3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:11 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:11 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:11 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), 0x0, {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:11 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, &(0x7f0000000340)) pipe(&(0x7f0000005440)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:11 executing program 5: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:11 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:11 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:11 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:11 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:12 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:12 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300), &(0x7f0000000340)) pipe(&(0x7f0000005440)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:12 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:12 executing program 5: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:12 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:12 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:12 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:12 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300), &(0x7f0000000340)) pipe(&(0x7f0000005440)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:12 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:12 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, 0x0, 0x0, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:12 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), 0x0, &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:12 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:12 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:12 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300), &(0x7f0000000340)) pipe(&(0x7f0000005440)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:12 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), 0x0, &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:12 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, 0x0, 0x0, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:12 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(&(0x7f0000005440)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:12 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:12 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, 0x0, 0x0, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:12 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:12 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), 0x0, &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:12 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:12 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, 0x0, 0x0, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:12 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, 0x0, 0x0, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:12 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:12 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), 0x0, {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:12 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:12 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:12 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, 0x0, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:12 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, 0x0, 0x0, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:12 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:12 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), 0x0, {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:12 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(0x0, 0x0) 08:07:12 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, 0x0, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:12 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, 0x0, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:12 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(0x0, 0x0) 08:07:12 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:13 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(0x0, 0x0) 08:07:13 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:13 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x0, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:13 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x0, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:13 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x0, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:13 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:13 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), 0x0, {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:13 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, 0x0, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:13 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, 0x0, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:13 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, 0x0, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:13 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:13 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x0, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:13 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:13 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, 0x0, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:13 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, 0x0, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:13 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:13 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, 0x0, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:13 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:13 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:13 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:13 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:13 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:13 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:13 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:13 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, 0x0, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:13 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:13 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:13 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, 0x0, 0x0, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:13 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:13 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:13 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:13 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:14 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, 0x0, 0x0, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:14 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, 0x0, 0x0, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:14 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:14 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, 0x0, 0x0, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:14 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:14 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:14 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:14 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:14 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:14 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, 0x0, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:14 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:14 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:14 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:14 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:14 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, 0x0, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:14 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:14 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:14 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:14 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:14 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, 0x0, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:14 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:14 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:14 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:14 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:14 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:14 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:14 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:14 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:14 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:14 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:15 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:15 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:15 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:15 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:15 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:15 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:15 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:15 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:15 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:15 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:15 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:15 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:15 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:15 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:15 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:15 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:15 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:15 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:15 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:15 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:15 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:15 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:15 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:15 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:15 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:15 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:15 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:15 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:15 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:15 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:15 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:15 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:16 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:16 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:16 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:16 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:16 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:16 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:16 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:16 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:16 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:16 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:16 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:16 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:16 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:16 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:16 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:16 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, 0x0, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:16 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:16 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:16 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:16 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:16 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:16 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:16 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:16 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:16 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, 0x0, 0x0, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:16 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:16 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:16 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:16 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:16 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:16 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:16 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:16 executing program 5: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:16 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:16 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:16 executing program 5: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:16 executing program 0: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:17 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:17 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:17 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:17 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:17 executing program 5: syz_clone3(0x0, 0x0) 08:07:17 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:17 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:17 executing program 5: syz_clone3(0x0, 0x0) 08:07:17 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:17 executing program 5: syz_clone3(0x0, 0x0) 08:07:17 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:17 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:17 executing program 5: syz_clone3(&(0x7f00000029c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:17 executing program 5: syz_clone3(&(0x7f00000029c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:17 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:17 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), 0x0, {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:17 executing program 5: syz_clone3(&(0x7f00000029c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:17 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:17 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:17 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(0x0, 0x0) 08:07:17 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, 0x0, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:17 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, 0x0, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:17 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:17 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:17 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:17 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:17 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, 0x0, 0x0, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:17 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, 0x0) pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:17 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:17 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), 0x0, &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:17 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300), &(0x7f0000000340)) pipe(&(0x7f0000005440)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:17 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:17 executing program 4: syz_clone3(0x0, 0x0) 08:07:17 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), 0x0, &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:17 executing program 4: syz_clone3(0x0, 0x0) 08:07:17 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300), &(0x7f0000000340)) pipe(&(0x7f0000005440)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:17 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:17 executing program 4: syz_clone3(0x0, 0x0) 08:07:17 executing program 1: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:17 executing program 4: syz_clone3(&(0x7f00000029c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:17 executing program 4: syz_clone3(&(0x7f00000029c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:18 executing program 4: syz_clone3(&(0x7f00000029c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:18 executing program 2: syz_clone3(&(0x7f00000029c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:18 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300), &(0x7f0000000340)) pipe(&(0x7f0000005440)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:18 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:18 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, &(0x7f0000000340)) pipe(&(0x7f0000005440)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:18 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:18 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), 0x0, {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:18 executing program 1: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:18 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0], 0x2}, 0x58) 08:07:18 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:18 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), 0x0, {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:18 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x0, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:18 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), 0x0, {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:18 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:18 executing program 1: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:18 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:18 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, &(0x7f0000002780), 0x0, {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:18 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:18 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), 0x0, &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:18 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:18 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:18 executing program 1: syz_clone3(0x0, 0x0) 08:07:18 executing program 1: syz_clone3(0x0, 0x0) 08:07:18 executing program 1: syz_clone3(0x0, 0x0) 08:07:18 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, 0x0, &(0x7f0000000340)) pipe(&(0x7f0000005440)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:18 executing program 1: syz_clone3(&(0x7f00000029c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:18 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:18 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:18 executing program 5: syz_clone3(&(0x7f00000029c0)={0x0, &(0x7f0000002740), &(0x7f0000002780), 0x0, {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:18 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, 0x0, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:18 executing program 1: syz_clone3(&(0x7f00000029c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:18 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, 0x0, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:18 executing program 1: syz_clone3(&(0x7f00000029c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:18 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:18 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:18 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), 0x0, {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:18 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:18 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:18 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:19 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, 0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) pipe(&(0x7f0000005440)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:19 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), 0x0, {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:19 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:19 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x0, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:19 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, 0x0, 0x0, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:19 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, 0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) pipe(&(0x7f0000005440)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:19 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:19 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:19 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) pipe(&(0x7f0000005440)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:19 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:19 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:19 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) timer_delete(0x0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:19 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) pipe(&(0x7f0000005440)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:19 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) pipe(&(0x7f0000005440)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:19 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, 0x0, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) pipe(&(0x7f0000005440)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:19 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:19 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), 0x0, {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:19 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, 0x0) timer_delete(0x0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:19 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, 0x0, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) pipe(&(0x7f0000005440)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:19 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) timer_delete(0x0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:19 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) timer_delete(0x0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:19 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), 0x0, &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:19 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, 0x0}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) pipe(&(0x7f0000005440)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:19 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:19 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) timer_delete(0x0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:19 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) timer_delete(0x0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:19 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) timer_delete(0x0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:19 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:19 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:19 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:19 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x0, 0x101, 0x0}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) pipe(&(0x7f0000005440)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:20 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, 0x0) timer_delete(0x0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:20 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:20 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:20 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, 0x0) timer_delete(0x0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:20 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:20 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x0, 0x101, 0x0}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) pipe(&(0x7f0000005440)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:20 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:20 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:20 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) pipe(&(0x7f0000005440)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:20 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, 0x0, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:20 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, 0x0) timer_delete(0x0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:20 executing program 1: timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) pipe(&(0x7f0000005440)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:20 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x0, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:20 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, 0x0, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:20 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, 0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:20 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x0, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:20 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x0, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:20 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x0, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:20 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:20 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, 0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:20 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, 0x0}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) pipe(&(0x7f0000005440)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:20 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x0, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:20 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:20 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:20 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, 0x0, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:20 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, 0x0, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:20 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, 0x0, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:20 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, 0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:20 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, 0x0, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:20 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, 0x0, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:21 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:21 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, 0x0, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:21 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, 0x0}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:21 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, 0x0, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:21 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:21 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, 0x0, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:21 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0}) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), 0x0, 0x0, {}, 0x0, 0x0, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:21 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, 0x0}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:21 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0}) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), 0x0, 0x0, {}, 0x0, 0x0, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:21 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:21 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:21 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0}) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), 0x0, 0x0, {}, 0x0, 0x0, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:21 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, 0x0, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:21 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, 0x0, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:21 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, 0x0, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:21 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, 0x0}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:21 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x0, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:21 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, 0x0, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:21 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0}) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), 0x0, 0x0, {}, 0x0, 0x0, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:21 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, 0x0, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:21 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0}) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:22 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:22 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:22 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0}) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:22 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:22 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0}) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), 0x0, 0x0, {}, 0x0, 0x0, &(0x7f0000002880)=""/181, 0x0}, 0x58) 08:07:22 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, 0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:22 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:22 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0}) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:22 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:22 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:22 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0}) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:22 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:22 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, 0x0}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:22 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:22 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:22 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:22 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, 0x0}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:22 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, 0x0}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:23 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0}) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), 0x0, 0x0, {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:23 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:23 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, 0x0, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:23 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, 0x0}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:23 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, 0x0}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:23 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:23 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x0, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:23 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:23 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:23 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, 0x0}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:23 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x0, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:23 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0}) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:23 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:23 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:23 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:23 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:23 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0}) syz_clone3(&(0x7f00000029c0)={0x0, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:23 executing program 1: timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:23 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x0, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:23 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:24 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, 0x0}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:24 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:24 executing program 5: timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:24 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x0, 0x0, &(0x7f00000001c0)=0x9}) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:24 executing program 4: timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:24 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:24 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x0, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:24 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x0, 0x101, &(0x7f00000001c0)=0x9}) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:24 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:24 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x0, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:24 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:24 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_delete(0x0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:24 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:24 executing program 5: syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:24 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_delete(0x0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:24 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:24 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:24 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_delete(0x0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:24 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:24 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:24 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_delete(0x0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:24 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_delete(0x0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:24 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_delete(0x0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:24 executing program 0: timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:25 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:25 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:25 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_delete(0x0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:25 executing program 0: timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:25 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:25 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:25 executing program 3: timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:25 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:25 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:25 executing program 3: timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:25 executing program 0: timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:25 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) read$FUSE(0xffffffffffffffff, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:25 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:25 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:25 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:25 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:25 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:25 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:25 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:25 executing program 1: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:25 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:25 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005540)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:25 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:25 executing program 5: timer_create(0x7, &(0x7f00000000c0)={0x0, 0x0, 0x1}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, &(0x7f0000000180)) 08:07:25 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) ioctl$KVM_HAS_DEVICE_ATTR(r2, 0x4018aee3, &(0x7f00000002c0)={0x0, 0x7, 0x0, &(0x7f0000000280)=0x3ff}) r3 = syz_clone3(&(0x7f0000002440)={0x0, &(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)=0x0, {0x21}, &(0x7f0000002240)=""/216, 0xd8, &(0x7f0000002340)=""/129, &(0x7f0000002400)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2, {r1}}, 0x58) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[r4, r3, 0x0], 0x3}, 0x58) 08:07:25 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_settime(r0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, &(0x7f0000000180)) timer_gettime(r0, &(0x7f0000000240)) 08:07:25 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_settime(r0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, &(0x7f0000000180)) timer_gettime(r0, &(0x7f0000000240)) 08:07:25 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) ioctl$KVM_HAS_DEVICE_ATTR(r2, 0x4018aee3, &(0x7f00000002c0)={0x0, 0x7, 0x0, &(0x7f0000000280)=0x3ff}) r3 = syz_clone3(&(0x7f0000002440)={0x0, &(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)=0x0, {0x21}, &(0x7f0000002240)=""/216, 0xd8, &(0x7f0000002340)=""/129, &(0x7f0000002400)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2, {r1}}, 0x58) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[r4, r3, 0x0], 0x3}, 0x58) timer_create(0x7, &(0x7f00000000c0)={0x0, 0x3, 0x1, @tid=r3}, &(0x7f0000000100)=0x0) timer_settime(r5, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, &(0x7f0000000180)) pipe(&(0x7f0000000400)) 08:07:25 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) ioctl$KVM_HAS_DEVICE_ATTR(r2, 0x4018aee3, &(0x7f00000002c0)={0x0, 0x7, 0x0, &(0x7f0000000280)=0x3ff}) r3 = syz_clone3(&(0x7f0000002440)={0x0, &(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)=0x0, {0x21}, &(0x7f0000002240)=""/216, 0xd8, &(0x7f0000002340)=""/129, &(0x7f0000002400)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2, {r1}}, 0x58) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[r4, r3, 0x0], 0x3}, 0x58) timer_create(0x7, &(0x7f00000000c0)={0x0, 0x3, 0x1, @tid=r3}, &(0x7f0000000100)=0x0) timer_settime(r5, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, &(0x7f0000000180)) pipe(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) write$FUSE_ATTR(r6, &(0x7f0000000440)={0x78, 0x0, 0x0, {0x5, 0x101, 0x0, {0x1, 0x2, 0x3f, 0x5, 0x3, 0x8, 0x7, 0x3f, 0x6, 0x1000, 0x7, 0xffffffffffffffff, 0xffffffffffffffff, 0x5, 0x8}}}, 0x78) 08:07:25 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_settime(r0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, &(0x7f0000000180)) timer_gettime(r0, &(0x7f0000000240)) 08:07:25 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_gettime(r0, &(0x7f0000000240)) 08:07:25 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_gettime(r0, &(0x7f0000000240)) 08:07:25 executing program 2: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) ioctl$KVM_HAS_DEVICE_ATTR(r2, 0x4018aee3, &(0x7f00000002c0)={0x0, 0x7, 0x0, &(0x7f0000000280)=0x3ff}) r3 = syz_clone3(&(0x7f0000002440)={0x0, &(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)=0x0, {0x21}, &(0x7f0000002240)=""/216, 0xd8, &(0x7f0000002340)=""/129, &(0x7f0000002400)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2, {r1}}, 0x58) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[r4, r3, 0x0], 0x3}, 0x58) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, &(0x7f0000000180)) 08:07:26 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_gettime(r0, &(0x7f0000000240)) 08:07:26 executing program 4: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) ioctl$KVM_HAS_DEVICE_ATTR(r2, 0x4018aee3, &(0x7f00000002c0)={0x0, 0x7, 0x0, &(0x7f0000000280)=0x3ff}) r3 = syz_clone3(&(0x7f0000002440)={0x0, &(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)=0x0, {0x21}, &(0x7f0000002240)=""/216, 0xd8, &(0x7f0000002340)=""/129, &(0x7f0000002400)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2, {r1}}, 0x58) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[r4, r3, 0x0], 0x3}, 0x58) timer_create(0x7, &(0x7f00000000c0)={0x0, 0x3, 0x1, @tid=r3}, &(0x7f0000000100)=0x0) timer_settime(r5, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, &(0x7f0000000180)) pipe(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) write$FUSE_ATTR(r6, &(0x7f0000000440)={0x78, 0x0, 0x0, {0x5, 0x101, 0x0, {0x1, 0x2, 0x3f, 0x5, 0x3, 0x8, 0x7, 0x3f, 0x6, 0x1000, 0x7, 0xffffffffffffffff, 0xffffffffffffffff, 0x5, 0x8}}}, 0x78) 08:07:26 executing program 3: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x80000000, 0x101, &(0x7f00000001c0)=0x9}) timer_create(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) ioctl$KVM_HAS_DEVICE_ATTR(r2, 0x4018aee3, &(0x7f00000002c0)={0x0, 0x7, 0x0, &(0x7f0000000280)=0x3ff}) r3 = syz_clone3(&(0x7f0000002440)={0x0, &(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)=0x0, {0x21}, &(0x7f0000002240)=""/216, 0xd8, &(0x7f0000002340)=""/129, &(0x7f0000002400)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2, {r1}}, 0x58) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[r4, r3, 0x0], 0x3}, 0x58) timer_create(0x7, &(0x7f00000000c0)={0x0, 0x3, 0x1, @tid=r3}, &(0x7f0000000100)=0x0) timer_settime(r5, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, &(0x7f0000000180)) pipe(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) write$FUSE_ATTR(r6, &(0x7f0000000440)={0x78, 0x0, 0x0, {0x5, 0x101, 0x0, {0x1, 0x2, 0x3f, 0x5, 0x3, 0x8, 0x7, 0x3f, 0x6, 0x1000, 0x7, 0xffffffffffffffff, 0xffffffffffffffff, 0x5, 0x8}}}, 0x78) 08:07:26 executing program 1: timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, &(0x7f0000000180)) timer_gettime(0x0, &(0x7f0000000240)) 08:07:26 executing program 1: timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, &(0x7f0000000180)) timer_gettime(0x0, &(0x7f0000000240)) 08:07:26 executing program 5: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) r2 = fsmount(r1, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r2, 0x80045519, &(0x7f0000000180)=0x100) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(r3, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) read$usbfs(r3, &(0x7f0000000100)=""/81, 0x51) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r5, 0x0, 0x0) fsconfig$FSCONFIG_SET_FLAG(r5, 0x0, &(0x7f0000000000)='nomand\x00', 0x0, 0x0) ioctl$USBDEVFS_ALLOC_STREAMS(r4, 0x8008551c, &(0x7f0000000240)={0xd96d}) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x20, 0x1}, &(0x7f0000000040)) timer_gettime(0x0, &(0x7f0000000080)) 08:07:26 executing program 1: timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, &(0x7f0000000180)) timer_gettime(0x0, &(0x7f0000000240)) 08:07:26 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r0, &(0x7f0000000100)={0x1f, @none}, 0x8) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) 08:07:26 executing program 1: timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_settime(r0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, &(0x7f0000000180)) timer_gettime(r0, &(0x7f0000000240)) 08:07:26 executing program 1: timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_settime(r0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, &(0x7f0000000180)) timer_gettime(r0, &(0x7f0000000240)) 08:07:26 executing program 1: timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_settime(r0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, &(0x7f0000000180)) timer_gettime(r0, &(0x7f0000000240)) 08:07:26 executing program 2: timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_settime(r0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, &(0x7f0000000180)) timer_gettime(r0, &(0x7f0000000240)) 08:07:26 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r0, &(0x7f0000000100)={0x1f, @none}, 0x8) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) 08:07:26 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 1) 08:07:26 executing program 1: timer_create(0x7, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, &(0x7f0000000180)) timer_gettime(0x0, &(0x7f0000000240)) 08:07:26 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r0, &(0x7f0000000100)={0x1f, @none}, 0x8) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) 08:07:26 executing program 2: timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_settime(r0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, &(0x7f0000000180)) timer_gettime(r0, &(0x7f0000000240)) [ 993.743031][ T2151] FAULT_INJECTION: forcing a failure. [ 993.743031][ T2151] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 993.773103][ T2151] CPU: 1 PID: 2151 Comm: syz-executor.4 Not tainted 5.15.74-syzkaller #0 [ 993.781364][ T2151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 993.791260][ T2151] Call Trace: [ 993.794390][ T2151] [ 993.797159][ T2151] dump_stack_lvl+0x151/0x1b7 [ 993.801675][ T2151] ? bfq_pos_tree_add_move+0x43e/0x43e [ 993.806970][ T2151] dump_stack+0x15/0x17 [ 993.810961][ T2151] should_fail+0x3c0/0x510 [ 993.815212][ T2151] should_fail_usercopy+0x1a/0x20 [ 993.820074][ T2151] _copy_from_user+0x20/0xd0 [ 993.824500][ T2151] copy_clone_args_from_user+0x1c7/0x790 [ 993.829978][ T2151] ? preempt_count_add+0x90/0x1a0 [ 993.834839][ T2151] ? dup_mmap+0xea0/0xea0 [ 993.839000][ T2151] ? file_end_write+0x1b0/0x1b0 [ 993.843690][ T2151] __x64_sys_clone3+0x122/0x3a0 [ 993.848370][ T2151] ? __mutex_lock_slowpath+0x10/0x10 [ 993.853494][ T2151] ? __ia32_sys_clone+0x300/0x300 [ 993.858351][ T2151] ? ksys_write+0x25f/0x2c0 [ 993.862688][ T2151] ? debug_smp_processor_id+0x17/0x20 [ 993.867897][ T2151] do_syscall_64+0x44/0xd0 [ 993.872150][ T2151] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 993.877878][ T2151] RIP: 0033:0x7fbe40b8f639 [ 993.882131][ T2151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 993.901573][ T2151] RSP: 002b:00007fbe3f903038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 993.909817][ T2151] RAX: ffffffffffffffda RBX: 00007fbe40caff80 RCX: 00007fbe40b8f639 [ 993.917629][ T2151] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007fbe3f903050 [ 993.925445][ T2151] RBP: 00007fbe3f9031d0 R08: 0000000000000000 R09: 0000000000000058 [ 993.933251][ T2151] R10: 00007fbe3f903050 R11: 0000000000000246 R12: 0000000000000058 08:07:26 executing program 5: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) r2 = fsmount(r1, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r2, 0x80045519, &(0x7f0000000180)=0x100) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(r3, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) read$usbfs(r3, &(0x7f0000000100)=""/81, 0x51) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r5, 0x0, 0x0) fsconfig$FSCONFIG_SET_FLAG(r5, 0x0, &(0x7f0000000000)='nomand\x00', 0x0, 0x0) ioctl$USBDEVFS_ALLOC_STREAMS(r4, 0x8008551c, &(0x7f0000000240)={0xd96d}) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x20, 0x1}, &(0x7f0000000040)) timer_gettime(0x0, &(0x7f0000000080)) 08:07:26 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 1) 08:07:26 executing program 1: timer_create(0x7, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, &(0x7f0000000180)) timer_gettime(0x0, &(0x7f0000000240)) 08:07:26 executing program 2: timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_settime(r0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, &(0x7f0000000180)) timer_gettime(r0, &(0x7f0000000240)) 08:07:26 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) 08:07:26 executing program 1: timer_create(0x7, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, &(0x7f0000000180)) timer_gettime(0x0, &(0x7f0000000240)) 08:07:26 executing program 0: connect$bt_sco(0xffffffffffffffff, &(0x7f00000000c0), 0x2) 08:07:26 executing program 2: timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_gettime(r0, &(0x7f0000000240)) 08:07:26 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 2) 08:07:26 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, &(0x7f0000000180)) timer_gettime(r0, &(0x7f0000000240)) 08:07:26 executing program 0: connect$bt_sco(0xffffffffffffffff, &(0x7f00000000c0), 0x2) [ 993.941072][ T2151] R13: 00007ffea63337ff R14: 00007fbe3f903300 R15: 0000000000022000 [ 993.948880][ T2151] [ 993.961171][ T2158] FAULT_INJECTION: forcing a failure. [ 993.961171][ T2158] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 994.006676][ T2158] CPU: 0 PID: 2158 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 994.014938][ T2158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 994.024831][ T2158] Call Trace: [ 994.025014][ T2175] FAULT_INJECTION: forcing a failure. [ 994.025014][ T2175] name failslab, interval 1, probability 0, space 0, times 0 [ 994.027950][ T2158] [ 994.027961][ T2158] dump_stack_lvl+0x151/0x1b7 [ 994.047659][ T2158] ? bfq_pos_tree_add_move+0x43e/0x43e [ 994.052953][ T2158] dump_stack+0x15/0x17 [ 994.056942][ T2158] should_fail+0x3c0/0x510 [ 994.061203][ T2158] should_fail_usercopy+0x1a/0x20 [ 994.066058][ T2158] _copy_from_user+0x20/0xd0 [ 994.070482][ T2158] copy_clone_args_from_user+0x1c7/0x790 [ 994.075962][ T2158] ? preempt_count_add+0x90/0x1a0 [ 994.080812][ T2158] ? dup_mmap+0xea0/0xea0 [ 994.084980][ T2158] ? file_end_write+0x1b0/0x1b0 [ 994.089667][ T2158] __x64_sys_clone3+0x122/0x3a0 [ 994.094359][ T2158] ? __mutex_lock_slowpath+0x10/0x10 [ 994.099475][ T2158] ? __ia32_sys_clone+0x300/0x300 [ 994.104334][ T2158] ? ksys_write+0x25f/0x2c0 [ 994.108674][ T2158] ? debug_smp_processor_id+0x17/0x20 [ 994.113880][ T2158] do_syscall_64+0x44/0xd0 [ 994.118134][ T2158] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 994.123865][ T2158] RIP: 0033:0x7f495fdbc639 [ 994.128117][ T2158] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 994.147556][ T2158] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 08:07:26 executing program 0: connect$bt_sco(0xffffffffffffffff, &(0x7f00000000c0), 0x2) [ 994.155803][ T2158] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 994.163613][ T2158] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 994.171426][ T2158] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 994.179237][ T2158] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 994.187047][ T2158] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 994.194862][ T2158] [ 994.200694][ T2175] CPU: 0 PID: 2175 Comm: syz-executor.4 Not tainted 5.15.74-syzkaller #0 [ 994.208930][ T2175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 994.218827][ T2175] Call Trace: [ 994.221953][ T2175] [ 994.224727][ T2175] dump_stack_lvl+0x151/0x1b7 [ 994.229242][ T2175] ? bfq_pos_tree_add_move+0x43e/0x43e [ 994.234535][ T2175] ? handle_pte_fault+0x517/0x11d0 [ 994.239483][ T2175] dump_stack+0x15/0x17 [ 994.243477][ T2175] should_fail+0x3c0/0x510 [ 994.247729][ T2175] __should_failslab+0x9f/0xe0 [ 994.252329][ T2175] should_failslab+0x9/0x20 [ 994.256679][ T2175] kmem_cache_alloc+0x4f/0x2f0 [ 994.261269][ T2175] ? dup_task_struct+0x53/0xa60 [ 994.265952][ T2175] ? __kasan_check_write+0x14/0x20 [ 994.270903][ T2175] dup_task_struct+0x53/0xa60 [ 994.275436][ T2175] ? __kasan_check_write+0x14/0x20 [ 994.280360][ T2175] copy_process+0x579/0x3250 [ 994.284793][ T2175] ? check_stack_object+0xf7/0x130 [ 994.289738][ T2175] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 994.294684][ T2175] ? copy_clone_args_from_user+0x6cf/0x790 [ 994.300331][ T2175] kernel_clone+0x22d/0x990 [ 994.304671][ T2175] ? dup_mmap+0xea0/0xea0 [ 994.308837][ T2175] ? create_io_thread+0x1e0/0x1e0 [ 994.313691][ T2175] ? file_end_write+0x1b0/0x1b0 [ 994.318378][ T2175] __x64_sys_clone3+0x375/0x3a0 [ 994.323067][ T2175] ? __ia32_sys_clone+0x300/0x300 [ 994.327926][ T2175] ? ksys_write+0x25f/0x2c0 [ 994.332265][ T2175] ? debug_smp_processor_id+0x17/0x20 [ 994.337474][ T2175] do_syscall_64+0x44/0xd0 [ 994.341728][ T2175] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 994.347453][ T2175] RIP: 0033:0x7fbe40b8f639 [ 994.351711][ T2175] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 994.371147][ T2175] RSP: 002b:00007fbe3f903038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 994.379396][ T2175] RAX: ffffffffffffffda RBX: 00007fbe40caff80 RCX: 00007fbe40b8f639 [ 994.387205][ T2175] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007fbe3f903050 [ 994.395016][ T2175] RBP: 00007fbe3f9031d0 R08: 0000000000000000 R09: 0000000000000058 08:07:26 executing program 5: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) r2 = fsmount(r1, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r2, 0x80045519, &(0x7f0000000180)=0x100) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(r3, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) read$usbfs(r3, &(0x7f0000000100)=""/81, 0x51) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r5, 0x0, 0x0) fsconfig$FSCONFIG_SET_FLAG(r5, 0x0, &(0x7f0000000000)='nomand\x00', 0x0, 0x0) ioctl$USBDEVFS_ALLOC_STREAMS(r4, 0x8008551c, &(0x7f0000000240)={0xd96d}) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x20, 0x1}, &(0x7f0000000040)) timer_gettime(0x0, &(0x7f0000000080)) 08:07:26 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 2) 08:07:26 executing program 0: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(0xffffffffffffffff, &(0x7f00000000c0), 0x2) 08:07:26 executing program 2: timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_gettime(r0, &(0x7f0000000240)) 08:07:26 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, &(0x7f0000000180)) timer_gettime(r0, &(0x7f0000000240)) 08:07:26 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 3) [ 994.402843][ T2175] R10: 00007fbe3f903050 R11: 0000000000000246 R12: 0000000000000058 [ 994.410639][ T2175] R13: 00007ffea63337ff R14: 00007fbe3f903300 R15: 0000000000022000 [ 994.418460][ T2175] 08:07:27 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, 0x0, &(0x7f0000000180)) timer_gettime(r0, &(0x7f0000000240)) 08:07:27 executing program 0: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(0xffffffffffffffff, &(0x7f00000000c0), 0x2) 08:07:27 executing program 2: timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_gettime(r0, &(0x7f0000000240)) 08:07:27 executing program 2: timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, &(0x7f0000000180)) timer_gettime(0x0, &(0x7f0000000240)) 08:07:27 executing program 2: timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, &(0x7f0000000180)) timer_gettime(0x0, &(0x7f0000000240)) [ 994.455568][ T2187] FAULT_INJECTION: forcing a failure. [ 994.455568][ T2187] name failslab, interval 1, probability 0, space 0, times 0 [ 994.458073][ T2189] FAULT_INJECTION: forcing a failure. [ 994.458073][ T2189] name failslab, interval 1, probability 0, space 0, times 0 08:07:27 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, 0x0, &(0x7f0000000180)) timer_gettime(r0, &(0x7f0000000240)) [ 994.536969][ T2189] CPU: 0 PID: 2189 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 994.545227][ T2189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 994.555121][ T2189] Call Trace: [ 994.558242][ T2189] [ 994.561020][ T2189] dump_stack_lvl+0x151/0x1b7 [ 994.565534][ T2189] ? bfq_pos_tree_add_move+0x43e/0x43e [ 994.570828][ T2189] ? handle_pte_fault+0x517/0x11d0 [ 994.575778][ T2189] dump_stack+0x15/0x17 [ 994.579767][ T2189] should_fail+0x3c0/0x510 [ 994.584020][ T2189] __should_failslab+0x9f/0xe0 [ 994.588621][ T2189] should_failslab+0x9/0x20 [ 994.592962][ T2189] kmem_cache_alloc+0x4f/0x2f0 [ 994.597558][ T2189] ? dup_task_struct+0x53/0xa60 [ 994.602248][ T2189] ? __kasan_check_write+0x14/0x20 [ 994.607194][ T2189] dup_task_struct+0x53/0xa60 [ 994.611709][ T2189] ? __kasan_check_write+0x14/0x20 [ 994.616656][ T2189] copy_process+0x579/0x3250 [ 994.621087][ T2189] ? check_stack_object+0xf7/0x130 [ 994.626029][ T2189] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 994.630975][ T2189] ? copy_clone_args_from_user+0x6cf/0x790 [ 994.636620][ T2189] kernel_clone+0x22d/0x990 [ 994.640959][ T2189] ? dup_mmap+0xea0/0xea0 [ 994.645129][ T2189] ? create_io_thread+0x1e0/0x1e0 [ 994.649986][ T2189] ? file_end_write+0x1b0/0x1b0 [ 994.654674][ T2189] __x64_sys_clone3+0x375/0x3a0 [ 994.659360][ T2189] ? __ia32_sys_clone+0x300/0x300 [ 994.664217][ T2189] ? ksys_write+0x25f/0x2c0 [ 994.668557][ T2189] ? debug_smp_processor_id+0x17/0x20 [ 994.673773][ T2189] do_syscall_64+0x44/0xd0 [ 994.678018][ T2189] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 994.683745][ T2189] RIP: 0033:0x7f495fdbc639 [ 994.688001][ T2189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 994.707446][ T2189] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 994.715684][ T2189] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 994.723504][ T2189] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 994.731309][ T2189] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 994.739118][ T2189] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 994.746932][ T2189] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 994.754752][ T2189] [ 994.757697][ T2187] CPU: 1 PID: 2187 Comm: syz-executor.4 Not tainted 5.15.74-syzkaller #0 [ 994.765946][ T2187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 994.775841][ T2187] Call Trace: [ 994.778963][ T2187] [ 994.781738][ T2187] dump_stack_lvl+0x151/0x1b7 [ 994.786250][ T2187] ? bfq_pos_tree_add_move+0x43e/0x43e [ 994.791544][ T2187] ? __kasan_slab_alloc+0xc4/0xe0 [ 994.796404][ T2187] ? kmem_cache_alloc+0x189/0x2f0 [ 994.801268][ T2187] dump_stack+0x15/0x17 [ 994.805256][ T2187] should_fail+0x3c0/0x510 [ 994.809510][ T2187] ? __get_vm_area_node+0x13a/0x380 [ 994.814545][ T2187] __should_failslab+0x9f/0xe0 [ 994.819147][ T2187] should_failslab+0x9/0x20 [ 994.823484][ T2187] kmem_cache_alloc_trace+0x4a/0x310 [ 994.828607][ T2187] __get_vm_area_node+0x13a/0x380 [ 994.833470][ T2187] __vmalloc_node_range+0xda/0x800 [ 994.838413][ T2187] ? copy_process+0x579/0x3250 [ 994.843013][ T2187] ? kmem_cache_alloc+0x1c1/0x2f0 [ 994.847874][ T2187] ? dup_task_struct+0x53/0xa60 [ 994.852559][ T2187] dup_task_struct+0x61f/0xa60 [ 994.857248][ T2187] ? copy_process+0x579/0x3250 [ 994.861846][ T2187] ? __kasan_check_write+0x14/0x20 [ 994.866795][ T2187] copy_process+0x579/0x3250 [ 994.871224][ T2187] ? check_stack_object+0xf7/0x130 [ 994.876168][ T2187] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 994.881117][ T2187] ? copy_clone_args_from_user+0x6cf/0x790 [ 994.886760][ T2187] kernel_clone+0x22d/0x990 [ 994.891102][ T2187] ? dup_mmap+0xea0/0xea0 [ 994.895276][ T2187] ? create_io_thread+0x1e0/0x1e0 [ 994.900124][ T2187] ? file_end_write+0x1b0/0x1b0 [ 994.904810][ T2187] __x64_sys_clone3+0x375/0x3a0 [ 994.909500][ T2187] ? __ia32_sys_clone+0x300/0x300 [ 994.914363][ T2187] ? ksys_write+0x25f/0x2c0 [ 994.918698][ T2187] ? debug_smp_processor_id+0x17/0x20 [ 994.923906][ T2187] do_syscall_64+0x44/0xd0 [ 994.928169][ T2187] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 994.933887][ T2187] RIP: 0033:0x7fbe40b8f639 [ 994.938141][ T2187] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 994.957590][ T2187] RSP: 002b:00007fbe3f903038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 994.965829][ T2187] RAX: ffffffffffffffda RBX: 00007fbe40caff80 RCX: 00007fbe40b8f639 [ 994.973639][ T2187] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007fbe3f903050 [ 994.981449][ T2187] RBP: 00007fbe3f9031d0 R08: 0000000000000000 R09: 0000000000000058 08:07:27 executing program 5: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) r2 = fsmount(r1, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r2, 0x80045519, &(0x7f0000000180)=0x100) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(r3, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) read$usbfs(r3, &(0x7f0000000100)=""/81, 0x51) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r5, 0x0, 0x0) fsconfig$FSCONFIG_SET_FLAG(r5, 0x0, &(0x7f0000000000)='nomand\x00', 0x0, 0x0) ioctl$USBDEVFS_ALLOC_STREAMS(r4, 0x8008551c, &(0x7f0000000240)={0xd96d}) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x20, 0x1}, &(0x7f0000000040)) 08:07:27 executing program 0: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(0xffffffffffffffff, &(0x7f00000000c0), 0x2) 08:07:27 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, 0x0, &(0x7f0000000180)) timer_gettime(r0, &(0x7f0000000240)) 08:07:27 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 3) 08:07:27 executing program 2: timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, &(0x7f0000000180)) timer_gettime(0x0, &(0x7f0000000240)) [ 994.989262][ T2187] R10: 00007fbe3f903050 R11: 0000000000000246 R12: 0000000000000058 [ 994.997074][ T2187] R13: 00007ffea63337ff R14: 00007fbe3f903300 R15: 0000000000022000 [ 995.004897][ T2187] [ 995.013271][ T2187] syz-executor.4: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0 [ 995.037940][ T2211] FAULT_INJECTION: forcing a failure. [ 995.037940][ T2211] name failslab, interval 1, probability 0, space 0, times 0 [ 995.058410][ T2211] CPU: 0 PID: 2211 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 995.066656][ T2211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 995.076552][ T2211] Call Trace: [ 995.079676][ T2211] [ 995.082453][ T2211] dump_stack_lvl+0x151/0x1b7 [ 995.086969][ T2211] ? bfq_pos_tree_add_move+0x43e/0x43e [ 995.092262][ T2211] ? __kasan_slab_alloc+0xc4/0xe0 [ 995.097132][ T2211] ? kmem_cache_alloc+0x189/0x2f0 [ 995.101984][ T2211] dump_stack+0x15/0x17 [ 995.105976][ T2211] should_fail+0x3c0/0x510 [ 995.110228][ T2211] ? __get_vm_area_node+0x13a/0x380 [ 995.115262][ T2211] __should_failslab+0x9f/0xe0 [ 995.119860][ T2211] should_failslab+0x9/0x20 [ 995.124206][ T2211] kmem_cache_alloc_trace+0x4a/0x310 [ 995.129325][ T2211] __get_vm_area_node+0x13a/0x380 [ 995.134190][ T2211] __vmalloc_node_range+0xda/0x800 [ 995.139131][ T2211] ? copy_process+0x579/0x3250 [ 995.143731][ T2211] ? kmem_cache_alloc+0x1c1/0x2f0 [ 995.148592][ T2211] ? dup_task_struct+0x53/0xa60 [ 995.153278][ T2211] dup_task_struct+0x61f/0xa60 [ 995.157880][ T2211] ? copy_process+0x579/0x3250 [ 995.162477][ T2211] ? __kasan_check_write+0x14/0x20 [ 995.167425][ T2211] copy_process+0x579/0x3250 [ 995.171857][ T2211] ? check_stack_object+0xf7/0x130 [ 995.176801][ T2211] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 995.181755][ T2211] ? copy_clone_args_from_user+0x6cf/0x790 [ 995.187388][ T2211] kernel_clone+0x22d/0x990 [ 995.191725][ T2211] ? dup_mmap+0xea0/0xea0 [ 995.195901][ T2211] ? create_io_thread+0x1e0/0x1e0 [ 995.200752][ T2211] ? file_end_write+0x1b0/0x1b0 [ 995.205442][ T2211] __x64_sys_clone3+0x375/0x3a0 [ 995.210128][ T2211] ? __ia32_sys_clone+0x300/0x300 [ 995.214989][ T2211] ? ksys_write+0x25f/0x2c0 [ 995.219330][ T2211] ? debug_smp_processor_id+0x17/0x20 [ 995.224534][ T2211] do_syscall_64+0x44/0xd0 [ 995.228793][ T2211] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 995.234514][ T2211] RIP: 0033:0x7f495fdbc639 [ 995.238776][ T2211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 995.258211][ T2211] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 995.266460][ T2211] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 995.274266][ T2211] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 995.282082][ T2211] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 995.289891][ T2211] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 995.297789][ T2211] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 995.305606][ T2211] [ 995.321109][ T2187] CPU: 0 PID: 2187 Comm: syz-executor.4 Not tainted 5.15.74-syzkaller #0 [ 995.329364][ T2187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 995.339262][ T2187] Call Trace: [ 995.342382][ T2187] [ 995.345157][ T2187] dump_stack_lvl+0x151/0x1b7 [ 995.349672][ T2187] ? bfq_pos_tree_add_move+0x43e/0x43e [ 995.354977][ T2187] ? pr_cont_kernfs_name+0xe6/0x100 [ 995.360001][ T2187] dump_stack+0x15/0x17 [ 995.363996][ T2187] warn_alloc+0x242/0x3d0 [ 995.368162][ T2187] ? zone_watermark_ok_safe+0x280/0x280 [ 995.373541][ T2187] ? __get_vm_area_node+0x36a/0x380 [ 995.378574][ T2187] __vmalloc_node_range+0x2be/0x800 [ 995.383610][ T2187] ? dup_task_struct+0x53/0xa60 [ 995.388297][ T2187] dup_task_struct+0x61f/0xa60 [ 995.392899][ T2187] ? copy_process+0x579/0x3250 [ 995.397580][ T2187] ? __kasan_check_write+0x14/0x20 [ 995.402527][ T2187] copy_process+0x579/0x3250 [ 995.406966][ T2187] ? check_stack_object+0xf7/0x130 [ 995.411912][ T2187] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 995.416851][ T2187] ? copy_clone_args_from_user+0x6cf/0x790 [ 995.422495][ T2187] kernel_clone+0x22d/0x990 [ 995.426840][ T2187] ? dup_mmap+0xea0/0xea0 [ 995.431004][ T2187] ? create_io_thread+0x1e0/0x1e0 [ 995.435949][ T2187] ? file_end_write+0x1b0/0x1b0 [ 995.440808][ T2187] __x64_sys_clone3+0x375/0x3a0 [ 995.445491][ T2187] ? __ia32_sys_clone+0x300/0x300 [ 995.450355][ T2187] ? ksys_write+0x25f/0x2c0 [ 995.454692][ T2187] ? debug_smp_processor_id+0x17/0x20 [ 995.459910][ T2187] do_syscall_64+0x44/0xd0 [ 995.464156][ T2187] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 995.469882][ T2187] RIP: 0033:0x7fbe40b8f639 [ 995.474133][ T2187] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 995.493577][ T2187] RSP: 002b:00007fbe3f903038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 995.501822][ T2187] RAX: ffffffffffffffda RBX: 00007fbe40caff80 RCX: 00007fbe40b8f639 [ 995.509628][ T2187] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007fbe3f903050 [ 995.517438][ T2187] RBP: 00007fbe3f9031d0 R08: 0000000000000000 R09: 0000000000000058 [ 995.525249][ T2187] R10: 00007fbe3f903050 R11: 0000000000000246 R12: 0000000000000058 [ 995.533059][ T2187] R13: 00007ffea63337ff R14: 00007fbe3f903300 R15: 0000000000022000 [ 995.540877][ T2187] [ 995.544306][ T2187] Mem-Info: [ 995.547272][ T2187] active_anon:4893 inactive_anon:18563 isolated_anon:0 [ 995.547272][ T2187] active_file:4496 inactive_file:8784 isolated_file:0 [ 995.547272][ T2187] unevictable:0 dirty:37 writeback:0 [ 995.547272][ T2187] slab_reclaimable:15757 slab_unreclaimable:157052 [ 995.547272][ T2187] mapped:28693 shmem:7448 pagetables:607 bounce:0 [ 995.547272][ T2187] kernel_misc_reclaimable:0 [ 995.547272][ T2187] free:1451519 free_pcp:25484 free_cma:0 [ 995.588821][ T2187] Node 0 active_anon:19572kB inactive_anon:74252kB active_file:17984kB inactive_file:35136kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:114772kB dirty:148kB writeback:0kB shmem:29792kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:6752kB pagetables:2428kB all_unreclaimable? no [ 995.619601][ T2187] DMA32 free:2976724kB min:62592kB low:78240kB high:93888kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:2982428kB mlocked:0kB bounce:0kB free_pcp:5704kB local_pcp:56kB free_cma:0kB [ 995.646662][ T2187] lowmem_reserve[]: 0 3941 3941 [ 995.651401][ T2187] Normal free:2829352kB min:84860kB low:106072kB high:127284kB reserved_highatomic:0KB active_anon:19572kB inactive_anon:74252kB active_file:17984kB inactive_file:35136kB unevictable:0kB writepending:148kB present:5242880kB managed:4035848kB mlocked:0kB bounce:0kB free_pcp:97164kB local_pcp:48780kB free_cma:0kB [ 995.680494][ T2187] lowmem_reserve[]: 0 0 0 [ 995.684640][ T2187] DMA32: 3*4kB (M) 1*8kB (M) 2*16kB (M) 3*32kB (M) 3*64kB (M) 3*128kB (M) 3*256kB (M) 3*512kB (M) 4*1024kB (UM) 4*2048kB (UM) 723*4096kB (M) = 2976724kB [ 995.700061][ T2187] Normal: 996*4kB (UME) 413*8kB (UME) 505*16kB (UME) 1195*32kB (UME) 143*64kB (UME) 36*128kB (UME) 13*256kB (UME) 4*512kB (UE) 0*1024kB 2*2048kB (ME) 672*4096kB (UM) = 2829352kB [ 995.717613][ T2187] 20728 total pagecache pages [ 995.722083][ T2187] 0 pages in swap cache [ 995.726092][ T2187] Swap cache stats: add 0, delete 0, find 0/0 [ 995.731981][ T2187] Free swap = 0kB [ 995.735554][ T2187] Total swap = 0kB [ 995.739096][ T2187] 2097051 pages RAM 08:07:28 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:28 executing program 2: timer_create(0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, &(0x7f0000000180)) timer_gettime(0x0, &(0x7f0000000240)) 08:07:28 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, 0x0, 0x0) 08:07:28 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(r0, &(0x7f0000000240)) 08:07:28 executing program 5: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) r2 = fsmount(r1, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r2, 0x80045519, &(0x7f0000000180)=0x100) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(r3, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) read$usbfs(r3, &(0x7f0000000100)=""/81, 0x51) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r5, 0x0, 0x0) fsconfig$FSCONFIG_SET_FLAG(r5, 0x0, &(0x7f0000000000)='nomand\x00', 0x0, 0x0) ioctl$USBDEVFS_ALLOC_STREAMS(r4, 0x8008551c, &(0x7f0000000240)={0xd96d}) 08:07:28 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 4) 08:07:28 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, 0x0, 0x0) 08:07:28 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) 08:07:28 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, 0x0, 0x0) 08:07:28 executing program 2: timer_create(0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, &(0x7f0000000180)) timer_gettime(0x0, &(0x7f0000000240)) [ 995.742738][ T2187] 0 pages HighMem/MovableOnly [ 995.747294][ T2187] 342482 pages reserved [ 995.751240][ T2187] 0 pages cma reserved [ 995.768072][ T2223] FAULT_INJECTION: forcing a failure. [ 995.768072][ T2223] name failslab, interval 1, probability 0, space 0, times 0 [ 995.822560][ T2223] CPU: 0 PID: 2223 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 995.830813][ T2223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 995.840732][ T2223] Call Trace: [ 995.843830][ T2223] [ 995.846603][ T2223] dump_stack_lvl+0x151/0x1b7 [ 995.851117][ T2223] ? bfq_pos_tree_add_move+0x43e/0x43e [ 995.856412][ T2223] dump_stack+0x15/0x17 [ 995.860402][ T2223] should_fail+0x3c0/0x510 [ 995.864654][ T2223] ? security_prepare_creds+0x50/0x160 [ 995.869950][ T2223] __should_failslab+0x9f/0xe0 [ 995.874552][ T2223] should_failslab+0x9/0x20 [ 995.878890][ T2223] __kmalloc+0x6d/0x350 [ 995.882884][ T2223] security_prepare_creds+0x50/0x160 [ 995.888004][ T2223] prepare_creds+0x471/0x690 [ 995.892430][ T2223] copy_creds+0xde/0x640 [ 995.896512][ T2223] copy_process+0x775/0x3250 [ 995.900940][ T2223] ? check_stack_object+0xf7/0x130 [ 995.905883][ T2223] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 995.910832][ T2223] ? copy_clone_args_from_user+0x6cf/0x790 [ 995.916474][ T2223] kernel_clone+0x22d/0x990 [ 995.920810][ T2223] ? dup_mmap+0xea0/0xea0 [ 995.924976][ T2223] ? create_io_thread+0x1e0/0x1e0 [ 995.929838][ T2223] ? file_end_write+0x1b0/0x1b0 [ 995.934526][ T2223] __x64_sys_clone3+0x375/0x3a0 [ 995.939210][ T2223] ? __ia32_sys_clone+0x300/0x300 [ 995.944073][ T2223] ? ksys_write+0x25f/0x2c0 [ 995.948413][ T2223] ? debug_smp_processor_id+0x17/0x20 [ 995.955217][ T2223] do_syscall_64+0x44/0xd0 [ 995.959437][ T2223] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 995.965258][ T2223] RIP: 0033:0x7f495fdbc639 [ 995.969510][ T2223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 995.989040][ T2223] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 995.997281][ T2223] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 996.005092][ T2223] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 996.012904][ T2223] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 08:07:28 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, 0x0) 08:07:28 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, 0x0) [ 996.020720][ T2223] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 996.028528][ T2223] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 996.036430][ T2223] 08:07:28 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 5) 08:07:28 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (fail_nth: 1) 08:07:28 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40221f00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:28 executing program 2: timer_create(0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, &(0x7f0000000180)) timer_gettime(0x0, &(0x7f0000000240)) 08:07:28 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, 0x0) 08:07:28 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) (fail_nth: 1) 08:07:28 executing program 5: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) r2 = fsmount(r1, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r2, 0x80045519, &(0x7f0000000180)=0x100) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(r3, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) read$usbfs(r3, &(0x7f0000000100)=""/81, 0x51) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r4, 0x0, 0x0) fsconfig$FSCONFIG_SET_FLAG(r4, 0x0, &(0x7f0000000000)='nomand\x00', 0x0, 0x0) 08:07:28 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222002, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:28 executing program 2: timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, &(0x7f0000000180)) timer_gettime(r0, &(0x7f0000000240)) 08:07:28 executing program 2: timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, 0x0, &(0x7f0000000180)) timer_gettime(r0, &(0x7f0000000240)) [ 996.111321][ T2246] FAULT_INJECTION: forcing a failure. [ 996.111321][ T2246] name failslab, interval 1, probability 0, space 0, times 0 [ 996.114497][ T2248] FAULT_INJECTION: forcing a failure. [ 996.114497][ T2248] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 996.145377][ T2255] FAULT_INJECTION: forcing a failure. [ 996.145377][ T2255] name fail_usercopy, interval 1, probability 0, space 0, times 0 08:07:28 executing program 2: timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, 0x0, &(0x7f0000000180)) timer_gettime(r0, &(0x7f0000000240)) [ 996.178776][ T2246] CPU: 0 PID: 2246 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 996.187034][ T2246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 996.196932][ T2246] Call Trace: [ 996.200058][ T2246] [ 996.202831][ T2246] dump_stack_lvl+0x151/0x1b7 [ 996.207445][ T2246] ? bfq_pos_tree_add_move+0x43e/0x43e [ 996.212741][ T2246] dump_stack+0x15/0x17 [ 996.216739][ T2246] should_fail+0x3c0/0x510 [ 996.220979][ T2246] __should_failslab+0x9f/0xe0 08:07:28 executing program 2: timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, 0x0, &(0x7f0000000180)) timer_gettime(r0, &(0x7f0000000240)) [ 996.225581][ T2246] should_failslab+0x9/0x20 [ 996.229921][ T2246] kmem_cache_alloc+0x4f/0x2f0 [ 996.234525][ T2246] ? alloc_vmap_area+0x6c3/0x1a90 [ 996.239384][ T2246] alloc_vmap_area+0x6c3/0x1a90 [ 996.244072][ T2246] ? vm_map_ram+0xa80/0xa80 [ 996.248457][ T2246] ? __kasan_kmalloc+0x9/0x10 [ 996.252918][ T2246] ? __get_vm_area_node+0x13a/0x380 [ 996.257955][ T2246] __get_vm_area_node+0x17b/0x380 [ 996.262813][ T2246] __vmalloc_node_range+0xda/0x800 [ 996.267760][ T2246] ? copy_process+0x579/0x3250 [ 996.272363][ T2246] ? kmem_cache_alloc+0x1c1/0x2f0 [ 996.277224][ T2246] ? dup_task_struct+0x53/0xa60 [ 996.281910][ T2246] dup_task_struct+0x61f/0xa60 [ 996.286519][ T2246] ? copy_process+0x579/0x3250 [ 996.291112][ T2246] ? __kasan_check_write+0x14/0x20 [ 996.296060][ T2246] copy_process+0x579/0x3250 [ 996.300484][ T2246] ? check_stack_object+0xf7/0x130 [ 996.305428][ T2246] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 996.310461][ T2246] ? copy_clone_args_from_user+0x6cf/0x790 [ 996.316106][ T2246] kernel_clone+0x22d/0x990 [ 996.320444][ T2246] ? dup_mmap+0xea0/0xea0 [ 996.324608][ T2246] ? create_io_thread+0x1e0/0x1e0 [ 996.329469][ T2246] ? file_end_write+0x1b0/0x1b0 [ 996.334158][ T2246] __x64_sys_clone3+0x375/0x3a0 [ 996.338855][ T2246] ? __ia32_sys_clone+0x300/0x300 [ 996.343704][ T2246] ? ksys_write+0x25f/0x2c0 [ 996.348045][ T2246] ? debug_smp_processor_id+0x17/0x20 [ 996.353266][ T2246] do_syscall_64+0x44/0xd0 [ 996.357508][ T2246] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 996.363240][ T2246] RIP: 0033:0x7f495fdbc639 [ 996.367490][ T2246] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 996.386927][ T2246] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 996.395180][ T2246] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 996.403245][ T2246] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 996.411053][ T2246] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 996.418868][ T2246] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 