_syscall_64+0x73/0xe0 [ 673.078948][T16439] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 673.084813][T16439] RIP: 0033:0x45cb19 [ 673.088677][T16439] Code: Bad RIP value. [ 673.092715][T16439] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 673.101182][T16439] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 673.109125][T16439] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 673.117073][T16439] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 673.125017][T16439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 673.132961][T16439] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:58:07 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:58:07 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x11, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:07 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="280000001000250800000000000000000a000000", @ANYRES32=r2, @ANYBLOB="010000000010cfaeec42d2b83e3f00000008000a000f000000caea7384fe21ecbfd9cc2692d3905ba8afd4e1b8aabcadfc9a3907c7c8a44e3bf3837811987c98e29bd79ef53c4863b3dc36eb71d0e58bccd1b61c36afad46757b7225381ebf116793c733df7b8b41620859df7e4fe50b38c1b47cb573691aaa4a3ba90941b74cf6f59aebdc51531efc1dfdfa3e08317650cc6d6e4cbfa6bf6453a1f2fd2d20efbbbb58a691be20cbc25aefa05b5f98902bbe775f6b251aedc809673752c608b86b008948cba49f0b03750ed18ec2d82860cdd93ba35d07f536f62c8fd824f8065661498dccc4"], 0x28}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r4, 0xee01) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000240)={{{@in=@multicast2, @in=@multicast1, 0x4e22, 0x3, 0x4e21, 0x136d, 0x2, 0x80, 0x80, 0x33, r2, r4}, {0x3, 0x80, 0x2, 0x0, 0x40, 0x9, 0x7, 0x4}, {0x9, 0x7, 0x5, 0x7fffffff}, 0x6, 0x6e6bb2, 0x1, 0x0, 0x1}, {{@in=@multicast1, 0x4d6, 0x3c}, 0xa, @in6=@private0, 0x3506, 0x3, 0x0, 0x2, 0x2, 0xddb8, 0x77d}}, 0xe8) r5 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r5) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r6, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r6, 0x3c) ptrace$setregs(0xd, r6, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r6, 0x0, 0x0) 03:58:07 executing program 1 (fault-call:6 fault-nth:91): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:58:07 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x2) 03:58:07 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4068aea3, &(0x7f0000000000)={0x0, r2}) [ 674.919747][T16476] FAULT_INJECTION: forcing a failure. [ 674.919747][T16476] name failslab, interval 1, probability 0, space 0, times 0 [ 674.938845][T16476] CPU: 0 PID: 16476 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 674.947637][T16476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 674.957682][T16476] Call Trace: [ 674.960976][T16476] dump_stack+0x1f0/0x31e [ 674.965294][T16476] should_fail+0x38a/0x4e0 [ 674.969695][T16476] ? __kernfs_new_node+0x8b/0x630 [ 674.974694][T16476] should_failslab+0x5/0x20 [ 674.979179][T16476] kmem_cache_alloc+0x53/0x2d0 [ 674.983953][T16476] __kernfs_new_node+0x8b/0x630 [ 674.988821][T16476] ? kernfs_add_one+0x4b7/0x600 [ 674.993667][T16476] ? kernfs_add_one+0x4b7/0x600 [ 674.998523][T16476] ? __mutex_unlock_slowpath+0x12d/0x590 [ 675.004503][T16476] kernfs_new_node+0x95/0x160 [ 675.009184][T16476] __kernfs_create_file+0x45/0x2d0 [ 675.014295][T16476] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 675.019691][T16476] sysfs_merge_group+0x15b/0x2c0 [ 675.024634][T16476] dpm_sysfs_add+0xbd/0x260 [ 675.029146][T16476] device_add+0xc5e/0x1960 [ 675.033562][T16476] ? device_add+0xb31/0x1960 [ 675.038170][T16476] netdev_register_kobject+0x151/0x2e0 [ 675.043608][T16476] register_netdevice+0x130a/0x1b80 [ 675.048852][T16476] br_dev_newlink+0x24/0x110 [ 675.053416][T16476] ? br_validate+0x2a0/0x2a0 [ 675.057981][T16476] rtnl_newlink+0x143e/0x1bf0 [ 675.062642][T16476] ? __lock_acquire+0x116c/0x2c30 [ 675.067666][T16476] ? __mutex_lock_common+0x582/0x2fc0 [ 675.073023][T16476] ? rtnl_setlink+0x490/0x490 [ 675.077681][T16476] rtnetlink_rcv_msg+0x889/0xd40 [ 675.082604][T16476] ? local_bh_enable+0x5/0x20 [ 675.087257][T16476] ? __local_bh_enable_ip+0x133/0x230 [ 675.092649][T16476] ? __dev_queue_xmit+0x1846/0x2940 [ 675.097825][T16476] ? check_preemption_disabled+0x40/0x240 [ 675.103521][T16476] ? debug_smp_processor_id+0x5/0x20 [ 675.108788][T16476] netlink_rcv_skb+0x190/0x3a0 [ 675.113532][T16476] ? rtnetlink_bind+0x80/0x80 [ 675.118189][T16476] netlink_unicast+0x786/0x940 [ 675.122942][T16476] netlink_sendmsg+0xa57/0xd70 [ 675.127688][T16476] ? netlink_getsockopt+0x9e0/0x9e0 [ 675.132883][T16476] ____sys_sendmsg+0x519/0x800 [ 675.137634][T16476] ? import_iovec+0x12a/0x2c0 [ 675.142391][T16476] __sys_sendmmsg+0x45b/0x680 [ 675.147068][T16476] ? ksys_write+0x1b1/0x220 [ 675.151544][T16476] ? ksys_write+0x1b1/0x220 [ 675.156024][T16476] ? check_preemption_disabled+0x40/0x240 [ 675.161716][T16476] ? check_preemption_disabled+0x40/0x240 [ 675.167413][T16476] __x64_sys_sendmmsg+0x9c/0xb0 [ 675.172254][T16476] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 675.178299][T16476] do_syscall_64+0x73/0xe0 [ 675.182688][T16476] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 675.188552][T16476] RIP: 0033:0x45cb19 [ 675.192421][T16476] Code: Bad RIP value. [ 675.196472][T16476] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 675.204854][T16476] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 675.212801][T16476] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 675.220745][T16476] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 675.228696][T16476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 675.236644][T16476] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:58:07 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000340)="c99164bece804abd01000000ec570f8b4095b573d32cb79d70a4eb2106450540a11b51418c77d9e3578ca3a1db5d5238e2b4585a633987c2074217c3edad6366ed9b4ae213729aba5dcb0671254d8821a09466e8235b") syslog(0x9, &(0x7f0000000240)=""/74, 0x4a) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x2000, 0x0) ioctl$KVM_GET_PIT2(r2, 0x8070ae9f, &(0x7f00000002c0)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:58:07 executing program 1 (fault-call:6 fault-nth:92): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 675.341768][T16479] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. 