996.426677][ T2246] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 996.434589][ T2246] [ 996.437464][ T2248] CPU: 1 PID: 2248 Comm: syz-executor.0 Not tainted 5.15.74-syzkaller #0 [ 996.445712][ T2248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 996.455595][ T2248] Call Trace: [ 996.458715][ T2248] [ 996.461493][ T2248] dump_stack_lvl+0x151/0x1b7 [ 996.466006][ T2248] ? bfq_pos_tree_add_move+0x43e/0x43e [ 996.471304][ T2248] dump_stack+0x15/0x17 [ 996.475292][ T2248] should_fail+0x3c0/0x510 [ 996.479544][ T2248] should_fail_usercopy+0x1a/0x20 [ 996.484409][ T2248] _copy_from_user+0x20/0xd0 [ 996.488834][ T2248] __sys_connect+0x137/0x410 [ 996.493272][ T2248] ? fput_many+0x47/0x1a0 [ 996.497422][ T2248] ? __sys_connect_file+0x170/0x170 [ 996.502468][ T2248] ? debug_smp_processor_id+0x17/0x20 [ 996.507683][ T2248] __x64_sys_connect+0x7a/0x90 [ 996.512265][ T2248] do_syscall_64+0x44/0xd0 [ 996.516519][ T2248] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 996.522243][ T2248] RIP: 0033:0x7f395464e639 [ 996.526507][ T2248] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 996.545945][ T2248] RSP: 002b:00007f39533c2168 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 996.554186][ T2248] RAX: ffffffffffffffda RBX: 00007f395476ef80 RCX: 00007f395464e639 [ 996.562002][ T2248] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 996.569806][ T2248] RBP: 00007f39533c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 996.577618][ T2248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 996.585428][ T2248] R13: 00007ffd9d17287f R14: 00007f39533c2300 R15: 0000000000022000 [ 996.593252][ T2248] [ 996.601941][ T2255] CPU: 1 PID: 2255 Comm: syz-executor.1 Not tainted 5.15.74-syzkaller #0 [ 996.610173][ T2255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 996.620067][ T2255] Call Trace: [ 996.623192][ T2255] [ 996.625975][ T2255] dump_stack_lvl+0x151/0x1b7 [ 996.630485][ T2255] ? bfq_pos_tree_add_move+0x43e/0x43e [ 996.635779][ T2255] ? vfs_write+0x9af/0x1050 [ 996.640115][ T2255] ? vmacache_update+0xb7/0x120 [ 996.644800][ T2255] dump_stack+0x15/0x17 [ 996.648796][ T2255] should_fail+0x3c0/0x510 [ 996.653047][ T2255] should_fail_usercopy+0x1a/0x20 [ 996.657910][ T2255] _copy_to_user+0x20/0x90 [ 996.662162][ T2255] put_itimerspec64+0x107/0x220 [ 996.666847][ T2255] ? __mutex_lock_slowpath+0x10/0x10 [ 996.671967][ T2255] ? get_itimerspec64+0x440/0x440 [ 996.676827][ T2255] ? posix_get_boottime_timespec+0x80/0x80 [ 996.682473][ T2255] ? ns_to_timespec64+0x21/0xb0 [ 996.687155][ T2255] ? common_timer_get+0x24a/0x340 [ 996.692018][ T2255] ? common_timer_get+0x1/0x340 [ 996.696707][ T2255] __x64_sys_timer_gettime+0x1e7/0x270 [ 996.701999][ T2255] ? common_timer_get+0x340/0x340 [ 996.706862][ T2255] ? debug_smp_processor_id+0x17/0x20 [ 996.712073][ T2255] do_syscall_64+0x44/0xd0 [ 996.716667][ T2255] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 996.722394][ T2255] RIP: 0033:0x7f470053b639 [ 996.726649][ T2255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 996.746088][ T2255] RSP: 002b:00007f46ff2af168 EFLAGS: 00000246 ORIG_RAX: 00000000000000e0 [ 996.754333][ T2255] RAX: ffffffffffffffda RBX: 00007f470065bf80 RCX: 00007f470053b639 [ 996.762145][ T2255] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000000 [ 996.769956][ T2255] RBP: 00007f46ff2af1d0 R08: 0000000000000000 R09: 0000000000000000 [ 996.777768][ T2255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 996.785578][ T2255] R13: 00007ffd4da5a0df R14: 00007f46ff2af300 R15: 0000000000022000 [ 996.793394][ T2255] 08:07:29 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 6) 08:07:29 executing program 2: timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(r0, &(0x7f0000000240)) 08:07:29 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222007, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:29 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (fail_nth: 2) 08:07:29 executing program 5: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) r2 = fsmount(r1, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r2, 0x80045519, &(0x7f0000000180)=0x100) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(r3, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) read$usbfs(r3, &(0x7f0000000100)=""/81, 0x51) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r4, 0x0, 0x0) 08:07:29 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) (fail_nth: 2) 08:07:29 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222009, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:29 executing program 2: timer_create(0x0, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) [ 996.864227][ T2275] FAULT_INJECTION: forcing a failure. [ 996.864227][ T2275] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 996.880137][ T2275] CPU: 0 PID: 2275 Comm: syz-executor.0 Not tainted 5.15.74-syzkaller #0 [ 996.888380][ T2275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 996.898271][ T2275] Call Trace: [ 996.901390][ T2275] [ 996.904170][ T2275] dump_stack_lvl+0x151/0x1b7 [ 996.908684][ T2275] ? bfq_pos_tree_add_move+0x43e/0x43e [ 996.913979][ T2275] dump_stack+0x15/0x17 [ 996.917971][ T2275] should_fail+0x3c0/0x510 [ 996.922223][ T2275] should_fail_usercopy+0x1a/0x20 [ 996.927085][ T2275] _copy_to_user+0x20/0x90 [ 996.931337][ T2275] simple_read_from_buffer+0xdd/0x160 [ 996.936542][ T2275] proc_fail_nth_read+0x1af/0x220 [ 996.941402][ T2275] ? proc_fault_inject_write+0x3a0/0x3a0 [ 996.946887][ T2275] ? security_file_permission+0x497/0x5f0 [ 996.952425][ T2275] ? proc_fault_inject_write+0x3a0/0x3a0 [ 996.957895][ T2275] vfs_read+0x299/0xd80 [ 996.961889][ T2275] ? kernel_read+0x1f0/0x1f0 [ 996.966313][ T2275] ? __kasan_check_write+0x14/0x20 [ 996.971259][ T2275] ? mutex_lock+0xb6/0x130 [ 996.975524][ T2275] ? wait_for_completion_killable_timeout+0x10/0x10 [ 996.981936][ T2275] ? __fdget_pos+0x26d/0x310 [ 996.986364][ T2275] ? ksys_read+0x77/0x2c0 [ 996.990530][ T2275] ksys_read+0x198/0x2c0 [ 996.994610][ T2275] ? vfs_write+0x1050/0x1050 [ 996.999035][ T2275] ? debug_smp_processor_id+0x17/0x20 [ 997.004241][ T2275] __x64_sys_read+0x7b/0x90 [ 997.008582][ T2275] do_syscall_64+0x44/0xd0 [ 997.012837][ T2275] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 997.018562][ T2275] RIP: 0033:0x7f395460037c [ 997.022818][ T2275] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 997.042257][ T2275] RSP: 002b:00007f39533c2160 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 997.050501][ T2275] RAX: ffffffffffffffda RBX: 00007f395476ef80 RCX: 00007f395460037c 08:07:29 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222011, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 997.058316][ T2275] RDX: 000000000000000f RSI: 00007f39533c21e0 RDI: 0000000000000003 [ 997.066128][ T2275] RBP: 00007f39533c21d0 R08: 0000000000000000 R09: 0000000000000000 [ 997.073939][ T2275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 997.081752][ T2275] R13: 00007ffd9d17287f R14: 00007f39533c2300 R15: 0000000000022000 [ 997.089564][ T2275] [ 997.094083][ T2283] FAULT_INJECTION: forcing a failure. [ 997.094083][ T2283] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 997.105372][ T2284] FAULT_INJECTION: forcing a failure. [ 997.105372][ T2284] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 997.113724][ T2283] CPU: 1 PID: 2283 Comm: syz-executor.1 Not tainted 5.15.74-syzkaller #0 [ 997.128276][ T2283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 997.138168][ T2283] Call Trace: [ 997.141289][ T2283] [ 997.144069][ T2283] dump_stack_lvl+0x151/0x1b7 [ 997.148582][ T2283] ? bfq_pos_tree_add_move+0x43e/0x43e [ 997.153877][ T2283] ? vfs_write+0x9af/0x1050 [ 997.158216][ T2283] ? vmacache_update+0xb7/0x120 [ 997.162902][ T2283] dump_stack+0x15/0x17 [ 997.166893][ T2283] should_fail+0x3c0/0x510 [ 997.171148][ T2283] should_fail_usercopy+0x1a/0x20 [ 997.176006][ T2283] _copy_to_user+0x20/0x90 [ 997.180263][ T2283] put_itimerspec64+0x1c1/0x220 [ 997.184947][ T2283] ? __mutex_lock_slowpath+0x10/0x10 [ 997.190067][ T2283] ? get_itimerspec64+0x440/0x440 [ 997.194933][ T2283] ? posix_get_boottime_timespec+0x80/0x80 [ 997.200573][ T2283] ? ns_to_timespec64+0x21/0xb0 [ 997.205267][ T2283] ? common_timer_get+0x24a/0x340 [ 997.210117][ T2283] ? common_timer_get+0x1/0x340 [ 997.214806][ T2283] __x64_sys_timer_gettime+0x1e7/0x270 [ 997.220101][ T2283] ? common_timer_get+0x340/0x340 [ 997.224960][ T2283] ? debug_smp_processor_id+0x17/0x20 [ 997.230167][ T2283] do_syscall_64+0x44/0xd0 [ 997.234423][ T2283] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 997.240151][ T2283] RIP: 0033:0x7f470053b639 [ 997.244401][ T2283] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 08:07:29 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) [ 997.263843][ T2283] RSP: 002b:00007f46ff2af168 EFLAGS: 00000246 ORIG_RAX: 00000000000000e0 [ 997.272088][ T2283] RAX: ffffffffffffffda RBX: 00007f470065bf80 RCX: 00007f470053b639 [ 997.279899][ T2283] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000000 [ 997.287711][ T2283] RBP: 00007f46ff2af1d0 R08: 0000000000000000 R09: 0000000000000000 [ 997.295526][ T2283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 997.303332][ T2283] R13: 00007ffd4da5a0df R14: 00007f46ff2af300 R15: 0000000000022000 [ 997.311148][ T2283] [ 997.314014][ T2284] CPU: 0 PID: 2284 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 997.322256][ T2284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 997.332150][ T2284] Call Trace: [ 997.335275][ T2284] [ 997.338051][ T2284] dump_stack_lvl+0x151/0x1b7 [ 997.342564][ T2284] ? bfq_pos_tree_add_move+0x43e/0x43e [ 997.347866][ T2284] dump_stack+0x15/0x17 [ 997.351850][ T2284] should_fail+0x3c0/0x510 [ 997.356103][ T2284] should_fail_alloc_page+0x58/0x70 [ 997.361138][ T2284] __alloc_pages+0x1de/0x7c0 [ 997.365651][ T2284] ? __count_vm_events+0x30/0x30 [ 997.370427][ T2284] ? _raw_spin_trylock_bh+0x1d0/0x1d0 [ 997.375637][ T2284] __get_free_pages+0xe/0x30 [ 997.380144][ T2284] kasan_populate_vmalloc_pte+0x39/0x130 [ 997.385613][ T2284] ? __apply_to_page_range+0x8a5/0xb90 [ 997.390910][ T2284] __apply_to_page_range+0x8b8/0xb90 [ 997.396032][ T2284] ? kasan_populate_vmalloc+0x70/0x70 [ 997.401237][ T2284] ? kasan_populate_vmalloc+0x70/0x70 [ 997.406445][ T2284] apply_to_page_range+0x3b/0x50 [ 997.411217][ T2284] kasan_populate_vmalloc+0x65/0x70 [ 997.416251][ T2284] alloc_vmap_area+0x1946/0x1a90 [ 997.421028][ T2284] ? vm_map_ram+0xa80/0xa80 [ 997.425365][ T2284] ? __kasan_kmalloc+0x9/0x10 [ 997.429878][ T2284] ? __get_vm_area_node+0x13a/0x380 [ 997.434912][ T2284] __get_vm_area_node+0x17b/0x380 [ 997.439776][ T2284] __vmalloc_node_range+0xda/0x800 [ 997.444720][ T2284] ? copy_process+0x579/0x3250 [ 997.449322][ T2284] ? kmem_cache_alloc+0x1c1/0x2f0 [ 997.454179][ T2284] ? dup_task_struct+0x53/0xa60 [ 997.458866][ T2284] dup_task_struct+0x61f/0xa60 [ 997.463467][ T2284] ? copy_process+0x579/0x3250 [ 997.468071][ T2284] ? __kasan_check_write+0x14/0x20 [ 997.473021][ T2284] copy_process+0x579/0x3250 [ 997.477449][ T2284] ? check_stack_object+0xf7/0x130 [ 997.482391][ T2284] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 997.487334][ T2284] ? copy_clone_args_from_user+0x6cf/0x790 [ 997.492979][ T2284] kernel_clone+0x22d/0x990 [ 997.497319][ T2284] ? dup_mmap+0xea0/0xea0 [ 997.501483][ T2284] ? create_io_thread+0x1e0/0x1e0 [ 997.506345][ T2284] ? file_end_write+0x1b0/0x1b0 [ 997.511031][ T2284] __x64_sys_clone3+0x375/0x3a0 [ 997.515718][ T2284] ? __ia32_sys_clone+0x300/0x300 [ 997.520581][ T2284] ? ksys_write+0x25f/0x2c0 [ 997.524925][ T2284] ? debug_smp_processor_id+0x17/0x20 [ 997.530125][ T2284] do_syscall_64+0x44/0xd0 [ 997.534378][ T2284] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 997.540107][ T2284] RIP: 0033:0x7f495fdbc639 [ 997.544360][ T2284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 08:07:30 executing program 2: timer_create(0x0, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, 0x0) 08:07:30 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 997.563806][ T2284] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 997.572046][ T2284] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 997.579857][ T2284] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 997.587668][ T2284] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 997.595482][ T2284] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 997.603297][ T2284] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 997.611125][ T2284] 08:07:30 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 7) 08:07:30 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x8) 08:07:30 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) (fail_nth: 3) 08:07:30 executing program 2: timer_create(0x0, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, 0x0) [ 997.683655][ T2298] FAULT_INJECTION: forcing a failure. [ 997.683655][ T2298] name failslab, interval 1, probability 0, space 0, times 0 [ 997.685269][ T2300] FAULT_INJECTION: forcing a failure. [ 997.685269][ T2300] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 997.703217][ T2298] CPU: 1 PID: 2298 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 997.717162][ T2298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 997.727056][ T2298] Call Trace: [ 997.730179][ T2298] [ 997.732955][ T2298] dump_stack_lvl+0x151/0x1b7 [ 997.737470][ T2298] ? bfq_pos_tree_add_move+0x43e/0x43e [ 997.742766][ T2298] dump_stack+0x15/0x17 [ 997.746755][ T2298] should_fail+0x3c0/0x510 [ 997.751016][ T2298] ? __vmalloc_node_range+0x2e3/0x800 [ 997.756215][ T2298] __should_failslab+0x9f/0xe0 [ 997.760818][ T2298] should_failslab+0x9/0x20 [ 997.765159][ T2298] __kmalloc+0x6d/0x350 [ 997.769149][ T2298] __vmalloc_node_range+0x2e3/0x800 [ 997.774357][ T2298] dup_task_struct+0x61f/0xa60 [ 997.778955][ T2298] ? copy_process+0x579/0x3250 [ 997.783556][ T2298] ? __kasan_check_write+0x14/0x20 [ 997.788504][ T2298] copy_process+0x579/0x3250 [ 997.792932][ T2298] ? check_stack_object+0xf7/0x130 [ 997.797879][ T2298] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 997.802825][ T2298] ? copy_clone_args_from_user+0x6cf/0x790 [ 997.808523][ T2298] kernel_clone+0x22d/0x990 [ 997.812805][ T2298] ? dup_mmap+0xea0/0xea0 [ 997.816972][ T2298] ? create_io_thread+0x1e0/0x1e0 [ 997.821835][ T2298] ? file_end_write+0x1b0/0x1b0 [ 997.826522][ T2298] __x64_sys_clone3+0x375/0x3a0 [ 997.831206][ T2298] ? __ia32_sys_clone+0x300/0x300 [ 997.836066][ T2298] ? ksys_write+0x25f/0x2c0 [ 997.840408][ T2298] ? debug_smp_processor_id+0x17/0x20 [ 997.845616][ T2298] do_syscall_64+0x44/0xd0 [ 997.849869][ T2298] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 997.855595][ T2298] RIP: 0033:0x7f495fdbc639 [ 997.859861][ T2298] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 997.879288][ T2298] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 997.887536][ T2298] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 997.895346][ T2298] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 997.903158][ T2298] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 997.910971][ T2298] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 997.918782][ T2298] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 997.926596][ T2298] [ 997.934793][ T2300] CPU: 1 PID: 2300 Comm: syz-executor.1 Not tainted 5.15.74-syzkaller #0 [ 997.943043][ T2300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 997.952934][ T2300] Call Trace: [ 997.956058][ T2300] [ 997.958836][ T2300] dump_stack_lvl+0x151/0x1b7 [ 997.963349][ T2300] ? bfq_pos_tree_add_move+0x43e/0x43e [ 997.968651][ T2300] dump_stack+0x15/0x17 [ 997.972634][ T2300] should_fail+0x3c0/0x510 [ 997.976890][ T2300] should_fail_usercopy+0x1a/0x20 [ 997.980543][ T2310] FAULT_INJECTION: forcing a failure. [ 997.980543][ T2310] name failslab, interval 1, probability 0, space 0, times 0 [ 997.981743][ T2300] _copy_to_user+0x20/0x90 [ 997.981767][ T2300] simple_read_from_buffer+0xdd/0x160 [ 998.003620][ T2300] proc_fail_nth_read+0x1af/0x220 [ 998.008479][ T2300] ? proc_fault_inject_write+0x3a0/0x3a0 [ 998.013944][ T2300] ? security_file_permission+0x497/0x5f0 [ 998.019498][ T2300] ? proc_fault_inject_write+0x3a0/0x3a0 [ 998.024966][ T2300] vfs_read+0x299/0xd80 [ 998.028961][ T2300] ? kernel_read+0x1f0/0x1f0 [ 998.033391][ T2300] ? __kasan_check_write+0x14/0x20 [ 998.038338][ T2300] ? mutex_lock+0xb6/0x130 [ 998.042589][ T2300] ? wait_for_completion_killable_timeout+0x10/0x10 [ 998.049013][ T2300] ? __fdget_pos+0x26d/0x310 [ 998.053526][ T2300] ? ksys_read+0x77/0x2c0 [ 998.057695][ T2300] ksys_read+0x198/0x2c0 [ 998.061773][ T2300] ? vfs_write+0x1050/0x1050 [ 998.066197][ T2300] ? debug_smp_processor_id+0x17/0x20 [ 998.071407][ T2300] __x64_sys_read+0x7b/0x90 [ 998.075744][ T2300] do_syscall_64+0x44/0xd0 [ 998.079994][ T2300] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 998.085728][ T2300] RIP: 0033:0x7f47004ed37c [ 998.089981][ T2300] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 998.109417][ T2300] RSP: 002b:00007f46ff2af160 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 998.117661][ T2300] RAX: ffffffffffffffda RBX: 00007f470065bf80 RCX: 00007f47004ed37c [ 998.125476][ T2300] RDX: 000000000000000f RSI: 00007f46ff2af1e0 RDI: 0000000000000003 08:07:30 executing program 5: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) r2 = fsmount(r1, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r2, 0x80045519, &(0x7f0000000180)=0x100) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(r3, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) read$usbfs(r3, &(0x7f0000000100)=""/81, 0x51) pipe(&(0x7f0000005540)) 08:07:30 executing program 2: timer_create(0x0, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, 0x0) 08:07:30 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x200000c2) 08:07:30 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 8) [ 998.133285][ T2300] RBP: 00007f46ff2af1d0 R08: 0000000000000000 R09: 0000000000000000 [ 998.141096][ T2300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 998.148908][ T2300] R13: 00007ffd4da5a0df R14: 00007f46ff2af300 R15: 0000000000022000 [ 998.156722][ T2300] [ 998.159588][ T2310] CPU: 0 PID: 2310 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 998.167832][ T2310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 998.177731][ T2310] Call Trace: [ 998.180849][ T2310] [ 998.183626][ T2310] dump_stack_lvl+0x151/0x1b7 [ 998.188139][ T2310] ? bfq_pos_tree_add_move+0x43e/0x43e [ 998.193434][ T2310] dump_stack+0x15/0x17 [ 998.197425][ T2310] should_fail+0x3c0/0x510 [ 998.201677][ T2310] ? __vmalloc_node_range+0x2e3/0x800 [ 998.206888][ T2310] __should_failslab+0x9f/0xe0 [ 998.211491][ T2310] should_failslab+0x9/0x20 [ 998.215831][ T2310] __kmalloc+0x6d/0x350 [ 998.219824][ T2310] __vmalloc_node_range+0x2e3/0x800 [ 998.224854][ T2310] dup_task_struct+0x61f/0xa60 [ 998.229452][ T2310] ? copy_process+0x579/0x3250 [ 998.234053][ T2310] ? __kasan_check_write+0x14/0x20 [ 998.238998][ T2310] copy_process+0x579/0x3250 [ 998.243430][ T2310] ? check_stack_object+0xf7/0x130 [ 998.248372][ T2310] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 998.253319][ T2310] ? copy_clone_args_from_user+0x6cf/0x790 [ 998.258961][ T2310] kernel_clone+0x22d/0x990 [ 998.263299][ T2310] ? dup_mmap+0xea0/0xea0 [ 998.267466][ T2310] ? create_io_thread+0x1e0/0x1e0 [ 998.272326][ T2310] ? file_end_write+0x1b0/0x1b0 [ 998.277025][ T2310] __x64_sys_clone3+0x375/0x3a0 [ 998.281707][ T2310] ? __ia32_sys_clone+0x300/0x300 [ 998.286566][ T2310] ? ksys_write+0x25f/0x2c0 [ 998.290906][ T2310] ? debug_smp_processor_id+0x17/0x20 [ 998.296110][ T2310] do_syscall_64+0x44/0xd0 [ 998.300362][ T2310] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 998.306092][ T2310] RIP: 0033:0x7f495fdbc639 [ 998.310344][ T2310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 08:07:30 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 9) 08:07:30 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x2}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 998.329783][ T2310] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 998.338030][ T2310] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 998.345841][ T2310] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 998.353654][ T2310] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 998.361464][ T2310] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 998.369297][ T2310] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 998.377088][ T2310] 08:07:30 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) 08:07:30 executing program 0: connect$bt_sco(0xffffffffffffffff, &(0x7f00000000c0), 0x2) setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000000)={0xc14}, 0x4) ioctl$USBDEVFS_GET_SPEED(0xffffffffffffffff, 0x551f) [ 998.397961][ T2318] FAULT_INJECTION: forcing a failure. [ 998.397961][ T2318] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 998.412730][ T2318] CPU: 1 PID: 2318 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 998.420976][ T2318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 998.430872][ T2318] Call Trace: [ 998.433993][ T2318] [ 998.436775][ T2318] dump_stack_lvl+0x151/0x1b7 [ 998.441283][ T2318] ? bfq_pos_tree_add_move+0x43e/0x43e [ 998.446668][ T2318] dump_stack+0x15/0x17 [ 998.450661][ T2318] should_fail+0x3c0/0x510 [ 998.455014][ T2318] should_fail_alloc_page+0x58/0x70 [ 998.460043][ T2318] __alloc_pages+0x1de/0x7c0 [ 998.464474][ T2318] ? __count_vm_events+0x30/0x30 [ 998.469251][ T2318] ? __kasan_kmalloc+0x9/0x10 [ 998.473755][ T2318] ? __kmalloc+0x203/0x350 [ 998.478016][ T2318] ? __vmalloc_node_range+0x2e3/0x800 [ 998.483220][ T2318] __vmalloc_node_range+0x48f/0x800 [ 998.488253][ T2318] dup_task_struct+0x61f/0xa60 [ 998.492850][ T2318] ? copy_process+0x579/0x3250 [ 998.497459][ T2318] ? __kasan_check_write+0x14/0x20 [ 998.502398][ T2318] copy_process+0x579/0x3250 [ 998.506829][ T2318] ? check_stack_object+0xf7/0x130 [ 998.511777][ T2318] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 998.516719][ T2318] ? copy_clone_args_from_user+0x6cf/0x790 [ 998.522385][ T2318] kernel_clone+0x22d/0x990 [ 998.526705][ T2318] ? dup_mmap+0xea0/0xea0 [ 998.530867][ T2318] ? create_io_thread+0x1e0/0x1e0 [ 998.535727][ T2318] ? file_end_write+0x1b0/0x1b0 [ 998.540418][ T2318] __x64_sys_clone3+0x375/0x3a0 08:07:30 executing program 2: timer_create(0x0, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, 0x0) 08:07:30 executing program 0: connect$bt_sco(0xffffffffffffffff, &(0x7f00000000c0), 0x2) (async, rerun: 32) setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000000)={0xc14}, 0x4) (rerun: 32) ioctl$USBDEVFS_GET_SPEED(0xffffffffffffffff, 0x551f) 08:07:30 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_delete(r0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) 08:07:31 executing program 0: connect$bt_sco(0xffffffffffffffff, &(0x7f00000000c0), 0x2) (async) setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000000)={0xc14}, 0x4) (async) ioctl$USBDEVFS_GET_SPEED(0xffffffffffffffff, 0x551f) 08:07:31 executing program 5: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) r2 = fsmount(r1, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r2, 0x80045519, &(0x7f0000000180)=0x100) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(r3, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) read$usbfs(r3, &(0x7f0000000100)=""/81, 0x51) 08:07:31 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_delete(r0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_delete(r0) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) 08:07:31 executing program 2: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:31 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_sco_SCO_OPTIONS(r1, 0x11, 0x1, &(0x7f0000000140)=""/74, &(0x7f0000000100)=0x4a) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) write$selinux_attr(r0, &(0x7f0000000000)='system_u:object_r:var_lock_t:s0\x00', 0x20) [ 998.545104][ T2318] ? __ia32_sys_clone+0x300/0x300 [ 998.549958][ T2318] ? ksys_write+0x25f/0x2c0 [ 998.554304][ T2318] ? debug_smp_processor_id+0x17/0x20 [ 998.559519][ T2318] do_syscall_64+0x44/0xd0 [ 998.563780][ T2318] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 998.569502][ T2318] RIP: 0033:0x7f495fdbc639 [ 998.573748][ T2318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 998.593185][ T2318] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 998.601433][ T2318] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 998.609241][ T2318] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 998.617055][ T2318] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 998.624863][ T2318] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 998.632699][ T2318] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 08:07:31 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 10) 08:07:31 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x7}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:31 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_delete(r0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_delete(r0) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) 08:07:31 executing program 2: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:31 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_sco_SCO_OPTIONS(r1, 0x11, 0x1, &(0x7f0000000140)=""/74, &(0x7f0000000100)=0x4a) (async) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) write$selinux_attr(r0, &(0x7f0000000000)='system_u:object_r:var_lock_t:s0\x00', 0x20) 08:07:31 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_sco_SCO_OPTIONS(r1, 0x11, 0x1, &(0x7f0000000140)=""/74, &(0x7f0000000100)=0x4a) (async, rerun: 32) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async, rerun: 32) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) write$selinux_attr(r0, &(0x7f0000000000)='system_u:object_r:var_lock_t:s0\x00', 0x20) 08:07:31 executing program 5: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) r2 = fsmount(r1, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r2, 0x80045519, &(0x7f0000000180)=0x100) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(r3, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) [ 998.634529][ T30] audit: type=1400 audit(1668067650.950:145): avc: denied { write } for pid=2343 comm="syz-executor.0" path="socket:[591615]" dev="sockfs" ino=591615 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 998.640486][ T2318] [ 998.676767][ T2360] FAULT_INJECTION: forcing a failure. [ 998.676767][ T2360] name failslab, interval 1, probability 0, space 0, times 0 [ 998.694168][ T2360] CPU: 0 PID: 2360 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 998.702423][ T2360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 998.712316][ T2360] Call Trace: [ 998.715440][ T2360] [ 998.718214][ T2360] dump_stack_lvl+0x151/0x1b7 [ 998.722728][ T2360] ? bfq_pos_tree_add_move+0x43e/0x43e [ 998.728027][ T2360] dump_stack+0x15/0x17 [ 998.732016][ T2360] should_fail+0x3c0/0x510 [ 998.736272][ T2360] __should_failslab+0x9f/0xe0 [ 998.740868][ T2360] should_failslab+0x9/0x20 08:07:31 executing program 1: clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) timer_settime(0x0, 0x1, &(0x7f0000000140)={{0x77359400}, {r0, r1+60000000}}, 0x0) timer_gettime(0x0, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r2) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) timer_settime(r2, 0x0, &(0x7f00000001c0)={{r3, r4+60000000}}, &(0x7f0000000200)) timer_gettime(0x0, &(0x7f0000000240)) setsockopt$bt_rfcomm_RFCOMM_LM(0xffffffffffffffff, 0x12, 0x3, &(0x7f0000000280)=0x2, 0x4) bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000080)={0x27, 0x0, 0x0, 0x2, 0x1, 0x7f, "64bb66745015ccb257d3a9f52d68161c9634aaf3ef155e0e63d3b6f95bc3aa62bea7ef4205062f9e3179a8a216e20537d6fde4e00789f041e7f4948c905942", 0xe}, 0x60) setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000000)={0x4}, 0x4) 08:07:31 executing program 2: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 998.745208][ T2360] kmem_cache_alloc+0x4f/0x2f0 [ 998.749807][ T2360] ? copy_sighand+0x54/0x250 [ 998.754233][ T2360] ? _raw_spin_unlock+0x4d/0x70 [ 998.758925][ T2360] copy_sighand+0x54/0x250 [ 998.763182][ T2360] copy_process+0x123f/0x3250 [ 998.767688][ T2360] ? check_stack_object+0xf7/0x130 [ 998.772639][ T2360] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 998.777584][ T2360] ? copy_clone_args_from_user+0x6cf/0x790 [ 998.783225][ T2360] kernel_clone+0x22d/0x990 [ 998.787568][ T2360] ? dup_mmap+0xea0/0xea0 [ 998.791730][ T2360] ? create_io_thread+0x1e0/0x1e0 08:07:31 executing program 2: syz_clone3(0x0, 0x0) 08:07:31 executing program 2: syz_clone3(0x0, 0x0) 08:07:31 executing program 2: syz_clone3(0x0, 0x0) [ 998.796591][ T2360] ? file_end_write+0x1b0/0x1b0 [ 998.801278][ T2360] __x64_sys_clone3+0x375/0x3a0 [ 998.805969][ T2360] ? __ia32_sys_clone+0x300/0x300 [ 998.810823][ T2360] ? ksys_write+0x25f/0x2c0 [ 998.815165][ T2360] ? debug_smp_processor_id+0x17/0x20 [ 998.820371][ T2360] do_syscall_64+0x44/0xd0 [ 998.824626][ T2360] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 998.830351][ T2360] RIP: 0033:0x7f495fdbc639 [ 998.834609][ T2360] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 998.854138][ T2360] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 998.862380][ T2360] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 998.870190][ T2360] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 998.878083][ T2360] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 998.885898][ T2360] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 08:07:31 executing program 2: syz_clone3(&(0x7f00000029c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:31 executing program 5: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r0}}, 0x58) r1 = fsmount(r0, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r1, 0x80045519, &(0x7f0000000180)=0x100) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(r2, 0x5523) 08:07:31 executing program 0: r0 = request_key(&(0x7f0000000200)='trusted\x00', &(0x7f0000000240)={'syz', 0x2}, &(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0) r1 = request_key(&(0x7f00000002c0)='.request_key_auth\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f0000000340)='\x00', 0xfffffffffffffffc) keyctl$unlink(0x9, r0, r1) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r2, &(0x7f00000000c0), 0x2) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r4 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1d, 0x380) mmap$usbfs(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x4, 0x10010, r4, 0x9bbd) getsockopt$bt_sco_SCO_OPTIONS(r3, 0x11, 0x1, &(0x7f0000000100)=""/200, &(0x7f0000000080)=0xc8) fsmount(0xffffffffffffffff, 0x1, 0x70) ioctl$USBDEVFS_REAPURBNDELAY(r4, 0x4008550d, &(0x7f0000000040)) 08:07:31 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 11) 08:07:31 executing program 1: clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) timer_settime(0x0, 0x1, &(0x7f0000000140)={{0x77359400}, {r0, r1+60000000}}, 0x0) timer_gettime(0x0, &(0x7f0000000040)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r2) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) timer_settime(r2, 0x0, &(0x7f00000001c0)={{r3, r4+60000000}}, &(0x7f0000000200)) timer_gettime(0x0, &(0x7f0000000240)) setsockopt$bt_rfcomm_RFCOMM_LM(0xffffffffffffffff, 0x12, 0x3, &(0x7f0000000280)=0x2, 0x4) bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000080)={0x27, 0x0, 0x0, 0x2, 0x1, 0x7f, "64bb66745015ccb257d3a9f52d68161c9634aaf3ef155e0e63d3b6f95bc3aa62bea7ef4205062f9e3179a8a216e20537d6fde4e00789f041e7f4948c905942", 0xe}, 0x60) setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000000)={0x4}, 0x4) clock_gettime(0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x1, &(0x7f0000000140)={{0x77359400}, {r0, r1+60000000}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000040)) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) (async) timer_delete(r2) (async) clock_gettime(0x0, &(0x7f0000000180)) (async) timer_settime(r2, 0x0, &(0x7f00000001c0)={{r3, r4+60000000}}, &(0x7f0000000200)) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) setsockopt$bt_rfcomm_RFCOMM_LM(0xffffffffffffffff, 0x12, 0x3, &(0x7f0000000280)=0x2, 0x4) (async) bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000080)={0x27, 0x0, 0x0, 0x2, 0x1, 0x7f, "64bb66745015ccb257d3a9f52d68161c9634aaf3ef155e0e63d3b6f95bc3aa62bea7ef4205062f9e3179a8a216e20537d6fde4e00789f041e7f4948c905942", 0xe}, 0x60) (async) setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000000)={0x4}, 0x4) (async) 08:07:31 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x8}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:31 executing program 0: r0 = request_key(&(0x7f0000000200)='trusted\x00', &(0x7f0000000240)={'syz', 0x2}, &(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0) (async) r1 = request_key(&(0x7f00000002c0)='.request_key_auth\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f0000000340)='\x00', 0xfffffffffffffffc) keyctl$unlink(0x9, r0, r1) (async) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r2, &(0x7f00000000c0), 0x2) (async) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) r4 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1d, 0x380) mmap$usbfs(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x4, 0x10010, r4, 0x9bbd) (async) getsockopt$bt_sco_SCO_OPTIONS(r3, 0x11, 0x1, &(0x7f0000000100)=""/200, &(0x7f0000000080)=0xc8) fsmount(0xffffffffffffffff, 0x1, 0x70) ioctl$USBDEVFS_REAPURBNDELAY(r4, 0x4008550d, &(0x7f0000000040)) [ 998.893708][ T2360] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 998.901522][ T2360] 08:07:31 executing program 0: r0 = request_key(&(0x7f0000000200)='trusted\x00', &(0x7f0000000240)={'syz', 0x2}, &(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0) r1 = request_key(&(0x7f00000002c0)='.request_key_auth\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f0000000340)='\x00', 0xfffffffffffffffc) keyctl$unlink(0x9, r0, r1) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r2, &(0x7f00000000c0), 0x2) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r4 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1d, 0x380) mmap$usbfs(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x4, 0x10010, r4, 0x9bbd) getsockopt$bt_sco_SCO_OPTIONS(r3, 0x11, 0x1, &(0x7f0000000100)=""/200, &(0x7f0000000080)=0xc8) fsmount(0xffffffffffffffff, 0x1, 0x70) ioctl$USBDEVFS_REAPURBNDELAY(r4, 0x4008550d, &(0x7f0000000040)) request_key(&(0x7f0000000200)='trusted\x00', &(0x7f0000000240)={'syz', 0x2}, &(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0) (async) request_key(&(0x7f00000002c0)='.request_key_auth\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f0000000340)='\x00', 0xfffffffffffffffc) (async) keyctl$unlink(0x9, r0, r1) (async) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) connect$bt_sco(r2, &(0x7f00000000c0), 0x2) (async) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) syz_open_dev$usbfs(&(0x7f0000000000), 0x1d, 0x380) (async) mmap$usbfs(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x4, 0x10010, r4, 0x9bbd) (async) getsockopt$bt_sco_SCO_OPTIONS(r3, 0x11, 0x1, &(0x7f0000000100)=""/200, &(0x7f0000000080)=0xc8) (async) fsmount(0xffffffffffffffff, 0x1, 0x70) (async) ioctl$USBDEVFS_REAPURBNDELAY(r4, 0x4008550d, &(0x7f0000000040)) (async) 08:07:31 executing program 2: syz_clone3(&(0x7f00000029c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:31 executing program 0: r0 = syz_open_dev$hiddev(&(0x7f0000000000), 0x40, 0x400000) ioctl$HIDIOCGFLAG(r0, 0x8004480e, &(0x7f0000000040)) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r1, &(0x7f00000000c0), 0x2) [ 998.944875][ T2401] FAULT_INJECTION: forcing a failure. [ 998.944875][ T2401] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 998.959311][ T2401] CPU: 0 PID: 2401 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 998.967649][ T2401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 998.977539][ T2401] Call Trace: [ 998.980667][ T2401] [ 998.983441][ T2401] dump_stack_lvl+0x151/0x1b7 [ 998.987958][ T2401] ? bfq_pos_tree_add_move+0x43e/0x43e 08:07:31 executing program 2: syz_clone3(&(0x7f00000029c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:31 executing program 0: r0 = syz_open_dev$hiddev(&(0x7f0000000000), 0x40, 0x400000) ioctl$HIDIOCGFLAG(r0, 0x8004480e, &(0x7f0000000040)) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r1, &(0x7f00000000c0), 0x2) 08:07:31 executing program 0: r0 = syz_open_dev$hiddev(&(0x7f0000000000), 0x40, 0x400000) ioctl$HIDIOCGFLAG(r0, 0x8004480e, &(0x7f0000000040)) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r1, &(0x7f00000000c0), 0x2) syz_open_dev$hiddev(&(0x7f0000000000), 0x40, 0x400000) (async) ioctl$HIDIOCGFLAG(r0, 0x8004480e, &(0x7f0000000040)) (async) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) connect$bt_sco(r1, &(0x7f00000000c0), 0x2) (async) [ 998.993252][ T2401] dump_stack+0x15/0x17 [ 998.997243][ T2401] should_fail+0x3c0/0x510 [ 999.001497][ T2401] should_fail_alloc_page+0x58/0x70 [ 999.006529][ T2401] __alloc_pages+0x1de/0x7c0 [ 999.010955][ T2401] ? __count_vm_events+0x30/0x30 [ 999.015731][ T2401] ? __kasan_kmalloc+0x9/0x10 [ 999.020243][ T2401] ? __kmalloc+0x203/0x350 [ 999.024499][ T2401] ? __vmalloc_node_range+0x2e3/0x800 [ 999.029701][ T2401] __vmalloc_node_range+0x48f/0x800 [ 999.034745][ T2401] dup_task_struct+0x61f/0xa60 [ 999.039335][ T2401] ? copy_process+0x579/0x3250 [ 999.043941][ T2401] ? __kasan_check_write+0x14/0x20 [ 999.048884][ T2401] copy_process+0x579/0x3250 [ 999.053411][ T2401] ? check_stack_object+0xf7/0x130 [ 999.058704][ T2401] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 999.063647][ T2401] ? copy_clone_args_from_user+0x6cf/0x790 [ 999.069296][ T2401] kernel_clone+0x22d/0x990 [ 999.073628][ T2401] ? dup_mmap+0xea0/0xea0 [ 999.077797][ T2401] ? create_io_thread+0x1e0/0x1e0 [ 999.082655][ T2401] ? file_end_write+0x1b0/0x1b0 [ 999.087343][ T2401] __x64_sys_clone3+0x375/0x3a0 [ 999.092028][ T2401] ? __ia32_sys_clone+0x300/0x300 [ 999.096885][ T2401] ? ksys_write+0x25f/0x2c0 [ 999.101225][ T2401] ? debug_smp_processor_id+0x17/0x20 [ 999.106432][ T2401] do_syscall_64+0x44/0xd0 [ 999.110775][ T2401] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 999.116500][ T2401] RIP: 0033:0x7f495fdbc639 [ 999.120754][ T2401] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 08:07:31 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 12) [ 999.140197][ T2401] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 999.148440][ T2401] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 999.156255][ T2401] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 999.164066][ T2401] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 999.171874][ T2401] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 999.179686][ T2401] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 999.187513][ T2401] 08:07:31 executing program 5: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r0}}, 0x58) r1 = fsmount(r0, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r1, 0x80045519, &(0x7f0000000180)=0x100) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) 08:07:31 executing program 1: clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) timer_settime(0x0, 0x1, &(0x7f0000000140)={{0x77359400}, {r0, r1+60000000}}, 0x0) timer_gettime(0x0, &(0x7f0000000040)) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r2) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) timer_settime(r2, 0x0, &(0x7f00000001c0)={{r3, r4+60000000}}, &(0x7f0000000200)) (async) timer_gettime(0x0, &(0x7f0000000240)) setsockopt$bt_rfcomm_RFCOMM_LM(0xffffffffffffffff, 0x12, 0x3, &(0x7f0000000280)=0x2, 0x4) (async) bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000080)={0x27, 0x0, 0x0, 0x2, 0x1, 0x7f, "64bb66745015ccb257d3a9f52d68161c9634aaf3ef155e0e63d3b6f95bc3aa62bea7ef4205062f9e3179a8a216e20537d6fde4e00789f041e7f4948c905942", 0xe}, 0x60) (async) setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000000)={0x4}, 0x4) 08:07:31 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r0, &(0x7f0000000040)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) r1 = fsmount(0xffffffffffffffff, 0x1, 0x6) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000000, 0x8010, r1, 0x0) connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8) 08:07:31 executing program 2: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x7}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:31 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x9}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 999.206942][ T2442] FAULT_INJECTION: forcing a failure. [ 999.206942][ T2442] name failslab, interval 1, probability 0, space 0, times 0 [ 999.219449][ T2442] CPU: 1 PID: 2442 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 999.227605][ T2442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 999.237502][ T2442] Call Trace: [ 999.240621][ T2442] [ 999.243401][ T2442] dump_stack_lvl+0x151/0x1b7 [ 999.247915][ T2442] ? bfq_pos_tree_add_move+0x43e/0x43e [ 999.253209][ T2442] dump_stack+0x15/0x17 08:07:31 executing program 2: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x8}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 999.257200][ T2442] should_fail+0x3c0/0x510 [ 999.261454][ T2442] __should_failslab+0x9f/0xe0 [ 999.266062][ T2442] should_failslab+0x9/0x20 [ 999.270392][ T2442] kmem_cache_alloc+0x4f/0x2f0 [ 999.274993][ T2442] ? dup_mm+0x29/0x330 [ 999.278898][ T2442] dup_mm+0x29/0x330 [ 999.282632][ T2442] copy_mm+0x108/0x1b0 [ 999.286537][ T2442] copy_process+0x1295/0x3250 [ 999.291066][ T2442] ? check_stack_object+0xf7/0x130 [ 999.296008][ T2442] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 999.300948][ T2442] ? copy_clone_args_from_user+0x6cf/0x790 08:07:31 executing program 2: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_sco_SCO_OPTIONS(r1, 0x11, 0x1, &(0x7f0000000140)=""/74, &(0x7f0000000100)=0x4a) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) write$selinux_attr(r0, &(0x7f0000000000)='system_u:object_r:var_lock_t:s0\x00', 0x20) [ 999.306588][ T2442] kernel_clone+0x22d/0x990 [ 999.310929][ T2442] ? dup_mmap+0xea0/0xea0 [ 999.315104][ T2442] ? create_io_thread+0x1e0/0x1e0 [ 999.319960][ T2442] ? file_end_write+0x1b0/0x1b0 [ 999.324640][ T2442] __x64_sys_clone3+0x375/0x3a0 [ 999.329326][ T2442] ? __ia32_sys_clone+0x300/0x300 [ 999.334190][ T2442] ? ksys_write+0x25f/0x2c0 [ 999.338527][ T2442] ? debug_smp_processor_id+0x17/0x20 [ 999.343737][ T2442] do_syscall_64+0x44/0xd0 [ 999.347990][ T2442] entry_SYSCALL_64_after_hwframe+0x61/0xcb 08:07:31 executing program 1: sendmsg$NLBL_CIPSOV4_C_LISTALL(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000040)={&(0x7f0000000280)={0x108, 0x0, 0x400, 0x70bd2a, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_MLSCATLST={0xbc, 0xc, 0x0, 0x1, [{0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xae51}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x106bfb6e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x3c32}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4272}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2936}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe541}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5a215d32}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbfaa}]}, {0x4c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe5b5}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2156e766}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9c16}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xb8c5}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4273a384}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x12ccbcf9}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x47434a56}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x3842}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x230a4f29}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7cee5992}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x86a6}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3a21773f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x43b26e78}]}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}, @NLBL_CIPSOV4_A_MLSLVLLST={0x30, 0x8, 0x0, 0x1, [{0x2c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xdf}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1bfd300a}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xf6}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x6964202c}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x61f8140f}]}]}]}, 0x108}, 0x1, 0x0, 0x0, 0x4000}, 0x40000) timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) 08:07:31 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r0, &(0x7f0000000040)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) (async) r1 = fsmount(0xffffffffffffffff, 0x1, 0x6) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000000, 0x8010, r1, 0x0) connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8) [ 999.353715][ T2442] RIP: 0033:0x7f495fdbc639 [ 999.357969][ T2442] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 999.377411][ T2442] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 999.385652][ T2442] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 999.393477][ T2442] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 08:07:31 executing program 2: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_sco_SCO_OPTIONS(r1, 0x11, 0x1, &(0x7f0000000140)=""/74, &(0x7f0000000100)=0x4a) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) write$selinux_attr(r0, &(0x7f0000000000)='system_u:object_r:var_lock_t:s0\x00', 0x20) 08:07:31 executing program 5: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r0}}, 0x58) r1 = fsmount(r0, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r1, 0x80045519, &(0x7f0000000180)=0x100) pipe(&(0x7f0000005540)) 08:07:32 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 13) 08:07:32 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r0, &(0x7f0000000040)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) r1 = fsmount(0xffffffffffffffff, 0x1, 0x6) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000000, 0x8010, r1, 0x0) (async) connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8) 08:07:32 executing program 1: sendmsg$NLBL_CIPSOV4_C_LISTALL(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000040)={&(0x7f0000000280)={0x108, 0x0, 0x400, 0x70bd2a, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_MLSCATLST={0xbc, 0xc, 0x0, 0x1, [{0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xae51}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x106bfb6e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x3c32}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4272}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2936}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe541}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5a215d32}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbfaa}]}, {0x4c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe5b5}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2156e766}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9c16}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xb8c5}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4273a384}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x12ccbcf9}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x47434a56}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x3842}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x230a4f29}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7cee5992}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x86a6}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3a21773f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x43b26e78}]}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}, @NLBL_CIPSOV4_A_MLSLVLLST={0x30, 0x8, 0x0, 0x1, [{0x2c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xdf}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1bfd300a}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xf6}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x6964202c}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x61f8140f}]}]}]}, 0x108}, 0x1, 0x0, 0x0, 0x4000}, 0x40000) (async) timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) 08:07:32 executing program 2: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_sco_SCO_OPTIONS(r1, 0x11, 0x1, &(0x7f0000000140)=""/74, &(0x7f0000000100)=0x4a) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) write$selinux_attr(r0, &(0x7f0000000000)='system_u:object_r:var_lock_t:s0\x00', 0x20) [ 999.401280][ T2442] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 999.409088][ T2442] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 999.416894][ T2442] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 999.424709][ T2442] 08:07:32 executing program 0: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, 0x0, 0x0) setsockopt$inet6_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000000)={0x7fff}, 0x4) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r4, &(0x7f00000000c0), 0x8) [ 999.469365][ T2477] FAULT_INJECTION: forcing a failure. [ 999.469365][ T2477] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 999.496251][ T2477] CPU: 1 PID: 2477 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 999.504516][ T2477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 999.514401][ T2477] Call Trace: [ 999.517524][ T2477] [ 999.520299][ T2477] dump_stack_lvl+0x151/0x1b7 [ 999.524809][ T2477] ? bfq_pos_tree_add_move+0x43e/0x43e [ 999.530101][ T2477] dump_stack+0x15/0x17 [ 999.534094][ T2477] should_fail+0x3c0/0x510 [ 999.538350][ T2477] should_fail_alloc_page+0x58/0x70 [ 999.543382][ T2477] __alloc_pages+0x1de/0x7c0 [ 999.547808][ T2477] ? __count_vm_events+0x30/0x30 [ 999.552584][ T2477] ? __kasan_kmalloc+0x9/0x10 [ 999.557101][ T2477] ? __kmalloc+0x203/0x350 [ 999.561352][ T2477] ? __vmalloc_node_range+0x2e3/0x800 [ 999.566556][ T2477] __vmalloc_node_range+0x48f/0x800 [ 999.571600][ T2477] dup_task_struct+0x61f/0xa60 [ 999.576190][ T2477] ? copy_process+0x579/0x3250 [ 999.580788][ T2477] ? __kasan_check_write+0x14/0x20 [ 999.585743][ T2477] copy_process+0x579/0x3250 [ 999.590240][ T2477] ? check_stack_object+0xf7/0x130 [ 999.595116][ T2477] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 999.600062][ T2477] ? copy_clone_args_from_user+0x6cf/0x790 [ 999.605706][ T2477] kernel_clone+0x22d/0x990 [ 999.610040][ T2477] ? dup_mmap+0xea0/0xea0 [ 999.614211][ T2477] ? create_io_thread+0x1e0/0x1e0 [ 999.619066][ T2477] ? file_end_write+0x1b0/0x1b0 [ 999.623752][ T2477] __x64_sys_clone3+0x375/0x3a0 [ 999.628446][ T2477] ? __ia32_sys_clone+0x300/0x300 [ 999.633735][ T2477] ? ksys_write+0x25f/0x2c0 [ 999.638074][ T2477] ? debug_smp_processor_id+0x17/0x20 [ 999.643296][ T2477] do_syscall_64+0x44/0xd0 [ 999.647534][ T2477] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 999.653263][ T2477] RIP: 0033:0x7f495fdbc639 [ 999.657516][ T2477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 999.676969][ T2477] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 999.685221][ T2477] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 999.693014][ T2477] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 999.700825][ T2477] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 999.708635][ T2477] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 08:07:32 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x11}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:32 executing program 1: sendmsg$NLBL_CIPSOV4_C_LISTALL(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000040)={&(0x7f0000000280)={0x108, 0x0, 0x400, 0x70bd2a, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_MLSCATLST={0xbc, 0xc, 0x0, 0x1, [{0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xae51}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x106bfb6e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x3c32}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4272}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2936}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe541}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5a215d32}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbfaa}]}, {0x4c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe5b5}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2156e766}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9c16}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xb8c5}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4273a384}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x12ccbcf9}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x47434a56}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x3842}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x230a4f29}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7cee5992}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x86a6}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3a21773f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x43b26e78}]}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}, @NLBL_CIPSOV4_A_MLSLVLLST={0x30, 0x8, 0x0, 0x1, [{0x2c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xdf}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1bfd300a}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xf6}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x6964202c}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x61f8140f}]}]}]}, 0x108}, 0x1, 0x0, 0x0, 0x4000}, 0x40000) timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) sendmsg$NLBL_CIPSOV4_C_LISTALL(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000040)={&(0x7f0000000280)={0x108, 0x0, 0x400, 0x70bd2a, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_MLSCATLST={0xbc, 0xc, 0x0, 0x1, [{0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xae51}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x106bfb6e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x3c32}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4272}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2936}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe541}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5a215d32}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbfaa}]}, {0x4c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe5b5}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2156e766}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9c16}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xb8c5}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4273a384}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x12ccbcf9}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x47434a56}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x3842}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x230a4f29}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7cee5992}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x86a6}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3a21773f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x43b26e78}]}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}, @NLBL_CIPSOV4_A_MLSLVLLST={0x30, 0x8, 0x0, 0x1, [{0x2c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xdf}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1bfd300a}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xf6}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x6964202c}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x61f8140f}]}]}]}, 0x108}, 0x1, 0x0, 0x0, 0x4000}, 0x40000) (async) timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) 08:07:32 executing program 0: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) (async, rerun: 64) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async, rerun: 64) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, 0x0, 0x0) setsockopt$inet6_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000000)={0x7fff}, 0x4) (async) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r4, &(0x7f00000000c0), 0x8) 08:07:32 executing program 2: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_sco_SCO_OPTIONS(r1, 0x11, 0x1, &(0x7f0000000140)=""/74, &(0x7f0000000100)=0x4a) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) write$selinux_attr(r0, &(0x7f0000000000)='system_u:object_r:var_lock_t:s0\x00', 0x20) 08:07:32 executing program 2: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_sco_SCO_OPTIONS(r1, 0x11, 0x1, &(0x7f0000000140)=""/74, &(0x7f0000000100)=0x4a) write$selinux_attr(r0, &(0x7f0000000000)='system_u:object_r:var_lock_t:s0\x00', 0x20) 08:07:32 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 14) [ 999.716446][ T2477] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 999.724266][ T2477] [ 999.776608][ T2507] FAULT_INJECTION: forcing a failure. [ 999.776608][ T2507] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 999.795919][ T2507] CPU: 0 PID: 2507 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 999.804179][ T2507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 999.814076][ T2507] Call Trace: [ 999.817202][ T2507] [ 999.819974][ T2507] dump_stack_lvl+0x151/0x1b7 08:07:32 executing program 5: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r0}}, 0x58) r1 = fsmount(r0, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r1, 0x80045519, &(0x7f0000000180)=0x100) 08:07:32 executing program 2: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) write$selinux_attr(r0, &(0x7f0000000000)='system_u:object_r:var_lock_t:s0\x00', 0x20) 08:07:32 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r2) timer_gettime(r2, &(0x7f0000000000)) timer_delete(r1) timer_gettime(r0, &(0x7f0000000240)) 08:07:32 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r2) timer_gettime(r2, &(0x7f0000000000)) timer_delete(r1) timer_gettime(r0, &(0x7f0000000240)) timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) (async) timer_delete(r0) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) (async) timer_delete(r1) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) (async) timer_delete(r2) (async) timer_gettime(r2, &(0x7f0000000000)) (async) timer_delete(r1) (async) timer_gettime(r0, &(0x7f0000000240)) (async) [ 999.824488][ T2507] ? bfq_pos_tree_add_move+0x43e/0x43e [ 999.829786][ T2507] ? pcpu_block_update_hint_alloc+0x972/0xd00 [ 999.835691][ T2507] dump_stack+0x15/0x17 [ 999.839787][ T2507] should_fail+0x3c0/0x510 [ 999.844041][ T2507] should_fail_alloc_page+0x58/0x70 [ 999.849072][ T2507] __alloc_pages+0x1de/0x7c0 [ 999.853499][ T2507] ? __count_vm_events+0x30/0x30 [ 999.858276][ T2507] __get_free_pages+0xe/0x30 [ 999.862702][ T2507] pgd_alloc+0x22/0x2c0 [ 999.866694][ T2507] mm_init+0x5bf/0x960 [ 999.870596][ T2507] dup_mm+0x7d/0x330 08:07:32 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) (async, rerun: 64) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (rerun: 64) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r2) (async) timer_gettime(r2, &(0x7f0000000000)) (async) timer_delete(r1) timer_gettime(r0, &(0x7f0000000240)) 08:07:32 executing program 2: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) write$selinux_attr(r0, &(0x7f0000000000)='system_u:object_r:var_lock_t:s0\x00', 0x20) [ 999.874332][ T2507] copy_mm+0x108/0x1b0 [ 999.878234][ T2507] copy_process+0x1295/0x3250 [ 999.882748][ T2507] ? check_stack_object+0xf7/0x130 [ 999.887694][ T2507] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 999.892640][ T2507] ? copy_clone_args_from_user+0x6cf/0x790 [ 999.898287][ T2507] kernel_clone+0x22d/0x990 [ 999.902625][ T2507] ? dup_mmap+0xea0/0xea0 [ 999.906789][ T2507] ? create_io_thread+0x1e0/0x1e0 [ 999.911651][ T2507] ? file_end_write+0x1b0/0x1b0 [ 999.916337][ T2507] __x64_sys_clone3+0x375/0x3a0 [ 999.921023][ T2507] ? __ia32_sys_clone+0x300/0x300 [ 999.925882][ T2507] ? ksys_write+0x25f/0x2c0 [ 999.930222][ T2507] ? debug_smp_processor_id+0x17/0x20 [ 999.935429][ T2507] do_syscall_64+0x44/0xd0 [ 999.939682][ T2507] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 999.945410][ T2507] RIP: 0033:0x7f495fdbc639 [ 999.949670][ T2507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 999.969101][ T2507] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 08:07:32 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x700}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:32 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) timer_create(0x6, &(0x7f00000000c0)={0x0, 0x10, 0x2, @thr={&(0x7f0000000000)="21832b6fe6091ada3846045a32fbd497e5df4c194690f46b2fb1dc4a49502c14d0246a440c3779b7efebbeea0d6b655bac0ee3b8bb0575ef1469e198d01301d3fe1632be17523bc93eb5ac2781f61354895e20cbf1b47c814f4f20c723f50584706f7205da5587ba4b4fa87a4aec2e04032d6a95a729803ae5e432d75f252c7b3df083076ce2f517657f6716ccaee9d5a79d8e4bde0ca32725757ef4fa81ead41c37aa9f9e859282f3", &(0x7f0000000280)="5b194cb52046c40bae118d6be012a868278840638083e46c403c5e4d1befed43d6c49f8a58eb1f74367bd76013e60a7907eb7e9ffe7082f3c989a63f30370b5fafbcdddc215f5e1c5312581fdef085dbe1b701a1b4d7c52248595b677af4b40d5f5c6a13fabed027cbedbec517bb48e6b03fcd91e229eacb314c438d23638fb39f18154a9b30300bb8f00ec4cd1544ae93b31b94d50c95e1a5f61bec0ba8c0be7366734ce00e4a8a6ce9332a67ff7be7d27f0b7435396711ed9bde3435979384512890c59d120c04b626edfcae6d752720140ded33ee4cb4c01d44be00719e83405f4a"}}, &(0x7f0000000180)=0x0) timer_gettime(r2, &(0x7f00000001c0)) ioctl$USBDEVFS_GET_SPEED(r1, 0x551f) ioctl$HIDIOCGUSAGES(r0, 0xd01c4813, &(0x7f0000000380)={{0x2, 0x100, 0x7fff, 0x4, 0x6, 0x94}, 0xf6, [0x5, 0x0, 0x1, 0x5, 0x1, 0xffffffff, 0x6, 0x3, 0x99, 0xfff, 0x4, 0x7, 0xfffffc01, 0x8, 0x4, 0xed82, 0x43dc, 0x2, 0x4, 0xfffffea5, 0x9, 0x6, 0x630, 0x8001, 0x1, 0x7, 0x1, 0x9, 0x80000001, 0x959, 0x6, 0xffff, 0x1f, 0x80000001, 0x9, 0x0, 0x9, 0x0, 0xa7b6, 0x1, 0x8, 0x0, 0x6, 0x5, 0xffff0000, 0x401, 0x6, 0x3, 0x1, 0x2, 0x8, 0x7, 0x0, 0x7, 0xdee, 0x6, 0x7ff, 0x4, 0x5, 0x1, 0x3, 0x4, 0x1, 0x10000, 0x4, 0x101, 0x6, 0xffffffff, 0xffffffc1, 0x0, 0x9, 0x1000, 0xa8, 0x10000, 0x3, 0x7f, 0xffffffff, 0x3, 0x173000, 0x81, 0x6, 0x8000, 0x0, 0x200, 0xc9, 0x300000, 0x0, 0xff, 0x10000, 0x101, 0xfe14, 0xfffffff7, 0x80000000, 0x7f, 0x8, 0x401, 0x53f7, 0x952d, 0x3, 0x9, 0x1f, 0x5, 0xfffffff8, 0x1, 0x36, 0x800, 0x1, 0x5cf, 0xa732, 0x80000000, 0xf1f, 0x7, 0x6, 0x100, 0x8, 0x9, 0x10000, 0x1, 0x1, 0xe14, 0x2d, 0x8, 0x1c000, 0x40, 0x69, 0xf4cf, 0x9, 0xffff8000, 0x9, 0x5, 0x2a8, 0x10001, 0x0, 0xe557, 0x10001, 0x1ff, 0x7fff, 0x0, 0x80, 0x2, 0x7, 0x1, 0x8, 0xffffffff, 0x3, 0x0, 0x40, 0x3, 0x3, 0xc77, 0x6eb, 0x1, 0x100, 0x0, 0x1, 0x8, 0x6, 0x4, 0x4, 0xffffffde, 0x1, 0x9, 0x6, 0x7, 0xfffffffc, 0x1, 0x4, 0x7, 0x80, 0x0, 0x3ff, 0x4, 0x6, 0xfffffffc, 0x7f, 0xfa, 0xcd5b, 0x7, 0x0, 0xffffffff, 0xf13, 0x1f, 0x80000000, 0x9, 0x524, 0x20, 0x9, 0x7, 0x7ff, 0x40, 0x7, 0x6, 0x6, 0x2, 0x6, 0x5, 0x1f, 0x0, 0x7, 0x10000, 0x1, 0x1, 0xda, 0x1000, 0x80000000, 0x7, 0x0, 0xa4, 0x2000, 0xffffffff, 0x101, 0x0, 0xa018, 0x7ff, 0x5, 0x81, 0x5c5d, 0x5, 0x1, 0x3ff, 0x1, 0xc9a8, 0x3e, 0x1f, 0x4c25, 0x1, 0x2, 0x1, 0x62f, 0x2, 0xea7, 0x200, 0x10000, 0x9, 0x3, 0x4, 0x6, 0x81, 0x800, 0xe0000, 0x3f, 0x401, 0x6, 0xaa6, 0x9299, 0x5, 0x286b2ed, 0xf9cd, 0x80000001, 0xcfa, 0x6, 0x80000000, 0x6, 0x2, 0x278a, 0x0, 0x3, 0x7fffffff, 0x9, 0x2, 0x800, 0x1f, 0x8, 0xfffffffa, 0x1, 0x924, 0x8, 0x3, 0x8, 0x3ff, 0x80000001, 0x200, 0x3, 0x2787, 0x7f, 0x9, 0x1000, 0x80000001, 0x9, 0x101, 0x68, 0x0, 0x5, 0x101, 0x7f, 0x7, 0x8, 0x6, 0x2, 0xffffffff, 0x0, 0x2, 0x100, 0x7d4, 0x8, 0x3f, 0x1, 0xd6, 0x26, 0x1, 0x2, 0x2, 0x5, 0x200, 0x4, 0x100, 0x8000, 0x6, 0x10000, 0x2, 0x3, 0x400, 0x20, 0x7fff, 0x0, 0x7, 0xfffffc00, 0x8000, 0x401, 0x9, 0x20, 0x20000000, 0xf0, 0x10000, 0x5, 0x10000, 0x0, 0xfffffff7, 0x2, 0x4, 0xd1, 0x80000001, 0x7, 0x2, 0x9, 0x10000, 0x4417cccf, 0xe3, 0x397, 0x7ff, 0x80, 0x3, 0x1ff, 0x8, 0x401, 0x7, 0x7fff, 0x83a, 0x4, 0xffff8001, 0x2, 0x7, 0x7fff, 0x2, 0xaf0, 0x8, 0xfe, 0xffffff2b, 0x1, 0x8224, 0x6263, 0xec, 0x3, 0x1, 0x8, 0x8, 0x9, 0x1, 0x3ff, 0x1d, 0x4, 0x7, 0x4, 0x3, 0x45b3a5ab, 0x0, 0x4, 0xfffffff8, 0x1, 0x7ff0000, 0x20, 0x1f, 0x6, 0x5, 0x1, 0x9, 0x3, 0x7, 0x1, 0x2, 0x40, 0x3243, 0x0, 0x1, 0x6, 0xffff, 0x6, 0x3, 0x7, 0x3, 0x7, 0x7fff, 0xffffffff, 0x8, 0xfffffffa, 0x4, 0x3, 0x4a4, 0x4, 0xff, 0x40, 0x8000, 0x1f2c755a, 0x9, 0x7, 0x7, 0x6, 0x349, 0x5, 0x3f, 0x9f22, 0x8, 0x6, 0x3, 0xa4, 0x9, 0x2, 0xb667, 0x4404, 0x6, 0x5e, 0x8d, 0x9, 0x1, 0x5, 0x80, 0x4, 0x5, 0x1, 0x8a, 0x5, 0xfff, 0x284a, 0x5, 0xfffffffe, 0x9, 0x9, 0x6, 0x1, 0x3, 0x1000, 0x400, 0x2, 0xde4, 0x0, 0x3ff, 0xb9cf, 0x0, 0x3, 0xb59, 0x3, 0x3bc2, 0x7, 0x6, 0x7f, 0x800, 0xd, 0x881, 0x9, 0x2, 0x2, 0x80000001, 0x20, 0x8, 0x9, 0xffffffff, 0x0, 0x3, 0x401, 0xf24a, 0x33, 0x5, 0x6, 0x1, 0x2, 0x80000000, 0x3e, 0x3, 0x8, 0x53d, 0x500000, 0x4, 0x8af5, 0x5, 0x9, 0x0, 0x5, 0x2, 0x1000, 0x0, 0x9, 0x80000000, 0x5f91, 0x8, 0xeead, 0x7, 0x800, 0xfffff800, 0x2, 0x4, 0x800, 0x7, 0x8, 0x4, 0x400, 0xfffff800, 0x2, 0x97a, 0x13e8, 0x9, 0x5, 0xe7e, 0x8, 0x2, 0x4, 0x5, 0x8001, 0x9, 0x0, 0x4, 0x80000001, 0x5, 0x7, 0x101, 0x8, 0x7ff, 0x5, 0x6, 0x7ff, 0x8, 0x8d, 0x8000, 0x42c, 0xffff, 0x9, 0x1000, 0x9, 0xab4f, 0xffffffff, 0xc9d, 0x0, 0xfff, 0x4, 0x100, 0x6, 0x3, 0xfffffff8, 0x401, 0x958b, 0x3f, 0x800, 0x1, 0x8, 0x2, 0x7, 0x8, 0x5, 0xea, 0x9, 0xffff6b38, 0x7fffffff, 0x4784, 0x7fffffff, 0x0, 0xffff, 0x2, 0x8, 0x101, 0xfffffffd, 0x9, 0x6, 0x1f, 0x7, 0x6, 0x1f, 0xf82e05, 0x4, 0xfffffff7, 0x5, 0x6, 0x40, 0x7, 0x5, 0x1, 0x9c9, 0x3, 0x101, 0x1, 0xffffffff, 0x3, 0x200, 0x2, 0x7, 0x8, 0x1, 0xfffffff7, 0xdf, 0x6, 0x9, 0x3, 0x2, 0x7, 0x77c, 0x20, 0x2, 0x10000, 0x310, 0x1, 0x8, 0xe19a, 0x5, 0x800, 0x2, 0x800100, 0xb0, 0x6, 0x0, 0x45, 0x1, 0xffffffe1, 0x2, 0x3ff, 0x3, 0x9, 0x1, 0x6, 0x5, 0x100, 0x7, 0x0, 0x6, 0x9e6, 0x5, 0xb6, 0x7a, 0x9, 0x2, 0x20, 0x401, 0x2, 0x1, 0x0, 0x7, 0x200, 0x3, 0x7, 0x8, 0x5, 0x1, 0x7, 0x5, 0x1000, 0x0, 0x5, 0x80000001, 0x0, 0x7, 0x7ff, 0x2e48, 0xfffffff8, 0x8, 0x4, 0x54, 0x80000001, 0x8, 0x9, 0x4, 0xe1, 0xfe1c, 0x5, 0x10000, 0x0, 0x7, 0x10001, 0x63a, 0x7497ba66, 0x5, 0x0, 0x5, 0x9, 0x3, 0x7, 0x5, 0x4, 0xfffffffb, 0x8, 0x0, 0x1f, 0x7000, 0x2, 0x5, 0xffffffff, 0xfffffffb, 0xa8, 0x69fa01ef, 0x6856, 0xcd91, 0xfffffff9, 0x800, 0x0, 0x6, 0x7, 0x1f, 0x3f, 0x7, 0x3c, 0x200, 0x3, 0x5, 0x6, 0xfffffffc, 0x8a26, 0x28d3, 0xfffffff7, 0x2, 0x80000000, 0x5, 0x7, 0x5, 0xffffffff, 0xfffffe01, 0x3f, 0x3, 0x1, 0x401, 0x6e, 0x3, 0x200, 0x6, 0x3, 0x1d45, 0xe5, 0x4, 0x4, 0x7, 0x2b1, 0x9, 0xffff, 0x7fffffff, 0x1f, 0x1, 0x9, 0x200, 0x400, 0xfff, 0xffffffff, 0x0, 0x5, 0x10000, 0xfffffffb, 0x3f, 0x0, 0x3, 0xcd, 0x9, 0xe0000, 0x5, 0x4, 0x6, 0x3, 0x2, 0xff, 0xfffffffe, 0x7, 0x2, 0x0, 0x0, 0x2, 0x4, 0x1, 0x8001, 0x4, 0x6, 0xa48, 0x8d, 0x4, 0xde, 0x9, 0x0, 0xffff, 0x8, 0x80, 0x1ce, 0x9, 0x9ba, 0xfffffffa, 0x9, 0x6, 0x401, 0x8, 0x200, 0x8000, 0x7f, 0x1, 0x4, 0xc225, 0x3ff, 0x1, 0xc3, 0x57, 0x5, 0x0, 0x20, 0x9, 0x6, 0xcf, 0xff, 0x2, 0xffff, 0x2, 0x9, 0x6, 0x4, 0xffff, 0xfff, 0x80000001, 0x200, 0x5, 0x2, 0x8000, 0x401, 0x9, 0x7fffffff, 0x5, 0x1, 0x4, 0x7ff, 0x7, 0x3f9f, 0x6, 0x0, 0x3, 0x7ff, 0xca, 0xd28, 0x2, 0x400, 0x100, 0xffff, 0x1, 0x8, 0x3, 0xdba0, 0x2, 0x2, 0x3f8, 0x8, 0x7f, 0x100, 0x8000, 0xf8c, 0x0, 0xf1, 0x9, 0x1, 0x6ef98c3d, 0x0, 0x1, 0x5, 0x9, 0x10001, 0x8, 0x0, 0x0, 0x8000, 0xe0000, 0x1c, 0x9, 0xe3, 0x0, 0x5, 0x40, 0x7, 0xfffffff7, 0x7fff, 0x8, 0x10000, 0x5, 0x6, 0x90e4e6f7, 0x4, 0x8000, 0x277, 0x0, 0x81, 0xa587, 0x1, 0x1, 0xfffffffa, 0x2, 0x9, 0x2, 0x3, 0x3, 0x0, 0x3, 0x9, 0x7, 0x1, 0x9, 0x4, 0x20, 0x8, 0x1, 0x3ff, 0x7f, 0xfffffffd, 0x8001, 0x2, 0x5b, 0x3, 0x40, 0x5, 0x9, 0x7ff, 0x5b3, 0x800, 0x3ebb9c3a, 0x7, 0x9, 0x4, 0x8001, 0x9, 0x657, 0x800, 0x800, 0x72, 0xfffffffd, 0x8, 0x8001, 0x7, 0x1, 0x0, 0x20, 0x8001, 0x2, 0x357, 0x7ff, 0x4, 0x176, 0x2, 0x6, 0x6d2, 0x4, 0x0, 0x6, 0x1, 0x200, 0x53158167, 0x22, 0x6, 0x25, 0xfff, 0x70f, 0x3, 0x8, 0x4, 0x3, 0x7fff, 0x1f, 0x10001, 0x1, 0xffff, 0xb09e, 0x6, 0x6, 0x6, 0x5, 0x80, 0x0, 0x6, 0x3, 0x80000001, 0xdc, 0x7, 0xffff1071, 0x81, 0x0, 0x93, 0xffffffff, 0x10000, 0xc5, 0xffff7fff, 0xbb9f, 0x2, 0x8d, 0x0, 0xfffffbff, 0x3, 0x8, 0x56fae13b, 0x2, 0x3ff, 0x5, 0x10001, 0x2, 0x1, 0x0, 0x43, 0x5, 0xffffffe0, 0x8001, 0x0, 0x7, 0xf281, 0x6, 0xffff939c, 0x2, 0x3, 0x4, 0x1ff, 0x0, 0xffff, 0x2]}) timer_gettime(0x0, &(0x7f0000000240)) 08:07:32 executing program 0: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) (async, rerun: 64) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (rerun: 64) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, 0x0, 0x0) setsockopt$inet6_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000000)={0x7fff}, 0x4) (async) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r4, &(0x7f00000000c0), 0x8) 08:07:32 executing program 2: write$selinux_attr(0xffffffffffffffff, &(0x7f0000000000)='system_u:object_r:var_lock_t:s0\x00', 0x20) 08:07:32 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 15) [ 999.977347][ T2507] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 999.985157][ T2507] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 999.992969][ T2507] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1000.000780][ T2507] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1000.008590][ T2507] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1000.016413][ T2507] 08:07:32 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) (async) timer_create(0x6, &(0x7f00000000c0)={0x0, 0x10, 0x2, @thr={&(0x7f0000000000)="21832b6fe6091ada3846045a32fbd497e5df4c194690f46b2fb1dc4a49502c14d0246a440c3779b7efebbeea0d6b655bac0ee3b8bb0575ef1469e198d01301d3fe1632be17523bc93eb5ac2781f61354895e20cbf1b47c814f4f20c723f50584706f7205da5587ba4b4fa87a4aec2e04032d6a95a729803ae5e432d75f252c7b3df083076ce2f517657f6716ccaee9d5a79d8e4bde0ca32725757ef4fa81ead41c37aa9f9e859282f3", &(0x7f0000000280)="5b194cb52046c40bae118d6be012a868278840638083e46c403c5e4d1befed43d6c49f8a58eb1f74367bd76013e60a7907eb7e9ffe7082f3c989a63f30370b5fafbcdddc215f5e1c5312581fdef085dbe1b701a1b4d7c52248595b677af4b40d5f5c6a13fabed027cbedbec517bb48e6b03fcd91e229eacb314c438d23638fb39f18154a9b30300bb8f00ec4cd1544ae93b31b94d50c95e1a5f61bec0ba8c0be7366734ce00e4a8a6ce9332a67ff7be7d27f0b7435396711ed9bde3435979384512890c59d120c04b626edfcae6d752720140ded33ee4cb4c01d44be00719e83405f4a"}}, &(0x7f0000000180)=0x0) timer_gettime(r2, &(0x7f00000001c0)) (async) ioctl$USBDEVFS_GET_SPEED(r1, 0x551f) (async) ioctl$HIDIOCGUSAGES(r0, 0xd01c4813, &(0x7f0000000380)={{0x2, 0x100, 0x7fff, 0x4, 0x6, 0x94}, 0xf6, [0x5, 0x0, 0x1, 0x5, 0x1, 0xffffffff, 0x6, 0x3, 0x99, 0xfff, 0x4, 0x7, 0xfffffc01, 0x8, 0x4, 0xed82, 0x43dc, 0x2, 0x4, 0xfffffea5, 0x9, 0x6, 0x630, 0x8001, 0x1, 0x7, 0x1, 0x9, 0x80000001, 0x959, 0x6, 0xffff, 0x1f, 0x80000001, 0x9, 0x0, 0x9, 0x0, 0xa7b6, 0x1, 0x8, 0x0, 0x6, 0x5, 0xffff0000, 0x401, 0x6, 0x3, 0x1, 0x2, 0x8, 0x7, 0x0, 0x7, 0xdee, 0x6, 0x7ff, 0x4, 0x5, 0x1, 0x3, 0x4, 0x1, 0x10000, 0x4, 0x101, 0x6, 0xffffffff, 0xffffffc1, 0x0, 0x9, 0x1000, 0xa8, 0x10000, 0x3, 0x7f, 0xffffffff, 0x3, 0x173000, 0x81, 0x6, 0x8000, 0x0, 0x200, 0xc9, 0x300000, 0x0, 0xff, 0x10000, 0x101, 0xfe14, 0xfffffff7, 0x80000000, 0x7f, 0x8, 0x401, 0x53f7, 0x952d, 0x3, 0x9, 0x1f, 0x5, 0xfffffff8, 0x1, 0x36, 0x800, 0x1, 0x5cf, 0xa732, 0x80000000, 0xf1f, 0x7, 0x6, 0x100, 0x8, 0x9, 0x10000, 0x1, 0x1, 0xe14, 0x2d, 0x8, 0x1c000, 0x40, 0x69, 0xf4cf, 0x9, 0xffff8000, 0x9, 0x5, 0x2a8, 0x10001, 0x0, 0xe557, 0x10001, 0x1ff, 0x7fff, 0x0, 0x80, 0x2, 0x7, 0x1, 0x8, 0xffffffff, 0x3, 0x0, 0x40, 0x3, 0x3, 0xc77, 0x6eb, 0x1, 0x100, 0x0, 0x1, 0x8, 0x6, 0x4, 0x4, 0xffffffde, 0x1, 0x9, 0x6, 0x7, 0xfffffffc, 0x1, 0x4, 0x7, 0x80, 0x0, 0x3ff, 0x4, 0x6, 0xfffffffc, 0x7f, 0xfa, 0xcd5b, 0x7, 0x0, 0xffffffff, 0xf13, 0x1f, 0x80000000, 0x9, 0x524, 0x20, 0x9, 0x7, 0x7ff, 0x40, 0x7, 0x6, 0x6, 0x2, 0x6, 0x5, 0x1f, 0x0, 0x7, 0x10000, 0x1, 0x1, 0xda, 0x1000, 0x80000000, 0x7, 0x0, 0xa4, 0x2000, 0xffffffff, 0x101, 0x0, 0xa018, 0x7ff, 0x5, 0x81, 0x5c5d, 0x5, 0x1, 0x3ff, 0x1, 0xc9a8, 0x3e, 0x1f, 0x4c25, 0x1, 0x2, 0x1, 0x62f, 0x2, 0xea7, 0x200, 0x10000, 0x9, 0x3, 0x4, 0x6, 0x81, 0x800, 0xe0000, 0x3f, 0x401, 0x6, 0xaa6, 0x9299, 0x5, 0x286b2ed, 0xf9cd, 0x80000001, 0xcfa, 0x6, 0x80000000, 0x6, 0x2, 0x278a, 0x0, 0x3, 0x7fffffff, 0x9, 0x2, 0x800, 0x1f, 0x8, 0xfffffffa, 0x1, 0x924, 0x8, 0x3, 0x8, 0x3ff, 0x80000001, 0x200, 0x3, 0x2787, 0x7f, 0x9, 0x1000, 0x80000001, 0x9, 0x101, 0x68, 0x0, 0x5, 0x101, 0x7f, 0x7, 0x8, 0x6, 0x2, 0xffffffff, 0x0, 0x2, 0x100, 0x7d4, 0x8, 0x3f, 0x1, 0xd6, 0x26, 0x1, 0x2, 0x2, 0x5, 0x200, 0x4, 0x100, 0x8000, 0x6, 0x10000, 0x2, 0x3, 0x400, 0x20, 0x7fff, 0x0, 0x7, 0xfffffc00, 0x8000, 0x401, 0x9, 0x20, 0x20000000, 0xf0, 0x10000, 0x5, 0x10000, 0x0, 0xfffffff7, 0x2, 0x4, 0xd1, 0x80000001, 0x7, 0x2, 0x9, 0x10000, 0x4417cccf, 0xe3, 0x397, 0x7ff, 0x80, 0x3, 0x1ff, 0x8, 0x401, 0x7, 0x7fff, 0x83a, 0x4, 0xffff8001, 0x2, 0x7, 0x7fff, 0x2, 0xaf0, 0x8, 0xfe, 0xffffff2b, 0x1, 0x8224, 0x6263, 0xec, 0x3, 0x1, 0x8, 0x8, 0x9, 0x1, 0x3ff, 0x1d, 0x4, 0x7, 0x4, 0x3, 0x45b3a5ab, 0x0, 0x4, 0xfffffff8, 0x1, 0x7ff0000, 0x20, 0x1f, 0x6, 0x5, 0x1, 0x9, 0x3, 0x7, 0x1, 0x2, 0x40, 0x3243, 0x0, 0x1, 0x6, 0xffff, 0x6, 0x3, 0x7, 0x3, 0x7, 0x7fff, 0xffffffff, 0x8, 0xfffffffa, 0x4, 0x3, 0x4a4, 0x4, 0xff, 0x40, 0x8000, 0x1f2c755a, 0x9, 0x7, 0x7, 0x6, 0x349, 0x5, 0x3f, 0x9f22, 0x8, 0x6, 0x3, 0xa4, 0x9, 0x2, 0xb667, 0x4404, 0x6, 0x5e, 0x8d, 0x9, 0x1, 0x5, 0x80, 0x4, 0x5, 0x1, 0x8a, 0x5, 0xfff, 0x284a, 0x5, 0xfffffffe, 0x9, 0x9, 0x6, 0x1, 0x3, 0x1000, 0x400, 0x2, 0xde4, 0x0, 0x3ff, 0xb9cf, 0x0, 0x3, 0xb59, 0x3, 0x3bc2, 0x7, 0x6, 0x7f, 0x800, 0xd, 0x881, 0x9, 0x2, 0x2, 0x80000001, 0x20, 0x8, 0x9, 0xffffffff, 0x0, 0x3, 0x401, 0xf24a, 0x33, 0x5, 0x6, 0x1, 0x2, 0x80000000, 0x3e, 0x3, 0x8, 0x53d, 0x500000, 0x4, 0x8af5, 0x5, 0x9, 0x0, 0x5, 0x2, 0x1000, 0x0, 0x9, 0x80000000, 0x5f91, 0x8, 0xeead, 0x7, 0x800, 0xfffff800, 0x2, 0x4, 0x800, 0x7, 0x8, 0x4, 0x400, 0xfffff800, 0x2, 0x97a, 0x13e8, 0x9, 0x5, 0xe7e, 0x8, 0x2, 0x4, 0x5, 0x8001, 0x9, 0x0, 0x4, 0x80000001, 0x5, 0x7, 0x101, 0x8, 0x7ff, 0x5, 0x6, 0x7ff, 0x8, 0x8d, 0x8000, 0x42c, 0xffff, 0x9, 0x1000, 0x9, 0xab4f, 0xffffffff, 0xc9d, 0x0, 0xfff, 0x4, 0x100, 0x6, 0x3, 0xfffffff8, 0x401, 0x958b, 0x3f, 0x800, 0x1, 0x8, 0x2, 0x7, 0x8, 0x5, 0xea, 0x9, 0xffff6b38, 0x7fffffff, 0x4784, 0x7fffffff, 0x0, 0xffff, 0x2, 0x8, 0x101, 0xfffffffd, 0x9, 0x6, 0x1f, 0x7, 0x6, 0x1f, 0xf82e05, 0x4, 0xfffffff7, 0x5, 0x6, 0x40, 0x7, 0x5, 0x1, 0x9c9, 0x3, 0x101, 0x1, 0xffffffff, 0x3, 0x200, 0x2, 0x7, 0x8, 0x1, 0xfffffff7, 0xdf, 0x6, 0x9, 0x3, 0x2, 0x7, 0x77c, 0x20, 0x2, 0x10000, 0x310, 0x1, 0x8, 0xe19a, 0x5, 0x800, 0x2, 0x800100, 0xb0, 0x6, 0x0, 0x45, 0x1, 0xffffffe1, 0x2, 0x3ff, 0x3, 0x9, 0x1, 0x6, 0x5, 0x100, 0x7, 0x0, 0x6, 0x9e6, 0x5, 0xb6, 0x7a, 0x9, 0x2, 0x20, 0x401, 0x2, 0x1, 0x0, 0x7, 0x200, 0x3, 0x7, 0x8, 0x5, 0x1, 0x7, 0x5, 0x1000, 0x0, 0x5, 0x80000001, 0x0, 0x7, 0x7ff, 0x2e48, 0xfffffff8, 0x8, 0x4, 0x54, 0x80000001, 0x8, 0x9, 0x4, 0xe1, 0xfe1c, 0x5, 0x10000, 0x0, 0x7, 0x10001, 0x63a, 0x7497ba66, 0x5, 0x0, 0x5, 0x9, 0x3, 0x7, 0x5, 0x4, 0xfffffffb, 0x8, 0x0, 0x1f, 0x7000, 0x2, 0x5, 0xffffffff, 0xfffffffb, 0xa8, 0x69fa01ef, 0x6856, 0xcd91, 0xfffffff9, 0x800, 0x0, 0x6, 0x7, 0x1f, 0x3f, 0x7, 0x3c, 0x200, 0x3, 0x5, 0x6, 0xfffffffc, 0x8a26, 0x28d3, 0xfffffff7, 0x2, 0x80000000, 0x5, 0x7, 0x5, 0xffffffff, 0xfffffe01, 0x3f, 0x3, 0x1, 0x401, 0x6e, 0x3, 0x200, 0x6, 0x3, 0x1d45, 0xe5, 0x4, 0x4, 0x7, 0x2b1, 0x9, 0xffff, 0x7fffffff, 0x1f, 0x1, 0x9, 0x200, 0x400, 0xfff, 0xffffffff, 0x0, 0x5, 0x10000, 0xfffffffb, 0x3f, 0x0, 0x3, 0xcd, 0x9, 0xe0000, 0x5, 0x4, 0x6, 0x3, 0x2, 0xff, 0xfffffffe, 0x7, 0x2, 0x0, 0x0, 0x2, 0x4, 0x1, 0x8001, 0x4, 0x6, 0xa48, 0x8d, 0x4, 0xde, 0x9, 0x0, 0xffff, 0x8, 0x80, 0x1ce, 0x9, 0x9ba, 0xfffffffa, 0x9, 0x6, 0x401, 0x8, 0x200, 0x8000, 0x7f, 0x1, 0x4, 0xc225, 0x3ff, 0x1, 0xc3, 0x57, 0x5, 0x0, 0x20, 0x9, 0x6, 0xcf, 0xff, 0x2, 0xffff, 0x2, 0x9, 0x6, 0x4, 0xffff, 0xfff, 0x80000001, 0x200, 0x5, 0x2, 0x8000, 0x401, 0x9, 0x7fffffff, 0x5, 0x1, 0x4, 0x7ff, 0x7, 0x3f9f, 0x6, 0x0, 0x3, 0x7ff, 0xca, 0xd28, 0x2, 0x400, 0x100, 0xffff, 0x1, 0x8, 0x3, 0xdba0, 0x2, 0x2, 0x3f8, 0x8, 0x7f, 0x100, 0x8000, 0xf8c, 0x0, 0xf1, 0x9, 0x1, 0x6ef98c3d, 0x0, 0x1, 0x5, 0x9, 0x10001, 0x8, 0x0, 0x0, 0x8000, 0xe0000, 0x1c, 0x9, 0xe3, 0x0, 0x5, 0x40, 0x7, 0xfffffff7, 0x7fff, 0x8, 0x10000, 0x5, 0x6, 0x90e4e6f7, 0x4, 0x8000, 0x277, 0x0, 0x81, 0xa587, 0x1, 0x1, 0xfffffffa, 0x2, 0x9, 0x2, 0x3, 0x3, 0x0, 0x3, 0x9, 0x7, 0x1, 0x9, 0x4, 0x20, 0x8, 0x1, 0x3ff, 0x7f, 0xfffffffd, 0x8001, 0x2, 0x5b, 0x3, 0x40, 0x5, 0x9, 0x7ff, 0x5b3, 0x800, 0x3ebb9c3a, 0x7, 0x9, 0x4, 0x8001, 0x9, 0x657, 0x800, 0x800, 0x72, 0xfffffffd, 0x8, 0x8001, 0x7, 0x1, 0x0, 0x20, 0x8001, 0x2, 0x357, 0x7ff, 0x4, 0x176, 0x2, 0x6, 0x6d2, 0x4, 0x0, 0x6, 0x1, 0x200, 0x53158167, 0x22, 0x6, 0x25, 0xfff, 0x70f, 0x3, 0x8, 0x4, 0x3, 0x7fff, 0x1f, 0x10001, 0x1, 0xffff, 0xb09e, 0x6, 0x6, 0x6, 0x5, 0x80, 0x0, 0x6, 0x3, 0x80000001, 0xdc, 0x7, 0xffff1071, 0x81, 0x0, 0x93, 0xffffffff, 0x10000, 0xc5, 0xffff7fff, 0xbb9f, 0x2, 0x8d, 0x0, 0xfffffbff, 0x3, 0x8, 0x56fae13b, 0x2, 0x3ff, 0x5, 0x10001, 0x2, 0x1, 0x0, 0x43, 0x5, 0xffffffe0, 0x8001, 0x0, 0x7, 0xf281, 0x6, 0xffff939c, 0x2, 0x3, 0x4, 0x1ff, 0x0, 0xffff, 0x2]}) (async) timer_gettime(0x0, &(0x7f0000000240)) 08:07:32 executing program 5: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r0}}, 0x58) fsmount(r0, 0x0, 0x2) 08:07:32 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x900}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:32 executing program 2: write$selinux_attr(0xffffffffffffffff, &(0x7f0000000000)='system_u:object_r:var_lock_t:s0\x00', 0x20) [ 1000.050179][ T2543] FAULT_INJECTION: forcing a failure. [ 1000.050179][ T2543] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1000.076179][ T2543] CPU: 0 PID: 2543 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1000.084429][ T2543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1000.094338][ T2543] Call Trace: [ 1000.097457][ T2543] 08:07:32 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) timer_create(0x6, &(0x7f00000000c0)={0x0, 0x10, 0x2, @thr={&(0x7f0000000000)="21832b6fe6091ada3846045a32fbd497e5df4c194690f46b2fb1dc4a49502c14d0246a440c3779b7efebbeea0d6b655bac0ee3b8bb0575ef1469e198d01301d3fe1632be17523bc93eb5ac2781f61354895e20cbf1b47c814f4f20c723f50584706f7205da5587ba4b4fa87a4aec2e04032d6a95a729803ae5e432d75f252c7b3df083076ce2f517657f6716ccaee9d5a79d8e4bde0ca32725757ef4fa81ead41c37aa9f9e859282f3", &(0x7f0000000280)="5b194cb52046c40bae118d6be012a868278840638083e46c403c5e4d1befed43d6c49f8a58eb1f74367bd76013e60a7907eb7e9ffe7082f3c989a63f30370b5fafbcdddc215f5e1c5312581fdef085dbe1b701a1b4d7c52248595b677af4b40d5f5c6a13fabed027cbedbec517bb48e6b03fcd91e229eacb314c438d23638fb39f18154a9b30300bb8f00ec4cd1544ae93b31b94d50c95e1a5f61bec0ba8c0be7366734ce00e4a8a6ce9332a67ff7be7d27f0b7435396711ed9bde3435979384512890c59d120c04b626edfcae6d752720140ded33ee4cb4c01d44be00719e83405f4a"}}, &(0x7f0000000180)=0x0) timer_gettime(r2, &(0x7f00000001c0)) ioctl$USBDEVFS_GET_SPEED(r1, 0x551f) (async) ioctl$HIDIOCGUSAGES(r0, 0xd01c4813, &(0x7f0000000380)={{0x2, 0x100, 0x7fff, 0x4, 0x6, 0x94}, 0xf6, [0x5, 0x0, 0x1, 0x5, 0x1, 0xffffffff, 0x6, 0x3, 0x99, 0xfff, 0x4, 0x7, 0xfffffc01, 0x8, 0x4, 0xed82, 0x43dc, 0x2, 0x4, 0xfffffea5, 0x9, 0x6, 0x630, 0x8001, 0x1, 0x7, 0x1, 0x9, 0x80000001, 0x959, 0x6, 0xffff, 0x1f, 0x80000001, 0x9, 0x0, 0x9, 0x0, 0xa7b6, 0x1, 0x8, 0x0, 0x6, 0x5, 0xffff0000, 0x401, 0x6, 0x3, 0x1, 0x2, 0x8, 0x7, 0x0, 0x7, 0xdee, 0x6, 0x7ff, 0x4, 0x5, 0x1, 0x3, 0x4, 0x1, 0x10000, 0x4, 0x101, 0x6, 0xffffffff, 0xffffffc1, 0x0, 0x9, 0x1000, 0xa8, 0x10000, 0x3, 0x7f, 0xffffffff, 0x3, 0x173000, 0x81, 0x6, 0x8000, 0x0, 0x200, 0xc9, 0x300000, 0x0, 0xff, 0x10000, 0x101, 0xfe14, 0xfffffff7, 0x80000000, 0x7f, 0x8, 0x401, 0x53f7, 0x952d, 0x3, 0x9, 0x1f, 0x5, 0xfffffff8, 0x1, 0x36, 0x800, 0x1, 0x5cf, 0xa732, 0x80000000, 0xf1f, 0x7, 0x6, 0x100, 0x8, 0x9, 0x10000, 0x1, 0x1, 0xe14, 0x2d, 0x8, 0x1c000, 0x40, 0x69, 0xf4cf, 0x9, 0xffff8000, 0x9, 0x5, 0x2a8, 0x10001, 0x0, 0xe557, 0x10001, 0x1ff, 0x7fff, 0x0, 0x80, 0x2, 0x7, 0x1, 0x8, 0xffffffff, 0x3, 0x0, 0x40, 0x3, 0x3, 0xc77, 0x6eb, 0x1, 0x100, 0x0, 0x1, 0x8, 0x6, 0x4, 0x4, 0xffffffde, 0x1, 0x9, 0x6, 0x7, 0xfffffffc, 0x1, 0x4, 0x7, 0x80, 0x0, 0x3ff, 0x4, 0x6, 0xfffffffc, 0x7f, 0xfa, 0xcd5b, 0x7, 0x0, 0xffffffff, 0xf13, 0x1f, 0x80000000, 0x9, 0x524, 0x20, 0x9, 0x7, 0x7ff, 0x40, 0x7, 0x6, 0x6, 0x2, 0x6, 0x5, 0x1f, 0x0, 0x7, 0x10000, 0x1, 0x1, 0xda, 0x1000, 0x80000000, 0x7, 0x0, 0xa4, 0x2000, 0xffffffff, 0x101, 0x0, 0xa018, 0x7ff, 0x5, 0x81, 0x5c5d, 0x5, 0x1, 0x3ff, 0x1, 0xc9a8, 0x3e, 0x1f, 0x4c25, 0x1, 0x2, 0x1, 0x62f, 0x2, 0xea7, 0x200, 0x10000, 0x9, 0x3, 0x4, 0x6, 0x81, 0x800, 0xe0000, 0x3f, 0x401, 0x6, 0xaa6, 0x9299, 0x5, 0x286b2ed, 0xf9cd, 0x80000001, 0xcfa, 0x6, 0x80000000, 0x6, 0x2, 0x278a, 0x0, 0x3, 0x7fffffff, 0x9, 0x2, 0x800, 0x1f, 0x8, 0xfffffffa, 0x1, 0x924, 0x8, 0x3, 0x8, 0x3ff, 0x80000001, 0x200, 0x3, 0x2787, 0x7f, 0x9, 0x1000, 0x80000001, 0x9, 0x101, 0x68, 0x0, 0x5, 0x101, 0x7f, 0x7, 0x8, 0x6, 0x2, 0xffffffff, 0x0, 0x2, 0x100, 0x7d4, 0x8, 0x3f, 0x1, 0xd6, 0x26, 0x1, 0x2, 0x2, 0x5, 0x200, 0x4, 0x100, 0x8000, 0x6, 0x10000, 0x2, 0x3, 0x400, 0x20, 0x7fff, 0x0, 0x7, 0xfffffc00, 0x8000, 0x401, 0x9, 0x20, 0x20000000, 0xf0, 0x10000, 0x5, 0x10000, 0x0, 0xfffffff7, 0x2, 0x4, 0xd1, 0x80000001, 0x7, 0x2, 0x9, 0x10000, 0x4417cccf, 0xe3, 0x397, 0x7ff, 0x80, 0x3, 0x1ff, 0x8, 0x401, 0x7, 0x7fff, 0x83a, 0x4, 0xffff8001, 0x2, 0x7, 0x7fff, 0x2, 0xaf0, 0x8, 0xfe, 0xffffff2b, 0x1, 0x8224, 0x6263, 0xec, 0x3, 0x1, 0x8, 0x8, 0x9, 0x1, 0x3ff, 0x1d, 0x4, 0x7, 0x4, 0x3, 0x45b3a5ab, 0x0, 0x4, 0xfffffff8, 0x1, 0x7ff0000, 0x20, 0x1f, 0x6, 0x5, 0x1, 0x9, 0x3, 0x7, 0x1, 0x2, 0x40, 0x3243, 0x0, 0x1, 0x6, 0xffff, 0x6, 0x3, 0x7, 0x3, 0x7, 0x7fff, 0xffffffff, 0x8, 0xfffffffa, 0x4, 0x3, 0x4a4, 0x4, 0xff, 0x40, 0x8000, 0x1f2c755a, 0x9, 0x7, 0x7, 0x6, 0x349, 0x5, 0x3f, 0x9f22, 0x8, 0x6, 0x3, 0xa4, 0x9, 0x2, 0xb667, 0x4404, 0x6, 0x5e, 0x8d, 0x9, 0x1, 0x5, 0x80, 0x4, 0x5, 0x1, 0x8a, 0x5, 0xfff, 0x284a, 0x5, 0xfffffffe, 0x9, 0x9, 0x6, 0x1, 0x3, 0x1000, 0x400, 0x2, 0xde4, 0x0, 0x3ff, 0xb9cf, 0x0, 0x3, 0xb59, 0x3, 0x3bc2, 0x7, 0x6, 0x7f, 0x800, 0xd, 0x881, 0x9, 0x2, 0x2, 0x80000001, 0x20, 0x8, 0x9, 0xffffffff, 0x0, 0x3, 0x401, 0xf24a, 0x33, 0x5, 0x6, 0x1, 0x2, 0x80000000, 0x3e, 0x3, 0x8, 0x53d, 0x500000, 0x4, 0x8af5, 0x5, 0x9, 0x0, 0x5, 0x2, 0x1000, 0x0, 0x9, 0x80000000, 0x5f91, 0x8, 0xeead, 0x7, 0x800, 0xfffff800, 0x2, 0x4, 0x800, 0x7, 0x8, 0x4, 0x400, 0xfffff800, 0x2, 0x97a, 0x13e8, 0x9, 0x5, 0xe7e, 0x8, 0x2, 0x4, 0x5, 0x8001, 0x9, 0x0, 0x4, 0x80000001, 0x5, 0x7, 0x101, 0x8, 0x7ff, 0x5, 0x6, 0x7ff, 0x8, 0x8d, 0x8000, 0x42c, 0xffff, 0x9, 0x1000, 0x9, 0xab4f, 0xffffffff, 0xc9d, 0x0, 0xfff, 0x4, 0x100, 0x6, 0x3, 0xfffffff8, 0x401, 0x958b, 0x3f, 0x800, 0x1, 0x8, 0x2, 0x7, 0x8, 0x5, 0xea, 0x9, 0xffff6b38, 0x7fffffff, 0x4784, 0x7fffffff, 0x0, 0xffff, 0x2, 0x8, 0x101, 0xfffffffd, 0x9, 0x6, 0x1f, 0x7, 0x6, 0x1f, 0xf82e05, 0x4, 0xfffffff7, 0x5, 0x6, 0x40, 0x7, 0x5, 0x1, 0x9c9, 0x3, 0x101, 0x1, 0xffffffff, 0x3, 0x200, 0x2, 0x7, 0x8, 0x1, 0xfffffff7, 0xdf, 0x6, 0x9, 0x3, 0x2, 0x7, 0x77c, 0x20, 0x2, 0x10000, 0x310, 0x1, 0x8, 0xe19a, 0x5, 0x800, 0x2, 0x800100, 0xb0, 0x6, 0x0, 0x45, 0x1, 0xffffffe1, 0x2, 0x3ff, 0x3, 0x9, 0x1, 0x6, 0x5, 0x100, 0x7, 0x0, 0x6, 0x9e6, 0x5, 0xb6, 0x7a, 0x9, 0x2, 0x20, 0x401, 0x2, 0x1, 0x0, 0x7, 0x200, 0x3, 0x7, 0x8, 0x5, 0x1, 0x7, 0x5, 0x1000, 0x0, 0x5, 0x80000001, 0x0, 0x7, 0x7ff, 0x2e48, 0xfffffff8, 0x8, 0x4, 0x54, 0x80000001, 0x8, 0x9, 0x4, 0xe1, 0xfe1c, 0x5, 0x10000, 0x0, 0x7, 0x10001, 0x63a, 0x7497ba66, 0x5, 0x0, 0x5, 0x9, 0x3, 0x7, 0x5, 0x4, 0xfffffffb, 0x8, 0x0, 0x1f, 0x7000, 0x2, 0x5, 0xffffffff, 0xfffffffb, 0xa8, 0x69fa01ef, 0x6856, 0xcd91, 0xfffffff9, 0x800, 0x0, 0x6, 0x7, 0x1f, 0x3f, 0x7, 0x3c, 0x200, 0x3, 0x5, 0x6, 0xfffffffc, 0x8a26, 0x28d3, 0xfffffff7, 0x2, 0x80000000, 0x5, 0x7, 0x5, 0xffffffff, 0xfffffe01, 0x3f, 0x3, 0x1, 0x401, 0x6e, 0x3, 0x200, 0x6, 0x3, 0x1d45, 0xe5, 0x4, 0x4, 0x7, 0x2b1, 0x9, 0xffff, 0x7fffffff, 0x1f, 0x1, 0x9, 0x200, 0x400, 0xfff, 0xffffffff, 0x0, 0x5, 0x10000, 0xfffffffb, 0x3f, 0x0, 0x3, 0xcd, 0x9, 0xe0000, 0x5, 0x4, 0x6, 0x3, 0x2, 0xff, 0xfffffffe, 0x7, 0x2, 0x0, 0x0, 0x2, 0x4, 0x1, 0x8001, 0x4, 0x6, 0xa48, 0x8d, 0x4, 0xde, 0x9, 0x0, 0xffff, 0x8, 0x80, 0x1ce, 0x9, 0x9ba, 0xfffffffa, 0x9, 0x6, 0x401, 0x8, 0x200, 0x8000, 0x7f, 0x1, 0x4, 0xc225, 0x3ff, 0x1, 0xc3, 0x57, 0x5, 0x0, 0x20, 0x9, 0x6, 0xcf, 0xff, 0x2, 0xffff, 0x2, 0x9, 0x6, 0x4, 0xffff, 0xfff, 0x80000001, 0x200, 0x5, 0x2, 0x8000, 0x401, 0x9, 0x7fffffff, 0x5, 0x1, 0x4, 0x7ff, 0x7, 0x3f9f, 0x6, 0x0, 0x3, 0x7ff, 0xca, 0xd28, 0x2, 0x400, 0x100, 0xffff, 0x1, 0x8, 0x3, 0xdba0, 0x2, 0x2, 0x3f8, 0x8, 0x7f, 0x100, 0x8000, 0xf8c, 0x0, 0xf1, 0x9, 0x1, 0x6ef98c3d, 0x0, 0x1, 0x5, 0x9, 0x10001, 0x8, 0x0, 0x0, 0x8000, 0xe0000, 0x1c, 0x9, 0xe3, 0x0, 0x5, 0x40, 0x7, 0xfffffff7, 0x7fff, 0x8, 0x10000, 0x5, 0x6, 0x90e4e6f7, 0x4, 0x8000, 0x277, 0x0, 0x81, 0xa587, 0x1, 0x1, 0xfffffffa, 0x2, 0x9, 0x2, 0x3, 0x3, 0x0, 0x3, 0x9, 0x7, 0x1, 0x9, 0x4, 0x20, 0x8, 0x1, 0x3ff, 0x7f, 0xfffffffd, 0x8001, 0x2, 0x5b, 0x3, 0x40, 0x5, 0x9, 0x7ff, 0x5b3, 0x800, 0x3ebb9c3a, 0x7, 0x9, 0x4, 0x8001, 0x9, 0x657, 0x800, 0x800, 0x72, 0xfffffffd, 0x8, 0x8001, 0x7, 0x1, 0x0, 0x20, 0x8001, 0x2, 0x357, 0x7ff, 0x4, 0x176, 0x2, 0x6, 0x6d2, 0x4, 0x0, 0x6, 0x1, 0x200, 0x53158167, 0x22, 0x6, 0x25, 0xfff, 0x70f, 0x3, 0x8, 0x4, 0x3, 0x7fff, 0x1f, 0x10001, 0x1, 0xffff, 0xb09e, 0x6, 0x6, 0x6, 0x5, 0x80, 0x0, 0x6, 0x3, 0x80000001, 0xdc, 0x7, 0xffff1071, 0x81, 0x0, 0x93, 0xffffffff, 0x10000, 0xc5, 0xffff7fff, 0xbb9f, 0x2, 0x8d, 0x0, 0xfffffbff, 0x3, 0x8, 0x56fae13b, 0x2, 0x3ff, 0x5, 0x10001, 0x2, 0x1, 0x0, 0x43, 0x5, 0xffffffe0, 0x8001, 0x0, 0x7, 0xf281, 0x6, 0xffff939c, 0x2, 0x3, 0x4, 0x1ff, 0x0, 0xffff, 0x2]}) (async) timer_gettime(0x0, &(0x7f0000000240)) 08:07:32 executing program 2: write$selinux_attr(0xffffffffffffffff, &(0x7f0000000000)='system_u:object_r:var_lock_t:s0\x00', 0x20) 08:07:32 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) write$selinux_attr(0xffffffffffffffff, &(0x7f0000000000)='system_u:object_r:var_lock_t:s0\x00', 0x20) [ 1000.100227][ T2543] dump_stack_lvl+0x151/0x1b7 [ 1000.104744][ T2543] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1000.110041][ T2543] dump_stack+0x15/0x17 [ 1000.114027][ T2543] should_fail+0x3c0/0x510 [ 1000.118279][ T2543] should_fail_alloc_page+0x58/0x70 [ 1000.123311][ T2543] __alloc_pages+0x1de/0x7c0 [ 1000.127746][ T2543] ? __count_vm_events+0x30/0x30 [ 1000.132516][ T2543] ? __kasan_kmalloc+0x9/0x10 [ 1000.137033][ T2543] ? __kmalloc+0x203/0x350 [ 1000.141280][ T2543] ? __vmalloc_node_range+0x2e3/0x800 08:07:32 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) write$selinux_attr(0xffffffffffffffff, &(0x7f0000000000)='system_u:object_r:var_lock_t:s0\x00', 0x20) 08:07:32 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) write$selinux_attr(0xffffffffffffffff, &(0x7f0000000000)='system_u:object_r:var_lock_t:s0\x00', 0x20) [ 1000.146500][ T2543] __vmalloc_node_range+0x48f/0x800 [ 1000.151526][ T2543] dup_task_struct+0x61f/0xa60 [ 1000.156124][ T2543] ? copy_process+0x579/0x3250 [ 1000.160722][ T2543] ? __kasan_check_write+0x14/0x20 [ 1000.165669][ T2543] copy_process+0x579/0x3250 [ 1000.170098][ T2543] ? check_stack_object+0xf7/0x130 [ 1000.175046][ T2543] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1000.179994][ T2543] ? copy_clone_args_from_user+0x6cf/0x790 [ 1000.185633][ T2543] kernel_clone+0x22d/0x990 [ 1000.189971][ T2543] ? dup_mmap+0xea0/0xea0 [ 1000.194140][ T2543] ? create_io_thread+0x1e0/0x1e0 08:07:32 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x8) 08:07:32 executing program 2: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) write$selinux_attr(r0, 0x0, 0x0) [ 1000.198997][ T2543] ? file_end_write+0x1b0/0x1b0 [ 1000.203685][ T2543] __x64_sys_clone3+0x375/0x3a0 [ 1000.208371][ T2543] ? __ia32_sys_clone+0x300/0x300 [ 1000.213233][ T2543] ? ksys_write+0x25f/0x2c0 [ 1000.217577][ T2543] ? debug_smp_processor_id+0x17/0x20 [ 1000.222780][ T2543] do_syscall_64+0x44/0xd0 [ 1000.227032][ T2543] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1000.232756][ T2543] RIP: 0033:0x7f495fdbc639 [ 1000.237016][ T2543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1000.256458][ T2543] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1000.264705][ T2543] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1000.272514][ T2543] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1000.280324][ T2543] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1000.288138][ T2543] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 08:07:32 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 16) 08:07:32 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) syz_clone3(&(0x7f0000000640)={0x220000000, &(0x7f0000000180), &(0x7f00000001c0)=0x0, &(0x7f0000000200), {0x26}, &(0x7f0000000480)=""/105, 0x69, &(0x7f0000000500)=""/243, &(0x7f0000000600)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) timer_create(0x0, &(0x7f0000000040)={0x0, 0x1a, 0x4, @tid=r0}, &(0x7f0000000080)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) ioctl$USBDEVFS_REAPURBNDELAY(r2, 0x4008550d, &(0x7f00000000c0)) timer_gettime(0x0, &(0x7f0000000240)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(r3, 0x40045402, &(0x7f0000000000)) 08:07:32 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x8) 08:07:32 executing program 2: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) write$selinux_attr(r0, 0x0, 0x0) 08:07:32 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x1100}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:32 executing program 5: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r0}}, 0x58) 08:07:32 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x8) 08:07:32 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) (async, rerun: 32) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (rerun: 32) syz_clone3(&(0x7f0000000640)={0x220000000, &(0x7f0000000180), &(0x7f00000001c0)=0x0, &(0x7f0000000200), {0x26}, &(0x7f0000000480)=""/105, 0x69, &(0x7f0000000500)=""/243, &(0x7f0000000600)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) timer_create(0x0, &(0x7f0000000040)={0x0, 0x1a, 0x4, @tid=r0}, &(0x7f0000000080)) (async, rerun: 32) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) (rerun: 32) read$FUSE(r1, 0x0, 0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) (async) ioctl$USBDEVFS_REAPURBNDELAY(r2, 0x4008550d, &(0x7f00000000c0)) (async, rerun: 64) timer_gettime(0x0, &(0x7f0000000240)) (rerun: 64) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, 0x0, 0x0) (async) ioctl$SNDRV_TIMER_IOCTL_TREAD(r3, 0x40045402, &(0x7f0000000000)) 08:07:32 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x1f00}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:32 executing program 2: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) write$selinux_attr(r0, 0x0, 0x0) [ 1000.295954][ T2543] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1000.303760][ T2543] [ 1000.329562][ T2583] FAULT_INJECTION: forcing a failure. [ 1000.329562][ T2583] name fail_page_alloc, interval 1, probability 0, space 0, times 0 08:07:32 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x2000}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:32 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r0}}, 0x58) fsmount(r0, 0x0, 0x2) [ 1000.372964][ T2583] CPU: 1 PID: 2583 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1000.381215][ T2583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1000.391111][ T2583] Call Trace: [ 1000.394238][ T2583] [ 1000.397012][ T2583] dump_stack_lvl+0x151/0x1b7 [ 1000.401526][ T2583] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1000.406824][ T2583] dump_stack+0x15/0x17 [ 1000.410811][ T2583] should_fail+0x3c0/0x510 [ 1000.415068][ T2583] should_fail_alloc_page+0x58/0x70 [ 1000.420103][ T2583] __alloc_pages+0x1de/0x7c0 [ 1000.424530][ T2583] ? __count_vm_events+0x30/0x30 [ 1000.429301][ T2583] ? __kasan_kmalloc+0x9/0x10 [ 1000.433814][ T2583] ? __kmalloc+0x203/0x350 [ 1000.438063][ T2583] ? __vmalloc_node_range+0x2e3/0x800 [ 1000.443275][ T2583] __vmalloc_node_range+0x48f/0x800 [ 1000.448310][ T2583] dup_task_struct+0x61f/0xa60 [ 1000.452910][ T2583] ? copy_process+0x579/0x3250 [ 1000.457511][ T2583] ? __kasan_check_write+0x14/0x20 [ 1000.462457][ T2583] copy_process+0x579/0x3250 [ 1000.466883][ T2583] ? check_stack_object+0xf7/0x130 [ 1000.471833][ T2583] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1000.476776][ T2583] ? copy_clone_args_from_user+0x6cf/0x790 [ 1000.482419][ T2583] kernel_clone+0x22d/0x990 [ 1000.486756][ T2583] ? dup_mmap+0xea0/0xea0 [ 1000.490921][ T2583] ? create_io_thread+0x1e0/0x1e0 [ 1000.495798][ T2583] ? file_end_write+0x1b0/0x1b0 [ 1000.500470][ T2583] __x64_sys_clone3+0x375/0x3a0 [ 1000.505157][ T2583] ? __ia32_sys_clone+0x300/0x300 [ 1000.510016][ T2583] ? ksys_write+0x25f/0x2c0 [ 1000.514360][ T2583] ? debug_smp_processor_id+0x17/0x20 [ 1000.519566][ T2583] do_syscall_64+0x44/0xd0 [ 1000.523816][ T2583] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1000.529546][ T2583] RIP: 0033:0x7f495fdbc639 [ 1000.533798][ T2583] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1000.553240][ T2583] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1000.561486][ T2583] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 08:07:33 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 17) 08:07:33 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) syz_clone3(&(0x7f0000000640)={0x220000000, &(0x7f0000000180), &(0x7f00000001c0)=0x0, &(0x7f0000000200), {0x26}, &(0x7f0000000480)=""/105, 0x69, &(0x7f0000000500)=""/243, &(0x7f0000000600)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58) timer_create(0x0, &(0x7f0000000040)={0x0, 0x1a, 0x4, @tid=r0}, &(0x7f0000000080)) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) (async) ioctl$USBDEVFS_REAPURBNDELAY(r2, 0x4008550d, &(0x7f00000000c0)) timer_gettime(0x0, &(0x7f0000000240)) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(r3, 0x40045402, &(0x7f0000000000)) 08:07:33 executing program 0: pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) openat$cgroup_type(r1, &(0x7f0000005300), 0x2, 0x0) read$FUSE(r1, 0x0, 0x0) r2 = fsmount(0xffffffffffffffff, 0x0, 0x8b) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r4, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001180)={0x6, 0x0, &(0x7f0000000000), &(0x7f0000000040)='GPL\x00', 0x7fffffff, 0xffc, &(0x7f0000000100)=""/4092, 0x40f00, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000080)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000001100)={0x3, 0x1, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001140)=[r2, 0x1, 0x1, r4]}, 0x80) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r6, 0x0, 0x0) read$FUSE(r3, &(0x7f0000001200)={0x2020, 0x0, 0x0}, 0x2020) getresuid(&(0x7f0000000000)=0x0, &(0x7f0000003240), &(0x7f0000003280)) read$FUSE(r0, &(0x7f00000032c0)={0x2020, 0x0, 0x0, 0x0}, 0x2020) read$FUSE(r0, &(0x7f0000005580)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_DIRENTPLUS(r6, &(0x7f0000007b80)=ANY=[@ANYBLOB="e6169bf9a198988c95348e50eb54771cf2d98fe2f5374c129504cb568f45be71a71ed41101961e3a7b7748255e2171a0896231effba4f055beccf9a4052890961dfd07b46af21c35ea644aa10a2919acfa436b0c0d505cdc221d05bd863275e2b9b33bedb0c204a2ce222eba4c990dcfb852913cc053e136e9de9b26458c42f8544c5041cdaf17282ddc567e126a7b6190398849e7e2eb7c632d15c09c3df4e70806b3be9893f985f1a1aeafe77a9a7eb52108d4d946f79ed56d55215874656ad753269113236d72627d32b5dd655251e390cbf319a30da6cf30a4af906c853d8512a479b5", @ANYRES64=r7, @ANYBLOB="050000000000000000000000000000000400000000000000ffffff7f0000000007000000020000000300000000000000010000000000000029000000000000000000000000000000b1df856000000000030000000000000005000000080000000200000000a0000004000000", @ANYRES32, @ANYRES32, @ANYBLOB="0500000000400000000000000600000000000000070000000000000001000000ff030000000000000000000005000000000000000100000000000000070000000000000005000000000000001f0000000600000003000000000000007702000000000000ffffffffffffffff0100000000000000d30b000000000000f8ffffffffffffff0100000006000000070000000080000000100000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="01000000f7ffffff0000000001000000000000000500000000000000040000000800000047504c0000000000020000000000000000000000000000000000000000000000c55f000000000000f8ffffff0400000002000000000000000400000000000000000001000000000000000000000000000600000000000000af0300000000000006000000810000000900000000a0000007000000", @ANYRES32=r8, @ANYRES32=0xee01, @ANYBLOB="0004000032000000000000000500000000000000a601000000000000010000000008000000000000000000000300000000000000020000000000000023000000000000000100000000000000070000000500000003000000000000001f0000000000000006000000000000000500000000000000afc8000000000000000000000000000000006c10060000000900000000100000ff7f0000", @ANYRES32=r9, @ANYRES32, @ANYBLOB="000100001f000000000000000000000000000000ff7f0000000000000600000001fcffffffffffffffff000005000000000000000000000000000000080000000000000006000000000000000200000000000000050000000000000004faffffffffffffa000000000000000010100000000000001000000000000000200000000000000ee0900007cffffff8100000000400000ffffffff", @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="040000000300000000000000000000000000000008000000000000000600000020000000ffffffffffff0000060000000000000003000000000000000700000000000000090000000000000000000000010000000200000000000000050000000000000008000000000000000000000000000000d50d00000000000002000000000000000400000009000000e700000000c0000004000000", @ANYRES32=0xee00, @ANYRES32, @ANYBLOB="0700000002000000000000000500000000000000ffffffffffffff7f0600000000800000ffffffffffff000000000000000000000200000000000000ff07000000000000ff07000000000000020000000500000004000000000000000200000000000000060000000000000009000000000000003c00000000000000090000000000000006000000200000005d0900000010000070030000", @ANYRES32=0xee00, @ANYRES32=r10, @ANYBLOB="0500000008000000000000000600000000000000060000000000000002000000010000805c7d00000000000000000000000000000200000000000000070000000000000020000000000000002329cd09060000000400000000000000010000000100000003000000000000008d00000000000000090000000000000008000000000000000300000008000000080000000060000009000000", @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0200000000020000000000000000000000000000010000000000000006000000231b0000ffffffffffff0000030000000000000002000000000000000900000000000000f827000000000000040000000000000006000000000000000000010000000000090000000000000008000000000000000600000000000000de95000000000000fcffffffffffff7f040000000040000007000000", @ANYRES32=0xee00, @ANYRES32, @ANYBLOB="080000000300000000000000060000000000000008000000000000000600000009000000ffffffffffff0000"], 0x5b0) connect$bt_sco(r5, &(0x7f00000000c0)={0x1f, @none}, 0x8) 08:07:33 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x4000}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:33 executing program 5: syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) [ 1000.569299][ T2583] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1000.577107][ T2583] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1000.584917][ T2583] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1000.592727][ T2583] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1000.600542][ T2583] 08:07:33 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x20010}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:33 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) timer_settime(r0, 0x0, &(0x7f0000000080)={{r1, r2+60000000}, {r3, r4+10000000}}, &(0x7f00000000c0)) timer_gettime(0x0, &(0x7f0000000240)) 08:07:33 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r0}}, 0x58) fsmount(r0, 0x0, 0x2) [ 1000.634929][ T2614] FAULT_INJECTION: forcing a failure. [ 1000.634929][ T2614] name failslab, interval 1, probability 0, space 0, times 0 [ 1000.652995][ T2614] CPU: 1 PID: 2614 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1000.661240][ T2614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1000.671136][ T2614] Call Trace: [ 1000.674267][ T2614] [ 1000.677037][ T2614] dump_stack_lvl+0x151/0x1b7 [ 1000.681552][ T2614] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1000.686847][ T2614] ? __this_cpu_preempt_check+0x13/0x20 [ 1000.692224][ T2614] dump_stack+0x15/0x17 [ 1000.696222][ T2614] should_fail+0x3c0/0x510 [ 1000.700474][ T2614] __should_failslab+0x9f/0xe0 [ 1000.705074][ T2614] should_failslab+0x9/0x20 [ 1000.709414][ T2614] kmem_cache_alloc+0x4f/0x2f0 [ 1000.714012][ T2614] ? __kasan_check_write+0x14/0x20 [ 1000.718960][ T2614] ? prepare_creds+0x30/0x690 [ 1000.723468][ T2614] ? _raw_spin_lock_irqsave+0xf8/0x210 [ 1000.728763][ T2614] prepare_creds+0x30/0x690 08:07:33 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x80000}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:33 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) (async, rerun: 64) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async, rerun: 64) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) (async) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) (async, rerun: 32) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) (rerun: 32) timer_settime(r0, 0x0, &(0x7f0000000080)={{r1, r2+60000000}, {r3, r4+10000000}}, &(0x7f00000000c0)) (async, rerun: 64) timer_gettime(0x0, &(0x7f0000000240)) (rerun: 64) 08:07:33 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x101000}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 1000.733103][ T2614] copy_creds+0xde/0x640 [ 1000.737186][ T2614] copy_process+0x775/0x3250 [ 1000.741616][ T2614] ? check_stack_object+0xf7/0x130 [ 1000.746560][ T2614] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1000.751507][ T2614] ? copy_clone_args_from_user+0x6cf/0x790 [ 1000.757148][ T2614] kernel_clone+0x22d/0x990 [ 1000.761486][ T2614] ? dup_mmap+0xea0/0xea0 [ 1000.765657][ T2614] ? create_io_thread+0x1e0/0x1e0 [ 1000.770515][ T2614] ? file_end_write+0x1b0/0x1b0 [ 1000.775203][ T2614] __x64_sys_clone3+0x375/0x3a0 [ 1000.779884][ T2614] ? __ia32_sys_clone+0x300/0x300 08:07:33 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) (async) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) (async) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) timer_settime(r0, 0x0, &(0x7f0000000080)={{r1, r2+60000000}, {r3, r4+10000000}}, &(0x7f00000000c0)) timer_gettime(0x0, &(0x7f0000000240)) [ 1000.784747][ T2614] ? ksys_write+0x25f/0x2c0 [ 1000.789091][ T2614] ? debug_smp_processor_id+0x17/0x20 [ 1000.794297][ T2614] do_syscall_64+0x44/0xd0 [ 1000.798557][ T2614] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1000.804279][ T2614] RIP: 0033:0x7f495fdbc639 [ 1000.808531][ T2614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 08:07:33 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 18) 08:07:33 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0xf0ff1f}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 1000.827972][ T2614] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1000.836211][ T2614] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1000.844024][ T2614] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1000.851837][ T2614] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1000.859652][ T2614] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1000.867458][ T2614] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1000.875276][ T2614] [ 1000.894343][ T2640] FAULT_INJECTION: forcing a failure. [ 1000.894343][ T2640] name failslab, interval 1, probability 0, space 0, times 0 [ 1000.907175][ T2640] CPU: 1 PID: 2640 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1000.915416][ T2640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1000.925311][ T2640] Call Trace: [ 1000.928434][ T2640] [ 1000.931209][ T2640] dump_stack_lvl+0x151/0x1b7 [ 1000.935723][ T2640] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1000.941012][ T2640] ? vma_interval_tree_augment_rotate+0x210/0x210 [ 1000.947261][ T2640] dump_stack+0x15/0x17 [ 1000.951255][ T2640] should_fail+0x3c0/0x510 [ 1000.955513][ T2640] __should_failslab+0x9f/0xe0 [ 1000.960109][ T2640] should_failslab+0x9/0x20 [ 1000.964449][ T2640] kmem_cache_alloc+0x4f/0x2f0 [ 1000.969046][ T2640] ? anon_vma_fork+0xf7/0x4f0 [ 1000.973558][ T2640] anon_vma_fork+0xf7/0x4f0 [ 1000.977900][ T2640] ? anon_vma_name+0x4c/0x70 [ 1000.982325][ T2640] dup_mmap+0x750/0xea0 [ 1000.986318][ T2640] ? __delayed_free_task+0x20/0x20 [ 1000.991267][ T2640] ? mm_init+0x807/0x960 [ 1000.995350][ T2640] dup_mm+0x91/0x330 [ 1000.999079][ T2640] copy_mm+0x108/0x1b0 [ 1001.002987][ T2640] copy_process+0x1295/0x3250 [ 1001.007498][ T2640] ? check_stack_object+0xf7/0x130 [ 1001.012444][ T2640] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1001.017391][ T2640] ? copy_clone_args_from_user+0x6cf/0x790 [ 1001.023037][ T2640] kernel_clone+0x22d/0x990 [ 1001.027374][ T2640] ? dup_mmap+0xea0/0xea0 [ 1001.031540][ T2640] ? create_io_thread+0x1e0/0x1e0 [ 1001.036399][ T2640] ? file_end_write+0x1b0/0x1b0 [ 1001.041084][ T2640] __x64_sys_clone3+0x375/0x3a0 [ 1001.045773][ T2640] ? __ia32_sys_clone+0x300/0x300 [ 1001.050633][ T2640] ? ksys_write+0x25f/0x2c0 [ 1001.054979][ T2640] ? debug_smp_processor_id+0x17/0x20 [ 1001.060183][ T2640] do_syscall_64+0x44/0xd0 [ 1001.064433][ T2640] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1001.070175][ T2640] RIP: 0033:0x7f495fdbc639 [ 1001.074419][ T2640] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1001.093855][ T2640] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1001.102101][ T2640] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1001.109918][ T2640] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1001.117723][ T2640] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1001.125535][ T2640] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1001.133348][ T2640] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1001.141162][ T2640] 08:07:34 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x1000000}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:34 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_create(0x4, &(0x7f00000001c0)={0x0, 0x1e, 0x0, @thr={&(0x7f0000000040)="860640322b3b7da039a3a411ab703392b283f979676ef407995f6b52a58caac24ab8b95de726ac8cdbff14c896e4f564afe2dfba65b677684419baf129c9fff545048cf7aa1fb0d5353ee5f713b42d662ef70622337e4ed8f8ba64c2c5a05bc3b84a1671c25195e23eca814b2c9eed62ae2442a842ee3be1dce92dde52fc185719f2de06933209cdee47813b24c4663c92f839b088efe517e7d59b72f67bd95104b09f3d837d5b1ba66b99937dea81f85f354f3c2eaa98f4ea0fc95d62", &(0x7f0000000180)="acbdb68c7725dee832187f795662804869d4f157ae434a5f0475c385d54beba2b986de960916e692"}}, &(0x7f0000000200)) timer_gettime(r0, &(0x7f0000000240)) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0) 08:07:34 executing program 5: syz_clone3(0x0, 0x0) 08:07:34 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r0}}, 0x58) fsmount(r0, 0x0, 0x2) 08:07:34 executing program 0: pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) openat$cgroup_type(r1, &(0x7f0000005300), 0x2, 0x0) (async) read$FUSE(r1, 0x0, 0x0) (async, rerun: 64) r2 = fsmount(0xffffffffffffffff, 0x0, 0x8b) (async, rerun: 64) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r4, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001180)={0x6, 0x0, &(0x7f0000000000), &(0x7f0000000040)='GPL\x00', 0x7fffffff, 0xffc, &(0x7f0000000100)=""/4092, 0x40f00, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000080)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000001100)={0x3, 0x1, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001140)=[r2, 0x1, 0x1, r4]}, 0x80) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r6, 0x0, 0x0) (async) read$FUSE(r3, &(0x7f0000001200)={0x2020, 0x0, 0x0}, 0x2020) getresuid(&(0x7f0000000000)=0x0, &(0x7f0000003240), &(0x7f0000003280)) (async, rerun: 32) read$FUSE(r0, &(0x7f00000032c0)={0x2020, 0x0, 0x0, 0x0}, 0x2020) (async, rerun: 32) read$FUSE(r0, &(0x7f0000005580)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_DIRENTPLUS(r6, &(0x7f0000007b80)=ANY=[@ANYBLOB="e6169bf9a198988c95348e50eb54771cf2d98fe2f5374c129504cb568f45be71a71ed41101961e3a7b7748255e2171a0896231effba4f055beccf9a4052890961dfd07b46af21c35ea644aa10a2919acfa436b0c0d505cdc221d05bd863275e2b9b33bedb0c204a2ce222eba4c990dcfb852913cc053e136e9de9b26458c42f8544c5041cdaf17282ddc567e126a7b6190398849e7e2eb7c632d15c09c3df4e70806b3be9893f985f1a1aeafe77a9a7eb52108d4d946f79ed56d55215874656ad753269113236d72627d32b5dd655251e390cbf319a30da6cf30a4af906c853d8512a479b5", @ANYRES64=r7, @ANYBLOB="050000000000000000000000000000000400000000000000ffffff7f0000000007000000020000000300000000000000010000000000000029000000000000000000000000000000b1df856000000000030000000000000005000000080000000200000000a0000004000000", @ANYRES32, @ANYRES32, @ANYBLOB="0500000000400000000000000600000000000000070000000000000001000000ff030000000000000000000005000000000000000100000000000000070000000000000005000000000000001f0000000600000003000000000000007702000000000000ffffffffffffffff0100000000000000d30b000000000000f8ffffffffffffff0100000006000000070000000080000000100000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="01000000f7ffffff0000000001000000000000000500000000000000040000000800000047504c0000000000020000000000000000000000000000000000000000000000c55f000000000000f8ffffff0400000002000000000000000400000000000000000001000000000000000000000000000600000000000000af0300000000000006000000810000000900000000a0000007000000", @ANYRES32=r8, @ANYRES32=0xee01, @ANYBLOB="0004000032000000000000000500000000000000a601000000000000010000000008000000000000000000000300000000000000020000000000000023000000000000000100000000000000070000000500000003000000000000001f0000000000000006000000000000000500000000000000afc8000000000000000000000000000000006c10060000000900000000100000ff7f0000", @ANYRES32=r9, @ANYRES32, @ANYBLOB="000100001f000000000000000000000000000000ff7f0000000000000600000001fcffffffffffffffff000005000000000000000000000000000000080000000000000006000000000000000200000000000000050000000000000004faffffffffffffa000000000000000010100000000000001000000000000000200000000000000ee0900007cffffff8100000000400000ffffffff", @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="040000000300000000000000000000000000000008000000000000000600000020000000ffffffffffff0000060000000000000003000000000000000700000000000000090000000000000000000000010000000200000000000000050000000000000008000000000000000000000000000000d50d00000000000002000000000000000400000009000000e700000000c0000004000000", @ANYRES32=0xee00, @ANYRES32, @ANYBLOB="0700000002000000000000000500000000000000ffffffffffffff7f0600000000800000ffffffffffff000000000000000000000200000000000000ff07000000000000ff07000000000000020000000500000004000000000000000200000000000000060000000000000009000000000000003c00000000000000090000000000000006000000200000005d0900000010000070030000", @ANYRES32=0xee00, @ANYRES32=r10, @ANYBLOB="0500000008000000000000000600000000000000060000000000000002000000010000805c7d00000000000000000000000000000200000000000000070000000000000020000000000000002329cd09060000000400000000000000010000000100000003000000000000008d00000000000000090000000000000008000000000000000300000008000000080000000060000009000000", @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0200000000020000000000000000000000000000010000000000000006000000231b0000ffffffffffff0000030000000000000002000000000000000900000000000000f827000000000000040000000000000006000000000000000000010000000000090000000000000008000000000000000600000000000000de95000000000000fcffffffffffff7f040000000040000007000000", @ANYRES32=0xee00, @ANYRES32, @ANYBLOB="080000000300000000000000060000000000000008000000000000000600000009000000ffffffffffff0000"], 0x5b0) (async) connect$bt_sco(r5, &(0x7f00000000c0)={0x1f, @none}, 0x8) 08:07:34 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 19) 08:07:34 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x2000000}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:34 executing program 5: syz_clone3(0x0, 0x0) 08:07:34 executing program 5: syz_clone3(0x0, 0x0) 08:07:34 executing program 5: syz_clone3(&(0x7f00000029c0)={0x0, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) [ 1001.468646][ T2653] FAULT_INJECTION: forcing a failure. [ 1001.468646][ T2653] name failslab, interval 1, probability 0, space 0, times 0 [ 1001.483880][ T2653] CPU: 1 PID: 2653 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1001.492188][ T2653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1001.502024][ T2653] Call Trace: [ 1001.505147][ T2653] [ 1001.507927][ T2653] dump_stack_lvl+0x151/0x1b7 [ 1001.512440][ T2653] ? bfq_pos_tree_add_move+0x43e/0x43e 08:07:34 executing program 5: syz_clone3(&(0x7f00000029c0)={0x0, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:34 executing program 5: syz_clone3(&(0x7f00000029c0)={0x0, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:34 executing program 5: syz_clone3(&(0x7f00000029c0)={0x41222000, 0x0, &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:34 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async, rerun: 64) timer_create(0x4, &(0x7f00000001c0)={0x0, 0x1e, 0x0, @thr={&(0x7f0000000040)="860640322b3b7da039a3a411ab703392b283f979676ef407995f6b52a58caac24ab8b95de726ac8cdbff14c896e4f564afe2dfba65b677684419baf129c9fff545048cf7aa1fb0d5353ee5f713b42d662ef70622337e4ed8f8ba64c2c5a05bc3b84a1671c25195e23eca814b2c9eed62ae2442a842ee3be1dce92dde52fc185719f2de06933209cdee47813b24c4663c92f839b088efe517e7d59b72f67bd95104b09f3d837d5b1ba66b99937dea81f85f354f3c2eaa98f4ea0fc95d62", &(0x7f0000000180)="acbdb68c7725dee832187f795662804869d4f157ae434a5f0475c385d54beba2b986de960916e692"}}, &(0x7f0000000200)) (async, rerun: 64) timer_gettime(r0, &(0x7f0000000240)) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0) [ 1001.517735][ T2653] dump_stack+0x15/0x17 [ 1001.521728][ T2653] should_fail+0x3c0/0x510 [ 1001.525980][ T2653] __should_failslab+0x9f/0xe0 [ 1001.530578][ T2653] should_failslab+0x9/0x20 [ 1001.534918][ T2653] kmem_cache_alloc+0x4f/0x2f0 [ 1001.539517][ T2653] ? anon_vma_fork+0x1b9/0x4f0 [ 1001.544116][ T2653] anon_vma_fork+0x1b9/0x4f0 [ 1001.548547][ T2653] dup_mmap+0x750/0xea0 [ 1001.552537][ T2653] ? __delayed_free_task+0x20/0x20 [ 1001.557485][ T2653] ? mm_init+0x807/0x960 [ 1001.561563][ T2653] dup_mm+0x91/0x330 08:07:34 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x7000000}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 1001.565297][ T2653] copy_mm+0x108/0x1b0 [ 1001.569203][ T2653] copy_process+0x1295/0x3250 [ 1001.573719][ T2653] ? check_stack_object+0xf7/0x130 [ 1001.578666][ T2653] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1001.583607][ T2653] ? copy_clone_args_from_user+0x6cf/0x790 [ 1001.589246][ T2653] kernel_clone+0x22d/0x990 [ 1001.593590][ T2653] ? dup_mmap+0xea0/0xea0 [ 1001.597760][ T2653] ? create_io_thread+0x1e0/0x1e0 [ 1001.602619][ T2653] ? file_end_write+0x1b0/0x1b0 [ 1001.607304][ T2653] __x64_sys_clone3+0x375/0x3a0 [ 1001.611986][ T2653] ? __ia32_sys_clone+0x300/0x300 [ 1001.616854][ T2653] ? ksys_write+0x25f/0x2c0 [ 1001.621193][ T2653] ? debug_smp_processor_id+0x17/0x20 [ 1001.626396][ T2653] do_syscall_64+0x44/0xd0 [ 1001.630649][ T2653] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1001.636381][ T2653] RIP: 0033:0x7f495fdbc639 [ 1001.640628][ T2653] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1001.660077][ T2653] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1001.668417][ T2653] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1001.676228][ T2653] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1001.684035][ T2653] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1001.691847][ T2653] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1001.699661][ T2653] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1001.707474][ T2653] 08:07:34 executing program 0: pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) openat$cgroup_type(r1, &(0x7f0000005300), 0x2, 0x0) read$FUSE(r1, 0x0, 0x0) (async) r2 = fsmount(0xffffffffffffffff, 0x0, 0x8b) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r4, 0x0, 0x0) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001180)={0x6, 0x0, &(0x7f0000000000), &(0x7f0000000040)='GPL\x00', 0x7fffffff, 0xffc, &(0x7f0000000100)=""/4092, 0x40f00, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000080)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000001100)={0x3, 0x1, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001140)=[r2, 0x1, 0x1, r4]}, 0x80) (async) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r6, 0x0, 0x0) (async) read$FUSE(r3, &(0x7f0000001200)={0x2020, 0x0, 0x0}, 0x2020) (async) getresuid(&(0x7f0000000000)=0x0, &(0x7f0000003240), &(0x7f0000003280)) (async) read$FUSE(r0, &(0x7f00000032c0)={0x2020, 0x0, 0x0, 0x0}, 0x2020) (async) read$FUSE(r0, &(0x7f0000005580)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_DIRENTPLUS(r6, &(0x7f0000007b80)=ANY=[@ANYBLOB="e6169bf9a198988c95348e50eb54771cf2d98fe2f5374c129504cb568f45be71a71ed41101961e3a7b7748255e2171a0896231effba4f055beccf9a4052890961dfd07b46af21c35ea644aa10a2919acfa436b0c0d505cdc221d05bd863275e2b9b33bedb0c204a2ce222eba4c990dcfb852913cc053e136e9de9b26458c42f8544c5041cdaf17282ddc567e126a7b6190398849e7e2eb7c632d15c09c3df4e70806b3be9893f985f1a1aeafe77a9a7eb52108d4d946f79ed56d55215874656ad753269113236d72627d32b5dd655251e390cbf319a30da6cf30a4af906c853d8512a479b5", @ANYRES64=r7, @ANYBLOB="050000000000000000000000000000000400000000000000ffffff7f0000000007000000020000000300000000000000010000000000000029000000000000000000000000000000b1df856000000000030000000000000005000000080000000200000000a0000004000000", @ANYRES32, @ANYRES32, @ANYBLOB="0500000000400000000000000600000000000000070000000000000001000000ff030000000000000000000005000000000000000100000000000000070000000000000005000000000000001f0000000600000003000000000000007702000000000000ffffffffffffffff0100000000000000d30b000000000000f8ffffffffffffff0100000006000000070000000080000000100000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="01000000f7ffffff0000000001000000000000000500000000000000040000000800000047504c0000000000020000000000000000000000000000000000000000000000c55f000000000000f8ffffff0400000002000000000000000400000000000000000001000000000000000000000000000600000000000000af0300000000000006000000810000000900000000a0000007000000", @ANYRES32=r8, @ANYRES32=0xee01, @ANYBLOB="0004000032000000000000000500000000000000a601000000000000010000000008000000000000000000000300000000000000020000000000000023000000000000000100000000000000070000000500000003000000000000001f0000000000000006000000000000000500000000000000afc8000000000000000000000000000000006c10060000000900000000100000ff7f0000", @ANYRES32=r9, @ANYRES32, @ANYBLOB="000100001f000000000000000000000000000000ff7f0000000000000600000001fcffffffffffffffff000005000000000000000000000000000000080000000000000006000000000000000200000000000000050000000000000004faffffffffffffa000000000000000010100000000000001000000000000000200000000000000ee0900007cffffff8100000000400000ffffffff", @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="040000000300000000000000000000000000000008000000000000000600000020000000ffffffffffff0000060000000000000003000000000000000700000000000000090000000000000000000000010000000200000000000000050000000000000008000000000000000000000000000000d50d00000000000002000000000000000400000009000000e700000000c0000004000000", @ANYRES32=0xee00, @ANYRES32, @ANYBLOB="0700000002000000000000000500000000000000ffffffffffffff7f0600000000800000ffffffffffff000000000000000000000200000000000000ff07000000000000ff07000000000000020000000500000004000000000000000200000000000000060000000000000009000000000000003c00000000000000090000000000000006000000200000005d0900000010000070030000", @ANYRES32=0xee00, @ANYRES32=r10, @ANYBLOB="0500000008000000000000000600000000000000060000000000000002000000010000805c7d00000000000000000000000000000200000000000000070000000000000020000000000000002329cd09060000000400000000000000010000000100000003000000000000008d00000000000000090000000000000008000000000000000300000008000000080000000060000009000000", @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0200000000020000000000000000000000000000010000000000000006000000231b0000ffffffffffff0000030000000000000002000000000000000900000000000000f827000000000000040000000000000006000000000000000000010000000000090000000000000008000000000000000600000000000000de95000000000000fcffffffffffff7f040000000040000007000000", @ANYRES32=0xee00, @ANYRES32, @ANYBLOB="080000000300000000000000060000000000000008000000000000000600000009000000ffffffffffff0000"], 0x5b0) connect$bt_sco(r5, &(0x7f00000000c0)={0x1f, @none}, 0x8) 08:07:34 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_create(0x4, &(0x7f00000001c0)={0x0, 0x1e, 0x0, @thr={&(0x7f0000000040)="860640322b3b7da039a3a411ab703392b283f979676ef407995f6b52a58caac24ab8b95de726ac8cdbff14c896e4f564afe2dfba65b677684419baf129c9fff545048cf7aa1fb0d5353ee5f713b42d662ef70622337e4ed8f8ba64c2c5a05bc3b84a1671c25195e23eca814b2c9eed62ae2442a842ee3be1dce92dde52fc185719f2de06933209cdee47813b24c4663c92f839b088efe517e7d59b72f67bd95104b09f3d837d5b1ba66b99937dea81f85f354f3c2eaa98f4ea0fc95d62", &(0x7f0000000180)="acbdb68c7725dee832187f795662804869d4f157ae434a5f0475c385d54beba2b986de960916e692"}}, &(0x7f0000000200)) (async) timer_gettime(r0, &(0x7f0000000240)) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0) 08:07:34 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x9000000}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:34 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 20) 08:07:34 executing program 5: syz_clone3(&(0x7f00000029c0)={0x41222000, 0x0, 0x0, &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:34 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r0}}, 0x58) 08:07:34 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x10000200}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:34 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x11000000}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:34 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) timer_create(0x5, &(0x7f0000000040)={0x0, 0x35, 0x0, @thr={&(0x7f0000000380)="a5675089fc84ef10735b31176d24dc5e6c46f9b1fe8ddb6eb7b2d161be5461f5a4a2f9c9b8dd2cb7caa3b3415d7f3d6c6124db9a34e87bbd3924a8d516524ab62ed307c3d120baf45deb5ca3260317a25eec171e211cd77ea385af5440ed26c9cd9a1ebc7ca9b3842bdd46e46df02ccbcb7382f8fc28842da67a8b71f1558bddb8134d54ab51725ef4b3f120a6c6a15b27889acb4677531ffe9c2e3dd1ec4903ee34b41ee8de6970405960251bf98d18b25d83c2ae9753361b418491d2896c98e43dc2f6cd84a8a4e90f937b73354b7169814c876cf105e059c0722be8de3c3d98b3df3fca7af271e5c7860cf0673319245769ca5bedfa5b5cee1f78a9efa21569ecd4487268e2e3c15153ffc11859a550a451f930b20e5c30e6bc897a8d18dd32847f0d600b6094029b063b254bbc8f9977f3f8646946c8ba84fedf449d5c9b4c20cd9c00ae1db178f944193a39bb6f62ee4435d34696575482fc859b9e79ae899f56f52daf2cbe9962c097739729105e459e7c399e8db2ab76042ee25ac9aaa81cd54f9225fbb4bcf784373828a8faf96f5cb6c96e07fc4a95c081bd7836749e64220ab8119fdbfce8e497e3e5b95cac8699cc8db4f57bc1345c7a9c894c09beda83c3c93d6e0ff8c1a496f91b9a67aabaf57ad77a202b3b31d8170c908444d51e60bbe6092eeaeee0a41d20703f9c982e352f74893dad78004c2adf9d361e06421a61e7838f1ea28833eb86cdfd717efeb6e3411f757588454c82c824bf45b439a112045e21fdc49e4d458a8e3a635a26652f4713dbb3172a7c01f5d87803360ed0b2721dcd36deace7401d00cdc5357944946b1c56f75a18860d06552161d6b27841bac25709b285996aaa78fce6f583515482091ee3716bc47fecd58dceb3580f5759665557555eb761ad20c72bce83b60a380de335d965cc9a8983dfd7cd01332dd7846265e8a638e784d51b9460b58244268f8f4361ac3d258409ae86f6cb431676413920590719c96ac854187c40d380ec4e6b1589833395ec84f8527bf70fa0cb49d915de2c517fdeaeecabcd6fe9a7333a292d871c1e750a6a732ed14d4d1d0ddefa7e06d82568236cb5e87b8905c9f83bbaaa5f27190574f266e2ae41f48367e9c35f851cc1c0b7149629c701c10d030a3e7bbe36ca3624c7ccd2173a652faa3985c07a9d376c6928f29d5a9fd92c9f6d792924fd24912fbf1636b20ac1b7fd4e001748ae17472660fa710528aca8f4c81f87f06f0f13f7c3552f6a7491b160e29e207f77a6e9caa8642645a65073c0a02e0fdb533efbff0abb134c9b1fb7b955bf5b2e1e7e07d445f341c5123606746ddbb7e7e42cd485fe84a434b6aaaff4534e28a62243b1bcad1a0dcc95477db403f3e4975d35fb243472fc34529065a5e703280c0dba6cbe957ef2c1d7add90fd24623ab9fad0ef814228a0ff079a1b9d31625166bb3015bc3c720b46b1adbd20359bbb36253c1f1707574c2ff4dcf06674ab26c04be12210e5a109da4bbccfe8814ff905d33cd503b586b4728bda81732f42d5b6254eba6636364014c69dab9e7e7fdc1c7c8170a9f47f8e07500c0af2f8b1cb157e9ab5e2c31943468ee02d672c3885d9431e06ce6a6afaba63ab00715c5e4263db599a23126b056cfa3d8c53b95b54bfb799cc243ab9a351659c3918ed60cbcc3945bfcccd0f18d902f8bd40f4d1974b52b855cf6a6c9f43d54f0c9cb768e3d804ed64c82e47927850b2db81336bf936aa12f86497cce65dbeca1e3095b48424ebfe31beb604080eb5cc972881ddd8dd9a844f09d6c4cf3f405855d72372ecae38632e413a9823f9134a031491677d15390380b0a4abeebf881901c0b23b3c3cc2cbe8a4688f1b4957f391e717cd436a09aaa971961d608ac458715d79ef32ce2dd117c3ce726db30cff0e2405f7c4a79d85f561a9134b24e6977b8b365eed6e630ec83c088c282e53ef8fb6ad9eb43cb5d5e9ec50ee0d529ec56ec9ad248a41e54e8f4020f6eb16db43eba4691831bf073da606f043deabcff4d124afb10528367e2c5b4e006390e42f9310ab8fa0ae154c31b120282fc4e472ddad42796c88cfc52e55767abf2a0e648b9e95366fe4c944699a2b24fedb9376b0f5733b6373a546cd7eb70c275b64fad411219379c814abeedd7ffacdc9fa3151e31e44cfb0ce07d8ae3de325e2afb7af239291e12f6b70c3168b8de39ea4129f37f72bc9914054de6261716533375359410f0ba11f8c751f2fc42bd4445fb2521219988e2f10c5840160b22adb586545a5bfa4992d9f1d5269ec6f61655d289c3f86675e7fd7b33231d3a469fcc293c7a126e185129a8225cf8344bc2cfb44560461d46f002de7e6df8d6ab8490f5eadf019963a6d8eca5244d6e56966e15cb70af73ede66fdc1a3dc4d405895497b834f948bdd81a9a72820cacc17c3acef228bd276952f38db3f04ca737eaea511da09e5d842af96c69388c0713522d51ed5e7ecd79a4b3e53777c053091e9091fca6a50c7fb1b0d716af8385a6d8ce7ae03c181ed6fa30dc478abdc98c3c0c2b77256c4b590127923d7330add270b31bc54669c8669f61cd048e16e1e0634417fa3c2a3f06263a448b9762f47df240d5583fef593309d0dce33c523dc2a8a00e6dae3efe27628a36fdf6ac62ff17b33ae4c6918ac52d180cd5e9d02106884bf504d2da6f37c97836873d6ddb263e215c46489dc532e47ee73368e5eae9e04208d2b6dc1a53e68aad7598cecede58c9180bc17df4c54584e968e20b734987665ff70cd02bbd67becf3235cff98653f3cb4f6c9ae81ea408061e320acf2ea6bb33ca5d02a86b35af522b79fe2d7c60d6403eb872e701a37fe2616b47fab880066b0c33ef02e86a178e46a67cfd3ec51ddea347a2b65f0318929cca908abfb41bc8abebf41229b74ff4f8598d3fc5db8339054b4c0214e5fe7a7895dbdca07356fbd4af99d0c7b234a767a74165cf999bb0275170e076417ba61c7608246a3341ed166a5926f6b4548fcaba3bfe19624bb62d9f938afa334208c0e0d4dfc129132e2d1ef0b09dbbe4253e3da1ae5bf1ca74e8844496094ccec61cad55842e59b456f1563858d72aaccfda2faaa22f2edc672af45065fc44f2e3ed8ba3f17c94df1e7267bcc7879f36591007a9028a9e5aef23f0724513bbe2f2f24f6f1699527d2f4561dbb339474d2a6316665591fd5b0093117a48986d132dbf244faab10d56c01f3f51d58eda902506aeda9e912795d2dcbba6dce8584632cb0a7a8187925cd6139d8f608e7a9d8a15a9775107fa830ef168135d651c4403e44400c42aaf2ca1d9a4a8d02d0d5167b2049dee2ecdc44359527c13747b986b1f28fb4a835f2a9757cd5def91271891569ffcaefd39ae222a2f892f2127919b1a8784c83b268ec3db99ebec8b21c6807bf08ea74f7444d87497e75750fe89e9b3541f8112a009c4b113c34bbd43905a5d7fa2d3766f2e0c96e0af6c62a7078f0c2c6d6d4bd03d4a1668f377c7877bf0d99aeea30830cec3e504f181f5a0ac0b43e029af8bd6935ec2fd60aa0f8bf16a2f5f2b9655baafc378e2270d98b72f809248014f36d3062eb76f2bcd2e231b89c68ef32d037b2561829d34171b12c3f90712222325f7868ddface76443a72779679b0400d57a5dac42ad86ae049781bbbc1f78a5f8c22d4e6bf3107e93146f707de3717d2400f06b594c8baa74adefb3d3fafe556f3539d0774955657e8c09de129c253910a13ecedefa83bcf2aab9b55ce72abc621901590e1e42b2e7701b89f4a7c749a3be60940f289c00d1899c3e1556cd2e1ba57018880e67ae0984a6f190f4b9ee1aad50301521f33a8c38eaacd166a40d07b85d4577ef06a620b636d14a472b87d096866ae9aaf3edab0a8f3bd1ae79afcc1c5efce1d5b48e3dd9c5ea49e48f84a1554b7ce2079369f7de520e1785e35af00911a01ab13bfe38458609af3deb317e123b302307d5281221060815697f70c1e29997c83e65bbb7516cd300b015adc17fe7a97d51f2fb1f269919c9d7b29d5353aaa20e1d61bff551c1e4d2237509a354c3c05fe53ca9eca7422e94cc8e238a7ac110aaab22198404d2f662ad98907d0507158c1e253ebdc5bed5e88c1eadcc6d78516c6e5a11369035cf5ed33831b6e627f2c1217ca7cf2b74ffcef56cf1f8cf603a38b7f9c90d23f14e42b245fbfcdfe9c96b0422dc29a1f0c6198b3f3d4e4545a8fe72108561a4c9414ccd14a146b5db8775001e27cdb2515159cf0f66ad5f5a6203d5967f0f718a0a2c5f55c82411f5d393c82d058dc7c3783e6865a124aa19fc8fa65250ad8838b08dba595ac91f16a780c91d9ea63fd593351dab3601bb5c5299167e9caf8d12dfa2030d88a090a67e9cbac05a5b635dafb42960a08355ddaaa7ddfc02871190c979f46d085802162385362afa7724d1542dd472abddaa837a308bb36acc073008bc87fa919eb0dc43addfc33d2b48fdda0884d0be870392e7c2748269e5e53e2670ed8df3282a19bbfff21c5ea8b74bf2eed77931f4e33493e6d29f0fbc3e9cf1e3407291f2e93ab986c3626d76fdd6c4494108b43035b06013c16aa069328002623fc54fdf8c1424a2812f032f1b5a2628778a77bb480feaa5b7b30598e83c46f82018b3250df3698a9fd56709abaf9f61f98e716e942a7de1fb77368a34b8536df856804f75db2e1d82e0de899735091631c7601326658d9787703e54dd1020db61a47ccd872546fc8c0429a63fc9e38d1bb3daa4ff8d88545149fe34204ea69343ae01f6ced1c0b13b47f4e0d91fa84f5d4f5d1269a230d4c135633ffd2e81921805f0be19dba68205b3c58cd20f46723cf8bb743748a582139a7a8f981cfd8b1d32923d6fad1038b56fa2907ffe08fd238ae046d2cc27d860b212b06a9c1e1563e01d85b8a49479227c8cb6fe6d30be7163fd0cb4f9e564a8dde77149f33872e2d185b9384a3d7e38ff28652807698f80ec91bc57dd8092fd93669464eab8f961a8415ee33bd00b215e82310de80a3c6512118285472c218369e38bfafaf252a6f58a50575e968203d8a0d87afbd1dfac35a4c5941dd9a12e07418352d882d72bd30e16efadda8eb5af3df1a62e69efebc852db27ea291c920b149b3149f543e3e4d7eb99d220518156d7c5f7998c0ef9e4d2ac0fcb6066048bf47c1889ac63a8b8187d281122faf25fdba21491639e3d4f06ab1b6b74bd00a262539eb2b2497fc4984c1ab6e45f436df6deec47d027ebbeb6e71b1955ee35b7f6b3214878fd6a2ce2e25df6525e035a293781bfc9f2880fbec70833d51f2c8d4993e7072ab8b80302aee8f8a7c527e609306f23fcbd42a059894c1f0cb101a2e50da44e78561c7414bcd512dc73af5c3b1ddf57d88f73929d24927621a3ab301ac1cdfecc4baff605fabd3ecef083f0e0e161bf44345b5a25bf01b87157eca441d2597d5d11a4fb1530d9b8c05ad132375ddd7901f961a38e5625d9539141bb47262dec278a079eed5fcf9074c9f2fa14c04ad1aaeed154536c1616b41cc8b8e00b7d4a0784647a3447873ee8e346e2158bb1229fde2b08cb3fe2b6a8aa6a30b4b9b2346cc542b91c8ed1626701c22a49a11c8240cdfd596898d9a20b35a941a2162c93db13d5edb485b8dbcb90352997cfd3ca97d54cc83e4c848eca1493669a27650251e2f879cdd7a3afb5dad2f21a1ca22d7a66b174773af68d7aba5fa275a14c6dae1aefd4dec8375c58c120a333640cad4b9be0fdbbe789fdeb3d26c20ca6b9fe6c3c70901855", &(0x7f0000000000)="ef432037e7192efebc3dafac02b9f3a3a377cd6b6229d49a312706e0145e0a3e37aa57140a6a"}}, &(0x7f0000000080)) timer_create(0x3, &(0x7f00000000c0)={0x0, 0x22, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000180)) timer_create(0x3, &(0x7f00000001c0)={0x0, 0x20, 0x0, @thr={&(0x7f0000001380)="ac99b8f468915b064f2ab3ba0840c86560e017eb8866676433f9cab13a1ebbecbc455e59a8215ae81c23578d94954478fa7efa0dd6c57aeb11c523b2d545026afaf38c8c800699b0b8a1d5f8a899c4501941cf1c29a5af587f2e3f8d6445675da788bc736f09aeb8c9a18f31ff25e842186cb67d3545b9ce5477fa2a4ac092f0dbedbe28568062e91d949ad8a5bcf9e28c4b8e79175654ad84aab6c8c3df18dddb5bef984ff98e6583f1f54b2f5821889e451bd169cbce2158b77441b15beab19b68cb5ed79cd14dd157", &(0x7f0000001480)="5f6a607d17f0384d3d21afb85118295311f28d7feacefb1a2954a6f32026e6f53fc793e8b39991a50a85ba53db83d883a113deb276eb36e812b7e7ceff717eac091ba6633c04855c353aead86460ceafcf391a8126bbb14922e543e1652d5b6d40904395404d8619a1ce4f470fa62bf57bf464d5edc371f42297104b9600967705415b191f16bc456c8c84e4b73d064f2cf0210238fd88b231b557d1f85e594859a4281e0651f3ed2828bbe2248fe4494d8ef64aaa192ee0c6d7623b0e22745493e29a35fc1096"}}, &(0x7f0000000200)=0x0) timer_gettime(r1, &(0x7f0000000280)) [ 1002.342156][ T2690] FAULT_INJECTION: forcing a failure. [ 1002.342156][ T2690] name failslab, interval 1, probability 0, space 0, times 0 [ 1002.386080][ T2690] CPU: 0 PID: 2690 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1002.394343][ T2690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1002.404242][ T2690] Call Trace: [ 1002.407358][ T2690] [ 1002.410135][ T2690] dump_stack_lvl+0x151/0x1b7 [ 1002.414652][ T2690] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1002.419949][ T2690] dump_stack+0x15/0x17 [ 1002.423940][ T2690] should_fail+0x3c0/0x510 [ 1002.428190][ T2690] ? alloc_fdtable+0xaf/0x2b0 08:07:34 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x1f000000}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:34 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x1ffff000}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:34 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x20000000}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 1002.432722][ T2690] __should_failslab+0x9f/0xe0 [ 1002.437302][ T2690] should_failslab+0x9/0x20 [ 1002.441648][ T2690] kmem_cache_alloc_trace+0x4a/0x310 [ 1002.446765][ T2690] ? __kasan_check_write+0x14/0x20 [ 1002.451709][ T2690] ? _raw_spin_lock+0xa3/0x1b0 [ 1002.456308][ T2690] alloc_fdtable+0xaf/0x2b0 [ 1002.460646][ T2690] dup_fd+0x781/0xa40 [ 1002.464467][ T2690] ? avc_has_perm+0x16d/0x260 [ 1002.468980][ T2690] copy_files+0xe6/0x200 [ 1002.473057][ T2690] ? perf_event_attrs+0x30/0x30 [ 1002.477743][ T2690] ? dup_task_struct+0xa60/0xa60 [ 1002.482519][ T2690] ? security_task_alloc+0x132/0x150 [ 1002.487641][ T2690] copy_process+0x11e9/0x3250 [ 1002.492151][ T2690] ? check_stack_object+0xf7/0x130 [ 1002.497100][ T2690] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1002.502049][ T2690] ? copy_clone_args_from_user+0x6cf/0x790 [ 1002.507688][ T2690] kernel_clone+0x22d/0x990 [ 1002.512026][ T2690] ? dup_mmap+0xea0/0xea0 [ 1002.516190][ T2690] ? create_io_thread+0x1e0/0x1e0 [ 1002.521056][ T2690] ? file_end_write+0x1b0/0x1b0 [ 1002.525741][ T2690] __x64_sys_clone3+0x375/0x3a0 [ 1002.530434][ T2690] ? __ia32_sys_clone+0x300/0x300 [ 1002.535287][ T2690] ? ksys_write+0x25f/0x2c0 [ 1002.539699][ T2690] ? debug_smp_processor_id+0x17/0x20 [ 1002.544837][ T2690] do_syscall_64+0x44/0xd0 [ 1002.549090][ T2690] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1002.554825][ T2690] RIP: 0033:0x7f495fdbc639 [ 1002.559069][ T2690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1002.578597][ T2690] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1002.586842][ T2690] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1002.594655][ T2690] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1002.602466][ T2690] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1002.610282][ T2690] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1002.618092][ T2690] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1002.626051][ T2690] 08:07:35 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_sco_SCO_CONNINFO(r0, 0x11, 0x2, &(0x7f0000000000)=""/111, &(0x7f0000000080)=0x6f) pipe(&(0x7f0000000100)={0xffffffffffffffff}) fspick(r1, &(0x7f0000000140)='./file0\x00', 0x1) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) 08:07:35 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x40000000}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:35 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) timer_create(0x5, &(0x7f0000000040)={0x0, 0x35, 0x0, @thr={&(0x7f0000000380)="a5675089fc84ef10735b31176d24dc5e6c46f9b1fe8ddb6eb7b2d161be5461f5a4a2f9c9b8dd2cb7caa3b3415d7f3d6c6124db9a34e87bbd3924a8d516524ab62ed307c3d120baf45deb5ca3260317a25eec171e211cd77ea385af5440ed26c9cd9a1ebc7ca9b3842bdd46e46df02ccbcb7382f8fc28842da67a8b71f1558bddb8134d54ab51725ef4b3f120a6c6a15b27889acb4677531ffe9c2e3dd1ec4903ee34b41ee8de6970405960251bf98d18b25d83c2ae9753361b418491d2896c98e43dc2f6cd84a8a4e90f937b73354b7169814c876cf105e059c0722be8de3c3d98b3df3fca7af271e5c7860cf0673319245769ca5bedfa5b5cee1f78a9efa21569ecd4487268e2e3c15153ffc11859a550a451f930b20e5c30e6bc897a8d18dd32847f0d600b6094029b063b254bbc8f9977f3f8646946c8ba84fedf449d5c9b4c20cd9c00ae1db178f944193a39bb6f62ee4435d34696575482fc859b9e79ae899f56f52daf2cbe9962c097739729105e459e7c399e8db2ab76042ee25ac9aaa81cd54f9225fbb4bcf784373828a8faf96f5cb6c96e07fc4a95c081bd7836749e64220ab8119fdbfce8e497e3e5b95cac8699cc8db4f57bc1345c7a9c894c09beda83c3c93d6e0ff8c1a496f91b9a67aabaf57ad77a202b3b31d8170c908444d51e60bbe6092eeaeee0a41d20703f9c982e352f74893dad78004c2adf9d361e06421a61e7838f1ea28833eb86cdfd717efeb6e3411f757588454c82c824bf45b439a112045e21fdc49e4d458a8e3a635a26652f4713dbb3172a7c01f5d87803360ed0b2721dcd36deace7401d00cdc5357944946b1c56f75a18860d06552161d6b27841bac25709b285996aaa78fce6f583515482091ee3716bc47fecd58dceb3580f5759665557555eb761ad20c72bce83b60a380de335d965cc9a8983dfd7cd01332dd7846265e8a638e784d51b9460b58244268f8f4361ac3d258409ae86f6cb431676413920590719c96ac854187c40d380ec4e6b1589833395ec84f8527bf70fa0cb49d915de2c517fdeaeecabcd6fe9a7333a292d871c1e750a6a732ed14d4d1d0ddefa7e06d82568236cb5e87b8905c9f83bbaaa5f27190574f266e2ae41f48367e9c35f851cc1c0b7149629c701c10d030a3e7bbe36ca3624c7ccd2173a652faa3985c07a9d376c6928f29d5a9fd92c9f6d792924fd24912fbf1636b20ac1b7fd4e001748ae17472660fa710528aca8f4c81f87f06f0f13f7c3552f6a7491b160e29e207f77a6e9caa8642645a65073c0a02e0fdb533efbff0abb134c9b1fb7b955bf5b2e1e7e07d445f341c5123606746ddbb7e7e42cd485fe84a434b6aaaff4534e28a62243b1bcad1a0dcc95477db403f3e4975d35fb243472fc34529065a5e703280c0dba6cbe957ef2c1d7add90fd24623ab9fad0ef814228a0ff079a1b9d31625166bb3015bc3c720b46b1adbd20359bbb36253c1f1707574c2ff4dcf06674ab26c04be12210e5a109da4bbccfe8814ff905d33cd503b586b4728bda81732f42d5b6254eba6636364014c69dab9e7e7fdc1c7c8170a9f47f8e07500c0af2f8b1cb157e9ab5e2c31943468ee02d672c3885d9431e06ce6a6afaba63ab00715c5e4263db599a23126b056cfa3d8c53b95b54bfb799cc243ab9a351659c3918ed60cbcc3945bfcccd0f18d902f8bd40f4d1974b52b855cf6a6c9f43d54f0c9cb768e3d804ed64c82e47927850b2db81336bf936aa12f86497cce65dbeca1e3095b48424ebfe31beb604080eb5cc972881ddd8dd9a844f09d6c4cf3f405855d72372ecae38632e413a9823f9134a031491677d15390380b0a4abeebf881901c0b23b3c3cc2cbe8a4688f1b4957f391e717cd436a09aaa971961d608ac458715d79ef32ce2dd117c3ce726db30cff0e2405f7c4a79d85f561a9134b24e6977b8b365eed6e630ec83c088c282e53ef8fb6ad9eb43cb5d5e9ec50ee0d529ec56ec9ad248a41e54e8f4020f6eb16db43eba4691831bf073da606f043deabcff4d124afb10528367e2c5b4e006390e42f9310ab8fa0ae154c31b120282fc4e472ddad42796c88cfc52e55767abf2a0e648b9e95366fe4c944699a2b24fedb9376b0f5733b6373a546cd7eb70c275b64fad411219379c814abeedd7ffacdc9fa3151e31e44cfb0ce07d8ae3de325e2afb7af239291e12f6b70c3168b8de39ea4129f37f72bc9914054de6261716533375359410f0ba11f8c751f2fc42bd4445fb2521219988e2f10c5840160b22adb586545a5bfa4992d9f1d5269ec6f61655d289c3f86675e7fd7b33231d3a469fcc293c7a126e185129a8225cf8344bc2cfb44560461d46f002de7e6df8d6ab8490f5eadf019963a6d8eca5244d6e56966e15cb70af73ede66fdc1a3dc4d405895497b834f948bdd81a9a72820cacc17c3acef228bd276952f38db3f04ca737eaea511da09e5d842af96c69388c0713522d51ed5e7ecd79a4b3e53777c053091e9091fca6a50c7fb1b0d716af8385a6d8ce7ae03c181ed6fa30dc478abdc98c3c0c2b77256c4b590127923d7330add270b31bc54669c8669f61cd048e16e1e0634417fa3c2a3f06263a448b9762f47df240d5583fef593309d0dce33c523dc2a8a00e6dae3efe27628a36fdf6ac62ff17b33ae4c6918ac52d180cd5e9d02106884bf504d2da6f37c97836873d6ddb263e215c46489dc532e47ee73368e5eae9e04208d2b6dc1a53e68aad7598cecede58c9180bc17df4c54584e968e20b734987665ff70cd02bbd67becf3235cff98653f3cb4f6c9ae81ea408061e320acf2ea6bb33ca5d02a86b35af522b79fe2d7c60d6403eb872e701a37fe2616b47fab880066b0c33ef02e86a178e46a67cfd3ec51ddea347a2b65f0318929cca908abfb41bc8abebf41229b74ff4f8598d3fc5db8339054b4c0214e5fe7a7895dbdca07356fbd4af99d0c7b234a767a74165cf999bb0275170e076417ba61c7608246a3341ed166a5926f6b4548fcaba3bfe19624bb62d9f938afa334208c0e0d4dfc129132e2d1ef0b09dbbe4253e3da1ae5bf1ca74e8844496094ccec61cad55842e59b456f1563858d72aaccfda2faaa22f2edc672af45065fc44f2e3ed8ba3f17c94df1e7267bcc7879f36591007a9028a9e5aef23f0724513bbe2f2f24f6f1699527d2f4561dbb339474d2a6316665591fd5b0093117a48986d132dbf244faab10d56c01f3f51d58eda902506aeda9e912795d2dcbba6dce8584632cb0a7a8187925cd6139d8f608e7a9d8a15a9775107fa830ef168135d651c4403e44400c42aaf2ca1d9a4a8d02d0d5167b2049dee2ecdc44359527c13747b986b1f28fb4a835f2a9757cd5def91271891569ffcaefd39ae222a2f892f2127919b1a8784c83b268ec3db99ebec8b21c6807bf08ea74f7444d87497e75750fe89e9b3541f8112a009c4b113c34bbd43905a5d7fa2d3766f2e0c96e0af6c62a7078f0c2c6d6d4bd03d4a1668f377c7877bf0d99aeea30830cec3e504f181f5a0ac0b43e029af8bd6935ec2fd60aa0f8bf16a2f5f2b9655baafc378e2270d98b72f809248014f36d3062eb76f2bcd2e231b89c68ef32d037b2561829d34171b12c3f90712222325f7868ddface76443a72779679b0400d57a5dac42ad86ae049781bbbc1f78a5f8c22d4e6bf3107e93146f707de3717d2400f06b594c8baa74adefb3d3fafe556f3539d0774955657e8c09de129c253910a13ecedefa83bcf2aab9b55ce72abc621901590e1e42b2e7701b89f4a7c749a3be60940f289c00d1899c3e1556cd2e1ba57018880e67ae0984a6f190f4b9ee1aad50301521f33a8c38eaacd166a40d07b85d4577ef06a620b636d14a472b87d096866ae9aaf3edab0a8f3bd1ae79afcc1c5efce1d5b48e3dd9c5ea49e48f84a1554b7ce2079369f7de520e1785e35af00911a01ab13bfe38458609af3deb317e123b302307d5281221060815697f70c1e29997c83e65bbb7516cd300b015adc17fe7a97d51f2fb1f269919c9d7b29d5353aaa20e1d61bff551c1e4d2237509a354c3c05fe53ca9eca7422e94cc8e238a7ac110aaab22198404d2f662ad98907d0507158c1e253ebdc5bed5e88c1eadcc6d78516c6e5a11369035cf5ed33831b6e627f2c1217ca7cf2b74ffcef56cf1f8cf603a38b7f9c90d23f14e42b245fbfcdfe9c96b0422dc29a1f0c6198b3f3d4e4545a8fe72108561a4c9414ccd14a146b5db8775001e27cdb2515159cf0f66ad5f5a6203d5967f0f718a0a2c5f55c82411f5d393c82d058dc7c3783e6865a124aa19fc8fa65250ad8838b08dba595ac91f16a780c91d9ea63fd593351dab3601bb5c5299167e9caf8d12dfa2030d88a090a67e9cbac05a5b635dafb42960a08355ddaaa7ddfc02871190c979f46d085802162385362afa7724d1542dd472abddaa837a308bb36acc073008bc87fa919eb0dc43addfc33d2b48fdda0884d0be870392e7c2748269e5e53e2670ed8df3282a19bbfff21c5ea8b74bf2eed77931f4e33493e6d29f0fbc3e9cf1e3407291f2e93ab986c3626d76fdd6c4494108b43035b06013c16aa069328002623fc54fdf8c1424a2812f032f1b5a2628778a77bb480feaa5b7b30598e83c46f82018b3250df3698a9fd56709abaf9f61f98e716e942a7de1fb77368a34b8536df856804f75db2e1d82e0de899735091631c7601326658d9787703e54dd1020db61a47ccd872546fc8c0429a63fc9e38d1bb3daa4ff8d88545149fe34204ea69343ae01f6ced1c0b13b47f4e0d91fa84f5d4f5d1269a230d4c135633ffd2e81921805f0be19dba68205b3c58cd20f46723cf8bb743748a582139a7a8f981cfd8b1d32923d6fad1038b56fa2907ffe08fd238ae046d2cc27d860b212b06a9c1e1563e01d85b8a49479227c8cb6fe6d30be7163fd0cb4f9e564a8dde77149f33872e2d185b9384a3d7e38ff28652807698f80ec91bc57dd8092fd93669464eab8f961a8415ee33bd00b215e82310de80a3c6512118285472c218369e38bfafaf252a6f58a50575e968203d8a0d87afbd1dfac35a4c5941dd9a12e07418352d882d72bd30e16efadda8eb5af3df1a62e69efebc852db27ea291c920b149b3149f543e3e4d7eb99d220518156d7c5f7998c0ef9e4d2ac0fcb6066048bf47c1889ac63a8b8187d281122faf25fdba21491639e3d4f06ab1b6b74bd00a262539eb2b2497fc4984c1ab6e45f436df6deec47d027ebbeb6e71b1955ee35b7f6b3214878fd6a2ce2e25df6525e035a293781bfc9f2880fbec70833d51f2c8d4993e7072ab8b80302aee8f8a7c527e609306f23fcbd42a059894c1f0cb101a2e50da44e78561c7414bcd512dc73af5c3b1ddf57d88f73929d24927621a3ab301ac1cdfecc4baff605fabd3ecef083f0e0e161bf44345b5a25bf01b87157eca441d2597d5d11a4fb1530d9b8c05ad132375ddd7901f961a38e5625d9539141bb47262dec278a079eed5fcf9074c9f2fa14c04ad1aaeed154536c1616b41cc8b8e00b7d4a0784647a3447873ee8e346e2158bb1229fde2b08cb3fe2b6a8aa6a30b4b9b2346cc542b91c8ed1626701c22a49a11c8240cdfd596898d9a20b35a941a2162c93db13d5edb485b8dbcb90352997cfd3ca97d54cc83e4c848eca1493669a27650251e2f879cdd7a3afb5dad2f21a1ca22d7a66b174773af68d7aba5fa275a14c6dae1aefd4dec8375c58c120a333640cad4b9be0fdbbe789fdeb3d26c20ca6b9fe6c3c70901855", &(0x7f0000000000)="ef432037e7192efebc3dafac02b9f3a3a377cd6b6229d49a312706e0145e0a3e37aa57140a6a"}}, &(0x7f0000000080)) timer_create(0x3, &(0x7f00000000c0)={0x0, 0x22, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000180)) timer_create(0x3, &(0x7f00000001c0)={0x0, 0x20, 0x0, @thr={&(0x7f0000001380)="ac99b8f468915b064f2ab3ba0840c86560e017eb8866676433f9cab13a1ebbecbc455e59a8215ae81c23578d94954478fa7efa0dd6c57aeb11c523b2d545026afaf38c8c800699b0b8a1d5f8a899c4501941cf1c29a5af587f2e3f8d6445675da788bc736f09aeb8c9a18f31ff25e842186cb67d3545b9ce5477fa2a4ac092f0dbedbe28568062e91d949ad8a5bcf9e28c4b8e79175654ad84aab6c8c3df18dddb5bef984ff98e6583f1f54b2f5821889e451bd169cbce2158b77441b15beab19b68cb5ed79cd14dd157", &(0x7f0000001480)="5f6a607d17f0384d3d21afb85118295311f28d7feacefb1a2954a6f32026e6f53fc793e8b39991a50a85ba53db83d883a113deb276eb36e812b7e7ceff717eac091ba6633c04855c353aead86460ceafcf391a8126bbb14922e543e1652d5b6d40904395404d8619a1ce4f470fa62bf57bf464d5edc371f42297104b9600967705415b191f16bc456c8c84e4b73d064f2cf0210238fd88b231b557d1f85e594859a4281e0651f3ed2828bbe2248fe4494d8ef64aaa192ee0c6d7623b0e22745493e29a35fc1096"}}, &(0x7f0000000200)=0x0) timer_gettime(r1, &(0x7f0000000280)) timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) (async) timer_delete(r0) (async) timer_create(0x5, &(0x7f0000000040)={0x0, 0x35, 0x0, @thr={&(0x7f0000000380)="a5675089fc84ef10735b31176d24dc5e6c46f9b1fe8ddb6eb7b2d161be5461f5a4a2f9c9b8dd2cb7caa3b3415d7f3d6c6124db9a34e87bbd3924a8d516524ab62ed307c3d120baf45deb5ca3260317a25eec171e211cd77ea385af5440ed26c9cd9a1ebc7ca9b3842bdd46e46df02ccbcb7382f8fc28842da67a8b71f1558bddb8134d54ab51725ef4b3f120a6c6a15b27889acb4677531ffe9c2e3dd1ec4903ee34b41ee8de6970405960251bf98d18b25d83c2ae9753361b418491d2896c98e43dc2f6cd84a8a4e90f937b73354b7169814c876cf105e059c0722be8de3c3d98b3df3fca7af271e5c7860cf0673319245769ca5bedfa5b5cee1f78a9efa21569ecd4487268e2e3c15153ffc11859a550a451f930b20e5c30e6bc897a8d18dd32847f0d600b6094029b063b254bbc8f9977f3f8646946c8ba84fedf449d5c9b4c20cd9c00ae1db178f944193a39bb6f62ee4435d34696575482fc859b9e79ae899f56f52daf2cbe9962c097739729105e459e7c399e8db2ab76042ee25ac9aaa81cd54f9225fbb4bcf784373828a8faf96f5cb6c96e07fc4a95c081bd7836749e64220ab8119fdbfce8e497e3e5b95cac8699cc8db4f57bc1345c7a9c894c09beda83c3c93d6e0ff8c1a496f91b9a67aabaf57ad77a202b3b31d8170c908444d51e60bbe6092eeaeee0a41d20703f9c982e352f74893dad78004c2adf9d361e06421a61e7838f1ea28833eb86cdfd717efeb6e3411f757588454c82c824bf45b439a112045e21fdc49e4d458a8e3a635a26652f4713dbb3172a7c01f5d87803360ed0b2721dcd36deace7401d00cdc5357944946b1c56f75a18860d06552161d6b27841bac25709b285996aaa78fce6f583515482091ee3716bc47fecd58dceb3580f5759665557555eb761ad20c72bce83b60a380de335d965cc9a8983dfd7cd01332dd7846265e8a638e784d51b9460b58244268f8f4361ac3d258409ae86f6cb431676413920590719c96ac854187c40d380ec4e6b1589833395ec84f8527bf70fa0cb49d915de2c517fdeaeecabcd6fe9a7333a292d871c1e750a6a732ed14d4d1d0ddefa7e06d82568236cb5e87b8905c9f83bbaaa5f27190574f266e2ae41f48367e9c35f851cc1c0b7149629c701c10d030a3e7bbe36ca3624c7ccd2173a652faa3985c07a9d376c6928f29d5a9fd92c9f6d792924fd24912fbf1636b20ac1b7fd4e001748ae17472660fa710528aca8f4c81f87f06f0f13f7c3552f6a7491b160e29e207f77a6e9caa8642645a65073c0a02e0fdb533efbff0abb134c9b1fb7b955bf5b2e1e7e07d445f341c5123606746ddbb7e7e42cd485fe84a434b6aaaff4534e28a62243b1bcad1a0dcc95477db403f3e4975d35fb243472fc34529065a5e703280c0dba6cbe957ef2c1d7add90fd24623ab9fad0ef814228a0ff079a1b9d31625166bb3015bc3c720b46b1adbd20359bbb36253c1f1707574c2ff4dcf06674ab26c04be12210e5a109da4bbccfe8814ff905d33cd503b586b4728bda81732f42d5b6254eba6636364014c69dab9e7e7fdc1c7c8170a9f47f8e07500c0af2f8b1cb157e9ab5e2c31943468ee02d672c3885d9431e06ce6a6afaba63ab00715c5e4263db599a23126b056cfa3d8c53b95b54bfb799cc243ab9a351659c3918ed60cbcc3945bfcccd0f18d902f8bd40f4d1974b52b855cf6a6c9f43d54f0c9cb768e3d804ed64c82e47927850b2db81336bf936aa12f86497cce65dbeca1e3095b48424ebfe31beb604080eb5cc972881ddd8dd9a844f09d6c4cf3f405855d72372ecae38632e413a9823f9134a031491677d15390380b0a4abeebf881901c0b23b3c3cc2cbe8a4688f1b4957f391e717cd436a09aaa971961d608ac458715d79ef32ce2dd117c3ce726db30cff0e2405f7c4a79d85f561a9134b24e6977b8b365eed6e630ec83c088c282e53ef8fb6ad9eb43cb5d5e9ec50ee0d529ec56ec9ad248a41e54e8f4020f6eb16db43eba4691831bf073da606f043deabcff4d124afb10528367e2c5b4e006390e42f9310ab8fa0ae154c31b120282fc4e472ddad42796c88cfc52e55767abf2a0e648b9e95366fe4c944699a2b24fedb9376b0f5733b6373a546cd7eb70c275b64fad411219379c814abeedd7ffacdc9fa3151e31e44cfb0ce07d8ae3de325e2afb7af239291e12f6b70c3168b8de39ea4129f37f72bc9914054de6261716533375359410f0ba11f8c751f2fc42bd4445fb2521219988e2f10c5840160b22adb586545a5bfa4992d9f1d5269ec6f61655d289c3f86675e7fd7b33231d3a469fcc293c7a126e185129a8225cf8344bc2cfb44560461d46f002de7e6df8d6ab8490f5eadf019963a6d8eca5244d6e56966e15cb70af73ede66fdc1a3dc4d405895497b834f948bdd81a9a72820cacc17c3acef228bd276952f38db3f04ca737eaea511da09e5d842af96c69388c0713522d51ed5e7ecd79a4b3e53777c053091e9091fca6a50c7fb1b0d716af8385a6d8ce7ae03c181ed6fa30dc478abdc98c3c0c2b77256c4b590127923d7330add270b31bc54669c8669f61cd048e16e1e0634417fa3c2a3f06263a448b9762f47df240d5583fef593309d0dce33c523dc2a8a00e6dae3efe27628a36fdf6ac62ff17b33ae4c6918ac52d180cd5e9d02106884bf504d2da6f37c97836873d6ddb263e215c46489dc532e47ee73368e5eae9e04208d2b6dc1a53e68aad7598cecede58c9180bc17df4c54584e968e20b734987665ff70cd02bbd67becf3235cff98653f3cb4f6c9ae81ea408061e320acf2ea6bb33ca5d02a86b35af522b79fe2d7c60d6403eb872e701a37fe2616b47fab880066b0c33ef02e86a178e46a67cfd3ec51ddea347a2b65f0318929cca908abfb41bc8abebf41229b74ff4f8598d3fc5db8339054b4c0214e5fe7a7895dbdca07356fbd4af99d0c7b234a767a74165cf999bb0275170e076417ba61c7608246a3341ed166a5926f6b4548fcaba3bfe19624bb62d9f938afa334208c0e0d4dfc129132e2d1ef0b09dbbe4253e3da1ae5bf1ca74e8844496094ccec61cad55842e59b456f1563858d72aaccfda2faaa22f2edc672af45065fc44f2e3ed8ba3f17c94df1e7267bcc7879f36591007a9028a9e5aef23f0724513bbe2f2f24f6f1699527d2f4561dbb339474d2a6316665591fd5b0093117a48986d132dbf244faab10d56c01f3f51d58eda902506aeda9e912795d2dcbba6dce8584632cb0a7a8187925cd6139d8f608e7a9d8a15a9775107fa830ef168135d651c4403e44400c42aaf2ca1d9a4a8d02d0d5167b2049dee2ecdc44359527c13747b986b1f28fb4a835f2a9757cd5def91271891569ffcaefd39ae222a2f892f2127919b1a8784c83b268ec3db99ebec8b21c6807bf08ea74f7444d87497e75750fe89e9b3541f8112a009c4b113c34bbd43905a5d7fa2d3766f2e0c96e0af6c62a7078f0c2c6d6d4bd03d4a1668f377c7877bf0d99aeea30830cec3e504f181f5a0ac0b43e029af8bd6935ec2fd60aa0f8bf16a2f5f2b9655baafc378e2270d98b72f809248014f36d3062eb76f2bcd2e231b89c68ef32d037b2561829d34171b12c3f90712222325f7868ddface76443a72779679b0400d57a5dac42ad86ae049781bbbc1f78a5f8c22d4e6bf3107e93146f707de3717d2400f06b594c8baa74adefb3d3fafe556f3539d0774955657e8c09de129c253910a13ecedefa83bcf2aab9b55ce72abc621901590e1e42b2e7701b89f4a7c749a3be60940f289c00d1899c3e1556cd2e1ba57018880e67ae0984a6f190f4b9ee1aad50301521f33a8c38eaacd166a40d07b85d4577ef06a620b636d14a472b87d096866ae9aaf3edab0a8f3bd1ae79afcc1c5efce1d5b48e3dd9c5ea49e48f84a1554b7ce2079369f7de520e1785e35af00911a01ab13bfe38458609af3deb317e123b302307d5281221060815697f70c1e29997c83e65bbb7516cd300b015adc17fe7a97d51f2fb1f269919c9d7b29d5353aaa20e1d61bff551c1e4d2237509a354c3c05fe53ca9eca7422e94cc8e238a7ac110aaab22198404d2f662ad98907d0507158c1e253ebdc5bed5e88c1eadcc6d78516c6e5a11369035cf5ed33831b6e627f2c1217ca7cf2b74ffcef56cf1f8cf603a38b7f9c90d23f14e42b245fbfcdfe9c96b0422dc29a1f0c6198b3f3d4e4545a8fe72108561a4c9414ccd14a146b5db8775001e27cdb2515159cf0f66ad5f5a6203d5967f0f718a0a2c5f55c82411f5d393c82d058dc7c3783e6865a124aa19fc8fa65250ad8838b08dba595ac91f16a780c91d9ea63fd593351dab3601bb5c5299167e9caf8d12dfa2030d88a090a67e9cbac05a5b635dafb42960a08355ddaaa7ddfc02871190c979f46d085802162385362afa7724d1542dd472abddaa837a308bb36acc073008bc87fa919eb0dc43addfc33d2b48fdda0884d0be870392e7c2748269e5e53e2670ed8df3282a19bbfff21c5ea8b74bf2eed77931f4e33493e6d29f0fbc3e9cf1e3407291f2e93ab986c3626d76fdd6c4494108b43035b06013c16aa069328002623fc54fdf8c1424a2812f032f1b5a2628778a77bb480feaa5b7b30598e83c46f82018b3250df3698a9fd56709abaf9f61f98e716e942a7de1fb77368a34b8536df856804f75db2e1d82e0de899735091631c7601326658d9787703e54dd1020db61a47ccd872546fc8c0429a63fc9e38d1bb3daa4ff8d88545149fe34204ea69343ae01f6ced1c0b13b47f4e0d91fa84f5d4f5d1269a230d4c135633ffd2e81921805f0be19dba68205b3c58cd20f46723cf8bb743748a582139a7a8f981cfd8b1d32923d6fad1038b56fa2907ffe08fd238ae046d2cc27d860b212b06a9c1e1563e01d85b8a49479227c8cb6fe6d30be7163fd0cb4f9e564a8dde77149f33872e2d185b9384a3d7e38ff28652807698f80ec91bc57dd8092fd93669464eab8f961a8415ee33bd00b215e82310de80a3c6512118285472c218369e38bfafaf252a6f58a50575e968203d8a0d87afbd1dfac35a4c5941dd9a12e07418352d882d72bd30e16efadda8eb5af3df1a62e69efebc852db27ea291c920b149b3149f543e3e4d7eb99d220518156d7c5f7998c0ef9e4d2ac0fcb6066048bf47c1889ac63a8b8187d281122faf25fdba21491639e3d4f06ab1b6b74bd00a262539eb2b2497fc4984c1ab6e45f436df6deec47d027ebbeb6e71b1955ee35b7f6b3214878fd6a2ce2e25df6525e035a293781bfc9f2880fbec70833d51f2c8d4993e7072ab8b80302aee8f8a7c527e609306f23fcbd42a059894c1f0cb101a2e50da44e78561c7414bcd512dc73af5c3b1ddf57d88f73929d24927621a3ab301ac1cdfecc4baff605fabd3ecef083f0e0e161bf44345b5a25bf01b87157eca441d2597d5d11a4fb1530d9b8c05ad132375ddd7901f961a38e5625d9539141bb47262dec278a079eed5fcf9074c9f2fa14c04ad1aaeed154536c1616b41cc8b8e00b7d4a0784647a3447873ee8e346e2158bb1229fde2b08cb3fe2b6a8aa6a30b4b9b2346cc542b91c8ed1626701c22a49a11c8240cdfd596898d9a20b35a941a2162c93db13d5edb485b8dbcb90352997cfd3ca97d54cc83e4c848eca1493669a27650251e2f879cdd7a3afb5dad2f21a1ca22d7a66b174773af68d7aba5fa275a14c6dae1aefd4dec8375c58c120a333640cad4b9be0fdbbe789fdeb3d26c20ca6b9fe6c3c70901855", &(0x7f0000000000)="ef432037e7192efebc3dafac02b9f3a3a377cd6b6229d49a312706e0145e0a3e37aa57140a6a"}}, &(0x7f0000000080)) (async) timer_create(0x3, &(0x7f00000000c0)={0x0, 0x22, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000180)) (async) timer_create(0x3, &(0x7f00000001c0)={0x0, 0x20, 