03:58:07 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x12, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:07 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4090ae82, &(0x7f0000000000)={0x0, r2}) [ 675.420145][T16502] FAULT_INJECTION: forcing a failure. [ 675.420145][T16502] name failslab, interval 1, probability 0, space 0, times 0 03:58:07 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r1, 0x0, 0x8000200000000001) [ 675.484248][T16502] CPU: 0 PID: 16502 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 675.492941][T16502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 675.502987][T16502] Call Trace: [ 675.506281][T16502] dump_stack+0x1f0/0x31e [ 675.510610][T16502] should_fail+0x38a/0x4e0 [ 675.515024][T16502] ? __kernfs_new_node+0x8b/0x630 [ 675.520040][T16502] should_failslab+0x5/0x20 [ 675.524548][T16502] kmem_cache_alloc+0x53/0x2d0 [ 675.529323][T16502] __kernfs_new_node+0x8b/0x630 [ 675.534191][T16502] kernfs_new_node+0x95/0x160 [ 675.538866][T16502] __kernfs_create_file+0x45/0x2d0 [ 675.543982][T16502] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 675.549358][T16502] sysfs_merge_group+0x15b/0x2c0 [ 675.554309][T16502] dpm_sysfs_add+0xbd/0x260 [ 675.558816][T16502] device_add+0xc5e/0x1960 [ 675.563231][T16502] ? device_add+0xb31/0x1960 [ 675.567841][T16502] netdev_register_kobject+0x151/0x2e0 [ 675.573298][T16502] register_netdevice+0x130a/0x1b80 [ 675.578515][T16502] br_dev_newlink+0x24/0x110 [ 675.583089][T16502] ? br_validate+0x2a0/0x2a0 [ 675.587672][T16502] rtnl_newlink+0x143e/0x1bf0 [ 675.592372][T16502] ? __lock_acquire+0x116c/0x2c30 [ 675.597450][T16502] ? __mutex_lock_common+0x582/0x2fc0 [ 675.602830][T16502] ? rtnl_setlink+0x490/0x490 [ 675.607500][T16502] rtnetlink_rcv_msg+0x889/0xd40 [ 675.612451][T16502] ? local_bh_enable+0x5/0x20 [ 675.617120][T16502] ? __local_bh_enable_ip+0x133/0x230 [ 675.622499][T16502] ? __dev_queue_xmit+0x1846/0x2940 [ 675.627732][T16502] ? check_preemption_disabled+0x40/0x240 [ 675.633444][T16502] ? debug_smp_processor_id+0x5/0x20 [ 675.638737][T16502] netlink_rcv_skb+0x190/0x3a0 [ 675.643517][T16502] ? rtnetlink_bind+0x80/0x80 [ 675.648205][T16502] netlink_unicast+0x786/0x940 [ 675.652977][T16502] netlink_sendmsg+0xa57/0xd70 [ 675.657747][T16502] ? netlink_getsockopt+0x9e0/0x9e0 [ 675.662943][T16502] ____sys_sendmsg+0x519/0x800 [ 675.667716][T16502] ? import_iovec+0x12a/0x2c0 [ 675.672403][T16502] __sys_sendmmsg+0x45b/0x680 [ 675.677201][T16502] ? ksys_write+0x1b1/0x220 [ 675.681701][T16502] ? ksys_write+0x1b1/0x220 [ 675.686199][T16502] ? check_preemption_disabled+0x40/0x240 [ 675.691926][T16502] ? check_preemption_disabled+0x40/0x240 [ 675.697645][T16502] __x64_sys_sendmmsg+0x9c/0xb0 [ 675.702495][T16502] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 675.708573][T16502] do_syscall_64+0x73/0xe0 [ 675.712988][T16502] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 675.718875][T16502] RIP: 0033:0x45cb19 [ 675.722754][T16502] Code: Bad RIP value. [ 675.726810][T16502] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 03:58:07 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x3) [ 675.735211][T16502] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 675.743174][T16502] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 675.751145][T16502] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 675.759108][T16502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 675.767074][T16502] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:58:10 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x41015500, &(0x7f0000000000)={0x0, r2}) 03:58:10 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x4) 03:58:10 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x40) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) process_vm_writev(r2, &(0x7f0000000080), 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:58:10 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x25, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:10 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x21, r0, 0x0, 0x0) 03:58:10 executing program 1 (fault-call:6 fault-nth:93): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:58:10 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000300)='batadv\x00') sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x24, r2, 0x400, 0x70bd29, 0x25dfdbfb, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x7}]}, 0x24}, 0x1, 0x0, 0x0, 0xc4}, 0x48048) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x4000) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_SYS_GET(r3, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x38, 0x1406, 0x200, 0x70bd27, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x0) ptrace$cont(0x9, r1, 0x0, 0x0) [ 678.005679][T16549] FAULT_INJECTION: forcing a failure. [ 678.005679][T16549] name failslab, interval 1, probability 0, space 0, times 0 [ 678.058989][T16549] CPU: 0 PID: 16549 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 678.067708][T16549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 678.077758][T16549] Call Trace: [ 678.081050][T16549] dump_stack+0x1f0/0x31e [ 678.085383][T16549] should_fail+0x38a/0x4e0 [ 678.089807][T16549] ? __kernfs_new_node+0x8b/0x630 [ 678.094832][T16549] should_failslab+0x5/0x20 [ 678.099374][T16549] kmem_cache_alloc+0x53/0x2d0 [ 678.104139][T16549] __kernfs_new_node+0x8b/0x630 [ 678.109001][T16549] kernfs_new_node+0x95/0x160 [ 678.113687][T16549] __kernfs_create_file+0x45/0x2d0 [ 678.118802][T16549] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 678.124181][T16549] sysfs_merge_group+0x15b/0x2c0 [ 678.129128][T16549] dpm_sysfs_add+0xbd/0x260 [ 678.133721][T16549] device_add+0xc5e/0x1960 [ 678.138136][T16549] ? device_add+0xb31/0x1960 [ 678.142739][T16549] netdev_register_kobject+0x151/0x2e0 [ 678.148198][T16549] register_netdevice+0x130a/0x1b80 [ 678.153409][T16549] br_dev_newlink+0x24/0x110 [ 678.157983][T16549] ? br_validate+0x2a0/0x2a0 [ 678.162548][T16549] rtnl_newlink+0x143e/0x1bf0 [ 678.167214][T16549] ? __lock_acquire+0x116c/0x2c30 [ 678.172237][T16549] ? __mutex_lock_common+0x582/0x2fc0 [ 678.177609][T16549] ? rtnl_setlink+0x490/0x490 [ 678.182260][T16549] rtnetlink_rcv_msg+0x889/0xd40 [ 678.187192][T16549] ? local_bh_enable+0x5/0x20 [ 678.191842][T16549] ? __local_bh_enable_ip+0x133/0x230 [ 678.197197][T16549] ? __dev_queue_xmit+0x1846/0x2940 [ 678.202389][T16549] ? check_preemption_disabled+0x40/0x240 [ 678.208089][T16549] ? debug_smp_processor_id+0x5/0x20 [ 678.213354][T16549] netlink_rcv_skb+0x190/0x3a0 [ 678.218095][T16549] ? rtnetlink_bind+0x80/0x80 [ 678.222771][T16549] netlink_unicast+0x786/0x940 [ 678.227602][T16549] netlink_sendmsg+0xa57/0xd70 [ 678.232366][T16549] ? netlink_getsockopt+0x9e0/0x9e0 [ 678.237550][T16549] ____sys_sendmsg+0x519/0x800 [ 678.242291][T16549] ? import_iovec+0x12a/0x2c0 [ 678.246965][T16549] __sys_sendmmsg+0x45b/0x680 [ 678.251667][T16549] ? ksys_write+0x1b1/0x220 [ 678.256145][T16549] ? ksys_write+0x1b1/0x220 [ 678.260621][T16549] ? check_preemption_disabled+0x40/0x240 [ 678.266312][T16549] ? check_preemption_disabled+0x40/0x240 [ 678.272024][T16549] __x64_sys_sendmmsg+0x9c/0xb0 [ 678.276857][T16549] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 678.282903][T16549] do_syscall_64+0x73/0xe0 [ 678.287290][T16549] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 678.293150][T16549] RIP: 0033:0x45cb19 [ 678.297021][T16549] Code: Bad RIP value. [ 678.301124][T16549] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 678.309623][T16549] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 678.317569][T16549] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 678.325516][T16549] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 678.333463][T16549] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 678.341430][T16549] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:58:10 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x5c, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:10 executing program 1 (fault-call:6 fault-nth:94): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:58:10 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4138ae84, &(0x7f0000000000)={0x0, r2}) 03:58:10 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x5) [ 678.529830][T16592] FAULT_INJECTION: forcing a failure. [ 678.529830][T16592] name failslab, interval 1, probability 0, space 0, times 0 [ 678.559558][T16592] CPU: 0 PID: 16592 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 678.568248][T16592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 678.578303][T16592] Call Trace: [ 678.581595][T16592] dump_stack+0x1f0/0x31e [ 678.585944][T16592] should_fail+0x38a/0x4e0 [ 678.590366][T16592] ? __kernfs_new_node+0x8b/0x630 [ 678.595416][T16592] should_failslab+0x5/0x20 [ 678.599914][T16592] kmem_cache_alloc+0x53/0x2d0 [ 678.604682][T16592] __kernfs_new_node+0x8b/0x630 [ 678.609548][T16592] ? kernfs_add_one+0x4b7/0x600 [ 678.614397][T16592] ? kernfs_add_one+0x4b7/0x600 [ 678.619240][T16592] ? __mutex_unlock_slowpath+0x12d/0x590 [ 678.624868][T16592] kernfs_new_node+0x95/0x160 [ 678.629551][T16592] __kernfs_create_file+0x45/0x2d0 [ 678.634661][T16592] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 678.640042][T16592] sysfs_merge_group+0x15b/0x2c0 [ 678.644994][T16592] dpm_sysfs_add+0xbd/0x260 [ 678.649528][T16592] device_add+0xc5e/0x1960 [ 678.653947][T16592] ? device_add+0xb31/0x1960 [ 678.658546][T16592] netdev_register_kobject+0x151/0x2e0 [ 678.664050][T16592] register_netdevice+0x130a/0x1b80 [ 678.669256][T16592] br_dev_newlink+0x24/0x110 [ 678.673820][T16592] ? br_validate+0x2a0/0x2a0 [ 678.678500][T16592] rtnl_newlink+0x143e/0x1bf0 [ 678.683171][T16592] ? __lock_acquire+0x116c/0x2c30 [ 678.688190][T16592] ? __mutex_lock_common+0x582/0x2fc0 [ 678.693566][T16592] ? rtnl_setlink+0x490/0x490 [ 678.698233][T16592] rtnetlink_rcv_msg+0x889/0xd40 [ 678.703173][T16592] ? local_bh_enable+0x5/0x20 [ 678.707952][T16592] ? __local_bh_enable_ip+0x133/0x230 [ 678.713329][T16592] ? __dev_queue_xmit+0x1846/0x2940 [ 678.718521][T16592] ? check_preemption_disabled+0x40/0x240 [ 678.724218][T16592] ? debug_smp_processor_id+0x5/0x20 [ 678.729484][T16592] netlink_rcv_skb+0x190/0x3a0 [ 678.734223][T16592] ? rtnetlink_bind+0x80/0x80 [ 678.738882][T16592] netlink_unicast+0x786/0x940 [ 678.743643][T16592] netlink_sendmsg+0xa57/0xd70 [ 678.748436][T16592] ? netlink_getsockopt+0x9e0/0x9e0 [ 678.753612][T16592] ____sys_sendmsg+0x519/0x800 [ 678.758463][T16592] ? import_iovec+0x12a/0x2c0 [ 678.763136][T16592] __sys_sendmmsg+0x45b/0x680 [ 678.767853][T16592] ? ksys_write+0x1b1/0x220 [ 678.772381][T16592] ? ksys_write+0x1b1/0x220 [ 678.776877][T16592] ? check_preemption_disabled+0x40/0x240 [ 678.782582][T16592] ? check_preemption_disabled+0x40/0x240 [ 678.788280][T16592] __x64_sys_sendmmsg+0x9c/0xb0 [ 678.793108][T16592] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 678.799156][T16592] do_syscall_64+0x73/0xe0 [ 678.803558][T16592] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 678.809447][T16592] RIP: 0033:0x45cb19 [ 678.813313][T16592] Code: Bad RIP value. [ 678.817353][T16592] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 03:58:11 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x300, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) [ 678.825749][T16592] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 678.833703][T16592] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 678.841650][T16592] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 678.849613][T16592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 678.857573][T16592] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:58:11 executing program 1 (fault-call:6 fault-nth:95): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 678.990973][T16612] FAULT_INJECTION: forcing a failure. [ 678.990973][T16612] name failslab, interval 1, probability 0, space 0, times 0 [ 679.021164][T16612] CPU: 0 PID: 16612 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 679.029958][T16612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 679.040049][T16612] Call Trace: [ 679.043353][T16612] dump_stack+0x1f0/0x31e [ 679.047699][T16612] should_fail+0x38a/0x4e0 [ 679.052120][T16612] ? __kernfs_new_node+0x8b/0x630 [ 679.057141][T16612] should_failslab+0x5/0x20 [ 679.061642][T16612] kmem_cache_alloc+0x53/0x2d0 [ 679.066405][T16612] __kernfs_new_node+0x8b/0x630 [ 679.071378][T16612] ? kernfs_add_one+0x4b7/0x600 [ 679.076220][T16612] ? kernfs_add_one+0x4b7/0x600 [ 679.081056][T16612] ? __mutex_unlock_slowpath+0x12d/0x590 [ 679.086676][T16612] kernfs_new_node+0x95/0x160 [ 679.091351][T16612] __kernfs_create_file+0x45/0x2d0 [ 679.096471][T16612] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 679.101846][T16612] sysfs_merge_group+0x15b/0x2c0 [ 679.106773][T16612] dpm_sysfs_add+0xbd/0x260 [ 679.111362][T16612] device_add+0xc5e/0x1960 [ 679.115764][T16612] ? device_add+0xb31/0x1960 [ 679.120334][T16612] netdev_register_kobject+0x151/0x2e0 [ 679.125785][T16612] register_netdevice+0x130a/0x1b80 [ 679.131003][T16612] br_dev_newlink+0x24/0x110 [ 679.135594][T16612] ? br_validate+0x2a0/0x2a0 [ 679.140193][T16612] rtnl_newlink+0x143e/0x1bf0 [ 679.144886][T16612] ? __lock_acquire+0x116c/0x2c30 [ 679.149961][T16612] ? __mutex_lock_common+0x582/0x2fc0 [ 679.155358][T16612] ? rtnl_setlink+0x490/0x490 [ 679.160032][T16612] rtnetlink_rcv_msg+0x889/0xd40 [ 679.164988][T16612] ? local_bh_enable+0x5/0x20 [ 679.169668][T16612] ? __local_bh_enable_ip+0x133/0x230 [ 679.175037][T16612] ? __dev_queue_xmit+0x1846/0x2940 [ 679.180286][T16612] ? check_preemption_disabled+0x40/0x240 [ 679.186003][T16612] ? debug_smp_processor_id+0x5/0x20 [ 679.191289][T16612] netlink_rcv_skb+0x190/0x3a0 [ 679.196039][T16612] ? rtnetlink_bind+0x80/0x80 [ 679.200695][T16612] netlink_unicast+0x786/0x940 [ 679.205466][T16612] netlink_sendmsg+0xa57/0xd70 [ 679.210317][T16612] ? netlink_getsockopt+0x9e0/0x9e0 [ 679.215565][T16612] ____sys_sendmsg+0x519/0x800 [ 679.220307][T16612] ? import_iovec+0x12a/0x2c0 [ 679.224978][T16612] __sys_sendmmsg+0x45b/0x680 [ 679.229666][T16612] ? ksys_write+0x1b1/0x220 [ 679.234156][T16612] ? ksys_write+0x1b1/0x220 [ 679.238643][T16612] ? check_preemption_disabled+0x40/0x240 [ 679.244353][T16612] ? check_preemption_disabled+0x40/0x240 [ 679.250074][T16612] __x64_sys_sendmmsg+0x9c/0xb0 [ 679.254905][T16612] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 679.260951][T16612] do_syscall_64+0x73/0xe0 [ 679.265370][T16612] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 679.271263][T16612] RIP: 0033:0x45cb19 [ 679.275135][T16612] Code: Bad RIP value. [ 679.279169][T16612] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 679.287554][T16612] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 679.295528][T16612] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 679.303480][T16612] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 679.311442][T16612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 679.319396][T16612] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:58:13 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x500, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:13 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1000000, r0, 0x0, 0x0) 03:58:13 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4400ae8f, &(0x7f0000000000)={0x0, r2}) 03:58:13 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x6) 03:58:13 executing program 1 (fault-call:6 fault-nth:96): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 681.033201][T16628] FAULT_INJECTION: forcing a failure. [ 681.033201][T16628] name failslab, interval 1, probability 0, space 0, times 0 [ 681.071285][T16628] CPU: 0 PID: 16628 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 681.080225][T16628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 681.090369][T16628] Call Trace: [ 681.093665][T16628] dump_stack+0x1f0/0x31e [ 681.098008][T16628] should_fail+0x38a/0x4e0 [ 681.102438][T16628] ? __kernfs_new_node+0x8b/0x630 [ 681.107465][T16628] should_failslab+0x5/0x20 [ 681.112049][T16628] kmem_cache_alloc+0x53/0x2d0 [ 681.116813][T16628] __kernfs_new_node+0x8b/0x630 [ 681.121658][T16628] ? kernfs_add_one+0x4b7/0x600 [ 681.126655][T16628] ? kernfs_add_one+0x4b7/0x600 [ 681.131505][T16628] ? __mutex_unlock_slowpath+0x12d/0x590 [ 681.137132][T16628] kernfs_new_node+0x95/0x160 [ 681.141801][T16628] __kernfs_create_file+0x45/0x2d0 [ 681.146902][T16628] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 681.152283][T16628] sysfs_merge_group+0x15b/0x2c0 [ 681.157218][T16628] dpm_sysfs_add+0xbd/0x260 [ 681.161710][T16628] device_add+0xc5e/0x1960 [ 681.166132][T16628] ? device_add+0xb31/0x1960 [ 681.170729][T16628] netdev_register_kobject+0x151/0x2e0 [ 681.176180][T16628] register_netdevice+0x130a/0x1b80 [ 681.181387][T16628] br_dev_newlink+0x24/0x110 [ 681.185966][T16628] ? br_validate+0x2a0/0x2a0 [ 681.190661][T16628] rtnl_newlink+0x143e/0x1bf0 [ 681.195480][T16628] ? __lock_acquire+0x116c/0x2c30 [ 681.200537][T16628] ? __mutex_lock_common+0x582/0x2fc0 [ 681.205914][T16628] ? rtnl_setlink+0x490/0x490 [ 681.210586][T16628] rtnetlink_rcv_msg+0x889/0xd40 [ 681.215540][T16628] ? local_bh_enable+0x5/0x20 [ 681.220205][T16628] ? __local_bh_enable_ip+0x133/0x230 [ 681.225662][T16628] ? __dev_queue_xmit+0x1846/0x2940 [ 681.230866][T16628] ? check_preemption_disabled+0x40/0x240 [ 681.236578][T16628] ? debug_smp_processor_id+0x5/0x20 [ 681.241861][T16628] netlink_rcv_skb+0x190/0x3a0 [ 681.246612][T16628] ? rtnetlink_bind+0x80/0x80 [ 681.251290][T16628] netlink_unicast+0x786/0x940 [ 681.256183][T16628] netlink_sendmsg+0xa57/0xd70 [ 681.260951][T16628] ? netlink_getsockopt+0x9e0/0x9e0 [ 681.266147][T16628] ____sys_sendmsg+0x519/0x800 [ 681.270920][T16628] ? import_iovec+0x12a/0x2c0 [ 681.275710][T16628] __sys_sendmmsg+0x45b/0x680 [ 681.280412][T16628] ? ksys_write+0x1b1/0x220 [ 681.285036][T16628] ? ksys_write+0x1b1/0x220 [ 681.289530][T16628] ? check_preemption_disabled+0x40/0x240 [ 681.295341][T16628] ? check_preemption_disabled+0x40/0x240 [ 681.301048][T16628] __x64_sys_sendmmsg+0x9c/0xb0 [ 681.305881][T16628] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 681.311933][T16628] do_syscall_64+0x73/0xe0 [ 681.316339][T16628] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 681.322208][T16628] RIP: 0033:0x45cb19 [ 681.326087][T16628] Code: Bad RIP value. 03:58:13 executing program 4: r0 = gettid() r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x2280, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r1, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x18, 0x140b, 0x0, 0x70bd27, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_RES_CM_IDN={0x8, 0x3f, 0x2}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0xffffffffffffffff, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r2, 0x0, 0x0) [ 681.330152][T16628] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 681.338562][T16628] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 681.346643][T16628] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 681.354616][T16628] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 681.362581][T16628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 681.370544][T16628] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:58:13 executing program 4: r0 = gettid() r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f00000001c0)=0x0) ptrace$setopts(0x4206, r3, 0x8, 0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r4, 0x0, 0x0) r5 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x0, 0x101202) ioctl$SG_GET_SG_TABLESIZE(r5, 0x227f, &(0x7f0000000040)) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r4, 0x3c) ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r4, 0x0, 0x0) 03:58:13 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x600, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:13 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x30) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:58:13 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x7) 03:58:13 executing program 1 (fault-call:6 fault-nth:97): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:58:13 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x80085502, &(0x7f0000000000)={0x0, r2}) 03:58:13 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20004004, &(0x7f0000000040)={0xa, 0x20004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0xc498ead121f97dd6) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000280)=@gcm_128={{0x304}, "d44eb8e9308ec7c6", "442065238929350ade91900b51fc9534", '\t\x00 \x00', '\x00\x00\x00\x00\x00\x00\x00\a'}, 0x28) sendto$inet6(r2, &(0x7f0000000080)="39a110", 0xffffffffffffffc1, 0x40, 0x0, 0xfffffffffffffe5b) readahead(r2, 0xffff, 0x7) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) [ 681.710762][T16675] ptrace attach of "/root/syz-executor.4"[16673] was attempted by "/root/syz-executor.4"[16675] [ 681.902971][T16692] FAULT_INJECTION: forcing a failure. [ 681.902971][T16692] name failslab, interval 1, probability 0, space 0, times 0 [ 681.936990][T16692] CPU: 0 PID: 16692 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 681.945773][T16692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 681.955958][T16692] Call Trace: [ 681.959265][T16692] dump_stack+0x1f0/0x31e [ 681.963619][T16692] should_fail+0x38a/0x4e0 [ 681.968049][T16692] ? __kernfs_new_node+0x8b/0x630 [ 681.973083][T16692] should_failslab+0x5/0x20 [ 681.977587][T16692] kmem_cache_alloc+0x53/0x2d0 [ 681.982356][T16692] __kernfs_new_node+0x8b/0x630 [ 681.987203][T16692] ? kernfs_add_one+0x4b7/0x600 [ 681.992059][T16692] ? kernfs_add_one+0x4b7/0x600 [ 681.997135][T16692] ? __mutex_unlock_slowpath+0x12d/0x590 [ 682.002751][T16692] kernfs_new_node+0x95/0x160 [ 682.007482][T16692] __kernfs_create_file+0x45/0x2d0 [ 682.012691][T16692] sysfs_add_file_mode_ns+0x2fe/0x3c0 [ 682.018220][T16692] sysfs_merge_group+0x15b/0x2c0 [ 682.023153][T16692] dpm_sysfs_add+0xbd/0x260 [ 682.027765][T16692] device_add+0xc5e/0x1960 [ 682.032168][T16692] ? device_add+0xb31/0x1960 [ 682.036749][T16692] netdev_register_kobject+0x151/0x2e0 [ 682.042197][T16692] register_netdevice+0x130a/0x1b80 [ 682.047546][T16692] br_dev_newlink+0x24/0x110 [ 682.052294][T16692] ? br_validate+0x2a0/0x2a0 [ 682.056987][T16692] rtnl_newlink+0x143e/0x1bf0 [ 682.061657][T16692] ? __lock_acquire+0x116c/0x2c30 [ 682.066700][T16692] ? __mutex_lock_common+0x582/0x2fc0 [ 682.072175][T16692] ? rtnl_setlink+0x490/0x490 [ 682.076840][T16692] rtnetlink_rcv_msg+0x889/0xd40 [ 682.081774][T16692] ? local_bh_enable+0x5/0x20 [ 682.086555][T16692] ? __local_bh_enable_ip+0x133/0x230 [ 682.091911][T16692] ? __dev_queue_xmit+0x1846/0x2940 [ 682.097097][T16692] ? check_preemption_disabled+0x40/0x240 [ 682.102823][T16692] ? debug_smp_processor_id+0x5/0x20 [ 682.108197][T16692] netlink_rcv_skb+0x190/0x3a0 [ 682.113203][T16692] ? rtnetlink_bind+0x80/0x80 [ 682.117885][T16692] netlink_unicast+0x786/0x940 [ 682.122644][T16692] netlink_sendmsg+0xa57/0xd70 [ 682.127395][T16692] ? netlink_getsockopt+0x9e0/0x9e0 [ 682.132804][T16692] ____sys_sendmsg+0x519/0x800 [ 682.137905][T16692] ? import_iovec+0x12a/0x2c0 [ 682.142646][T16692] __sys_sendmmsg+0x45b/0x680 [ 682.147327][T16692] ? ksys_write+0x1b1/0x220 [ 682.151814][T16692] ? ksys_write+0x1b1/0x220 [ 682.156304][T16692] ? check_preemption_disabled+0x40/0x240 [ 682.162016][T16692] ? check_preemption_disabled+0x40/0x240 [ 682.167742][T16692] __x64_sys_sendmmsg+0x9c/0xb0 [ 682.172580][T16692] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 682.178628][T16692] do_syscall_64+0x73/0xe0 [ 682.183041][T16692] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 682.188921][T16692] RIP: 0033:0x45cb19 [ 682.192795][T16692] Code: Bad RIP value. [ 682.196842][T16692] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 682.205231][T16692] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 682.213190][T16692] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 682.221263][T16692] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 682.229362][T16692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 682.237322][T16692] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:58:16 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x4, 0x0) 03:58:16 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x700, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:16 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000240)="6be3754d62d80a20b34e467de9fc85ec97318af20a11c0f42f740e404b82a90277948baf1a5a90693241b00fd2b496f68e9fc9db9316648d9df394d17b405cd3fae6e177245738a87f0c51b9b0928382ebaea9c156b65c602d70795c4be463882953b0a7da94710526621708332bc1a05ed4ea7d2747447e62141009c6674b6cb8ece87b9cd75f626e2634b8bd5e487bdb45ebc180f046cc65fc9dc0fb0c11e2c66666865bd1197034cbd4d200f1849578588b0a0dfaee9fef8ca39aacfc4eb827f4acaf3e7a7155621ee9215fedab1dbaf9020a818148dee6e900bd7a8e92c80b6d9832a6df13ae068d38") ptrace$cont(0x9, r1, 0x0, 0x0) 03:58:16 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x8) 03:58:16 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x80086301, &(0x7f0000000000)={0x0, r2}) 03:58:16 executing program 1 (fault-call:6 fault-nth:98): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 684.082706][T16708] FAULT_INJECTION: forcing a failure. [ 684.082706][T16708] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 684.096281][T16708] CPU: 1 PID: 16708 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 684.105086][T16708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 684.115140][T16708] Call Trace: [ 684.118438][T16708] dump_stack+0x1f0/0x31e [ 684.122760][T16708] should_fail+0x38a/0x4e0 [ 684.127170][T16708] prepare_alloc_pages+0x28c/0x4a0 [ 684.132277][T16708] __alloc_pages_nodemask+0xbc/0x5e0 [ 684.137563][T16708] kmem_getpages+0x49/0x900 [ 684.142065][T16708] cache_grow_begin+0x7b/0x2e0 [ 684.146818][T16708] cache_alloc_refill+0x359/0x3f0 [ 684.151851][T16708] ? check_preemption_disabled+0xb0/0x240 [ 684.157557][T16708] ? debug_smp_processor_id+0x5/0x20 [ 684.162955][T16708] ? kobject_uevent_env+0x269/0x11d0 [ 684.168225][T16708] kmem_cache_alloc_trace+0x2e6/0x300 [ 684.173589][T16708] ? dev_uevent_filter+0xb0/0xb0 [ 684.178625][T16708] kobject_uevent_env+0x269/0x11d0 [ 684.183728][T16708] ? __mutex_unlock_slowpath+0x12d/0x590 [ 684.189357][T16708] device_add+0x1044/0x1960 [ 684.193867][T16708] netdev_register_kobject+0x151/0x2e0 [ 684.199315][T16708] register_netdevice+0x130a/0x1b80 [ 684.204519][T16708] br_dev_newlink+0x24/0x110 [ 684.209099][T16708] ? br_validate+0x2a0/0x2a0 [ 684.213681][T16708] rtnl_newlink+0x143e/0x1bf0 [ 684.218366][T16708] ? __lock_acquire+0x116c/0x2c30 [ 684.223426][T16708] ? __mutex_lock_common+0x582/0x2fc0 [ 684.228783][T16708] ? trace_event_raw_event_lock_acquire+0x1f0/0x1f0 [ 684.235374][T16708] ? rtnl_setlink+0x490/0x490 [ 684.240124][T16708] rtnetlink_rcv_msg+0x889/0xd40 [ 684.245176][T16708] ? local_bh_enable+0x5/0x20 [ 684.249841][T16708] ? __local_bh_enable_ip+0x133/0x230 [ 684.255204][T16708] ? __dev_queue_xmit+0x1846/0x2940 [ 684.260401][T16708] ? check_preemption_disabled+0x40/0x240 [ 684.266108][T16708] ? debug_smp_processor_id+0x5/0x20 [ 684.271392][T16708] netlink_rcv_skb+0x190/0x3a0 [ 684.276142][T16708] ? rtnetlink_bind+0x80/0x80 [ 684.280898][T16708] netlink_unicast+0x786/0x940 [ 684.285745][T16708] netlink_sendmsg+0xa57/0xd70 [ 684.290511][T16708] ? netlink_getsockopt+0x9e0/0x9e0 [ 684.295699][T16708] ____sys_sendmsg+0x519/0x800 [ 684.300601][T16708] ? import_iovec+0x12a/0x2c0 [ 684.305307][T16708] __sys_sendmmsg+0x45b/0x680 [ 684.310016][T16708] ? ksys_write+0x1b1/0x220 [ 684.314508][T16708] ? ksys_write+0x1b1/0x220 [ 684.318998][T16708] ? check_preemption_disabled+0x40/0x240 [ 684.324813][T16708] ? check_preemption_disabled+0x40/0x240 [ 684.330530][T16708] __x64_sys_sendmmsg+0x9c/0xb0 [ 684.335392][T16708] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 684.341449][T16708] do_syscall_64+0x73/0xe0 [ 684.345853][T16708] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 684.351738][T16708] RIP: 0033:0x45cb19 [ 684.355626][T16708] Code: Bad RIP value. [ 684.359675][T16708] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 684.368252][T16708] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 684.376370][T16708] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 684.384329][T16708] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 684.392287][T16708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 684.400255][T16708] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:58:16 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x4) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) socket$inet6_tcp(0xa, 0x1, 0x0) ptrace$setopts(0x4200, 0x0, 0x0, 0x2a) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0xffa3}], 0x3, 0x0, 0x0, 0x0) tkill(0x0, 0x3b) time(&(0x7f00000001c0)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000280)={'veth0_to_bridge\x00', 0x9}) ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, &(0x7f0000000240)={0x10000, 0x0, &(0x7f0000ffd000/0x3000)=nil}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) 03:58:16 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x900, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:16 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x8008af00, &(0x7f0000000000)={0x0, r2}) 03:58:16 executing program 1 (fault-call:6 fault-nth:99): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:58:16 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) r2 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x40, 0x80401) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000180)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000140), r4, 0x0, 0x1, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_MCAST(r2, &(0x7f0000000240)={0x16, 0x98, 0xfa00, {&(0x7f0000000040), 0x4, r4, 0x1c, 0x0, @in6={0xa, 0x4e24, 0x8, @private1={0xfc, 0x1, [], 0x1}, 0x6}}}, 0xa0) [ 684.786255][T16770] FAULT_INJECTION: forcing a failure. [ 684.786255][T16770] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 684.799785][T16770] CPU: 1 PID: 16770 Comm: syz-executor.1 Not tainted 