0x0, @thr={&(0x7f0000001380)="ac99b8f468915b064f2ab3ba0840c86560e017eb8866676433f9cab13a1ebbecbc455e59a8215ae81c23578d94954478fa7efa0dd6c57aeb11c523b2d545026afaf38c8c800699b0b8a1d5f8a899c4501941cf1c29a5af587f2e3f8d6445675da788bc736f09aeb8c9a18f31ff25e842186cb67d3545b9ce5477fa2a4ac092f0dbedbe28568062e91d949ad8a5bcf9e28c4b8e79175654ad84aab6c8c3df18dddb5bef984ff98e6583f1f54b2f5821889e451bd169cbce2158b77441b15beab19b68cb5ed79cd14dd157", &(0x7f0000001480)="5f6a607d17f0384d3d21afb85118295311f28d7feacefb1a2954a6f32026e6f53fc793e8b39991a50a85ba53db83d883a113deb276eb36e812b7e7ceff717eac091ba6633c04855c353aead86460ceafcf391a8126bbb14922e543e1652d5b6d40904395404d8619a1ce4f470fa62bf57bf464d5edc371f42297104b9600967705415b191f16bc456c8c84e4b73d064f2cf0210238fd88b231b557d1f85e594859a4281e0651f3ed2828bbe2248fe4494d8ef64aaa192ee0c6d7623b0e22745493e29a35fc1096"}}, &(0x7f0000000200)) (async) timer_gettime(r1, &(0x7f0000000280)) (async) 08:07:35 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 21) 08:07:35 executing program 5: syz_clone3(&(0x7f00000029c0)={0x41222000, 0x0, 0x0, 0x0, {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:35 executing program 2: syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:35 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) timer_create(0x5, &(0x7f0000000040)={0x0, 0x35, 0x0, @thr={&(0x7f0000000380)="a5675089fc84ef10735b31176d24dc5e6c46f9b1fe8ddb6eb7b2d161be5461f5a4a2f9c9b8dd2cb7caa3b3415d7f3d6c6124db9a34e87bbd3924a8d516524ab62ed307c3d120baf45deb5ca3260317a25eec171e211cd77ea385af5440ed26c9cd9a1ebc7ca9b3842bdd46e46df02ccbcb7382f8fc28842da67a8b71f1558bddb8134d54ab51725ef4b3f120a6c6a15b27889acb4677531ffe9c2e3dd1ec4903ee34b41ee8de6970405960251bf98d18b25d83c2ae9753361b418491d2896c98e43dc2f6cd84a8a4e90f937b73354b7169814c876cf105e059c0722be8de3c3d98b3df3fca7af271e5c7860cf0673319245769ca5bedfa5b5cee1f78a9efa21569ecd4487268e2e3c15153ffc11859a550a451f930b20e5c30e6bc897a8d18dd32847f0d600b6094029b063b254bbc8f9977f3f8646946c8ba84fedf449d5c9b4c20cd9c00ae1db178f944193a39bb6f62ee4435d34696575482fc859b9e79ae899f56f52daf2cbe9962c097739729105e459e7c399e8db2ab76042ee25ac9aaa81cd54f9225fbb4bcf784373828a8faf96f5cb6c96e07fc4a95c081bd7836749e64220ab8119fdbfce8e497e3e5b95cac8699cc8db4f57bc1345c7a9c894c09beda83c3c93d6e0ff8c1a496f91b9a67aabaf57ad77a202b3b31d8170c908444d51e60bbe6092eeaeee0a41d20703f9c982e352f74893dad78004c2adf9d361e06421a61e7838f1ea28833eb86cdfd717efeb6e3411f757588454c82c824bf45b439a112045e21fdc49e4d458a8e3a635a26652f4713dbb3172a7c01f5d87803360ed0b2721dcd36deace7401d00cdc5357944946b1c56f75a18860d06552161d6b27841bac25709b285996aaa78fce6f583515482091ee3716bc47fecd58dceb3580f5759665557555eb761ad20c72bce83b60a380de335d965cc9a8983dfd7cd01332dd7846265e8a638e784d51b9460b58244268f8f4361ac3d258409ae86f6cb431676413920590719c96ac854187c40d380ec4e6b1589833395ec84f8527bf70fa0cb49d915de2c517fdeaeecabcd6fe9a7333a292d871c1e750a6a732ed14d4d1d0ddefa7e06d82568236cb5e87b8905c9f83bbaaa5f27190574f266e2ae41f48367e9c35f851cc1c0b7149629c701c10d030a3e7bbe36ca3624c7ccd2173a652faa3985c07a9d376c6928f29d5a9fd92c9f6d792924fd24912fbf1636b20ac1b7fd4e001748ae17472660fa710528aca8f4c81f87f06f0f13f7c3552f6a7491b160e29e207f77a6e9caa8642645a65073c0a02e0fdb533efbff0abb134c9b1fb7b955bf5b2e1e7e07d445f341c5123606746ddbb7e7e42cd485fe84a434b6aaaff4534e28a62243b1bcad1a0dcc95477db403f3e4975d35fb243472fc34529065a5e703280c0dba6cbe957ef2c1d7add90fd24623ab9fad0ef814228a0ff079a1b9d31625166bb3015bc3c720b46b1adbd20359bbb36253c1f1707574c2ff4dcf06674ab26c04be12210e5a109da4bbccfe8814ff905d33cd503b586b4728bda81732f42d5b6254eba6636364014c69dab9e7e7fdc1c7c8170a9f47f8e07500c0af2f8b1cb157e9ab5e2c31943468ee02d672c3885d9431e06ce6a6afaba63ab00715c5e4263db599a23126b056cfa3d8c53b95b54bfb799cc243ab9a351659c3918ed60cbcc3945bfcccd0f18d902f8bd40f4d1974b52b855cf6a6c9f43d54f0c9cb768e3d804ed64c82e47927850b2db81336bf936aa12f86497cce65dbeca1e3095b48424ebfe31beb604080eb5cc972881ddd8dd9a844f09d6c4cf3f405855d72372ecae38632e413a9823f9134a031491677d15390380b0a4abeebf881901c0b23b3c3cc2cbe8a4688f1b4957f391e717cd436a09aaa971961d608ac458715d79ef32ce2dd117c3ce726db30cff0e2405f7c4a79d85f561a9134b24e6977b8b365eed6e630ec83c088c282e53ef8fb6ad9eb43cb5d5e9ec50ee0d529ec56ec9ad248a41e54e8f4020f6eb16db43eba4691831bf073da606f043deabcff4d124afb10528367e2c5b4e006390e42f9310ab8fa0ae154c31b120282fc4e472ddad42796c88cfc52e55767abf2a0e648b9e95366fe4c944699a2b24fedb9376b0f5733b6373a546cd7eb70c275b64fad411219379c814abeedd7ffacdc9fa3151e31e44cfb0ce07d8ae3de325e2afb7af239291e12f6b70c3168b8de39ea4129f37f72bc9914054de6261716533375359410f0ba11f8c751f2fc42bd4445fb2521219988e2f10c5840160b22adb586545a5bfa4992d9f1d5269ec6f61655d289c3f86675e7fd7b33231d3a469fcc293c7a126e185129a8225cf8344bc2cfb44560461d46f002de7e6df8d6ab8490f5eadf019963a6d8eca5244d6e56966e15cb70af73ede66fdc1a3dc4d405895497b834f948bdd81a9a72820cacc17c3acef228bd276952f38db3f04ca737eaea511da09e5d842af96c69388c0713522d51ed5e7ecd79a4b3e53777c053091e9091fca6a50c7fb1b0d716af8385a6d8ce7ae03c181ed6fa30dc478abdc98c3c0c2b77256c4b590127923d7330add270b31bc54669c8669f61cd048e16e1e0634417fa3c2a3f06263a448b9762f47df240d5583fef593309d0dce33c523dc2a8a00e6dae3efe27628a36fdf6ac62ff17b33ae4c6918ac52d180cd5e9d02106884bf504d2da6f37c97836873d6ddb263e215c46489dc532e47ee73368e5eae9e04208d2b6dc1a53e68aad7598cecede58c9180bc17df4c54584e968e20b734987665ff70cd02bbd67becf3235cff98653f3cb4f6c9ae81ea408061e320acf2ea6bb33ca5d02a86b35af522b79fe2d7c60d6403eb872e701a37fe2616b47fab880066b0c33ef02e86a178e46a67cfd3ec51ddea347a2b65f0318929cca908abfb41bc8abebf41229b74ff4f8598d3fc5db8339054b4c0214e5fe7a7895dbdca07356fbd4af99d0c7b234a767a74165cf999bb0275170e076417ba61c7608246a3341ed166a5926f6b4548fcaba3bfe19624bb62d9f938afa334208c0e0d4dfc129132e2d1ef0b09dbbe4253e3da1ae5bf1ca74e8844496094ccec61cad55842e59b456f1563858d72aaccfda2faaa22f2edc672af45065fc44f2e3ed8ba3f17c94df1e7267bcc7879f36591007a9028a9e5aef23f0724513bbe2f2f24f6f1699527d2f4561dbb339474d2a6316665591fd5b0093117a48986d132dbf244faab10d56c01f3f51d58eda902506aeda9e912795d2dcbba6dce8584632cb0a7a8187925cd6139d8f608e7a9d8a15a9775107fa830ef168135d651c4403e44400c42aaf2ca1d9a4a8d02d0d5167b2049dee2ecdc44359527c13747b986b1f28fb4a835f2a9757cd5def91271891569ffcaefd39ae222a2f892f2127919b1a8784c83b268ec3db99ebec8b21c6807bf08ea74f7444d87497e75750fe89e9b3541f8112a009c4b113c34bbd43905a5d7fa2d3766f2e0c96e0af6c62a7078f0c2c6d6d4bd03d4a1668f377c7877bf0d99aeea30830cec3e504f181f5a0ac0b43e029af8bd6935ec2fd60aa0f8bf16a2f5f2b9655baafc378e2270d98b72f809248014f36d3062eb76f2bcd2e231b89c68ef32d037b2561829d34171b12c3f90712222325f7868ddface76443a72779679b0400d57a5dac42ad86ae049781bbbc1f78a5f8c22d4e6bf3107e93146f707de3717d2400f06b594c8baa74adefb3d3fafe556f3539d0774955657e8c09de129c253910a13ecedefa83bcf2aab9b55ce72abc621901590e1e42b2e7701b89f4a7c749a3be60940f289c00d1899c3e1556cd2e1ba57018880e67ae0984a6f190f4b9ee1aad50301521f33a8c38eaacd166a40d07b85d4577ef06a620b636d14a472b87d096866ae9aaf3edab0a8f3bd1ae79afcc1c5efce1d5b48e3dd9c5ea49e48f84a1554b7ce2079369f7de520e1785e35af00911a01ab13bfe38458609af3deb317e123b302307d5281221060815697f70c1e29997c83e65bbb7516cd300b015adc17fe7a97d51f2fb1f269919c9d7b29d5353aaa20e1d61bff551c1e4d2237509a354c3c05fe53ca9eca7422e94cc8e238a7ac110aaab22198404d2f662ad98907d0507158c1e253ebdc5bed5e88c1eadcc6d78516c6e5a11369035cf5ed33831b6e627f2c1217ca7cf2b74ffcef56cf1f8cf603a38b7f9c90d23f14e42b245fbfcdfe9c96b0422dc29a1f0c6198b3f3d4e4545a8fe72108561a4c9414ccd14a146b5db8775001e27cdb2515159cf0f66ad5f5a6203d5967f0f718a0a2c5f55c82411f5d393c82d058dc7c3783e6865a124aa19fc8fa65250ad8838b08dba595ac91f16a780c91d9ea63fd593351dab3601bb5c5299167e9caf8d12dfa2030d88a090a67e9cbac05a5b635dafb42960a08355ddaaa7ddfc02871190c979f46d085802162385362afa7724d1542dd472abddaa837a308bb36acc073008bc87fa919eb0dc43addfc33d2b48fdda0884d0be870392e7c2748269e5e53e2670ed8df3282a19bbfff21c5ea8b74bf2eed77931f4e33493e6d29f0fbc3e9cf1e3407291f2e93ab986c3626d76fdd6c4494108b43035b06013c16aa069328002623fc54fdf8c1424a2812f032f1b5a2628778a77bb480feaa5b7b30598e83c46f82018b3250df3698a9fd56709abaf9f61f98e716e942a7de1fb77368a34b8536df856804f75db2e1d82e0de899735091631c7601326658d9787703e54dd1020db61a47ccd872546fc8c0429a63fc9e38d1bb3daa4ff8d88545149fe34204ea69343ae01f6ced1c0b13b47f4e0d91fa84f5d4f5d1269a230d4c135633ffd2e81921805f0be19dba68205b3c58cd20f46723cf8bb743748a582139a7a8f981cfd8b1d32923d6fad1038b56fa2907ffe08fd238ae046d2cc27d860b212b06a9c1e1563e01d85b8a49479227c8cb6fe6d30be7163fd0cb4f9e564a8dde77149f33872e2d185b9384a3d7e38ff28652807698f80ec91bc57dd8092fd93669464eab8f961a8415ee33bd00b215e82310de80a3c6512118285472c218369e38bfafaf252a6f58a50575e968203d8a0d87afbd1dfac35a4c5941dd9a12e07418352d882d72bd30e16efadda8eb5af3df1a62e69efebc852db27ea291c920b149b3149f543e3e4d7eb99d220518156d7c5f7998c0ef9e4d2ac0fcb6066048bf47c1889ac63a8b8187d281122faf25fdba21491639e3d4f06ab1b6b74bd00a262539eb2b2497fc4984c1ab6e45f436df6deec47d027ebbeb6e71b1955ee35b7f6b3214878fd6a2ce2e25df6525e035a293781bfc9f2880fbec70833d51f2c8d4993e7072ab8b80302aee8f8a7c527e609306f23fcbd42a059894c1f0cb101a2e50da44e78561c7414bcd512dc73af5c3b1ddf57d88f73929d24927621a3ab301ac1cdfecc4baff605fabd3ecef083f0e0e161bf44345b5a25bf01b87157eca441d2597d5d11a4fb1530d9b8c05ad132375ddd7901f961a38e5625d9539141bb47262dec278a079eed5fcf9074c9f2fa14c04ad1aaeed154536c1616b41cc8b8e00b7d4a0784647a3447873ee8e346e2158bb1229fde2b08cb3fe2b6a8aa6a30b4b9b2346cc542b91c8ed1626701c22a49a11c8240cdfd596898d9a20b35a941a2162c93db13d5edb485b8dbcb90352997cfd3ca97d54cc83e4c848eca1493669a27650251e2f879cdd7a3afb5dad2f21a1ca22d7a66b174773af68d7aba5fa275a14c6dae1aefd4dec8375c58c120a333640cad4b9be0fdbbe789fdeb3d26c20ca6b9fe6c3c70901855", &(0x7f0000000000)="ef432037e7192efebc3dafac02b9f3a3a377cd6b6229d49a312706e0145e0a3e37aa57140a6a"}}, &(0x7f0000000080)) timer_create(0x3, &(0x7f00000000c0)={0x0, 0x22, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000180)) timer_create(0x3, &(0x7f00000001c0)={0x0, 0x20, 0x0, @thr={&(0x7f0000001380)="ac99b8f468915b064f2ab3ba0840c86560e017eb8866676433f9cab13a1ebbecbc455e59a8215ae81c23578d94954478fa7efa0dd6c57aeb11c523b2d545026afaf38c8c800699b0b8a1d5f8a899c4501941cf1c29a5af587f2e3f8d6445675da788bc736f09aeb8c9a18f31ff25e842186cb67d3545b9ce5477fa2a4ac092f0dbedbe28568062e91d949ad8a5bcf9e28c4b8e79175654ad84aab6c8c3df18dddb5bef984ff98e6583f1f54b2f5821889e451bd169cbce2158b77441b15beab19b68cb5ed79cd14dd157", &(0x7f0000001480)="5f6a607d17f0384d3d21afb85118295311f28d7feacefb1a2954a6f32026e6f53fc793e8b39991a50a85ba53db83d883a113deb276eb36e812b7e7ceff717eac091ba6633c04855c353aead86460ceafcf391a8126bbb14922e543e1652d5b6d40904395404d8619a1ce4f470fa62bf57bf464d5edc371f42297104b9600967705415b191f16bc456c8c84e4b73d064f2cf0210238fd88b231b557d1f85e594859a4281e0651f3ed2828bbe2248fe4494d8ef64aaa192ee0c6d7623b0e22745493e29a35fc1096"}}, &(0x7f0000000200)=0x0) timer_gettime(r1, &(0x7f0000000280)) timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) (async) timer_delete(r0) (async) timer_create(0x5, &(0x7f0000000040)={0x0, 0x35, 0x0, @thr={&(0x7f0000000380)="a5675089fc84ef10735b31176d24dc5e6c46f9b1fe8ddb6eb7b2d161be5461f5a4a2f9c9b8dd2cb7caa3b3415d7f3d6c6124db9a34e87bbd3924a8d516524ab62ed307c3d120baf45deb5ca3260317a25eec171e211cd77ea385af5440ed26c9cd9a1ebc7ca9b3842bdd46e46df02ccbcb7382f8fc28842da67a8b71f1558bddb8134d54ab51725ef4b3f120a6c6a15b27889acb4677531ffe9c2e3dd1ec4903ee34b41ee8de6970405960251bf98d18b25d83c2ae9753361b418491d2896c98e43dc2f6cd84a8a4e90f937b73354b7169814c876cf105e059c0722be8de3c3d98b3df3fca7af271e5c7860cf0673319245769ca5bedfa5b5cee1f78a9efa21569ecd4487268e2e3c15153ffc11859a550a451f930b20e5c30e6bc897a8d18dd32847f0d600b6094029b063b254bbc8f9977f3f8646946c8ba84fedf449d5c9b4c20cd9c00ae1db178f944193a39bb6f62ee4435d34696575482fc859b9e79ae899f56f52daf2cbe9962c097739729105e459e7c399e8db2ab76042ee25ac9aaa81cd54f9225fbb4bcf784373828a8faf96f5cb6c96e07fc4a95c081bd7836749e64220ab8119fdbfce8e497e3e5b95cac8699cc8db4f57bc1345c7a9c894c09beda83c3c93d6e0ff8c1a496f91b9a67aabaf57ad77a202b3b31d8170c908444d51e60bbe6092eeaeee0a41d20703f9c982e352f74893dad78004c2adf9d361e06421a61e7838f1ea28833eb86cdfd717efeb6e3411f757588454c82c824bf45b439a112045e21fdc49e4d458a8e3a635a26652f4713dbb3172a7c01f5d87803360ed0b2721dcd36deace7401d00cdc5357944946b1c56f75a18860d06552161d6b27841bac25709b285996aaa78fce6f583515482091ee3716bc47fecd58dceb3580f5759665557555eb761ad20c72bce83b60a380de335d965cc9a8983dfd7cd01332dd7846265e8a638e784d51b9460b58244268f8f4361ac3d258409ae86f6cb431676413920590719c96ac854187c40d380ec4e6b1589833395ec84f8527bf70fa0cb49d915de2c517fdeaeecabcd6fe9a7333a292d871c1e750a6a732ed14d4d1d0ddefa7e06d82568236cb5e87b8905c9f83bbaaa5f27190574f266e2ae41f48367e9c35f851cc1c0b7149629c701c10d030a3e7bbe36ca3624c7ccd2173a652faa3985c07a9d376c6928f29d5a9fd92c9f6d792924fd24912fbf1636b20ac1b7fd4e001748ae17472660fa710528aca8f4c81f87f06f0f13f7c3552f6a7491b160e29e207f77a6e9caa8642645a65073c0a02e0fdb533efbff0abb134c9b1fb7b955bf5b2e1e7e07d445f341c5123606746ddbb7e7e42cd485fe84a434b6aaaff4534e28a62243b1bcad1a0dcc95477db403f3e4975d35fb243472fc34529065a5e703280c0dba6cbe957ef2c1d7add90fd24623ab9fad0ef814228a0ff079a1b9d31625166bb3015bc3c720b46b1adbd20359bbb36253c1f1707574c2ff4dcf06674ab26c04be12210e5a109da4bbccfe8814ff905d33cd503b586b4728bda81732f42d5b6254eba6636364014c69dab9e7e7fdc1c7c8170a9f47f8e07500c0af2f8b1cb157e9ab5e2c31943468ee02d672c3885d9431e06ce6a6afaba63ab00715c5e4263db599a23126b056cfa3d8c53b95b54bfb799cc243ab9a351659c3918ed60cbcc3945bfcccd0f18d902f8bd40f4d1974b52b855cf6a6c9f43d54f0c9cb768e3d804ed64c82e47927850b2db81336bf936aa12f86497cce65dbeca1e3095b48424ebfe31beb604080eb5cc972881ddd8dd9a844f09d6c4cf3f405855d72372ecae38632e413a9823f9134a031491677d15390380b0a4abeebf881901c0b23b3c3cc2cbe8a4688f1b4957f391e717cd436a09aaa971961d608ac458715d79ef32ce2dd117c3ce726db30cff0e2405f7c4a79d85f561a9134b24e6977b8b365eed6e630ec83c088c282e53ef8fb6ad9eb43cb5d5e9ec50ee0d529ec56ec9ad248a41e54e8f4020f6eb16db43eba4691831bf073da606f043deabcff4d124afb10528367e2c5b4e006390e42f9310ab8fa0ae154c31b120282fc4e472ddad42796c88cfc52e55767abf2a0e648b9e95366fe4c944699a2b24fedb9376b0f5733b6373a546cd7eb70c275b64fad411219379c814abeedd7ffacdc9fa3151e31e44cfb0ce07d8ae3de325e2afb7af239291e12f6b70c3168b8de39ea4129f37f72bc9914054de6261716533375359410f0ba11f8c751f2fc42bd4445fb2521219988e2f10c5840160b22adb586545a5bfa4992d9f1d5269ec6f61655d289c3f86675e7fd7b33231d3a469fcc293c7a126e185129a8225cf8344bc2cfb44560461d46f002de7e6df8d6ab8490f5eadf019963a6d8eca5244d6e56966e15cb70af73ede66fdc1a3dc4d405895497b834f948bdd81a9a72820cacc17c3acef228bd276952f38db3f04ca737eaea511da09e5d842af96c69388c0713522d51ed5e7ecd79a4b3e53777c053091e9091fca6a50c7fb1b0d716af8385a6d8ce7ae03c181ed6fa30dc478abdc98c3c0c2b77256c4b590127923d7330add270b31bc54669c8669f61cd048e16e1e0634417fa3c2a3f06263a448b9762f47df240d5583fef593309d0dce33c523dc2a8a00e6dae3efe27628a36fdf6ac62ff17b33ae4c6918ac52d180cd5e9d02106884bf504d2da6f37c97836873d6ddb263e215c46489dc532e47ee73368e5eae9e04208d2b6dc1a53e68aad7598cecede58c9180bc17df4c54584e968e20b734987665ff70cd02bbd67becf3235cff98653f3cb4f6c9ae81ea408061e320acf2ea6bb33ca5d02a86b35af522b79fe2d7c60d6403eb872e701a37fe2616b47fab880066b0c33ef02e86a178e46a67cfd3ec51ddea347a2b65f0318929cca908abfb41bc8abebf41229b74ff4f8598d3fc5db8339054b4c0214e5fe7a7895dbdca07356fbd4af99d0c7b234a767a74165cf999bb0275170e076417ba61c7608246a3341ed166a5926f6b4548fcaba3bfe19624bb62d9f938afa334208c0e0d4dfc129132e2d1ef0b09dbbe4253e3da1ae5bf1ca74e8844496094ccec61cad55842e59b456f1563858d72aaccfda2faaa22f2edc672af45065fc44f2e3ed8ba3f17c94df1e7267bcc7879f36591007a9028a9e5aef23f0724513bbe2f2f24f6f1699527d2f4561dbb339474d2a6316665591fd5b0093117a48986d132dbf244faab10d56c01f3f51d58eda902506aeda9e912795d2dcbba6dce8584632cb0a7a8187925cd6139d8f608e7a9d8a15a9775107fa830ef168135d651c4403e44400c42aaf2ca1d9a4a8d02d0d5167b2049dee2ecdc44359527c13747b986b1f28fb4a835f2a9757cd5def91271891569ffcaefd39ae222a2f892f2127919b1a8784c83b268ec3db99ebec8b21c6807bf08ea74f7444d87497e75750fe89e9b3541f8112a009c4b113c34bbd43905a5d7fa2d3766f2e0c96e0af6c62a7078f0c2c6d6d4bd03d4a1668f377c7877bf0d99aeea30830cec3e504f181f5a0ac0b43e029af8bd6935ec2fd60aa0f8bf16a2f5f2b9655baafc378e2270d98b72f809248014f36d3062eb76f2bcd2e231b89c68ef32d037b2561829d34171b12c3f90712222325f7868ddface76443a72779679b0400d57a5dac42ad86ae049781bbbc1f78a5f8c22d4e6bf3107e93146f707de3717d2400f06b594c8baa74adefb3d3fafe556f3539d0774955657e8c09de129c253910a13ecedefa83bcf2aab9b55ce72abc621901590e1e42b2e7701b89f4a7c749a3be60940f289c00d1899c3e1556cd2e1ba57018880e67ae0984a6f190f4b9ee1aad50301521f33a8c38eaacd166a40d07b85d4577ef06a620b636d14a472b87d096866ae9aaf3edab0a8f3bd1ae79afcc1c5efce1d5b48e3dd9c5ea49e48f84a1554b7ce2079369f7de520e1785e35af00911a01ab13bfe38458609af3deb317e123b302307d5281221060815697f70c1e29997c83e65bbb7516cd300b015adc17fe7a97d51f2fb1f269919c9d7b29d5353aaa20e1d61bff551c1e4d2237509a354c3c05fe53ca9eca7422e94cc8e238a7ac110aaab22198404d2f662ad98907d0507158c1e253ebdc5bed5e88c1eadcc6d78516c6e5a11369035cf5ed33831b6e627f2c1217ca7cf2b74ffcef56cf1f8cf603a38b7f9c90d23f14e42b245fbfcdfe9c96b0422dc29a1f0c6198b3f3d4e4545a8fe72108561a4c9414ccd14a146b5db8775001e27cdb2515159cf0f66ad5f5a6203d5967f0f718a0a2c5f55c82411f5d393c82d058dc7c3783e6865a124aa19fc8fa65250ad8838b08dba595ac91f16a780c91d9ea63fd593351dab3601bb5c5299167e9caf8d12dfa2030d88a090a67e9cbac05a5b635dafb42960a08355ddaaa7ddfc02871190c979f46d085802162385362afa7724d1542dd472abddaa837a308bb36acc073008bc87fa919eb0dc43addfc33d2b48fdda0884d0be870392e7c2748269e5e53e2670ed8df3282a19bbfff21c5ea8b74bf2eed77931f4e33493e6d29f0fbc3e9cf1e3407291f2e93ab986c3626d76fdd6c4494108b43035b06013c16aa069328002623fc54fdf8c1424a2812f032f1b5a2628778a77bb480feaa5b7b30598e83c46f82018b3250df3698a9fd56709abaf9f61f98e716e942a7de1fb77368a34b8536df856804f75db2e1d82e0de899735091631c7601326658d9787703e54dd1020db61a47ccd872546fc8c0429a63fc9e38d1bb3daa4ff8d88545149fe34204ea69343ae01f6ced1c0b13b47f4e0d91fa84f5d4f5d1269a230d4c135633ffd2e81921805f0be19dba68205b3c58cd20f46723cf8bb743748a582139a7a8f981cfd8b1d32923d6fad1038b56fa2907ffe08fd238ae046d2cc27d860b212b06a9c1e1563e01d85b8a49479227c8cb6fe6d30be7163fd0cb4f9e564a8dde77149f33872e2d185b9384a3d7e38ff28652807698f80ec91bc57dd8092fd93669464eab8f961a8415ee33bd00b215e82310de80a3c6512118285472c218369e38bfafaf252a6f58a50575e968203d8a0d87afbd1dfac35a4c5941dd9a12e07418352d882d72bd30e16efadda8eb5af3df1a62e69efebc852db27ea291c920b149b3149f543e3e4d7eb99d220518156d7c5f7998c0ef9e4d2ac0fcb6066048bf47c1889ac63a8b8187d281122faf25fdba21491639e3d4f06ab1b6b74bd00a262539eb2b2497fc4984c1ab6e45f436df6deec47d027ebbeb6e71b1955ee35b7f6b3214878fd6a2ce2e25df6525e035a293781bfc9f2880fbec70833d51f2c8d4993e7072ab8b80302aee8f8a7c527e609306f23fcbd42a059894c1f0cb101a2e50da44e78561c7414bcd512dc73af5c3b1ddf57d88f73929d24927621a3ab301ac1cdfecc4baff605fabd3ecef083f0e0e161bf44345b5a25bf01b87157eca441d2597d5d11a4fb1530d9b8c05ad132375ddd7901f961a38e5625d9539141bb47262dec278a079eed5fcf9074c9f2fa14c04ad1aaeed154536c1616b41cc8b8e00b7d4a0784647a3447873ee8e346e2158bb1229fde2b08cb3fe2b6a8aa6a30b4b9b2346cc542b91c8ed1626701c22a49a11c8240cdfd596898d9a20b35a941a2162c93db13d5edb485b8dbcb90352997cfd3ca97d54cc83e4c848eca1493669a27650251e2f879cdd7a3afb5dad2f21a1ca22d7a66b174773af68d7aba5fa275a14c6dae1aefd4dec8375c58c120a333640cad4b9be0fdbbe789fdeb3d26c20ca6b9fe6c3c70901855", &(0x7f0000000000)="ef432037e7192efebc3dafac02b9f3a3a377cd6b6229d49a312706e0145e0a3e37aa57140a6a"}}, &(0x7f0000000080)) (async) timer_create(0x3, &(0x7f00000000c0)={0x0, 0x22, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000180)) (async) timer_create(0x3, &(0x7f00000001c0)={0x0, 0x20, 0x0, @thr={&(0x7f0000001380)="ac99b8f468915b064f2ab3ba0840c86560e017eb8866676433f9cab13a1ebbecbc455e59a8215ae81c23578d94954478fa7efa0dd6c57aeb11c523b2d545026afaf38c8c800699b0b8a1d5f8a899c4501941cf1c29a5af587f2e3f8d6445675da788bc736f09aeb8c9a18f31ff25e842186cb67d3545b9ce5477fa2a4ac092f0dbedbe28568062e91d949ad8a5bcf9e28c4b8e79175654ad84aab6c8c3df18dddb5bef984ff98e6583f1f54b2f5821889e451bd169cbce2158b77441b15beab19b68cb5ed79cd14dd157", &(0x7f0000001480)="5f6a607d17f0384d3d21afb85118295311f28d7feacefb1a2954a6f32026e6f53fc793e8b39991a50a85ba53db83d883a113deb276eb36e812b7e7ceff717eac091ba6633c04855c353aead86460ceafcf391a8126bbb14922e543e1652d5b6d40904395404d8619a1ce4f470fa62bf57bf464d5edc371f42297104b9600967705415b191f16bc456c8c84e4b73d064f2cf0210238fd88b231b557d1f85e594859a4281e0651f3ed2828bbe2248fe4494d8ef64aaa192ee0c6d7623b0e22745493e29a35fc1096"}}, &(0x7f0000000200)) (async) timer_gettime(r1, &(0x7f0000000280)) (async) 08:07:35 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0xf5ffffff}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:35 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_sco_SCO_CONNINFO(r0, 0x11, 0x2, &(0x7f0000000000)=""/111, &(0x7f0000000080)=0x6f) (async) pipe(&(0x7f0000000100)={0xffffffffffffffff}) fspick(r1, &(0x7f0000000140)='./file0\x00', 0x1) (async) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) [ 1003.196827][ T2724] FAULT_INJECTION: forcing a failure. [ 1003.196827][ T2724] name failslab, interval 1, probability 0, space 0, times 0 [ 1003.228335][ T2724] CPU: 0 PID: 2724 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1003.236592][ T2724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 08:07:35 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_sco_SCO_CONNINFO(r0, 0x11, 0x2, &(0x7f0000000000)=""/111, &(0x7f0000000080)=0x6f) pipe(&(0x7f0000000100)={0xffffffffffffffff}) fspick(r1, &(0x7f0000000140)='./file0\x00', 0x1) (async) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) [ 1003.246488][ T2724] Call Trace: [ 1003.249607][ T2724] [ 1003.252384][ T2724] dump_stack_lvl+0x151/0x1b7 [ 1003.256899][ T2724] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1003.262196][ T2724] dump_stack+0x15/0x17 [ 1003.266185][ T2724] should_fail+0x3c0/0x510 [ 1003.270435][ T2724] ? kvmalloc_node+0x82/0x130 [ 1003.274946][ T2724] __should_failslab+0x9f/0xe0 [ 1003.279546][ T2724] should_failslab+0x9/0x20 [ 1003.283885][ T2724] __kmalloc+0x6d/0x350 [ 1003.287887][ T2724] ? __kasan_kmalloc+0x9/0x10 [ 1003.292392][ T2724] kvmalloc_node+0x82/0x130 [ 1003.296733][ T2724] alloc_fdtable+0xea/0x2b0 [ 1003.301081][ T2724] dup_fd+0x781/0xa40 [ 1003.304890][ T2724] ? avc_has_perm+0x16d/0x260 [ 1003.309406][ T2724] copy_files+0xe6/0x200 [ 1003.313484][ T2724] ? perf_event_attrs+0x30/0x30 [ 1003.318169][ T2724] ? dup_task_struct+0xa60/0xa60 [ 1003.322951][ T2724] ? security_task_alloc+0x132/0x150 [ 1003.328067][ T2724] copy_process+0x11e9/0x3250 [ 1003.332601][ T2724] ? check_stack_object+0xf7/0x130 [ 1003.337525][ T2724] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1003.342471][ T2724] ? copy_clone_args_from_user+0x6cf/0x790 [ 1003.348113][ T2724] kernel_clone+0x22d/0x990 [ 1003.352454][ T2724] ? dup_mmap+0xea0/0xea0 [ 1003.356620][ T2724] ? create_io_thread+0x1e0/0x1e0 [ 1003.361481][ T2724] ? file_end_write+0x1b0/0x1b0 [ 1003.366168][ T2724] __x64_sys_clone3+0x375/0x3a0 [ 1003.370854][ T2724] ? __ia32_sys_clone+0x300/0x300 [ 1003.375714][ T2724] ? ksys_write+0x25f/0x2c0 [ 1003.380066][ T2724] ? debug_smp_processor_id+0x17/0x20 [ 1003.385262][ T2724] do_syscall_64+0x44/0xd0 [ 1003.389514][ T2724] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1003.395257][ T2724] RIP: 0033:0x7f495fdbc639 [ 1003.399503][ T2724] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1003.419025][ T2724] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1003.427269][ T2724] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1003.435079][ T2724] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 08:07:36 executing program 2: syz_clone3(0x0, 0x0) 08:07:36 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0xfbffffff}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:36 executing program 0: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(0xffffffffffffffff, 0x28, 0x1, &(0x7f0000000000)=0x7fff, 0x8) 08:07:36 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(0xffffffffffffffff, 0x12, 0x2, &(0x7f0000000280)=""/251, &(0x7f0000000080)=0xfb) timer_gettime(0x0, &(0x7f0000000240)) timer_settime(r0, 0x1, &(0x7f0000000000)={{0x77359400}, {0x0, 0x989680}}, &(0x7f0000000040)) [ 1003.442891][ T2724] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1003.450702][ T2724] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1003.458523][ T2724] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1003.466335][ T2724] 08:07:36 executing program 2: syz_clone3(0x0, 0x0) 08:07:36 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 22) 08:07:36 executing program 0: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(0xffffffffffffffff, 0x28, 0x1, &(0x7f0000000000)=0x7fff, 0x8) 08:07:36 executing program 5: syz_clone3(&(0x7f00000029c0)={0x41222000, 0x0, 0x0, 0x0, {}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:36 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0xfffffff5}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:36 executing program 2: syz_clone3(0x0, 0x0) 08:07:36 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(0xffffffffffffffff, 0x12, 0x2, &(0x7f0000000280)=""/251, &(0x7f0000000080)=0xfb) timer_gettime(0x0, &(0x7f0000000240)) (async) timer_settime(r0, 0x1, &(0x7f0000000000)={{0x77359400}, {0x0, 0x989680}}, &(0x7f0000000040)) 08:07:36 executing program 2: syz_clone3(&(0x7f00000029c0)={0x0, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:36 executing program 0: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async, rerun: 64) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(0xffffffffffffffff, 0x28, 0x1, &(0x7f0000000000)=0x7fff, 0x8) (rerun: 64) 08:07:36 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0xfffffffb}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:36 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(0xffffffffffffffff, 0x12, 0x2, &(0x7f0000000280)=""/251, &(0x7f0000000080)=0xfb) timer_gettime(0x0, &(0x7f0000000240)) timer_settime(r0, 0x1, &(0x7f0000000000)={{0x77359400}, {0x0, 0x989680}}, &(0x7f0000000040)) timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(0xffffffffffffffff, 0x12, 0x2, &(0x7f0000000280)=""/251, &(0x7f0000000080)=0xfb) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) timer_settime(r0, 0x1, &(0x7f0000000000)={{0x77359400}, {0x0, 0x989680}}, &(0x7f0000000040)) (async) 08:07:36 executing program 2: syz_clone3(&(0x7f00000029c0)={0x0, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:36 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x2, 0x0, 0x0}, 0x58) [ 1003.568459][ T2770] FAULT_INJECTION: forcing a failure. [ 1003.568459][ T2770] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1003.634819][ T2770] CPU: 0 PID: 2770 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1003.643073][ T2770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1003.652971][ T2770] Call Trace: [ 1003.656095][ T2770] [ 1003.658873][ T2770] dump_stack_lvl+0x151/0x1b7 [ 1003.663385][ T2770] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1003.668685][ T2770] dump_stack+0x15/0x17 [ 1003.672672][ T2770] should_fail+0x3c0/0x510 [ 1003.676926][ T2770] should_fail_alloc_page+0x58/0x70 [ 1003.681962][ T2770] __alloc_pages+0x1de/0x7c0 [ 1003.686387][ T2770] ? __count_vm_events+0x30/0x30 [ 1003.691159][ T2770] ? dup_mm+0x91/0x330 [ 1003.695065][ T2770] ? copy_mm+0x108/0x1b0 [ 1003.699143][ T2770] ? copy_process+0x1295/0x3250 [ 1003.703828][ T2770] ? kernel_clone+0x22d/0x990 [ 1003.708342][ T2770] ? __x64_sys_clone3+0x375/0x3a0 [ 1003.713212][ T2770] pte_alloc_one+0x73/0x1b0 [ 1003.717543][ T2770] ? pfn_modify_allowed+0x2e0/0x2e0 [ 1003.722579][ T2770] ? __kasan_check_write+0x14/0x20 [ 1003.727525][ T2770] ? __set_page_owner+0x2ee/0x310 [ 1003.732388][ T2770] __pte_alloc+0x86/0x350 [ 1003.736552][ T2770] ? post_alloc_hook+0x1ab/0x1b0 [ 1003.741328][ T2770] ? free_pgtables+0x210/0x210 [ 1003.745925][ T2770] ? get_page_from_freelist+0x38b/0x400 [ 1003.751312][ T2770] copy_pte_range+0x1b1f/0x20b0 [ 1003.756001][ T2770] ? __kunmap_atomic+0x80/0x80 [ 1003.760594][ T2770] ? __pud_alloc+0x260/0x260 [ 1003.765019][ T2770] ? __pud_alloc+0x218/0x260 [ 1003.769456][ T2770] ? do_handle_mm_fault+0x2370/0x2370 [ 1003.774656][ T2770] copy_page_range+0xc1e/0x1090 [ 1003.779359][ T2770] ? pfn_valid+0x1e0/0x1e0 [ 1003.783597][ T2770] dup_mmap+0x99f/0xea0 [ 1003.787584][ T2770] ? __delayed_free_task+0x20/0x20 [ 1003.792528][ T2770] ? mm_init+0x807/0x960 [ 1003.796608][ T2770] dup_mm+0x91/0x330 [ 1003.800340][ T2770] copy_mm+0x108/0x1b0 [ 1003.804247][ T2770] copy_process+0x1295/0x3250 [ 1003.808761][ T2770] ? check_stack_object+0xf7/0x130 [ 1003.813709][ T2770] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1003.818653][ T2770] ? copy_clone_args_from_user+0x6cf/0x790 [ 1003.824297][ T2770] kernel_clone+0x22d/0x990 [ 1003.828635][ T2770] ? dup_mmap+0xea0/0xea0 [ 1003.832801][ T2770] ? create_io_thread+0x1e0/0x1e0 [ 1003.837663][ T2770] ? file_end_write+0x1b0/0x1b0 [ 1003.842348][ T2770] __x64_sys_clone3+0x375/0x3a0 [ 1003.847037][ T2770] ? __ia32_sys_clone+0x300/0x300 [ 1003.851898][ T2770] ? ksys_write+0x25f/0x2c0 [ 1003.856237][ T2770] ? debug_smp_processor_id+0x17/0x20 [ 1003.861443][ T2770] do_syscall_64+0x44/0xd0 [ 1003.865703][ T2770] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1003.871425][ T2770] RIP: 0033:0x7f495fdbc639 [ 1003.875680][ T2770] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1003.895122][ T2770] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1003.903385][ T2770] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1003.911181][ T2770] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1003.918985][ T2770] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1003.926798][ T2770] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 08:07:36 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 23) 08:07:36 executing program 5: syz_clone3(&(0x7f00000029c0)={0x41222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:36 executing program 0: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000000080)) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f0000000040)={0x1f, @none}, 0xffffffffffffffca) 08:07:36 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f0000000040)) clock_gettime(0x0, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) 08:07:36 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x7, 0x0, 0x0}, 0x58) 08:07:36 executing program 2: syz_clone3(&(0x7f00000029c0)={0x0, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:36 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f0000000040)) clock_gettime(0x0, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) timer_create(0x7, 0x0, &(0x7f0000000100)) (async) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f0000000040)) (async) clock_gettime(0x0, &(0x7f0000000000)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) 08:07:36 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x8, 0x0, 0x0}, 0x58) [ 1003.934609][ T2770] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1003.942425][ T2770] 08:07:36 executing program 2: syz_clone3(&(0x7f00000029c0)={0x41222000, 0x0, &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:36 executing program 0: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000000080)) (async) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f0000000040)={0x1f, @none}, 0xffffffffffffffca) 08:07:36 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x9, 0x0, 0x0}, 0x58) 08:07:36 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x11, 0x0, 0x0}, 0x58) [ 1004.041847][ T2812] FAULT_INJECTION: forcing a failure. [ 1004.041847][ T2812] name failslab, interval 1, probability 0, space 0, times 0 [ 1004.060293][ T2812] CPU: 0 PID: 2812 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1004.068541][ T2812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1004.078443][ T2812] Call Trace: [ 1004.081555][ T2812] [ 1004.084335][ T2812] dump_stack_lvl+0x151/0x1b7 [ 1004.088845][ T2812] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1004.094139][ T2812] ? _raw_spin_lock+0xa3/0x1b0 [ 1004.098740][ T2812] ? dup_fd+0x51f/0xa40 [ 1004.102734][ T2812] dump_stack+0x15/0x17 [ 1004.106725][ T2812] should_fail+0x3c0/0x510 [ 1004.110979][ T2812] __should_failslab+0x9f/0xe0 [ 1004.115578][ T2812] should_failslab+0x9/0x20 [ 1004.119919][ T2812] kmem_cache_alloc+0x4f/0x2f0 [ 1004.124526][ T2812] ? copy_fs_struct+0x4e/0x230 [ 1004.129119][ T2812] copy_fs_struct+0x4e/0x230 [ 1004.133545][ T2812] copy_fs+0x72/0x140 [ 1004.137387][ T2812] copy_process+0x1214/0x3250 [ 1004.141880][ T2812] ? check_stack_object+0xf7/0x130 [ 1004.146823][ T2812] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1004.151770][ T2812] ? copy_clone_args_from_user+0x6cf/0x790 [ 1004.157413][ T2812] kernel_clone+0x22d/0x990 [ 1004.161752][ T2812] ? dup_mmap+0xea0/0xea0 [ 1004.165916][ T2812] ? create_io_thread+0x1e0/0x1e0 [ 1004.170779][ T2812] ? file_end_write+0x1b0/0x1b0 [ 1004.175467][ T2812] __x64_sys_clone3+0x375/0x3a0 [ 1004.180152][ T2812] ? __ia32_sys_clone+0x300/0x300 [ 1004.185012][ T2812] ? ksys_write+0x25f/0x2c0 [ 1004.189355][ T2812] ? debug_smp_processor_id+0x17/0x20 [ 1004.194561][ T2812] do_syscall_64+0x44/0xd0 [ 1004.198814][ T2812] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1004.204541][ T2812] RIP: 0033:0x7f495fdbc639 [ 1004.208795][ T2812] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1004.228413][ T2812] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 08:07:36 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 24) 08:07:36 executing program 5: syz_clone3(&(0x7f00000029c0)={0x41222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:36 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f0000000040)) (async) clock_gettime(0x0, &(0x7f0000000000)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) 08:07:36 executing program 0: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000000080)) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f0000000040)={0x1f, @none}, 0xffffffffffffffca) 08:07:36 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_delete(r0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) [ 1004.236655][ T2812] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1004.244468][ T2812] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1004.252277][ T2812] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1004.260088][ T2812] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1004.267901][ T2812] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1004.275715][ T2812] 08:07:36 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x700, 0x0, 0x0}, 0x58) [ 1004.316917][ T2825] FAULT_INJECTION: forcing a failure. [ 1004.316917][ T2825] name failslab, interval 1, probability 0, space 0, times 0 [ 1004.340572][ T2825] CPU: 1 PID: 2825 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1004.348818][ T2825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1004.358714][ T2825] Call Trace: [ 1004.361841][ T2825] [ 1004.364615][ T2825] dump_stack_lvl+0x151/0x1b7 [ 1004.369130][ T2825] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1004.374434][ T2825] dump_stack+0x15/0x17 [ 1004.378420][ T2825] should_fail+0x3c0/0x510 [ 1004.382671][ T2825] __should_failslab+0x9f/0xe0 [ 1004.387264][ T2825] should_failslab+0x9/0x20 [ 1004.391602][ T2825] kmem_cache_alloc+0x4f/0x2f0 [ 1004.396203][ T2825] ? copy_signal+0x55/0x610 [ 1004.400541][ T2825] copy_signal+0x55/0x610 [ 1004.404715][ T2825] copy_process+0x126a/0x3250 [ 1004.409224][ T2825] ? check_stack_object+0xf7/0x130 [ 1004.414167][ T2825] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1004.419128][ T2825] ? copy_clone_args_from_user+0x6cf/0x790 [ 1004.424760][ T2825] kernel_clone+0x22d/0x990 [ 1004.429105][ T2825] ? dup_mmap+0xea0/0xea0 [ 1004.433265][ T2825] ? create_io_thread+0x1e0/0x1e0 [ 1004.438126][ T2825] ? file_end_write+0x1b0/0x1b0 [ 1004.442809][ T2825] __x64_sys_clone3+0x375/0x3a0 [ 1004.447499][ T2825] ? __ia32_sys_clone+0x300/0x300 [ 1004.452360][ T2825] ? ksys_write+0x25f/0x2c0 [ 1004.456699][ T2825] ? debug_smp_processor_id+0x17/0x20 [ 1004.461906][ T2825] do_syscall_64+0x44/0xd0 [ 1004.466163][ T2825] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1004.471886][ T2825] RIP: 0033:0x7f495fdbc639 [ 1004.476151][ T2825] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1004.495582][ T2825] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1004.503827][ T2825] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 08:07:36 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) read$FUSE(r1, 0x0, 0x0) getsockopt$bt_sco_SCO_OPTIONS(r1, 0x11, 0x1, &(0x7f0000000000)=""/88, &(0x7f0000000080)=0x58) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) 08:07:36 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_delete(r0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) 08:07:37 executing program 2: syz_clone3(&(0x7f00000029c0)={0x41222000, 0x0, 0x0, &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:37 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x900, 0x0, 0x0}, 0x58) 08:07:37 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_delete(r0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) 08:07:37 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 25) [ 1004.511638][ T2825] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1004.519450][ T2825] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1004.527258][ T2825] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1004.535072][ T2825] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1004.542886][ T2825] 08:07:37 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x1100, 0x0, 0x0}, 0x58) [ 1004.586253][ T2843] FAULT_INJECTION: forcing a failure. [ 1004.586253][ T2843] name failslab, interval 1, probability 0, space 0, times 0 [ 1004.611746][ T2843] CPU: 1 PID: 2843 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1004.620001][ T2843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1004.629895][ T2843] Call Trace: [ 1004.633017][ T2843] 08:07:37 executing program 5: syz_clone3(&(0x7f00000029c0)={0x41222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:37 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000000)) 08:07:37 executing program 5: syz_clone3(&(0x7f00000029c0)={0x41222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 1004.635796][ T2843] dump_stack_lvl+0x151/0x1b7 [ 1004.640314][ T2843] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1004.645614][ T2843] dump_stack+0x15/0x17 [ 1004.649596][ T2843] should_fail+0x3c0/0x510 [ 1004.653853][ T2843] __should_failslab+0x9f/0xe0 [ 1004.658451][ T2843] should_failslab+0x9/0x20 [ 1004.662786][ T2843] kmem_cache_alloc+0x4f/0x2f0 [ 1004.667389][ T2843] ? vm_area_dup+0x26/0x1d0 [ 1004.671726][ T2843] ? __kasan_check_read+0x11/0x20 [ 1004.676593][ T2843] vm_area_dup+0x26/0x1d0 [ 1004.680757][ T2843] dup_mmap+0x6b8/0xea0 08:07:37 executing program 5: syz_clone3(&(0x7f00000029c0)={0x41222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 1004.684751][ T2843] ? __delayed_free_task+0x20/0x20 [ 1004.689695][ T2843] ? mm_init+0x807/0x960 [ 1004.693775][ T2843] dup_mm+0x91/0x330 [ 1004.697505][ T2843] copy_mm+0x108/0x1b0 [ 1004.701412][ T2843] copy_process+0x1295/0x3250 [ 1004.705927][ T2843] ? check_stack_object+0xf7/0x130 [ 1004.710872][ T2843] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1004.715823][ T2843] ? copy_clone_args_from_user+0x6cf/0x790 [ 1004.721462][ T2843] kernel_clone+0x22d/0x990 [ 1004.725800][ T2843] ? dup_mmap+0xea0/0xea0 [ 1004.729968][ T2843] ? create_io_thread+0x1e0/0x1e0 08:07:37 executing program 5: syz_clone3(&(0x7f00000029c0)={0x41222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 1004.734827][ T2843] ? file_end_write+0x1b0/0x1b0 [ 1004.739516][ T2843] __x64_sys_clone3+0x375/0x3a0 [ 1004.744204][ T2843] ? __ia32_sys_clone+0x300/0x300 [ 1004.749064][ T2843] ? ksys_write+0x25f/0x2c0 [ 1004.753401][ T2843] ? debug_smp_processor_id+0x17/0x20 [ 1004.758613][ T2843] do_syscall_64+0x44/0xd0 [ 1004.762865][ T2843] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1004.768588][ T2843] RIP: 0033:0x7f495fdbc639 [ 1004.772842][ T2843] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1004.792290][ T2843] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1004.800531][ T2843] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1004.808338][ T2843] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1004.816151][ T2843] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1004.823966][ T2843] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 08:07:37 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) read$FUSE(r1, 0x0, 0x0) getsockopt$bt_sco_SCO_OPTIONS(r1, 0x11, 0x1, &(0x7f0000000000)=""/88, &(0x7f0000000080)=0x58) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) pipe(&(0x7f0000005540)) (async) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) read$FUSE(r1, 0x0, 0x0) (async) getsockopt$bt_sco_SCO_OPTIONS(r1, 0x11, 0x1, &(0x7f0000000000)=""/88, &(0x7f0000000080)=0x58) (async) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async) 08:07:37 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000000)) 08:07:37 executing program 2: syz_clone3(&(0x7f00000029c0)={0x41222000, 0x0, 0x0, 0x0, {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:37 executing program 5: syz_clone3(0x0, 0x0) 08:07:37 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x1f00, 0x0, 0x0}, 0x58) [ 1004.831857][ T2843] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1004.839673][ T2843] 08:07:37 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 26) 08:07:37 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000000)) timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000000)) (async) 08:07:37 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x2000, 0x0, 0x0}, 0x58) 08:07:37 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) read$FUSE(r1, 0x0, 0x0) (async) getsockopt$bt_sco_SCO_OPTIONS(r1, 0x11, 0x1, &(0x7f0000000000)=""/88, &(0x7f0000000080)=0x58) (async) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) 08:07:37 executing program 5: syz_clone3(0x0, 0x0) 08:07:37 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x4000, 0x0, 0x0}, 0x58) 08:07:37 executing program 5: syz_clone3(0x0, 0x0) 08:07:37 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)) timer_settime(r0, 0x0, &(0x7f0000000140)={{0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) bind$nfc_llcp(r1, &(0x7f0000000040)={0x27, 0x1, 0x2, 0x4, 0x3, 0x40, "ed6f45c03a9fcc53f3821b9aa1bd7241df209596f563da81dc4028356bd33dbea35a31610a154f619e9d3f4ea672e626c208f1c1703debf4321a193d1aef75", 0x1b}, 0x60) [ 1004.910602][ T2879] FAULT_INJECTION: forcing a failure. [ 1004.910602][ T2879] name failslab, interval 1, probability 0, space 0, times 0 [ 1004.937355][ T2879] CPU: 1 PID: 2879 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1004.945614][ T2879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1004.955511][ T2879] Call Trace: 08:07:37 executing program 5: syz_clone3(&(0x7f00000029c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 1004.958632][ T2879] [ 1004.961408][ T2879] dump_stack_lvl+0x151/0x1b7 [ 1004.965929][ T2879] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1004.971222][ T2879] dump_stack+0x15/0x17 [ 1004.975220][ T2879] should_fail+0x3c0/0x510 [ 1004.979467][ T2879] __should_failslab+0x9f/0xe0 [ 1004.984065][ T2879] should_failslab+0x9/0x20 [ 1004.988403][ T2879] kmem_cache_alloc+0x4f/0x2f0 [ 1004.993092][ T2879] ? dup_mm+0x29/0x330 [ 1004.996995][ T2879] dup_mm+0x29/0x330 [ 1005.000728][ T2879] copy_mm+0x108/0x1b0 [ 1005.004635][ T2879] copy_process+0x1295/0x3250 [ 1005.009145][ T2879] ? check_stack_object+0xf7/0x130 [ 1005.014090][ T2879] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1005.019039][ T2879] ? copy_clone_args_from_user+0x6cf/0x790 [ 1005.024680][ T2879] kernel_clone+0x22d/0x990 [ 1005.029018][ T2879] ? dup_mmap+0xea0/0xea0 [ 1005.033189][ T2879] ? create_io_thread+0x1e0/0x1e0 [ 1005.038046][ T2879] ? file_end_write+0x1b0/0x1b0 [ 1005.042737][ T2879] __x64_sys_clone3+0x375/0x3a0 [ 1005.047417][ T2879] ? __ia32_sys_clone+0x300/0x300 [ 1005.052279][ T2879] ? ksys_write+0x25f/0x2c0 [ 1005.056620][ T2879] ? debug_smp_processor_id+0x17/0x20 [ 1005.061826][ T2879] do_syscall_64+0x44/0xd0 [ 1005.066081][ T2879] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1005.071842][ T2879] RIP: 0033:0x7f495fdbc639 [ 1005.076062][ T2879] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1005.095589][ T2879] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 08:07:37 executing program 2: syz_clone3(&(0x7f00000029c0)={0x41222000, 0x0, 0x0, 0x0, {}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:37 executing program 5: syz_clone3(&(0x7f00000029c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:37 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x20010, 0x0, 0x0}, 0x58) 08:07:37 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 27) 08:07:37 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) (async, rerun: 32) clock_gettime(0x0, &(0x7f0000000000)) (rerun: 32) timer_settime(r0, 0x0, &(0x7f0000000140)={{0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) (async, rerun: 64) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) (rerun: 64) read$FUSE(r1, 0x0, 0x0) (async) bind$nfc_llcp(r1, &(0x7f0000000040)={0x27, 0x1, 0x2, 0x4, 0x3, 0x40, "ed6f45c03a9fcc53f3821b9aa1bd7241df209596f563da81dc4028356bd33dbea35a31610a154f619e9d3f4ea672e626c208f1c1703debf4321a193d1aef75", 0x1b}, 0x60) 08:07:37 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)='hugetlb.2MB.max_usage_in_bytes\x00', 0x2, 0x0) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) 08:07:37 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x80000, 0x0, 0x0}, 0x58) 08:07:37 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)='hugetlb.2MB.max_usage_in_bytes\x00', 0x2, 0x0) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)='hugetlb.2MB.max_usage_in_bytes\x00', 0x2, 0x0) (async) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async) [ 1005.103834][ T2879] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1005.111647][ T2879] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1005.119456][ T2879] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1005.127267][ T2879] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1005.135080][ T2879] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1005.142891][ T2879] 08:07:37 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x101000, 0x0, 0x0}, 0x58) 08:07:37 executing program 5: syz_clone3(&(0x7f00000029c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:37 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0xf0ff1f, 0x0, 0x0}, 0x58) 08:07:37 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)) timer_settime(r0, 0x0, &(0x7f0000000140)={{0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) bind$nfc_llcp(r1, &(0x7f0000000040)={0x27, 0x1, 0x2, 0x4, 0x3, 0x40, "ed6f45c03a9fcc53f3821b9aa1bd7241df209596f563da81dc4028356bd33dbea35a31610a154f619e9d3f4ea672e626c208f1c1703debf4321a193d1aef75", 0x1b}, 0x60) timer_create(0x7, 0x0, &(0x7f0000000100)) (async) clock_gettime(0x0, &(0x7f0000000000)) (async) timer_settime(r0, 0x0, &(0x7f0000000140)={{0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) pipe(&(0x7f0000005540)) (async) read$FUSE(r1, 0x0, 0x0) (async) bind$nfc_llcp(r1, &(0x7f0000000040)={0x27, 0x1, 0x2, 0x4, 0x3, 0x40, "ed6f45c03a9fcc53f3821b9aa1bd7241df209596f563da81dc4028356bd33dbea35a31610a154f619e9d3f4ea672e626c208f1c1703debf4321a193d1aef75", 0x1b}, 0x60) (async) [ 1005.183848][ T2916] FAULT_INJECTION: forcing a failure. [ 1005.183848][ T2916] name failslab, interval 1, probability 0, space 0, times 0 [ 1005.222047][ T2916] CPU: 0 PID: 2916 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1005.230313][ T2916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1005.240211][ T2916] Call Trace: [ 1005.243334][ T2916] [ 1005.246114][ T2916] dump_stack_lvl+0x151/0x1b7 [ 1005.250629][ T2916] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1005.255915][ T2916] dump_stack+0x15/0x17 [ 1005.259906][ T2916] should_fail+0x3c0/0x510 [ 1005.264158][ T2916] __should_failslab+0x9f/0xe0 [ 1005.268758][ T2916] should_failslab+0x9/0x20 [ 1005.273098][ T2916] kmem_cache_alloc+0x4f/0x2f0 [ 1005.277699][ T2916] ? anon_vma_clone+0xa1/0x4f0 [ 1005.282299][ T2916] anon_vma_clone+0xa1/0x4f0 [ 1005.286728][ T2916] anon_vma_fork+0x91/0x4f0 [ 1005.291068][ T2916] ? anon_vma_name+0x4c/0x70 [ 1005.295489][ T2916] dup_mmap+0x750/0xea0 [ 1005.299481][ T2916] ? __delayed_free_task+0x20/0x20 [ 1005.304432][ T2916] ? mm_init+0x807/0x960 [ 1005.308945][ T2916] dup_mm+0x91/0x330 [ 1005.312677][ T2916] copy_mm+0x108/0x1b0 [ 1005.316585][ T2916] copy_process+0x1295/0x3250 [ 1005.321096][ T2916] ? check_stack_object+0xf7/0x130 [ 1005.326044][ T2916] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1005.330989][ T2916] ? copy_clone_args_from_user+0x6cf/0x790 [ 1005.336633][ T2916] kernel_clone+0x22d/0x990 [ 1005.340970][ T2916] ? dup_mmap+0xea0/0xea0 [ 1005.345139][ T2916] ? create_io_thread+0x1e0/0x1e0 [ 1005.350006][ T2916] ? file_end_write+0x1b0/0x1b0 [ 1005.354683][ T2916] __x64_sys_clone3+0x375/0x3a0 [ 1005.359373][ T2916] ? __ia32_sys_clone+0x300/0x300 [ 1005.364232][ T2916] ? ksys_write+0x25f/0x2c0 [ 1005.368571][ T2916] ? debug_smp_processor_id+0x17/0x20 [ 1005.373778][ T2916] do_syscall_64+0x44/0xd0 [ 1005.378033][ T2916] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1005.383760][ T2916] RIP: 0033:0x7f495fdbc639 [ 1005.388014][ T2916] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1005.407457][ T2916] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1005.415700][ T2916] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1005.423512][ T2916] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 08:07:38 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)='hugetlb.2MB.max_usage_in_bytes\x00', 0x2, 0x0) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)='hugetlb.2MB.max_usage_in_bytes\x00', 0x2, 0x0) (async) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async) 08:07:38 executing program 2: syz_clone3(&(0x7f00000029c0)={0x41222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:38 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x68, 0x0, 0x802, 0x70bd26, 0x25dfdbfd, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_TAGLST={0x3c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x1}, {0x5}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}]}, 0x68}}, 0x8000010) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) [ 1005.431321][ T2916] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1005.439132][ T2916] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1005.446948][ T2916] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1005.454761][ T2916] 08:07:38 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 28) 08:07:38 executing program 5: syz_clone3(&(0x7f00000029c0)={0x41222000, 0x0, 0x0, 0x0, {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:38 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x1000000, 0x0, 0x0}, 0x58) 08:07:38 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0)={0x1f, @none}, 0x8) 08:07:38 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x68, 0x0, 0x802, 0x70bd26, 0x25dfdbfd, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_TAGLST={0x3c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x1}, {0x5}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}]}, 0x68}}, 0x8000010) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) timer_create(0x7, 0x0, &(0x7f0000000100)) (async) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x68, 0x0, 0x802, 0x70bd26, 0x25dfdbfd, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_TAGLST={0x3c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x1}, {0x5}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}]}, 0x68}}, 0x8000010) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) 08:07:38 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0)={0x1f, @none}, 0x8) 08:07:38 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x2000000, 0x0, 0x0}, 0x58) 08:07:38 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) (async) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x68, 0x0, 0x802, 0x70bd26, 0x25dfdbfd, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_TAGLST={0x3c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x1}, {0x5}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}]}, 0x68}}, 0x8000010) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) 08:07:38 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0)={0x1f, @none}, 0x8) 08:07:38 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x7000000, 0x0, 0x0}, 0x58) 08:07:38 executing program 2: syz_clone3(&(0x7f00000029c0)={0x41222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) [ 1005.531126][ T2962] FAULT_INJECTION: forcing a failure. [ 1005.531126][ T2962] name failslab, interval 1, probability 0, space 0, times 0 [ 1005.545697][ T2962] CPU: 0 PID: 2962 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1005.554038][ T2962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1005.563933][ T2962] Call Trace: [ 1005.567063][ T2962] [ 1005.569833][ T2962] dump_stack_lvl+0x151/0x1b7 [ 1005.574343][ T2962] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1005.579636][ T2962] dump_stack+0x15/0x17 [ 1005.583625][ T2962] should_fail+0x3c0/0x510 [ 1005.587880][ T2962] __should_failslab+0x9f/0xe0 [ 1005.592477][ T2962] should_failslab+0x9/0x20 [ 1005.596817][ T2962] kmem_cache_alloc+0x4f/0x2f0 [ 1005.601419][ T2962] ? anon_vma_clone+0xa1/0x4f0 [ 1005.606020][ T2962] anon_vma_clone+0xa1/0x4f0 [ 1005.610446][ T2962] anon_vma_fork+0x91/0x4f0 [ 1005.614783][ T2962] ? anon_vma_name+0x4c/0x70 [ 1005.619211][ T2962] dup_mmap+0x750/0xea0 [ 1005.623204][ T2962] ? __delayed_free_task+0x20/0x20 [ 1005.628151][ T2962] ? mm_init+0x807/0x960 [ 1005.632231][ T2962] dup_mm+0x91/0x330 [ 1005.635962][ T2962] copy_mm+0x108/0x1b0 [ 1005.639867][ T2962] copy_process+0x1295/0x3250 [ 1005.644382][ T2962] ? check_stack_object+0xf7/0x130 [ 1005.649328][ T2962] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1005.654275][ T2962] ? copy_clone_args_from_user+0x6cf/0x790 [ 1005.659916][ T2962] kernel_clone+0x22d/0x990 [ 1005.664259][ T2962] ? dup_mmap+0xea0/0xea0 [ 1005.668423][ T2962] ? create_io_thread+0x1e0/0x1e0 [ 1005.673283][ T2962] ? file_end_write+0x1b0/0x1b0 [ 1005.677971][ T2962] __x64_sys_clone3+0x375/0x3a0 [ 1005.682655][ T2962] ? __ia32_sys_clone+0x300/0x300 [ 1005.687519][ T2962] ? ksys_write+0x25f/0x2c0 [ 1005.691955][ T2962] ? debug_smp_processor_id+0x17/0x20 [ 1005.697164][ T2962] do_syscall_64+0x44/0xd0 [ 1005.701414][ T2962] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1005.707144][ T2962] RIP: 0033:0x7f495fdbc639 [ 1005.711397][ T2962] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 08:07:38 executing program 0: clock_gettime(0x0, &(0x7f0000000140)={0x0, 0x0}) clock_gettime(0x5, &(0x7f0000000040)) clock_getres(0x5, &(0x7f0000000080)) select(0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000180)={0x0, r0/1000+60000}) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r1, &(0x7f00000000c0), 0x2) set_thread_area(&(0x7f0000000000)={0xf63, 0xffffffffffffffff, 0x4000, 0x0, 0x3, 0x0, 0x1, 0x1, 0x0, 0x1}) [ 1005.730843][ T2962] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1005.739170][ T2962] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1005.746980][ T2962] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1005.754792][ T2962] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1005.762605][ T2962] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1005.770414][ T2962] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1005.778231][ T2962] 08:07:38 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 29) 08:07:38 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) sendmsg$AUDIT_LIST_RULES(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80008}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x10, 0x3f5, 0x8, 0x70bd28, 0x25dfdbff, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x810}, 0x4000) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) socket$inet6_udp(0xa, 0x2, 0x0) timer_create(0x0, &(0x7f00000002c0)={0x0, 0x2b, 0x4}, &(0x7f0000000300)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r2) timer_settime(r2, 0x1, &(0x7f0000000340)={{0x77359400}, {r0, r1+10000000}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) fsopen(&(0x7f00000000c0)='aio\x00', 0x0) timer_gettime(0x0, &(0x7f0000000240)) 08:07:38 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x9000000, 0x0, 0x0}, 0x58) 08:07:38 executing program 5: syz_clone3(&(0x7f00000029c0)={0x41222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:38 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) sendmsg$AUDIT_LIST_RULES(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80008}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x10, 0x3f5, 0x8, 0x70bd28, 0x25dfdbff, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x810}, 0x4000) (async) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) socket$inet6_udp(0xa, 0x2, 0x0) (async) timer_create(0x0, &(0x7f00000002c0)={0x0, 0x2b, 0x4}, &(0x7f0000000300)) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r2) (async) timer_settime(r2, 0x1, &(0x7f0000000340)={{0x77359400}, {r0, r1+10000000}}, &(0x7f0000000080)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) fsopen(&(0x7f00000000c0)='aio\x00', 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) 08:07:38 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x10000200, 0x0, 0x0}, 0x58) 08:07:38 executing program 2: syz_clone3(&(0x7f00000029c0)={0x41222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:38 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) sendmsg$AUDIT_LIST_RULES(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80008}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x10, 0x3f5, 0x8, 0x70bd28, 0x25dfdbff, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x810}, 0x4000) (async) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) (async) socket$inet6_udp(0xa, 0x2, 0x0) (async) timer_create(0x0, &(0x7f00000002c0)={0x0, 0x2b, 0x4}, &(0x7f0000000300)) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r2) (async) timer_settime(r2, 0x1, &(0x7f0000000340)={{0x77359400}, {r0, r1+10000000}}, &(0x7f0000000080)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) fsopen(&(0x7f00000000c0)='aio\x00', 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) 08:07:38 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x11000000, 0x0, 0x0}, 0x58) 08:07:38 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x1f000000, 0x0, 0x0}, 0x58) 08:07:38 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) timer_gettime(r0, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) [ 1005.887586][ T3000] FAULT_INJECTION: forcing a failure. [ 1005.887586][ T3000] name failslab, interval 1, probability 0, space 0, times 0 [ 1005.944538][ T3000] CPU: 0 PID: 3000 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1005.952798][ T3000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1005.962690][ T3000] Call Trace: [ 1005.965811][ T3000] [ 1005.968597][ T3000] dump_stack_lvl+0x151/0x1b7 [ 1005.973111][ T3000] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1005.978393][ T3000] ? vma_interval_tree_augment_rotate+0x210/0x210 [ 1005.984647][ T3000] dump_stack+0x15/0x17 [ 1005.988635][ T3000] should_fail+0x3c0/0x510 [ 1005.992892][ T3000] __should_failslab+0x9f/0xe0 [ 1005.997488][ T3000] should_failslab+0x9/0x20 [ 1006.001827][ T3000] kmem_cache_alloc+0x4f/0x2f0 [ 1006.006427][ T3000] ? anon_vma_fork+0xf7/0x4f0 [ 1006.010941][ T3000] anon_vma_fork+0xf7/0x4f0 [ 1006.015280][ T3000] ? anon_vma_name+0x4c/0x70 [ 1006.019709][ T3000] dup_mmap+0x750/0xea0 [ 1006.023700][ T3000] ? __delayed_free_task+0x20/0x20 [ 1006.028645][ T3000] ? mm_init+0x807/0x960 [ 1006.032728][ T3000] dup_mm+0x91/0x330 [ 1006.036457][ T3000] copy_mm+0x108/0x1b0 [ 1006.040362][ T3000] copy_process+0x1295/0x3250 [ 1006.044877][ T3000] ? check_stack_object+0xf7/0x130 [ 1006.049823][ T3000] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1006.054771][ T3000] ? copy_clone_args_from_user+0x6cf/0x790 [ 1006.060411][ T3000] kernel_clone+0x22d/0x990 [ 1006.064753][ T3000] ? dup_mmap+0xea0/0xea0 [ 1006.068917][ T3000] ? create_io_thread+0x1e0/0x1e0 [ 1006.073780][ T3000] ? file_end_write+0x1b0/0x1b0 [ 1006.078572][ T3000] __x64_sys_clone3+0x375/0x3a0 [ 1006.083259][ T3000] ? __ia32_sys_clone+0x300/0x300 [ 1006.088119][ T3000] ? ksys_write+0x25f/0x2c0 [ 1006.092459][ T3000] ? debug_smp_processor_id+0x17/0x20 [ 1006.097665][ T3000] do_syscall_64+0x44/0xd0 [ 1006.101921][ T3000] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1006.107646][ T3000] RIP: 0033:0x7f495fdbc639 [ 1006.111900][ T3000] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1006.131345][ T3000] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1006.139590][ T3000] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1006.147398][ T3000] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1006.155208][ T3000] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1006.163024][ T3000] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1006.170835][ T3000] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1006.178653][ T3000] 08:07:38 executing program 0: clock_gettime(0x0, &(0x7f0000000140)={0x0, 0x0}) clock_gettime(0x5, &(0x7f0000000040)) clock_getres(0x5, &(0x7f0000000080)) select(0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000180)={0x0, r0/1000+60000}) (async) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r1, &(0x7f00000000c0), 0x2) set_thread_area(&(0x7f0000000000)={0xf63, 0xffffffffffffffff, 0x4000, 0x0, 0x3, 0x0, 0x1, 0x1, 0x0, 0x1}) 08:07:38 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) timer_gettime(r0, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) (async) timer_delete(r0) (async) timer_gettime(r0, &(0x7f0000000000)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) 08:07:38 executing program 2: syz_clone3(&(0x7f00000029c0)={0x41222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:38 executing program 5: syz_clone3(&(0x7f00000029c0)={0x41222000, 0x0, 0x0, &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:38 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x1ffff000, 0x0, 0x0}, 0x58) 08:07:38 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 30) 08:07:38 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) timer_gettime(r0, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) (async) timer_delete(r0) (async) timer_gettime(r0, &(0x7f0000000000)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) 08:07:38 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x20000000, 0x0, 0x0}, 0x58) [ 1006.265917][ T3023] FAULT_INJECTION: forcing a failure. [ 1006.265917][ T3023] name failslab, interval 1, probability 0, space 0, times 0 [ 1006.287215][ T3023] CPU: 1 PID: 3023 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1006.295469][ T3023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1006.305363][ T3023] Call Trace: [ 1006.308487][ T3023] [ 1006.311264][ T3023] dump_stack_lvl+0x151/0x1b7 08:07:38 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x40000000, 0x0, 0x0}, 0x58) 08:07:38 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0xf5ffffff, 0x0, 0x0}, 0x58) 08:07:38 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0xfbffffff, 0x0, 0x0}, 0x58) 08:07:38 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0xfffffff5, 0x0, 0x0}, 0x58) [ 1006.315780][ T3023] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1006.321074][ T3023] ? vma_interval_tree_augment_rotate+0x210/0x210 [ 1006.327321][ T3023] dump_stack+0x15/0x17 [ 1006.331309][ T3023] should_fail+0x3c0/0x510 [ 1006.335567][ T3023] __should_failslab+0x9f/0xe0 [ 1006.340162][ T3023] should_failslab+0x9/0x20 [ 1006.344507][ T3023] kmem_cache_alloc+0x4f/0x2f0 [ 1006.349103][ T3023] ? anon_vma_fork+0xf7/0x4f0 [ 1006.353618][ T3023] anon_vma_fork+0xf7/0x4f0 [ 1006.357957][ T3023] ? anon_vma_name+0x4c/0x70 [ 1006.362388][ T3023] dup_mmap+0x750/0xea0 [ 1006.366377][ T3023] ? __delayed_free_task+0x20/0x20 [ 1006.371320][ T3023] ? mm_init+0x807/0x960 [ 1006.375408][ T3023] dup_mm+0x91/0x330 [ 1006.379135][ T3023] copy_mm+0x108/0x1b0 [ 1006.383043][ T3023] copy_process+0x1295/0x3250 [ 1006.387558][ T3023] ? check_stack_object+0xf7/0x130 [ 1006.392499][ T3023] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1006.397447][ T3023] ? copy_clone_args_from_user+0x6cf/0x790 [ 1006.403086][ T3023] kernel_clone+0x22d/0x990 [ 1006.407427][ T3023] ? dup_mmap+0xea0/0xea0 [ 1006.411594][ T3023] ? create_io_thread+0x1e0/0x1e0 [ 1006.416453][ T3023] ? file_end_write+0x1b0/0x1b0 [ 1006.421140][ T3023] __x64_sys_clone3+0x375/0x3a0 [ 1006.425826][ T3023] ? __ia32_sys_clone+0x300/0x300 [ 1006.430688][ T3023] ? ksys_write+0x25f/0x2c0 [ 1006.435028][ T3023] ? debug_smp_processor_id+0x17/0x20 [ 1006.440234][ T3023] do_syscall_64+0x44/0xd0 [ 1006.444489][ T3023] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1006.450217][ T3023] RIP: 0033:0x7f495fdbc639 [ 1006.454468][ T3023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1006.473915][ T3023] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1006.482156][ T3023] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1006.489971][ T3023] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1006.497777][ T3023] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1006.505590][ T3023] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1006.513404][ T3023] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1006.521214][ T3023] 08:07:39 executing program 0: clock_gettime(0x0, &(0x7f0000000140)={0x0, 0x0}) clock_gettime(0x5, &(0x7f0000000040)) (async, rerun: 64) clock_getres(0x5, &(0x7f0000000080)) (async, rerun: 64) select(0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000180)={0x0, r0/1000+60000}) (async) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r1, &(0x7f00000000c0), 0x2) set_thread_area(&(0x7f0000000000)={0xf63, 0xffffffffffffffff, 0x4000, 0x0, 0x3, 0x0, 0x1, 0x1, 0x0, 0x1}) 08:07:39 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0xfffffffb, 0x0, 0x0}, 0x58) 08:07:39 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 31) 08:07:39 executing program 1: timer_create(0x0, 0x0, &(0x7f0000000000)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) timer_settime(r0, 0x1, &(0x7f00000000c0), &(0x7f0000000100)) timer_settime(r0, 0x0, &(0x7f0000000040), &(0x7f0000000080)) 08:07:39 executing program 2: syz_clone3(&(0x7f00000029c0)={0x41222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:39 executing program 5: syz_clone3(&(0x7f00000029c0)={0x41222000, 0x0, 0x0, &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:39 executing program 1: timer_create(0x0, 0x0, &(0x7f0000000000)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) timer_settime(r0, 0x1, &(0x7f00000000c0), &(0x7f0000000100)) timer_settime(r0, 0x0, &(0x7f0000000040), &(0x7f0000000080)) 08:07:39 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x100000800, 0x0, 0x0}, 0x58) 08:07:39 executing program 1: timer_create(0x0, 0x0, &(0x7f0000000000)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) timer_settime(r0, 0x1, &(0x7f00000000c0), &(0x7f0000000100)) timer_settime(r0, 0x0, &(0x7f0000000040), &(0x7f0000000080)) [ 1007.115792][ T3049] FAULT_INJECTION: forcing a failure. [ 1007.115792][ T3049] name failslab, interval 1, probability 0, space 0, times 0 [ 1007.147631][ T3049] CPU: 0 PID: 3049 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1007.155892][ T3049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 08:07:39 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)) clock_gettime(0x7, &(0x7f0000000080)={0x0, 0x0}) timer_settime(r0, 0x0, &(0x7f0000000140)={{r1, r2+60000000}, {0x0, 0x989680}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) 08:07:39 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000000)) clock_gettime(0x7, &(0x7f0000000080)={0x0, 0x0}) timer_settime(r0, 0x0, &(0x7f0000000140)={{r1, r2+60000000}, {0x0, 0x989680}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) 08:07:39 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) (async) clock_gettime(0x0, &(0x7f0000000000)) clock_gettime(0x7, &(0x7f0000000080)={0x0, 0x0}) timer_settime(r0, 0x0, &(0x7f0000000140)={{r1, r2+60000000}, {0x0, 0x989680}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) [ 1007.165788][ T3049] Call Trace: [ 1007.168908][ T3049] [ 1007.171687][ T3049] dump_stack_lvl+0x151/0x1b7 [ 1007.176201][ T3049] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1007.181493][ T3049] ? do_syscall_64+0x44/0xd0 [ 1007.185921][ T3049] dump_stack+0x15/0x17 [ 1007.189913][ T3049] should_fail+0x3c0/0x510 [ 1007.194168][ T3049] __should_failslab+0x9f/0xe0 [ 1007.198765][ T3049] should_failslab+0x9/0x20 [ 1007.203107][ T3049] kmem_cache_alloc+0x4f/0x2f0 [ 1007.207700][ T3049] ? anon_vma_clone+0xa1/0x4f0 [ 1007.212301][ T3049] anon_vma_clone+0xa1/0x4f0 [ 1007.216727][ T3049] anon_vma_fork+0x91/0x4f0 [ 1007.221066][ T3049] ? anon_vma_name+0x4c/0x70 [ 1007.225492][ T3049] dup_mmap+0x750/0xea0 [ 1007.229486][ T3049] ? __delayed_free_task+0x20/0x20 [ 1007.234441][ T3049] ? mm_init+0x807/0x960 [ 1007.238517][ T3049] dup_mm+0x91/0x330 [ 1007.242247][ T3049] copy_mm+0x108/0x1b0 [ 1007.246150][ T3049] copy_process+0x1295/0x3250 [ 1007.250665][ T3049] ? check_stack_object+0xf7/0x130 [ 1007.255612][ T3049] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1007.260558][ T3049] ? copy_clone_args_from_user+0x6cf/0x790 [ 1007.266199][ T3049] kernel_clone+0x22d/0x990 [ 1007.270540][ T3049] ? dup_mmap+0xea0/0xea0 [ 1007.274706][ T3049] ? create_io_thread+0x1e0/0x1e0 [ 1007.279566][ T3049] ? file_end_write+0x1b0/0x1b0 [ 1007.284252][ T3049] __x64_sys_clone3+0x375/0x3a0 [ 1007.288942][ T3049] ? __ia32_sys_clone+0x300/0x300 [ 1007.293800][ T3049] ? ksys_write+0x25f/0x2c0 [ 1007.298139][ T3049] ? debug_smp_processor_id+0x17/0x20 [ 1007.303347][ T3049] do_syscall_64+0x44/0xd0 [ 1007.307600][ T3049] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1007.313328][ T3049] RIP: 0033:0x7f495fdbc639 [ 1007.317582][ T3049] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1007.337032][ T3049] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1007.345268][ T3049] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1007.353079][ T3049] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1007.360892][ T3049] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1007.368700][ T3049] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1007.376513][ T3049] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1007.384329][ T3049] 08:07:40 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) sendmsg$AUDIT_USER_TTY(r1, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000040)={&(0x7f0000000100)={0x94, 0x464, 0x300, 0x70bd2a, 0x25dfdbfb, "47e208215db0561465aec461078de7958e3daf45ce7bc9058d5c69be3c1b6fb81953652b4323b785848be2ce62d9948a7f4c79cd6493d2e4c8f5df3e0410b42ccfbe9b31f44401b148367553f254476194af3ebf7ded691e43526f70a5fb59aff6c7149899954d8f90b97d9363c7ed684fb7fff22d04127a8a49bd1c229030148df2a4", [""]}, 0x94}, 0x1, 0x0, 0x0, 0x20008000}, 0x20008040) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) 08:07:40 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) timer_settime(r0, 0x1, &(0x7f0000000000)={{0x77359400}, {0x0, 0x3938700}}, &(0x7f0000000040)) 08:07:40 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x1b0ce1f000, 0x0, 0x0}, 0x58) 08:07:40 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 32) 08:07:40 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000000)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) timer_settime(r0, 0x1, &(0x7f00000000c0), &(0x7f0000000100)) timer_settime(r0, 0x0, &(0x7f0000000040), &(0x7f0000000080)) 08:07:40 executing program 2: syz_clone3(&(0x7f00000029c0)={0x41222000, 0x0, 0x0, 0x0, {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:40 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) (async, rerun: 32) timer_settime(r0, 0x1, &(0x7f0000000000)={{0x77359400}, {0x0, 0x3938700}}, &(0x7f0000000040)) (rerun: 32) 08:07:40 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x2a68e9edb000, 0x0, 0x0}, 0x58) 08:07:40 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000000)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) timer_settime(r0, 0x1, &(0x7f00000000c0), &(0x7f0000000100)) timer_settime(r0, 0x0, &(0x7f0000000040), &(0x7f0000000080)) [ 1007.900101][ T3086] FAULT_INJECTION: forcing a failure. [ 1007.900101][ T3086] name failslab, interval 1, probability 0, space 0, times 0 [ 1007.934154][ T3086] CPU: 1 PID: 3086 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1007.942405][ T3086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1007.952300][ T3086] Call Trace: [ 1007.955415][ T3086] [ 1007.958196][ T3086] dump_stack_lvl+0x151/0x1b7 [ 1007.962709][ T3086] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1007.968004][ T3086] ? vma_interval_tree_augment_rotate+0x210/0x210 [ 1007.974253][ T3086] dump_stack+0x15/0x17 [ 1007.978242][ T3086] should_fail+0x3c0/0x510 [ 1007.982497][ T3086] __should_failslab+0x9f/0xe0 [ 1007.987096][ T3086] should_failslab+0x9/0x20 [ 1007.991436][ T3086] kmem_cache_alloc+0x4f/0x2f0 [ 1007.996035][ T3086] ? anon_vma_fork+0xf7/0x4f0 [ 1008.000550][ T3086] anon_vma_fork+0xf7/0x4f0 [ 1008.004891][ T3086] ? anon_vma_name+0x4c/0x70 [ 1008.009318][ T3086] dup_mmap+0x750/0xea0 [ 1008.013309][ T3086] ? __delayed_free_task+0x20/0x20 [ 1008.018258][ T3086] ? mm_init+0x807/0x960 [ 1008.022336][ T3086] dup_mm+0x91/0x330 [ 1008.026069][ T3086] copy_mm+0x108/0x1b0 [ 1008.029975][ T3086] copy_process+0x1295/0x3250 [ 1008.034489][ T3086] ? check_stack_object+0xf7/0x130 [ 1008.039435][ T3086] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1008.044390][ T3086] ? copy_clone_args_from_user+0x6cf/0x790 [ 1008.050024][ T3086] kernel_clone+0x22d/0x990 [ 1008.054363][ T3086] ? dup_mmap+0xea0/0xea0 [ 1008.058529][ T3086] ? create_io_thread+0x1e0/0x1e0 [ 1008.063396][ T3086] ? file_end_write+0x1b0/0x1b0 [ 1008.068077][ T3086] __x64_sys_clone3+0x375/0x3a0 [ 1008.072761][ T3086] ? __ia32_sys_clone+0x300/0x300 [ 1008.077625][ T3086] ? ksys_write+0x25f/0x2c0 [ 1008.081964][ T3086] ? debug_smp_processor_id+0x17/0x20 [ 1008.087172][ T3086] do_syscall_64+0x44/0xd0 [ 1008.091423][ T3086] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1008.097158][ T3086] RIP: 0033:0x7f495fdbc639 [ 1008.101405][ T3086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1008.120846][ T3086] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1008.129093][ T3086] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1008.136905][ T3086] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 08:07:40 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x553a26dc6000, 0x0, 0x0}, 0x58) 08:07:40 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000000)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) timer_settime(r0, 0x1, &(0x7f00000000c0), &(0x7f0000000100)) timer_settime(r0, 0x0, &(0x7f0000000040), &(0x7f0000000080)) 08:07:40 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) timer_settime(r0, 0x1, &(0x7f0000000000)={{0x77359400}, {0x0, 0x3938700}}, &(0x7f0000000040)) 08:07:40 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) sendmsg$AUDIT_USER_TTY(r1, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000040)={&(0x7f0000000100)={0x94, 0x464, 0x300, 0x70bd2a, 0x25dfdbfb, "47e208215db0561465aec461078de7958e3daf45ce7bc9058d5c69be3c1b6fb81953652b4323b785848be2ce62d9948a7f4c79cd6493d2e4c8f5df3e0410b42ccfbe9b31f44401b148367553f254476194af3ebf7ded691e43526f70a5fb59aff6c7149899954d8f90b97d9363c7ed684fb7fff22d04127a8a49bd1c229030148df2a4", [""]}, 0x94}, 0x1, 0x0, 0x0, 0x20008000}, 0x20008040) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) pipe(&(0x7f0000005540)) (async) read$FUSE(r1, 0x0, 0x0) (async) sendmsg$AUDIT_USER_TTY(r1, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000040)={&(0x7f0000000100)={0x94, 0x464, 0x300, 0x70bd2a, 0x25dfdbfb, "47e208215db0561465aec461078de7958e3daf45ce7bc9058d5c69be3c1b6fb81953652b4323b785848be2ce62d9948a7f4c79cd6493d2e4c8f5df3e0410b42ccfbe9b31f44401b148367553f254476194af3ebf7ded691e43526f70a5fb59aff6c7149899954d8f90b97d9363c7ed684fb7fff22d04127a8a49bd1c229030148df2a4", [""]}, 0x94}, 0x1, 0x0, 0x0, 0x20008000}, 0x20008040) (async) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) connect$bt_sco(r0, &(0x7f00000000c0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) (async) 08:07:40 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x2001000000000, 0x0, 0x0}, 0x58) 08:07:40 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 33) 08:07:40 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) (async) sendmsg$AUDIT_USER_TTY(r1, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000040)={&(0x7f0000000100)={0x94, 0x464, 0x300, 0x70bd2a, 