5.8.0-rc2-syzkaller #0 [ 684.808461][T16770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 684.818681][T16770] Call Trace: [ 684.821985][T16770] dump_stack+0x1f0/0x31e [ 684.826464][T16770] should_fail+0x38a/0x4e0 [ 684.830897][T16770] prepare_alloc_pages+0x28c/0x4a0 [ 684.836135][T16770] __alloc_pages_nodemask+0xbc/0x5e0 [ 684.841435][T16770] kmem_getpages+0x49/0x900 [ 684.845966][T16770] cache_grow_begin+0x7b/0x2e0 [ 684.850972][T16770] cache_alloc_refill+0x359/0x3f0 [ 684.856004][T16770] ? check_preemption_disabled+0xb0/0x240 [ 684.861726][T16770] ? debug_smp_processor_id+0x5/0x20 [ 684.867017][T16770] ? kobject_uevent_env+0x269/0x11d0 [ 684.872307][T16770] kmem_cache_alloc_trace+0x2e6/0x300 [ 684.877679][T16770] ? dev_uevent_filter+0xb0/0xb0 [ 684.882607][T16770] kobject_uevent_env+0x269/0x11d0 [ 684.887736][T16770] ? __mutex_unlock_slowpath+0x12d/0x590 [ 684.893516][T16770] device_add+0x1044/0x1960 [ 684.898038][T16770] netdev_register_kobject+0x151/0x2e0 [ 684.903695][T16770] register_netdevice+0x130a/0x1b80 [ 684.908915][T16770] br_dev_newlink+0x24/0x110 [ 684.913655][T16770] ? br_validate+0x2a0/0x2a0 [ 684.918266][T16770] rtnl_newlink+0x143e/0x1bf0 [ 684.922968][T16770] ? __lock_acquire+0x116c/0x2c30 [ 684.928045][T16770] ? __mutex_lock_common+0x582/0x2fc0 [ 684.933588][T16770] ? rtnl_setlink+0x490/0x490 [ 684.938398][T16770] rtnetlink_rcv_msg+0x889/0xd40 [ 684.943358][T16770] ? local_bh_enable+0x5/0x20 [ 684.948155][T16770] ? __local_bh_enable_ip+0x133/0x230 [ 684.953533][T16770] ? __dev_queue_xmit+0x1846/0x2940 [ 684.958756][T16770] ? check_preemption_disabled+0x40/0x240 [ 684.964475][T16770] ? debug_smp_processor_id+0x5/0x20 [ 684.969778][T16770] netlink_rcv_skb+0x190/0x3a0 [ 684.974550][T16770] ? rtnetlink_bind+0x80/0x80 [ 684.979243][T16770] netlink_unicast+0x786/0x940 [ 684.984038][T16770] netlink_sendmsg+0xa57/0xd70 [ 684.988837][T16770] ? netlink_getsockopt+0x9e0/0x9e0 [ 684.994295][T16770] ____sys_sendmsg+0x519/0x800 [ 684.999069][T16770] ? import_iovec+0x12a/0x2c0 [ 685.003751][T16770] __sys_sendmmsg+0x45b/0x680 [ 685.008580][T16770] ? ksys_write+0x1b1/0x220 [ 685.013114][T16770] ? ksys_write+0x1b1/0x220 [ 685.017626][T16770] ? check_preemption_disabled+0x40/0x240 [ 685.023347][T16770] ? check_preemption_disabled+0x40/0x240 [ 685.029253][T16770] __x64_sys_sendmmsg+0x9c/0xb0 [ 685.034116][T16770] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 685.040187][T16770] do_syscall_64+0x73/0xe0 [ 685.044700][T16770] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 685.050598][T16770] RIP: 0033:0x45cb19 [ 685.054485][T16770] Code: Bad RIP value. [ 685.058549][T16770] RSP: 002b:00007f3d8c789c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 685.066965][T16770] RAX: ffffffffffffffda RBX: 00000000004fd680 RCX: 000000000045cb19 [ 685.066972][T16770] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 03:58:17 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x9) [ 685.066977][T16770] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 685.066983][T16770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 685.066989][T16770] R13: 0000000000000902 R14: 00000000004cbde8 R15: 00007f3d8c78a6d4 03:58:19 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x21, 0x0) 03:58:19 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0xa00, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:19 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x8008af26, &(0x7f0000000000)={0x0, r2}) 03:58:19 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 03:58:19 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0xa) 03:58:19 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x8040ae9f, &(0x7f0000000000)={0x0, r2}) 03:58:19 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0xb00, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:19 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x4000000000000c0, 0x0) 03:58:19 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0xb) 03:58:19 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0xc00, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:19 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x40) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) process_vm_writev(r1, &(0x7f0000000000)=[{&(0x7f0000000240)=""/4096, 0x1000}], 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)}, {&(0x7f0000001240)=""/216, 0xd8}, {&(0x7f0000001340)=""/206, 0xce}], 0x3, 0x0) r2 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r2, 0x0, 0x0) r3 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x200000, 0x0) ioctl$DRM_IOCTL_AGP_ENABLE(r3, 0x40086432, &(0x7f0000001440)=0x1) 03:58:19 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0xc) 03:58:22 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x2000, 0x0) 03:58:22 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x80685600, &(0x7f0000000000)={0x0, r2}) 03:58:22 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0xd00, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:22 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x2) 03:58:22 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x40) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) wait4(r2, 0x0, 0x2, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x2) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:58:22 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0xd) 03:58:22 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) fcntl$notify(r2, 0x402, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:58:22 executing program 4: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$RTC_PIE_ON(0xffffffffffffffff, 0x7005) prctl$PR_SET_PTRACER(0x59616d61, 0x0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x40) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) ptrace$cont(0x20, r1, 0x5, 0x9) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 03:58:22 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$HIDIOCGREPORT(r3, 0x400c4807, &(0x7f0000000000)={0x3, 0x2, 0x6}) tkill(r1, 0x3c) ptrace$setregs(0xf, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:58:22 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x81007702, &(0x7f0000000000)={0x0, r2}) 03:58:22 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0xe00, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:22 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0xe) 03:58:25 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x1100, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:25 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x4000, 0x0) 03:58:25 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x8138ae83, &(0x7f0000000000)={0x0, r2}) 03:58:25 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000200)="0f34", 0x2}, {&(0x7f0000000340)="7ac5e13d22cd77b6f58197c6d6860a185d01f7bd3bc5054527a911153b8e37d53994b4c01c7ce5690c014755ee93140ade82566cf55787d268f98035b96d20de305129070ed6ee27c3ba42bd244977703948196cef8d9f836e6a7f80b679bf213a757ff68e065ee71025020ace0600d26fd79a35359cd5f6056fcda8994b154747f75ed349927b248b95cc04fde5df3b7187bf8dcaff15ff0e7e9edfeb6da9c158631055bc6d6b292b43805ec619cabe47e370105c6d790ac3cdbc4e9582244fab8b977f3e7a0fc40303227d99210857dd0dd96d4629710f21e8e95b74e2652aff233883388d46af14244b42180bccf2c68fa23b799bf61cf94c920aab0f1719bc86d893a41e1db094e0c2f77e8fc1c59dac051117e1dd38e9e3f6f627508b966bd1b4b340fb366a37886241953b8946c97bc02618e4b3a2ee45254c2af5314264013838dc11286805391e4025c5b175a69b91047527dcaee50ddb80b96c36c67160", 