0x25dfdbfb, "47e208215db0561465aec461078de7958e3daf45ce7bc9058d5c69be3c1b6fb81953652b4323b785848be2ce62d9948a7f4c79cd6493d2e4c8f5df3e0410b42ccfbe9b31f44401b148367553f254476194af3ebf7ded691e43526f70a5fb59aff6c7149899954d8f90b97d9363c7ed684fb7fff22d04127a8a49bd1c229030148df2a4", [""]}, 0x94}, 0x1, 0x0, 0x0, 0x20008000}, 0x20008040) (async) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) connect$bt_sco(r0, &(0x7f00000000c0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) [ 1008.144715][ T3086] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1008.152536][ T3086] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1008.160337][ T3086] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1008.168151][ T3086] 08:07:40 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) setsockopt$inet6_icmp_ICMP_FILTER(r2, 0x1, 0x1, &(0x7f0000000080)={0x80000000}, 0x4) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, 0x0, 0x0) fsconfig$FSCONFIG_SET_PATH_EMPTY(r1, 0x4, &(0x7f0000000000)='\x00', &(0x7f0000000040)='./file0\x00', r3) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) syz_open_dev$char_usb(0xc, 0xb4, 0x18a2) [ 1008.257842][ T3115] FAULT_INJECTION: forcing a failure. [ 1008.257842][ T3115] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1008.271041][ T3115] CPU: 1 PID: 3115 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1008.279278][ T3115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1008.289172][ T3115] Call Trace: [ 1008.292298][ T3115] [ 1008.295071][ T3115] dump_stack_lvl+0x151/0x1b7 [ 1008.299582][ T3115] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1008.304876][ T3115] ? __kasan_check_write+0x14/0x20 [ 1008.309825][ T3115] ? __set_page_owner+0x2ee/0x310 [ 1008.314694][ T3115] dump_stack+0x15/0x17 [ 1008.318676][ T3115] should_fail+0x3c0/0x510 [ 1008.322935][ T3115] should_fail_alloc_page+0x58/0x70 [ 1008.327964][ T3115] __alloc_pages+0x1de/0x7c0 [ 1008.332395][ T3115] ? __count_vm_events+0x30/0x30 [ 1008.337168][ T3115] ? __count_vm_events+0x30/0x30 [ 1008.341946][ T3115] ? __kasan_check_write+0x14/0x20 [ 1008.346899][ T3115] ? _raw_spin_lock+0xa3/0x1b0 [ 1008.351487][ T3115] __pmd_alloc+0xb1/0x550 [ 1008.355653][ T3115] ? kmem_cache_alloc+0x189/0x2f0 [ 1008.360513][ T3115] ? anon_vma_fork+0x1b9/0x4f0 [ 1008.365111][ T3115] ? __pud_alloc+0x260/0x260 [ 1008.369626][ T3115] ? __pud_alloc+0x218/0x260 [ 1008.374051][ T3115] ? do_handle_mm_fault+0x2370/0x2370 [ 1008.379262][ T3115] copy_page_range+0xd04/0x1090 [ 1008.383950][ T3115] ? pfn_valid+0x1e0/0x1e0 [ 1008.388203][ T3115] dup_mmap+0x99f/0xea0 [ 1008.392193][ T3115] ? __delayed_free_task+0x20/0x20 [ 1008.397140][ T3115] ? mm_init+0x807/0x960 [ 1008.401218][ T3115] dup_mm+0x91/0x330 [ 1008.404953][ T3115] copy_mm+0x108/0x1b0 [ 1008.408864][ T3115] copy_process+0x1295/0x3250 [ 1008.413375][ T3115] ? check_stack_object+0xf7/0x130 [ 1008.418318][ T3115] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1008.423265][ T3115] ? copy_clone_args_from_user+0x6cf/0x790 [ 1008.428909][ T3115] kernel_clone+0x22d/0x990 [ 1008.433245][ T3115] ? dup_mmap+0xea0/0xea0 [ 1008.437412][ T3115] ? create_io_thread+0x1e0/0x1e0 [ 1008.442271][ T3115] ? file_end_write+0x1b0/0x1b0 [ 1008.446960][ T3115] __x64_sys_clone3+0x375/0x3a0 [ 1008.451754][ T3115] ? __ia32_sys_clone+0x300/0x300 [ 1008.456612][ T3115] ? ksys_write+0x25f/0x2c0 [ 1008.460951][ T3115] ? debug_smp_processor_id+0x17/0x20 [ 1008.466154][ T3115] do_syscall_64+0x44/0xd0 [ 1008.470408][ T3115] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1008.476139][ T3115] RIP: 0033:0x7f495fdbc639 [ 1008.480387][ T3115] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1008.499829][ T3115] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 08:07:41 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r0}}, 0x58) 08:07:41 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x8000000000000, 0x0, 0x0}, 0x58) 08:07:41 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000180)={&(0x7f0000000040)={0xb8, 0x0, 0x100, 0x70bd2b, 0x25dfdbfd, {}, [@NLBL_CIPSOV4_A_MLSCATLST={0xa4, 0xc, 0x0, 0x1, [{0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3f586a67}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1b51}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1753}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x71b13b99}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa43}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1d079a45}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x44b6}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x863a}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x454105dc}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x703d}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xdb90}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1da5b78d}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7c91}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xa73de7}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xeff4}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x24b8e9c9}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x78e2f1e9}]}]}]}, 0xb8}, 0x1, 0x0, 0x0, 0x4044080}, 0x24048081) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) timer_delete(r1) sendmsg$NLBL_CALIPSO_C_LISTALL(r0, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, 0x0, 0x1, 0x70bd26, 0x25dfdbff, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x48080}, 0x40004) 08:07:41 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000000)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) timer_settime(r0, 0x1, &(0x7f00000000c0), &(0x7f0000000100)) 08:07:41 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) (async) setsockopt$inet6_icmp_ICMP_FILTER(r2, 0x1, 0x1, &(0x7f0000000080)={0x80000000}, 0x4) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, 0x0, 0x0) (async, rerun: 64) fsconfig$FSCONFIG_SET_PATH_EMPTY(r1, 0x4, &(0x7f0000000000)='\x00', &(0x7f0000000040)='./file0\x00', r3) (async, rerun: 64) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async) syz_open_dev$char_usb(0xc, 0xb4, 0x18a2) 08:07:41 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) (async) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000180)={&(0x7f0000000040)={0xb8, 0x0, 0x100, 0x70bd2b, 0x25dfdbfd, {}, [@NLBL_CIPSOV4_A_MLSCATLST={0xa4, 0xc, 0x0, 0x1, [{0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3f586a67}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1b51}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1753}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x71b13b99}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa43}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1d079a45}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x44b6}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x863a}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x454105dc}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x703d}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xdb90}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1da5b78d}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7c91}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xa73de7}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xeff4}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x24b8e9c9}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x78e2f1e9}]}]}]}, 0xb8}, 0x1, 0x0, 0x0, 0x4044080}, 0x24048081) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) timer_delete(r1) sendmsg$NLBL_CALIPSO_C_LISTALL(r0, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, 0x0, 0x1, 0x70bd26, 0x25dfdbff, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x48080}, 0x40004) 08:07:41 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) setsockopt$inet6_icmp_ICMP_FILTER(r2, 0x1, 0x1, &(0x7f0000000080)={0x80000000}, 0x4) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, 0x0, 0x0) fsconfig$FSCONFIG_SET_PATH_EMPTY(r1, 0x4, &(0x7f0000000000)='\x00', &(0x7f0000000040)='./file0\x00', r3) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) syz_open_dev$char_usb(0xc, 0xb4, 0x18a2) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) pipe(&(0x7f0000005540)) (async) read$FUSE(r1, 0x0, 0x0) (async) pipe(&(0x7f0000005540)) (async) read$FUSE(r2, 0x0, 0x0) (async) setsockopt$inet6_icmp_ICMP_FILTER(r2, 0x1, 0x1, &(0x7f0000000080)={0x80000000}, 0x4) (async) pipe(&(0x7f0000005540)) (async) read$FUSE(r3, 0x0, 0x0) (async) fsconfig$FSCONFIG_SET_PATH_EMPTY(r1, 0x4, &(0x7f0000000000)='\x00', &(0x7f0000000040)='./file0\x00', r3) (async) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async) syz_open_dev$char_usb(0xc, 0xb4, 0x18a2) (async) [ 1008.508072][ T3115] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1008.515884][ T3115] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1008.523695][ T3115] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1008.531509][ T3115] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1008.539317][ T3115] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1008.547135][ T3115] 08:07:41 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000000)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) timer_settime(r0, 0x1, &(0x7f00000000c0), &(0x7f0000000100)) 08:07:41 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x8000001000000, 0x0, 0x0}, 0x58) 08:07:41 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 34) 08:07:41 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) (async) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000180)={&(0x7f0000000040)={0xb8, 0x0, 0x100, 0x70bd2b, 0x25dfdbfd, {}, [@NLBL_CIPSOV4_A_MLSCATLST={0xa4, 0xc, 0x0, 0x1, [{0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3f586a67}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1b51}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1753}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x71b13b99}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa43}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1d079a45}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x44b6}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x863a}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x454105dc}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x703d}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xdb90}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1da5b78d}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7c91}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xa73de7}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xeff4}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x24b8e9c9}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x78e2f1e9}]}]}]}, 0xb8}, 0x1, 0x0, 0x0, 0x4044080}, 0x24048081) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) timer_delete(r1) sendmsg$NLBL_CALIPSO_C_LISTALL(r0, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, 0x0, 0x1, 0x70bd26, 0x25dfdbff, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x48080}, 0x40004) 08:07:41 executing program 2: timer_create(0x0, 0x0, &(0x7f0000000000)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) timer_settime(r0, 0x1, &(0x7f00000000c0), &(0x7f0000000100)) 08:07:41 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x10100000000000, 0x0, 0x0}, 0x58) 08:07:41 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000000)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_settime(r0, 0x1, &(0x7f00000000c0), &(0x7f0000000100)) 08:07:41 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$USBDEVFS_ALLOC_STREAMS(0xffffffffffffffff, 0x8008551c, &(0x7f0000000000)={0xbdb3, 0x1c, [{0x2}, {0x5}, {}, {}, {0x3, 0x1}, {0x9, 0x1}, {0x8}, {}, {0xa, 0x1}, {0x3, 0x1}, {0x7, 0x1}, {0xe}, {0xc, 0x1}, {0x2, 0x1}, {0xc}, {0x7}, {0x6}, {0x8, 0x1}, {0x9}, {0x3, 0x1}, {0x3, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x0, 0x1}, {0xf}, {0x7}, {0x8, 0x1}, {0xf}]}) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) [ 1008.621087][ T3147] FAULT_INJECTION: forcing a failure. [ 1008.621087][ T3147] name fail_page_alloc, interval 1, probability 0, space 0, times 0 08:07:41 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x60dc263a550000, 0x0, 0x0}, 0x58) 08:07:41 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000000)=0x0) timer_settime(r0, 0x1, &(0x7f00000000c0), &(0x7f0000000100)) 08:07:41 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) timer_create(0x3, &(0x7f00000001c0)={0x0, 0x19, 0x1, @thr={&(0x7f0000000040)="010f65365c58950aff4f78fb48d1443292c26fee171427a3547c35760234f3b099d4415a5338ae34846fc7a61575f742da1a970cf4b3bbd7d8754f4a3001d33efeddb6195cb8d8ecaaa400f7ded3fe7b922c86452344062db045ee11e0abe5d7ebd67ef48c642197da2f9e4632fbdab2a71edc8ecef19f65b21a2185dc", &(0x7f0000000380)="b636af043c80d14ece128d4ed1924210b5ce42e2db35446aa2d166ae12661b3a704b8770354e738a0733b247442c3c4a4a56e6d99c905ffac96c56ad2fed9d6edf38bb480247a25aca857af0e6f22741979c06d52a30ae22a60ecebbca99fe4f5b3d127564f3c75b13435282391a0e8bd9398f337b7b1752898c496bd8caa87326de2b1077e5c54f9c3cbb787dd4cb8a96ad92c258db2136141ea048967fb5cdac180b4f554bb3899e6f009ef6561ac55f14a4eb06ca402d7db27deafcc8f93b5d38eacfbbcb40c2af4183e7fbd9093ab694e345147bdf6e8e6545a9e5bde99bcf54def0598bcf6e0b8478da968649d9437f318e0ba3871c362803"}}, &(0x7f0000000200)) timer_create(0x4, &(0x7f0000000280)={0x0, 0x13, 0x2, @thr={&(0x7f0000000480)="c0c050b8e8f3ac0cfdfe4dc75acd8fdc27e6168a2d9d7a5be64287b3c12b9870726e6ab0985b238543228a19a1e87385e0a5f6480b40ff31f1f3e7ee5899fd7e52e50356642e309d94bc1c277f0a28ea3b9ea8a0a3e03cf1ad69db9605b031a5ea7287def67a71b500f0c562e4b987324ac3e7bc487b985b4305c0907c0c2f7ffbb53a263afb6d59abb5575fdff4be9111", &(0x7f0000000540)="07b8e7358636799666cd1e6375c21cae0f07bdce52ed00ec97b5f1af56221d984f847d03b18a56773517429f5fb8a83cac56dd8d93873cc5fa1aa26d10ea6dddde40f1b7011b2e91c3cd086eb273c387baeeddcb7af97218c08ce14351bba1a6f0aadb9b52ec1a451113219c50f4293676b35f1b06e45931e1cffc95457d6b6451b0c7c6ab87902bd30d7e129509d82b049b0e496033d21806a74d90b9084c9d09f6cb57fe37eb4067a86fd912eb92c017cde8d0fbe727a3eb2ad86b4c4c65735128f771"}}, &(0x7f00000002c0)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) timer_gettime(r0, &(0x7f0000000000)) timer_gettime(r0, &(0x7f0000000640)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_create(0x4, &(0x7f00000000c0)={0x0, 0x1000007, 0x1, @thr={&(0x7f0000001340)="827db238dba5be6235192dcdf522f09d1e85a412a555ba84d8d0e6c138705358f506be7ccb688eae3998a3b632aeed4ed2196e472159363f22b977cba35249266c03dbd154dc760cebeeb94be7df2fdc700481acc8315222eef4360e3d9e0e1b3832fc24dff6b0b6690eee76414c2dd3b4ea9637a45cf5d4e82a9210785c540f9ceb393e59dd382118b28e86b3ada53e13e596ac0726ae7fba1293d7afef7b4ca461487c599c5b6361144fe684b229b06c76763ccfb5eb10a2d505b52497e6f4c4ec74cc72c01f10af8b47cf06cb4f59391198f6bf4373cf8ef6f2e2ee4d82a62c1ab2b4bc03de1de7d3bca3b985db1c7b56938e7dd5ad7d25e7d67d09a88b22a50b546c9ccef3b76c1ee56f3434e8884077f2254834c6933526e0ec46289e0b4b89dcc871d410f093bbd2655bfa62aa53708444e703c4330112423a13f64d44d958bf60252e216d34271fec28b78fe3df4767d25ebbf499f8ee28fd7e72993bbc917293ea", &(0x7f00000014c0)="a09abab9d15737ddb4de94b48f601f972009c86df3c0ef2c3084d9fcf4da86c20dda1c22d809de30a679f1caabf2395bade148c214724d0d8b9c790812edb8722e243f8972469847434cb5943072608507abcc5c1be538bd9ee6b3a2bc72ac6d8ccc263301f1ddadd11cc36b6a65564d232cf1819985edcca639bce28276a7b3a6b9ffa90b7096db85f064342b5dd0bd8c07e1a7a3abf8a3da00242fa7b23a174bd40304fd7b6a86d91d98c681e722e79db15b4da243a2676e3ae67ce7bdbcae27628b2b9c4c98d2471b56144d7fa7fad14c2ac51fa4211ab950227786e62f93f006b3bf63c44bb6cc4b5e70c84827b95e1ae721133bd109f4e38b322f90f33580b1699c5b658ae51d4e0d0cdab63872708c99bb0f746de5a8d48127edb421063b16ae5185dc5bd66b70236826c9c096b2387a6fc13c0fc99aa6691b5967c8adf484a73d41a3d7f1dd424cbe93e6b279b4ded9c7ddc6d5d33506e9c536e2ae95c502e32152e422bb4279945c7b4dda23845ab99a7d6947a88e53720da90047d34153971dd7be514a0ed8ce2406390227aebdb518c16b308a9f46aa072fd3ff7bfd8a3dfa3a5a2e765513dbcaee09e7544419ca25f49a9aef2bebc3ed8006c0f3cd5ed1cba10ad151a007dd9caf95aa0b8040d0d24df682d7bd8f2c79cdc54b4b4c1b7297c9fa7575f72f5c0d663f311673d28623c3e57114e71e6d4d64fe5665576d3620530f60b100e504dd9bc6073581ae841d87f19c2f42555df66d6dc6b0cfc49b35a749b2c7c2e0f59ada7b3bd5b4e054c2371c88aa5d1a7e8a1505394c8f13841fd00ab96866f509cb2fa94e4d601d3513b4b7dfa6a6c952ee94d72c53146e98ab1e14a38ab1c9ba78255579cf9f8d70d7e24210523f1b768836020fe7fda17c92a45c99ed22801d1effe25cf4b48a15ac8f25cbdde788e0e011bfac304ced47275f5ab373d655dada7990590626c9e658e07218cd5c08b6983d9a7774216a4ccc17d2486b0cee572d53d653e31fbfdf6b508ed7778b5de95f13564851c480eadc43e4d108c822c357d69d82d7532dc21643c19d50761c5f03bfa1567deb76d7849f2e6c4b317fe5ef3587e6f316b3bbd864f676cfece662eb9b58752e970cda216920c4e44b9869aa76156798fcfa8abbdac8646c17e4587b81090e2bdb67a0b88782d254f5bc8b46d23dbe98677734985ba213ae4cf128395c23decffec9ba90793e9dfdf5b3d52da4cc499ddfad29a71f8bf94c5e33f1a82d475cb5e54ddff6b33e187cc363849c52f698c12078103eceb32634948b9c7786c89050795cc857506716a81f334674c6c439600f26b524ee352de87abf1b10bc28251e0909ea393d022d5a46f06532e517befccedb05ca355e7bd7bf7ffc012e9aaa9537b7ddb729a2d9e64f5981f099167ef60e7a99ac48736e714e722af22bd51880619028fc707137f36451e64e0da7f59b96b59bcc1e391e9736f46c66f5f57ab452e77e5ce3354817d6c98311814663f56f68df2818ecf881747711366fc161b3b46f9154b5503e5b9c73f1bebbb22081fe618b639ef897b973630af04528a216069d9788a8bb54139351cfc4ff63585f7d83e64182166edf5252a9429a6b7d18617be3d1f1d253bc2d53cecb23681c10953a1016123be8759641ed9aa28b4328d5a498e148881c8c299d57cc20d415f06eaf707c0e2f0ebc717222db4bf3174dcfa7d1d33992bfdfb13538416636f8c5ac79e0cd7b4e556d75bc799b34f4ffbc9d4b6da927cf4c9d57dd9dfce48b8f5e204c636dddf480c16e303993af4647cae456a2f806fbe745c7284ca48385dc3f4948e9096f883f94fc1be923e9841b1705e382b29e66a42a868e22bf3d48d99a733153cfebbbadd374c0299668c99728765944220ce9f4c0a437cfe8d4f299b4e17685d51553a1b477fc77b15f112f0bf7d5e52a910a43c83859523f772b1cb8c9c176fb7f1e8b40faf53c6a1c7591f06c57a5506246fab978bcfd1f5702037a13ec36bd9a553f6aa085cf4fd43294f87735f39799e490de322288c0d76023ab9f0a3df3845b36697d51d6b3f0ffa313b92840e9bbac2d0470479fc7a89590f7faf94ff15f32de1e13a3dd6588c2ebdd138b6f930c93ca18d0fa59cb92cdb61f35ae893c5d4e03e029f45523c474dc08bae8a3b3d4f49da0f5b5a40058e8a756f1997b902e34e36104e23909cca9a4e5493481260c9de38584624dcf3ba780eaf20badb7111a3e64aa838f515ae7de105150e97c72c4a1fd2cf6b0c3ade6c0a6a20f068c957a5b4332cf2afabded72fa450a73f6474d4705065e4a855955adc6c193a20464b0a27abda5c04735f2df6ea0481e5a31c73662097d07beb0806a01584b7fbd3c5ac86f318af36de0b8b5b7e9a440ec0ed8b0dbde92448a02f5b3935903999290309d04413c12cee9797729483793e5afd86fcaba4d16d616485e2097a06ac3ff2a8b805719893a3225aef272ddca40c4b2ee0c71e16e01cea5d2811823a282cff509615abe94fb56d6f68cc3ce90d1c47ada2d7e80c075f8d9654ab82a65b2e3e3b00f121790f0f3703676fec26db422ed1395973d249f3fc56e505f2a01fd74610a5942fefd82c33a641e3560b4d5875eb79641477f73dde946fe5db4bdc771f285102d668a5f09f4b1a5fd45080c887dbf236b7f73ad809a2cbb432e13e37f86e14421f0813309756cb2a94346406b09da2809e065fd900e8c53a0f3180a15de9baa2233146f8748a8e15a9d6d8ba7301b6da60072c75f796d972e6f7a5640af8d28d75543a39c3200ab693f2e2b9cd4f9d65e947b8afa053241ebbf3213043a1969bff7b7324ca839cb783cf0cc0afae3043c5439e03c369fc1dea99b6495031c8f9141304333629d4ab60cba3b6660d33b83e37f6b5c7981959701c1142dfbe3587f5533b0759bed1f73f814215e11e72056b2de39868367306f4db4cce7010c263874a3ac612ba281dccebe0e903f7adb539bc9904f7a599acdbe9d12238b3fe08a966b44e8b9f201e6016892bb0e927ac5d266e248b04ba23f78d536406cdec406a5894057248076f0c5551f80620c66a66ebfbcdb8a5f5fbe56fb585ba96d84ab9932bfe46e1fdea489708bceb7dbc8a1d3f6c15548ee4bf0612a030602734e3dd1fb2fb5d274b2a1a266c1a387b5948621db9cf849f8c13f0b4392db3e4eb77c1edbb07cda74d389091963db3a9d23e6c7b568b2b7a99116f8fa2c27d269148e2fc21a99f2ee89661e95aa3d46defa21d5cb3338e7f6f74d509e4a6b0465157795b168e5d3a3cacc2ae671ed9cc59da5952c49f9d4bc85c0ddbb134bea913e3adfec115e3475da0e3a8d787ed60d7d08a675715234acbba57e518e0399a0d49ae797206645071d685d90628cfeb8bd604a0c631e4e03aa2c4cb44c756b1ea59256c35a527e274965ac2cf824540175022a45c905c574dfa0f2c2ca818bbb4e64a4f083f740a994c0722c82b6123faecc2b0d0fa82b6c7d936250e17d54c8092f2b33ffb506eeeb90f86db280c626dfceb07f7bcae28eb8e0b486e54885ccd6840855e41165fca105864caf9cb6675898e11b6cbf092d14c7a2142f4276e5bf56fa363db05b98042e8484a15d4240101500f7229406891cf9e075d559cb6fb6506579676538935f367c7b3a1f65dbc3a9f220ab6e18158e89ff3deaac060685945dc878f2329f34c2b0aac50e2fefcd9373c02947fef55483aa9f237c9b659fbe39eaa9d4f07e63c75fb9b7eed6d524b71953f39ae8db9e1e2a72bd5d6f56371394fb81ff0c6d77a2406e135d5d8c7457708f49ddbaaf9697197814fa307b3aeaa5d7a6f4a84751ae5e005309fb670fea2e3440fd50da76535d854f0df6f3c9443870f6c99a2c537efbf40bf010cf8ddc950e7bb001a92d63662fae1e5f8b2c8557f1d69f4a587e7d36d4064754eb724543c5306f71c4baf800dfa758093b12f1caa100dadfe8d29e372de2e71e3f86924cbc8c859ea6896558888aa4d0907de11030adf408b82bbf5fa2185c0f5ff5d72b0272b05dfad36a7a0f57796d1c57e185a39d85e2ec9f98a26219254929ec4c49c57a2f9bc3b52dbcddd29877447dfd558d5a1b35885b731854dc695b9586758a6c2290cae7ccb365aa25bc54ec4cba698239c73db2a7c9049b5f5a220cfccc3fdef455bc912d545e54b9feee9bc7544482ee7d5395bdd12592f7ea07ae83e1601729dba164eccfffec03edaad001f6814e9b86046d42d4e3bf114dc6b45414519c8e44cd4558a032476a770eb561e49ff061fad74a0eda905e53031fd58d56ca20f69b1429f8704000559203a2501736c7bc711806842d248396b998b7073effda4a2c475c7b34ef19ab37af276eb2c64c7192748a3682d20b0851cab05f2e608cfa8f82c199e04545ea9e29e6e3fe2c1014d7adffff59b629ab0de0c6b439fdf163a6b3f6b341acd2a58f0a0980e7828675d6c79ff23ab15d3a14d987597df5782160a552823ce8edaea7d911e6eceef1d15b24291e482fa0c98a9717953fda15f051dccc3ba606ef486660a8a05994b8d027f4f154deff2462e9edbc2f3b156dc9ed73a7186770480e924fa76dbccb09eb1a59042b4c89b7dbd9c2ce881b4a75e88361a38c6d46a11d80a4fdc7e810d29b9bb244e8990e46a4c704830dd273e8cd1ba96ee12753a458847e5abf332e71159fe365d75770930951f9138d7e4c76c40d4b8f59e2b274918cad62fc3faef5a4e5589adb7729fb09bb063c0404c041fd733ca1ee9cb1812968dcf635b61f362c44e7013fcfb44c8c3e899c2c27c45d7f859c67f800385d82b449f3b87fdafecc428e8695ea6f8fb9c3ce919ccda30e0c147c50044bc23c010ba556686aada26c2a19d012e1de014abd07cee811ee61a22f56f7949958861a37a7eef91be3779bd33d7b64de091f1492904cf4ea1f0fe86bebaa1e10bbd1bcda2d6aba85c86f89fe75cf1a31bc4db26a28d61cf728ee9ab60126b791f7af732fc60f88f19d833d2635086c9109a6fb408da1ca07c60527582ddf9946edc8449363ccd75154626620b0673f06ba4a8f6032013b204a584cb603d035d7437480b421fb090ecce7fcc97b8e633da2c3c2574001764ddb3d39712ab13a0dbe937318716720a3f4213cd4bd4a7c7efb0584493d6a4dffd716d2416ee0717fd00adf90e1d9b362ee80ce988b21951d83cf171a6c5032b759242a139e0aba84041ac668eb3c43621a15a1809eb3d2d756cb8dcbbb0485c9f7a832efecb3b05826c89f74a4eacd15210238502f55504ac20394fbfe5b28f70d461e4ec9f0bd11b0afaf1f9b1034777194e6b00adde4cf6df5e6966187e8affdead02f51f80b021f6af48b7b0ec20be9fa49bee0206fe632c1390a475c4e62068ed41af370af7380510c5be82efb5fc0962c1c4981be986a50b1314f9307edbe1d4fd9c8c9cfaf4fc8ddde079fbd062a3672a5ba2f1cbe8e1f4d4282a9175484b56a5e6c07fba9debf44675508e9862077d8ebb5124b4954635b779b7e3a948cc13de6439f72cf23548902a3fd9d7b70edb5b5a64537e212da5cd9a36e58ffd9b38e1a27e5034791145bc47c6990e1acfe0a82ad7a81e47f0dd6cca5ef4004a41788de228c5084587f3369c2f0bba4ff24ed19f02b8365a4b3062910d0129173a187d5b8275689a845b8ddeeb6da02f5d989add55edb2ca06a737eb037ded8867da962000f28a70b6f018ceccaf296526a15eaff63d9ea046a27fb5a641fb16c8c299fb574b9c76d4cf9e1f9407731daa2611296574f"}}, &(0x7f0000000180)=0x0) timer_delete(r2) timer_gettime(0x0, &(0x7f0000000240)) 08:07:41 executing program 2: syz_clone3(&(0x7f00000029c0)={0x41222000, 0x0, &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) 08:07:41 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) ioctl$USBDEVFS_ALLOC_STREAMS(0xffffffffffffffff, 0x8008551c, &(0x7f0000000000)={0xbdb3, 0x1c, [{0x2}, {0x5}, {}, {}, {0x3, 0x1}, {0x9, 0x1}, {0x8}, {}, {0xa, 0x1}, {0x3, 0x1}, {0x7, 0x1}, {0xe}, {0xc, 0x1}, {0x2, 0x1}, {0xc}, {0x7}, {0x6}, {0x8, 0x1}, {0x9}, {0x3, 0x1}, {0x3, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x0, 0x1}, {0xf}, {0x7}, {0x8, 0x1}, {0xf}]}) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) 08:07:41 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000000)=0x0) timer_settime(r0, 0x1, &(0x7f00000000c0), &(0x7f0000000100)) [ 1008.710844][ T3147] CPU: 1 PID: 3147 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1008.719102][ T3147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1008.728993][ T3147] Call Trace: [ 1008.732113][ T3147] [ 1008.734899][ T3147] dump_stack_lvl+0x151/0x1b7 [ 1008.739412][ T3147] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1008.744700][ T3147] ? __kasan_check_write+0x14/0x20 [ 1008.749649][ T3147] ? __set_page_owner+0x2ee/0x310 [ 1008.754509][ T3147] dump_stack+0x15/0x17 [ 1008.758499][ T3147] should_fail+0x3c0/0x510 [ 1008.762752][ T3147] should_fail_alloc_page+0x58/0x70 [ 1008.767786][ T3147] __alloc_pages+0x1de/0x7c0 [ 1008.772208][ T3147] ? __count_vm_events+0x30/0x30 [ 1008.776981][ T3147] ? __count_vm_events+0x30/0x30 [ 1008.781754][ T3147] ? __kasan_check_write+0x14/0x20 [ 1008.786708][ T3147] ? _raw_spin_lock+0xa3/0x1b0 [ 1008.791305][ T3147] __pmd_alloc+0xb1/0x550 [ 1008.795468][ T3147] ? kmem_cache_alloc+0x189/0x2f0 [ 1008.800336][ T3147] ? anon_vma_fork+0x1b9/0x4f0 [ 1008.804929][ T3147] ? __pud_alloc+0x260/0x260 [ 1008.809354][ T3147] ? __pud_alloc+0x218/0x260 [ 1008.813789][ T3147] ? do_handle_mm_fault+0x2370/0x2370 [ 1008.818990][ T3147] copy_page_range+0xd04/0x1090 [ 1008.823679][ T3147] ? pfn_valid+0x1e0/0x1e0 [ 1008.827931][ T3147] dup_mmap+0x99f/0xea0 [ 1008.831921][ T3147] ? __delayed_free_task+0x20/0x20 [ 1008.836873][ T3147] ? mm_init+0x807/0x960 [ 1008.840948][ T3147] dup_mm+0x91/0x330 [ 1008.844683][ T3147] copy_mm+0x108/0x1b0 [ 1008.848587][ T3147] copy_process+0x1295/0x3250 [ 1008.853106][ T3147] ? check_stack_object+0xf7/0x130 [ 1008.858048][ T3147] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1008.862995][ T3147] ? copy_clone_args_from_user+0x6cf/0x790 [ 1008.868636][ T3147] kernel_clone+0x22d/0x990 [ 1008.872976][ T3147] ? dup_mmap+0xea0/0xea0 [ 1008.877142][ T3147] ? create_io_thread+0x1e0/0x1e0 [ 1008.882006][ T3147] ? file_end_write+0x1b0/0x1b0 [ 1008.886692][ T3147] __x64_sys_clone3+0x375/0x3a0 [ 1008.891376][ T3147] ? __ia32_sys_clone+0x300/0x300 [ 1008.896241][ T3147] ? ksys_write+0x25f/0x2c0 [ 1008.900582][ T3147] ? debug_smp_processor_id+0x17/0x20 [ 1008.905786][ T3147] do_syscall_64+0x44/0xd0 [ 1008.910038][ T3147] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1008.915765][ T3147] RIP: 0033:0x7f495fdbc639 [ 1008.920022][ T3147] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1008.939460][ T3147] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1008.947707][ T3147] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 08:07:41 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 35) 08:07:41 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0xb0ede9682a0000, 0x0, 0x0}, 0x58) 08:07:41 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000000)=0x0) timer_settime(r0, 0x1, &(0x7f00000000c0), &(0x7f0000000100)) 08:07:41 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) (async) timer_create(0x3, &(0x7f00000001c0)={0x0, 0x19, 0x1, @thr={&(0x7f0000000040)="010f65365c58950aff4f78fb48d1443292c26fee171427a3547c35760234f3b099d4415a5338ae34846fc7a61575f742da1a970cf4b3bbd7d8754f4a3001d33efeddb6195cb8d8ecaaa400f7ded3fe7b922c86452344062db045ee11e0abe5d7ebd67ef48c642197da2f9e4632fbdab2a71edc8ecef19f65b21a2185dc", &(0x7f0000000380)="b636af043c80d14ece128d4ed1924210b5ce42e2db35446aa2d166ae12661b3a704b8770354e738a0733b247442c3c4a4a56e6d99c905ffac96c56ad2fed9d6edf38bb480247a25aca857af0e6f22741979c06d52a30ae22a60ecebbca99fe4f5b3d127564f3c75b13435282391a0e8bd9398f337b7b1752898c496bd8caa87326de2b1077e5c54f9c3cbb787dd4cb8a96ad92c258db2136141ea048967fb5cdac180b4f554bb3899e6f009ef6561ac55f14a4eb06ca402d7db27deafcc8f93b5d38eacfbbcb40c2af4183e7fbd9093ab694e345147bdf6e8e6545a9e5bde99bcf54def0598bcf6e0b8478da968649d9437f318e0ba3871c362803"}}, &(0x7f0000000200)) timer_create(0x4, &(0x7f0000000280)={0x0, 0x13, 0x2, @thr={&(0x7f0000000480)="c0c050b8e8f3ac0cfdfe4dc75acd8fdc27e6168a2d9d7a5be64287b3c12b9870726e6ab0985b238543228a19a1e87385e0a5f6480b40ff31f1f3e7ee5899fd7e52e50356642e309d94bc1c277f0a28ea3b9ea8a0a3e03cf1ad69db9605b031a5ea7287def67a71b500f0c562e4b987324ac3e7bc487b985b4305c0907c0c2f7ffbb53a263afb6d59abb5575fdff4be9111", &(0x7f0000000540)="07b8e7358636799666cd1e6375c21cae0f07bdce52ed00ec97b5f1af56221d984f847d03b18a56773517429f5fb8a83cac56dd8d93873cc5fa1aa26d10ea6dddde40f1b7011b2e91c3cd086eb273c387baeeddcb7af97218c08ce14351bba1a6f0aadb9b52ec1a451113219c50f4293676b35f1b06e45931e1cffc95457d6b6451b0c7c6ab87902bd30d7e129509d82b049b0e496033d21806a74d90b9084c9d09f6cb57fe37eb4067a86fd912eb92c017cde8d0fbe727a3eb2ad86b4c4c65735128f771"}}, &(0x7f00000002c0)) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) timer_gettime(r0, &(0x7f0000000000)) (async) timer_gettime(r0, &(0x7f0000000640)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_create(0x4, &(0x7f00000000c0)={0x0, 0x1000007, 0x1, @thr={&(0x7f0000001340)="827db238dba5be6235192dcdf522f09d1e85a412a555ba84d8d0e6c138705358f506be7ccb688eae3998a3b632aeed4ed2196e472159363f22b977cba35249266c03dbd154dc760cebeeb94be7df2fdc700481acc8315222eef4360e3d9e0e1b3832fc24dff6b0b6690eee76414c2dd3b4ea9637a45cf5d4e82a9210785c540f9ceb393e59dd382118b28e86b3ada53e13e596ac0726ae7fba1293d7afef7b4ca461487c599c5b6361144fe684b229b06c76763ccfb5eb10a2d505b52497e6f4c4ec74cc72c01f10af8b47cf06cb4f59391198f6bf4373cf8ef6f2e2ee4d82a62c1ab2b4bc03de1de7d3bca3b985db1c7b56938e7dd5ad7d25e7d67d09a88b22a50b546c9ccef3b76c1ee56f3434e8884077f2254834c6933526e0ec46289e0b4b89dcc871d410f093bbd2655bfa62aa53708444e703c4330112423a13f64d44d958bf60252e216d34271fec28b78fe3df4767d25ebbf499f8ee28fd7e72993bbc917293ea", &(0x7f00000014c0)="a09abab9d15737ddb4de94b48f601f972009c86df3c0ef2c3084d9fcf4da86c20dda1c22d809de30a679f1caabf2395bade148c214724d0d8b9c790812edb8722e243f8972469847434cb5943072608507abcc5c1be538bd9ee6b3a2bc72ac6d8ccc263301f1ddadd11cc36b6a65564d232cf1819985edcca639bce28276a7b3a6b9ffa90b7096db85f064342b5dd0bd8c07e1a7a3abf8a3da00242fa7b23a174bd40304fd7b6a86d91d98c681e722e79db15b4da243a2676e3ae67ce7bdbcae27628b2b9c4c98d2471b56144d7fa7fad14c2ac51fa4211ab950227786e62f93f006b3bf63c44bb6cc4b5e70c84827b95e1ae721133bd109f4e38b322f90f33580b1699c5b658ae51d4e0d0cdab63872708c99bb0f746de5a8d48127edb421063b16ae5185dc5bd66b70236826c9c096b2387a6fc13c0fc99aa6691b5967c8adf484a73d41a3d7f1dd424cbe93e6b279b4ded9c7ddc6d5d33506e9c536e2ae95c502e32152e422bb4279945c7b4dda23845ab99a7d6947a88e53720da90047d34153971dd7be514a0ed8ce2406390227aebdb518c16b308a9f46aa072fd3ff7bfd8a3dfa3a5a2e765513dbcaee09e7544419ca25f49a9aef2bebc3ed8006c0f3cd5ed1cba10ad151a007dd9caf95aa0b8040d0d24df682d7bd8f2c79cdc54b4b4c1b7297c9fa7575f72f5c0d663f311673d28623c3e57114e71e6d4d64fe5665576d3620530f60b100e504dd9bc6073581ae841d87f19c2f42555df66d6dc6b0cfc49b35a749b2c7c2e0f59ada7b3bd5b4e054c2371c88aa5d1a7e8a1505394c8f13841fd00ab96866f509cb2fa94e4d601d3513b4b7dfa6a6c952ee94d72c53146e98ab1e14a38ab1c9ba78255579cf9f8d70d7e24210523f1b768836020fe7fda17c92a45c99ed22801d1effe25cf4b48a15ac8f25cbdde788e0e011bfac304ced47275f5ab373d655dada7990590626c9e658e07218cd5c08b6983d9a7774216a4ccc17d2486b0cee572d53d653e31fbfdf6b508ed7778b5de95f13564851c480eadc43e4d108c822c357d69d82d7532dc21643c19d50761c5f03bfa1567deb76d7849f2e6c4b317fe5ef3587e6f316b3bbd864f676cfece662eb9b58752e970cda216920c4e44b9869aa76156798fcfa8abbdac8646c17e4587b81090e2bdb67a0b88782d254f5bc8b46d23dbe98677734985ba213ae4cf128395c23decffec9ba90793e9dfdf5b3d52da4cc499ddfad29a71f8bf94c5e33f1a82d475cb5e54ddff6b33e187cc363849c52f698c12078103eceb32634948b9c7786c89050795cc857506716a81f334674c6c439600f26b524ee352de87abf1b10bc28251e0909ea393d022d5a46f06532e517befccedb05ca355e7bd7bf7ffc012e9aaa9537b7ddb729a2d9e64f5981f099167ef60e7a99ac48736e714e722af22bd51880619028fc707137f36451e64e0da7f59b96b59bcc1e391e9736f46c66f5f57ab452e77e5ce3354817d6c98311814663f56f68df2818ecf881747711366fc161b3b46f9154b5503e5b9c73f1bebbb22081fe618b639ef897b973630af04528a216069d9788a8bb54139351cfc4ff63585f7d83e64182166edf5252a9429a6b7d18617be3d1f1d253bc2d53cecb23681c10953a1016123be8759641ed9aa28b4328d5a498e148881c8c299d57cc20d415f06eaf707c0e2f0ebc717222db4bf3174dcfa7d1d33992bfdfb13538416636f8c5ac79e0cd7b4e556d75bc799b34f4ffbc9d4b6da927cf4c9d57dd9dfce48b8f5e204c636dddf480c16e303993af4647cae456a2f806fbe745c7284ca48385dc3f4948e9096f883f94fc1be923e9841b1705e382b29e66a42a868e22bf3d48d99a733153cfebbbadd374c0299668c99728765944220ce9f4c0a437cfe8d4f299b4e17685d51553a1b477fc77b15f112f0bf7d5e52a910a43c83859523f772b1cb8c9c176fb7f1e8b40faf53c6a1c7591f06c57a5506246fab978bcfd1f5702037a13ec36bd9a553f6aa085cf4fd43294f87735f39799e490de322288c0d76023ab9f0a3df3845b36697d51d6b3f0ffa313b92840e9bbac2d0470479fc7a89590f7faf94ff15f32de1e13a3dd6588c2ebdd138b6f930c93ca18d0fa59cb92cdb61f35ae893c5d4e03e029f45523c474dc08bae8a3b3d4f49da0f5b5a40058e8a756f1997b902e34e36104e23909cca9a4e5493481260c9de38584624dcf3ba780eaf20badb7111a3e64aa838f515ae7de105150e97c72c4a1fd2cf6b0c3ade6c0a6a20f068c957a5b4332cf2afabded72fa450a73f6474d4705065e4a855955adc6c193a20464b0a27abda5c04735f2df6ea0481e5a31c73662097d07beb0806a01584b7fbd3c5ac86f318af36de0b8b5b7e9a440ec0ed8b0dbde92448a02f5b3935903999290309d04413c12cee9797729483793e5afd86fcaba4d16d616485e2097a06ac3ff2a8b805719893a3225aef272ddca40c4b2ee0c71e16e01cea5d2811823a282cff509615abe94fb56d6f68cc3ce90d1c47ada2d7e80c075f8d9654ab82a65b2e3e3b00f121790f0f3703676fec26db422ed1395973d249f3fc56e505f2a01fd74610a5942fefd82c33a641e3560b4d5875eb79641477f73dde946fe5db4bdc771f285102d668a5f09f4b1a5fd45080c887dbf236b7f73ad809a2cbb432e13e37f86e14421f0813309756cb2a94346406b09da2809e065fd900e8c53a0f3180a15de9baa2233146f8748a8e15a9d6d8ba7301b6da60072c75f796d972e6f7a5640af8d28d75543a39c3200ab693f2e2b9cd4f9d65e947b8afa053241ebbf3213043a1969bff7b7324ca839cb783cf0cc0afae3043c5439e03c369fc1dea99b6495031c8f9141304333629d4ab60cba3b6660d33b83e37f6b5c7981959701c1142dfbe3587f5533b0759bed1f73f814215e11e72056b2de39868367306f4db4cce7010c263874a3ac612ba281dccebe0e903f7adb539bc9904f7a599acdbe9d12238b3fe08a966b44e8b9f201e6016892bb0e927ac5d266e248b04ba23f78d536406cdec406a5894057248076f0c5551f80620c66a66ebfbcdb8a5f5fbe56fb585ba96d84ab9932bfe46e1fdea489708bceb7dbc8a1d3f6c15548ee4bf0612a030602734e3dd1fb2fb5d274b2a1a266c1a387b5948621db9cf849f8c13f0b4392db3e4eb77c1edbb07cda74d389091963db3a9d23e6c7b568b2b7a99116f8fa2c27d269148e2fc21a99f2ee89661e95aa3d46defa21d5cb3338e7f6f74d509e4a6b0465157795b168e5d3a3cacc2ae671ed9cc59da5952c49f9d4bc85c0ddbb134bea913e3adfec115e3475da0e3a8d787ed60d7d08a675715234acbba57e518e0399a0d49ae797206645071d685d90628cfeb8bd604a0c631e4e03aa2c4cb44c756b1ea59256c35a527e274965ac2cf824540175022a45c905c574dfa0f2c2ca818bbb4e64a4f083f740a994c0722c82b6123faecc2b0d0fa82b6c7d936250e17d54c8092f2b33ffb506eeeb90f86db280c626dfceb07f7bcae28eb8e0b486e54885ccd6840855e41165fca105864caf9cb6675898e11b6cbf092d14c7a2142f4276e5bf56fa363db05b98042e8484a15d4240101500f7229406891cf9e075d559cb6fb6506579676538935f367c7b3a1f65dbc3a9f220ab6e18158e89ff3deaac060685945dc878f2329f34c2b0aac50e2fefcd9373c02947fef55483aa9f237c9b659fbe39eaa9d4f07e63c75fb9b7eed6d524b71953f39ae8db9e1e2a72bd5d6f56371394fb81ff0c6d77a2406e135d5d8c7457708f49ddbaaf9697197814fa307b3aeaa5d7a6f4a84751ae5e005309fb670fea2e3440fd50da76535d854f0df6f3c9443870f6c99a2c537efbf40bf010cf8ddc950e7bb001a92d63662fae1e5f8b2c8557f1d69f4a587e7d36d4064754eb724543c5306f71c4baf800dfa758093b12f1caa100dadfe8d29e372de2e71e3f86924cbc8c859ea6896558888aa4d0907de11030adf408b82bbf5fa2185c0f5ff5d72b0272b05dfad36a7a0f57796d1c57e185a39d85e2ec9f98a26219254929ec4c49c57a2f9bc3b52dbcddd29877447dfd558d5a1b35885b731854dc695b9586758a6c2290cae7ccb365aa25bc54ec4cba698239c73db2a7c9049b5f5a220cfccc3fdef455bc912d545e54b9feee9bc7544482ee7d5395bdd12592f7ea07ae83e1601729dba164eccfffec03edaad001f6814e9b86046d42d4e3bf114dc6b45414519c8e44cd4558a032476a770eb561e49ff061fad74a0eda905e53031fd58d56ca20f69b1429f8704000559203a2501736c7bc711806842d248396b998b7073effda4a2c475c7b34ef19ab37af276eb2c64c7192748a3682d20b0851cab05f2e608cfa8f82c199e04545ea9e29e6e3fe2c1014d7adffff59b629ab0de0c6b439fdf163a6b3f6b341acd2a58f0a0980e7828675d6c79ff23ab15d3a14d987597df5782160a552823ce8edaea7d911e6eceef1d15b24291e482fa0c98a9717953fda15f051dccc3ba606ef486660a8a05994b8d027f4f154deff2462e9edbc2f3b156dc9ed73a7186770480e924fa76dbccb09eb1a59042b4c89b7dbd9c2ce881b4a75e88361a38c6d46a11d80a4fdc7e810d29b9bb244e8990e46a4c704830dd273e8cd1ba96ee12753a458847e5abf332e71159fe365d75770930951f9138d7e4c76c40d4b8f59e2b274918cad62fc3faef5a4e5589adb7729fb09bb063c0404c041fd733ca1ee9cb1812968dcf635b61f362c44e7013fcfb44c8c3e899c2c27c45d7f859c67f800385d82b449f3b87fdafecc428e8695ea6f8fb9c3ce919ccda30e0c147c50044bc23c010ba556686aada26c2a19d012e1de014abd07cee811ee61a22f56f7949958861a37a7eef91be3779bd33d7b64de091f1492904cf4ea1f0fe86bebaa1e10bbd1bcda2d6aba85c86f89fe75cf1a31bc4db26a28d61cf728ee9ab60126b791f7af732fc60f88f19d833d2635086c9109a6fb408da1ca07c60527582ddf9946edc8449363ccd75154626620b0673f06ba4a8f6032013b204a584cb603d035d7437480b421fb090ecce7fcc97b8e633da2c3c2574001764ddb3d39712ab13a0dbe937318716720a3f4213cd4bd4a7c7efb0584493d6a4dffd716d2416ee0717fd00adf90e1d9b362ee80ce988b21951d83cf171a6c5032b759242a139e0aba84041ac668eb3c43621a15a1809eb3d2d756cb8dcbbb0485c9f7a832efecb3b05826c89f74a4eacd15210238502f55504ac20394fbfe5b28f70d461e4ec9f0bd11b0afaf1f9b1034777194e6b00adde4cf6df5e6966187e8affdead02f51f80b021f6af48b7b0ec20be9fa49bee0206fe632c1390a475c4e62068ed41af370af7380510c5be82efb5fc0962c1c4981be986a50b1314f9307edbe1d4fd9c8c9cfaf4fc8ddde079fbd062a3672a5ba2f1cbe8e1f4d4282a9175484b56a5e6c07fba9debf44675508e9862077d8ebb5124b4954635b779b7e3a948cc13de6439f72cf23548902a3fd9d7b70edb5b5a64537e212da5cd9a36e58ffd9b38e1a27e5034791145bc47c6990e1acfe0a82ad7a81e47f0dd6cca5ef4004a41788de228c5084587f3369c2f0bba4ff24ed19f02b8365a4b3062910d0129173a187d5b8275689a845b8ddeeb6da02f5d989add55edb2ca06a737eb037ded8867da962000f28a70b6f018ceccaf296526a15eaff63d9ea046a27fb5a641fb16c8c299fb574b9c76d4cf9e1f9407731daa2611296574f"}}, &(0x7f0000000180)=0x0) timer_delete(r2) (async) timer_gettime(0x0, &(0x7f0000000240)) 08:07:41 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$USBDEVFS_ALLOC_STREAMS(0xffffffffffffffff, 0x8008551c, &(0x7f0000000000)={0xbdb3, 0x1c, [{0x2}, {0x5}, {}, {}, {0x3, 0x1}, {0x9, 0x1}, {0x8}, {}, {0xa, 0x1}, {0x3, 0x1}, {0x7, 0x1}, {0xe}, {0xc, 0x1}, {0x2, 0x1}, {0xc}, {0x7}, {0x6}, {0x8, 0x1}, {0x9}, {0x3, 0x1}, {0x3, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x0, 0x1}, {0xf}, {0x7}, {0x8, 0x1}, {0xf}]}) (async, rerun: 64) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (rerun: 64) 08:07:41 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0xf0e10c1b000000, 0x0, 0x0}, 0x58) 08:07:41 executing program 5: timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_settime(0x0, 0x1, &(0x7f00000000c0), &(0x7f0000000100)) [ 1008.955516][ T3147] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1008.963329][ T3147] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1008.971144][ T3147] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1008.978955][ T3147] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1008.986764][ T3147] 08:07:41 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0xf0ff1f00000000, 0x0, 0x0}, 0x58) 08:07:41 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) (async, rerun: 64) timer_create(0x3, &(0x7f00000001c0)={0x0, 0x19, 0x1, @thr={&(0x7f0000000040)="010f65365c58950aff4f78fb48d1443292c26fee171427a3547c35760234f3b099d4415a5338ae34846fc7a61575f742da1a970cf4b3bbd7d8754f4a3001d33efeddb6195cb8d8ecaaa400f7ded3fe7b922c86452344062db045ee11e0abe5d7ebd67ef48c642197da2f9e4632fbdab2a71edc8ecef19f65b21a2185dc", &(0x7f0000000380)="b636af043c80d14ece128d4ed1924210b5ce42e2db35446aa2d166ae12661b3a704b8770354e738a0733b247442c3c4a4a56e6d99c905ffac96c56ad2fed9d6edf38bb480247a25aca857af0e6f22741979c06d52a30ae22a60ecebbca99fe4f5b3d127564f3c75b13435282391a0e8bd9398f337b7b1752898c496bd8caa87326de2b1077e5c54f9c3cbb787dd4cb8a96ad92c258db2136141ea048967fb5cdac180b4f554bb3899e6f009ef6561ac55f14a4eb06ca402d7db27deafcc8f93b5d38eacfbbcb40c2af4183e7fbd9093ab694e345147bdf6e8e6545a9e5bde99bcf54def0598bcf6e0b8478da968649d9437f318e0ba3871c362803"}}, &(0x7f0000000200)) (async, rerun: 64) timer_create(0x4, &(0x7f0000000280)={0x0, 0x13, 0x2, @thr={&(0x7f0000000480)="c0c050b8e8f3ac0cfdfe4dc75acd8fdc27e6168a2d9d7a5be64287b3c12b9870726e6ab0985b238543228a19a1e87385e0a5f6480b40ff31f1f3e7ee5899fd7e52e50356642e309d94bc1c277f0a28ea3b9ea8a0a3e03cf1ad69db9605b031a5ea7287def67a71b500f0c562e4b987324ac3e7bc487b985b4305c0907c0c2f7ffbb53a263afb6d59abb5575fdff4be9111", &(0x7f0000000540)="07b8e7358636799666cd1e6375c21cae0f07bdce52ed00ec97b5f1af56221d984f847d03b18a56773517429f5fb8a83cac56dd8d93873cc5fa1aa26d10ea6dddde40f1b7011b2e91c3cd086eb273c387baeeddcb7af97218c08ce14351bba1a6f0aadb9b52ec1a451113219c50f4293676b35f1b06e45931e1cffc95457d6b6451b0c7c6ab87902bd30d7e129509d82b049b0e496033d21806a74d90b9084c9d09f6cb57fe37eb4067a86fd912eb92c017cde8d0fbe727a3eb2ad86b4c4c65735128f771"}}, &(0x7f00000002c0)) (async, rerun: 32) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) (rerun: 32) timer_delete(r1) timer_gettime(r0, &(0x7f0000000000)) timer_gettime(r0, &(0x7f0000000640)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_create(0x4, &(0x7f00000000c0)={0x0, 0x1000007, 0x1, @thr={&(0x7f0000001340)="827db238dba5be6235192dcdf522f09d1e85a412a555ba84d8d0e6c138705358f506be7ccb688eae3998a3b632aeed4ed2196e472159363f22b977cba35249266c03dbd154dc760cebeeb94be7df2fdc700481acc8315222eef4360e3d9e0e1b3832fc24dff6b0b6690eee76414c2dd3b4ea9637a45cf5d4e82a9210785c540f9ceb393e59dd382118b28e86b3ada53e13e596ac0726ae7fba1293d7afef7b4ca461487c599c5b6361144fe684b229b06c76763ccfb5eb10a2d505b52497e6f4c4ec74cc72c01f10af8b47cf06cb4f59391198f6bf4373cf8ef6f2e2ee4d82a62c1ab2b4bc03de1de7d3bca3b985db1c7b56938e7dd5ad7d25e7d67d09a88b22a50b546c9ccef3b76c1ee56f3434e8884077f2254834c6933526e0ec46289e0b4b89dcc871d410f093bbd2655bfa62aa53708444e703c4330112423a13f64d44d958bf60252e216d34271fec28b78fe3df4767d25ebbf499f8ee28fd7e72993bbc917293ea", &(0x7f00000014c0)="a09abab9d15737ddb4de94b48f601f972009c86df3c0ef2c3084d9fcf4da86c20dda1c22d809de30a679f1caabf2395bade148c214724d0d8b9c790812edb8722e243f8972469847434cb5943072608507abcc5c1be538bd9ee6b3a2bc72ac6d8ccc263301f1ddadd11cc36b6a65564d232cf1819985edcca639bce28276a7b3a6b9ffa90b7096db85f064342b5dd0bd8c07e1a7a3abf8a3da00242fa7b23a174bd40304fd7b6a86d91d98c681e722e79db15b4da243a2676e3ae67ce7bdbcae27628b2b9c4c98d2471b56144d7fa7fad14c2ac51fa4211ab950227786e62f93f006b3bf63c44bb6cc4b5e70c84827b95e1ae721133bd109f4e38b322f90f33580b1699c5b658ae51d4e0d0cdab63872708c99bb0f746de5a8d48127edb421063b16ae5185dc5bd66b70236826c9c096b2387a6fc13c0fc99aa6691b5967c8adf484a73d41a3d7f1dd424cbe93e6b279b4ded9c7ddc6d5d33506e9c536e2ae95c502e32152e422bb4279945c7b4dda23845ab99a7d6947a88e53720da90047d34153971dd7be514a0ed8ce2406390227aebdb518c16b308a9f46aa072fd3ff7bfd8a3dfa3a5a2e765513dbcaee09e7544419ca25f49a9aef2bebc3ed8006c0f3cd5ed1cba10ad151a007dd9caf95aa0b8040d0d24df682d7bd8f2c79cdc54b4b4c1b7297c9fa7575f72f5c0d663f311673d28623c3e57114e71e6d4d64fe5665576d3620530f60b100e504dd9bc6073581ae841d87f19c2f42555df66d6dc6b0cfc49b35a749b2c7c2e0f59ada7b3bd5b4e054c2371c88aa5d1a7e8a1505394c8f13841fd00ab96866f509cb2fa94e4d601d3513b4b7dfa6a6c952ee94d72c53146e98ab1e14a38ab1c9ba78255579cf9f8d70d7e24210523f1b768836020fe7fda17c92a45c99ed22801d1effe25cf4b48a15ac8f25cbdde788e0e011bfac304ced47275f5ab373d655dada7990590626c9e658e07218cd5c08b6983d9a7774216a4ccc17d2486b0cee572d53d653e31fbfdf6b508ed7778b5de95f13564851c480eadc43e4d108c822c357d69d82d7532dc21643c19d50761c5f03bfa1567deb76d7849f2e6c4b317fe5ef3587e6f316b3bbd864f676cfece662eb9b58752e970cda216920c4e44b9869aa76156798fcfa8abbdac8646c17e4587b81090e2bdb67a0b88782d254f5bc8b46d23dbe98677734985ba213ae4cf128395c23decffec9ba90793e9dfdf5b3d52da4cc499ddfad29a71f8bf94c5e33f1a82d475cb5e54ddff6b33e187cc363849c52f698c12078103eceb32634948b9c7786c89050795cc857506716a81f334674c6c439600f26b524ee352de87abf1b10bc28251e0909ea393d022d5a46f06532e517befccedb05ca355e7bd7bf7ffc012e9aaa9537b7ddb729a2d9e64f5981f099167ef60e7a99ac48736e714e722af22bd51880619028fc707137f36451e64e0da7f59b96b59bcc1e391e9736f46c66f5f57ab452e77e5ce3354817d6c98311814663f56f68df2818ecf881747711366fc161b3b46f9154b5503e5b9c73f1bebbb22081fe618b639ef897b973630af04528a216069d9788a8bb54139351cfc4ff63585f7d83e64182166edf5252a9429a6b7d18617be3d1f1d253bc2d53cecb23681c10953a1016123be8759641ed9aa28b4328d5a498e148881c8c299d57cc20d415f06eaf707c0e2f0ebc717222db4bf3174dcfa7d1d33992bfdfb13538416636f8c5ac79e0cd7b4e556d75bc799b34f4ffbc9d4b6da927cf4c9d57dd9dfce48b8f5e204c636dddf480c16e303993af4647cae456a2f806fbe745c7284ca48385dc3f4948e9096f883f94fc1be923e9841b1705e382b29e66a42a868e22bf3d48d99a733153cfebbbadd374c0299668c99728765944220ce9f4c0a437cfe8d4f299b4e17685d51553a1b477fc77b15f112f0bf7d5e52a910a43c83859523f772b1cb8c9c176fb7f1e8b40faf53c6a1c7591f06c57a5506246fab978bcfd1f5702037a13ec36bd9a553f6aa085cf4fd43294f87735f39799e490de322288c0d76023ab9f0a3df3845b36697d51d6b3f0ffa313b92840e9bbac2d0470479fc7a89590f7faf94ff15f32de1e13a3dd6588c2ebdd138b6f930c93ca18d0fa59cb92cdb61f35ae893c5d4e03e029f45523c474dc08bae8a3b3d4f49da0f5b5a40058e8a756f1997b902e34e36104e23909cca9a4e5493481260c9de38584624dcf3ba780eaf20badb7111a3e64aa838f515ae7de105150e97c72c4a1fd2cf6b0c3ade6c0a6a20f068c957a5b4332cf2afabded72fa450a73f6474d4705065e4a855955adc6c193a20464b0a27abda5c04735f2df6ea0481e5a31c73662097d07beb0806a01584b7fbd3c5ac86f318af36de0b8b5b7e9a440ec0ed8b0dbde92448a02f5b3935903999290309d04413c12cee9797729483793e5afd86fcaba4d16d616485e2097a06ac3ff2a8b805719893a3225aef272ddca40c4b2ee0c71e16e01cea5d2811823a282cff509615abe94fb56d6f68cc3ce90d1c47ada2d7e80c075f8d9654ab82a65b2e3e3b00f121790f0f3703676fec26db422ed1395973d249f3fc56e505f2a01fd74610a5942fefd82c33a641e3560b4d5875eb79641477f73dde946fe5db4bdc771f285102d668a5f09f4b1a5fd45080c887dbf236b7f73ad809a2cbb432e13e37f86e14421f0813309756cb2a94346406b09da2809e065fd900e8c53a0f3180a15de9baa2233146f8748a8e15a9d6d8ba7301b6da60072c75f796d972e6f7a5640af8d28d75543a39c3200ab693f2e2b9cd4f9d65e947b8afa053241ebbf3213043a1969bff7b7324ca839cb783cf0cc0afae3043c5439e03c369fc1dea99b6495031c8f9141304333629d4ab60cba3b6660d33b83e37f6b5c7981959701c1142dfbe3587f5533b0759bed1f73f814215e11e72056b2de39868367306f4db4cce7010c263874a3ac612ba281dccebe0e903f7adb539bc9904f7a599acdbe9d12238b3fe08a966b44e8b9f201e6016892bb0e927ac5d266e248b04ba23f78d536406cdec406a5894057248076f0c5551f80620c66a66ebfbcdb8a5f5fbe56fb585ba96d84ab9932bfe46e1fdea489708bceb7dbc8a1d3f6c15548ee4bf0612a030602734e3dd1fb2fb5d274b2a1a266c1a387b5948621db9cf849f8c13f0b4392db3e4eb77c1edbb07cda74d389091963db3a9d23e6c7b568b2b7a99116f8fa2c27d269148e2fc21a99f2ee89661e95aa3d46defa21d5cb3338e7f6f74d509e4a6b0465157795b168e5d3a3cacc2ae671ed9cc59da5952c49f9d4bc85c0ddbb134bea913e3adfec115e3475da0e3a8d787ed60d7d08a675715234acbba57e518e0399a0d49ae797206645071d685d90628cfeb8bd604a0c631e4e03aa2c4cb44c756b1ea59256c35a527e274965ac2cf824540175022a45c905c574dfa0f2c2ca818bbb4e64a4f083f740a994c0722c82b6123faecc2b0d0fa82b6c7d936250e17d54c8092f2b33ffb506eeeb90f86db280c626dfceb07f7bcae28eb8e0b486e54885ccd6840855e41165fca105864caf9cb6675898e11b6cbf092d14c7a2142f4276e5bf56fa363db05b98042e8484a15d4240101500f7229406891cf9e075d559cb6fb6506579676538935f367c7b3a1f65dbc3a9f220ab6e18158e89ff3deaac060685945dc878f2329f34c2b0aac50e2fefcd9373c02947fef55483aa9f237c9b659fbe39eaa9d4f07e63c75fb9b7eed6d524b71953f39ae8db9e1e2a72bd5d6f56371394fb81ff0c6d77a2406e135d5d8c7457708f49ddbaaf9697197814fa307b3aeaa5d7a6f4a84751ae5e005309fb670fea2e3440fd50da76535d854f0df6f3c9443870f6c99a2c537efbf40bf010cf8ddc950e7bb001a92d63662fae1e5f8b2c8557f1d69f4a587e7d36d4064754eb724543c5306f71c4baf800dfa758093b12f1caa100dadfe8d29e372de2e71e3f86924cbc8c859ea6896558888aa4d0907de11030adf408b82bbf5fa2185c0f5ff5d72b0272b05dfad36a7a0f57796d1c57e185a39d85e2ec9f98a26219254929ec4c49c57a2f9bc3b52dbcddd29877447dfd558d5a1b35885b731854dc695b9586758a6c2290cae7ccb365aa25bc54ec4cba698239c73db2a7c9049b5f5a220cfccc3fdef455bc912d545e54b9feee9bc7544482ee7d5395bdd12592f7ea07ae83e1601729dba164eccfffec03edaad001f6814e9b86046d42d4e3bf114dc6b45414519c8e44cd4558a032476a770eb561e49ff061fad74a0eda905e53031fd58d56ca20f69b1429f8704000559203a2501736c7bc711806842d248396b998b7073effda4a2c475c7b34ef19ab37af276eb2c64c7192748a3682d20b0851cab05f2e608cfa8f82c199e04545ea9e29e6e3fe2c1014d7adffff59b629ab0de0c6b439fdf163a6b3f6b341acd2a58f0a0980e7828675d6c79ff23ab15d3a14d987597df5782160a552823ce8edaea7d911e6eceef1d15b24291e482fa0c98a9717953fda15f051dccc3ba606ef486660a8a05994b8d027f4f154deff2462e9edbc2f3b156dc9ed73a7186770480e924fa76dbccb09eb1a59042b4c89b7dbd9c2ce881b4a75e88361a38c6d46a11d80a4fdc7e810d29b9bb244e8990e46a4c704830dd273e8cd1ba96ee12753a458847e5abf332e71159fe365d75770930951f9138d7e4c76c40d4b8f59e2b274918cad62fc3faef5a4e5589adb7729fb09bb063c0404c041fd733ca1ee9cb1812968dcf635b61f362c44e7013fcfb44c8c3e899c2c27c45d7f859c67f800385d82b449f3b87fdafecc428e8695ea6f8fb9c3ce919ccda30e0c147c50044bc23c010ba556686aada26c2a19d012e1de014abd07cee811ee61a22f56f7949958861a37a7eef91be3779bd33d7b64de091f1492904cf4ea1f0fe86bebaa1e10bbd1bcda2d6aba85c86f89fe75cf1a31bc4db26a28d61cf728ee9ab60126b791f7af732fc60f88f19d833d2635086c9109a6fb408da1ca07c60527582ddf9946edc8449363ccd75154626620b0673f06ba4a8f6032013b204a584cb603d035d7437480b421fb090ecce7fcc97b8e633da2c3c2574001764ddb3d39712ab13a0dbe937318716720a3f4213cd4bd4a7c7efb0584493d6a4dffd716d2416ee0717fd00adf90e1d9b362ee80ce988b21951d83cf171a6c5032b759242a139e0aba84041ac668eb3c43621a15a1809eb3d2d756cb8dcbbb0485c9f7a832efecb3b05826c89f74a4eacd15210238502f55504ac20394fbfe5b28f70d461e4ec9f0bd11b0afaf1f9b1034777194e6b00adde4cf6df5e6966187e8affdead02f51f80b021f6af48b7b0ec20be9fa49bee0206fe632c1390a475c4e62068ed41af370af7380510c5be82efb5fc0962c1c4981be986a50b1314f9307edbe1d4fd9c8c9cfaf4fc8ddde079fbd062a3672a5ba2f1cbe8e1f4d4282a9175484b56a5e6c07fba9debf44675508e9862077d8ebb5124b4954635b779b7e3a948cc13de6439f72cf23548902a3fd9d7b70edb5b5a64537e212da5cd9a36e58ffd9b38e1a27e5034791145bc47c6990e1acfe0a82ad7a81e47f0dd6cca5ef4004a41788de228c5084587f3369c2f0bba4ff24ed19f02b8365a4b3062910d0129173a187d5b8275689a845b8ddeeb6da02f5d989add55edb2ca06a737eb037ded8867da962000f28a70b6f018ceccaf296526a15eaff63d9ea046a27fb5a641fb16c8c299fb574b9c76d4cf9e1f9407731daa2611296574f"}}, &(0x7f0000000180)=0x0) timer_delete(r2) (async) timer_gettime(0x0, &(0x7f0000000240)) 08:07:41 executing program 2: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) write$selinux_attr(r0, 0x0, 0x0) 08:07:41 executing program 0: ioctl$USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, &(0x7f00000001c0)={0x2, &(0x7f0000000080)="6843d42ee59ef81c38d05291bb655b5ff06cdfe47e50fc41bf67"}) socket$nl_audit(0x10, 0x3, 0x9) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) read$FUSE(0xffffffffffffffff, 0x0, 0x0) getsockopt$bt_sco_SCO_CONNINFO(0xffffffffffffffff, 0x11, 0x2, &(0x7f0000000000)=""/5, &(0x7f0000000040)=0x5) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) ioctl$HIDIOCAPPLICATION(0xffffffffffffffff, 0x4802, 0x1f) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000200)=""/4096, &(0x7f0000000180)=0x1000) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000001200), 0x2, 0x0) write$FUSE_BMAP(r2, &(0x7f0000001240)={0x18, 0x0, 0x0, {0x1000}}, 0x18) getsockopt$nfc_llcp(r1, 0x118, 0x2, &(0x7f0000000100)=""/79, 0x4f) 08:07:41 executing program 5: timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_settime(0x0, 0x1, &(0x7f00000000c0), &(0x7f0000000100)) [ 1009.030005][ T3203] FAULT_INJECTION: forcing a failure. [ 1009.030005][ T3203] name failslab, interval 1, probability 0, space 0, times 0 [ 1009.082956][ T3203] CPU: 1 PID: 3203 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1009.091210][ T3203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1009.101101][ T3203] Call Trace: [ 1009.104222][ T3203] [ 1009.107000][ T3203] dump_stack_lvl+0x151/0x1b7 [ 1009.111513][ T3203] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1009.116809][ T3203] dump_stack+0x15/0x17 [ 1009.120800][ T3203] should_fail+0x3c0/0x510 [ 1009.125053][ T3203] __should_failslab+0x9f/0xe0 [ 1009.129652][ T3203] should_failslab+0x9/0x20 [ 1009.133991][ T3203] kmem_cache_alloc+0x4f/0x2f0 [ 1009.138590][ T3203] ? vm_area_dup+0x26/0x1d0 [ 1009.142934][ T3203] vm_area_dup+0x26/0x1d0 [ 1009.147099][ T3203] dup_mmap+0x6b8/0xea0 [ 1009.151093][ T3203] ? __delayed_free_task+0x20/0x20 [ 1009.156038][ T3203] ? mm_init+0x807/0x960 [ 1009.160117][ T3203] dup_mm+0x91/0x330 [ 1009.163853][ T3203] copy_mm+0x108/0x1b0 [ 1009.167756][ T3203] copy_process+0x1295/0x3250 [ 1009.172270][ T3203] ? check_stack_object+0xf7/0x130 [ 1009.177215][ T3203] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1009.182162][ T3203] ? copy_clone_args_from_user+0x6cf/0x790 [ 1009.187805][ T3203] kernel_clone+0x22d/0x990 [ 1009.192153][ T3203] ? dup_mmap+0xea0/0xea0 [ 1009.196397][ T3203] ? create_io_thread+0x1e0/0x1e0 [ 1009.201260][ T3203] ? file_end_write+0x1b0/0x1b0 [ 1009.205950][ T3203] __x64_sys_clone3+0x375/0x3a0 [ 1009.210632][ T3203] ? __ia32_sys_clone+0x300/0x300 [ 1009.215579][ T3203] ? ksys_write+0x25f/0x2c0 [ 1009.219927][ T3203] ? debug_smp_processor_id+0x17/0x20 [ 1009.225126][ T3203] do_syscall_64+0x44/0xd0 [ 1009.229385][ T3203] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1009.235107][ T3203] RIP: 0033:0x7f495fdbc639 [ 1009.239366][ T3203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1009.258805][ T3203] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1009.267046][ T3203] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1009.274946][ T3203] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 08:07:41 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 36) 08:07:41 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x100000000000000, 0x0, 0x0}, 0x58) 08:07:41 executing program 0: ioctl$USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, &(0x7f00000001c0)={0x2, &(0x7f0000000080)="6843d42ee59ef81c38d05291bb655b5ff06cdfe47e50fc41bf67"}) socket$nl_audit(0x10, 0x3, 0x9) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) read$FUSE(0xffffffffffffffff, 0x0, 0x0) getsockopt$bt_sco_SCO_CONNINFO(0xffffffffffffffff, 0x11, 0x2, &(0x7f0000000000)=""/5, &(0x7f0000000040)=0x5) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) ioctl$HIDIOCAPPLICATION(0xffffffffffffffff, 0x4802, 0x1f) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000200)=""/4096, &(0x7f0000000180)=0x1000) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000001200), 0x2, 0x0) write$FUSE_BMAP(r2, &(0x7f0000001240)={0x18, 0x0, 0x0, {0x1000}}, 0x18) getsockopt$nfc_llcp(r1, 0x118, 0x2, &(0x7f0000000100)=""/79, 0x4f) ioctl$USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, &(0x7f00000001c0)={0x2, &(0x7f0000000080)="6843d42ee59ef81c38d05291bb655b5ff06cdfe47e50fc41bf67"}) (async) socket$nl_audit(0x10, 0x3, 0x9) (async) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) read$FUSE(0xffffffffffffffff, 0x0, 0x0) (async) getsockopt$bt_sco_SCO_CONNINFO(0xffffffffffffffff, 0x11, 0x2, &(0x7f0000000000)=""/5, &(0x7f0000000040)=0x5) (async) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async) ioctl$HIDIOCAPPLICATION(0xffffffffffffffff, 0x4802, 0x1f) (async) pipe(&(0x7f0000005540)) (async) read$FUSE(r1, 0x0, 0x0) (async) getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000200)=""/4096, &(0x7f0000000180)=0x1000) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000001200), 0x2, 0x0) (async) write$FUSE_BMAP(r2, &(0x7f0000001240)={0x18, 0x0, 0x0, {0x1000}}, 0x18) (async) getsockopt$nfc_llcp(r1, 0x118, 0x2, &(0x7f0000000100)=""/79, 0x4f) (async) 08:07:41 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) timer_delete(r1) timer_settime(r1, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) getpgrp(0xffffffffffffffff) timer_gettime(0x0, &(0x7f0000000240)) 08:07:41 executing program 2: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) write$selinux_attr(r0, 0x0, 0x0) 08:07:41 executing program 5: timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_settime(0x0, 0x1, &(0x7f00000000c0), &(0x7f0000000100)) 08:07:41 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) (async, rerun: 32) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) (rerun: 32) timer_delete(r0) (async, rerun: 64) timer_delete(r1) (async, rerun: 64) timer_settime(r1, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) getpgrp(0xffffffffffffffff) timer_gettime(0x0, &(0x7f0000000240)) 08:07:41 executing program 2: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) write$selinux_attr(r0, 0x0, 0x0) [ 1009.282758][ T3203] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1009.290572][ T3203] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1009.298382][ T3203] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1009.306200][ T3203] 08:07:41 executing program 5: timer_create(0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_settime(0x0, 0x1, &(0x7f00000000c0), &(0x7f0000000100)) 08:07:41 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x200000000000000, 0x0, 0x0}, 0x58) 08:07:41 executing program 2: write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) 08:07:41 executing program 0: ioctl$USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, &(0x7f00000001c0)={0x2, &(0x7f0000000080)="6843d42ee59ef81c38d05291bb655b5ff06cdfe47e50fc41bf67"}) socket$nl_audit(0x10, 0x3, 0x9) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) read$FUSE(0xffffffffffffffff, 0x0, 0x0) getsockopt$bt_sco_SCO_CONNINFO(0xffffffffffffffff, 0x11, 0x2, &(0x7f0000000000)=""/5, &(0x7f0000000040)=0x5) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) ioctl$HIDIOCAPPLICATION(0xffffffffffffffff, 0x4802, 0x1f) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000200)=""/4096, &(0x7f0000000180)=0x1000) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000001200), 0x2, 0x0) write$FUSE_BMAP(r2, &(0x7f0000001240)={0x18, 0x0, 0x0, {0x1000}}, 0x18) getsockopt$nfc_llcp(r1, 0x118, 0x2, &(0x7f0000000100)=""/79, 0x4f) ioctl$USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, &(0x7f00000001c0)={0x2, &(0x7f0000000080)="6843d42ee59ef81c38d05291bb655b5ff06cdfe47e50fc41bf67"}) (async) socket$nl_audit(0x10, 0x3, 0x9) (async) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) read$FUSE(0xffffffffffffffff, 0x0, 0x0) (async) getsockopt$bt_sco_SCO_CONNINFO(0xffffffffffffffff, 0x11, 0x2, &(0x7f0000000000)=""/5, &(0x7f0000000040)=0x5) (async) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async) ioctl$HIDIOCAPPLICATION(0xffffffffffffffff, 0x4802, 0x1f) (async) pipe(&(0x7f0000005540)) (async) read$FUSE(r1, 0x0, 0x0) (async) getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000200)=""/4096, &(0x7f0000000180)=0x1000) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000001200), 0x2, 0x0) (async) write$FUSE_BMAP(r2, &(0x7f0000001240)={0x18, 0x0, 0x0, {0x1000}}, 0x18) (async) getsockopt$nfc_llcp(r1, 0x118, 0x2, &(0x7f0000000100)=""/79, 0x4f) (async) [ 1009.380548][ T3253] FAULT_INJECTION: forcing a failure. [ 1009.380548][ T3253] name failslab, interval 1, probability 0, space 0, times 0 [ 1009.402405][ T3253] CPU: 1 PID: 3253 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1009.410659][ T3253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1009.420551][ T3253] Call Trace: [ 1009.423673][ T3253] [ 1009.426447][ T3253] dump_stack_lvl+0x151/0x1b7 [ 1009.430960][ T3253] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1009.436256][ T3253] dump_stack+0x15/0x17 [ 1009.440246][ T3253] should_fail+0x3c0/0x510 [ 1009.444501][ T3253] __should_failslab+0x9f/0xe0 [ 1009.449101][ T3253] should_failslab+0x9/0x20 [ 1009.453440][ T3253] kmem_cache_alloc+0x4f/0x2f0 [ 1009.458041][ T3253] ? vm_area_dup+0x26/0x1d0 [ 1009.462379][ T3253] ? __kasan_check_read+0x11/0x20 [ 1009.467239][ T3253] vm_area_dup+0x26/0x1d0 [ 1009.471407][ T3253] dup_mmap+0x6b8/0xea0 [ 1009.475410][ T3253] ? __delayed_free_task+0x20/0x20 [ 1009.480351][ T3253] ? mm_init+0x807/0x960 [ 1009.484427][ T3253] dup_mm+0x91/0x330 [ 1009.488160][ T3253] copy_mm+0x108/0x1b0 [ 1009.492065][ T3253] copy_process+0x1295/0x3250 [ 1009.496578][ T3253] ? check_stack_object+0xf7/0x130 [ 1009.501522][ T3253] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1009.506472][ T3253] ? copy_clone_args_from_user+0x6cf/0x790 [ 1009.512114][ T3253] kernel_clone+0x22d/0x990 [ 1009.516453][ T3253] ? dup_mmap+0xea0/0xea0 [ 1009.520630][ T3253] ? create_io_thread+0x1e0/0x1e0 [ 1009.525482][ T3253] ? file_end_write+0x1b0/0x1b0 [ 1009.530167][ T3253] __x64_sys_clone3+0x375/0x3a0 [ 1009.534857][ T3253] ? __ia32_sys_clone+0x300/0x300 [ 1009.539719][ T3253] ? ksys_write+0x25f/0x2c0 [ 1009.544055][ T3253] ? debug_smp_processor_id+0x17/0x20 [ 1009.549260][ T3253] do_syscall_64+0x44/0xd0 [ 1009.553519][ T3253] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1009.559240][ T3253] RIP: 0033:0x7f495fdbc639 [ 1009.563498][ T3253] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1009.582939][ T3253] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1009.591187][ T3253] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1009.598991][ T3253] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1009.606805][ T3253] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1009.614615][ T3253] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1009.622429][ T3253] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 08:07:42 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 37) 08:07:42 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) (async) timer_delete(r1) (async) timer_settime(r1, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) (async) getpgrp(0xffffffffffffffff) (async) timer_gettime(0x0, &(0x7f0000000240)) 08:07:42 executing program 2: write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) 08:07:42 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x700000000000000, 0x0, 0x0}, 0x58) 08:07:42 executing program 5: timer_create(0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_settime(0x0, 0x1, &(0x7f00000000c0), &(0x7f0000000100)) 08:07:42 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) getsockopt$bt_sco_SCO_OPTIONS(r0, 0x11, 0x1, &(0x7f0000000000), &(0x7f0000000040)) 08:07:42 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) getsockopt$bt_sco_SCO_OPTIONS(r0, 0x11, 0x1, &(0x7f0000000000), &(0x7f0000000040)) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) (async) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async) getsockopt$bt_sco_SCO_OPTIONS(r0, 0x11, 0x1, &(0x7f0000000000), &(0x7f0000000040)) (async) 08:07:42 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x900000000000000, 0x0, 0x0}, 0x58) 08:07:42 executing program 5: timer_create(0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_settime(0x0, 0x1, &(0x7f00000000c0), &(0x7f0000000100)) 08:07:42 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) r1 = getpgrp(0x0) timer_create(0x6, &(0x7f0000000040)={0x0, 0x7, 0x2, @tid=r1}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(r0, &(0x7f0000000000)) timer_gettime(0x0, &(0x7f0000000240)) 08:07:42 executing program 2: write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) [ 1009.630241][ T3253] 08:07:42 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x1100000000000000, 0x0, 0x0}, 0x58) [ 1009.691731][ T3292] FAULT_INJECTION: forcing a failure. [ 1009.691731][ T3292] name failslab, interval 1, probability 0, space 0, times 0 [ 1009.709734][ T3292] CPU: 0 PID: 3292 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1009.717988][ T3292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1009.727880][ T3292] Call Trace: [ 1009.731000][ T3292] [ 1009.733781][ T3292] dump_stack_lvl+0x151/0x1b7 [ 1009.738294][ T3292] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1009.743586][ T3292] dump_stack+0x15/0x17 [ 1009.747580][ T3292] should_fail+0x3c0/0x510 [ 1009.751834][ T3292] __should_failslab+0x9f/0xe0 [ 1009.756429][ T3292] should_failslab+0x9/0x20 [ 1009.760769][ T3292] kmem_cache_alloc+0x4f/0x2f0 [ 1009.765370][ T3292] ? vm_area_dup+0x26/0x1d0 [ 1009.769710][ T3292] vm_area_dup+0x26/0x1d0 [ 1009.773875][ T3292] dup_mmap+0x6b8/0xea0 [ 1009.777871][ T3292] ? __delayed_free_task+0x20/0x20 [ 1009.782814][ T3292] ? mm_init+0x807/0x960 [ 1009.786897][ T3292] dup_mm+0x91/0x330 [ 1009.790633][ T3292] copy_mm+0x108/0x1b0 [ 1009.794540][ T3292] copy_process+0x1295/0x3250 [ 1009.799160][ T3292] ? check_stack_object+0xf7/0x130 [ 1009.804104][ T3292] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1009.809051][ T3292] ? copy_clone_args_from_user+0x6cf/0x790 [ 1009.814695][ T3292] kernel_clone+0x22d/0x990 [ 1009.819032][ T3292] ? dup_mmap+0xea0/0xea0 [ 1009.823205][ T3292] ? create_io_thread+0x1e0/0x1e0 [ 1009.828059][ T3292] ? file_end_write+0x1b0/0x1b0 [ 1009.832748][ T3292] __x64_sys_clone3+0x375/0x3a0 [ 1009.837435][ T3292] ? __ia32_sys_clone+0x300/0x300 [ 1009.842296][ T3292] ? ksys_write+0x25f/0x2c0 [ 1009.846634][ T3292] ? debug_smp_processor_id+0x17/0x20 [ 1009.851842][ T3292] do_syscall_64+0x44/0xd0 [ 1009.856098][ T3292] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1009.861826][ T3292] RIP: 0033:0x7f495fdbc639 [ 1009.866076][ T3292] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 08:07:42 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 38) 08:07:42 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000000)=0x0) timer_settime(0x0, 0x0, 0x0, 0x0) timer_settime(r0, 0x1, &(0x7f00000000c0), &(0x7f0000000100)) 08:07:42 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) r1 = getpgrp(0x0) timer_create(0x6, &(0x7f0000000040)={0x0, 0x7, 0x2, @tid=r1}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(r0, &(0x7f0000000000)) timer_gettime(0x0, &(0x7f0000000240)) timer_create(0x7, 0x0, &(0x7f0000000100)) (async) getpgrp(0x0) (async) timer_create(0x6, &(0x7f0000000040)={0x0, 0x7, 0x2, @tid=r1}, &(0x7f0000000080)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(r0, &(0x7f0000000000)) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) 08:07:42 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) 08:07:42 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x1f00000000000000, 0x0, 0x0}, 0x58) 08:07:42 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async, rerun: 32) getsockopt$bt_sco_SCO_OPTIONS(r0, 0x11, 0x1, &(0x7f0000000000), &(0x7f0000000040)) (rerun: 32) [ 1009.885521][ T3292] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1009.893767][ T3292] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1009.901573][ T3292] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1009.909385][ T3292] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1009.917197][ T3292] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1009.925009][ T3292] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1009.932823][ T3292] 08:07:42 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000000)=0x0) timer_settime(0x0, 0x0, 0x0, 0x0) timer_settime(r0, 0x1, &(0x7f00000000c0), &(0x7f0000000100)) 08:07:42 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x2000000000000000, 0x0, 0x0}, 0x58) 08:07:42 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0)={0x1f, @none}, 0x8) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) bind$nfc_llcp(r1, &(0x7f0000000040)={0x27, 0x1, 0x1, 0x4, 0x1, 0x80, "cb1d8f16f72e0feacf6e36656168a6ee15f54227078d214b6c252989d9f135003a326b830b2a0c245f77c81f9f439c51e4e3278c9b587d095accfee247d6f9", 0x3d}, 0x60) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) bind$bt_sco(r2, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x8) 08:07:42 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) r1 = getpgrp(0x0) timer_create(0x6, &(0x7f0000000040)={0x0, 0x7, 0x2, @tid=r1}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(r0, &(0x7f0000000000)) timer_gettime(0x0, &(0x7f0000000240)) timer_create(0x7, 0x0, &(0x7f0000000100)) (async) getpgrp(0x0) (async) timer_create(0x6, &(0x7f0000000040)={0x0, 0x7, 0x2, @tid=r1}, &(0x7f0000000080)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(r0, &(0x7f0000000000)) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) 08:07:42 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) 08:07:42 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000000)=0x0) timer_settime(0x0, 0x0, 0x0, 0x0) timer_settime(r0, 0x1, &(0x7f00000000c0), &(0x7f0000000100)) [ 1009.959728][ T3317] FAULT_INJECTION: forcing a failure. [ 1009.959728][ T3317] name failslab, interval 1, probability 0, space 0, times 0 [ 1010.015861][ T3317] CPU: 1 PID: 3317 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1010.024112][ T3317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1010.034006][ T3317] Call Trace: [ 1010.037128][ T3317] [ 1010.039909][ T3317] dump_stack_lvl+0x151/0x1b7 [ 1010.044420][ T3317] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1010.049718][ T3317] dump_stack+0x15/0x17 [ 1010.053705][ T3317] should_fail+0x3c0/0x510 [ 1010.057961][ T3317] __should_failslab+0x9f/0xe0 [ 1010.062559][ T3317] should_failslab+0x9/0x20 [ 1010.066900][ T3317] kmem_cache_alloc+0x4f/0x2f0 [ 1010.071498][ T3317] ? vm_area_dup+0x26/0x1d0 [ 1010.075840][ T3317] vm_area_dup+0x26/0x1d0 [ 1010.080005][ T3317] dup_mmap+0x6b8/0xea0 [ 1010.083998][ T3317] ? __delayed_free_task+0x20/0x20 [ 1010.088945][ T3317] ? mm_init+0x807/0x960 [ 1010.093026][ T3317] dup_mm+0x91/0x330 [ 1010.096756][ T3317] copy_mm+0x108/0x1b0 [ 1010.100665][ T3317] copy_process+0x1295/0x3250 [ 1010.105180][ T3317] ? check_stack_object+0xf7/0x130 [ 1010.110124][ T3317] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1010.115070][ T3317] ? copy_clone_args_from_user+0x6cf/0x790 [ 1010.120713][ T3317] kernel_clone+0x22d/0x990 [ 1010.125051][ T3317] ? dup_mmap+0xea0/0xea0 [ 1010.129216][ T3317] ? create_io_thread+0x1e0/0x1e0 [ 1010.134077][ T3317] ? file_end_write+0x1b0/0x1b0 [ 1010.138767][ T3317] __x64_sys_clone3+0x375/0x3a0 [ 1010.143452][ T3317] ? __ia32_sys_clone+0x300/0x300 [ 1010.148311][ T3317] ? ksys_write+0x25f/0x2c0 [ 1010.152653][ T3317] ? debug_smp_processor_id+0x17/0x20 [ 1010.157860][ T3317] do_syscall_64+0x44/0xd0 [ 1010.162113][ T3317] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1010.167840][ T3317] RIP: 0033:0x7f495fdbc639 [ 1010.172095][ T3317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1010.191535][ T3317] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1010.199780][ T3317] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1010.207592][ T3317] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1010.215403][ T3317] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1010.223213][ T3317] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1010.231026][ T3317] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1010.238840][ T3317] 08:07:42 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 39) 08:07:42 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x4000000000000000, 0x0, 0x0}, 0x58) 08:07:42 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0)={0x1f, @none}, 0x8) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) (async) bind$nfc_llcp(r1, &(0x7f0000000040)={0x27, 0x1, 0x1, 0x4, 0x1, 0x80, "cb1d8f16f72e0feacf6e36656168a6ee15f54227078d214b6c252989d9f135003a326b830b2a0c245f77c81f9f439c51e4e3278c9b587d095accfee247d6f9", 0x3d}, 0x60) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) bind$bt_sco(r2, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x8) 08:07:42 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) 08:07:42 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_settime(0x0, 0x1, &(0x7f00000000c0), &(0x7f0000000100)) 08:07:42 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) timer_gettime(r0, &(0x7f0000000000)) timer_gettime(0x0, &(0x7f0000000240)) 08:07:42 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0xf5ffffff00000000, 0x0, 0x0}, 0x58) 08:07:42 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0)={0x1f, @none}, 0x8) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) bind$nfc_llcp(r1, &(0x7f0000000040)={0x27, 0x1, 0x1, 0x4, 0x1, 0x80, "cb1d8f16f72e0feacf6e36656168a6ee15f54227078d214b6c252989d9f135003a326b830b2a0c245f77c81f9f439c51e4e3278c9b587d095accfee247d6f9", 0x3d}, 0x60) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) bind$bt_sco(r2, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x8) 08:07:42 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_settime(0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)) 08:07:42 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0xfbffffff00000000, 0x0, 0x0}, 0x58) 08:07:42 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) io_uring_setup(0x439a, &(0x7f0000000100)={0x0, 0xd3f, 0x20, 0x3, 0x3d2, 0x0, r1}) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r2, &(0x7f0000000040)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) 08:07:42 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) (async) timer_gettime(r0, &(0x7f0000000000)) (async) timer_gettime(0x0, &(0x7f0000000240)) [ 1010.316635][ T3351] FAULT_INJECTION: forcing a failure. [ 1010.316635][ T3351] name failslab, interval 1, probability 0, space 0, times 0 [ 1010.362393][ T3351] CPU: 1 PID: 3351 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1010.370649][ T3351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1010.380554][ T3351] Call Trace: [ 1010.383673][ T3351] [ 1010.386444][ T3351] dump_stack_lvl+0x151/0x1b7 [ 1010.390962][ T3351] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1010.396252][ T3351] dump_stack+0x15/0x17 [ 1010.400245][ T3351] should_fail+0x3c0/0x510 [ 1010.404500][ T3351] __should_failslab+0x9f/0xe0 [ 1010.409093][ T3351] should_failslab+0x9/0x20 [ 1010.413432][ T3351] kmem_cache_alloc+0x4f/0x2f0 [ 1010.418030][ T3351] ? vm_area_dup+0x26/0x1d0 [ 1010.422371][ T3351] vm_area_dup+0x26/0x1d0 [ 1010.426537][ T3351] dup_mmap+0x6b8/0xea0 [ 1010.430533][ T3351] ? __delayed_free_task+0x20/0x20 [ 1010.435485][ T3351] ? mm_init+0x807/0x960 [ 1010.439557][ T3351] dup_mm+0x91/0x330 [ 1010.443293][ T3351] copy_mm+0x108/0x1b0 [ 1010.447203][ T3351] copy_process+0x1295/0x3250 [ 1010.451712][ T3351] ? check_stack_object+0xf7/0x130 [ 1010.456657][ T3351] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1010.461604][ T3351] ? copy_clone_args_from_user+0x6cf/0x790 [ 1010.467243][ T3351] kernel_clone+0x22d/0x990 [ 1010.471583][ T3351] ? dup_mmap+0xea0/0xea0 [ 1010.475749][ T3351] ? create_io_thread+0x1e0/0x1e0 [ 1010.480611][ T3351] ? file_end_write+0x1b0/0x1b0 [ 1010.485296][ T3351] __x64_sys_clone3+0x375/0x3a0 [ 1010.489984][ T3351] ? __ia32_sys_clone+0x300/0x300 [ 1010.494843][ T3351] ? ksys_write+0x25f/0x2c0 [ 1010.499234][ T3351] ? debug_smp_processor_id+0x17/0x20 [ 1010.504400][ T3351] do_syscall_64+0x44/0xd0 [ 1010.508660][ T3351] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1010.514379][ T3351] RIP: 0033:0x7f495fdbc639 [ 1010.518628][ T3351] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1010.538068][ T3351] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1010.546311][ T3351] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1010.554123][ T3351] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 08:07:43 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 40) 08:07:43 executing program 2: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x11}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:43 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_settime(0x0, 0x0, 0x0, &(0x7f0000000100)) 08:07:43 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) (async) timer_gettime(r0, &(0x7f0000000000)) (async) timer_gettime(0x0, &(0x7f0000000240)) 08:07:43 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x58) 08:07:43 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) io_uring_setup(0x439a, &(0x7f0000000100)={0x0, 0xd3f, 0x20, 0x3, 0x3d2, 0x0, r1}) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r2, &(0x7f0000000040)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async) connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8) (async) pipe(&(0x7f0000005540)) (async) read$FUSE(r1, 0x0, 0x0) (async) io_uring_setup(0x439a, &(0x7f0000000100)={0x0, 0xd3f, 0x20, 0x3, 0x3d2, 0x0, r1}) (async) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) connect$bt_sco(r2, &(0x7f0000000040)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) (async) 08:07:43 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) ioctl$HIDIOCSFLAG(r1, 0x4004480f, &(0x7f0000000180)=0x3) r2 = syz_clone3(&(0x7f0000002440)={0x0, &(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)=0x0, {0x21}, &(0x7f0000002240)=""/216, 0xd8, &(0x7f0000002340)=""/129, &(0x7f0000002400)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2, {r0}}, 0x58) r4 = openat$cgroup(r1, &(0x7f00000001c0)='syz1\x00', 0x200002, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[r3, r2, 0x0], 