0x162}, {&(0x7f0000000240)="3707b751754d16c0e75ae27611afb0c79ff501577a862c5c28f727204ef4f6df5214ae54b1a10f975d08a5ac80d1d22b191944d6db313c09559c11238730cc3e6d4c3dec00627d901e0bc7bb4cd35077d5b19b4c0dde5dc7ff0a047ce188f3a2b04ca84e7ce431c32f03c9a7c06b5eeae210f7b0b650519151c4dc7d8568e3d89a3294d6839426313815fd046853658bd327e9bdaf85998a2a3a810b960ef277e9cb524038b7672e", 0xa8}], 0x3, 0x4) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:58:25 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x3) 03:58:25 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x10) 03:58:25 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x9, 0x1, 0x80, 0x400, 0x82}, 0x40) read$smackfs_ptrace(r1, &(0x7f0000000040), 0x14) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000180)={&(0x7f00000004c0), 0x0, &(0x7f0000000080), &(0x7f00000014c0), 0x1000, r2}, 0x38) r3 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r3) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000280)=ANY=[@ANYRES32=r5, @ANYBLOB="b8000000134c2141c9bfa3d0ab29b03a3ba1fdf1d69d2c1b118f09c285b4f3de14b300e135a75f05f4cc2fbad5e03bed918275423b8b75bc893049096a57ef333cdcadbc1cb154e9514f7aef1246aef0bcf51f1daf8b0e896862c82b5ee6a38025c2d31b0a33286888832abcc2a249f160f3f7a5861c8f8f851e9ae8b309b84ed56830f7a6df4e48b5cf96867a1b01976ad05287ef54abb419633ab9f8b8a0e2041bf5f1f710f18d49f8b72617b4f876b0a81c698c58f555e6dea9dd980887cfca461edea2b861f7f698529d97a596298dfc79529f47e8f8c8d6684fb6737b1e4262bcd52463a95104feeabadad6b4efc41805c37afbcf24c1458b5c547b8bab08117824391b364ae7857d1810ea0db54af9067bcb96d855517edacc02402707b88cc61ef29cfb86f8e77d719d9069de4ad6866bc8ec0cc882c25a26c39666ecba1347146ea2ba775550c1fd02bf953510e70737d573c9fdf498a44cc6b11fa8624cf39bf82676367362ea5d3dea2026465bde85e0c0491ed38a9a345752a5d1dde06089a0c6c1ef9e8162c69e5a2aba18b33a4562a8b86ba6097e6a71a72d2c97c42b5cb7b3133d4541a791503d7ab0e01b545c03b53080e5c5f2237a3f230af4042bf904611b48b7f5e91089532de5dac61596b2ecf0c937e48bcfc81d885cf468e3b6c6ea853a0a5529c6e41a6253a6093b053e6eb7c8cc900000000000000000f5bf19f676e4e1ed8ce55fb7d373cf0e33b2c79987572fa7ab84d98c831655451d90690c9470136ab9d98e8554de3ca52d0e680a129fef8087f77c19e4509a80de7a48e89be5d28da16f8f03ed6d6436e23806197893942820dc5d387c01ae8c1dc83349c4c3ee6130212167ebc4caf8f1000000"], &(0x7f0000000100)=0xc0) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f00000000c0)={0x0, 0x800, 0x4, 0x7, 0x8, 0x1000, 0xffff, 0xce3, r5}, &(0x7f00000001c0)=0x20) ptrace$setopts(0x4206, r4, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r4, 0x3c) ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r4, 0x0, 0x329) 03:58:25 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x4) 03:58:25 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x1200, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:25 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x8400ae8e, &(0x7f0000000000)={0x0, r2}) 03:58:25 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x11) 03:58:25 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x2500, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:25 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0xc0045878, &(0x7f0000000000)={0x0, r2}) 03:58:28 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x60ff, 0x0) 03:58:28 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x5) 03:58:28 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x12) 03:58:28 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0xc0045878, &(0x7f0000000000)={0x0, r2}) 03:58:28 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x3f00, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:28 executing program 4: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast2, 0x30}) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x40) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) ptrace$setregs(0xf, r2, 0x0, &(0x7f0000000240)="7a0500e95784e9f5243b9b4a3131b9b27847bd615b2c9b89a32633211aaf41bb758e67fddde8d3ff1fa6edff249dad4163e011eab6bd1df438e032ffceb1f330d97394ea238bf5e0616f4961d3faaf914f2d98f662f855aac679121a41f4125d996efd2594af437451435c5346142b850e6e1441cd83d86e5fdbf36c22b71b1d7427594dfacd") ptrace$cont(0x9, r1, 0x1, 0x0) 03:58:28 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x6) 03:58:28 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x5c00, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:28 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0xc008ae05, &(0x7f0000000000)={0x0, r2}) 03:58:28 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0xfeffff, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:28 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x25) 03:58:29 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x28) 03:58:31 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x7900, 0x0) 03:58:31 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x7) 03:58:31 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0xc008ae67, &(0x7f0000000000)={0x0, r2}) 03:58:31 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x1000000, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:31 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x2d) 03:58:31 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x8) 03:58:31 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x5f) 03:58:31 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x2000000, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:31 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0xc0189436, &(0x7f0000000000)={0x0, r2}) 03:58:31 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0xc0) 03:58:31 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x3000000, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:32 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x4000000, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:34 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x7f00, 0x0) 03:58:34 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0xc0205649, &(0x7f0000000000)={0x0, r2}) 03:58:34 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x9) 03:58:34 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x5000000, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:34 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x180) 03:58:34 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0xa) 03:58:34 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0xc020660b, &(0x7f0000000000)={0x0, r2}) 03:58:34 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x6000000, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:35 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x300) 03:58:35 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x7000000, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:35 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0xc08c5332, &(0x7f0000000000)={0x0, r2}) 03:58:35 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0xb) 03:58:37 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0xb900, 0x0) 03:58:37 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x8000000, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:37 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0xc) 03:58:37 