0x3, {r4}}, 0x58) timer_create(0x0, &(0x7f0000000000)={0x0, 0x15, 0x4, @tid=0xffffffffffffffff}, &(0x7f0000000040)) ioctl$SNDRV_TIMER_IOCTL_STATUS32(0xffffffffffffffff, 0x80585414, &(0x7f0000000080)) timer_gettime(0x0, &(0x7f0000000240)) [ 1010.561933][ T3351] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1010.569746][ T3351] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1010.577557][ T3351] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1010.585371][ T3351] 08:07:43 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x58) 08:07:43 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) io_uring_setup(0x439a, &(0x7f0000000100)={0x0, 0xd3f, 0x20, 0x3, 0x3d2, 0x0, r1}) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r2, &(0x7f0000000040)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) 08:07:43 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0)={0x1f, @none}, 0x4f) 08:07:43 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_settime(0x0, 0x0, 0x0, &(0x7f0000000100)) 08:07:43 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_settime(0x0, 0x0, 0x0, &(0x7f0000000100)) [ 1010.645913][ T3386] FAULT_INJECTION: forcing a failure. [ 1010.645913][ T3386] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1010.700631][ T3386] CPU: 0 PID: 3386 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1010.708889][ T3386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1010.718788][ T3386] Call Trace: [ 1010.721904][ T3386] [ 1010.724680][ T3386] dump_stack_lvl+0x151/0x1b7 [ 1010.729193][ T3386] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1010.734487][ T3386] ? stack_trace_save+0x1f0/0x1f0 [ 1010.739348][ T3386] ? __kernel_text_address+0x9a/0x110 [ 1010.744557][ T3386] dump_stack+0x15/0x17 [ 1010.748549][ T3386] should_fail+0x3c0/0x510 [ 1010.752803][ T3386] should_fail_alloc_page+0x58/0x70 [ 1010.757834][ T3386] __alloc_pages+0x1de/0x7c0 [ 1010.762262][ T3386] ? stack_trace_save+0x12d/0x1f0 [ 1010.767123][ T3386] ? stack_trace_snprint+0x100/0x100 [ 1010.772244][ T3386] ? __count_vm_events+0x30/0x30 [ 1010.777014][ T3386] ? __kasan_slab_alloc+0xc4/0xe0 [ 1010.781875][ T3386] ? __kasan_slab_alloc+0xb2/0xe0 [ 1010.786737][ T3386] ? kmem_cache_alloc+0x189/0x2f0 [ 1010.791597][ T3386] ? anon_vma_fork+0x1b9/0x4f0 [ 1010.796197][ T3386] get_zeroed_page+0x19/0x40 [ 1010.800625][ T3386] __pud_alloc+0x8b/0x260 [ 1010.804791][ T3386] ? do_handle_mm_fault+0x2370/0x2370 [ 1010.810000][ T3386] copy_page_range+0xd9e/0x1090 [ 1010.814688][ T3386] ? pfn_valid+0x1e0/0x1e0 [ 1010.818938][ T3386] dup_mmap+0x99f/0xea0 [ 1010.822936][ T3386] ? __delayed_free_task+0x20/0x20 [ 1010.827879][ T3386] ? mm_init+0x807/0x960 [ 1010.831956][ T3386] dup_mm+0x91/0x330 [ 1010.835694][ T3386] copy_mm+0x108/0x1b0 [ 1010.839592][ T3386] copy_process+0x1295/0x3250 [ 1010.844110][ T3386] ? check_stack_object+0xf7/0x130 [ 1010.849056][ T3386] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1010.854001][ T3386] ? copy_clone_args_from_user+0x6cf/0x790 [ 1010.859644][ T3386] kernel_clone+0x22d/0x990 [ 1010.863983][ T3386] ? dup_mmap+0xea0/0xea0 [ 1010.868266][ T3386] ? create_io_thread+0x1e0/0x1e0 [ 1010.873126][ T3386] ? file_end_write+0x1b0/0x1b0 [ 1010.877808][ T3386] __x64_sys_clone3+0x375/0x3a0 [ 1010.882500][ T3386] ? __ia32_sys_clone+0x300/0x300 [ 1010.887358][ T3386] ? ksys_write+0x25f/0x2c0 [ 1010.891696][ T3386] ? debug_smp_processor_id+0x17/0x20 [ 1010.896904][ T3386] do_syscall_64+0x44/0xd0 [ 1010.901164][ T3386] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1010.906884][ T3386] RIP: 0033:0x7f495fdbc639 [ 1010.911138][ T3386] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1010.930579][ T3386] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1010.938825][ T3386] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 08:07:43 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 41) 08:07:43 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0)={0x1f, @none}, 0x4f) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) connect$bt_sco(r0, &(0x7f00000000c0)={0x1f, @none}, 0x4f) (async) 08:07:43 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_settime(0x0, 0x0, &(0x7f00000000c0), 0x0) 08:07:43 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x58) 08:07:43 executing program 2: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r2) timer_gettime(r2, &(0x7f0000000000)) timer_delete(r1) timer_gettime(r0, &(0x7f0000000240)) 08:07:43 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x58) 08:07:43 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async, rerun: 32) pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) (rerun: 32) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) ioctl$HIDIOCSFLAG(r1, 0x4004480f, &(0x7f0000000180)=0x3) (async) r2 = syz_clone3(&(0x7f0000002440)={0x0, &(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)=0x0, {0x21}, &(0x7f0000002240)=""/216, 0xd8, &(0x7f0000002340)=""/129, &(0x7f0000002400)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2, {r0}}, 0x58) (async) r4 = openat$cgroup(r1, &(0x7f00000001c0)='syz1\x00', 0x200002, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[r3, r2, 0x0], 0x3, {r4}}, 0x58) (async, rerun: 64) timer_create(0x0, &(0x7f0000000000)={0x0, 0x15, 0x4, @tid=0xffffffffffffffff}, &(0x7f0000000040)) (rerun: 64) ioctl$SNDRV_TIMER_IOCTL_STATUS32(0xffffffffffffffff, 0x80585414, &(0x7f0000000080)) (async, rerun: 64) timer_gettime(0x0, &(0x7f0000000240)) (rerun: 64) 08:07:43 executing program 5: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) ioctl$HIDIOCSFLAG(r1, 0x4004480f, &(0x7f0000000180)=0x3) r2 = syz_clone3(&(0x7f0000002440)={0x0, &(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)=0x0, {0x21}, &(0x7f0000002240)=""/216, 0xd8, &(0x7f0000002340)=""/129, &(0x7f0000002400)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2, {r0}}, 0x58) r4 = openat$cgroup(r1, &(0x7f00000001c0)='syz1\x00', 0x200002, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[r3, r2, 0x0], 0x3, {r4}}, 0x58) timer_create(0x0, &(0x7f0000000000)={0x0, 0x15, 0x4, @tid=0xffffffffffffffff}, &(0x7f0000000040)) ioctl$SNDRV_TIMER_IOCTL_STATUS32(0xffffffffffffffff, 0x80585414, &(0x7f0000000080)) timer_gettime(0x0, &(0x7f0000000240)) 08:07:43 executing program 2: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r2) timer_gettime(r2, &(0x7f0000000000)) timer_delete(r1) timer_gettime(r0, &(0x7f0000000240)) [ 1010.946639][ T3386] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1010.954452][ T3386] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1010.962258][ T3386] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1010.970156][ T3386] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1010.977973][ T3386] 08:07:43 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0)={0x1f, @none}, 0x4f) 08:07:43 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x11}, 0x58) [ 1011.022055][ T3420] FAULT_INJECTION: forcing a failure. [ 1011.022055][ T3420] name failslab, interval 1, probability 0, space 0, times 0 [ 1011.055379][ T3420] CPU: 0 PID: 3420 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1011.063630][ T3420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1011.073523][ T3420] Call Trace: [ 1011.076645][ T3420] [ 1011.079421][ T3420] dump_stack_lvl+0x151/0x1b7 [ 1011.083937][ T3420] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1011.089233][ T3420] dump_stack+0x15/0x17 [ 1011.093223][ T3420] should_fail+0x3c0/0x510 [ 1011.097477][ T3420] __should_failslab+0x9f/0xe0 [ 1011.102074][ T3420] should_failslab+0x9/0x20 [ 1011.106414][ T3420] kmem_cache_alloc+0x4f/0x2f0 [ 1011.111016][ T3420] ? anon_vma_clone+0xa1/0x4f0 [ 1011.115615][ T3420] anon_vma_clone+0xa1/0x4f0 [ 1011.120045][ T3420] anon_vma_fork+0x91/0x4f0 [ 1011.124383][ T3420] ? anon_vma_name+0x4c/0x70 [ 1011.128810][ T3420] dup_mmap+0x750/0xea0 [ 1011.132800][ T3420] ? __delayed_free_task+0x20/0x20 [ 1011.137752][ T3420] ? mm_init+0x807/0x960 [ 1011.141828][ T3420] dup_mm+0x91/0x330 [ 1011.145569][ T3420] copy_mm+0x108/0x1b0 [ 1011.149465][ T3420] copy_process+0x1295/0x3250 [ 1011.153981][ T3420] ? check_stack_object+0xf7/0x130 [ 1011.158927][ T3420] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1011.163872][ T3420] ? copy_clone_args_from_user+0x6cf/0x790 [ 1011.169516][ T3420] kernel_clone+0x22d/0x990 [ 1011.173854][ T3420] ? dup_mmap+0xea0/0xea0 [ 1011.178021][ T3420] ? create_io_thread+0x1e0/0x1e0 [ 1011.182880][ T3420] ? file_end_write+0x1b0/0x1b0 [ 1011.187568][ T3420] __x64_sys_clone3+0x375/0x3a0 [ 1011.192256][ T3420] ? __ia32_sys_clone+0x300/0x300 [ 1011.197115][ T3420] ? ksys_write+0x25f/0x2c0 [ 1011.201455][ T3420] ? debug_smp_processor_id+0x17/0x20 [ 1011.206664][ T3420] do_syscall_64+0x44/0xd0 [ 1011.210915][ T3420] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1011.216643][ T3420] RIP: 0033:0x7f495fdbc639 [ 1011.220899][ T3420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1011.240338][ T3420] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1011.248582][ T3420] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1011.256393][ T3420] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1011.264211][ T3420] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 08:07:43 executing program 2: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r2) timer_gettime(r2, &(0x7f0000000000)) timer_delete(r1) timer_gettime(r0, &(0x7f0000000240)) [ 1011.272026][ T3420] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1011.279829][ T3420] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1011.287649][ T3420] 08:07:43 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 42) 08:07:43 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) io_uring_register$IORING_REGISTER_PROBE(r1, 0x8, &(0x7f0000000200)=ANY=[@ANYRES64], 0xffffffffffffffc4) r2 = fsmount(r1, 0x0, 0x0) read$FUSE(r2, 0x0, 0x0) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r1, 0x13, &(0x7f0000000080)=[0xfffffffc, 0x10001], 0x2) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8) r4 = getgid() write$FUSE_ENTRY(0xffffffffffffffff, &(0x7f00000000c0)={0x90, 0x0, 0x0, {0x2, 0x3, 0x3, 0x200, 0x10001, 0x6c, {0x5, 0xfff, 0x6, 0x1ff, 0x1, 0x3, 0x2, 0x100, 0x3, 0x2000, 0xdd1, 0x0, r4, 0x4, 0x1fe}}}, 0x90) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r5, 0x0, 0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r7, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x3000001, 0x13, r6, 0x0) read$FUSE(r3, 0x0, 0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r8, 0x0, 0x0) write$FUSE_POLL(r8, &(0x7f0000000180)={0x18, 0x0, 0x0, {0x78}}, 0x18) connect$bt_sco(r3, &(0x7f00000001c0)={0x1f, @none}, 0x8) 08:07:43 executing program 2: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r2) timer_gettime(r2, &(0x7f0000000000)) timer_delete(r1) 08:07:43 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x700}, 0x58) 08:07:43 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x900}, 0x58) 08:07:43 executing program 2: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r2) timer_gettime(r2, &(0x7f0000000000)) [ 1011.405963][ T3444] FAULT_INJECTION: forcing a failure. [ 1011.405963][ T3444] name failslab, interval 1, probability 0, space 0, times 0 [ 1011.421697][ T3444] CPU: 1 PID: 3444 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1011.429946][ T3444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1011.439845][ T3444] Call Trace: [ 1011.442963][ T3444] [ 1011.445739][ T3444] dump_stack_lvl+0x151/0x1b7 [ 1011.450251][ T3444] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1011.455546][ T3444] dump_stack+0x15/0x17 [ 1011.459540][ T3444] should_fail+0x3c0/0x510 [ 1011.463892][ T3444] __should_failslab+0x9f/0xe0 [ 1011.468491][ T3444] should_failslab+0x9/0x20 [ 1011.472887][ T3444] kmem_cache_alloc+0x4f/0x2f0 [ 1011.477433][ T3444] ? vm_area_dup+0x26/0x1d0 [ 1011.481777][ T3444] vm_area_dup+0x26/0x1d0 [ 1011.485935][ T3444] dup_mmap+0x6b8/0xea0 [ 1011.489932][ T3444] ? __delayed_free_task+0x20/0x20 [ 1011.494879][ T3444] ? mm_init+0x807/0x960 [ 1011.498956][ T3444] dup_mm+0x91/0x330 [ 1011.502688][ T3444] copy_mm+0x108/0x1b0 [ 1011.506593][ T3444] copy_process+0x1295/0x3250 [ 1011.511110][ T3444] ? check_stack_object+0xf7/0x130 [ 1011.516063][ T3444] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1011.520999][ T3444] ? copy_clone_args_from_user+0x6cf/0x790 [ 1011.526642][ T3444] kernel_clone+0x22d/0x990 [ 1011.530984][ T3444] ? dup_mmap+0xea0/0xea0 [ 1011.535148][ T3444] ? create_io_thread+0x1e0/0x1e0 [ 1011.540007][ T3444] ? file_end_write+0x1b0/0x1b0 [ 1011.544696][ T3444] __x64_sys_clone3+0x375/0x3a0 [ 1011.549383][ T3444] ? __ia32_sys_clone+0x300/0x300 [ 1011.554245][ T3444] ? ksys_write+0x25f/0x2c0 [ 1011.558588][ T3444] ? debug_smp_processor_id+0x17/0x20 [ 1011.563788][ T3444] do_syscall_64+0x44/0xd0 [ 1011.568043][ T3444] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1011.573859][ T3444] RIP: 0033:0x7f495fdbc639 [ 1011.578198][ T3444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1011.597639][ T3444] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1011.605884][ T3444] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1011.613698][ T3444] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1011.621505][ T3444] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1011.629317][ T3444] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1011.637130][ T3444] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1011.644946][ T3444] 08:07:44 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) ioctl$HIDIOCSFLAG(r1, 0x4004480f, &(0x7f0000000180)=0x3) r2 = syz_clone3(&(0x7f0000002440)={0x0, &(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)=0x0, {0x21}, &(0x7f0000002240)=""/216, 0xd8, &(0x7f0000002340)=""/129, &(0x7f0000002400)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2, {r0}}, 0x58) r4 = openat$cgroup(r1, &(0x7f00000001c0)='syz1\x00', 0x200002, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[r3, r2, 0x0], 0x3, {r4}}, 0x58) timer_create(0x0, &(0x7f0000000000)={0x0, 0x15, 0x4, @tid=0xffffffffffffffff}, &(0x7f0000000040)) (async) ioctl$SNDRV_TIMER_IOCTL_STATUS32(0xffffffffffffffff, 0x80585414, &(0x7f0000000080)) (async) timer_gettime(0x0, &(0x7f0000000240)) 08:07:44 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) io_uring_register$IORING_REGISTER_PROBE(r1, 0x8, &(0x7f0000000200)=ANY=[@ANYRES64], 0xffffffffffffffc4) r2 = fsmount(r1, 0x0, 0x0) read$FUSE(r2, 0x0, 0x0) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r1, 0x13, &(0x7f0000000080)=[0xfffffffc, 0x10001], 0x2) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8) r4 = getgid() write$FUSE_ENTRY(0xffffffffffffffff, &(0x7f00000000c0)={0x90, 0x0, 0x0, {0x2, 0x3, 0x3, 0x200, 0x10001, 0x6c, {0x5, 0xfff, 0x6, 0x1ff, 0x1, 0x3, 0x2, 0x100, 0x3, 0x2000, 0xdd1, 0x0, r4, 0x4, 0x1fe}}}, 0x90) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r5, 0x0, 0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r7, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x3000001, 0x13, r6, 0x0) read$FUSE(r3, 0x0, 0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r8, 0x0, 0x0) write$FUSE_POLL(r8, &(0x7f0000000180)={0x18, 0x0, 0x0, {0x78}}, 0x18) connect$bt_sco(r3, &(0x7f00000001c0)={0x1f, @none}, 0x8) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) pipe(&(0x7f0000005540)) (async) io_uring_register$IORING_REGISTER_PROBE(r1, 0x8, &(0x7f0000000200)=ANY=[@ANYRES64], 0xffffffffffffffc4) (async) fsmount(r1, 0x0, 0x0) (async) read$FUSE(r2, 0x0, 0x0) (async) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r1, 0x13, &(0x7f0000000080)=[0xfffffffc, 0x10001], 0x2) (async) pipe(&(0x7f0000005540)) (async) connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8) (async) getgid() (async) write$FUSE_ENTRY(0xffffffffffffffff, &(0x7f00000000c0)={0x90, 0x0, 0x0, {0x2, 0x3, 0x3, 0x200, 0x10001, 0x6c, {0x5, 0xfff, 0x6, 0x1ff, 0x1, 0x3, 0x2, 0x100, 0x3, 0x2000, 0xdd1, 0x0, r4, 0x4, 0x1fe}}}, 0x90) (async) pipe(&(0x7f0000005540)) (async) read$FUSE(r5, 0x0, 0x0) (async) pipe(&(0x7f0000005540)) (async) read$FUSE(r7, 0x0, 0x0) (async) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x3000001, 0x13, r6, 0x0) (async) read$FUSE(r3, 0x0, 0x0) (async) pipe(&(0x7f0000005540)) (async) read$FUSE(r8, 0x0, 0x0) (async) write$FUSE_POLL(r8, &(0x7f0000000180)={0x18, 0x0, 0x0, {0x78}}, 0x18) (async) connect$bt_sco(r3, &(0x7f00000001c0)={0x1f, @none}, 0x8) (async) 08:07:44 executing program 5: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r0}}, 0x58) r1 = fsmount(r0, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r1, 0x80045519, &(0x7f0000000180)=0x100) pipe(&(0x7f0000005540)) 08:07:44 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1100}, 0x58) 08:07:44 executing program 2: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r2) 08:07:44 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 43) 08:07:44 executing program 2: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) 08:07:44 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1f00}, 0x58) 08:07:44 executing program 2: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) [ 1011.859114][ T3457] FAULT_INJECTION: forcing a failure. [ 1011.859114][ T3457] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1011.887881][ T3457] CPU: 0 PID: 3457 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1011.896140][ T3457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1011.906024][ T3457] Call Trace: 08:07:44 executing program 2: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) [ 1011.909147][ T3457] [ 1011.911930][ T3457] dump_stack_lvl+0x151/0x1b7 [ 1011.916446][ T3457] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1011.921734][ T3457] dump_stack+0x15/0x17 [ 1011.925726][ T3457] should_fail+0x3c0/0x510 [ 1011.929978][ T3457] should_fail_alloc_page+0x58/0x70 [ 1011.935013][ T3457] __alloc_pages+0x1de/0x7c0 [ 1011.939448][ T3457] ? __count_vm_events+0x30/0x30 [ 1011.944214][ T3457] ? __this_cpu_preempt_check+0x13/0x20 [ 1011.949595][ T3457] ? __mod_node_page_state+0xac/0xf0 [ 1011.954716][ T3457] pte_alloc_one+0x73/0x1b0 08:07:44 executing program 2: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) 08:07:44 executing program 2: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(0x0) [ 1011.959059][ T3457] ? pfn_modify_allowed+0x2e0/0x2e0 [ 1011.964091][ T3457] __pte_alloc+0x86/0x350 [ 1011.968254][ T3457] ? free_pgtables+0x210/0x210 [ 1011.972850][ T3457] ? _raw_spin_lock+0xa3/0x1b0 [ 1011.977453][ T3457] ? _raw_spin_trylock_bh+0x1d0/0x1d0 [ 1011.982664][ T3457] ? __kernel_text_address+0x9a/0x110 [ 1011.987873][ T3457] copy_pte_range+0x1b1f/0x20b0 [ 1011.992561][ T3457] ? __kunmap_atomic+0x80/0x80 [ 1011.997160][ T3457] ? __kasan_slab_alloc+0xc4/0xe0 [ 1012.002019][ T3457] ? __kasan_slab_alloc+0xb2/0xe0 [ 1012.006877][ T3457] ? kmem_cache_alloc+0x189/0x2f0 [ 1012.011735][ T3457] ? vm_area_dup+0x26/0x1d0 [ 1012.016077][ T3457] ? dup_mmap+0x6b8/0xea0 [ 1012.020240][ T3457] ? dup_mm+0x91/0x330 [ 1012.024144][ T3457] ? copy_mm+0x108/0x1b0 [ 1012.028227][ T3457] ? copy_process+0x1295/0x3250 [ 1012.032918][ T3457] ? kernel_clone+0x22d/0x990 [ 1012.037424][ T3457] ? __x64_sys_clone3+0x375/0x3a0 [ 1012.042284][ T3457] ? do_syscall_64+0x44/0xd0 [ 1012.046716][ T3457] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1012.052618][ T3457] copy_page_range+0xc1e/0x1090 [ 1012.057303][ T3457] ? pfn_valid+0x1e0/0x1e0 [ 1012.061552][ T3457] dup_mmap+0x99f/0xea0 [ 1012.065545][ T3457] ? __delayed_free_task+0x20/0x20 [ 1012.070492][ T3457] ? mm_init+0x807/0x960 [ 1012.074637][ T3457] dup_mm+0x91/0x330 [ 1012.078306][ T3457] copy_mm+0x108/0x1b0 [ 1012.082209][ T3457] copy_process+0x1295/0x3250 [ 1012.086722][ T3457] ? check_stack_object+0xf7/0x130 [ 1012.091668][ T3457] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1012.096620][ T3457] ? copy_clone_args_from_user+0x6cf/0x790 [ 1012.102270][ T3457] kernel_clone+0x22d/0x990 [ 1012.106601][ T3457] ? dup_mmap+0xea0/0xea0 [ 1012.110763][ T3457] ? create_io_thread+0x1e0/0x1e0 [ 1012.115626][ T3457] ? file_end_write+0x1b0/0x1b0 [ 1012.120311][ T3457] __x64_sys_clone3+0x375/0x3a0 [ 1012.124999][ T3457] ? __ia32_sys_clone+0x300/0x300 [ 1012.129858][ T3457] ? ksys_write+0x25f/0x2c0 [ 1012.134200][ T3457] ? debug_smp_processor_id+0x17/0x20 [ 1012.139404][ T3457] do_syscall_64+0x44/0xd0 [ 1012.143661][ T3457] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1012.149386][ T3457] RIP: 0033:0x7f495fdbc639 [ 1012.153642][ T3457] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1012.173082][ T3457] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1012.181328][ T3457] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1012.189137][ T3457] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1012.196949][ T3457] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 08:07:44 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) io_uring_register$IORING_REGISTER_PROBE(r1, 0x8, &(0x7f0000000200)=ANY=[@ANYRES64], 0xffffffffffffffc4) r2 = fsmount(r1, 0x0, 0x0) read$FUSE(r2, 0x0, 0x0) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r1, 0x13, &(0x7f0000000080)=[0xfffffffc, 0x10001], 0x2) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) (async) connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8) (async) r4 = getgid() write$FUSE_ENTRY(0xffffffffffffffff, &(0x7f00000000c0)={0x90, 0x0, 0x0, {0x2, 0x3, 0x3, 0x200, 0x10001, 0x6c, {0x5, 0xfff, 0x6, 0x1ff, 0x1, 0x3, 0x2, 0x100, 0x3, 0x2000, 0xdd1, 0x0, r4, 0x4, 0x1fe}}}, 0x90) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r5, 0x0, 0x0) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r7, 0x0, 0x0) (async) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x3000001, 0x13, r6, 0x0) (async) read$FUSE(r3, 0x0, 0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r8, 0x0, 0x0) (async) write$FUSE_POLL(r8, &(0x7f0000000180)={0x18, 0x0, 0x0, {0x78}}, 0x18) (async) connect$bt_sco(r3, &(0x7f00000001c0)={0x1f, @none}, 0x8) 08:07:44 executing program 2: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_delete(0x0) [ 1012.204761][ T3457] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1012.212574][ T3457] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1012.220384][ T3457] 08:07:44 executing program 5: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_delete(0x0) 08:07:44 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x2000}, 0x58) 08:07:44 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 44) 08:07:44 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x200000) fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000040)='\x1b\t\xe4\xee', 0x0, r1) 08:07:44 executing program 2: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_delete(0x0) 08:07:44 executing program 1: timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000000)) timer_create(0x4, &(0x7f0000000040)={0x0, 0x17, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000280)=0x0) timer_settime(r0, 0x1, &(0x7f0000000100)={{0x0, 0x989680}}, &(0x7f0000000080)) set_thread_area(&(0x7f00000000c0)={0x2, 0x1000, 0x1000, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1}) timer_create(0x6, &(0x7f0000000300)={0x0, 0x18, 0x1, @tid=0xffffffffffffffff}, &(0x7f0000000340)=0x0) timer_delete(r1) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) timer_settime(r1, 0x0, &(0x7f00000001c0)={{r2, r3+10000000}, {0x0, 0x989680}}, &(0x7f0000000200)) socket$vsock_stream(0x28, 0x1, 0x0) 08:07:44 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x200000) fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000040)='\x1b\t\xe4\xee', 0x0, r1) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async) syz_open_dev$char_usb(0xc, 0xb4, 0x200000) (async) fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000040)='\x1b\t\xe4\xee', 0x0, r1) (async) 08:07:44 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x58) 08:07:44 executing program 1: timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) clock_gettime(0x0, &(0x7f0000000000)) timer_create(0x4, &(0x7f0000000040)={0x0, 0x17, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000280)=0x0) timer_settime(r0, 0x1, &(0x7f0000000100)={{0x0, 0x989680}}, &(0x7f0000000080)) set_thread_area(&(0x7f00000000c0)={0x2, 0x1000, 0x1000, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1}) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x18, 0x1, @tid=0xffffffffffffffff}, &(0x7f0000000340)=0x0) timer_delete(r1) (async) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) timer_settime(r1, 0x0, &(0x7f00000001c0)={{r2, r3+10000000}, {0x0, 0x989680}}, &(0x7f0000000200)) (async) socket$vsock_stream(0x28, 0x1, 0x0) 08:07:44 executing program 2: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_delete(0x0) 08:07:44 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x20010}, 0x58) [ 1012.277851][ T3507] FAULT_INJECTION: forcing a failure. [ 1012.277851][ T3507] name failslab, interval 1, probability 0, space 0, times 0 [ 1012.295876][ T3507] CPU: 0 PID: 3507 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1012.304128][ T3507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1012.314018][ T3507] Call Trace: [ 1012.317142][ T3507] [ 1012.319920][ T3507] dump_stack_lvl+0x151/0x1b7 08:07:44 executing program 2: timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(0x0) 08:07:44 executing program 5: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x200000) fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000040)='\x1b\t\xe4\xee', 0x0, r1) 08:07:44 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x58) [ 1012.324432][ T3507] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1012.329817][ T3507] ? vma_interval_tree_augment_rotate+0x210/0x210 [ 1012.336064][ T3507] dump_stack+0x15/0x17 [ 1012.340056][ T3507] should_fail+0x3c0/0x510 [ 1012.344309][ T3507] __should_failslab+0x9f/0xe0 [ 1012.348909][ T3507] should_failslab+0x9/0x20 [ 1012.353256][ T3507] kmem_cache_alloc+0x4f/0x2f0 [ 1012.357849][ T3507] ? anon_vma_fork+0xf7/0x4f0 [ 1012.362362][ T3507] anon_vma_fork+0xf7/0x4f0 [ 1012.366701][ T3507] ? anon_vma_name+0x4c/0x70 [ 1012.371131][ T3507] dup_mmap+0x750/0xea0 [ 1012.375121][ T3507] ? __delayed_free_task+0x20/0x20 [ 1012.380077][ T3507] ? mm_init+0x807/0x960 [ 1012.384148][ T3507] dup_mm+0x91/0x330 [ 1012.387878][ T3507] copy_mm+0x108/0x1b0 [ 1012.391784][ T3507] copy_process+0x1295/0x3250 [ 1012.396298][ T3507] ? check_stack_object+0xf7/0x130 [ 1012.401248][ T3507] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1012.406189][ T3507] ? copy_clone_args_from_user+0x6cf/0x790 [ 1012.411829][ T3507] kernel_clone+0x22d/0x990 [ 1012.416172][ T3507] ? dup_mmap+0xea0/0xea0 [ 1012.420334][ T3507] ? create_io_thread+0x1e0/0x1e0 [ 1012.425194][ T3507] ? file_end_write+0x1b0/0x1b0 [ 1012.429885][ T3507] __x64_sys_clone3+0x375/0x3a0 [ 1012.434569][ T3507] ? __ia32_sys_clone+0x300/0x300 [ 1012.439449][ T3507] ? ksys_write+0x25f/0x2c0 [ 1012.443772][ T3507] ? debug_smp_processor_id+0x17/0x20 [ 1012.448977][ T3507] do_syscall_64+0x44/0xd0 [ 1012.453232][ T3507] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1012.458961][ T3507] RIP: 0033:0x7f495fdbc639 [ 1012.463300][ T3507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1012.482743][ T3507] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1012.490985][ T3507] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1012.498902][ T3507] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1012.506711][ T3507] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1012.514532][ T3507] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 08:07:45 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 45) 08:07:45 executing program 2: timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(0x0) 08:07:45 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x101000}, 0x58) 08:07:45 executing program 5: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x200000) fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000040)='\x1b\t\xe4\xee', 0x0, r1) 08:07:45 executing program 1: timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000000)) (async) timer_create(0x4, &(0x7f0000000040)={0x0, 0x17, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000280)=0x0) timer_settime(r0, 0x1, &(0x7f0000000100)={{0x0, 0x989680}}, &(0x7f0000000080)) (async) set_thread_area(&(0x7f00000000c0)={0x2, 0x1000, 0x1000, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1}) timer_create(0x6, &(0x7f0000000300)={0x0, 0x18, 0x1, @tid=0xffffffffffffffff}, &(0x7f0000000340)=0x0) timer_delete(r1) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) timer_settime(r1, 0x0, &(0x7f00000001c0)={{r2, r3+10000000}, {0x0, 0x989680}}, &(0x7f0000000200)) (async) socket$vsock_stream(0x28, 0x1, 0x0) 08:07:45 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x200000) fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000040)='\x1b\t\xe4\xee', 0x0, r1) 08:07:45 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0xf0ff1f}, 0x58) 08:07:45 executing program 5: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x9}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 1012.522334][ T3507] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1012.530150][ T3507] 08:07:45 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1000000}, 0x58) 08:07:45 executing program 1: ioctl$USBDEVFS_ALLOW_SUSPEND(0xffffffffffffffff, 0x5522) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) read$FUSE(r0, &(0x7f0000000280)={0x2020, 0x0, 0x0}, 0x2020) r3 = fsmount(r0, 0x1, 0x1) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) openat$cgroup_pressure(r3, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0) read$FUSE(r4, 0x0, 0x0) write$FUSE_OPEN(r4, &(0x7f0000000180)={0x20, 0xffffffffffffffda, r2, {0x0, 0x4}}, 0x20) timer_create(0x5, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r5, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_STATUS64(r5, 0x80605414, &(0x7f0000000080)) openat$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000000)='io.pressure\x00', 0x2, 0x0) 08:07:45 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0}) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), 0x0, 0x0, {}, 0x0, 0x0, &(0x7f0000002880)=""/181, 0x0}, 0x58) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000280), &(0x7f0000000300)=0x60) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) r2 = accept4$nfc_llcp(0xffffffffffffffff, &(0x7f0000000140), &(0x7f00000001c0)=0xfffffef8, 0x800) bind$nfc_llcp(r2, &(0x7f0000000200)={0x27, 0x0, 0x1, 0x1, 0x8, 0x10, "a6d89c8b808e134dd3d039a3eda9fb676cdf81164b58e19c80ade23647c12b196feceea54ade0474bdac78eef8969d8d4bd119af6cb7707b0a895116ea8399", 0x1f}, 0x60) ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, &(0x7f0000000100)={0x3, 0x7, 0xce1, 0x7, 0x99, 0x2, &(0x7f0000000000)="8d4bf58d253afd8660647d6f1386828ca2319efde18c2264070310b04bc54037556652859fd3209d28973d24e2045e54aa76db569a2bc4a76aeebb9de181d379919a4d138c0aaa20569c61976a0917d5fbad1111d247d1eccbf8460c64f8c49e23a954a9629d7d9bdcd3e6e133cdb6b7a63fa55c8c6b432fb947972d9f4a74550a0d7d0becded102af1270d26ed8743028f71a1ea13dfb2e68"}) 08:07:45 executing program 2: timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(0x0) [ 1012.574530][ T3546] FAULT_INJECTION: forcing a failure. [ 1012.574530][ T3546] name failslab, interval 1, probability 0, space 0, times 0 [ 1012.609057][ T3546] CPU: 0 PID: 3546 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1012.617310][ T3546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1012.627196][ T3546] Call Trace: [ 1012.630319][ T3546] [ 1012.633097][ T3546] dump_stack_lvl+0x151/0x1b7 [ 1012.637621][ T3546] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1012.642906][ T3546] dump_stack+0x15/0x17 [ 1012.646901][ T3546] should_fail+0x3c0/0x510 [ 1012.651152][ T3546] __should_failslab+0x9f/0xe0 [ 1012.655758][ T3546] should_failslab+0x9/0x20 [ 1012.660092][ T3546] kmem_cache_alloc+0x4f/0x2f0 [ 1012.664688][ T3546] ? anon_vma_fork+0x1b9/0x4f0 [ 1012.669288][ T3546] anon_vma_fork+0x1b9/0x4f0 [ 1012.673715][ T3546] dup_mmap+0x750/0xea0 [ 1012.677716][ T3546] ? __delayed_free_task+0x20/0x20 [ 1012.682659][ T3546] ? mm_init+0x807/0x960 [ 1012.686737][ T3546] dup_mm+0x91/0x330 [ 1012.690466][ T3546] copy_mm+0x108/0x1b0 [ 1012.694379][ T3546] copy_process+0x1295/0x3250 [ 1012.698890][ T3546] ? check_stack_object+0xf7/0x130 [ 1012.703835][ T3546] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1012.708787][ T3546] ? copy_clone_args_from_user+0x6cf/0x790 [ 1012.714418][ T3546] kernel_clone+0x22d/0x990 [ 1012.719366][ T3546] ? dup_mmap+0xea0/0xea0 [ 1012.723532][ T3546] ? create_io_thread+0x1e0/0x1e0 [ 1012.728392][ T3546] ? file_end_write+0x1b0/0x1b0 [ 1012.733080][ T3546] __x64_sys_clone3+0x375/0x3a0 [ 1012.737889][ T3546] ? __ia32_sys_clone+0x300/0x300 [ 1012.742748][ T3546] ? ksys_write+0x25f/0x2c0 [ 1012.747088][ T3546] ? debug_smp_processor_id+0x17/0x20 [ 1012.752294][ T3546] do_syscall_64+0x44/0xd0 [ 1012.756556][ T3546] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1012.762273][ T3546] RIP: 0033:0x7f495fdbc639 [ 1012.766529][ T3546] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1012.785968][ T3546] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1012.794210][ T3546] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1012.802021][ T3546] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1012.809837][ T3546] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1012.817644][ T3546] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 08:07:45 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 46) 08:07:45 executing program 2: timer_create(0x0, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(0x0) 08:07:45 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x2000000}, 0x58) 08:07:45 executing program 5: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r0}}, 0x58) r1 = fsmount(r0, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r1, 0x80045519, &(0x7f0000000180)=0x100) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) 08:07:45 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0}) (async) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), 0x0, 0x0, {}, 0x0, 0x0, &(0x7f0000002880)=""/181, 0x0}, 0x58) (async) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000280), &(0x7f0000000300)=0x60) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) (async) r2 = accept4$nfc_llcp(0xffffffffffffffff, &(0x7f0000000140), &(0x7f00000001c0)=0xfffffef8, 0x800) bind$nfc_llcp(r2, &(0x7f0000000200)={0x27, 0x0, 0x1, 0x1, 0x8, 0x10, "a6d89c8b808e134dd3d039a3eda9fb676cdf81164b58e19c80ade23647c12b196feceea54ade0474bdac78eef8969d8d4bd119af6cb7707b0a895116ea8399", 0x1f}, 0x60) (async) ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, &(0x7f0000000100)={0x3, 0x7, 0xce1, 0x7, 0x99, 0x2, &(0x7f0000000000)="8d4bf58d253afd8660647d6f1386828ca2319efde18c2264070310b04bc54037556652859fd3209d28973d24e2045e54aa76db569a2bc4a76aeebb9de181d379919a4d138c0aaa20569c61976a0917d5fbad1111d247d1eccbf8460c64f8c49e23a954a9629d7d9bdcd3e6e133cdb6b7a63fa55c8c6b432fb947972d9f4a74550a0d7d0becded102af1270d26ed8743028f71a1ea13dfb2e68"}) 08:07:45 executing program 2: timer_create(0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(0x0) 08:07:45 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x7000000}, 0x58) [ 1012.825456][ T3546] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1012.833272][ T3546] [ 1012.857814][ T3575] FAULT_INJECTION: forcing a failure. [ 1012.857814][ T3575] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1012.892675][ T3575] CPU: 1 PID: 3575 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1012.900924][ T3575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1012.910911][ T3575] Call Trace: [ 1012.914119][ T3575] [ 1012.916894][ T3575] dump_stack_lvl+0x151/0x1b7 [ 1012.921412][ T3575] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1012.926704][ T3575] dump_stack+0x15/0x17 [ 1012.930693][ T3575] should_fail+0x3c0/0x510 [ 1012.934945][ T3575] should_fail_alloc_page+0x58/0x70 08:07:45 executing program 2: timer_create(0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(0x0) 08:07:45 executing program 0: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0}) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), 0x0, 0x0, {}, 0x0, 0x0, &(0x7f0000002880)=""/181, 0x0}, 0x58) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000280), &(0x7f0000000300)=0x60) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) (async) r2 = accept4$nfc_llcp(0xffffffffffffffff, &(0x7f0000000140), &(0x7f00000001c0)=0xfffffef8, 0x800) bind$nfc_llcp(r2, &(0x7f0000000200)={0x27, 0x0, 0x1, 0x1, 0x8, 0x10, "a6d89c8b808e134dd3d039a3eda9fb676cdf81164b58e19c80ade23647c12b196feceea54ade0474bdac78eef8969d8d4bd119af6cb7707b0a895116ea8399", 0x1f}, 0x60) (async) ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, &(0x7f0000000100)={0x3, 0x7, 0xce1, 0x7, 0x99, 0x2, &(0x7f0000000000)="8d4bf58d253afd8660647d6f1386828ca2319efde18c2264070310b04bc54037556652859fd3209d28973d24e2045e54aa76db569a2bc4a76aeebb9de181d379919a4d138c0aaa20569c61976a0917d5fbad1111d247d1eccbf8460c64f8c49e23a954a9629d7d9bdcd3e6e133cdb6b7a63fa55c8c6b432fb947972d9f4a74550a0d7d0becded102af1270d26ed8743028f71a1ea13dfb2e68"}) [ 1012.939983][ T3575] __alloc_pages+0x1de/0x7c0 [ 1012.944410][ T3575] ? __count_vm_events+0x30/0x30 [ 1012.949180][ T3575] ? dup_mm+0x91/0x330 [ 1012.953085][ T3575] ? copy_mm+0x108/0x1b0 [ 1012.957165][ T3575] ? copy_process+0x1295/0x3250 [ 1012.961848][ T3575] ? kernel_clone+0x22d/0x990 [ 1012.966362][ T3575] ? __x64_sys_clone3+0x375/0x3a0 [ 1012.971224][ T3575] pte_alloc_one+0x73/0x1b0 [ 1012.975562][ T3575] ? pfn_modify_allowed+0x2e0/0x2e0 [ 1012.980603][ T3575] ? __kasan_check_write+0x14/0x20 [ 1012.985542][ T3575] ? __set_page_owner+0x2ee/0x310 [ 1012.990403][ T3575] __pte_alloc+0x86/0x350 [ 1012.994569][ T3575] ? post_alloc_hook+0x1ab/0x1b0 [ 1012.999344][ T3575] ? free_pgtables+0x210/0x210 [ 1013.003944][ T3575] ? get_page_from_freelist+0x38b/0x400 [ 1013.009327][ T3575] copy_pte_range+0x1b1f/0x20b0 [ 1013.014018][ T3575] ? __kunmap_atomic+0x80/0x80 [ 1013.018611][ T3575] ? __pud_alloc+0x260/0x260 [ 1013.023037][ T3575] ? __pud_alloc+0x218/0x260 [ 1013.027466][ T3575] ? do_handle_mm_fault+0x2370/0x2370 [ 1013.032674][ T3575] copy_page_range+0xc1e/0x1090 [ 1013.037362][ T3575] ? pfn_valid+0x1e0/0x1e0 [ 1013.041612][ T3575] dup_mmap+0x99f/0xea0 [ 1013.045610][ T3575] ? __delayed_free_task+0x20/0x20 [ 1013.050551][ T3575] ? mm_init+0x807/0x960 [ 1013.054632][ T3575] dup_mm+0x91/0x330 [ 1013.058381][ T3575] copy_mm+0x108/0x1b0 [ 1013.062271][ T3575] copy_process+0x1295/0x3250 [ 1013.066785][ T3575] ? check_stack_object+0xf7/0x130 [ 1013.071732][ T3575] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1013.076680][ T3575] ? copy_clone_args_from_user+0x6cf/0x790 [ 1013.082320][ T3575] kernel_clone+0x22d/0x990 [ 1013.086659][ T3575] ? dup_mmap+0xea0/0xea0 [ 1013.090823][ T3575] ? create_io_thread+0x1e0/0x1e0 [ 1013.095689][ T3575] ? file_end_write+0x1b0/0x1b0 [ 1013.100374][ T3575] __x64_sys_clone3+0x375/0x3a0 [ 1013.105058][ T3575] ? __ia32_sys_clone+0x300/0x300 [ 1013.109922][ T3575] ? ksys_write+0x25f/0x2c0 [ 1013.114268][ T3575] ? debug_smp_processor_id+0x17/0x20 [ 1013.119476][ T3575] do_syscall_64+0x44/0xd0 [ 1013.123722][ T3575] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1013.129451][ T3575] RIP: 0033:0x7f495fdbc639 [ 1013.133701][ T3575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1013.153143][ T3575] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1013.161392][ T3575] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1013.169197][ T3575] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1013.177009][ T3575] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1013.184821][ T3575] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1013.192720][ T3575] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1013.200533][ T3575] 08:07:45 executing program 1: ioctl$USBDEVFS_ALLOW_SUSPEND(0xffffffffffffffff, 0x5522) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) (async, rerun: 64) read$FUSE(r0, &(0x7f0000000280)={0x2020, 0x0, 0x0}, 0x2020) (async, rerun: 64) r3 = fsmount(r0, 0x1, 0x1) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) (async) openat$cgroup_pressure(r3, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0) read$FUSE(r4, 0x0, 0x0) (async) write$FUSE_OPEN(r4, &(0x7f0000000180)={0x20, 0xffffffffffffffda, r2, {0x0, 0x4}}, 0x20) (async) timer_create(0x5, 0x0, &(0x7f0000000100)) (async, rerun: 32) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async, rerun: 32) timer_gettime(0x0, &(0x7f0000000240)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r5, 0x0, 0x0) (async, rerun: 32) ioctl$SNDRV_TIMER_IOCTL_STATUS64(r5, 0x80605414, &(0x7f0000000080)) (async, rerun: 32) openat$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000000)='io.pressure\x00', 0x2, 0x0) 08:07:45 executing program 0: ioctl$HIDIOCGFLAG(0xffffffffffffffff, 0x8004480e, &(0x7f0000000000)) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) 08:07:45 executing program 2: timer_create(0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(0x0) 08:07:45 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x9000000}, 0x58) 08:07:45 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 47) 08:07:45 executing program 5: timer_create(0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(0x0) 08:07:45 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x10000200}, 0x58) 08:07:46 executing program 0: ioctl$HIDIOCGFLAG(0xffffffffffffffff, 0x8004480e, &(0x7f0000000000)) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) 08:07:46 executing program 2: timer_create(0x0, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, 0x0, 0x0) timer_delete(0x0) 08:07:46 executing program 5: timer_create(0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(0x0) 08:07:46 executing program 0: ioctl$HIDIOCGFLAG(0xffffffffffffffff, 0x8004480e, &(0x7f0000000000)) (async) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) 08:07:46 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x11000000}, 0x58) [ 1013.475076][ T3603] FAULT_INJECTION: forcing a failure. [ 1013.475076][ T3603] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1013.501325][ T3603] CPU: 1 PID: 3603 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1013.509577][ T3603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1013.519485][ T3603] Call Trace: [ 1013.522589][ T3603] [ 1013.525372][ T3603] dump_stack_lvl+0x151/0x1b7 [ 1013.529879][ T3603] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1013.535439][ T3603] dump_stack+0x15/0x17 [ 1013.539426][ T3603] should_fail+0x3c0/0x510 [ 1013.543682][ T3603] should_fail_alloc_page+0x58/0x70 [ 1013.548714][ T3603] __alloc_pages+0x1de/0x7c0 [ 1013.553139][ T3603] ? __count_vm_events+0x30/0x30 [ 1013.557916][ T3603] ? __this_cpu_preempt_check+0x13/0x20 [ 1013.563382][ T3603] ? __mod_node_page_state+0xac/0xf0 [ 1013.568504][ T3603] pte_alloc_one+0x73/0x1b0 [ 1013.572842][ T3603] ? pfn_modify_allowed+0x2e0/0x2e0 [ 1013.577877][ T3603] __pte_alloc+0x86/0x350 [ 1013.582043][ T3603] ? free_pgtables+0x210/0x210 [ 1013.586643][ T3603] ? _raw_spin_lock+0xa3/0x1b0 [ 1013.591240][ T3603] ? _raw_spin_trylock_bh+0x1d0/0x1d0 [ 1013.596460][ T3603] ? __kernel_text_address+0x9a/0x110 [ 1013.601656][ T3603] copy_pte_range+0x1b1f/0x20b0 [ 1013.606351][ T3603] ? __kunmap_atomic+0x80/0x80 [ 1013.610944][ T3603] ? __kasan_slab_alloc+0xc4/0xe0 [ 1013.615803][ T3603] ? __kasan_slab_alloc+0xb2/0xe0 [ 1013.620665][ T3603] ? kmem_cache_alloc+0x189/0x2f0 [ 1013.625524][ T3603] ? vm_area_dup+0x26/0x1d0 [ 1013.629863][ T3603] ? dup_mmap+0x6b8/0xea0 [ 1013.634030][ T3603] ? dup_mm+0x91/0x330 [ 1013.637939][ T3603] ? copy_mm+0x108/0x1b0 [ 1013.642017][ T3603] ? copy_process+0x1295/0x3250 [ 1013.646701][ T3603] ? kernel_clone+0x22d/0x990 [ 1013.651216][ T3603] ? __x64_sys_clone3+0x375/0x3a0 [ 1013.656076][ T3603] ? do_syscall_64+0x44/0xd0 [ 1013.660506][ T3603] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1013.666406][ T3603] copy_page_range+0xc1e/0x1090 [ 1013.671094][ T3603] ? pfn_valid+0x1e0/0x1e0 [ 1013.675348][ T3603] dup_mmap+0x99f/0xea0 [ 1013.679340][ T3603] ? __delayed_free_task+0x20/0x20 [ 1013.684286][ T3603] ? mm_init+0x807/0x960 [ 1013.688364][ T3603] dup_mm+0x91/0x330 [ 1013.692096][ T3603] copy_mm+0x108/0x1b0 [ 1013.696007][ T3603] copy_process+0x1295/0x3250 [ 1013.700518][ T3603] ? check_stack_object+0xf7/0x130 [ 1013.705463][ T3603] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1013.710424][ T3603] ? copy_clone_args_from_user+0x6cf/0x790 [ 1013.716056][ T3603] kernel_clone+0x22d/0x990 [ 1013.720414][ T3603] ? dup_mmap+0xea0/0xea0 [ 1013.724561][ T3603] ? create_io_thread+0x1e0/0x1e0 [ 1013.729424][ T3603] ? file_end_write+0x1b0/0x1b0 [ 1013.734105][ T3603] __x64_sys_clone3+0x375/0x3a0 [ 1013.738793][ T3603] ? __ia32_sys_clone+0x300/0x300 [ 1013.743655][ T3603] ? ksys_write+0x25f/0x2c0 [ 1013.747992][ T3603] ? debug_smp_processor_id+0x17/0x20 [ 1013.753200][ T3603] do_syscall_64+0x44/0xd0 [ 1013.757453][ T3603] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1013.763182][ T3603] RIP: 0033:0x7f495fdbc639 [ 1013.767437][ T3603] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1013.786877][ T3603] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1013.795120][ T3603] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1013.802931][ T3603] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1013.810742][ T3603] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1013.818554][ T3603] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1013.826365][ T3603] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1013.834180][ T3603] 08:07:46 executing program 1: ioctl$USBDEVFS_ALLOW_SUSPEND(0xffffffffffffffff, 0x5522) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) (async) read$FUSE(r0, &(0x7f0000000280)={0x2020, 0x0, 0x0}, 0x2020) r3 = fsmount(r0, 0x1, 0x1) (async, rerun: 32) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) (rerun: 32) openat$cgroup_pressure(r3, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0) (async, rerun: 64) read$FUSE(r4, 0x0, 0x0) (async, rerun: 64) write$FUSE_OPEN(r4, &(0x7f0000000180)={0x20, 0xffffffffffffffda, r2, {0x0, 0x4}}, 0x20) (async) timer_create(0x5, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r5, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_STATUS64(r5, 0x80605414, &(0x7f0000000080)) (async) openat$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000000)='io.pressure\x00', 0x2, 0x0) 08:07:46 executing program 2: timer_create(0x0, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, 0x0, 0x0) timer_delete(0x0) 08:07:46 executing program 5: timer_create(0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(0x0) 08:07:46 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1f000000}, 0x58) 08:07:46 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 48) 08:07:46 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) getresuid(&(0x7f0000000040), &(0x7f0000000080), &(0x7f0000000100)=0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000140)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_ATTR(r1, &(0x7f0000002180)={0x78, 0x0, 0x0, {0xd0d, 0x5, 0x0, {0x6, 0x7f, 0xfffffffffffffff9, 0x7fffffffffffffff, 0xa4e4, 0x4, 0x400, 0x2, 0x68, 0x8000, 0x9, r2, r4, 0x4, 0x8}}}, 0x78) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r5, 0x0, 0x0) write$FUSE_LSEEK(r5, &(0x7f0000002200)={0x18, 0x0, r3, {0x20}}, 0x18) 08:07:46 executing program 2: timer_create(0x0, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, 0x0, 0x0) timer_delete(0x0) 08:07:46 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1ffff000}, 0x58) 08:07:46 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x20000000}, 0x58) [ 1014.294432][ T3627] FAULT_INJECTION: forcing a failure. [ 1014.294432][ T3627] name failslab, interval 1, probability 0, space 0, times 0 [ 1014.309584][ T3627] CPU: 0 PID: 3627 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1014.317819][ T3627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1014.327719][ T3627] Call Trace: [ 1014.330840][ T3627] [ 1014.333618][ T3627] dump_stack_lvl+0x151/0x1b7 [ 1014.338132][ T3627] ? bfq_pos_tree_add_move+0x43e/0x43e 08:07:46 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) getresuid(&(0x7f0000000040), &(0x7f0000000080), &(0x7f0000000100)=0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000140)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_ATTR(r1, &(0x7f0000002180)={0x78, 0x0, 0x0, {0xd0d, 0x5, 0x0, {0x6, 0x7f, 0xfffffffffffffff9, 0x7fffffffffffffff, 0xa4e4, 0x4, 0x400, 0x2, 0x68, 0x8000, 0x9, r2, r4, 0x4, 0x8}}}, 0x78) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r5, 0x0, 0x0) write$FUSE_LSEEK(r5, &(0x7f0000002200)={0x18, 0x0, r3, {0x20}}, 0x18) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) getresuid(&(0x7f0000000040), &(0x7f0000000080), &(0x7f0000000100)) (async) read$FUSE(0xffffffffffffffff, &(0x7f0000000140)={0x2020}, 0x2020) (async) write$FUSE_ATTR(r1, &(0x7f0000002180)={0x78, 0x0, 0x0, {0xd0d, 0x5, 0x0, {0x6, 0x7f, 0xfffffffffffffff9, 0x7fffffffffffffff, 0xa4e4, 0x4, 0x400, 0x2, 0x68, 0x8000, 0x9, r2, r4, 0x4, 0x8}}}, 0x78) (async) pipe(&(0x7f0000005540)) (async) read$FUSE(r5, 0x0, 0x0) (async) write$FUSE_LSEEK(r5, &(0x7f0000002200)={0x18, 0x0, r3, {0x20}}, 0x18) (async) 08:07:46 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) getresuid(&(0x7f0000000040), &(0x7f0000000080), &(0x7f0000000100)=0x0) (async) read$FUSE(0xffffffffffffffff, &(0x7f0000000140)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_ATTR(r1, &(0x7f0000002180)={0x78, 0x0, 0x0, {0xd0d, 0x5, 0x0, {0x6, 0x7f, 0xfffffffffffffff9, 0x7fffffffffffffff, 0xa4e4, 0x4, 0x400, 0x2, 0x68, 0x8000, 0x9, r2, r4, 0x4, 0x8}}}, 0x78) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r5, 0x0, 0x0) (async) write$FUSE_LSEEK(r5, &(0x7f0000002200)={0x18, 0x0, r3, {0x20}}, 0x18) 08:07:46 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x40000000}, 0x58) [ 1014.343427][ T3627] dump_stack+0x15/0x17 [ 1014.347419][ T3627] should_fail+0x3c0/0x510 [ 1014.351670][ T3627] __should_failslab+0x9f/0xe0 [ 1014.356273][ T3627] should_failslab+0x9/0x20 [ 1014.360610][ T3627] kmem_cache_alloc+0x4f/0x2f0 [ 1014.365212][ T3627] ? vm_area_dup+0x26/0x1d0 [ 1014.369552][ T3627] vm_area_dup+0x26/0x1d0 [ 1014.373717][ T3627] dup_mmap+0x6b8/0xea0 [ 1014.377712][ T3627] ? __delayed_free_task+0x20/0x20 [ 1014.382660][ T3627] ? mm_init+0x807/0x960 [ 1014.386734][ T3627] dup_mm+0x91/0x330 [ 1014.390469][ T3627] copy_mm+0x108/0x1b0 [ 1014.394373][ T3627] copy_process+0x1295/0x3250 [ 1014.398888][ T3627] ? check_stack_object+0xf7/0x130 [ 1014.403836][ T3627] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1014.408782][ T3627] ? copy_clone_args_from_user+0x6cf/0x790 [ 1014.414426][ T3627] kernel_clone+0x22d/0x990 [ 1014.418766][ T3627] ? dup_mmap+0xea0/0xea0 [ 1014.422928][ T3627] ? create_io_thread+0x1e0/0x1e0 [ 1014.427787][ T3627] ? file_end_write+0x1b0/0x1b0 [ 1014.432476][ T3627] __x64_sys_clone3+0x375/0x3a0 [ 1014.437161][ T3627] ? __ia32_sys_clone+0x300/0x300 [ 1014.442020][ T3627] ? ksys_write+0x25f/0x2c0 [ 1014.446358][ T3627] ? debug_smp_processor_id+0x17/0x20 [ 1014.451568][ T3627] do_syscall_64+0x44/0xd0 [ 1014.455823][ T3627] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1014.461550][ T3627] RIP: 0033:0x7f495fdbc639 [ 1014.465807][ T3627] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1014.485242][ T3627] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1014.493486][ T3627] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1014.501297][ T3627] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1014.509230][ T3627] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1014.517012][ T3627] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1014.524818][ T3627] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1014.532633][ T3627] 08:07:47 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2}, 0x48) timer_delete(r0) timer_gettime(0x0, &(0x7f0000000240)) timer_create(0x4, &(0x7f0000000180)={0x0, 0x25, 0x4, @thr={&(0x7f0000000280)="00aeef28cf518a9568f143148b3762ab94bcab42cd32b7aad10f56f6b55dfcaf6b09e9bacddd7cd0106aaf09dbd1a8e06ade73f61957b3d85e5f9b740f672e1e6b9ecbc8790608b239fda5b2e8fc6fabaa76c93dc67eb7b58054f83efaa9b4c04acf4679b50d7fc139121e78c527f5637289c9a4980ce910a0e4775034ab266c8e9df093b53ed3776a174520db6d3f037145c48b2654c725c8d51f34ab79370b7e412f32afa67ceef90bfdb889214adb22c982f0ee0ca43e59bea6f70fc73e02eec264a85d0624af7676dc310ad55510b3d7cd78356f8ddeb76fcd57b11af637f18ca6769b9afae1992b8af369f68987b4ffb8489675db2c379f352a1829f1caf40073f955a72544bf4b45097c3c436af18b5800a5b80ef6bda001588a7a9345f5f2221a9fc210cb922c07a37b6f8876f14d58b4c50c75a792c1a1739343137450e99fe440bd4a63eff4816f7f80c61b7c57013f9fdf21d96d7e19ec69c76d07756a72418a1a640798b612f4fd499910093c61a2c88e2fe7e8e27759d8d904d129687f9e4a182c4f5f70461bcdd415b012640ea477e15a935e2fff0551055bd4fe1ab9b01ccb831135c7471478a973dbddc7ff3de1e12d1902e607dd942f8d013950fa8bae85a0a2d10face32f1504968601e380c88cb1f8df66e9b13604df030585f8cb76e486dae89f89cf8d7517f21e7f9c1c30d3ef994686af6d5f3d769bce35b5f747970e97320646d29ee7465ad712f5ca97f1c8e9722255aa3a26ae64faddb55f953a5d52608f2ef47b7644859db86568e51b88aa7163775a469ebfda798ad7fc026e6ecd23c2a0b0d5e17f34245599f21b84032714e8d94833fd6dc6c96b7fd090297489cbb092a524cb7201c320ac407442c43516eeadc851f9f90519f2f72f7f445e405197ec522b81ba6eb09c5e99f6fef08baefae45582fbf2804ede2d88ab8093939004e2e701c1b1064bc757802fd38003652d0541be2d6abeaa2340b44a60a2662c205ecd048a93008b02f5929798954086485fe18f55829334779498be9b031b0f2486c41f76085049ca101f203d094eb007d33448c48095344db24bc2acc1e9a5443f398ea91898655026a403ecd56856d9fd559adde9351d3cbb53d0bca03f5f4e535f7f8f36613bc855ebce221815c12ee7e00f71ae3612432f0003dffc21d5fc57e150d02674da32d26e71de9aa56d59edb8dac6ab7335984eef9941c8c37259f2558477675f51216c25889e1f322acd081c1fb71168f3e53b4c03840d56621e912837da6fea5272a7bd3bf5ecf001f20a7f963ef60a5850809e564062e080306a64d648176fd7501dcc67cc5a0111a9f14bae6ec82770be09e29a93db19b97822038b573d73fb0cc508427a478a49a37a37a6085cbc680ba03fabc4e7f4b1cd642cb5a50694f8431b0c7a182e624a0e2ad7ca7b4b066b037b2deaa34f3f16f71c4cddbb9f5d5c338b932df0c6c3cfac21d3681cab52e960dbd529a48ea77703bc2c6b9f73703600bc83df81b480a549008a645e933ce73494cbcf54fd01b44afd74562664cdb6ae6060d3f27943a8846ab71fc76bf4aa90291a058075cdabb32b8c9f202082862a62e5e0622a3be5c7042c7c33db623c07810160e5f180c159c18393643dae20584e20678b2f7fbada78d8c7f6b5e9742a6eaa2baac30fb3a1a3df6015731a5ff2429c225a6876c859789d61430fe0db5720aef5db5626b1a44f151721708c481dfe7e245fc9f107664074fc845d5766f33c454da1ba992235f6a5b961770c58c6a4973e9b4f96ee9623e628a826557325cbc68c0dacbe672df52c997c8296cec383aa016ba6b56d1b38da79487a4a819de8d6f4cf56f2e42e79255dfb1c3655def3736dbfe515f0d7e44c82ee32a7e7ca997b1fe39dc3a52b0d20006cafdd07f853b409d9a3ae08887e4538d7bc981b68fa230d94db1e87e7bdf8613860d145d0342d06dae8cba6a909c66989553ebe417d33a281a18a8a382783bcb394162a91f24f2479fab2aea83ad1f4419a4ff25058510064ac047c12bbc9a8ed6a901c4798e088c54f3068a15a7da60c88a8b2aee2dcddeb1ddad0bbaffd14c9a26102477da84d140e80f3bac06fcc288963718369020232b62c10998f774f6c6eafca0eb0783a3992bc8c2cb48ce4af6bcf5dd965fbd8a07cd0c658faf92f3f18fea590f23292e70fbe685878a49b62a3f354d8a51e3edc85602d8f1ec332b7bb755647a62b503c599f965e65202db9b88442f61e9e3854b396e354049af188832bea02d713944d46e8d1cf03d89c4b731ae082253e585818b9a525d55c01d83519cca6fc2713d358abcba8ba26140c8a4a3120a65ed1948260cf63d67565ddf98c3e7bc55db5560146d38ac28ce250ef7c4bbe5dc2a4227aaffcab1c90f7580f51fe52b12c4479a75589e6cada9114e1152045619e60fe93fbe3942df99ec78f0ed31593c33e082602a2d4e72c30ef2bdf688349de8e3e95cfdab53e53d30ad7aabcbfa4d18e32b170068971566e0456e3d939b8db22fd49455e2f0c15a157c9cbc1a07588554016452a3ff65c3d3e20f356c53fe70ee80dc062b76d8fc60beeeb105356c97d08ce8cc76d031b478f0e2268938cf4cc0bd67bd58c031f81a5c6104be78d5c3a88eba22c063a2d4318ddf650b6c96421400cae15c7fb9c541ee242de642d27aaff0d85d5dd004fa47b22b6b6b47cf0f669c63cd944ce18223043df282494131db6aa7238b3b058639884e056d8f6e4415219a771e1abc3f8922df6749f73679b47d083387af05568b4f12ab9f975bec01f982e3c47df2b12f1e526e55572677948ca39a4ed5a9683f3054e5051483544df93b03bc958a4dfc50656705bd36e5789f04378148633956e59c9fb1510a5353b362e83c2521943d995722a721941a1722db1e7b8adb3222a007c79a37c5373731ae700d93d0a25e09f223bd36e8cfc1c69007b23273ab8506f606f7a5559fb3434df2657e55387b63fd930180bc62e5ec762a88a19e7ceed7423eab0e265fdb658b1fa2700696c5b16838643e95c4b30ff74068d6c97fef712361a83826b042f5f3b15f3a0330660f179fd5ddfcd2d50095c9b3f64fcd2dab586d547c2cc67d04c8dc63c4da1e1e6c36fe32eeb8a31883aeb7674ba480e6cad0d799addcbbfb40175a80dd7f22d9dcdbdd1b521889219cb63d7f76ef3389d3c16478bb344fcfba9999d7a62c0737c7f43ca15affd8c4625673bfd563af4cf425114ce1e7790d139edee95a47e8ca4bf581cac41541edc90c0154d9ce42d25eeb5b88b10793f346d114514b24b7ab239d3910d66ba5c9a76bcbbe7066efa51bf08a684b1fdcb91ec43b6b977fa4490fa2b1f144be48bada43a6897ae5357de9a1912e8f42dc477a42692b59fbb3f97b936c45f3938a514fb82f1f1833da88c4f6c48c62af84458f1622c741d32a2ede32289714d0073d3bc27a8180ee8c21582590c8951acd803ccdee99e5fe6a198eb016d62a4fc5453727994016990babfdc1426ac920ccb3d3650b372100e67f0ae8b71a6c187cacd3ad653a95d7b6d505384724ea618f25856a5a8a50f90247c7c643adb9fd1faa66de14c4dd3c558f85dd61cc0faf050a5ed9649e7c14ecd22c5b6f08735babf61547168dfea0c327dcf7951916b0274b70bcc08f478afd6134cd40a2bf389c2096e12fea0ab363f7f008924da43ab9aef4ab186138ce53401a730637af30986bbd564573cec0d699e5af64130b9811fc2db28fcbbb1f22ded50c48b2b2995a0f2298bdf4068c2e63f1333da40b3adacc0fbfc5c2ffba91e47af8a40b7522714ae596c8553afd682114d539ddfca4834a7b2e27e8e6b969f01eeb2721750800ba066756803862dd415bcd5b250c7a1b3ac056da1946bd6ecd04263570f08dd3dcab23cde1f090f067927c80ef411c6b72a084fcaf4dc63dc5ec951e1511bd368fbb5f1e50da1e16ada0251acfda706a14734341e9aefb4ab1c684004074b2c788b91640a032fd0ba7a2f3f50ce53f56ec0d7fd7f3fd218aaff3ba02e721afd1b401be2c376e7b14c12299360be6fef856ba20b8d60601eb2bfc3ca9fd3d7cff2bf5686afdc4e81b47653bbff82f184dabfa9c3fafcba78b229f676a38285d75eaf83f075999fdf171ba209509ca469c90e036e9f918be3741f12a54041fb0f47227cb6e3629df6fadd50560ff2b41db901f10f26fd4ef3677d3d6d67e8c356f6d9e21a7a2ce2c374391a009b664515f7afc6f82b08bec6c48d4c8035eb896db5af2ef65e24d113633c3d8b2982074d362e2ddfb1fc52acfdea9cb1395cf485997351b167d8dd9f785eb8d6db33fef4d735d99e9044f3427a56db6fb450fafb5a14c0c836882ba97488308eed97141769afdb44d71b1296c06806a1e512561dc3a8972aa6dcbb3f68fe83adeed48a0c5671e5c388d2070c2dc977646fff8f6996f34def596026b9171095df8b9ac42875e0569f6d702b1ba37a2c4443343cb1e52f3111a3e409edf681a347080e84fa8f697b8be5ee4876f264efad34432666723820020f4bc8cb6275a9377f83ed95ff92d303c97048d1f7a10eb4d003fb3bd98e66494b130ab892c1747e9e2069e318d202ded62c1e0fb1c5fea62bc5fbe507203ba53894cba505d8c026c1e898352db0ab8a255acdef5b13c67d427ca91cfb8f9bb23260d2d5be4a3d399104a4292c4b56d040d36f7ca166112bed2cb309943eab42a21671c758362b8dc07cf1aea85f82625ca15e177ab6eb889df67552e21cebb964e12b1810e8311595f7d80d48ccf7611f8340979e314f65fe09a8f3070c63cbd029b472e6301b2361160631b0ca276b894815d2d67f519ae7d7c63db3074561a29c40e695d2ba7d12972aaa71bd2cb15175fcb3ed3121d1b9220ca03baa4c3f02cca095881cf74f6ca332abd21543ae6370697a8a2640490b5753df55551883e017f1fc484a5d0d36c287d5fb83526046068bbce28837170024f8c8929cc37878750c362a53ce4f42d02ec5f30a8fdb37c4773fc4187e0168bcf8e057a9678fecc351c8cdab69d66ff79a621ded9fc2b081543953fbb8a422555a9b030f66d1fc2297e4b6bb67ad913341abb95b36d64a60dd3655a5b7607949e9a75dd655e1872eb5c153b742150aa443ab800ffb9db5b78d2803ac996a718a7c7280997e5f39fc22b9f657082a99fdfe8028e1abf30fc36c2ec8c29fcf735c12604671935df3b4f2895a060e3e32fbee30ec8e4c1c7db433014e9c73a09068b4ee5308e8d38e0db564b170de10a6442e6312206dd41209d9cd5fff80674ffb0dc99f20049d0f892a818a2005cce3d07fc8bfacf486f30b339477758ea14272736c052d95f5454ff4823e85d03f25851f87310e27a866c1ecfe9a1a0103926937a1fd140d9f26ff90dab56e50fd855552f7722bad30ff34954869db603ad96a3374f18437ebd5bb39e6fac77a56c48c38726d05ee3cfd1b3248a9b46292728d1848ccf4016f6a1506e20f15cb7849127e165708617b3c551e10d41a348591b3c03f3b1cc22efd888c4b7240e52b6e15b3a9bdd769be33a978c31f0782f5574d0692bed3244d0a818bc565f350604b650ababfc8d4efff52cc6c40468eab35a74dd04cd847b0fda8cd43ea7fb108976976fcba4a6a0757cea4549601d6dd1a4f37366f75ec3efec67cc0fe7a23e27e552cbe93c68b8de5245c0001dcbbeda3aa0d32cf040e972334f1c96732f2a1386c1de52932dee66b4203e1b35f56896232255a327e4d2a750757741b926a6d", &(0x7f0000000000)="1509b641c2700f907a1a00f5b75b54d834a84c8bae8d48f131dd93c6e996fd60402ef743e47df261781b6e32de7b7abc54ca0f307d66b209525c9c7803a563a1530b535bcf3934e155cafb8d17333541f3d6c0be984d3e8d1debbc3ef1a37c2c16de2ddade72af51c2df472ae40880c9b1b6b824a866e1cb8d2e7f87b5142998f8bfeef5aa6faee7b8e06a1c53caa9350c679115aa5b1eb4142023825c99507952cee04875fd678bd0d0ef84ea229214dbf79638aaa30379879bab9e2c70da18cf5f181a69"}}, &(0x7f00000001c0)=0x0) timer_delete(r1) 08:07:47 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) syz_open_dev$usbfs(&(0x7f0000000000), 0x1009, 0x348101) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) 08:07:47 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0xf5ffffff}, 0x58) 08:07:47 executing program 2: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x2}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:47 executing program 5: ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0}) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), 0x0, 0x0, {}, 0x0, 0x0, &(0x7f0000002880)=""/181, 0x0}, 0x58) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000280), &(0x7f0000000300)=0x60) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) r2 = accept4$nfc_llcp(0xffffffffffffffff, &(0x7f0000000140), &(0x7f00000001c0)=0xfffffef8, 0x800) bind$nfc_llcp(r2, &(0x7f0000000200)={0x27, 0x0, 0x1, 0x1, 0x8, 0x10, "a6d89c8b808e134dd3d039a3eda9fb676cdf81164b58e19c80ade23647c12b196feceea54ade0474bdac78eef8969d8d4bd119af6cb7707b0a895116ea8399", 0x1f}, 0x60) ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, &(0x7f0000000100)={0x3, 0x7, 0xce1, 0x7, 0x99, 0x2, &(0x7f0000000000)="8d4bf58d253afd8660647d6f1386828ca2319efde18c2264070310b04bc54037556652859fd3209d28973d24e2045e54aa76db569a2bc4a76aeebb9de181d379919a4d138c0aaa20569c61976a0917d5fbad1111d247d1eccbf8460c64f8c49e23a954a9629d7d9bdcd3e6e133cdb6b7a63fa55c8c6b432fb947972d9f4a74550a0d7d0becded102af1270d26ed8743028f71a1ea13dfb2e68"}) 08:07:47 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 49) 08:07:47 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0xfbffffff}, 0x58) 08:07:47 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) syz_open_dev$usbfs(&(0x7f0000000000), 0x1009, 0x348101) (async) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) 08:07:47 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2}, 0x48) timer_delete(r0) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) timer_create(0x4, &(0x7f0000000180)={0x0, 0x25, 0x4, @thr={&(0x7f0000000280)="00aeef28cf518a9568f143148b3762ab94bcab42cd32b7aad10f56f6b55dfcaf6b09e9bacddd7cd0106aaf09dbd1a8e06ade73f61957b3d85e5f9b740f672e1e6b9ecbc8790608b239fda5b2e8fc6fabaa76c93dc67eb7b58054f83efaa9b4c04acf4679b50d7fc139121e78c527f5637289c9a4980ce910a0e4775034ab266c8e9df093b53ed3776a174520db6d3f037145c48b2654c725c8d51f34ab79370b7e412f32afa67ceef90bfdb889214adb22c982f0ee0ca43e59bea6f70fc73e02eec264a85d0624af7676dc310ad55510b3d7cd78356f8ddeb76fcd57b11af637f18ca6769b9afae1992b8af369f68987b4ffb8489675db2c379f352a1829f1caf40073f955a72544bf4b45097c3c436af18b5800a5b80ef6bda001588a7a9345f5f2221a9fc210cb922c07a37b6f8876f14d58b4c50c75a792c1a1739343137450e99fe440bd4a63eff4816f7f80c61b7c57013f9fdf21d96d7e19ec69c76d07756a72418a1a640798b612f4fd499910093c61a2c88e2fe7e8e27759d8d904d129687f9e4a182c4f5f70461bcdd415b012640ea477e15a935e2fff0551055bd4fe1ab9b01ccb831135c7471478a973dbddc7ff3de1e12d1902e607dd942f8d013950fa8bae85a0a2d10face32f1504968601e380c88cb1f8df66e9b13604df030585f8cb76e486dae89f89cf8d7517f21e7f9c1c30d3ef994686af6d5f3d769bce35b5f747970e97320646d29ee7465ad712f5ca97f1c8e9722255aa3a26ae64faddb55f953a5d52608f2ef47b7644859db86568e51b88aa7163775a469ebfda798ad7fc026e6ecd23c2a0b0d5e17f34245599f21b84032714e8d94833fd6dc6c96b7fd090297489cbb092a524cb7201c320ac407442c43516eeadc851f9f90519f2f72f7f445e405197ec522b81ba6eb09c5e99f6fef08baefae45582fbf2804ede2d88ab8093939004e2e701c1b1064bc757802fd38003652d0541be2d6abeaa2340b44a60a2662c205ecd048a93008b02f5929798954086485fe18f55829334779498be9b031b0f2486c41f76085049ca101f203d094eb007d33448c48095344db24bc2acc1e9a5443f398ea91898655026a403ecd56856d9fd559adde9351d3cbb53d0bca03f5f4e535f7f8f36613bc855ebce221815c12ee7e00f71ae3612432f0003dffc21d5fc57e150d02674da32d26e71de9aa56d59edb8dac6ab7335984eef9941c8c37259f2558477675f51216c25889e1f322acd081c1fb71168f3e53b4c03840d56621e912837da6fea5272a7bd3bf5ecf001f20a7f963ef60a5850809e564062e080306a64d648176fd7501dcc67cc5a0111a9f14bae6ec82770be09e29a93db19b97822038b573d73fb0cc508427a478a49a37a37a6085cbc680ba03fabc4e7f4b1cd642cb5a50694f8431b0c7a182e624a0e2ad7ca7b4b066b037b2deaa34f3f16f71c4cddbb9f5d5c338b932df0c6c3cfac21d3681cab52e960dbd529a48ea77703bc2c6b9f73703600bc83df81b480a549008a645e933ce73494cbcf54fd01b44afd74562664cdb6ae6060d3f27943a8846ab71fc76bf4aa90291a058075cdabb32b8c9f202082862a62e5e0622a3be5c7042c7c33db623c07810160e5f180c159c18393643dae20584e20678b2f7fbada78d8c7f6b5e9742a6eaa2baac30fb3a1a3df6015731a5ff2429c225a6876c859789d61430fe0db5720aef5db5626b1a44f151721708c481dfe7e245fc9f107664074fc845d5766f33c454da1ba992235f6a5b961770c58c6a4973e9b4f96ee9623e628a826557325cbc68c0dacbe672df52c997c8296cec383aa016ba6b56d1b38da79487a4a819de8d6f4cf56f2e42e79255dfb1c3655def3736dbfe515f0d7e44c82ee32a7e7ca997b1fe39dc3a52b0d20006cafdd07f853b409d9a3ae08887e4538d7bc981b68fa230d94db1e87e7bdf8613860d145d0342d06dae8cba6a909c66989553ebe417d33a281a18a8a382783bcb394162a91f24f2479fab2aea83ad1f4419a4ff25058510064ac047c12bbc9a8ed6a901c4798e088c54f3068a15a7da60c88a8b2aee2dcddeb1ddad0bbaffd14c9a26102477da84d140e80f3bac06fcc288963718369020232b62c10998f774f6c6eafca0eb0783a3992bc8c2cb48ce4af6bcf5dd965fbd8a07cd0c658faf92f3f18fea590f23292e70fbe685878a49b62a3f354d8a51e3edc85602d8f1ec332b7bb755647a62b503c599f965e65202db9b88442f61e9e3854b396e354049af188832bea02d713944d46e8d1cf03d89c4b731ae082253e585818b9a525d55c01d83519cca6fc2713d358abcba8ba26140c8a4a3120a65ed1948260cf63d67565ddf98c3e7bc55db5560146d38ac28ce250ef7c4bbe5dc2a4227aaffcab1c90f7580f51fe52b12c4479a75589e6cada9114e1152045619e60fe93fbe3942df99ec78f0ed31593c33e082602a2d4e72c30ef2bdf688349de8e3e95cfdab53e53d30ad7aabcbfa4d18e32b170068971566e0456e3d939b8db22fd49455e2f0c15a157c9cbc1a07588554016452a3ff65c3d3e20f356c53fe70ee80dc062b76d8fc60beeeb105356c97d08ce8cc76d031b478f0e2268938cf4cc0bd67bd58c031f81a5c6104be78d5c3a88eba22c063a2d4318ddf650b6c96421400cae15c7fb9c541ee242de642d27aaff0d85d5dd004fa47b22b6b6b47cf0f669c63cd944ce18223043df282494131db6aa7238b3b058639884e056d8f6e4415219a771e1abc3f8922df6749f73679b47d083387af05568b4f12ab9f975bec01f982e3c47df2b12f1e526e55572677948ca39a4ed5a9683f3054e5051483544df93b03bc958a4dfc50656705bd36e5789f04378148633956e59c9fb1510a5353b362e83c2521943d995722a721941a1722db1e7b8adb3222a007c79a37c5373731ae700d93d0a25e09f223bd36e8cfc1c69007b23273ab8506f606f7a5559fb3434df2657e55387b63fd930180bc62e5ec762a88a19e7ceed7423eab0e265fdb658b1fa2700696c5b16838643e95c4b30ff74068d6c97fef712361a83826b042f5f3b15f3a0330660f179fd5ddfcd2d50095c9b3f64fcd2dab586d547c2cc67d04c8dc63c4da1e1e6c36fe32eeb8a31883aeb7674ba480e6cad0d799addcbbfb40175a80dd7f22d9dcdbdd1b521889219cb63d7f76ef3389d3c16478bb344fcfba9999d7a62c0737c7f43ca15affd8c4625673bfd563af4cf425114ce1e7790d139edee95a47e8ca4bf581cac41541edc90c0154d9ce42d25eeb5b88b10793f346d114514b24b7ab239d3910d66ba5c9a76bcbbe7066efa51bf08a684b1fdcb91ec43b6b977fa4490fa2b1f144be48bada43a6897ae5357de9a1912e8f42dc477a42692b59fbb3f97b936c45f3938a514fb82f1f1833da88c4f6c48c62af84458f1622c741d32a2ede32289714d0073d3bc27a8180ee8c21582590c8951acd803ccdee99e5fe6a198eb016d62a4fc5453727994016990babfdc1426ac920ccb3d3650b372100e67f0ae8b71a6c187cacd3ad653a95d7b6d505384724ea618f25856a5a8a50f90247c7c643adb9fd1faa66de14c4dd3c558f85dd61cc0faf050a5ed9649e7c14ecd22c5b6f08735babf61547168dfea0c327dcf7951916b0274b70bcc08f478afd6134cd40a2bf389c2096e12fea0ab363f7f008924da43ab9aef4ab186138ce53401a730637af30986bbd564573cec0d699e5af64130b9811fc2db28fcbbb1f22ded50c48b2b2995a0f2298bdf4068c2e63f1333da40b3adacc0fbfc5c2ffba91e47af8a40b7522714ae596c8553afd682114d539ddfca4834a7b2e27e8e6b969f01eeb2721750800ba066756803862dd415bcd5b250c7a1b3ac056da1946bd6ecd04263570f08dd3dcab23cde1f090f067927c80ef411c6b72a084fcaf4dc63dc5ec951e1511bd368fbb5f1e50da1e16ada0251acfda706a14734341e9aefb4ab1c684004074b2c788b91640a032fd0ba7a2f3f50ce53f56ec0d7fd7f3fd218aaff3ba02e721afd1b401be2c376e7b14c12299360be6fef856ba20b8d60601eb2bfc3ca9fd3d7cff2bf5686afdc4e81b47653bbff82f184dabfa9c3fafcba78b229f676a38285d75eaf83f075999fdf171ba209509ca469c90e036e9f918be3741f12a54041fb0f47227cb6e3629df6fadd50560ff2b41db901f10f26fd4ef3677d3d6d67e8c356f6d9e21a7a2ce2c374391a009b664515f7afc6f82b08bec6c48d4c8035eb896db5af2ef65e24d113633c3d8b2982074d362e2ddfb1fc52acfdea9cb1395cf485997351b167d8dd9f785eb8d6db33fef4d735d99e9044f3427a56db6fb450fafb5a14c0c836882ba97488308eed97141769afdb44d71b1296c06806a1e512561dc3a8972aa6dcbb3f68fe83adeed48a0c5671e5c388d2070c2dc977646fff8f6996f34def596026b9171095df8b9ac42875e0569f6d702b1ba37a2c4443343cb1e52f3111a3e409edf681a347080e84fa8f697b8be5ee4876f264efad34432666723820020f4bc8cb6275a9377f83ed95ff92d303c97048d1f7a10eb4d003fb3bd98e66494b130ab892c1747e9e2069e318d202ded62c1e0fb1c5fea62bc5fbe507203ba53894cba505d8c026c1e898352db0ab8a255acdef5b13c67d427ca91cfb8f9bb23260d2d5be4a3d399104a4292c4b56d040d36f7ca166112bed2cb309943eab42a21671c758362b8dc07cf1aea85f82625ca15e177ab6eb889df67552e21cebb964e12b1810e8311595f7d80d48ccf7611f8340979e314f65fe09a8f3070c63cbd029b472e6301b2361160631b0ca276b894815d2d67f519ae7d7c63db3074561a29c40e695d2ba7d12972aaa71bd2cb15175fcb3ed3121d1b9220ca03baa4c3f02cca095881cf74f6ca332abd21543ae6370697a8a2640490b5753df55551883e017f1fc484a5d0d36c287d5fb83526046068bbce28837170024f8c8929cc37878750c362a53ce4f42d02ec5f30a8fdb37c4773fc4187e0168bcf8e057a9678fecc351c8cdab69d66ff79a621ded9fc2b081543953fbb8a422555a9b030f66d1fc2297e4b6bb67ad913341abb95b36d64a60dd3655a5b7607949e9a75dd655e1872eb5c153b742150aa443ab800ffb9db5b78d2803ac996a718a7c7280997e5f39fc22b9f657082a99fdfe8028e1abf30fc36c2ec8c29fcf735c12604671935df3b4f2895a060e3e32fbee30ec8e4c1c7db433014e9c73a09068b4ee5308e8d38e0db564b170de10a6442e6312206dd41209d9cd5fff80674ffb0dc99f20049d0f892a818a2005cce3d07fc8bfacf486f30b339477758ea14272736c052d95f5454ff4823e85d03f25851f87310e27a866c1ecfe9a1a0103926937a1fd140d9f26ff90dab56e50fd855552f7722bad30ff34954869db603ad96a3374f18437ebd5bb39e6fac77a56c48c38726d05ee3cfd1b3248a9b46292728d1848ccf4016f6a1506e20f15cb7849127e165708617b3c551e10d41a348591b3c03f3b1cc22efd888c4b7240e52b6e15b3a9bdd769be33a978c31f0782f5574d0692bed3244d0a818bc565f350604b650ababfc8d4efff52cc6c40468eab35a74dd04cd847b0fda8cd43ea7fb108976976fcba4a6a0757cea4549601d6dd1a4f37366f75ec3efec67cc0fe7a23e27e552cbe93c68b8de5245c0001dcbbeda3aa0d32cf040e972334f1c96732f2a1386c1de52932dee66b4203e1b35f56896232255a327e4d2a750757741b926a6d", &(0x7f0000000000)="1509b641c2700f907a1a00f5b75b54d834a84c8bae8d48f131dd93c6e996fd60402ef743e47df261781b6e32de7b7abc54ca0f307d66b209525c9c7803a563a1530b535bcf3934e155cafb8d17333541f3d6c0be984d3e8d1debbc3ef1a37c2c16de2ddade72af51c2df472ae40880c9b1b6b824a866e1cb8d2e7f87b5142998f8bfeef5aa6faee7b8e06a1c53caa9350c679115aa5b1eb4142023825c99507952cee04875fd678bd0d0ef84ea229214dbf79638aaa30379879bab9e2c70da18cf5f181a69"}}, &(0x7f00000001c0)=0x0) timer_delete(r1) [ 1015.176359][ T3665] FAULT_INJECTION: forcing a failure. [ 1015.176359][ T3665] name failslab, interval 1, probability 0, space 0, times 0 [ 1015.190698][ T3665] CPU: 0 PID: 3665 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1015.198942][ T3665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1015.208841][ T3665] Call Trace: [ 1015.211961][ T3665] [ 1015.214740][ T3665] dump_stack_lvl+0x151/0x1b7 [ 1015.219342][ T3665] ? bfq_pos_tree_add_move+0x43e/0x43e 08:07:47 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2}, 0x48) (async) timer_delete(r0) (async) timer_gettime(0x0, &(0x7f0000000240)) timer_create(0x4, &(0x7f0000000180)={0x0, 0x25, 0x4, @thr={&(0x7f0000000280)="00aeef28cf518a9568f143148b3762ab94bcab42cd32b7aad10f56f6b55dfcaf6b09e9bacddd7cd0106aaf09dbd1a8e06ade73f61957b3d85e5f9b740f672e1e6b9ecbc8790608b239fda5b2e8fc6fabaa76c93dc67eb7b58054f83efaa9b4c04acf4679b50d7fc139121e78c527f5637289c9a4980ce910a0e4775034ab266c8e9df093b53ed3776a174520db6d3f037145c48b2654c725c8d51f34ab79370b7e412f32afa67ceef90bfdb889214adb22c982f0ee0ca43e59bea6f70fc73e02eec264a85d0624af7676dc310ad55510b3d7cd78356f8ddeb76fcd57b11af637f18ca6769b9afae1992b8af369f68987b4ffb8489675db2c379f352a1829f1caf40073f955a72544bf4b45097c3c436af18b5800a5b80ef6bda001588a7a9345f5f2221a9fc210cb922c07a37b6f8876f14d58b4c50c75a792c1a1739343137450e99fe440bd4a63eff4816f7f80c61b7c57013f9fdf21d96d7e19ec69c76d07756a72418a1a640798b612f4fd499910093c61a2c88e2fe7e8e27759d8d904d129687f9e4a182c4f5f70461bcdd415b012640ea477e15a935e2fff0551055bd4fe1ab9b01ccb831135c7471478a973dbddc7ff3de1e12d1902e607dd942f8d013950fa8bae85a0a2d10face32f1504968601e380c88cb1f8df66e9b13604df030585f8cb76e486dae89f89cf8d7517f21e7f9c1c30d3ef994686af6d5f3d769bce35b5f747970e97320646d29ee7465ad712f5ca97f1c8e9722255aa3a26ae64faddb55f953a5d52608f2ef47b7644859db86568e51b88aa7163775a469ebfda798ad7fc026e6ecd23c2a0b0d5e17f34245599f21b84032714e8d94833fd6dc6c96b7fd090297489cbb092a524cb7201c320ac407442c43516eeadc851f9f90519f2f72f7f445e405197ec522b81ba6eb09c5e99f6fef08baefae45582fbf2804ede2d88ab8093939004e2e701c1b1064bc757802fd38003652d0541be2d6abeaa2340b44a60a2662c205ecd048a93008b02f5929798954086485fe18f55829334779498be9b031b0f2486c41f76085049ca101f203d094eb007d33448c48095344db24bc2acc1e9a5443f398ea91898655026a403ecd56856d9fd559adde9351d3cbb53d0bca03f5f4e535f7f8f36613bc855ebce221815c12ee7e00f71ae3612432f0003dffc21d5fc57e150d02674da32d26e71de9aa56d59edb8dac6ab7335984eef9941c8c37259f2558477675f51216c25889e1f322acd081c1fb71168f3e53b4c03840d56621e912837da6fea5272a7bd3bf5ecf001f20a7f963ef60a5850809e564062e080306a64d648176fd7501dcc67cc5a0111a9f14bae6ec82770be09e29a93db19b97822038b573d73fb0cc508427a478a49a37a37a6085cbc680ba03fabc4e7f4b1cd642cb5a50694f8431b0c7a182e624a0e2ad7ca7b4b066b037b2deaa34f3f16f71c4cddbb9f5d5c338b932df0c6c3cfac21d3681cab52e960dbd529a48ea77703bc2c6b9f73703600bc83df81b480a549008a645e933ce73494cbcf54fd01b44afd74562664cdb6ae6060d3f27943a8846ab71fc76bf4aa90291a058075cdabb32b8c9f202082862a62e5e0622a3be5c7042c7c33db623c07810160e5f180c159c18393643dae20584e20678b2f7fbada78d8c7f6b5e9742a6eaa2baac30fb3a1a3df6015731a5ff2429c225a6876c859789d61430fe0db5720aef5db5626b1a44f151721708c481dfe7e245fc9f107664074fc845d5766f33c454da1ba992235f6a5b961770c58c6a4973e9b4f96ee9623e628a826557325cbc68c0dacbe672df52c997c8296cec383aa016ba6b56d1b38da79487a4a819de8d6f4cf56f2e42e79255dfb1c3655def3736dbfe515f0d7e44c82ee32a7e7ca997b1fe39dc3a52b0d20006cafdd07f853b409d9a3ae08887e4538d7bc981b68fa230d94db1e87e7bdf8613860d145d0342d06dae8cba6a909c66989553ebe417d33a281a18a8a382783bcb394162a91f24f2479fab2aea83ad1f4419a4ff25058510064ac047c12bbc9a8ed6a901c4798e088c54f3068a15a7da60c88a8b2aee2dcddeb1ddad0bbaffd14c9a26102477da84d140e80f3bac06fcc288963718369020232b62c10998f774f6c6eafca0eb0783a3992bc8c2cb48ce4af6bcf5dd965fbd8a07cd0c658faf92f3f18fea590f23292e70fbe685878a49b62a3f354d8a51e3edc85602d8f1ec332b7bb755647a62b503c599f965e65202db9b88442f61e9e3854b396e354049af188832bea02d713944d46e8d1cf03d89c4b731ae082253e585818b9a525d55c01d83519cca6fc2713d358abcba8ba26140c8a4a3120a65ed1948260cf63d67565ddf98c3e7bc55db5560146d38ac28ce250ef7c4bbe5dc2a4227aaffcab1c90f7580f51fe52b12c4479a75589e6cada9114e1152045619e60fe93fbe3942df99ec78f0ed31593c33e082602a2d4e72c30ef2bdf688349de8e3e95cfdab53e53d30ad7aabcbfa4d18e32b170068971566e0456e3d939b8db22fd49455e2f0c15a157c9cbc1a07588554016452a3ff65c3d3e20f356c53fe70ee80dc062b76d8fc60beeeb105356c97d08ce8cc76d031b478f0e2268938cf4cc0bd67bd58c031f81a5c6104be78d5c3a88eba22c063a2d4318ddf650b6c96421400cae15c7fb9c541ee242de642d27aaff0d85d5dd004fa47b22b6b6b47cf0f669c63cd944ce18223043df282494131db6aa7238b3b058639884e056d8f6e4415219a771e1abc3f8922df6749f73679b47d083387af05568b4f12ab9f975bec01f982e3c47df2b12f1e526e55572677948ca39a4ed5a9683f3054e5051483544df93b03bc958a4dfc50656705bd36e5789f04378148633956e59c9fb1510a5353b362e83c2521943d995722a721941a1722db1e7b8adb3222a007c79a37c5373731ae700d93d0a25e09f223bd36e8cfc1c69007b23273ab8506f606f7a5559fb3434df2657e55387b63fd930180bc62e5ec762a88a19e7ceed7423eab0e265fdb658b1fa2700696c5b16838643e95c4b30ff74068d6c97fef712361a83826b042f5f3b15f3a0330660f179fd5ddfcd2d50095c9b3f64fcd2dab586d547c2cc67d04c8dc63c4da1e1e6c36fe32eeb8a31883aeb7674ba480e6cad0d799addcbbfb40175a80dd7f22d9dcdbdd1b521889219cb63d7f76ef3389d3c16478bb344fcfba9999d7a62c0737c7f43ca15affd8c4625673bfd563af4cf425114ce1e7790d139edee95a47e8ca4bf581cac41541edc90c0154d9ce42d25eeb5b88b10793f346d114514b24b7ab239d3910d66ba5c9a76bcbbe7066efa51bf08a684b1fdcb91ec43b6b977fa4490fa2b1f144be48bada43a6897ae5357de9a1912e8f42dc477a42692b59fbb3f97b936c45f3938a514fb82f1f1833da88c4f6c48c62af84458f1622c741d32a2ede32289714d0073d3bc27a8180ee8c21582590c8951acd803ccdee99e5fe6a198eb016d62a4fc5453727994016990babfdc1426ac920ccb3d3650b372100e67f0ae8b71a6c187cacd3ad653a95d7b6d505384724ea618f25856a5a8a50f90247c7c643adb9fd1faa66de14c4dd3c558f85dd61cc0faf050a5ed9649e7c14ecd22c5b6f08735babf61547168dfea0c327dcf7951916b0274b70bcc08f478afd6134cd40a2bf389c2096e12fea0ab363f7f008924da43ab9aef4ab186138ce53401a730637af30986bbd564573cec0d699e5af64130b9811fc2db28fcbbb1f22ded50c48b2b2995a0f2298bdf4068c2e63f1333da40b3adacc0fbfc5c2ffba91e47af8a40b7522714ae596c8553afd682114d539ddfca4834a7b2e27e8e6b969f01eeb2721750800ba066756803862dd415bcd5b250c7a1b3ac056da1946bd6ecd04263570f08dd3dcab23cde1f090f067927c80ef411c6b72a084fcaf4dc63dc5ec951e1511bd368fbb5f1e50da1e16ada0251acfda706a14734341e9aefb4ab1c684004074b2c788b91640a032fd0ba7a2f3f50ce53f56ec0d7fd7f3fd218aaff3ba02e721afd1b401be2c376e7b14c12299360be6fef856ba20b8d60601eb2bfc3ca9fd3d7cff2bf5686afdc4e81b47653bbff82f184dabfa9c3fafcba78b229f676a38285d75eaf83f075999fdf171ba209509ca469c90e036e9f918be3741f12a54041fb0f47227cb6e3629df6fadd50560ff2b41db901f10f26fd4ef3677d3d6d67e8c356f6d9e21a7a2ce2c374391a009b664515f7afc6f82b08bec6c48d4c8035eb896db5af2ef65e24d113633c3d8b2982074d362e2ddfb1fc52acfdea9cb1395cf485997351b167d8dd9f785eb8d6db33fef4d735d99e9044f3427a56db6fb450fafb5a14c0c836882ba97488308eed97141769afdb44d71b1296c06806a1e512561dc3a8972aa6dcbb3f68fe83adeed48a0c5671e5c388d2070c2dc977646fff8f6996f34def596026b9171095df8b9ac42875e0569f6d702b1ba37a2c4443343cb1e52f3111a3e409edf681a347080e84fa8f697b8be5ee4876f264efad34432666723820020f4bc8cb6275a9377f83ed95ff92d303c97048d1f7a10eb4d003fb3bd98e66494b130ab892c1747e9e2069e318d202ded62c1e0fb1c5fea62bc5fbe507203ba53894cba505d8c026c1e898352db0ab8a255acdef5b13c67d427ca91cfb8f9bb23260d2d5be4a3d399104a4292c4b56d040d36f7ca166112bed2cb309943eab42a21671c758362b8dc07cf1aea85f82625ca15e177ab6eb889df67552e21cebb964e12b1810e8311595f7d80d48ccf7611f8340979e314f65fe09a8f3070c63cbd029b472e6301b2361160631b0ca276b894815d2d67f519ae7d7c63db3074561a29c40e695d2ba7d12972aaa71bd2cb15175fcb3ed3121d1b9220ca03baa4c3f02cca095881cf74f6ca332abd21543ae6370697a8a2640490b5753df55551883e017f1fc484a5d0d36c287d5fb83526046068bbce28837170024f8c8929cc37878750c362a53ce4f42d02ec5f30a8fdb37c4773fc4187e0168bcf8e057a9678fecc351c8cdab69d66ff79a621ded9fc2b081543953fbb8a422555a9b030f66d1fc2297e4b6bb67ad913341abb95b36d64a60dd3655a5b7607949e9a75dd655e1872eb5c153b742150aa443ab800ffb9db5b78d2803ac996a718a7c7280997e5f39fc22b9f657082a99fdfe8028e1abf30fc36c2ec8c29fcf735c12604671935df3b4f2895a060e3e32fbee30ec8e4c1c7db433014e9c73a09068b4ee5308e8d38e0db564b170de10a6442e6312206dd41209d9cd5fff80674ffb0dc99f20049d0f892a818a2005cce3d07fc8bfacf486f30b339477758ea14272736c052d95f5454ff4823e85d03f25851f87310e27a866c1ecfe9a1a0103926937a1fd140d9f26ff90dab56e50fd855552f7722bad30ff34954869db603ad96a3374f18437ebd5bb39e6fac77a56c48c38726d05ee3cfd1b3248a9b46292728d1848ccf4016f6a1506e20f15cb7849127e165708617b3c551e10d41a348591b3c03f3b1cc22efd888c4b7240e52b6e15b3a9bdd769be33a978c31f0782f5574d0692bed3244d0a818bc565f350604b650ababfc8d4efff52cc6c40468eab35a74dd04cd847b0fda8cd43ea7fb108976976fcba4a6a0757cea4549601d6dd1a4f37366f75ec3efec67cc0fe7a23e27e552cbe93c68b8de5245c0001dcbbeda3aa0d32cf040e972334f1c96732f2a1386c1de52932dee66b4203e1b35f56896232255a327e4d2a750757741b926a6d", &(0x7f0000000000)="1509b641c2700f907a1a00f5b75b54d834a84c8bae8d48f131dd93c6e996fd60402ef743e47df261781b6e32de7b7abc54ca0f307d66b209525c9c7803a563a1530b535bcf3934e155cafb8d17333541f3d6c0be984d3e8d1debbc3ef1a37c2c16de2ddade72af51c2df472ae40880c9b1b6b824a866e1cb8d2e7f87b5142998f8bfeef5aa6faee7b8e06a1c53caa9350c679115aa5b1eb4142023825c99507952cee04875fd678bd0d0ef84ea229214dbf79638aaa30379879bab9e2c70da18cf5f181a69"}}, &(0x7f00000001c0)=0x0) timer_delete(r1) 08:07:47 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) fsconfig$FSCONFIG_SET_FLAG(0xffffffffffffffff, 0x0, &(0x7f0000000000)='posixacl\x00', 0x0, 0x0) 08:07:47 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) fsconfig$FSCONFIG_SET_FLAG(0xffffffffffffffff, 0x0, &(0x7f0000000000)='posixacl\x00', 0x0, 0x0) [ 1015.224639][ T3665] dump_stack+0x15/0x17 [ 1015.228624][ T3665] should_fail+0x3c0/0x510 [ 1015.232878][ T3665] __should_failslab+0x9f/0xe0 [ 1015.237479][ T3665] should_failslab+0x9/0x20 [ 1015.241818][ T3665] kmem_cache_alloc+0x4f/0x2f0 [ 1015.246425][ T3665] ? vm_area_dup+0x26/0x1d0 [ 1015.250877][ T3665] ? __kasan_check_read+0x11/0x20 [ 1015.255733][ T3665] vm_area_dup+0x26/0x1d0 [ 1015.259899][ T3665] dup_mmap+0x6b8/0xea0 [ 1015.263896][ T3665] ? __delayed_free_task+0x20/0x20 [ 1015.268838][ T3665] ? mm_init+0x807/0x960 [ 1015.272921][ T3665] dup_mm+0x91/0x330 [ 1015.276651][ T3665] copy_mm+0x108/0x1b0 [ 1015.280560][ T3665] copy_process+0x1295/0x3250 [ 1015.285073][ T3665] ? check_stack_object+0xf7/0x130 [ 1015.290016][ T3665] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1015.294963][ T3665] ? copy_clone_args_from_user+0x6cf/0x790 [ 1015.300608][ T3665] kernel_clone+0x22d/0x990 [ 1015.304944][ T3665] ? dup_mmap+0xea0/0xea0 [ 1015.309108][ T3665] ? create_io_thread+0x1e0/0x1e0 [ 1015.313980][ T3665] ? file_end_write+0x1b0/0x1b0 [ 1015.318660][ T3665] __x64_sys_clone3+0x375/0x3a0 [ 1015.323348][ T3665] ? __ia32_sys_clone+0x300/0x300 [ 1015.328296][ T3665] ? ksys_write+0x25f/0x2c0 [ 1015.332634][ T3665] ? debug_smp_processor_id+0x17/0x20 [ 1015.337844][ T3665] do_syscall_64+0x44/0xd0 [ 1015.342095][ T3665] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1015.347820][ T3665] RIP: 0033:0x7f495fdbc639 [ 1015.352078][ T3665] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 08:07:47 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) fsconfig$FSCONFIG_SET_FLAG(0xffffffffffffffff, 0x0, &(0x7f0000000000)='posixacl\x00', 0x0, 0x0) 08:07:47 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(r0, &(0x7f0000000000)) timer_gettime(0x0, &(0x7f0000000240)) 08:07:47 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) r2 = fsmount(r1, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r2, 0x80045519, &(0x7f0000000180)=0x100) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(r3, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) read$usbfs(r3, &(0x7f0000000100)=""/81, 0x51) pipe(&(0x7f0000005540)) 08:07:47 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(r0, &(0x7f0000000000)) (async, rerun: 64) timer_gettime(0x0, &(0x7f0000000240)) (rerun: 64) 08:07:47 executing program 5: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) r2 = fsmount(r1, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r2, 0x80045519, &(0x7f0000000180)=0x100) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(r3, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) read$usbfs(r3, &(0x7f0000000100)=""/81, 0x51) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r4, 0x0, 0x0) 08:07:47 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 50) 08:07:47 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(r0, &(0x7f0000000000)) timer_gettime(0x0, &(0x7f0000000240)) 08:07:47 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0xfffffff5}, 0x58) 08:07:47 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) syz_open_dev$usbfs(&(0x7f0000000000), 0x1009, 0x348101) (async) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) [ 1015.371521][ T3665] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1015.379762][ T3665] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1015.387572][ T3665] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1015.395472][ T3665] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1015.403283][ T3665] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1015.411091][ T3665] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1015.418908][ T3665] 08:07:48 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) 08:07:48 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0xfffffffb}, 0x58) 08:07:48 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x100000800}, 0x58) [ 1015.480134][ T3722] FAULT_INJECTION: forcing a failure. [ 1015.480134][ T3722] name failslab, interval 1, probability 0, space 0, times 0 [ 1015.519588][ T3722] CPU: 1 PID: 3722 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 08:07:48 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async) openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) 08:07:48 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1b0ce1f000}, 0x58) 08:07:48 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) r2 = fsmount(r1, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r2, 0x80045519, &(0x7f0000000180)=0x100) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(r3, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) read$usbfs(r3, &(0x7f0000000100)=""/81, 0x51) pipe(&(0x7f0000005540)) 08:07:48 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async) openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) (async) 08:07:48 executing program 5: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) r2 = fsmount(r1, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r2, 0x80045519, &(0x7f0000000180)=0x100) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(r3, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) read$usbfs(r3, &(0x7f0000000100)=""/81, 0x51) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r4, 0x0, 0x0) [ 1015.527845][ T3722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1015.537741][ T3722] Call Trace: [ 1015.540863][ T3722] [ 1015.543639][ T3722] dump_stack_lvl+0x151/0x1b7 [ 1015.548154][ T3722] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1015.553550][ T3722] dump_stack+0x15/0x17 [ 1015.557540][ T3722] should_fail+0x3c0/0x510 [ 1015.561799][ T3722] __should_failslab+0x9f/0xe0 [ 1015.566392][ T3722] should_failslab+0x9/0x20 [ 1015.570733][ T3722] kmem_cache_alloc+0x4f/0x2f0 [ 1015.575331][ T3722] ? vm_area_dup+0x26/0x1d0 [ 1015.579670][ T3722] vm_area_dup+0x26/0x1d0 [ 1015.583836][ T3722] dup_mmap+0x6b8/0xea0 [ 1015.587829][ T3722] ? __delayed_free_task+0x20/0x20 [ 1015.592777][ T3722] ? mm_init+0x807/0x960 [ 1015.596862][ T3722] dup_mm+0x91/0x330 [ 1015.600591][ T3722] copy_mm+0x108/0x1b0 [ 1015.604494][ T3722] copy_process+0x1295/0x3250 [ 1015.609009][ T3722] ? check_stack_object+0xf7/0x130 [ 1015.613953][ T3722] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1015.618900][ T3722] ? copy_clone_args_from_user+0x6cf/0x790 [ 1015.624544][ T3722] kernel_clone+0x22d/0x990 [ 1015.628880][ T3722] ? dup_mmap+0xea0/0xea0 [ 1015.633049][ T3722] ? create_io_thread+0x1e0/0x1e0 [ 1015.637909][ T3722] ? file_end_write+0x1b0/0x1b0 [ 1015.642596][ T3722] __x64_sys_clone3+0x375/0x3a0 [ 1015.647281][ T3722] ? __ia32_sys_clone+0x300/0x300 [ 1015.652147][ T3722] ? ksys_write+0x25f/0x2c0 [ 1015.656484][ T3722] ? debug_smp_processor_id+0x17/0x20 [ 1015.661690][ T3722] do_syscall_64+0x44/0xd0 [ 1015.665939][ T3722] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1015.671665][ T3722] RIP: 0033:0x7f495fdbc639 [ 1015.675921][ T3722] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1015.695362][ T3722] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1015.703607][ T3722] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1015.711418][ T3722] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1015.719228][ T3722] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 08:07:48 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 51) 08:07:48 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_create(0x3, &(0x7f0000000040)={0x0, 0x2d, 0x0, @thr={&(0x7f00000003c0)="f8bdd30a07c60d8291a4e6cd640dc97422acf094dec58ed51f29cc36121dd232a792d3d6fc37a4467c1bbd8a5a845041a35a946133ddfd4cef03c1ed734d098f157246ae0694822cc444208fd65eef20d76ce382256841839e9c66be1cba4646ecb4df9ce8950902e841a053dac7c445ceea402578ed735476f8cdd5c0e1", &(0x7f0000000440)="84c9e215a0487afcc4272ab84ddaa4b051300871eb4f6c68f1f47343d5e47416d20070b9cac8bdc6c241d4cd065edfe98f9cf8d4a3130d1e6afd245c6bd91d3fb5b659a9d35c51e6747f1e22bd0365b216785ac005130d4d936b8d4e4f0c05f8953ce948e766a9f319ae225706f1ebf6480a449afe829b136bb6aaf41809dee37e117afb49543f7c89ac0a0aeaecb6dccbf8c83a03ba296a3323308160ac5868b0516a93dd302eaedf15bb5a9a1c6d0a392815ce7dfb9ff350c1d3793e28afd9185a70fdcefd0e296b63d15a77be8311f54a81aa7e5ff4add92768782ac40e872d219fa421b3f132e052f4d63c83ff408c1ffd594012e76977"}}, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_PROBE(0xffffffffffffffff, 0x8, &(0x7f0000000380)=ANY=[@ANYBLOB="000000bc791500000000507f45cb00000000000000"], 0x2) timer_create(0x6, &(0x7f0000000640)={0x0, 0x17}, &(0x7f0000000600)=0x0) timer_delete(r0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = syz_clone3(&(0x7f0000002440)={0x0, &(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)=0x0, {0x21}, &(0x7f0000002240)=""/216, 0xd8, &(0x7f0000002340)=""/129, &(0x7f0000002400)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2, {r2}}, 0x58) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[r4, r3, 0x0], 0x3}, 0x58) timer_create(0x2, &(0x7f0000000540)={0x0, 0x1, 0x2, @tid=r3}, &(0x7f0000000580)=0x0) timer_gettime(r5, &(0x7f00000005c0)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r6) timer_create(0x5, &(0x7f00000000c0)={0x0, 0x13, 0x2, @thr={&(0x7f0000000140)="e0038b657267d2130aca3d62054bab4df0809592e8147dd0b8778a056902859dda43a30f1807dcfac152ea68bd78d7d745356539763f0858f3d4046f23487c1b0ee061700f04ba", &(0x7f00000001c0)="f33f948490c0accc5a201cc1ea91957411465f4c47fbb117e9840788fd9e375d2f76c18893b178c8e22360359fc24326e4554cb32635c83eacc34ae4dbc7793ec1f3075521b305e1b6d913866d603140e9ad52ba741db4f7ca8df4d40bcc13125e3aca06c2ed9f171517725305e8acf11eb0f66d3949564bb5b0d52a63ec11bc2c2f343a3bd2f9282c32e51972f9ddbba3305fcf1f1fce84cc6805cac6c082a2b79386e8c890c9808197a007d90a4600a5a19deef88c2e034ebad7c6ede357f984c4c6e29aa25467a4cfde71a61cc6c2e8c96003b5cbb0b0e12305960da9747667a39b462cd5301f16a106"}}, &(0x7f00000002c0)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r7) timer_gettime(r7, &(0x7f0000000000)) 08:07:48 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x2a68e9edb000}, 0x58) 08:07:48 executing program 0: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) connect$bt_sco(r0, &(0x7f00000000c0), 0x8) r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x9, 0x22c01) read$usbfs(r1, &(0x7f0000000100)=""/194, 0xc2) [ 1015.727041][ T3722] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1015.734852][ T3722] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1015.742666][ T3722] 08:07:48 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x553a26dc6000}, 0x58) 08:07:48 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) r2 = fsmount(r1, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r2, 0x80045519, &(0x7f0000000180)=0x100) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(r3, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) read$usbfs(r3, &(0x7f0000000100)=""/81, 0x51) pipe(&(0x7f0000005540)) 08:07:48 executing program 0: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) (async) connect$bt_sco(r0, &(0x7f00000000c0), 0x8) (async) r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x9, 0x22c01) read$usbfs(r1, &(0x7f0000000100)=""/194, 0xc2) [ 1015.772240][ T3746] FAULT_INJECTION: forcing a failure. [ 1015.772240][ T3746] name failslab, interval 1, probability 0, space 0, times 0 [ 1015.811643][ T3746] CPU: 1 PID: 3746 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 08:07:48 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, 0x0) 08:07:48 executing program 0: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) (async) connect$bt_sco(r0, &(0x7f00000000c0), 0x8) r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x9, 0x22c01) read$usbfs(r1, &(0x7f0000000100)=""/194, 0xc2) 08:07:48 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, 0x0) 08:07:48 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(0x0) (fail_nth: 1) 08:07:48 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) syz_open_dev$hiddev(&(0x7f0000000000), 0xcf5, 0x804042) [ 1015.819894][ T3746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1015.829795][ T3746] Call Trace: [ 1015.832910][ T3746] [ 1015.835690][ T3746] dump_stack_lvl+0x151/0x1b7 [ 1015.840384][ T3746] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1015.845671][ T3746] dump_stack+0x15/0x17 [ 1015.849662][ T3746] should_fail+0x3c0/0x510 [ 1015.853920][ T3746] __should_failslab+0x9f/0xe0 [ 1015.858532][ T3746] should_failslab+0x9/0x20 [ 1015.862858][ T3746] kmem_cache_alloc+0x4f/0x2f0 [ 1015.867454][ T3746] ? anon_vma_fork+0x1b9/0x4f0 [ 1015.871289][ T3768] FAULT_INJECTION: forcing a failure. [ 1015.871289][ T3768] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1015.872051][ T3746] anon_vma_fork+0x1b9/0x4f0 [ 1015.889330][ T3746] dup_mmap+0x750/0xea0 [ 1015.893324][ T3746] ? __delayed_free_task+0x20/0x20 [ 1015.898269][ T3746] ? mm_init+0x807/0x960 [ 1015.902345][ T3746] dup_mm+0x91/0x330 [ 1015.906077][ T3746] copy_mm+0x108/0x1b0 [ 1015.909983][ T3746] copy_process+0x1295/0x3250 [ 1015.914499][ T3746] ? check_stack_object+0xf7/0x130 [ 1015.919443][ T3746] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1015.924391][ T3746] ? copy_clone_args_from_user+0x6cf/0x790 [ 1015.930039][ T3746] kernel_clone+0x22d/0x990 [ 1015.934370][ T3746] ? dup_mmap+0xea0/0xea0 [ 1015.938536][ T3746] ? create_io_thread+0x1e0/0x1e0 [ 1015.943397][ T3746] ? file_end_write+0x1b0/0x1b0 [ 1015.948086][ T3746] __x64_sys_clone3+0x375/0x3a0 [ 1015.952770][ T3746] ? __ia32_sys_clone+0x300/0x300 [ 1015.957633][ T3746] ? ksys_write+0x25f/0x2c0 [ 1015.961972][ T3746] ? debug_smp_processor_id+0x17/0x20 [ 1015.967181][ T3746] do_syscall_64+0x44/0xd0 [ 1015.971433][ T3746] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1015.977161][ T3746] RIP: 0033:0x7f495fdbc639 [ 1015.981499][ T3746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1016.000943][ T3746] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1016.009189][ T3746] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1016.016997][ T3746] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1016.024819][ T3746] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1016.032620][ T3746] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1016.040433][ T3746] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1016.048248][ T3746] [ 1016.051112][ T3768] CPU: 0 PID: 3768 Comm: syz-executor.5 Not tainted 5.15.74-syzkaller #0 [ 1016.059358][ T3768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1016.065901][ T3775] FAULT_INJECTION: forcing a failure. [ 1016.065901][ T3775] name failslab, interval 1, probability 0, space 0, times 0 [ 1016.069257][ T3768] Call Trace: [ 1016.069266][ T3768] [ 1016.069273][ T3768] dump_stack_lvl+0x151/0x1b7 [ 1016.092078][ T3768] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1016.097370][ T3768] ? __kasan_record_aux_stack+0xd3/0xf0 [ 1016.102750][ T3768] ? call_rcu+0x140/0x1400 [ 1016.107001][ T3768] ? __se_sys_timer_delete+0x4e2/0x550 [ 1016.112297][ T3768] ? __x64_sys_timer_delete+0x38/0x40 [ 1016.117505][ T3768] dump_stack+0x15/0x17 [ 1016.121497][ T3768] should_fail+0x3c0/0x510 [ 1016.125750][ T3768] should_fail_usercopy+0x1a/0x20 [ 1016.130611][ T3768] _copy_to_user+0x20/0x90 [ 1016.134863][ T3768] simple_read_from_buffer+0xdd/0x160 [ 1016.140073][ T3768] proc_fail_nth_read+0x1af/0x220 [ 1016.144930][ T3768] ? proc_fault_inject_write+0x3a0/0x3a0 [ 1016.150401][ T3768] ? security_file_permission+0x497/0x5f0 [ 1016.155954][ T3768] ? proc_fault_inject_write+0x3a0/0x3a0 [ 1016.161421][ T3768] vfs_read+0x299/0xd80 [ 1016.165417][ T3768] ? __kasan_check_read+0x11/0x20 [ 1016.170275][ T3768] ? kernel_read+0x1f0/0x1f0 [ 1016.174703][ T3768] ? __kasan_check_write+0x14/0x20 [ 1016.179659][ T3768] ? mutex_lock+0xb6/0x130 [ 1016.183905][ T3768] ? wait_for_completion_killable_timeout+0x10/0x10 [ 1016.190325][ T3768] ? __fdget_pos+0x26d/0x310 [ 1016.194752][ T3768] ? ksys_read+0x77/0x2c0 [ 1016.198917][ T3768] ksys_read+0x198/0x2c0 [ 1016.202997][ T3768] ? vfs_write+0x1050/0x1050 [ 1016.207425][ T3768] ? debug_smp_processor_id+0x17/0x20 [ 1016.212634][ T3768] __x64_sys_read+0x7b/0x90 [ 1016.216972][ T3768] do_syscall_64+0x44/0xd0 [ 1016.221225][ T3768] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1016.226949][ T3768] RIP: 0033:0x7f3dbd51d37c [ 1016.231205][ T3768] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 1016.250646][ T3768] RSP: 002b:00007f3dbc2df160 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1016.258998][ T3768] RAX: ffffffffffffffda RBX: 00007f3dbd68bf80 RCX: 00007f3dbd51d37c [ 1016.266803][ T3768] RDX: 000000000000000f RSI: 00007f3dbc2df1e0 RDI: 0000000000000003 08:07:48 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 52) [ 1016.274617][ T3768] RBP: 00007f3dbc2df1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1016.282424][ T3768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1016.290236][ T3768] R13: 00007ffd4154079f R14: 00007f3dbc2df300 R15: 0000000000022000 [ 1016.298051][ T3768] [ 1016.300915][ T3775] CPU: 1 PID: 3775 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1016.309159][ T3775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1016.319053][ T3775] Call Trace: [ 1016.322176][ T3775] [ 1016.324956][ T3775] dump_stack_lvl+0x151/0x1b7 [ 1016.329486][ T3775] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1016.334762][ T3775] ? vma_interval_tree_augment_rotate+0x210/0x210 [ 1016.341011][ T3775] dump_stack+0x15/0x17 [ 1016.345004][ T3775] should_fail+0x3c0/0x510 [ 1016.349257][ T3775] __should_failslab+0x9f/0xe0 [ 1016.353857][ T3775] should_failslab+0x9/0x20 [ 1016.358196][ T3775] kmem_cache_alloc+0x4f/0x2f0 [ 1016.362797][ T3775] ? anon_vma_fork+0xf7/0x4f0 [ 1016.367311][ T3775] anon_vma_fork+0xf7/0x4f0 [ 1016.371649][ T3775] ? anon_vma_name+0x4c/0x70 [ 1016.376076][ T3775] dup_mmap+0x750/0xea0 [ 1016.380069][ T3775] ? __delayed_free_task+0x20/0x20 [ 1016.385022][ T3775] ? mm_init+0x807/0x960 [ 1016.389094][ T3775] dup_mm+0x91/0x330 [ 1016.392829][ T3775] copy_mm+0x108/0x1b0 [ 1016.396739][ T3775] copy_process+0x1295/0x3250 [ 1016.401248][ T3775] ? check_stack_object+0xf7/0x130 [ 1016.406194][ T3775] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1016.411141][ T3775] ? copy_clone_args_from_user+0x6cf/0x790 [ 1016.416782][ T3775] kernel_clone+0x22d/0x990 [ 1016.421121][ T3775] ? dup_mmap+0xea0/0xea0 [ 1016.425286][ T3775] ? create_io_thread+0x1e0/0x1e0 [ 1016.430147][ T3775] ? file_end_write+0x1b0/0x1b0 [ 1016.434834][ T3775] __x64_sys_clone3+0x375/0x3a0 [ 1016.439521][ T3775] ? __ia32_sys_clone+0x300/0x300 [ 1016.444392][ T3775] ? ksys_write+0x25f/0x2c0 [ 1016.448735][ T3775] ? debug_smp_processor_id+0x17/0x20 [ 1016.453935][ T3775] do_syscall_64+0x44/0xd0 [ 1016.458184][ T3775] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1016.463913][ T3775] RIP: 0033:0x7f495fdbc639 [ 1016.468167][ T3775] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1016.487607][ T3775] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1016.495853][ T3775] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1016.503662][ T3775] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1016.511473][ T3775] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 08:07:49 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_create(0x3, &(0x7f0000000040)={0x0, 0x2d, 0x0, @thr={&(0x7f00000003c0)="f8bdd30a07c60d8291a4e6cd640dc97422acf094dec58ed51f29cc36121dd232a792d3d6fc37a4467c1bbd8a5a845041a35a946133ddfd4cef03c1ed734d098f157246ae0694822cc444208fd65eef20d76ce382256841839e9c66be1cba4646ecb4df9ce8950902e841a053dac7c445ceea402578ed735476f8cdd5c0e1", &(0x7f0000000440)="84c9e215a0487afcc4272ab84ddaa4b051300871eb4f6c68f1f47343d5e47416d20070b9cac8bdc6c241d4cd065edfe98f9cf8d4a3130d1e6afd245c6bd91d3fb5b659a9d35c51e6747f1e22bd0365b216785ac005130d4d936b8d4e4f0c05f8953ce948e766a9f319ae225706f1ebf6480a449afe829b136bb6aaf41809dee37e117afb49543f7c89ac0a0aeaecb6dccbf8c83a03ba296a3323308160ac5868b0516a93dd302eaedf15bb5a9a1c6d0a392815ce7dfb9ff350c1d3793e28afd9185a70fdcefd0e296b63d15a77be8311f54a81aa7e5ff4add92768782ac40e872d219fa421b3f132e052f4d63c83ff408c1ffd594012e76977"}}, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_PROBE(0xffffffffffffffff, 0x8, &(0x7f0000000380)=ANY=[@ANYBLOB="000000bc791500000000507f45cb00000000000000"], 0x2) timer_create(0x6, &(0x7f0000000640)={0x0, 0x17}, &(0x7f0000000600)=0x0) timer_delete(r0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = syz_clone3(&(0x7f0000002440)={0x0, &(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)=0x0, {0x21}, &(0x7f0000002240)=""/216, 0xd8, &(0x7f0000002340)=""/129, &(0x7f0000002400)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2, {r2}}, 0x58) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[r4, r3, 0x0], 0x3}, 0x58) timer_create(0x2, &(0x7f0000000540)={0x0, 0x1, 0x2, @tid=r3}, &(0x7f0000000580)=0x0) timer_gettime(r5, &(0x7f00000005c0)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r6) timer_create(0x5, &(0x7f00000000c0)={0x0, 0x13, 0x2, @thr={&(0x7f0000000140)="e0038b657267d2130aca3d62054bab4df0809592e8147dd0b8778a056902859dda43a30f1807dcfac152ea68bd78d7d745356539763f0858f3d4046f23487c1b0ee061700f04ba", &(0x7f00000001c0)="f33f948490c0accc5a201cc1ea91957411465f4c47fbb117e9840788fd9e375d2f76c18893b178c8e22360359fc24326e4554cb32635c83eacc34ae4dbc7793ec1f3075521b305e1b6d913866d603140e9ad52ba741db4f7ca8df4d40bcc13125e3aca06c2ed9f171517725305e8acf11eb0f66d3949564bb5b0d52a63ec11bc2c2f343a3bd2f9282c32e51972f9ddbba3305fcf1f1fce84cc6805cac6c082a2b79386e8c890c9808197a007d90a4600a5a19deef88c2e034ebad7c6ede357f984c4c6e29aa25467a4cfde71a61cc6c2e8c96003b5cbb0b0e12305960da9747667a39b462cd5301f16a106"}}, &(0x7f00000002c0)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r7) timer_gettime(r7, &(0x7f0000000000)) timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_create(0x3, &(0x7f0000000040)={0x0, 0x2d, 0x0, @thr={&(0x7f00000003c0)="f8bdd30a07c60d8291a4e6cd640dc97422acf094dec58ed51f29cc36121dd232a792d3d6fc37a4467c1bbd8a5a845041a35a946133ddfd4cef03c1ed734d098f157246ae0694822cc444208fd65eef20d76ce382256841839e9c66be1cba4646ecb4df9ce8950902e841a053dac7c445ceea402578ed735476f8cdd5c0e1", &(0x7f0000000440)="84c9e215a0487afcc4272ab84ddaa4b051300871eb4f6c68f1f47343d5e47416d20070b9cac8bdc6c241d4cd065edfe98f9cf8d4a3130d1e6afd245c6bd91d3fb5b659a9d35c51e6747f1e22bd0365b216785ac005130d4d936b8d4e4f0c05f8953ce948e766a9f319ae225706f1ebf6480a449afe829b136bb6aaf41809dee37e117afb49543f7c89ac0a0aeaecb6dccbf8c83a03ba296a3323308160ac5868b0516a93dd302eaedf15bb5a9a1c6d0a392815ce7dfb9ff350c1d3793e28afd9185a70fdcefd0e296b63d15a77be8311f54a81aa7e5ff4add92768782ac40e872d219fa421b3f132e052f4d63c83ff408c1ffd594012e76977"}}, &(0x7f0000000080)) (async) io_uring_register$IORING_REGISTER_PROBE(0xffffffffffffffff, 0x8, &(0x7f0000000380)=ANY=[@ANYBLOB="000000bc791500000000507f45cb00000000000000"], 0x2) (async) timer_create(0x6, &(0x7f0000000640)={0x0, 0x17}, &(0x7f0000000600)) (async) timer_delete(r0) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) (async) timer_delete(r1) (async) pipe(&(0x7f0000005440)) (async) syz_clone3(&(0x7f0000002440)={0x0, &(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200), {0x21}, &(0x7f0000002240)=""/216, 0xd8, &(0x7f0000002340)=""/129, &(0x7f0000002400)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2, {r2}}, 0x58) (async) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[r4, r3, 0x0], 0x3}, 0x58) (async) timer_create(0x2, &(0x7f0000000540)={0x0, 0x1, 0x2, @tid=r3}, &(0x7f0000000580)) (async) timer_gettime(r5, &(0x7f00000005c0)) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) (async) timer_delete(r6) (async) timer_create(0x5, &(0x7f00000000c0)={0x0, 0x13, 0x2, @thr={&(0x7f0000000140)="e0038b657267d2130aca3d62054bab4df0809592e8147dd0b8778a056902859dda43a30f1807dcfac152ea68bd78d7d745356539763f0858f3d4046f23487c1b0ee061700f04ba", &(0x7f00000001c0)="f33f948490c0accc5a201cc1ea91957411465f4c47fbb117e9840788fd9e375d2f76c18893b178c8e22360359fc24326e4554cb32635c83eacc34ae4dbc7793ec1f3075521b305e1b6d913866d603140e9ad52ba741db4f7ca8df4d40bcc13125e3aca06c2ed9f171517725305e8acf11eb0f66d3949564bb5b0d52a63ec11bc2c2f343a3bd2f9282c32e51972f9ddbba3305fcf1f1fce84cc6805cac6c082a2b79386e8c890c9808197a007d90a4600a5a19deef88c2e034ebad7c6ede357f984c4c6e29aa25467a4cfde71a61cc6c2e8c96003b5cbb0b0e12305960da9747667a39b462cd5301f16a106"}}, &(0x7f00000002c0)) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) (async) timer_delete(r7) (async) timer_gettime(r7, &(0x7f0000000000)) (async) 08:07:49 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) syz_open_dev$hiddev(&(0x7f0000000000), 0xcf5, 0x804042) 08:07:49 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(0x0) 08:07:49 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x2001000000000}, 0x58) 08:07:49 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) r2 = fsmount(r1, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r2, 0x80045519, &(0x7f0000000180)=0x100) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(r3, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) read$usbfs(r3, &(0x7f0000000100)=""/81, 0x51) 08:07:49 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 53) 08:07:49 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async) syz_open_dev$hiddev(&(0x7f0000000000), 0xcf5, 0x804042) [ 1016.519285][ T3775] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1016.527096][ T3775] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1016.534908][ T3775] 08:07:49 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x8000000000000}, 0x58) 08:07:49 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) read$usbfs(0xffffffffffffffff, &(0x7f0000000280)=""/268, 0x10c) timer_delete(0x0) 08:07:49 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x8000001000000}, 0x58) 08:07:49 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async, rerun: 32) read$usbfs(0xffffffffffffffff, &(0x7f0000000280)=""/268, 0x10c) (async, rerun: 32) timer_delete(0x0) 08:07:49 executing program 0: r0 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) r1 = request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000000080)={'syz', 0x0}, &(0x7f00000000c0)='/proc/self\x00', r0) keyctl$restrict_keyring(0x1d, r0, 0x0, &(0x7f0000000000)=')\x00') r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r3 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000580)={'syz', 0x0}, 0x0, 0x0, r1) keyctl$search(0xa, r0, &(0x7f00000004c0)='rxrpc_s\x00', &(0x7f0000000500)={'syz', 0x3}, r3) r4 = request_key(&(0x7f0000000180)='id_resolver\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000200)='\x00', r0) r5 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f00000005c0), 0x8) request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000000080)={'syz', 0x0}, &(0x7f00000000c0)='/proc/self\x00', r5) r6 = request_key(&(0x7f00000002c0)='trusted\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f0000000340)='asymmetric\x00', r0) sendmsg$NLBL_CALIPSO_C_LISTALL(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x34, 0x0, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000800}, 0x91) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r7, 0x0, 0x0) ioctl$USBDEVFS_FREE_STREAMS(r7, 0x8008551d, &(0x7f0000000600)={0x6daa, 0x10, [{0xe, 0x1}, {0x6, 0x1}, {0x8}, {}, {0x7, 0x1}, {0x7, 0x1}, {0xf}, {0x4}, {0xf, 0x1}, {0x1}, {0x5}, {0x7}, {0x5, 0x1}, {0x7}, {0xf}, {0xc}]}) keyctl$unlink(0x9, r6, r4) keyctl$reject(0x13, r5, 0x4c01, 0x6, r4) timer_create(0x6, &(0x7f0000000240)={0x0, 0x30, 0x4, @thr={&(0x7f0000000380)="c80ff6a9ca7182402d3f95b67baec8332161efa5e0b8b070ce603cf5747ec16a405b3965669baad4e233d9372681d77b54500ede40527bade9f428a3291c9475d2ea781a686604e6ccb1f5538e7c57dd71229fccf0aac18b50b307ce43184cda76b96e25caa59080b903b8b0ddf35fabb0887187946156bac3c06954939552f2d7b1c7765d66a90a437e86d881a550f91c35b21b95da2b9bbe4496e000f6589fcf57c7a10c56294251b60e1240391fb8618fcc3d76c95df1d3be4e9aa1a94d079e74ed017bc0c63601ab1b53125541b18808e98919245227837f5e8914", &(0x7f0000000480)="4a6dfb01075152570cad726f794c45da0f1bc64d54ca6a0c6898034c7bddd0cb9866ded1a5"}}, &(0x7f0000000280)) connect$bt_sco(r2, &(0x7f00000000c0), 0x2) [ 1016.621153][ T3792] FAULT_INJECTION: forcing a failure. [ 1016.621153][ T3792] name failslab, interval 1, probability 0, space 0, times 0 [ 1016.667885][ T3792] CPU: 1 PID: 3792 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1016.676143][ T3792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1016.686038][ T3792] Call Trace: [ 1016.689155][ T3792] [ 1016.691945][ T3792] dump_stack_lvl+0x151/0x1b7 [ 1016.696452][ T3792] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1016.701749][ T3792] dump_stack+0x15/0x17 [ 1016.705739][ T3792] should_fail+0x3c0/0x510 [ 1016.709996][ T3792] __should_failslab+0x9f/0xe0 [ 1016.714589][ T3792] should_failslab+0x9/0x20 [ 1016.718933][ T3792] kmem_cache_alloc+0x4f/0x2f0 [ 1016.723527][ T3792] ? vm_area_dup+0x26/0x1d0 [ 1016.727866][ T3792] vm_area_dup+0x26/0x1d0 [ 1016.732037][ T3792] dup_mmap+0x6b8/0xea0 [ 1016.736029][ T3792] ? __delayed_free_task+0x20/0x20 [ 1016.740973][ T3792] ? mm_init+0x807/0x960 [ 1016.745053][ T3792] dup_mm+0x91/0x330 [ 1016.748784][ T3792] copy_mm+0x108/0x1b0 [ 1016.752691][ T3792] copy_process+0x1295/0x3250 [ 1016.757204][ T3792] ? check_stack_object+0xf7/0x130 [ 1016.762154][ T3792] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1016.767101][ T3792] ? copy_clone_args_from_user+0x6cf/0x790 [ 1016.772742][ T3792] kernel_clone+0x22d/0x990 [ 1016.777081][ T3792] ? dup_mmap+0xea0/0xea0 [ 1016.781260][ T3792] ? create_io_thread+0x1e0/0x1e0 [ 1016.786108][ T3792] ? file_end_write+0x1b0/0x1b0 [ 1016.790792][ T3792] __x64_sys_clone3+0x375/0x3a0 [ 1016.795480][ T3792] ? __ia32_sys_clone+0x300/0x300 [ 1016.800340][ T3792] ? ksys_write+0x25f/0x2c0 [ 1016.804680][ T3792] ? debug_smp_processor_id+0x17/0x20 [ 1016.809886][ T3792] do_syscall_64+0x44/0xd0 [ 1016.814142][ T3792] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1016.819866][ T3792] RIP: 0033:0x7f495fdbc639 [ 1016.824121][ T3792] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1016.843564][ T3792] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1016.851808][ T3792] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1016.859619][ T3792] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1016.867527][ T3792] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1016.875332][ T3792] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1016.883144][ T3792] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1016.890962][ T3792] 08:07:50 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_create(0x3, &(0x7f0000000040)={0x0, 0x2d, 0x0, @thr={&(0x7f00000003c0)="f8bdd30a07c60d8291a4e6cd640dc97422acf094dec58ed51f29cc36121dd232a792d3d6fc37a4467c1bbd8a5a845041a35a946133ddfd4cef03c1ed734d098f157246ae0694822cc444208fd65eef20d76ce382256841839e9c66be1cba4646ecb4df9ce8950902e841a053dac7c445ceea402578ed735476f8cdd5c0e1", &(0x7f0000000440)="84c9e215a0487afcc4272ab84ddaa4b051300871eb4f6c68f1f47343d5e47416d20070b9cac8bdc6c241d4cd065edfe98f9cf8d4a3130d1e6afd245c6bd91d3fb5b659a9d35c51e6747f1e22bd0365b216785ac005130d4d936b8d4e4f0c05f8953ce948e766a9f319ae225706f1ebf6480a449afe829b136bb6aaf41809dee37e117afb49543f7c89ac0a0aeaecb6dccbf8c83a03ba296a3323308160ac5868b0516a93dd302eaedf15bb5a9a1c6d0a392815ce7dfb9ff350c1d3793e28afd9185a70fdcefd0e296b63d15a77be8311f54a81aa7e5ff4add92768782ac40e872d219fa421b3f132e052f4d63c83ff408c1ffd594012e76977"}}, &(0x7f0000000080)) (async, rerun: 64) io_uring_register$IORING_REGISTER_PROBE(0xffffffffffffffff, 0x8, &(0x7f0000000380)=ANY=[@ANYBLOB="000000bc791500000000507f45cb00000000000000"], 0x2) (rerun: 64) timer_create(0x6, &(0x7f0000000640)={0x0, 0x17}, &(0x7f0000000600)=0x0) timer_delete(r0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = syz_clone3(&(0x7f0000002440)={0x0, &(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)=0x0, {0x21}, &(0x7f0000002240)=""/216, 0xd8, &(0x7f0000002340)=""/129, &(0x7f0000002400)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2, {r2}}, 0x58) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[r4, r3, 0x0], 0x3}, 0x58) (async) timer_create(0x2, &(0x7f0000000540)={0x0, 0x1, 0x2, @tid=r3}, &(0x7f0000000580)=0x0) timer_gettime(r5, &(0x7f00000005c0)) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r6) (async) timer_create(0x5, &(0x7f00000000c0)={0x0, 0x13, 0x2, @thr={&(0x7f0000000140)="e0038b657267d2130aca3d62054bab4df0809592e8147dd0b8778a056902859dda43a30f1807dcfac152ea68bd78d7d745356539763f0858f3d4046f23487c1b0ee061700f04ba", &(0x7f00000001c0)="f33f948490c0accc5a201cc1ea91957411465f4c47fbb117e9840788fd9e375d2f76c18893b178c8e22360359fc24326e4554cb32635c83eacc34ae4dbc7793ec1f3075521b305e1b6d913866d603140e9ad52ba741db4f7ca8df4d40bcc13125e3aca06c2ed9f171517725305e8acf11eb0f66d3949564bb5b0d52a63ec11bc2c2f343a3bd2f9282c32e51972f9ddbba3305fcf1f1fce84cc6805cac6c082a2b79386e8c890c9808197a007d90a4600a5a19deef88c2e034ebad7c6ede357f984c4c6e29aa25467a4cfde71a61cc6c2e8c96003b5cbb0b0e12305960da9747667a39b462cd5301f16a106"}}, &(0x7f00000002c0)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r7) timer_gettime(r7, &(0x7f0000000000)) 08:07:50 executing program 0: r0 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) r1 = request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000000080)={'syz', 0x0}, &(0x7f00000000c0)='/proc/self\x00', r0) keyctl$restrict_keyring(0x1d, r0, 0x0, &(0x7f0000000000)=')\x00') r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r3 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000580)={'syz', 0x0}, 0x0, 0x0, r1) keyctl$search(0xa, r0, &(0x7f00000004c0)='rxrpc_s\x00', &(0x7f0000000500)={'syz', 0x3}, r3) r4 = request_key(&(0x7f0000000180)='id_resolver\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000200)='\x00', r0) r5 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f00000005c0), 0x8) request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000000080)={'syz', 0x0}, &(0x7f00000000c0)='/proc/self\x00', r5) r6 = request_key(&(0x7f00000002c0)='trusted\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f0000000340)='asymmetric\x00', r0) sendmsg$NLBL_CALIPSO_C_LISTALL(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x34, 0x0, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000800}, 0x91) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r7, 0x0, 0x0) ioctl$USBDEVFS_FREE_STREAMS(r7, 0x8008551d, &(0x7f0000000600)={0x6daa, 0x10, [{0xe, 0x1}, {0x6, 0x1}, {0x8}, {}, {0x7, 0x1}, {0x7, 0x1}, {0xf}, {0x4}, {0xf, 0x1}, {0x1}, {0x5}, {0x7}, {0x5, 0x1}, {0x7}, {0xf}, {0xc}]}) keyctl$unlink(0x9, r6, r4) keyctl$reject(0x13, r5, 0x4c01, 0x6, r4) timer_create(0x6, &(0x7f0000000240)={0x0, 0x30, 0x4, @thr={&(0x7f0000000380)="c80ff6a9ca7182402d3f95b67baec8332161efa5e0b8b070ce603cf5747ec16a405b3965669baad4e233d9372681d77b54500ede40527bade9f428a3291c9475d2ea781a686604e6ccb1f5538e7c57dd71229fccf0aac18b50b307ce43184cda76b96e25caa59080b903b8b0ddf35fabb0887187946156bac3c06954939552f2d7b1c7765d66a90a437e86d881a550f91c35b21b95da2b9bbe4496e000f6589fcf57c7a10c56294251b60e1240391fb8618fcc3d76c95df1d3be4e9aa1a94d079e74ed017bc0c63601ab1b53125541b18808e98919245227837f5e8914", &(0x7f0000000480)="4a6dfb01075152570cad726f794c45da0f1bc64d54ca6a0c6898034c7bddd0cb9866ded1a5"}}, &(0x7f0000000280)) connect$bt_sco(r2, &(0x7f00000000c0), 0x2) add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) (async) request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000000080)={'syz', 0x0}, &(0x7f00000000c0)='/proc/self\x00', r0) (async) keyctl$restrict_keyring(0x1d, r0, 0x0, &(0x7f0000000000)=')\x00') (async) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) add_key$keyring(&(0x7f0000000540), &(0x7f0000000580)={'syz', 0x0}, 0x0, 0x0, r1) (async) keyctl$search(0xa, r0, &(0x7f00000004c0)='rxrpc_s\x00', &(0x7f0000000500)={'syz', 0x3}, r3) (async) request_key(&(0x7f0000000180)='id_resolver\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000200)='\x00', r0) (async) add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) (async) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f00000005c0), 0x8) (async) request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000000080)={'syz', 0x0}, &(0x7f00000000c0)='/proc/self\x00', r5) (async) request_key(&(0x7f00000002c0)='trusted\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f0000000340)='asymmetric\x00', r0) (async) sendmsg$NLBL_CALIPSO_C_LISTALL(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x34, 0x0, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000800}, 0x91) (async) pipe(&(0x7f0000005540)) (async) read$FUSE(r7, 0x0, 0x0) (async) ioctl$USBDEVFS_FREE_STREAMS(r7, 0x8008551d, &(0x7f0000000600)={0x6daa, 0x10, [{0xe, 0x1}, {0x6, 0x1}, {0x8}, {}, {0x7, 0x1}, {0x7, 0x1}, {0xf}, {0x4}, {0xf, 0x1}, {0x1}, {0x5}, {0x7}, {0x5, 0x1}, {0x7}, {0xf}, {0xc}]}) (async) keyctl$unlink(0x9, r6, r4) (async) keyctl$reject(0x13, r5, 0x4c01, 0x6, r4) (async) timer_create(0x6, &(0x7f0000000240)={0x0, 0x30, 0x4, @thr={&(0x7f0000000380)="c80ff6a9ca7182402d3f95b67baec8332161efa5e0b8b070ce603cf5747ec16a405b3965669baad4e233d9372681d77b54500ede40527bade9f428a3291c9475d2ea781a686604e6ccb1f5538e7c57dd71229fccf0aac18b50b307ce43184cda76b96e25caa59080b903b8b0ddf35fabb0887187946156bac3c06954939552f2d7b1c7765d66a90a437e86d881a550f91c35b21b95da2b9bbe4496e000f6589fcf57c7a10c56294251b60e1240391fb8618fcc3d76c95df1d3be4e9aa1a94d079e74ed017bc0c63601ab1b53125541b18808e98919245227837f5e8914", &(0x7f0000000480)="4a6dfb01075152570cad726f794c45da0f1bc64d54ca6a0c6898034c7bddd0cb9866ded1a5"}}, &(0x7f0000000280)) (async) connect$bt_sco(r2, &(0x7f00000000c0), 0x2) (async) 08:07:50 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) read$usbfs(0xffffffffffffffff, &(0x7f0000000280)=""/268, 0x10c) timer_delete(0x0) 08:07:50 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 54) 08:07:50 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) r2 = fsmount(r1, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r2, 0x80045519, &(0x7f0000000180)=0x100) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(r3, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) 08:07:50 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x10100000000000}, 0x58) 08:07:50 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x4da6981dd6360bc3, 0x0) mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0xc9) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) io_uring_register$IORING_REGISTER_PROBE(r1, 0x8, &(0x7f0000000000)={0x0, 0x0, 0x0, '\x00', [{}, {}]}, 0x2) 08:07:50 executing program 0: r0 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) r1 = request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000000080)={'syz', 0x0}, &(0x7f00000000c0)='/proc/self\x00', r0) (async) keyctl$restrict_keyring(0x1d, r0, 0x0, &(0x7f0000000000)=')\x00') r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) r3 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000580)={'syz', 0x0}, 0x0, 0x0, r1) keyctl$search(0xa, r0, &(0x7f00000004c0)='rxrpc_s\x00', &(0x7f0000000500)={'syz', 0x3}, r3) r4 = request_key(&(0x7f0000000180)='id_resolver\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000200)='\x00', r0) r5 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) (async) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f00000005c0), 0x8) request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000000080)={'syz', 0x0}, &(0x7f00000000c0)='/proc/self\x00', r5) (async) r6 = request_key(&(0x7f00000002c0)='trusted\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f0000000340)='asymmetric\x00', r0) (async) sendmsg$NLBL_CALIPSO_C_LISTALL(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x34, 0x0, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000800}, 0x91) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r7, 0x0, 0x0) (async, rerun: 64) ioctl$USBDEVFS_FREE_STREAMS(r7, 0x8008551d, &(0x7f0000000600)={0x6daa, 0x10, [{0xe, 0x1}, {0x6, 0x1}, {0x8}, {}, {0x7, 0x1}, {0x7, 0x1}, {0xf}, {0x4}, {0xf, 0x1}, {0x1}, {0x5}, {0x7}, {0x5, 0x1}, {0x7}, {0xf}, {0xc}]}) (async, rerun: 64) keyctl$unlink(0x9, r6, r4) keyctl$reject(0x13, r5, 0x4c01, 0x6, r4) (async) timer_create(0x6, &(0x7f0000000240)={0x0, 0x30, 0x4, @thr={&(0x7f0000000380)="c80ff6a9ca7182402d3f95b67baec8332161efa5e0b8b070ce603cf5747ec16a405b3965669baad4e233d9372681d77b54500ede40527bade9f428a3291c9475d2ea781a686604e6ccb1f5538e7c57dd71229fccf0aac18b50b307ce43184cda76b96e25caa59080b903b8b0ddf35fabb0887187946156bac3c06954939552f2d7b1c7765d66a90a437e86d881a550f91c35b21b95da2b9bbe4496e000f6589fcf57c7a10c56294251b60e1240391fb8618fcc3d76c95df1d3be4e9aa1a94d079e74ed017bc0c63601ab1b53125541b18808e98919245227837f5e8914", &(0x7f0000000480)="4a6dfb01075152570cad726f794c45da0f1bc64d54ca6a0c6898034c7bddd0cb9866ded1a5"}}, &(0x7f0000000280)) connect$bt_sco(r2, &(0x7f00000000c0), 0x2) 08:07:50 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x60dc263a550000}, 0x58) 08:07:50 executing program 0: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f0000000000), 0x8) 08:07:50 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0xb0ede9682a0000}, 0x58) [ 1017.618359][ T3835] FAULT_INJECTION: forcing a failure. [ 1017.618359][ T3835] name fail_page_alloc, interval 1, probability 0, space 0, times 0 08:07:50 executing program 0: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async, rerun: 64) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (rerun: 64) connect$bt_sco(r0, &(0x7f0000000000), 0x8) 08:07:50 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x4da6981dd6360bc3, 0x0) mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0xc9) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) io_uring_register$IORING_REGISTER_PROBE(r1, 0x8, &(0x7f0000000000)={0x0, 0x0, 0x0, '\x00', [{}, {}]}, 0x2) timer_create(0x0, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_delete(0x0) (async) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x4da6981dd6360bc3, 0x0) (async) mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0xc9) (async) pipe(&(0x7f0000005540)) (async) read$FUSE(r1, 0x0, 0x0) (async) io_uring_register$IORING_REGISTER_PROBE(r1, 0x8, &(0x7f0000000000)={0x0, 0x0, 0x0, '\x00', [{}, {}]}, 0x2) (async) [ 1017.682772][ T3835] CPU: 1 PID: 3835 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1017.691026][ T3835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1017.700921][ T3835] Call Trace: [ 1017.704042][ T3835] [ 1017.706818][ T3835] dump_stack_lvl+0x151/0x1b7 [ 1017.711334][ T3835] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1017.716625][ T3835] ? __kasan_check_write+0x14/0x20 [ 1017.721574][ T3835] ? __set_page_owner+0x2ee/0x310 [ 1017.726439][ T3835] dump_stack+0x15/0x17 [ 1017.730428][ T3835] should_fail+0x3c0/0x510 [ 1017.734682][ T3835] should_fail_alloc_page+0x58/0x70 [ 1017.739712][ T3835] __alloc_pages+0x1de/0x7c0 [ 1017.744142][ T3835] ? __count_vm_events+0x30/0x30 [ 1017.748915][ T3835] ? __count_vm_events+0x30/0x30 [ 1017.753685][ T3835] ? __kasan_check_write+0x14/0x20 [ 1017.758636][ T3835] ? _raw_spin_lock+0xa3/0x1b0 [ 1017.763238][ T3835] __pmd_alloc+0xb1/0x550 [ 1017.767396][ T3835] ? kmem_cache_alloc+0x189/0x2f0 [ 1017.772255][ T3835] ? anon_vma_fork+0x1b9/0x4f0 [ 1017.776858][ T3835] ? __pud_alloc+0x260/0x260 [ 1017.781284][ T3835] ? __pud_alloc+0x218/0x260 [ 1017.785711][ T3835] ? do_handle_mm_fault+0x2370/0x2370 [ 1017.790918][ T3835] copy_page_range+0xd04/0x1090 [ 1017.795607][ T3835] ? pfn_valid+0x1e0/0x1e0 [ 1017.799860][ T3835] dup_mmap+0x99f/0xea0 [ 1017.803851][ T3835] ? __delayed_free_task+0x20/0x20 [ 1017.808798][ T3835] ? mm_init+0x807/0x960 [ 1017.812887][ T3835] dup_mm+0x91/0x330 [ 1017.816610][ T3835] copy_mm+0x108/0x1b0 [ 1017.820515][ T3835] copy_process+0x1295/0x3250 [ 1017.825028][ T3835] ? check_stack_object+0xf7/0x130 [ 1017.829976][ T3835] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1017.834923][ T3835] ? copy_clone_args_from_user+0x6cf/0x790 [ 1017.840565][ T3835] kernel_clone+0x22d/0x990 [ 1017.844906][ T3835] ? dup_mmap+0xea0/0xea0 [ 1017.849074][ T3835] ? create_io_thread+0x1e0/0x1e0 [ 1017.853930][ T3835] ? file_end_write+0x1b0/0x1b0 [ 1017.858622][ T3835] __x64_sys_clone3+0x375/0x3a0 [ 1017.863305][ T3835] ? __ia32_sys_clone+0x300/0x300 [ 1017.868166][ T3835] ? ksys_write+0x25f/0x2c0 [ 1017.872506][ T3835] ? debug_smp_processor_id+0x17/0x20 [ 1017.877712][ T3835] do_syscall_64+0x44/0xd0 [ 1017.881967][ T3835] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1017.887696][ T3835] RIP: 0033:0x7f495fdbc639 [ 1017.891949][ T3835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1017.911387][ T3835] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1017.919638][ T3835] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 08:07:50 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timer_settime(0x0, 0x0, &(0x7f0000000140)={{r0, r1+10000000}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) 08:07:50 executing program 0: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f0000000000), 0x8) 08:07:50 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0xf0e10c1b000000}, 0x58) 08:07:50 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_delete(0x0) (async) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x4da6981dd6360bc3, 0x0) mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0xc9) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) (async) io_uring_register$IORING_REGISTER_PROBE(r1, 0x8, &(0x7f0000000000)={0x0, 0x0, 0x0, '\x00', [{}, {}]}, 0x2) 08:07:50 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) r2 = fsmount(r1, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r2, 0x80045519, &(0x7f0000000180)=0x100) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(r3, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) 08:07:50 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 55) [ 1017.927445][ T3835] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1017.935262][ T3835] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1017.943064][ T3835] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1017.950879][ T3835] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1017.958779][ T3835] 08:07:50 executing program 0: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) 08:07:50 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0xf0ff1f00000000}, 0x58) 08:07:50 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) (async) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timer_settime(0x0, 0x0, &(0x7f0000000140)={{r0, r1+10000000}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) 08:07:50 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_settime(r0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(0x0) 08:07:50 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timer_settime(0x0, 0x0, &(0x7f0000000140)={{r0, r1+10000000}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) timer_create(0x7, 0x0, &(0x7f0000000100)) (async) clock_gettime(0x0, &(0x7f0000000000)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{r0, r1+10000000}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) 08:07:50 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x100000000000000}, 0x58) 08:07:50 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_settime(r0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(0x0) timer_create(0x0, 0x0, &(0x7f0000000100)) (async) timer_settime(r0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_delete(0x0) (async) [ 1018.000961][ T3898] FAULT_INJECTION: forcing a failure. [ 1018.000961][ T3898] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1018.032411][ T3898] CPU: 1 PID: 3898 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1018.040670][ T3898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1018.050567][ T3898] Call Trace: [ 1018.053690][ T3898] [ 1018.056467][ T3898] dump_stack_lvl+0x151/0x1b7 [ 1018.060977][ T3898] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1018.066275][ T3898] ? __kasan_check_write+0x14/0x20 [ 1018.071220][ T3898] ? __set_page_owner+0x2ee/0x310 [ 1018.076085][ T3898] dump_stack+0x15/0x17 [ 1018.080079][ T3898] should_fail+0x3c0/0x510 [ 1018.084325][ T3898] should_fail_alloc_page+0x58/0x70 [ 1018.089362][ T3898] __alloc_pages+0x1de/0x7c0 [ 1018.093785][ T3898] ? __count_vm_events+0x30/0x30 [ 1018.098557][ T3898] ? __count_vm_events+0x30/0x30 [ 1018.103337][ T3898] ? __kasan_check_write+0x14/0x20 [ 1018.108279][ T3898] ? _raw_spin_lock+0xa3/0x1b0 [ 1018.112882][ T3898] __pmd_alloc+0xb1/0x550 [ 1018.117048][ T3898] ? kmem_cache_alloc+0x189/0x2f0 [ 1018.121904][ T3898] ? anon_vma_fork+0x1b9/0x4f0 [ 1018.126503][ T3898] ? __pud_alloc+0x260/0x260 [ 1018.130930][ T3898] ? __pud_alloc+0x218/0x260 [ 1018.135358][ T3898] ? do_handle_mm_fault+0x2370/0x2370 [ 1018.140565][ T3898] copy_page_range+0xd04/0x1090 [ 1018.145254][ T3898] ? pfn_valid+0x1e0/0x1e0 [ 1018.149513][ T3898] dup_mmap+0x99f/0xea0 [ 1018.153498][ T3898] ? __delayed_free_task+0x20/0x20 [ 1018.158448][ T3898] ? mm_init+0x807/0x960 [ 1018.162523][ T3898] dup_mm+0x91/0x330 [ 1018.166256][ T3898] copy_mm+0x108/0x1b0 [ 1018.170167][ T3898] copy_process+0x1295/0x3250 [ 1018.174676][ T3898] ? check_stack_object+0xf7/0x130 [ 1018.179626][ T3898] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1018.184567][ T3898] ? copy_clone_args_from_user+0x6cf/0x790 [ 1018.190213][ T3898] kernel_clone+0x22d/0x990 [ 1018.194548][ T3898] ? dup_mmap+0xea0/0xea0 [ 1018.198715][ T3898] ? create_io_thread+0x1e0/0x1e0 [ 1018.203579][ T3898] ? file_end_write+0x1b0/0x1b0 [ 1018.208270][ T3898] __x64_sys_clone3+0x375/0x3a0 [ 1018.212956][ T3898] ? __ia32_sys_clone+0x300/0x300 [ 1018.217811][ T3898] ? ksys_write+0x25f/0x2c0 [ 1018.222151][ T3898] ? debug_smp_processor_id+0x17/0x20 [ 1018.227359][ T3898] do_syscall_64+0x44/0xd0 [ 1018.231611][ T3898] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1018.237339][ T3898] RIP: 0033:0x7f495fdbc639 [ 1018.241606][ T3898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1018.261048][ T3898] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1018.269279][ T3898] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1018.277090][ T3898] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1018.284901][ T3898] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1018.292711][ T3898] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 08:07:50 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x200000000000000}, 0x58) 08:07:50 executing program 0: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) 08:07:50 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_settime(r0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_delete(0x0) [ 1018.300527][ T3898] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1018.308341][ T3898] 08:07:50 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 56) 08:07:50 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x700000000000000}, 0x58) 08:07:50 executing program 0: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) 08:07:50 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r0}}, 0x58) r1 = fsmount(r0, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r1, 0x80045519, &(0x7f0000000180)=0x100) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(r2, 0x5523) 08:07:50 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x900000000000000}, 0x58) 08:07:50 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(0x0) timer_create(0x2, &(0x7f0000000180)={0x0, 0x6, 0x2, @thr={&(0x7f0000000000)="b0eb3e91fa5734dce5033859950b7b8918f87d611b2d9d8ae98e2868", &(0x7f0000000040)="1ccb5186f425a405b1ac14c09dfb804bd23e9e730f2352deec6f1aa9693fe67cf7b21e3c5ff50b57a8b24a0802da8475a18e3a281150f9097330ea0c6c9c342494425c60cd1f86f00b7e5a80ed6493075b1ba23d0eb3ee40136473b183a4decff6ef9cd2785d0ab05f23b39cdb62639fa19fa1e85685948f86c418c252d687e0d19bdabf7e21"}}, &(0x7f00000001c0)) 08:07:50 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) [ 1018.374444][ T3930] FAULT_INJECTION: forcing a failure. [ 1018.374444][ T3930] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1018.409075][ T3930] CPU: 1 PID: 3930 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 08:07:50 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) timer_gettime(r0, &(0x7f0000000000)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) timer_gettime(r1, &(0x7f0000000040)) r2 = syz_io_uring_setup(0x498e, &(0x7f0000000080)={0x0, 0x68a9, 0x100, 0x3, 0x280}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) io_uring_register$IORING_REGISTER_PROBE(r2, 0x8, &(0x7f0000000200)={0x0, 0x0, 0x0, '\x00', [{}, {}, {}, {}]}, 0x4) timer_gettime(0x0, &(0x7f0000000240)) 08:07:51 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_delete(0x0) (async) timer_create(0x2, &(0x7f0000000180)={0x0, 0x6, 0x2, @thr={&(0x7f0000000000)="b0eb3e91fa5734dce5033859950b7b8918f87d611b2d9d8ae98e2868", &(0x7f0000000040)="1ccb5186f425a405b1ac14c09dfb804bd23e9e730f2352deec6f1aa9693fe67cf7b21e3c5ff50b57a8b24a0802da8475a18e3a281150f9097330ea0c6c9c342494425c60cd1f86f00b7e5a80ed6493075b1ba23d0eb3ee40136473b183a4decff6ef9cd2785d0ab05f23b39cdb62639fa19fa1e85685948f86c418c252d687e0d19bdabf7e21"}}, &(0x7f00000001c0)) 08:07:51 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async) 08:07:51 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) timer_gettime(r0, &(0x7f0000000000)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) timer_gettime(r1, &(0x7f0000000040)) r2 = syz_io_uring_setup(0x498e, &(0x7f0000000080)={0x0, 0x68a9, 0x100, 0x3, 0x280}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) io_uring_register$IORING_REGISTER_PROBE(r2, 0x8, &(0x7f0000000200)={0x0, 0x0, 0x0, '\x00', [{}, {}, {}, {}]}, 0x4) timer_gettime(0x0, &(0x7f0000000240)) timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) (async) timer_delete(r0) (async) timer_gettime(r0, &(0x7f0000000000)) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) (async) timer_delete(r1) (async) timer_gettime(r1, &(0x7f0000000040)) (async) syz_io_uring_setup(0x498e, &(0x7f0000000080)={0x0, 0x68a9, 0x100, 0x3, 0x280}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) (async) io_uring_register$IORING_REGISTER_PROBE(r2, 0x8, &(0x7f0000000200)={0x0, 0x0, 0x0, '\x00', [{}, {}, {}, {}]}, 0x4) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) [ 1018.417430][ T3930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1018.427318][ T3930] Call Trace: [ 1018.430441][ T3930] [ 1018.433220][ T3930] dump_stack_lvl+0x151/0x1b7 [ 1018.437729][ T3930] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1018.443025][ T3930] ? __kasan_check_write+0x14/0x20 [ 1018.447970][ T3930] ? __set_page_owner+0x2ee/0x310 [ 1018.452836][ T3930] dump_stack+0x15/0x17 [ 1018.456823][ T3930] should_fail+0x3c0/0x510 [ 1018.461078][ T3930] should_fail_alloc_page+0x58/0x70 [ 1018.466114][ T3930] __alloc_pages+0x1de/0x7c0 08:07:51 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(0x0) timer_create(0x2, &(0x7f0000000180)={0x0, 0x6, 0x2, @thr={&(0x7f0000000000)="b0eb3e91fa5734dce5033859950b7b8918f87d611b2d9d8ae98e2868", &(0x7f0000000040)="1ccb5186f425a405b1ac14c09dfb804bd23e9e730f2352deec6f1aa9693fe67cf7b21e3c5ff50b57a8b24a0802da8475a18e3a281150f9097330ea0c6c9c342494425c60cd1f86f00b7e5a80ed6493075b1ba23d0eb3ee40136473b183a4decff6ef9cd2785d0ab05f23b39cdb62639fa19fa1e85685948f86c418c252d687e0d19bdabf7e21"}}, &(0x7f00000001c0)) [ 1018.470540][ T3930] ? __count_vm_events+0x30/0x30 [ 1018.475313][ T3930] ? __count_vm_events+0x30/0x30 [ 1018.480085][ T3930] ? __kasan_check_write+0x14/0x20 [ 1018.485034][ T3930] ? _raw_spin_lock+0xa3/0x1b0 [ 1018.489632][ T3930] __pmd_alloc+0xb1/0x550 [ 1018.493797][ T3930] ? kmem_cache_alloc+0x189/0x2f0 [ 1018.498663][ T3930] ? anon_vma_fork+0x1b9/0x4f0 [ 1018.503262][ T3930] ? __pud_alloc+0x260/0x260 [ 1018.507682][ T3930] ? __pud_alloc+0x218/0x260 [ 1018.512110][ T3930] ? do_handle_mm_fault+0x2370/0x2370 [ 1018.517326][ T3930] copy_page_range+0xd04/0x1090 [ 1018.522015][ T3930] ? pfn_valid+0x1e0/0x1e0 [ 1018.526267][ T3930] dup_mmap+0x99f/0xea0 [ 1018.530251][ T3930] ? __delayed_free_task+0x20/0x20 [ 1018.535195][ T3930] ? mm_init+0x807/0x960 [ 1018.539273][ T3930] dup_mm+0x91/0x330 [ 1018.543006][ T3930] copy_mm+0x108/0x1b0 [ 1018.546913][ T3930] copy_process+0x1295/0x3250 [ 1018.551426][ T3930] ? check_stack_object+0xf7/0x130 [ 1018.556373][ T3930] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1018.561318][ T3930] ? copy_clone_args_from_user+0x6cf/0x790 [ 1018.566961][ T3930] kernel_clone+0x22d/0x990 [ 1018.571297][ T3930] ? dup_mmap+0xea0/0xea0 [ 1018.575468][ T3930] ? create_io_thread+0x1e0/0x1e0 [ 1018.580325][ T3930] ? file_end_write+0x1b0/0x1b0 [ 1018.585015][ T3930] __x64_sys_clone3+0x375/0x3a0 [ 1018.589701][ T3930] ? __ia32_sys_clone+0x300/0x300 [ 1018.594565][ T3930] ? ksys_write+0x25f/0x2c0 [ 1018.598903][ T3930] ? debug_smp_processor_id+0x17/0x20 [ 1018.604109][ T3930] do_syscall_64+0x44/0xd0 [ 1018.608361][ T3930] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1018.614089][ T3930] RIP: 0033:0x7f495fdbc639 [ 1018.618344][ T3930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1018.637796][ T3930] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1018.646030][ T3930] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1018.653840][ T3930] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1018.661652][ T3930] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 08:07:51 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 57) 08:07:51 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async) 08:07:51 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x77359400}, {r1, r2+10000000}}, &(0x7f00000001c0)) timer_create(0x2, &(0x7f0000000080)={0x0, 0x3b, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r3) timer_settime(r3, 0x0, &(0x7f0000000000)={{0x77359400}, {0x0, 0x3938700}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(0x0) 08:07:51 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r0}}, 0x58) r1 = fsmount(r0, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r1, 0x80045519, &(0x7f0000000180)=0x100) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(r2, 0x5523) 08:07:51 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) (async) timer_gettime(r0, &(0x7f0000000000)) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) timer_gettime(r1, &(0x7f0000000040)) (async) r2 = syz_io_uring_setup(0x498e, &(0x7f0000000080)={0x0, 0x68a9, 0x100, 0x3, 0x280}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) io_uring_register$IORING_REGISTER_PROBE(r2, 0x8, &(0x7f0000000200)={0x0, 0x0, 0x0, '\x00', [{}, {}, {}, {}]}, 0x4) timer_gettime(0x0, &(0x7f0000000240)) 08:07:51 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1100000000000000}, 0x58) 08:07:51 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1f00000000000000}, 0x58) [ 1018.669463][ T3930] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1018.677274][ T3930] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1018.685089][ T3930] 08:07:51 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000}, 0x58) [ 1018.720404][ T3976] FAULT_INJECTION: forcing a failure. [ 1018.720404][ T3976] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1018.742480][ T3976] CPU: 0 PID: 3976 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1018.750738][ T3976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1018.760636][ T3976] Call Trace: [ 1018.763757][ T3976] 08:07:51 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000}, 0x58) 08:07:51 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0xf5ffffff00000000}, 0x58) 08:07:51 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0xfbffffff00000000}, 0x58) 08:07:51 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x7fbe3f9030a8) [ 1018.766536][ T3976] dump_stack_lvl+0x151/0x1b7 [ 1018.771059][ T3976] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1018.776345][ T3976] dump_stack+0x15/0x17 [ 1018.780434][ T3976] should_fail+0x3c0/0x510 [ 1018.784688][ T3976] should_fail_alloc_page+0x58/0x70 [ 1018.789718][ T3976] __alloc_pages+0x1de/0x7c0 [ 1018.794148][ T3976] ? __count_vm_events+0x30/0x30 [ 1018.798918][ T3976] ? __this_cpu_preempt_check+0x13/0x20 [ 1018.804301][ T3976] ? __mod_node_page_state+0xac/0xf0 [ 1018.809423][ T3976] pte_alloc_one+0x73/0x1b0 [ 1018.813760][ T3976] ? pfn_modify_allowed+0x2e0/0x2e0 [ 1018.818801][ T3976] __pte_alloc+0x86/0x350 [ 1018.822966][ T3976] ? free_pgtables+0x210/0x210 [ 1018.827646][ T3976] ? _raw_spin_lock+0xa3/0x1b0 [ 1018.832248][ T3976] ? _raw_spin_trylock_bh+0x1d0/0x1d0 [ 1018.837458][ T3976] ? __kernel_text_address+0x9a/0x110 [ 1018.842664][ T3976] copy_pte_range+0x1b1f/0x20b0 [ 1018.847350][ T3976] ? __kunmap_atomic+0x80/0x80 [ 1018.851944][ T3976] ? __kasan_slab_alloc+0xc4/0xe0 [ 1018.856808][ T3976] ? __kasan_slab_alloc+0xb2/0xe0 [ 1018.861665][ T3976] ? kmem_cache_alloc+0x189/0x2f0 [ 1018.866533][ T3976] ? vm_area_dup+0x26/0x1d0 [ 1018.870869][ T3976] ? dup_mmap+0x6b8/0xea0 [ 1018.875034][ T3976] ? dup_mm+0x91/0x330 [ 1018.878942][ T3976] ? copy_mm+0x108/0x1b0 [ 1018.883018][ T3976] ? copy_process+0x1295/0x3250 [ 1018.887705][ T3976] ? kernel_clone+0x22d/0x990 [ 1018.892217][ T3976] ? __x64_sys_clone3+0x375/0x3a0 [ 1018.897079][ T3976] ? do_syscall_64+0x44/0xd0 [ 1018.901503][ T3976] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1018.907408][ T3976] copy_page_range+0xc1e/0x1090 [ 1018.912098][ T3976] ? pfn_valid+0x1e0/0x1e0 [ 1018.916348][ T3976] dup_mmap+0x99f/0xea0 [ 1018.920341][ T3976] ? __delayed_free_task+0x20/0x20 [ 1018.925288][ T3976] ? mm_init+0x807/0x960 [ 1018.929365][ T3976] dup_mm+0x91/0x330 [ 1018.933203][ T3976] copy_mm+0x108/0x1b0 [ 1018.937104][ T3976] copy_process+0x1295/0x3250 [ 1018.941623][ T3976] ? check_stack_object+0xf7/0x130 [ 1018.946564][ T3976] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1018.951512][ T3976] ? copy_clone_args_from_user+0x6cf/0x790 [ 1018.957155][ T3976] kernel_clone+0x22d/0x990 [ 1018.961494][ T3976] ? dup_mmap+0xea0/0xea0 [ 1018.965657][ T3976] ? create_io_thread+0x1e0/0x1e0 [ 1018.970518][ T3976] ? file_end_write+0x1b0/0x1b0 [ 1018.975208][ T3976] __x64_sys_clone3+0x375/0x3a0 [ 1018.980014][ T3976] ? __ia32_sys_clone+0x300/0x300 [ 1018.984874][ T3976] ? ksys_write+0x25f/0x2c0 [ 1018.989209][ T3976] ? debug_smp_processor_id+0x17/0x20 [ 1018.994415][ T3976] do_syscall_64+0x44/0xd0 [ 1018.998670][ T3976] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1019.004398][ T3976] RIP: 0033:0x7f495fdbc639 [ 1019.008651][ T3976] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1019.028095][ T3976] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1019.036335][ T3976] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1019.044152][ T3976] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1019.051957][ T3976] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1019.059769][ T3976] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 08:07:51 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 58) 08:07:51 executing program 4: syz_clone3(&(0x7f0000000040)={0x40206000, 0x0, 0x0, 0x0, {0x10000000}, 0x0, 0x0, 0x0, 0x0}, 0x58) connect$bt_sco(0xffffffffffffffff, &(0x7f0000000000)={0x1f, @none}, 0x8) r0 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) openat$cgroup_freezer_state(r0, &(0x7f0000000240), 0x2, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f00000000c0), 0x2, 0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) sendmsg$AUDIT_LIST_RULES(r1, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x10, 0x3f5, 0x4, 0x70bd2d, 0x6, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x44000}, 0x40804) 08:07:51 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$USBDEVFS_GET_SPEED(r1, 0x551f) connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8) 08:07:51 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x77359400}, {r1, r2+10000000}}, &(0x7f00000001c0)) (async) timer_create(0x2, &(0x7f0000000080)={0x0, 0x3b, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r3) (async) timer_settime(r3, 0x0, &(0x7f0000000000)={{0x77359400}, {0x0, 0x3938700}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_delete(0x0) 08:07:51 executing program 1: write$tcp_mem(0xffffffffffffffff, &(0x7f0000000000)={0x9, 0x20, 0x8, 0x20, 0xf47}, 0x48) timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) 08:07:51 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r0}}, 0x58) r1 = fsmount(r0, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r1, 0x80045519, &(0x7f0000000180)=0x100) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(r2, 0x5523) 08:07:51 executing program 1: write$tcp_mem(0xffffffffffffffff, &(0x7f0000000000)={0x9, 0x20, 0x8, 0x20, 0xf47}, 0x48) timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) write$tcp_mem(0xffffffffffffffff, &(0x7f0000000000)={0x9, 0x20, 0x8, 0x20, 0xf47}, 0x48) (async) timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) 08:07:51 executing program 4: syz_clone3(&(0x7f0000000040)={0x40206000, 0x0, 0x0, 0x0, {0x10000000}, 0x0, 0x0, 0x0, 0x0}, 0x58) connect$bt_sco(0xffffffffffffffff, &(0x7f0000000000)={0x1f, @none}, 0x8) (async) r0 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) openat$cgroup_freezer_state(r0, &(0x7f0000000240), 0x2, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f00000000c0), 0x2, 0x0) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) (async) sendmsg$AUDIT_LIST_RULES(r1, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x10, 0x3f5, 0x4, 0x70bd2d, 0x6, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x44000}, 0x40804) 08:07:51 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$USBDEVFS_GET_SPEED(r1, 0x551f) (async) connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8) [ 1019.067579][ T3976] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1019.075396][ T3976] 08:07:51 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) (async) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x77359400}, {r1, r2+10000000}}, &(0x7f00000001c0)) (async) timer_create(0x2, &(0x7f0000000080)={0x0, 0x3b, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r3) (async, rerun: 64) timer_settime(r3, 0x0, &(0x7f0000000000)={{0x77359400}, {0x0, 0x3938700}}, &(0x7f0000000040)) (async, rerun: 64) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_delete(0x0) 08:07:51 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$USBDEVFS_GET_SPEED(r1, 0x551f) (async) connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8) 08:07:51 executing program 1: write$tcp_mem(0xffffffffffffffff, &(0x7f0000000000)={0x9, 0x20, 0x8, 0x20, 0xf47}, 0x48) (async) timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) [ 1019.137570][ T4016] FAULT_INJECTION: forcing a failure. [ 1019.137570][ T4016] name failslab, interval 1, probability 0, space 0, times 0 [ 1019.196754][ T4016] CPU: 1 PID: 4016 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1019.205007][ T4016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1019.214901][ T4016] Call Trace: [ 1019.218026][ T4016] [ 1019.220799][ T4016] dump_stack_lvl+0x151/0x1b7 [ 1019.225315][ T4016] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1019.230608][ T4016] dump_stack+0x15/0x17 [ 1019.234600][ T4016] should_fail+0x3c0/0x510 [ 1019.238851][ T4016] __should_failslab+0x9f/0xe0 [ 1019.243448][ T4016] should_failslab+0x9/0x20 [ 1019.247788][ T4016] kmem_cache_alloc+0x4f/0x2f0 [ 1019.252387][ T4016] ? vm_area_dup+0x26/0x1d0 [ 1019.256736][ T4016] vm_area_dup+0x26/0x1d0 [ 1019.260904][ T4016] dup_mmap+0x6b8/0xea0 [ 1019.264890][ T4016] ? __delayed_free_task+0x20/0x20 [ 1019.269839][ T4016] ? mm_init+0x807/0x960 [ 1019.273920][ T4016] dup_mm+0x91/0x330 [ 1019.277656][ T4016] copy_mm+0x108/0x1b0 [ 1019.281552][ T4016] copy_process+0x1295/0x3250 [ 1019.286072][ T4016] ? check_stack_object+0xf7/0x130 [ 1019.291013][ T4016] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1019.295964][ T4016] ? copy_clone_args_from_user+0x6cf/0x790 [ 1019.301604][ T4016] kernel_clone+0x22d/0x990 [ 1019.305943][ T4016] ? dup_mmap+0xea0/0xea0 [ 1019.310134][ T4016] ? create_io_thread+0x1e0/0x1e0 [ 1019.314967][ T4016] ? file_end_write+0x1b0/0x1b0 [ 1019.319655][ T4016] __x64_sys_clone3+0x375/0x3a0 [ 1019.324340][ T4016] ? __ia32_sys_clone+0x300/0x300 [ 1019.329202][ T4016] ? ksys_write+0x25f/0x2c0 [ 1019.333540][ T4016] ? debug_smp_processor_id+0x17/0x20 [ 1019.338747][ T4016] do_syscall_64+0x44/0xd0 [ 1019.343003][ T4016] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1019.348732][ T4016] RIP: 0033:0x7f495fdbc639 [ 1019.352983][ T4016] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1019.372424][ T4016] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1019.380670][ T4016] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1019.388479][ T4016] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 08:07:51 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 59) 08:07:51 executing program 4: syz_clone3(&(0x7f0000000040)={0x40206000, 0x0, 0x0, 0x0, {0x10000000}, 0x0, 0x0, 0x0, 0x0}, 0x58) connect$bt_sco(0xffffffffffffffff, &(0x7f0000000000)={0x1f, @none}, 0x8) r0 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) openat$cgroup_freezer_state(r0, &(0x7f0000000240), 0x2, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f00000000c0), 0x2, 0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) sendmsg$AUDIT_LIST_RULES(r1, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x10, 0x3f5, 0x4, 0x70bd2d, 0x6, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x44000}, 0x40804) syz_clone3(&(0x7f0000000040)={0x40206000, 0x0, 0x0, 0x0, {0x10000000}, 0x0, 0x0, 0x0, 0x0}, 0x58) (async) connect$bt_sco(0xffffffffffffffff, &(0x7f0000000000)={0x1f, @none}, 0x8) (async) openat$cgroup(0xffffffffffffffff, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_freezer_state(r0, &(0x7f0000000240), 0x2, 0x0) (async) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f00000000c0), 0x2, 0x0) (async) pipe(&(0x7f0000005540)) (async) read$FUSE(r1, 0x0, 0x0) (async) sendmsg$AUDIT_LIST_RULES(r1, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x10, 0x3f5, 0x4, 0x70bd2d, 0x6, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x44000}, 0x40804) (async) 08:07:51 executing program 0: connect$bt_sco(0xffffffffffffffff, &(0x7f00000000c0), 0x2) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) sendmsg$AUDIT_LIST_RULES(r0, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x10, 0x3f5, 0x1, 0x70bd25, 0x25dfdbff, "", ["", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000000}, 0xc40) connect$bt_sco(0xffffffffffffffff, &(0x7f0000000140)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000000)='/,[)$){]\x00', 0x0, 0xffffffffffffffff) r1 = fsopen(&(0x7f0000000040)='nfs4\x00', 0x1) fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f0000000080)='/,[)$){]\x00', &(0x7f0000000100)="a7f5bcbc9636be", 0x7) 08:07:51 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_create(0x5, &(0x7f0000000180)={0x0, 0x3c, 