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) 03:58:37 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x500) 03:58:37 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0x9000000, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:37 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x2, r2}) 03:58:38 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x600) 03:58:38 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0xa000000, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:38 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x3, r2}) 03:58:38 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0xd) 03:58:38 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0xe) 03:58:40 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x200000, 0x0) 03:58:40 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x700) 03:58:40 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0xb000000, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:40 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x4, r2}) 03:58:40 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0xf) 03:58:40 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x10) 03:58:40 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0xc000000, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:40 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x5, r2}) 03:58:41 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x900) 03:58:41 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0xd000000, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:41 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x11) 03:58:41 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x6, r2}) 03:58:43 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000010000507000000000000001400000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100627269646765000004000280080025"], 0x3c}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x12) 03:58:43 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364", 0x64}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x2005a0, 0x0) 03:58:43 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="0204a30002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0xfffffffd}, 0x10}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0xa00) 03:58:43 executing program 2: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xc, 0xe000000, &(0x7f00000002c0)=[@dead_binder_done], 0x0, 0x73b000, 0x0}) 03:58:43 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x7, r2}) 03:58:43 executing program 4: r0 = gettid() ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000280)={0x0, 0x80000}) ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f00000002c0)={0x0, r1, 0x40}) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000300)="73ca265d8b35f29ba4eb7a6a6adc81c1d45e77b9f37344ee8368fd317c8f387973a8f4448c36b0164f3f7a72582d0fdcc4920e938873cf2102845977e3fc9f3d6cf98186f07a8d70fbc357145b4721698d17d06222998181d91c43eb6003716ad1f11e9e388d281a618a46f79ddef8afa1149bd423f175e81babefd378d1e2f64a11319ef3c17c6126c8ecbbe8cef2235c4ecc", 0x93}], 0x1, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$SNDRV_PCM_IOCTL_DROP(r3, 0x4143, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x30}) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x3c) r4 = openat2(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x490a82, 0x44, 0x1c}, 0x18) io_uring_register$IORING_UNREGISTER_FILES(r4, 0x3, 0x0, 0x0) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r2, 0x1, 0x0) [ 711.583539][ C1] traps: PANIC: double fault, error_code: 0x0 [ 711.583542][ C1] double fault: 0000 [#1] PREEMPT SMP KASAN [ 711.583546][ C1] CPU: 1 PID: 17684 Comm: syz-executor.4 Not tainted 5.8.0-rc2-syzkaller #0 [ 711.583550][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 711.583552][ C1] RIP: 0010:check_preemption_disabled+0xa/0x240 [ 711.583559][ C1] Code: e8 1b 91 57 f9 48 c7 c7 be a1 e9 88 48 c7 c6 4f 27 04 89 eb 0b 90 66 2e 0f 1f 84 00 00 00 00 00 55 41 57 41 56 41 55 41 54 53 <50> 49 89 f6 49 89 ff e8 ea 90 57 f9 65 8b 1d 2b d0 e4 77 65 8b 2d [ 711.583562][ C1] RSP: 0018:fffffe0000037000 EFLAGS: 00010083 [ 711.583567][ C1] RAX: ffffffff881cc549 RBX: 0000000000000000 RCX: 0000000000040000 [ 711.583570][ C1] RDX: ffffc90016061000 RSI: ffffffff8904a21f RDI: ffffffff88f45377 [ 711.583573][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 711.583576][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 711.583579][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: fffffe0000037120 [ 711.583583][ C1] FS: 00007fe984b18700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 711.583585][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 711.583588][ C1] CR2: fffffe0000036ff8 CR3: 000000009aa23000 CR4: 00000000001426e0 [ 711.583592][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 711.583595][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 711.583597][ C1] Call Trace: [ 711.583599][ C1] [ 711.583601][ C1] fixup_bad_iret+0x3a/0xf0 [ 711.583603][ C1] error_entry+0xb8/0xc0 [ 711.583605][ C1] RIP: 0010:native_irq_return_iret+0x0/0x2 [ 711.583613][ C1] Code: 5a 41 59 41 58 58 59 5a 5e 5f 48 83 c4 08 e9 10 00 00 00 90 0f 1f 44 00 00 66 2e 0f 1f 84 00 00 00 00 00 f6 44 24 20 04 75 02 <48> cf 57 0f 01 f8 0f 1f 00 65 48 8b 3c 25 08 90 01 00 48 89 07 48 [ 711.583615][ C1] RSP: 0018:fffffe00000371d8 EFLAGS: 00010046 ORIG_RAX: 0000000000000090 [ 711.583621][ C1] RAX: 0000000000000030 RBX: 0000000000000047 RCX: 0000000000000000 [ 711.583624][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 711.583627][ C1] RBP: 0000000020000140 R08: 0200000000000000 R09: 0000000000000120 [ 711.583631][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 711.583634][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 711.583636][ C1] ? asm_exc_general_protection+0x8/0x30 [ 711.583638][ C1] RIP: 0093:0x20000300 [ 711.583640][ C1] Code: Bad RIP value. [ 711.583643][ C1] RSP: 002b:0000000000000000 EFLAGS: 00000202 [ 711.583645][ C1] Modules linked in: [ 711.840214][ C1] ---[ end trace 43c630e3df1a8acf ]--- [ 711.840218][ C1] RIP: 0010:check_preemption_disabled+0xa/0x240 [ 711.840223][ C1] Code: e8 1b 91 57 f9 48 c7 c7 be a1 e9 88 48 c7 c6 4f 27 04 89 eb 0b 90 66 2e 0f 1f 84 00 00 00 00 00 55 41 57 41 56 41 55 41 54 53 <50> 49 89 f6 49 89 ff e8 ea 90 57 f9 65 8b 1d 2b d0 e4 77 65 8b 2d [ 711.840226][ C1] RSP: 0018:fffffe0000037000 EFLAGS: 00010083 [ 711.840230][ C1] RAX: ffffffff881cc549 RBX: 0000000000000000 RCX: 0000000000040000 [ 711.840232][ C1] RDX: ffffc90016061000 RSI: ffffffff8904a21f RDI: ffffffff88f45377 [ 711.840235][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 711.840237][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 711.840239][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: fffffe0000037120 [ 711.840242][ C1] FS: 00007fe984b18700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 711.840244][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 711.840247][ C1] CR2: fffffe0000036ff8 CR3: 000000009aa23000 CR4: 00000000001426e0 [ 711.840249][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 711.840252][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 711.840254][ C1] Kernel panic - not syncing: Fatal exception in interrupt [ 711.841485][ C1] Kernel Offset: disabled