0x4, @thr={&(0x7f0000000280)="a3d0c60bafc16907294771cc436402b3dbee73a17d4b081b3ee8c09183e533c4d170ddeca928c5e9890d9553da7bf719210133e84d1ab06cb4560edac53f9f7edc16826b22b3cba3d3db891b894191bd79c54ffbb5d851314d948033e46762a53723ae94cc8ed893a8e244af1684cc1b9aa7b21ae70ac1e889961815fded3b5d30396a68cf9fc038b4fa11e714a1b4a239ffa1f05c22a5a4acd19406dc0ffc1f7e6c7236cb3175b71678ddc7576a01558f83d4fa5d7b69cb1afa8ad1a6fc947093372567a7addfe8e0474461bdc2cf30a617d7a54487a71b357618e3d395a3d501751c5f8d98f8945e92697570cdda60e797255fc757429dbc8c232a225fce016583fa5c6515cd80ee02f05ff03e496c7e1ca8c2d7591133ad03e6db1a0f311d6a509f0b9127946a336c8c1a3535fa89af5aa4ee22dc9b50844f1b0cb34c171681a7f2e303e633645babaf1d8a33490b42a7bd1973342ba4227cd4459a75eb29d9916ac5c5588d5bf25f89ae5c3afbcb685c9b50d358e7215b7332800aa9d30dade77f310a1a2fba8377179486b6b4b66158dfc5d5945ffc256fc8ee192a6b5b80b51db07c04a2214d37dcaf591f1db196d652dc57d61c7ee38a3d9a5ede8ad56e75df688785b6d51715019fb7868ee36d812ad852480f4a2540128bf3eaa6648228fe8d82a627bfd4da1ab7e5e930d9f5f42bbcaadea0bf2a224b595f3dd2f5d08df48e8057b68efddea2e1a734fc5b9511e1caf2a2280d77b2738422ba7525079b2364faf42d546b1a797273d7ac2b834f8f02b6f1cc1b5a4dbd9dbb0c5b7454dec871995144cd05db9346222250e504ccb60eed8baf21c4d87f733b0623ecdb09b36ddbdc3c54ec944917aa9c28c7184c32e811cd74cb43b2f00d948ffecd3b464944799842712ef1c60dfb01c2f50ee1cfcd4bbb87e3119252dcd3253591cce3c30279a13733d7ae8a522fabe8e420cfb1d389ce35efb6cd6bc116bbc555d5446a1f6a306ac5612839541f2afa247c218fc772486e3f6c2f2afe8df3e4be1dd8e9fa771381c4453728262da88cdf6323185baf284ad49168e0f7c7e208ae46682af7ed1f96b73708eaa3c361926279a588520aea22d08888af48de3ca58f92bb788978d28b0954bb143147f1eb1c3cde4167eca10f62cb83fe4d0817acada09fae1c9aaf862aadc3c32d6a966c430c7a3e8fc8dcef00592905b5a5f124b568ff281c24ba0b9e24b4376fb28572a10884cb8ac7ec0fea58d36f6326dbba9217b758c40fa637a737cfcd26428f18ae28e0346b2015e9c6c14afd7a591318439c01c4d3b37f1fe38fc0afdc101d31783989fd3737a4455ab0abf425c81ad4c1768b95762b1629284e407bc7fc12862eb270953d775251c63894a844fdf338a80cfb529ae1a102f1b783c3b0b541a94517fd9dbf8ed60fa6330e25415198030d9581d4955f5149980b6d183a17e5939f85984482cd0a9e794175a348824d3601d7580d0fd7c0bf3ae58a2867cf6c201211bd94cbd2881cb0496747071bed566e443b6cc40d1460e43de63ae43638f1a2a1cc5c59fa3b6eb14df91c236a3d8b3dd10008bee77f6becdffb0aace9a14cbac74ac91abe4dc883519738592a27aa7a3d2be9c57ff4417a05d246e33ad2073de2a6ba0eb6dbc291f5f56c88329e036c8cf051cdbd65e2efa15490209da9f81c0f5310b25e62a1e3bb0e33eae234090c81ecf7d81374f932eef9c39fc1f0e1ed0ea973a7449fe26cda3f4d1056fbdfc275fcb40ed6b9c480b7fea2a445bfe84689dbc89d5569851484096097d6ebd37629db001760c50ae755be6055ec397d23dc47545e6395410065762e2ff5dd3a68e4efb7afb238cfffa17acac2737c72b322661f7f5746002c6a0f88b55ab32b3eeafbb70bdf534c62e7718e74afa8cdba925c961cec58e8f14d1ddd02c63ee7370accc3497890f2a6b9379ddf84fd9f04e2595312a80950f3758e44e9e98f31de7640d342ec49561d3e65c97f4b1643e6587e93d5668e570cfe031f4efae77fa8dd91c255bd3c066f54b822d71e9fe10fe7ca801aaaac663b18a6093611c15f611c386f346d6a01c597f27ee67055d512914d76bec5235e51055e5ce97a7c83f9a5666d834d7b471a3ca7658f9f6ea908a2a968d524bf7f86cbb579fbb75d0385484eae7c1c744c14d434e670b407630c00261237bba620ba9249e32970c1faf3af72be80758dbd9040e13e2a417c0bedd9792d2f0204fe079449bec7b5ab247eaf740001215a38b8af2ec03ef704f8423b88ba45e2eef97f700cb3df0db2b5633c66f2f66d36f0f45f6557f4e75add6cd04e4e91541609341c5c801f2dbbfe765cef692ad36843357e9df5135509a1429b0a0ba5ca09fa9f84866ce46da2848722c542a0e9c77394f239e75587eb8921743aeabc902cee536970db8d14a9dcb210ef896799159845372353f3d85d7c26abe6532e8135ed525cd04ca80d1acf123e7a13f5b2069e63234c4197bc82ba669f5f75235f0f0d3c0fa930982da2db36f8f477253b06ae21da5bd516a5b07a12d858000ddebd580823081fc8a4be14e5f8f7ff25abb4d90eb356e9a51952ae089c2319022058fa98cf8df19425213f80e98e8804e9c685b50636ed04879ef2ae5a7712556aa66ebcc20fc5972aca7a221d3c9f1b0bedd64f3ed1629f188ad692aa91c5558caf36556a8d944dd122c3c25c88fe01c92316abaee71ff39c9f6e20dc7c6fc071d394ad45075350c781478c3d5316eaf9166ce11112fa1c8d3b5c16e4b8e12ff9d2b9c0b2d03bad946f2393ed3883624d83d3a78b0750608ab4aebf0b63023271e9090dd47b0c3d82093cf2667f284078d7522cb7255098bf50012891d14f7a840a139c66439b3b7f3c2a97f762b43360667f61f432804f370eb2c201780e21d1a141c7c8e492e7d70412964b488c6d78df82f0faa1ee8f1e7ad1a5336fb5c4490a06de6d104063219d4b536f09a6677d67723640351d9002cf29e22a5263acc3694d506b7f32a5628a233afd09f42ecab7bb43f0a8807a9e8ed77a482f735bc12ba7699921fad261137d860568113ae2493f7636a8b8d6cadd0f9c3b8ab80005c72aabf46daed59fc11d1d95dc7d911ba98c44dc06454b54c0c38314f898f9d9f296dceec5f108cf429f997dd6af4f65e9c619250ac5220772dcf4e23cc9d87957b7f0040c277d1b882a0aae748ed59bb51f87abc98f6246244cd8fc7225f2497277d7b2240abe3a44d823eed4723942f89f06d64e982227095d9fd1e11f455f4eb9e8d2d0c095f914c0c2b28ae0a8376ae779ea1bd76a44532bbe7c9e760ea36532dfc1474afca9ee8d0f1f476568cbe76d2a2baea8fce5db03ebb3e42c06768aa382df70cd4a32de0522d6a2779eb2728a27ab4195d855dd9dfb92fd16d2ec22bfde4c0f712538b274cf7148551f109b3a5bbf82c614240f1c1aa91f6a3192dde10e04273ddef7095ef92ac48ea1c78a7d31e2e272367391707795a732e8388a654e54a19d7016cfe2e1bfb413a3e6b041d4ae50640a92a5d5492a422c3bfe9b3f30a6ba589744ca34387ce03d93fb900266d724ffc31c89a907871e35ffa93063658efe1a56e38eb08a2b135d1e09b55389e9ad4097fa975bbcdccf036b0bfcb851d611fb2d914b9c4bd755446cc833f645f022304a49a7d3cc26b4bd51924078bbf4f7585a748146913da5deefe5f691e90512df094dab161ee16fc1e973de83d46dc6ea27381073fb4d68178c6cf5ec98b560c00559e5a1069be5c44940f43a520b3d286ddd6874e9441f6b8eb26f13ba803b9e8f9f0a57a73e270c9e29167aa76bffe5e7b26f638b235086e8980513214421b840ad21ec884b8e70520a14dbe8b01487d5c196cb6d8089d6fca0f3ce55f6d41c3bfeed492b11330fd5cf8e19daf6a822c51d102cdab23b7d0e853d1276d95f902275546770c234e1435a263bf7d386f99e8539a63ee404af50a835743f6bd4496f16a712c583c30c36119f92424edbb50fda9930d8928b1f6955d115de5c9c3403a06e3f7f87a12dbec47f24fb51179f4bd374b28240b5895806b2c72385845a9f7ec1594303639728615dcd440d10d11a4d25ce04f354a804e112e55a2205e8123096af45dd6cad77db26debe6975f5b91919a853917c8efbb3276d256ee3a86dc10826f187ba2d0ff4e44ed502ca37487d2c1977eea390d7859740a55613fbcbc3b65b17705056fc733c87f392126beb1eb244c22bc32c23c5943c862a45edddb25f925e6b975cc21f5fd21a6567f955ee72bcbb7366531f7009e9d85dbcbd47d5392ad5fa1d6d0fec664c169e163d882cd34d913451d5a8ced8571eda46bc6c2ff5b13ce516ede8db0e83c8e009445f3ef989d27a9667f3e653744192b3e547b5b0e35a1bbec61d049402bc98b43379ced4a6bb5fc534294fc6e5fb1f51dabbd57c7c39a075b43388691756229fdb3e2e2f4b84566081a0deb5e6b7f14ea8cbb1a8e1aad4f6c0b4009a63bb6c1e337a5dcde2879b22d975abd26ccee09ac03e60ece5ce074ecd203c2ce3621dc73e1cee079a639666a9130586ce54e7e2d384f3944bfbe7b08d03b6096bad6b413b34dc36b1a87f88ddc3f15fd53d535218c4d0bfb8dfa8ef0c6d18ffe748c452b3ca452648d77ed7260f31331a525504f6985f4619fae37f057c36eab154d843a46fb739c54d2580060514ff8891385657eba9185c991fa5a3e0bca9c10733611b7e03fb6332c5bb138ddba963799dfc45424c88249a058a6c3681002e6aeab5790257e18b969598cd4b5b170adc1b29d6a8ce354569f040088f4f8bbeb98219ef60f57cba603e50c65d68fda8832a6c0ef1e641f5ce486397934071f73592a65e8365e1817436f35f15861578bf58a021d3e89c4c6a28c9e19df5cfcdbde580e693b3126e268391a7d4d2035068e67767bddd474a9ec72d8f0b71d2cadc64b9fc21aac1993f4f90b56f159b638db354536bcb8b7b8e152c00b8ead01d3fb2490c31de78134a5b36ebc0958624552c6cbf74d36c17d092ace61af480081c1c8d4c74c579be089e73578a1477900768d40e67251250359e7c7c79429cf31ba3a441759deddb875c4cc96874f930eb4d203fcddd965acec9217e32edaec3c9e1965133b40943970159aadd406ad88b27a7fc4e3c82b785b403a7b9b2a72ea9f359b1037c1cc679bac6e9d768a7a998003e851f56a7b89f772b38a26bebc5898c6fcb4deb6f136f65b0577ee7b4b289e878ee1433483c9c32fc1164aa88d211738b1aefa88f58ac2f5df23064dbcbec0ec03bbb0f2f4c0f9c38c4303ee95a7207c1b596ed29cca1ff49ce6dc0588abc2a0c85aeca8b6c6d360f44b5097957cfabe7cfb039ad1316b1efa2ab8a569efed972886c1ec4471b98295627ec78e8411c6a89ae7b6dd0ae363cbfeca0c2d4f0fef01140081174a5b92b770d947f25fb48a308eb9ed7bbcfbd7b406ed818d9466ebb69123556cd837768b9e1675c41f43e00ea85f4256ed8a6ef30b065070019cdd72fb07ace03271706d5e0c7f1bfb1cecc17b38801d0dd05ba08bcb93b3866ff4a445b1bd8b5e61f5da6a68029afdcfa1bbc891bb9d97d5b8ab8144bcf656286d1b118d50f0a19f9d2e6d97f151f9c3f617b46f6bfdfd23500486c7cb565ed3b4a34e825edf949ed38ed42bb23954d05fe203137c9908a6063952d2de76c85df16b39cd7e2f8150597dc0edfb78d1c62898fea8f4b00a2619525cacb8239af70cdbab84d85183ce0928d977b5813837ebf053b7f8debcb", &(0x7f0000000000)="292b3de0cfb9842866f5c60b97dbc54730bf6b9e39a9fb11bc02a151c4356e9a8da8f80dd8509c0ed4771a65d0fcbd342a3ef6578b8f7aed478a48a029ba62284e688cb16d61fe75bdf10cf500858d0924306e241da6194cf52938d7a29a6e91ea5757f82785dd333dc5d8366e5a82334b58ac57dc0a41c0e149f7601132e9c61b9fb015fdfc3ae99a207688a29fdabda5c20f9846f9d805662119a60b72a3af264358a046443bb0b7c8ad4493d5dcb9fb13ab5e5846ed4db004eb67b30fd70f55e965bb968c8b1e76d8ef6908b598050118f370f9f4aa639f0beb525ec55d15c3c391417695519dc333cce8329f72facf539d94ad3b8bbd6247a63247"}}, &(0x7f00000001c0)) syz_open_dev$usbfs(&(0x7f0000000200), 0x5, 0x4200) sendmsg$AUDIT_TTY_SET(0xffffffffffffffff, &(0x7f0000001340)={&(0x7f0000001280)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000001300)={&(0x7f00000012c0)={0x18, 0x3f9, 0x200, 0x70bd2a, 0x25dfdbfc, {0x1}, ["", "", ""]}, 0x18}, 0x1, 0x0, 0x0, 0x50000}, 0x440) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r4, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r4, 0x7, 0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001640)={r3, 0xe0, &(0x7f0000001540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000001380)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x4, &(0x7f00000013c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001400)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000001440)=[{}, {}, {}], 0x18, 0x10, &(0x7f0000001480), &(0x7f00000014c0), 0x8, 0x10, 0x8, 0x8, &(0x7f0000001500)}}, 0x10) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000001700)={'syztnl2\x00', &(0x7f0000001680)={'ip6tnl0\x00', r5, 0x2f, 0x3, 0x1, 0x1, 0x40, @mcast1, @dev={0xfe, 0x80, '\x00', 0xd}, 0x40, 0x40, 0x7}}) timer_delete(r0) timer_gettime(0x0, &(0x7f0000000240)) 08:07:51 executing program 5: ioctl$USBDEVFS_BULK(0xffffffffffffffff, 0xc0185502, &(0x7f0000000040)={{{0x9}}, 0x86, 0x14000, &(0x7f0000000180)="5cb8c9d31ac32045aa3efaf9f284bd955cc0df8409d98bc14a49f9ae573d16d19895bbce56c39dd34ca44eae176e6420894628d3234ea098f4b2d08580fb1bc084aeac318134630ecd0dcd84dc31a61e71469e71069134afbb32569788324c937625034b11836299ccf74cd81bb0bfc83650626289fed1c8bfb9d89d3656bd34661857a4ebff"}) timer_create(0x0, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) ioctl$USBDEVFS_BULK(r0, 0xc0185502, &(0x7f0000002340)={{{0x3, 0x1}}, 0x3a, 0x7, &(0x7f0000002300)="4f3bbdd7117b2675db93475e2c86202df525c1f4611433b46dae820cf6d537f5ab9f5f6bc3a7b49be2f1aac1b7b52e3d562d59a15a3f89c19465"}) timer_create(0x3, &(0x7f0000000080)={0x0, 0x4, 0x4, @thr={&(0x7f0000000000)="77577607638a3d7f4a67e632c5ba7f5f6d9cbceadeb1577f578b60a8492dad3fb074e35b2ec0549ec64a087c96cd0ab8326eb90345fd41df08c793fa44805a", &(0x7f0000000040)}}, &(0x7f00000000c0)) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) timer_create(0x5, &(0x7f0000002280)={0x0, 0x2a, 0x4, @tid=r1}, &(0x7f00000022c0)) 08:07:51 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) r2 = fsmount(r1, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r2, 0x80045519, &(0x7f0000000180)=0x100) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, 0x0, 0x0) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) 08:07:51 executing program 0: connect$bt_sco(0xffffffffffffffff, &(0x7f00000000c0), 0x2) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) (async) sendmsg$AUDIT_LIST_RULES(r0, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x10, 0x3f5, 0x1, 0x70bd25, 0x25dfdbff, "", ["", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000000}, 0xc40) (async) connect$bt_sco(0xffffffffffffffff, &(0x7f0000000140)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) (async) fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000000)='/,[)$){]\x00', 0x0, 0xffffffffffffffff) (async) r1 = fsopen(&(0x7f0000000040)='nfs4\x00', 0x1) fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f0000000080)='/,[)$){]\x00', &(0x7f0000000100)="a7f5bcbc9636be", 0x7) 08:07:51 executing program 5: ioctl$USBDEVFS_BULK(0xffffffffffffffff, 0xc0185502, &(0x7f0000000040)={{{0x9}}, 0x86, 0x14000, &(0x7f0000000180)="5cb8c9d31ac32045aa3efaf9f284bd955cc0df8409d98bc14a49f9ae573d16d19895bbce56c39dd34ca44eae176e6420894628d3234ea098f4b2d08580fb1bc084aeac318134630ecd0dcd84dc31a61e71469e71069134afbb32569788324c937625034b11836299ccf74cd81bb0bfc83650626289fed1c8bfb9d89d3656bd34661857a4ebff"}) (async) timer_create(0x0, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_delete(0x0) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) ioctl$USBDEVFS_BULK(r0, 0xc0185502, &(0x7f0000002340)={{{0x3, 0x1}}, 0x3a, 0x7, &(0x7f0000002300)="4f3bbdd7117b2675db93475e2c86202df525c1f4611433b46dae820cf6d537f5ab9f5f6bc3a7b49be2f1aac1b7b52e3d562d59a15a3f89c19465"}) (async) timer_create(0x3, &(0x7f0000000080)={0x0, 0x4, 0x4, @thr={&(0x7f0000000000)="77577607638a3d7f4a67e632c5ba7f5f6d9cbceadeb1577f578b60a8492dad3fb074e35b2ec0549ec64a087c96cd0ab8326eb90345fd41df08c793fa44805a", &(0x7f0000000040)}}, &(0x7f00000000c0)) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) timer_create(0x5, &(0x7f0000002280)={0x0, 0x2a, 0x4, @tid=r1}, &(0x7f00000022c0)) [ 1019.396291][ T4016] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1019.404106][ T4016] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1019.411913][ T4016] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1019.419729][ T4016] 08:07:52 executing program 0: connect$bt_sco(0xffffffffffffffff, &(0x7f00000000c0), 0x2) (async, rerun: 64) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) (rerun: 64) read$FUSE(r0, 0x0, 0x0) (async) sendmsg$AUDIT_LIST_RULES(r0, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x10, 0x3f5, 0x1, 0x70bd25, 0x25dfdbff, "", ["", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000000}, 0xc40) (async) connect$bt_sco(0xffffffffffffffff, &(0x7f0000000140)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) (async) fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000000)='/,[)$){]\x00', 0x0, 0xffffffffffffffff) r1 = fsopen(&(0x7f0000000040)='nfs4\x00', 0x1) fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f0000000080)='/,[)$){]\x00', &(0x7f0000000100)="a7f5bcbc9636be", 0x7) 08:07:52 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) (async) timer_create(0x5, &(0x7f0000000180)={0x0, 0x3c, 0x4, @thr={&(0x7f0000000280)="a3d0c60bafc16907294771cc436402b3dbee73a17d4b081b3ee8c09183e533c4d170ddeca928c5e9890d9553da7bf719210133e84d1ab06cb4560edac53f9f7edc16826b22b3cba3d3db891b894191bd79c54ffbb5d851314d948033e46762a53723ae94cc8ed893a8e244af1684cc1b9aa7b21ae70ac1e889961815fded3b5d30396a68cf9fc038b4fa11e714a1b4a239ffa1f05c22a5a4acd19406dc0ffc1f7e6c7236cb3175b71678ddc7576a01558f83d4fa5d7b69cb1afa8ad1a6fc947093372567a7addfe8e0474461bdc2cf30a617d7a54487a71b357618e3d395a3d501751c5f8d98f8945e92697570cdda60e797255fc757429dbc8c232a225fce016583fa5c6515cd80ee02f05ff03e496c7e1ca8c2d7591133ad03e6db1a0f311d6a509f0b9127946a336c8c1a3535fa89af5aa4ee22dc9b50844f1b0cb34c171681a7f2e303e633645babaf1d8a33490b42a7bd1973342ba4227cd4459a75eb29d9916ac5c5588d5bf25f89ae5c3afbcb685c9b50d358e7215b7332800aa9d30dade77f310a1a2fba8377179486b6b4b66158dfc5d5945ffc256fc8ee192a6b5b80b51db07c04a2214d37dcaf591f1db196d652dc57d61c7ee38a3d9a5ede8ad56e75df688785b6d51715019fb7868ee36d812ad852480f4a2540128bf3eaa6648228fe8d82a627bfd4da1ab7e5e930d9f5f42bbcaadea0bf2a224b595f3dd2f5d08df48e8057b68efddea2e1a734fc5b9511e1caf2a2280d77b2738422ba7525079b2364faf42d546b1a797273d7ac2b834f8f02b6f1cc1b5a4dbd9dbb0c5b7454dec871995144cd05db9346222250e504ccb60eed8baf21c4d87f733b0623ecdb09b36ddbdc3c54ec944917aa9c28c7184c32e811cd74cb43b2f00d948ffecd3b464944799842712ef1c60dfb01c2f50ee1cfcd4bbb87e3119252dcd3253591cce3c30279a13733d7ae8a522fabe8e420cfb1d389ce35efb6cd6bc116bbc555d5446a1f6a306ac5612839541f2afa247c218fc772486e3f6c2f2afe8df3e4be1dd8e9fa771381c4453728262da88cdf6323185baf284ad49168e0f7c7e208ae46682af7ed1f96b73708eaa3c361926279a588520aea22d08888af48de3ca58f92bb788978d28b0954bb143147f1eb1c3cde4167eca10f62cb83fe4d0817acada09fae1c9aaf862aadc3c32d6a966c430c7a3e8fc8dcef00592905b5a5f124b568ff281c24ba0b9e24b4376fb28572a10884cb8ac7ec0fea58d36f6326dbba9217b758c40fa637a737cfcd26428f18ae28e0346b2015e9c6c14afd7a591318439c01c4d3b37f1fe38fc0afdc101d31783989fd3737a4455ab0abf425c81ad4c1768b95762b1629284e407bc7fc12862eb270953d775251c63894a844fdf338a80cfb529ae1a102f1b783c3b0b541a94517fd9dbf8ed60fa6330e25415198030d9581d4955f5149980b6d183a17e5939f85984482cd0a9e794175a348824d3601d7580d0fd7c0bf3ae58a2867cf6c201211bd94cbd2881cb0496747071bed566e443b6cc40d1460e43de63ae43638f1a2a1cc5c59fa3b6eb14df91c236a3d8b3dd10008bee77f6becdffb0aace9a14cbac74ac91abe4dc883519738592a27aa7a3d2be9c57ff4417a05d246e33ad2073de2a6ba0eb6dbc291f5f56c88329e036c8cf051cdbd65e2efa15490209da9f81c0f5310b25e62a1e3bb0e33eae234090c81ecf7d81374f932eef9c39fc1f0e1ed0ea973a7449fe26cda3f4d1056fbdfc275fcb40ed6b9c480b7fea2a445bfe84689dbc89d5569851484096097d6ebd37629db001760c50ae755be6055ec397d23dc47545e6395410065762e2ff5dd3a68e4efb7afb238cfffa17acac2737c72b322661f7f5746002c6a0f88b55ab32b3eeafbb70bdf534c62e7718e74afa8cdba925c961cec58e8f14d1ddd02c63ee7370accc3497890f2a6b9379ddf84fd9f04e2595312a80950f3758e44e9e98f31de7640d342ec49561d3e65c97f4b1643e6587e93d5668e570cfe031f4efae77fa8dd91c255bd3c066f54b822d71e9fe10fe7ca801aaaac663b18a6093611c15f611c386f346d6a01c597f27ee67055d512914d76bec5235e51055e5ce97a7c83f9a5666d834d7b471a3ca7658f9f6ea908a2a968d524bf7f86cbb579fbb75d0385484eae7c1c744c14d434e670b407630c00261237bba620ba9249e32970c1faf3af72be80758dbd9040e13e2a417c0bedd9792d2f0204fe079449bec7b5ab247eaf740001215a38b8af2ec03ef704f8423b88ba45e2eef97f700cb3df0db2b5633c66f2f66d36f0f45f6557f4e75add6cd04e4e91541609341c5c801f2dbbfe765cef692ad36843357e9df5135509a1429b0a0ba5ca09fa9f84866ce46da2848722c542a0e9c77394f239e75587eb8921743aeabc902cee536970db8d14a9dcb210ef896799159845372353f3d85d7c26abe6532e8135ed525cd04ca80d1acf123e7a13f5b2069e63234c4197bc82ba669f5f75235f0f0d3c0fa930982da2db36f8f477253b06ae21da5bd516a5b07a12d858000ddebd580823081fc8a4be14e5f8f7ff25abb4d90eb356e9a51952ae089c2319022058fa98cf8df19425213f80e98e8804e9c685b50636ed04879ef2ae5a7712556aa66ebcc20fc5972aca7a221d3c9f1b0bedd64f3ed1629f188ad692aa91c5558caf36556a8d944dd122c3c25c88fe01c92316abaee71ff39c9f6e20dc7c6fc071d394ad45075350c781478c3d5316eaf9166ce11112fa1c8d3b5c16e4b8e12ff9d2b9c0b2d03bad946f2393ed3883624d83d3a78b0750608ab4aebf0b63023271e9090dd47b0c3d82093cf2667f284078d7522cb7255098bf50012891d14f7a840a139c66439b3b7f3c2a97f762b43360667f61f432804f370eb2c201780e21d1a141c7c8e492e7d70412964b488c6d78df82f0faa1ee8f1e7ad1a5336fb5c4490a06de6d104063219d4b536f09a6677d67723640351d9002cf29e22a5263acc3694d506b7f32a5628a233afd09f42ecab7bb43f0a8807a9e8ed77a482f735bc12ba7699921fad261137d860568113ae2493f7636a8b8d6cadd0f9c3b8ab80005c72aabf46daed59fc11d1d95dc7d911ba98c44dc06454b54c0c38314f898f9d9f296dceec5f108cf429f997dd6af4f65e9c619250ac5220772dcf4e23cc9d87957b7f0040c277d1b882a0aae748ed59bb51f87abc98f6246244cd8fc7225f2497277d7b2240abe3a44d823eed4723942f89f06d64e982227095d9fd1e11f455f4eb9e8d2d0c095f914c0c2b28ae0a8376ae779ea1bd76a44532bbe7c9e760ea36532dfc1474afca9ee8d0f1f476568cbe76d2a2baea8fce5db03ebb3e42c06768aa382df70cd4a32de0522d6a2779eb2728a27ab4195d855dd9dfb92fd16d2ec22bfde4c0f712538b274cf7148551f109b3a5bbf82c614240f1c1aa91f6a3192dde10e04273ddef7095ef92ac48ea1c78a7d31e2e272367391707795a732e8388a654e54a19d7016cfe2e1bfb413a3e6b041d4ae50640a92a5d5492a422c3bfe9b3f30a6ba589744ca34387ce03d93fb900266d724ffc31c89a907871e35ffa93063658efe1a56e38eb08a2b135d1e09b55389e9ad4097fa975bbcdccf036b0bfcb851d611fb2d914b9c4bd755446cc833f645f022304a49a7d3cc26b4bd51924078bbf4f7585a748146913da5deefe5f691e90512df094dab161ee16fc1e973de83d46dc6ea27381073fb4d68178c6cf5ec98b560c00559e5a1069be5c44940f43a520b3d286ddd6874e9441f6b8eb26f13ba803b9e8f9f0a57a73e270c9e29167aa76bffe5e7b26f638b235086e8980513214421b840ad21ec884b8e70520a14dbe8b01487d5c196cb6d8089d6fca0f3ce55f6d41c3bfeed492b11330fd5cf8e19daf6a822c51d102cdab23b7d0e853d1276d95f902275546770c234e1435a263bf7d386f99e8539a63ee404af50a835743f6bd4496f16a712c583c30c36119f92424edbb50fda9930d8928b1f6955d115de5c9c3403a06e3f7f87a12dbec47f24fb51179f4bd374b28240b5895806b2c72385845a9f7ec1594303639728615dcd440d10d11a4d25ce04f354a804e112e55a2205e8123096af45dd6cad77db26debe6975f5b91919a853917c8efbb3276d256ee3a86dc10826f187ba2d0ff4e44ed502ca37487d2c1977eea390d7859740a55613fbcbc3b65b17705056fc733c87f392126beb1eb244c22bc32c23c5943c862a45edddb25f925e6b975cc21f5fd21a6567f955ee72bcbb7366531f7009e9d85dbcbd47d5392ad5fa1d6d0fec664c169e163d882cd34d913451d5a8ced8571eda46bc6c2ff5b13ce516ede8db0e83c8e009445f3ef989d27a9667f3e653744192b3e547b5b0e35a1bbec61d049402bc98b43379ced4a6bb5fc534294fc6e5fb1f51dabbd57c7c39a075b43388691756229fdb3e2e2f4b84566081a0deb5e6b7f14ea8cbb1a8e1aad4f6c0b4009a63bb6c1e337a5dcde2879b22d975abd26ccee09ac03e60ece5ce074ecd203c2ce3621dc73e1cee079a639666a9130586ce54e7e2d384f3944bfbe7b08d03b6096bad6b413b34dc36b1a87f88ddc3f15fd53d535218c4d0bfb8dfa8ef0c6d18ffe748c452b3ca452648d77ed7260f31331a525504f6985f4619fae37f057c36eab154d843a46fb739c54d2580060514ff8891385657eba9185c991fa5a3e0bca9c10733611b7e03fb6332c5bb138ddba963799dfc45424c88249a058a6c3681002e6aeab5790257e18b969598cd4b5b170adc1b29d6a8ce354569f040088f4f8bbeb98219ef60f57cba603e50c65d68fda8832a6c0ef1e641f5ce486397934071f73592a65e8365e1817436f35f15861578bf58a021d3e89c4c6a28c9e19df5cfcdbde580e693b3126e268391a7d4d2035068e67767bddd474a9ec72d8f0b71d2cadc64b9fc21aac1993f4f90b56f159b638db354536bcb8b7b8e152c00b8ead01d3fb2490c31de78134a5b36ebc0958624552c6cbf74d36c17d092ace61af480081c1c8d4c74c579be089e73578a1477900768d40e67251250359e7c7c79429cf31ba3a441759deddb875c4cc96874f930eb4d203fcddd965acec9217e32edaec3c9e1965133b40943970159aadd406ad88b27a7fc4e3c82b785b403a7b9b2a72ea9f359b1037c1cc679bac6e9d768a7a998003e851f56a7b89f772b38a26bebc5898c6fcb4deb6f136f65b0577ee7b4b289e878ee1433483c9c32fc1164aa88d211738b1aefa88f58ac2f5df23064dbcbec0ec03bbb0f2f4c0f9c38c4303ee95a7207c1b596ed29cca1ff49ce6dc0588abc2a0c85aeca8b6c6d360f44b5097957cfabe7cfb039ad1316b1efa2ab8a569efed972886c1ec4471b98295627ec78e8411c6a89ae7b6dd0ae363cbfeca0c2d4f0fef01140081174a5b92b770d947f25fb48a308eb9ed7bbcfbd7b406ed818d9466ebb69123556cd837768b9e1675c41f43e00ea85f4256ed8a6ef30b065070019cdd72fb07ace03271706d5e0c7f1bfb1cecc17b38801d0dd05ba08bcb93b3866ff4a445b1bd8b5e61f5da6a68029afdcfa1bbc891bb9d97d5b8ab8144bcf656286d1b118d50f0a19f9d2e6d97f151f9c3f617b46f6bfdfd23500486c7cb565ed3b4a34e825edf949ed38ed42bb23954d05fe203137c9908a6063952d2de76c85df16b39cd7e2f8150597dc0edfb78d1c62898fea8f4b00a2619525cacb8239af70cdbab84d85183ce0928d977b5813837ebf053b7f8debcb", &(0x7f0000000000)="292b3de0cfb9842866f5c60b97dbc54730bf6b9e39a9fb11bc02a151c4356e9a8da8f80dd8509c0ed4771a65d0fcbd342a3ef6578b8f7aed478a48a029ba62284e688cb16d61fe75bdf10cf500858d0924306e241da6194cf52938d7a29a6e91ea5757f82785dd333dc5d8366e5a82334b58ac57dc0a41c0e149f7601132e9c61b9fb015fdfc3ae99a207688a29fdabda5c20f9846f9d805662119a60b72a3af264358a046443bb0b7c8ad4493d5dcb9fb13ab5e5846ed4db004eb67b30fd70f55e965bb968c8b1e76d8ef6908b598050118f370f9f4aa639f0beb525ec55d15c3c391417695519dc333cce8329f72facf539d94ad3b8bbd6247a63247"}}, &(0x7f00000001c0)) (async) syz_open_dev$usbfs(&(0x7f0000000200), 0x5, 0x4200) (async) sendmsg$AUDIT_TTY_SET(0xffffffffffffffff, &(0x7f0000001340)={&(0x7f0000001280)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000001300)={&(0x7f00000012c0)={0x18, 0x3f9, 0x200, 0x70bd2a, 0x25dfdbfc, {0x1}, ["", "", ""]}, 0x18}, 0x1, 0x0, 0x0, 0x50000}, 0x440) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r4, 0x0, 0x0) (async) fsconfig$FSCONFIG_CMD_RECONFIGURE(r4, 0x7, 0x0, 0x0, 0x0) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001640)={r3, 0xe0, &(0x7f0000001540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000001380)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x4, &(0x7f00000013c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001400)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000001440)=[{}, {}, {}], 0x18, 0x10, &(0x7f0000001480), &(0x7f00000014c0), 0x8, 0x10, 0x8, 0x8, &(0x7f0000001500)}}, 0x10) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000001700)={'syztnl2\x00', &(0x7f0000001680)={'ip6tnl0\x00', r5, 0x2f, 0x3, 0x1, 0x1, 0x40, @mcast1, @dev={0xfe, 0x80, '\x00', 0xd}, 0x40, 0x40, 0x7}}) timer_delete(r0) timer_gettime(0x0, &(0x7f0000000240)) 08:07:52 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) ioctl$HIDIOCGCOLLECTIONINDEX(0xffffffffffffffff, 0x40184810, &(0x7f0000000000)={0x2, 0x100, 0x200, 0x9, 0x400, 0x9d9}) 08:07:52 executing program 5: ioctl$USBDEVFS_BULK(0xffffffffffffffff, 0xc0185502, &(0x7f0000000040)={{{0x9}}, 0x86, 0x14000, &(0x7f0000000180)="5cb8c9d31ac32045aa3efaf9f284bd955cc0df8409d98bc14a49f9ae573d16d19895bbce56c39dd34ca44eae176e6420894628d3234ea098f4b2d08580fb1bc084aeac318134630ecd0dcd84dc31a61e71469e71069134afbb32569788324c937625034b11836299ccf74cd81bb0bfc83650626289fed1c8bfb9d89d3656bd34661857a4ebff"}) timer_create(0x0, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) ioctl$USBDEVFS_BULK(r0, 0xc0185502, &(0x7f0000002340)={{{0x3, 0x1}}, 0x3a, 0x7, &(0x7f0000002300)="4f3bbdd7117b2675db93475e2c86202df525c1f4611433b46dae820cf6d537f5ab9f5f6bc3a7b49be2f1aac1b7b52e3d562d59a15a3f89c19465"}) timer_create(0x3, &(0x7f0000000080)={0x0, 0x4, 0x4, @thr={&(0x7f0000000000)="77577607638a3d7f4a67e632c5ba7f5f6d9cbceadeb1577f578b60a8492dad3fb074e35b2ec0549ec64a087c96cd0ab8326eb90345fd41df08c793fa44805a", &(0x7f0000000040)}}, &(0x7f00000000c0)) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) timer_create(0x5, &(0x7f0000002280)={0x0, 0x2a, 0x4, @tid=r1}, &(0x7f00000022c0)) ioctl$USBDEVFS_BULK(0xffffffffffffffff, 0xc0185502, &(0x7f0000000040)={{{0x9}}, 0x86, 0x14000, &(0x7f0000000180)="5cb8c9d31ac32045aa3efaf9f284bd955cc0df8409d98bc14a49f9ae573d16d19895bbce56c39dd34ca44eae176e6420894628d3234ea098f4b2d08580fb1bc084aeac318134630ecd0dcd84dc31a61e71469e71069134afbb32569788324c937625034b11836299ccf74cd81bb0bfc83650626289fed1c8bfb9d89d3656bd34661857a4ebff"}) (async) timer_create(0x0, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_delete(0x0) (async) pipe(&(0x7f0000005540)) (async) read$FUSE(r0, 0x0, 0x0) (async) ioctl$USBDEVFS_BULK(r0, 0xc0185502, &(0x7f0000002340)={{{0x3, 0x1}}, 0x3a, 0x7, &(0x7f0000002300)="4f3bbdd7117b2675db93475e2c86202df525c1f4611433b46dae820cf6d537f5ab9f5f6bc3a7b49be2f1aac1b7b52e3d562d59a15a3f89c19465"}) (async) timer_create(0x3, &(0x7f0000000080)={0x0, 0x4, 0x4, @thr={&(0x7f0000000000)="77577607638a3d7f4a67e632c5ba7f5f6d9cbceadeb1577f578b60a8492dad3fb074e35b2ec0549ec64a087c96cd0ab8326eb90345fd41df08c793fa44805a", &(0x7f0000000040)}}, &(0x7f00000000c0)) (async) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020}, 0x2020) (async) timer_create(0x5, &(0x7f0000002280)={0x0, 0x2a, 0x4, @tid=r1}, &(0x7f00000022c0)) (async) [ 1019.446683][ T4047] FAULT_INJECTION: forcing a failure. [ 1019.446683][ T4047] name failslab, interval 1, probability 0, space 0, times 0 [ 1019.482717][ T4047] CPU: 1 PID: 4047 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1019.490968][ T4047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1019.500867][ T4047] Call Trace: [ 1019.503990][ T4047] [ 1019.506763][ T4047] dump_stack_lvl+0x151/0x1b7 [ 1019.511281][ T4047] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1019.516577][ T4047] dump_stack+0x15/0x17 [ 1019.520564][ T4047] should_fail+0x3c0/0x510 [ 1019.524822][ T4047] __should_failslab+0x9f/0xe0 [ 1019.529422][ T4047] should_failslab+0x9/0x20 [ 1019.533760][ T4047] kmem_cache_alloc+0x4f/0x2f0 [ 1019.538360][ T4047] ? vm_area_dup+0x26/0x1d0 [ 1019.542696][ T4047] vm_area_dup+0x26/0x1d0 [ 1019.546859][ T4047] dup_mmap+0x6b8/0xea0 [ 1019.550854][ T4047] ? __delayed_free_task+0x20/0x20 [ 1019.555803][ T4047] ? mm_init+0x807/0x960 [ 1019.559880][ T4047] dup_mm+0x91/0x330 [ 1019.563612][ T4047] copy_mm+0x108/0x1b0 [ 1019.567518][ T4047] copy_process+0x1295/0x3250 [ 1019.572033][ T4047] ? check_stack_object+0xf7/0x130 [ 1019.576976][ T4047] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1019.581923][ T4047] ? copy_clone_args_from_user+0x6cf/0x790 [ 1019.587567][ T4047] kernel_clone+0x22d/0x990 [ 1019.591905][ T4047] ? dup_mmap+0xea0/0xea0 [ 1019.596072][ T4047] ? create_io_thread+0x1e0/0x1e0 [ 1019.600931][ T4047] ? file_end_write+0x1b0/0x1b0 [ 1019.605620][ T4047] __x64_sys_clone3+0x375/0x3a0 [ 1019.610305][ T4047] ? __ia32_sys_clone+0x300/0x300 [ 1019.615169][ T4047] ? ksys_write+0x25f/0x2c0 [ 1019.619506][ T4047] ? debug_smp_processor_id+0x17/0x20 [ 1019.624713][ T4047] do_syscall_64+0x44/0xd0 [ 1019.628977][ T4047] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1019.634695][ T4047] RIP: 0033:0x7f495fdbc639 [ 1019.638948][ T4047] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1019.658391][ T4047] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1019.666640][ T4047] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1019.674445][ T4047] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1019.682259][ T4047] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1019.690070][ T4047] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 08:07:52 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 60) 08:07:52 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) (async) timer_create(0x5, &(0x7f0000000180)={0x0, 0x3c, 0x4, @thr={&(0x7f0000000280)="a3d0c60bafc16907294771cc436402b3dbee73a17d4b081b3ee8c09183e533c4d170ddeca928c5e9890d9553da7bf719210133e84d1ab06cb4560edac53f9f7edc16826b22b3cba3d3db891b894191bd79c54ffbb5d851314d948033e46762a53723ae94cc8ed893a8e244af1684cc1b9aa7b21ae70ac1e889961815fded3b5d30396a68cf9fc038b4fa11e714a1b4a239ffa1f05c22a5a4acd19406dc0ffc1f7e6c7236cb3175b71678ddc7576a01558f83d4fa5d7b69cb1afa8ad1a6fc947093372567a7addfe8e0474461bdc2cf30a617d7a54487a71b357618e3d395a3d501751c5f8d98f8945e92697570cdda60e797255fc757429dbc8c232a225fce016583fa5c6515cd80ee02f05ff03e496c7e1ca8c2d7591133ad03e6db1a0f311d6a509f0b9127946a336c8c1a3535fa89af5aa4ee22dc9b50844f1b0cb34c171681a7f2e303e633645babaf1d8a33490b42a7bd1973342ba4227cd4459a75eb29d9916ac5c5588d5bf25f89ae5c3afbcb685c9b50d358e7215b7332800aa9d30dade77f310a1a2fba8377179486b6b4b66158dfc5d5945ffc256fc8ee192a6b5b80b51db07c04a2214d37dcaf591f1db196d652dc57d61c7ee38a3d9a5ede8ad56e75df688785b6d51715019fb7868ee36d812ad852480f4a2540128bf3eaa6648228fe8d82a627bfd4da1ab7e5e930d9f5f42bbcaadea0bf2a224b595f3dd2f5d08df48e8057b68efddea2e1a734fc5b9511e1caf2a2280d77b2738422ba7525079b2364faf42d546b1a797273d7ac2b834f8f02b6f1cc1b5a4dbd9dbb0c5b7454dec871995144cd05db9346222250e504ccb60eed8baf21c4d87f733b0623ecdb09b36ddbdc3c54ec944917aa9c28c7184c32e811cd74cb43b2f00d948ffecd3b464944799842712ef1c60dfb01c2f50ee1cfcd4bbb87e3119252dcd3253591cce3c30279a13733d7ae8a522fabe8e420cfb1d389ce35efb6cd6bc116bbc555d5446a1f6a306ac5612839541f2afa247c218fc772486e3f6c2f2afe8df3e4be1dd8e9fa771381c4453728262da88cdf6323185baf284ad49168e0f7c7e208ae46682af7ed1f96b73708eaa3c361926279a588520aea22d08888af48de3ca58f92bb788978d28b0954bb143147f1eb1c3cde4167eca10f62cb83fe4d0817acada09fae1c9aaf862aadc3c32d6a966c430c7a3e8fc8dcef00592905b5a5f124b568ff281c24ba0b9e24b4376fb28572a10884cb8ac7ec0fea58d36f6326dbba9217b758c40fa637a737cfcd26428f18ae28e0346b2015e9c6c14afd7a591318439c01c4d3b37f1fe38fc0afdc101d31783989fd3737a4455ab0abf425c81ad4c1768b95762b1629284e407bc7fc12862eb270953d775251c63894a844fdf338a80cfb529ae1a102f1b783c3b0b541a94517fd9dbf8ed60fa6330e25415198030d9581d4955f5149980b6d183a17e5939f85984482cd0a9e794175a348824d3601d7580d0fd7c0bf3ae58a2867cf6c201211bd94cbd2881cb0496747071bed566e443b6cc40d1460e43de63ae43638f1a2a1cc5c59fa3b6eb14df91c236a3d8b3dd10008bee77f6becdffb0aace9a14cbac74ac91abe4dc883519738592a27aa7a3d2be9c57ff4417a05d246e33ad2073de2a6ba0eb6dbc291f5f56c88329e036c8cf051cdbd65e2efa15490209da9f81c0f5310b25e62a1e3bb0e33eae234090c81ecf7d81374f932eef9c39fc1f0e1ed0ea973a7449fe26cda3f4d1056fbdfc275fcb40ed6b9c480b7fea2a445bfe84689dbc89d5569851484096097d6ebd37629db001760c50ae755be6055ec397d23dc47545e6395410065762e2ff5dd3a68e4efb7afb238cfffa17acac2737c72b322661f7f5746002c6a0f88b55ab32b3eeafbb70bdf534c62e7718e74afa8cdba925c961cec58e8f14d1ddd02c63ee7370accc3497890f2a6b9379ddf84fd9f04e2595312a80950f3758e44e9e98f31de7640d342ec49561d3e65c97f4b1643e6587e93d5668e570cfe031f4efae77fa8dd91c255bd3c066f54b822d71e9fe10fe7ca801aaaac663b18a6093611c15f611c386f346d6a01c597f27ee67055d512914d76bec5235e51055e5ce97a7c83f9a5666d834d7b471a3ca7658f9f6ea908a2a968d524bf7f86cbb579fbb75d0385484eae7c1c744c14d434e670b407630c00261237bba620ba9249e32970c1faf3af72be80758dbd9040e13e2a417c0bedd9792d2f0204fe079449bec7b5ab247eaf740001215a38b8af2ec03ef704f8423b88ba45e2eef97f700cb3df0db2b5633c66f2f66d36f0f45f6557f4e75add6cd04e4e91541609341c5c801f2dbbfe765cef692ad36843357e9df5135509a1429b0a0ba5ca09fa9f84866ce46da2848722c542a0e9c77394f239e75587eb8921743aeabc902cee536970db8d14a9dcb210ef896799159845372353f3d85d7c26abe6532e8135ed525cd04ca80d1acf123e7a13f5b2069e63234c4197bc82ba669f5f75235f0f0d3c0fa930982da2db36f8f477253b06ae21da5bd516a5b07a12d858000ddebd580823081fc8a4be14e5f8f7ff25abb4d90eb356e9a51952ae089c2319022058fa98cf8df19425213f80e98e8804e9c685b50636ed04879ef2ae5a7712556aa66ebcc20fc5972aca7a221d3c9f1b0bedd64f3ed1629f188ad692aa91c5558caf36556a8d944dd122c3c25c88fe01c92316abaee71ff39c9f6e20dc7c6fc071d394ad45075350c781478c3d5316eaf9166ce11112fa1c8d3b5c16e4b8e12ff9d2b9c0b2d03bad946f2393ed3883624d83d3a78b0750608ab4aebf0b63023271e9090dd47b0c3d82093cf2667f284078d7522cb7255098bf50012891d14f7a840a139c66439b3b7f3c2a97f762b43360667f61f432804f370eb2c201780e21d1a141c7c8e492e7d70412964b488c6d78df82f0faa1ee8f1e7ad1a5336fb5c4490a06de6d104063219d4b536f09a6677d67723640351d9002cf29e22a5263acc3694d506b7f32a5628a233afd09f42ecab7bb43f0a8807a9e8ed77a482f735bc12ba7699921fad261137d860568113ae2493f7636a8b8d6cadd0f9c3b8ab80005c72aabf46daed59fc11d1d95dc7d911ba98c44dc06454b54c0c38314f898f9d9f296dceec5f108cf429f997dd6af4f65e9c619250ac5220772dcf4e23cc9d87957b7f0040c277d1b882a0aae748ed59bb51f87abc98f6246244cd8fc7225f2497277d7b2240abe3a44d823eed4723942f89f06d64e982227095d9fd1e11f455f4eb9e8d2d0c095f914c0c2b28ae0a8376ae779ea1bd76a44532bbe7c9e760ea36532dfc1474afca9ee8d0f1f476568cbe76d2a2baea8fce5db03ebb3e42c06768aa382df70cd4a32de0522d6a2779eb2728a27ab4195d855dd9dfb92fd16d2ec22bfde4c0f712538b274cf7148551f109b3a5bbf82c614240f1c1aa91f6a3192dde10e04273ddef7095ef92ac48ea1c78a7d31e2e272367391707795a732e8388a654e54a19d7016cfe2e1bfb413a3e6b041d4ae50640a92a5d5492a422c3bfe9b3f30a6ba589744ca34387ce03d93fb900266d724ffc31c89a907871e35ffa93063658efe1a56e38eb08a2b135d1e09b55389e9ad4097fa975bbcdccf036b0bfcb851d611fb2d914b9c4bd755446cc833f645f022304a49a7d3cc26b4bd51924078bbf4f7585a748146913da5deefe5f691e90512df094dab161ee16fc1e973de83d46dc6ea27381073fb4d68178c6cf5ec98b560c00559e5a1069be5c44940f43a520b3d286ddd6874e9441f6b8eb26f13ba803b9e8f9f0a57a73e270c9e29167aa76bffe5e7b26f638b235086e8980513214421b840ad21ec884b8e70520a14dbe8b01487d5c196cb6d8089d6fca0f3ce55f6d41c3bfeed492b11330fd5cf8e19daf6a822c51d102cdab23b7d0e853d1276d95f902275546770c234e1435a263bf7d386f99e8539a63ee404af50a835743f6bd4496f16a712c583c30c36119f92424edbb50fda9930d8928b1f6955d115de5c9c3403a06e3f7f87a12dbec47f24fb51179f4bd374b28240b5895806b2c72385845a9f7ec1594303639728615dcd440d10d11a4d25ce04f354a804e112e55a2205e8123096af45dd6cad77db26debe6975f5b91919a853917c8efbb3276d256ee3a86dc10826f187ba2d0ff4e44ed502ca37487d2c1977eea390d7859740a55613fbcbc3b65b17705056fc733c87f392126beb1eb244c22bc32c23c5943c862a45edddb25f925e6b975cc21f5fd21a6567f955ee72bcbb7366531f7009e9d85dbcbd47d5392ad5fa1d6d0fec664c169e163d882cd34d913451d5a8ced8571eda46bc6c2ff5b13ce516ede8db0e83c8e009445f3ef989d27a9667f3e653744192b3e547b5b0e35a1bbec61d049402bc98b43379ced4a6bb5fc534294fc6e5fb1f51dabbd57c7c39a075b43388691756229fdb3e2e2f4b84566081a0deb5e6b7f14ea8cbb1a8e1aad4f6c0b4009a63bb6c1e337a5dcde2879b22d975abd26ccee09ac03e60ece5ce074ecd203c2ce3621dc73e1cee079a639666a9130586ce54e7e2d384f3944bfbe7b08d03b6096bad6b413b34dc36b1a87f88ddc3f15fd53d535218c4d0bfb8dfa8ef0c6d18ffe748c452b3ca452648d77ed7260f31331a525504f6985f4619fae37f057c36eab154d843a46fb739c54d2580060514ff8891385657eba9185c991fa5a3e0bca9c10733611b7e03fb6332c5bb138ddba963799dfc45424c88249a058a6c3681002e6aeab5790257e18b969598cd4b5b170adc1b29d6a8ce354569f040088f4f8bbeb98219ef60f57cba603e50c65d68fda8832a6c0ef1e641f5ce486397934071f73592a65e8365e1817436f35f15861578bf58a021d3e89c4c6a28c9e19df5cfcdbde580e693b3126e268391a7d4d2035068e67767bddd474a9ec72d8f0b71d2cadc64b9fc21aac1993f4f90b56f159b638db354536bcb8b7b8e152c00b8ead01d3fb2490c31de78134a5b36ebc0958624552c6cbf74d36c17d092ace61af480081c1c8d4c74c579be089e73578a1477900768d40e67251250359e7c7c79429cf31ba3a441759deddb875c4cc96874f930eb4d203fcddd965acec9217e32edaec3c9e1965133b40943970159aadd406ad88b27a7fc4e3c82b785b403a7b9b2a72ea9f359b1037c1cc679bac6e9d768a7a998003e851f56a7b89f772b38a26bebc5898c6fcb4deb6f136f65b0577ee7b4b289e878ee1433483c9c32fc1164aa88d211738b1aefa88f58ac2f5df23064dbcbec0ec03bbb0f2f4c0f9c38c4303ee95a7207c1b596ed29cca1ff49ce6dc0588abc2a0c85aeca8b6c6d360f44b5097957cfabe7cfb039ad1316b1efa2ab8a569efed972886c1ec4471b98295627ec78e8411c6a89ae7b6dd0ae363cbfeca0c2d4f0fef01140081174a5b92b770d947f25fb48a308eb9ed7bbcfbd7b406ed818d9466ebb69123556cd837768b9e1675c41f43e00ea85f4256ed8a6ef30b065070019cdd72fb07ace03271706d5e0c7f1bfb1cecc17b38801d0dd05ba08bcb93b3866ff4a445b1bd8b5e61f5da6a68029afdcfa1bbc891bb9d97d5b8ab8144bcf656286d1b118d50f0a19f9d2e6d97f151f9c3f617b46f6bfdfd23500486c7cb565ed3b4a34e825edf949ed38ed42bb23954d05fe203137c9908a6063952d2de76c85df16b39cd7e2f8150597dc0edfb78d1c62898fea8f4b00a2619525cacb8239af70cdbab84d85183ce0928d977b5813837ebf053b7f8debcb", &(0x7f0000000000)="292b3de0cfb9842866f5c60b97dbc54730bf6b9e39a9fb11bc02a151c4356e9a8da8f80dd8509c0ed4771a65d0fcbd342a3ef6578b8f7aed478a48a029ba62284e688cb16d61fe75bdf10cf500858d0924306e241da6194cf52938d7a29a6e91ea5757f82785dd333dc5d8366e5a82334b58ac57dc0a41c0e149f7601132e9c61b9fb015fdfc3ae99a207688a29fdabda5c20f9846f9d805662119a60b72a3af264358a046443bb0b7c8ad4493d5dcb9fb13ab5e5846ed4db004eb67b30fd70f55e965bb968c8b1e76d8ef6908b598050118f370f9f4aa639f0beb525ec55d15c3c391417695519dc333cce8329f72facf539d94ad3b8bbd6247a63247"}}, &(0x7f00000001c0)) syz_open_dev$usbfs(&(0x7f0000000200), 0x5, 0x4200) sendmsg$AUDIT_TTY_SET(0xffffffffffffffff, &(0x7f0000001340)={&(0x7f0000001280)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000001300)={&(0x7f00000012c0)={0x18, 0x3f9, 0x200, 0x70bd2a, 0x25dfdbfc, {0x1}, ["", "", ""]}, 0x18}, 0x1, 0x0, 0x0, 0x50000}, 0x440) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r4, 0x0, 0x0) (async) fsconfig$FSCONFIG_CMD_RECONFIGURE(r4, 0x7, 0x0, 0x0, 0x0) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001640)={r3, 0xe0, &(0x7f0000001540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000001380)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x4, &(0x7f00000013c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001400)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000001440)=[{}, {}, {}], 0x18, 0x10, &(0x7f0000001480), &(0x7f00000014c0), 0x8, 0x10, 0x8, 0x8, &(0x7f0000001500)}}, 0x10) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000001700)={'syztnl2\x00', &(0x7f0000001680)={'ip6tnl0\x00', r5, 0x2f, 0x3, 0x1, 0x1, 0x40, @mcast1, @dev={0xfe, 0x80, '\x00', 0xd}, 0x40, 0x40, 0x7}}) (async) timer_delete(r0) (async) timer_gettime(0x0, &(0x7f0000000240)) 08:07:52 executing program 0: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) bind$bt_sco(r2, &(0x7f0000000040), 0x8) read$FUSE(r1, 0x0, 0x0) connect$bt_sco(r1, &(0x7f0000000000), 0x8) 08:07:52 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(0x0) 08:07:52 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (async) ioctl$HIDIOCGCOLLECTIONINDEX(0xffffffffffffffff, 0x40184810, &(0x7f0000000000)={0x2, 0x100, 0x200, 0x9, 0x400, 0x9d9}) 08:07:52 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) r2 = fsmount(r1, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r2, 0x80045519, &(0x7f0000000180)=0x100) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, 0x0, 0x0) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) 08:07:52 executing program 1: keyctl$reject(0x13, 0x0, 0x5, 0x1, 0xfffffffffffffffc) timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) 08:07:52 executing program 0: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) bind$bt_sco(r2, &(0x7f0000000040), 0x8) read$FUSE(r1, 0x0, 0x0) connect$bt_sco(r1, &(0x7f0000000000), 0x8) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) pipe(&(0x7f0000005540)) (async) read$FUSE(r0, 0x0, 0x0) (async) pipe(&(0x7f0000005540)) (async) pipe(&(0x7f0000005540)) (async) read$FUSE(r2, 0x0, 0x0) (async) bind$bt_sco(r2, &(0x7f0000000040), 0x8) (async) read$FUSE(r1, 0x0, 0x0) (async) connect$bt_sco(r1, &(0x7f0000000000), 0x8) (async) 08:07:52 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_delete(0x0) [ 1019.697878][ T4047] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1019.705692][ T4047] 08:07:52 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x77359400}, {0x77359400}}, 0x0) (async, rerun: 64) timer_delete(0x0) (rerun: 64) 08:07:52 executing program 1: keyctl$reject(0x13, 0x0, 0x5, 0x1, 0xfffffffffffffffc) (async) timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) [ 1019.758102][ T4120] FAULT_INJECTION: forcing a failure. [ 1019.758102][ T4120] name failslab, interval 1, probability 0, space 0, times 0 [ 1019.776269][ T4120] CPU: 0 PID: 4120 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1019.784513][ T4120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1019.794411][ T4120] Call Trace: [ 1019.797536][ T4120] [ 1019.800311][ T4120] dump_stack_lvl+0x151/0x1b7 08:07:52 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) r0 = fsmount(0xffffffffffffffff, 0x1, 0x1) getsockopt$bt_sco_SCO_CONNINFO(r0, 0x11, 0x2, &(0x7f0000000000)=""/199, &(0x7f0000000180)=0xc7) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) ioctl$USBDEVFS_REAPURBNDELAY(r0, 0x4008550d, &(0x7f00000001c0)) timer_delete(0x0) [ 1019.804826][ T4120] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1019.810120][ T4120] dump_stack+0x15/0x17 [ 1019.814113][ T4120] should_fail+0x3c0/0x510 [ 1019.818365][ T4120] __should_failslab+0x9f/0xe0 [ 1019.822964][ T4120] should_failslab+0x9/0x20 [ 1019.827301][ T4120] kmem_cache_alloc+0x4f/0x2f0 [ 1019.831900][ T4120] ? vm_area_dup+0x26/0x1d0 [ 1019.836238][ T4120] vm_area_dup+0x26/0x1d0 [ 1019.840404][ T4120] dup_mmap+0x6b8/0xea0 [ 1019.844399][ T4120] ? __delayed_free_task+0x20/0x20 [ 1019.849345][ T4120] ? mm_init+0x807/0x960 [ 1019.853424][ T4120] dup_mm+0x91/0x330 [ 1019.857158][ T4120] copy_mm+0x108/0x1b0 [ 1019.861067][ T4120] copy_process+0x1295/0x3250 [ 1019.865576][ T4120] ? check_stack_object+0xf7/0x130 [ 1019.870524][ T4120] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1019.875470][ T4120] ? copy_clone_args_from_user+0x6cf/0x790 [ 1019.881118][ T4120] kernel_clone+0x22d/0x990 [ 1019.885454][ T4120] ? dup_mmap+0xea0/0xea0 [ 1019.889615][ T4120] ? create_io_thread+0x1e0/0x1e0 [ 1019.894479][ T4120] ? file_end_write+0x1b0/0x1b0 [ 1019.899165][ T4120] __x64_sys_clone3+0x375/0x3a0 [ 1019.903849][ T4120] ? __ia32_sys_clone+0x300/0x300 [ 1019.908711][ T4120] ? ksys_write+0x25f/0x2c0 [ 1019.913058][ T4120] ? debug_smp_processor_id+0x17/0x20 [ 1019.918257][ T4120] do_syscall_64+0x44/0xd0 [ 1019.922510][ T4120] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1019.928239][ T4120] RIP: 0033:0x7f495fdbc639 [ 1019.932493][ T4120] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 08:07:52 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 61) 08:07:52 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) ioctl$HIDIOCGCOLLECTIONINDEX(0xffffffffffffffff, 0x40184810, &(0x7f0000000000)={0x2, 0x100, 0x200, 0x9, 0x400, 0x9d9}) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (async) ioctl$HIDIOCGCOLLECTIONINDEX(0xffffffffffffffff, 0x40184810, &(0x7f0000000000)={0x2, 0x100, 0x200, 0x9, 0x400, 0x9d9}) (async) 08:07:52 executing program 1: keyctl$reject(0x13, 0x0, 0x5, 0x1, 0xfffffffffffffffc) (async) timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) 08:07:52 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) (async) r0 = fsmount(0xffffffffffffffff, 0x1, 0x1) getsockopt$bt_sco_SCO_CONNINFO(r0, 0x11, 0x2, &(0x7f0000000000)=""/199, &(0x7f0000000180)=0xc7) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) ioctl$USBDEVFS_REAPURBNDELAY(r0, 0x4008550d, &(0x7f00000001c0)) (async) timer_delete(0x0) 08:07:52 executing program 0: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) (async) bind$bt_sco(r2, &(0x7f0000000040), 0x8) read$FUSE(r1, 0x0, 0x0) connect$bt_sco(r1, &(0x7f0000000000), 0x8) 08:07:52 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) r2 = fsmount(r1, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r2, 0x80045519, &(0x7f0000000180)=0x100) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, 0x0, 0x0) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) 08:07:52 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x81}, 0xa) connect$bt_sco(r0, &(0x7f00000000c0), 0x8) 08:07:52 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) (async) r0 = fsmount(0xffffffffffffffff, 0x1, 0x1) getsockopt$bt_sco_SCO_CONNINFO(r0, 0x11, 0x2, &(0x7f0000000000)=""/199, &(0x7f0000000180)=0xc7) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) ioctl$USBDEVFS_REAPURBNDELAY(r0, 0x4008550d, &(0x7f00000001c0)) (async) timer_delete(0x0) [ 1019.951937][ T4120] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1019.960182][ T4120] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1019.967991][ T4120] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1019.975801][ T4120] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1019.983613][ T4120] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1019.991424][ T4120] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1019.999238][ T4120] 08:07:52 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(r0) timer_create(0x7, &(0x7f0000000240)={0x0, 0xa, 0x4, @thr={&(0x7f0000000000)="f40f6ded3e43bc44630c2794b2c44a13e2bba9ea0bbef0bfccd237b3ba4a15392f5df20f4253eb0f8c4bff2cae1cd8becc1922f316a0bd872918f26912686793ee0afbf2cfd516f5a9ae122bd10688daf26624e0e5631c58b352f1e467874f95e0680f283371ff3ccda2ae2770e0bd2edd7f57fa38e6b38be7eb94314e2e937773adec3f39ed9de9756b9d696682157948503ea9177e53b596181f33dbba1e5252f17bad70966ec96fdc83325516deb2aece3da41b12fba2f006e3c3c262316244f434482af8efec203abca92ade749e9a50788c86fd5042b608c4898326c989", &(0x7f0000000180)="7524dd0769595535c374c2c5fd49d9113b016334e386c4d42c0c7dc70d66133c78d0722601112145917312ab7a441d7b09fc032fc1a4a6f52c09cfaa8fba9f228cf17b633961cd7e794bd8dee0d099812c12e88d4db4b734541dd90e5f79322101493b76e8af25d0f16e12589aa41fab337feba3f3bc11bd500af04bd360ad415c1ed362d33b33b3d40d6cf038a8bd90b3e5fb34ff38650b2d771a22ab1f80d33e690c2f3a28"}}, &(0x7f0000000280)=0x0) timer_delete(r1) timer_delete(0x0) timer_delete(0x0) timer_create(0x1, &(0x7f0000000380)={0x0, 0x3a, 0x1, @thr={&(0x7f00000002c0)="553bf704f8f8d52a69dcb1d1da079bc027a66cb19cb8fb5e58a45800373b", &(0x7f0000000300)="f936f846773bf913a32a31a51b19d72e0ec9c0b05335873b164172208692494d970973d94133fa2ecee6d99adb8ae96c8e606aa18f3f3309ceea62b8f5316e0e55df408387"}}, &(0x7f00000003c0)=0x0) timer_settime(r2, 0x1, &(0x7f0000000400)={{0x0, 0x989680}, {0x77359400}}, 0x0) 08:07:52 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x81}, 0xa) connect$bt_sco(r0, &(0x7f00000000c0), 0x8) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) connect$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x81}, 0xa) (async) connect$bt_sco(r0, &(0x7f00000000c0), 0x8) (async) [ 1020.046571][ T4156] FAULT_INJECTION: forcing a failure. [ 1020.046571][ T4156] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1020.093262][ T4156] CPU: 1 PID: 4156 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1020.101514][ T4156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1020.111410][ T4156] Call Trace: [ 1020.114534][ T4156] [ 1020.117309][ T4156] dump_stack_lvl+0x151/0x1b7 [ 1020.121825][ T4156] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1020.127121][ T4156] dump_stack+0x15/0x17 [ 1020.131113][ T4156] should_fail+0x3c0/0x510 [ 1020.135365][ T4156] should_fail_alloc_page+0x58/0x70 [ 1020.140397][ T4156] __alloc_pages+0x1de/0x7c0 [ 1020.144825][ T4156] ? __count_vm_events+0x30/0x30 [ 1020.149598][ T4156] ? __this_cpu_preempt_check+0x13/0x20 [ 1020.154980][ T4156] ? __mod_node_page_state+0xac/0xf0 [ 1020.160100][ T4156] pte_alloc_one+0x73/0x1b0 [ 1020.164439][ T4156] ? pfn_modify_allowed+0x2e0/0x2e0 [ 1020.169472][ T4156] __pte_alloc+0x86/0x350 [ 1020.173637][ T4156] ? free_pgtables+0x210/0x210 [ 1020.178237][ T4156] ? _raw_spin_lock+0xa3/0x1b0 [ 1020.182839][ T4156] ? _raw_spin_trylock_bh+0x1d0/0x1d0 [ 1020.188045][ T4156] ? __kernel_text_address+0x9a/0x110 [ 1020.193253][ T4156] copy_pte_range+0x1b1f/0x20b0 [ 1020.197943][ T4156] ? __kunmap_atomic+0x80/0x80 [ 1020.202543][ T4156] ? __kasan_slab_alloc+0xc4/0xe0 [ 1020.207399][ T4156] ? __kasan_slab_alloc+0xb2/0xe0 [ 1020.212259][ T4156] ? kmem_cache_alloc+0x189/0x2f0 [ 1020.217120][ T4156] ? vm_area_dup+0x26/0x1d0 [ 1020.221458][ T4156] ? dup_mmap+0x6b8/0xea0 [ 1020.225626][ T4156] ? dup_mm+0x91/0x330 [ 1020.229537][ T4156] ? copy_mm+0x108/0x1b0 [ 1020.233611][ T4156] ? copy_process+0x1295/0x3250 [ 1020.238298][ T4156] ? kernel_clone+0x22d/0x990 [ 1020.242814][ T4156] ? __x64_sys_clone3+0x375/0x3a0 [ 1020.247674][ T4156] ? do_syscall_64+0x44/0xd0 [ 1020.252098][ T4156] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1020.258002][ T4156] copy_page_range+0xc1e/0x1090 [ 1020.262693][ T4156] ? pfn_valid+0x1e0/0x1e0 [ 1020.266945][ T4156] dup_mmap+0x99f/0xea0 [ 1020.270935][ T4156] ? __delayed_free_task+0x20/0x20 [ 1020.275883][ T4156] ? mm_init+0x807/0x960 [ 1020.279962][ T4156] dup_mm+0x91/0x330 [ 1020.283692][ T4156] copy_mm+0x108/0x1b0 [ 1020.287599][ T4156] copy_process+0x1295/0x3250 [ 1020.292119][ T4156] ? check_stack_object+0xf7/0x130 [ 1020.297061][ T4156] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1020.302005][ T4156] ? copy_clone_args_from_user+0x6cf/0x790 [ 1020.307651][ T4156] kernel_clone+0x22d/0x990 [ 1020.311987][ T4156] ? dup_mmap+0xea0/0xea0 [ 1020.316153][ T4156] ? create_io_thread+0x1e0/0x1e0 [ 1020.321016][ T4156] ? file_end_write+0x1b0/0x1b0 [ 1020.325700][ T4156] __x64_sys_clone3+0x375/0x3a0 [ 1020.330387][ T4156] ? __ia32_sys_clone+0x300/0x300 [ 1020.335248][ T4156] ? ksys_write+0x25f/0x2c0 [ 1020.339588][ T4156] ? debug_smp_processor_id+0x17/0x20 [ 1020.344801][ T4156] do_syscall_64+0x44/0xd0 [ 1020.349049][ T4156] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1020.354776][ T4156] RIP: 0033:0x7f495fdbc639 [ 1020.359034][ T4156] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1020.378470][ T4156] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1020.386718][ T4156] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 08:07:52 executing program 1: pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_STATUS64(r0, 0x80605414, &(0x7f0000000080)) ioctl$KVM_GET_DEVICE_ATTR(r0, 0x4018aee2, &(0x7f0000000040)={0x0, 0x6, 0x9, &(0x7f0000000000)=0x7ff}) timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) timer_gettime(r1, &(0x7f0000000180)) 08:07:52 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async, rerun: 64) connect$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x81}, 0xa) (rerun: 64) connect$bt_sco(r0, &(0x7f00000000c0), 0x8) 08:07:52 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 62) 08:07:52 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_delete(r0) (async) timer_create(0x7, &(0x7f0000000240)={0x0, 0xa, 0x4, @thr={&(0x7f0000000000)="f40f6ded3e43bc44630c2794b2c44a13e2bba9ea0bbef0bfccd237b3ba4a15392f5df20f4253eb0f8c4bff2cae1cd8becc1922f316a0bd872918f26912686793ee0afbf2cfd516f5a9ae122bd10688daf26624e0e5631c58b352f1e467874f95e0680f283371ff3ccda2ae2770e0bd2edd7f57fa38e6b38be7eb94314e2e937773adec3f39ed9de9756b9d696682157948503ea9177e53b596181f33dbba1e5252f17bad70966ec96fdc83325516deb2aece3da41b12fba2f006e3c3c262316244f434482af8efec203abca92ade749e9a50788c86fd5042b608c4898326c989", &(0x7f0000000180)="7524dd0769595535c374c2c5fd49d9113b016334e386c4d42c0c7dc70d66133c78d0722601112145917312ab7a441d7b09fc032fc1a4a6f52c09cfaa8fba9f228cf17b633961cd7e794bd8dee0d099812c12e88d4db4b734541dd90e5f79322101493b76e8af25d0f16e12589aa41fab337feba3f3bc11bd500af04bd360ad415c1ed362d33b33b3d40d6cf038a8bd90b3e5fb34ff38650b2d771a22ab1f80d33e690c2f3a28"}}, &(0x7f0000000280)=0x0) timer_delete(r1) (async) timer_delete(0x0) (async) timer_delete(0x0) timer_create(0x1, &(0x7f0000000380)={0x0, 0x3a, 0x1, @thr={&(0x7f00000002c0)="553bf704f8f8d52a69dcb1d1da079bc027a66cb19cb8fb5e58a45800373b", &(0x7f0000000300)="f936f846773bf913a32a31a51b19d72e0ec9c0b05335873b164172208692494d970973d94133fa2ecee6d99adb8ae96c8e606aa18f3f3309ceea62b8f5316e0e55df408387"}}, &(0x7f00000003c0)=0x0) timer_settime(r2, 0x1, &(0x7f0000000400)={{0x0, 0x989680}, {0x77359400}}, 0x0) 08:07:52 executing program 1: pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_STATUS64(r0, 0x80605414, &(0x7f0000000080)) ioctl$KVM_GET_DEVICE_ATTR(r0, 0x4018aee2, &(0x7f0000000040)={0x0, 0x6, 0x9, &(0x7f0000000000)=0x7ff}) timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) timer_gettime(r1, &(0x7f0000000180)) pipe(&(0x7f0000005540)) (async) read$FUSE(r0, 0x0, 0x0) (async) ioctl$SNDRV_TIMER_IOCTL_STATUS64(r0, 0x80605414, &(0x7f0000000080)) (async) ioctl$KVM_GET_DEVICE_ATTR(r0, 0x4018aee2, &(0x7f0000000040)={0x0, 0x6, 0x9, &(0x7f0000000000)=0x7ff}) (async) timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) socket$inet_udp(0x2, 0x2, 0x0) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) (async) timer_delete(r1) (async) timer_gettime(r1, &(0x7f0000000180)) (async) 08:07:52 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) r2 = fsmount(r1, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r2, 0x80045519, &(0x7f0000000180)=0x100) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$USBDEVFS_WAIT_FOR_RESUME(r3, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) [ 1020.394529][ T4156] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1020.402338][ T4156] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1020.410147][ T4156] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1020.417963][ T4156] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1020.425778][ T4156] 08:07:53 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(r0) timer_create(0x7, &(0x7f0000000240)={0x0, 0xa, 0x4, @thr={&(0x7f0000000000)="f40f6ded3e43bc44630c2794b2c44a13e2bba9ea0bbef0bfccd237b3ba4a15392f5df20f4253eb0f8c4bff2cae1cd8becc1922f316a0bd872918f26912686793ee0afbf2cfd516f5a9ae122bd10688daf26624e0e5631c58b352f1e467874f95e0680f283371ff3ccda2ae2770e0bd2edd7f57fa38e6b38be7eb94314e2e937773adec3f39ed9de9756b9d696682157948503ea9177e53b596181f33dbba1e5252f17bad70966ec96fdc83325516deb2aece3da41b12fba2f006e3c3c262316244f434482af8efec203abca92ade749e9a50788c86fd5042b608c4898326c989", &(0x7f0000000180)="7524dd0769595535c374c2c5fd49d9113b016334e386c4d42c0c7dc70d66133c78d0722601112145917312ab7a441d7b09fc032fc1a4a6f52c09cfaa8fba9f228cf17b633961cd7e794bd8dee0d099812c12e88d4db4b734541dd90e5f79322101493b76e8af25d0f16e12589aa41fab337feba3f3bc11bd500af04bd360ad415c1ed362d33b33b3d40d6cf038a8bd90b3e5fb34ff38650b2d771a22ab1f80d33e690c2f3a28"}}, &(0x7f0000000280)=0x0) timer_delete(r1) timer_delete(0x0) timer_delete(0x0) timer_create(0x1, &(0x7f0000000380)={0x0, 0x3a, 0x1, @thr={&(0x7f00000002c0)="553bf704f8f8d52a69dcb1d1da079bc027a66cb19cb8fb5e58a45800373b", &(0x7f0000000300)="f936f846773bf913a32a31a51b19d72e0ec9c0b05335873b164172208692494d970973d94133fa2ecee6d99adb8ae96c8e606aa18f3f3309ceea62b8f5316e0e55df408387"}}, &(0x7f00000003c0)=0x0) timer_settime(r2, 0x1, &(0x7f0000000400)={{0x0, 0x989680}, {0x77359400}}, 0x0) timer_create(0x0, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_delete(r0) (async) timer_create(0x7, &(0x7f0000000240)={0x0, 0xa, 0x4, @thr={&(0x7f0000000000)="f40f6ded3e43bc44630c2794b2c44a13e2bba9ea0bbef0bfccd237b3ba4a15392f5df20f4253eb0f8c4bff2cae1cd8becc1922f316a0bd872918f26912686793ee0afbf2cfd516f5a9ae122bd10688daf26624e0e5631c58b352f1e467874f95e0680f283371ff3ccda2ae2770e0bd2edd7f57fa38e6b38be7eb94314e2e937773adec3f39ed9de9756b9d696682157948503ea9177e53b596181f33dbba1e5252f17bad70966ec96fdc83325516deb2aece3da41b12fba2f006e3c3c262316244f434482af8efec203abca92ade749e9a50788c86fd5042b608c4898326c989", &(0x7f0000000180)="7524dd0769595535c374c2c5fd49d9113b016334e386c4d42c0c7dc70d66133c78d0722601112145917312ab7a441d7b09fc032fc1a4a6f52c09cfaa8fba9f228cf17b633961cd7e794bd8dee0d099812c12e88d4db4b734541dd90e5f79322101493b76e8af25d0f16e12589aa41fab337feba3f3bc11bd500af04bd360ad415c1ed362d33b33b3d40d6cf038a8bd90b3e5fb34ff38650b2d771a22ab1f80d33e690c2f3a28"}}, &(0x7f0000000280)) (async) timer_delete(r1) (async) timer_delete(0x0) (async) timer_delete(0x0) (async) timer_create(0x1, &(0x7f0000000380)={0x0, 0x3a, 0x1, @thr={&(0x7f00000002c0)="553bf704f8f8d52a69dcb1d1da079bc027a66cb19cb8fb5e58a45800373b", &(0x7f0000000300)="f936f846773bf913a32a31a51b19d72e0ec9c0b05335873b164172208692494d970973d94133fa2ecee6d99adb8ae96c8e606aa18f3f3309ceea62b8f5316e0e55df408387"}}, &(0x7f00000003c0)) (async) timer_settime(r2, 0x1, &(0x7f0000000400)={{0x0, 0x989680}, {0x77359400}}, 0x0) (async) 08:07:53 executing program 1: pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_STATUS64(r0, 0x80605414, &(0x7f0000000080)) ioctl$KVM_GET_DEVICE_ATTR(r0, 0x4018aee2, &(0x7f0000000040)={0x0, 0x6, 0x9, &(0x7f0000000000)=0x7ff}) timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) timer_gettime(r1, &(0x7f0000000180)) pipe(&(0x7f0000005540)) (async) read$FUSE(r0, 0x0, 0x0) (async) ioctl$SNDRV_TIMER_IOCTL_STATUS64(r0, 0x80605414, &(0x7f0000000080)) (async) ioctl$KVM_GET_DEVICE_ATTR(r0, 0x4018aee2, &(0x7f0000000040)={0x0, 0x6, 0x9, &(0x7f0000000000)=0x7ff}) (async) timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) socket$inet_udp(0x2, 0x2, 0x0) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) (async) timer_delete(r1) (async) timer_gettime(r1, &(0x7f0000000180)) (async) 08:07:53 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000040)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) r3 = getgid() read$FUSE(r0, &(0x7f0000002a40)={0x2020, 0x0, 0x0, 0x0}, 0x2020) read$FUSE(r0, &(0x7f0000005580)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_DIRENTPLUS(r1, &(0x7f0000002080)={0x350, 0x0, 0x0, [{{0x5, 0x1, 0xa840000, 0x5, 0x191e5a61, 0x3, {0x4, 0xfffffffffffffff8, 0x1, 0x8, 0x7, 0x3, 0x8, 0x1, 0x8, 0x1000, 0x3, 0xee00, r2, 0x3, 0x2}}, {0x1, 0x0, 0xc, 0x80000000, 'cgroup.type\x00'}}, {{0x4, 0x2, 0x5, 0x8, 0xa5b, 0x0, {0x5, 0x9c1, 0x2521, 0xb1, 0xff, 0x30, 0x7, 0x81, 0x40c, 0x1000, 0x9, 0xee01, 0xee01, 0x8001, 0x1000}}, {0x6, 0x9, 0x2, 0x81, '&&'}}, {{0x3, 0x2, 0x7, 0xffffffffffff4059, 0x0, 0x3, {0x4, 0x5, 0x9, 0x1000, 0xfb, 0x8, 0x5, 0x2, 0xffff, 0xa000, 0x8, 0xffffffffffffffff, r3, 0x7, 0x3f}}, {0x0, 0x4, 0xc, 0x4, 'cgroup.type\x00'}}, {{0x0, 0x2, 0x3f, 0x0, 0x8, 0x7, {0x2, 0x5, 0x9, 0x7fffffffffffffff, 0x1000, 0xff, 0x100, 0x81, 0x80000001, 0x8000, 0x5, r4, r5, 0x3, 0x3f}}, {0x3, 0x7, 0x9, 0x4, '[,\'@(::]@'}}, {{0x3, 0x0, 0x800, 0x15ab, 0x4, 0x8001, {0x2, 0x8, 0x0, 0x8000, 0x7fffffff, 0x3, 0xcc8d, 0x5, 0x7ff, 0xa000, 0x3f, 0x0, 0xffffffffffffffff, 0x1ff, 0x9}}, {0x0, 0x7, 0xc, 0x9, 'cgroup.type\x00'}}]}, 0x350) openat$cgroup_type(r0, &(0x7f0000000000), 0x2, 0x0) 08:07:53 executing program 5: socket$nl_audit(0x10, 0x3, 0x9) timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) timer_settime(r0, 0x0, &(0x7f0000000080)={{r1, r2+60000000}, {r3, r4+60000000}}, &(0x7f00000000c0)) [ 1020.458015][ T4176] FAULT_INJECTION: forcing a failure. [ 1020.458015][ T4176] name failslab, interval 1, probability 0, space 0, times 0 [ 1020.483672][ T4176] CPU: 0 PID: 4176 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1020.491928][ T4176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1020.501821][ T4176] Call Trace: [ 1020.504948][ T4176] 08:07:53 executing program 5: socket$nl_audit(0x10, 0x3, 0x9) (async) timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_delete(0x0) (async) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) (async) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) timer_settime(r0, 0x0, &(0x7f0000000080)={{r1, r2+60000000}, {r3, r4+60000000}}, &(0x7f00000000c0)) 08:07:53 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000040)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) r3 = getgid() read$FUSE(r0, &(0x7f0000002a40)={0x2020, 0x0, 0x0, 0x0}, 0x2020) read$FUSE(r0, &(0x7f0000005580)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_DIRENTPLUS(r1, &(0x7f0000002080)={0x350, 0x0, 0x0, [{{0x5, 0x1, 0xa840000, 0x5, 0x191e5a61, 0x3, {0x4, 0xfffffffffffffff8, 0x1, 0x8, 0x7, 0x3, 0x8, 0x1, 0x8, 0x1000, 0x3, 0xee00, r2, 0x3, 0x2}}, {0x1, 0x0, 0xc, 0x80000000, 'cgroup.type\x00'}}, {{0x4, 0x2, 0x5, 0x8, 0xa5b, 0x0, {0x5, 0x9c1, 0x2521, 0xb1, 0xff, 0x30, 0x7, 0x81, 0x40c, 0x1000, 0x9, 0xee01, 0xee01, 0x8001, 0x1000}}, {0x6, 0x9, 0x2, 0x81, '&&'}}, {{0x3, 0x2, 0x7, 0xffffffffffff4059, 0x0, 0x3, {0x4, 0x5, 0x9, 0x1000, 0xfb, 0x8, 0x5, 0x2, 0xffff, 0xa000, 0x8, 0xffffffffffffffff, r3, 0x7, 0x3f}}, {0x0, 0x4, 0xc, 0x4, 'cgroup.type\x00'}}, {{0x0, 0x2, 0x3f, 0x0, 0x8, 0x7, {0x2, 0x5, 0x9, 0x7fffffffffffffff, 0x1000, 0xff, 0x100, 0x81, 0x80000001, 0x8000, 0x5, r4, r5, 0x3, 0x3f}}, {0x3, 0x7, 0x9, 0x4, '[,\'@(::]@'}}, {{0x3, 0x0, 0x800, 0x15ab, 0x4, 0x8001, {0x2, 0x8, 0x0, 0x8000, 0x7fffffff, 0x3, 0xcc8d, 0x5, 0x7ff, 0xa000, 0x3f, 0x0, 0xffffffffffffffff, 0x1ff, 0x9}}, {0x0, 0x7, 0xc, 0x9, 'cgroup.type\x00'}}]}, 0x350) openat$cgroup_type(r0, &(0x7f0000000000), 0x2, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (async) pipe(&(0x7f0000005540)) (async) read$FUSE(r0, 0x0, 0x0) (async) pipe(&(0x7f0000005540)) (async) read$FUSE(r1, 0x0, 0x0) (async) read$FUSE(0xffffffffffffffff, &(0x7f0000000040)={0x2020}, 0x2020) (async) getgid() (async) read$FUSE(r0, &(0x7f0000002a40)={0x2020}, 0x2020) (async) read$FUSE(r0, &(0x7f0000005580)={0x2020}, 0x2020) (async) write$FUSE_DIRENTPLUS(r1, &(0x7f0000002080)={0x350, 0x0, 0x0, [{{0x5, 0x1, 0xa840000, 0x5, 0x191e5a61, 0x3, {0x4, 0xfffffffffffffff8, 0x1, 0x8, 0x7, 0x3, 0x8, 0x1, 0x8, 0x1000, 0x3, 0xee00, r2, 0x3, 0x2}}, {0x1, 0x0, 0xc, 0x80000000, 'cgroup.type\x00'}}, {{0x4, 0x2, 0x5, 0x8, 0xa5b, 0x0, {0x5, 0x9c1, 0x2521, 0xb1, 0xff, 0x30, 0x7, 0x81, 0x40c, 0x1000, 0x9, 0xee01, 0xee01, 0x8001, 0x1000}}, {0x6, 0x9, 0x2, 0x81, '&&'}}, {{0x3, 0x2, 0x7, 0xffffffffffff4059, 0x0, 0x3, {0x4, 0x5, 0x9, 0x1000, 0xfb, 0x8, 0x5, 0x2, 0xffff, 0xa000, 0x8, 0xffffffffffffffff, r3, 0x7, 0x3f}}, {0x0, 0x4, 0xc, 0x4, 'cgroup.type\x00'}}, {{0x0, 0x2, 0x3f, 0x0, 0x8, 0x7, {0x2, 0x5, 0x9, 0x7fffffffffffffff, 0x1000, 0xff, 0x100, 0x81, 0x80000001, 0x8000, 0x5, r4, r5, 0x3, 0x3f}}, {0x3, 0x7, 0x9, 0x4, '[,\'@(::]@'}}, {{0x3, 0x0, 0x800, 0x15ab, 0x4, 0x8001, {0x2, 0x8, 0x0, 0x8000, 0x7fffffff, 0x3, 0xcc8d, 0x5, 0x7ff, 0xa000, 0x3f, 0x0, 0xffffffffffffffff, 0x1ff, 0x9}}, {0x0, 0x7, 0xc, 0x9, 'cgroup.type\x00'}}]}, 0x350) (async) openat$cgroup_type(r0, &(0x7f0000000000), 0x2, 0x0) (async) [ 1020.507721][ T4176] dump_stack_lvl+0x151/0x1b7 [ 1020.512239][ T4176] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1020.517533][ T4176] dump_stack+0x15/0x17 [ 1020.521522][ T4176] should_fail+0x3c0/0x510 [ 1020.525774][ T4176] __should_failslab+0x9f/0xe0 [ 1020.530380][ T4176] should_failslab+0x9/0x20 [ 1020.534717][ T4176] kmem_cache_alloc+0x4f/0x2f0 [ 1020.539313][ T4176] ? vm_area_dup+0x26/0x1d0 [ 1020.543659][ T4176] vm_area_dup+0x26/0x1d0 [ 1020.547818][ T4176] dup_mmap+0x6b8/0xea0 [ 1020.551816][ T4176] ? __delayed_free_task+0x20/0x20 08:07:53 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) fspick(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x1) [ 1020.556759][ T4176] ? mm_init+0x807/0x960 [ 1020.560841][ T4176] dup_mm+0x91/0x330 [ 1020.564572][ T4176] copy_mm+0x108/0x1b0 [ 1020.568476][ T4176] copy_process+0x1295/0x3250 [ 1020.572991][ T4176] ? check_stack_object+0xf7/0x130 [ 1020.577939][ T4176] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1020.582886][ T4176] ? copy_clone_args_from_user+0x6cf/0x790 [ 1020.588527][ T4176] kernel_clone+0x22d/0x990 [ 1020.592864][ T4176] ? dup_mmap+0xea0/0xea0 [ 1020.597045][ T4176] ? create_io_thread+0x1e0/0x1e0 [ 1020.601892][ T4176] ? file_end_write+0x1b0/0x1b0 [ 1020.606580][ T4176] __x64_sys_clone3+0x375/0x3a0 [ 1020.611262][ T4176] ? __ia32_sys_clone+0x300/0x300 [ 1020.616124][ T4176] ? ksys_write+0x25f/0x2c0 [ 1020.620464][ T4176] ? debug_smp_processor_id+0x17/0x20 [ 1020.625680][ T4176] do_syscall_64+0x44/0xd0 [ 1020.629926][ T4176] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1020.635649][ T4176] RIP: 0033:0x7f495fdbc639 [ 1020.639905][ T4176] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1020.659346][ T4176] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1020.667596][ T4176] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1020.675402][ T4176] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1020.683212][ T4176] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1020.691026][ T4176] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1020.698839][ T4176] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 08:07:53 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) fspick(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x1) 08:07:53 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 63) 08:07:53 executing program 5: socket$nl_audit(0x10, 0x3, 0x9) (async) timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_delete(0x0) (async) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) (async) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) timer_settime(r0, 0x0, &(0x7f0000000080)={{r1, r2+60000000}, {r3, r4+60000000}}, &(0x7f00000000c0)) 08:07:53 executing program 0: r0 = syz_open_dev$hiddev(&(0x7f0000000080), 0x8, 0x80100) ioctl$HIDIOCAPPLICATION(r0, 0x4802, 0x8) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, &(0x7f0000000000)={{0x0, 0x1, 0x9, 0x59e040cbfacf27a2, 0x3f}, 0x6, 0xffffffff, 0xa}) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r1, &(0x7f00000000c0), 0x2) 08:07:53 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) r2 = fsmount(r1, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r2, 0x80045519, &(0x7f0000000180)=0x100) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$USBDEVFS_WAIT_FOR_RESUME(r3, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) [ 1020.706651][ T4176] 08:07:53 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) (async) fspick(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x1) 08:07:53 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000040)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) r3 = getgid() read$FUSE(r0, &(0x7f0000002a40)={0x2020, 0x0, 0x0, 0x0}, 0x2020) read$FUSE(r0, &(0x7f0000005580)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_DIRENTPLUS(r1, &(0x7f0000002080)={0x350, 0x0, 0x0, [{{0x5, 0x1, 0xa840000, 0x5, 0x191e5a61, 0x3, {0x4, 0xfffffffffffffff8, 0x1, 0x8, 0x7, 0x3, 0x8, 0x1, 0x8, 0x1000, 0x3, 0xee00, r2, 0x3, 0x2}}, {0x1, 0x0, 0xc, 0x80000000, 'cgroup.type\x00'}}, {{0x4, 0x2, 0x5, 0x8, 0xa5b, 0x0, {0x5, 0x9c1, 0x2521, 0xb1, 0xff, 0x30, 0x7, 0x81, 0x40c, 0x1000, 0x9, 0xee01, 0xee01, 0x8001, 0x1000}}, {0x6, 0x9, 0x2, 0x81, '&&'}}, {{0x3, 0x2, 0x7, 0xffffffffffff4059, 0x0, 0x3, {0x4, 0x5, 0x9, 0x1000, 0xfb, 0x8, 0x5, 0x2, 0xffff, 0xa000, 0x8, 0xffffffffffffffff, r3, 0x7, 0x3f}}, {0x0, 0x4, 0xc, 0x4, 'cgroup.type\x00'}}, {{0x0, 0x2, 0x3f, 0x0, 0x8, 0x7, {0x2, 0x5, 0x9, 0x7fffffffffffffff, 0x1000, 0xff, 0x100, 0x81, 0x80000001, 0x8000, 0x5, r4, r5, 0x3, 0x3f}}, {0x3, 0x7, 0x9, 0x4, '[,\'@(::]@'}}, {{0x3, 0x0, 0x800, 0x15ab, 0x4, 0x8001, {0x2, 0x8, 0x0, 0x8000, 0x7fffffff, 0x3, 0xcc8d, 0x5, 0x7ff, 0xa000, 0x3f, 0x0, 0xffffffffffffffff, 0x1ff, 0x9}}, {0x0, 0x7, 0xc, 0x9, 'cgroup.type\x00'}}]}, 0x350) openat$cgroup_type(r0, &(0x7f0000000000), 0x2, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (async) pipe(&(0x7f0000005540)) (async) read$FUSE(r0, 0x0, 0x0) (async) pipe(&(0x7f0000005540)) (async) read$FUSE(r1, 0x0, 0x0) (async) read$FUSE(0xffffffffffffffff, &(0x7f0000000040)={0x2020}, 0x2020) (async) getgid() (async) read$FUSE(r0, &(0x7f0000002a40)={0x2020}, 0x2020) (async) read$FUSE(r0, &(0x7f0000005580)={0x2020}, 0x2020) (async) write$FUSE_DIRENTPLUS(r1, &(0x7f0000002080)={0x350, 0x0, 0x0, [{{0x5, 0x1, 0xa840000, 0x5, 0x191e5a61, 0x3, {0x4, 0xfffffffffffffff8, 0x1, 0x8, 0x7, 0x3, 0x8, 0x1, 0x8, 0x1000, 0x3, 0xee00, r2, 0x3, 0x2}}, {0x1, 0x0, 0xc, 0x80000000, 'cgroup.type\x00'}}, {{0x4, 0x2, 0x5, 0x8, 0xa5b, 0x0, {0x5, 0x9c1, 0x2521, 0xb1, 0xff, 0x30, 0x7, 0x81, 0x40c, 0x1000, 0x9, 0xee01, 0xee01, 0x8001, 0x1000}}, {0x6, 0x9, 0x2, 0x81, '&&'}}, {{0x3, 0x2, 0x7, 0xffffffffffff4059, 0x0, 0x3, {0x4, 0x5, 0x9, 0x1000, 0xfb, 0x8, 0x5, 0x2, 0xffff, 0xa000, 0x8, 0xffffffffffffffff, r3, 0x7, 0x3f}}, {0x0, 0x4, 0xc, 0x4, 'cgroup.type\x00'}}, {{0x0, 0x2, 0x3f, 0x0, 0x8, 0x7, {0x2, 0x5, 0x9, 0x7fffffffffffffff, 0x1000, 0xff, 0x100, 0x81, 0x80000001, 0x8000, 0x5, r4, r5, 0x3, 0x3f}}, {0x3, 0x7, 0x9, 0x4, '[,\'@(::]@'}}, {{0x3, 0x0, 0x800, 0x15ab, 0x4, 0x8001, {0x2, 0x8, 0x0, 0x8000, 0x7fffffff, 0x3, 0xcc8d, 0x5, 0x7ff, 0xa000, 0x3f, 0x0, 0xffffffffffffffff, 0x1ff, 0x9}}, {0x0, 0x7, 0xc, 0x9, 'cgroup.type\x00'}}]}, 0x350) (async) openat$cgroup_type(r0, &(0x7f0000000000), 0x2, 0x0) (async) 08:07:53 executing program 0: r0 = syz_open_dev$hiddev(&(0x7f0000000080), 0x8, 0x80100) ioctl$HIDIOCAPPLICATION(r0, 0x4802, 0x8) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, &(0x7f0000000000)={{0x0, 0x1, 0x9, 0x59e040cbfacf27a2, 0x3f}, 0x6, 0xffffffff, 0xa}) (async) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r1, &(0x7f00000000c0), 0x2) 08:07:53 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) timer_create(0x6, &(0x7f00000000c0)={0x0, 0x36, 0x4, @thr={&(0x7f0000000380)="f3196837be59c836e2d8550c3c3da4785825d2edc67f7e7d1639c60db63c234e8f1c2de8645cf817bc58f4334989c5b0a3d5e29661afe226b9be48dc49ba0709e306cb42c30bcc15a7120de9e9b8bec1cc80ec6193c16a31d4788636d5ce4aa97c76381be6c6c014723fa34db0fa8a6264a1c5c22601104aa0f2e2cbb4a4a9c6cc6d83ef14bf84617c143914a00000c4d42b1237591f3ca27fbe83a66b2f31d7ac5ecff5d6c97950b7929b557a716aba02f6a9ef6e3cd8f21e527227342dc47cd921a1089fbd95270dddf990a2f469dbe1b2464dcf943172b46bae090ad967652cc9e97aaee62b423dc0e2764f3e9bfbf17f3bed2b4a6f6b789fa29746314991eb7a3a12e91469df", &(0x7f0000000000)="ab6f012c03c13b6b797d66f056e7587e706a710fa0c349d65a5a86319ed995676880c127a0309e1e2305f85d8eff2f6845b31632f8f2f671d7fe5c133662d3a0198f630897e6c1303921791e397fa1d74135909dba189c4d5ef4685a29777478f2a9f044f706efa31376b6c65a6513b6877a92f082f59df99c7637ecb335af1d31a299100d8a88267e41c21b61d083125b8ae2092f201b83f80577f26488d4"}}, &(0x7f0000000280)=0x0) timer_delete(r0) [ 1020.756494][ T4258] FAULT_INJECTION: forcing a failure. [ 1020.756494][ T4258] name fail_page_alloc, interval 1, probability 0, space 0, times 0 08:07:53 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) timer_create(0x6, &(0x7f00000000c0)={0x0, 0x36, 0x4, @thr={&(0x7f0000000380)="f3196837be59c836e2d8550c3c3da4785825d2edc67f7e7d1639c60db63c234e8f1c2de8645cf817bc58f4334989c5b0a3d5e29661afe226b9be48dc49ba0709e306cb42c30bcc15a7120de9e9b8bec1cc80ec6193c16a31d4788636d5ce4aa97c76381be6c6c014723fa34db0fa8a6264a1c5c22601104aa0f2e2cbb4a4a9c6cc6d83ef14bf84617c143914a00000c4d42b1237591f3ca27fbe83a66b2f31d7ac5ecff5d6c97950b7929b557a716aba02f6a9ef6e3cd8f21e527227342dc47cd921a1089fbd95270dddf990a2f469dbe1b2464dcf943172b46bae090ad967652cc9e97aaee62b423dc0e2764f3e9bfbf17f3bed2b4a6f6b789fa29746314991eb7a3a12e91469df", &(0x7f0000000000)="ab6f012c03c13b6b797d66f056e7587e706a710fa0c349d65a5a86319ed995676880c127a0309e1e2305f85d8eff2f6845b31632f8f2f671d7fe5c133662d3a0198f630897e6c1303921791e397fa1d74135909dba189c4d5ef4685a29777478f2a9f044f706efa31376b6c65a6513b6877a92f082f59df99c7637ecb335af1d31a299100d8a88267e41c21b61d083125b8ae2092f201b83f80577f26488d4"}}, &(0x7f0000000280)=0x0) timer_delete(r0) 08:07:53 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) io_uring_setup(0x28ce, &(0x7f0000000000)={0x0, 0xb2a8, 0x8, 0x0, 0xea, 0x0, r1}) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, &(0x7f0000000300)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_DIRENTPLUS(r2, &(0x7f0000002340)=ANY=[@ANYBLOB="4801000000010000", @ANYRES64=0x0, @ANYBLOB="05000000000000000300000000000000060000000000000003000000000000000a000000dd000000060000000000000007000000000000000700000000000000020000000000000005000000000000000800000000000000e3a3000000000000ffff0000004000000000000c", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="6d00000009000000000000000000000000000000ff0000000000000001000000040000000000000000000000020000000000000003000000000000000700000000000000ff0000000000000090ff00001f000000060000000000000006000000000000000700000000000000000001000000000002000000000000000100008000000000000000f80600000001000080004000004d870000", @ANYRES32=0x0, @ANYRES32=r3, @ANYBLOB="0700000020000000000000000500000000000000da150000000000000000000001040000"], 0x148) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(0x0) ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000280)=@urb_type_bulk={0x3, {0x8, 0x1}, 0x5, 0x5, &(0x7f0000000180)="d94a95220a65a4ea1acb643dc6b9082064e20c35507425ebc7c7121e5a0b74d8b828943d4616c011eb53c008399a557d59e76468cb9c36d51f43249fb334c6a9d9dcbee19a1c85e5a55a029f91ae16e609454019f84603268c479414077f716556782e00a2d2530a16083528db793b1e6f8f9a478043da43dce9e9460058a8021e0452b7eed77e667e36506d27d2cad6310f117de5a3f39850bbad737f794f112d9742af8f0c1772842d9fba889d92dc89e480930584e8e94e92359fea67ba701df86b8e33864039fe7a68f009a134ef02fa0d78fec78324ceeb2df9b42a3bbbe967bf5204f5160a4adb9c", 0xeb, 0x2, 0x2, 0x5, 0x0, 0x7, &(0x7f0000000080)="5c7875260c85c6408e1e82823d2f27a73d9e60903a671b97bb3d2d8c980ee6e6ffe81b492c8ccc51c83930a89d8be63d7c7aa7ef4b6cac796e4b41b3eef5254923c6922a46c7b22e09b67b00654f8abf8f7e2240ebf5b65cf8b3edada2211eef3969b991b15642a5d03c04aa93893dd13e"}) timer_delete(0x0) [ 1020.797098][ T4258] CPU: 0 PID: 4258 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1020.805345][ T4258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1020.815240][ T4258] Call Trace: [ 1020.818372][ T4258] [ 1020.821143][ T4258] dump_stack_lvl+0x151/0x1b7 [ 1020.825653][ T4258] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1020.830948][ T4258] dump_stack+0x15/0x17 [ 1020.834941][ T4258] should_fail+0x3c0/0x510 [ 1020.839195][ T4258] should_fail_alloc_page+0x58/0x70 08:07:53 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) timer_create(0x6, &(0x7f00000000c0)={0x0, 0x36, 0x4, @thr={&(0x7f0000000380)="f3196837be59c836e2d8550c3c3da4785825d2edc67f7e7d1639c60db63c234e8f1c2de8645cf817bc58f4334989c5b0a3d5e29661afe226b9be48dc49ba0709e306cb42c30bcc15a7120de9e9b8bec1cc80ec6193c16a31d4788636d5ce4aa97c76381be6c6c014723fa34db0fa8a6264a1c5c22601104aa0f2e2cbb4a4a9c6cc6d83ef14bf84617c143914a00000c4d42b1237591f3ca27fbe83a66b2f31d7ac5ecff5d6c97950b7929b557a716aba02f6a9ef6e3cd8f21e527227342dc47cd921a1089fbd95270dddf990a2f469dbe1b2464dcf943172b46bae090ad967652cc9e97aaee62b423dc0e2764f3e9bfbf17f3bed2b4a6f6b789fa29746314991eb7a3a12e91469df", &(0x7f0000000000)="ab6f012c03c13b6b797d66f056e7587e706a710fa0c349d65a5a86319ed995676880c127a0309e1e2305f85d8eff2f6845b31632f8f2f671d7fe5c133662d3a0198f630897e6c1303921791e397fa1d74135909dba189c4d5ef4685a29777478f2a9f044f706efa31376b6c65a6513b6877a92f082f59df99c7637ecb335af1d31a299100d8a88267e41c21b61d083125b8ae2092f201b83f80577f26488d4"}}, &(0x7f0000000280)=0x0) timer_delete(r0) 08:07:53 executing program 4: pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58) [ 1020.844229][ T4258] __alloc_pages+0x1de/0x7c0 [ 1020.848665][ T4258] ? __count_vm_events+0x30/0x30 [ 1020.853436][ T4258] ? __this_cpu_preempt_check+0x13/0x20 [ 1020.858817][ T4258] ? __mod_node_page_state+0xac/0xf0 [ 1020.863934][ T4258] pte_alloc_one+0x73/0x1b0 [ 1020.868270][ T4258] ? pfn_modify_allowed+0x2e0/0x2e0 [ 1020.873305][ T4258] __pte_alloc+0x86/0x350 [ 1020.877469][ T4258] ? free_pgtables+0x210/0x210 [ 1020.882070][ T4258] ? _raw_spin_lock+0xa3/0x1b0 [ 1020.886670][ T4258] ? _raw_spin_trylock_bh+0x1d0/0x1d0 [ 1020.891877][ T4258] ? __kernel_text_address+0x9a/0x110 [ 1020.897087][ T4258] copy_pte_range+0x1b1f/0x20b0 [ 1020.901774][ T4258] ? __kunmap_atomic+0x80/0x80 [ 1020.906373][ T4258] ? __kasan_slab_alloc+0xc4/0xe0 [ 1020.911232][ T4258] ? __kasan_slab_alloc+0xb2/0xe0 [ 1020.916092][ T4258] ? kmem_cache_alloc+0x189/0x2f0 [ 1020.920954][ T4258] ? vm_area_dup+0x26/0x1d0 [ 1020.925289][ T4258] ? dup_mmap+0x6b8/0xea0 [ 1020.929457][ T4258] ? dup_mm+0x91/0x330 [ 1020.933361][ T4258] ? copy_mm+0x108/0x1b0 [ 1020.937441][ T4258] ? copy_process+0x1295/0x3250 [ 1020.942126][ T4258] ? kernel_clone+0x22d/0x990 [ 1020.946749][ T4258] ? __x64_sys_clone3+0x375/0x3a0 [ 1020.951607][ T4258] ? do_syscall_64+0x44/0xd0 [ 1020.956038][ T4258] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1020.961939][ T4258] copy_page_range+0xc1e/0x1090 [ 1020.966627][ T4258] ? pfn_valid+0x1e0/0x1e0 [ 1020.970878][ T4258] dup_mmap+0x99f/0xea0 [ 1020.974871][ T4258] ? __delayed_free_task+0x20/0x20 [ 1020.979817][ T4258] ? mm_init+0x807/0x960 [ 1020.983902][ T4258] dup_mm+0x91/0x330 [ 1020.987636][ T4258] copy_mm+0x108/0x1b0 [ 1020.991537][ T4258] copy_process+0x1295/0x3250 [ 1020.996066][ T4258] ? check_stack_object+0xf7/0x130 [ 1021.000996][ T4258] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1021.005945][ T4258] ? copy_clone_args_from_user+0x6cf/0x790 [ 1021.011584][ T4258] kernel_clone+0x22d/0x990 [ 1021.015930][ T4258] ? dup_mmap+0xea0/0xea0 [ 1021.020092][ T4258] ? create_io_thread+0x1e0/0x1e0 [ 1021.024952][ T4258] ? file_end_write+0x1b0/0x1b0 [ 1021.029639][ T4258] __x64_sys_clone3+0x375/0x3a0 [ 1021.034327][ T4258] ? __ia32_sys_clone+0x300/0x300 [ 1021.039185][ T4258] ? ksys_write+0x25f/0x2c0 [ 1021.043527][ T4258] ? debug_smp_processor_id+0x17/0x20 [ 1021.048733][ T4258] do_syscall_64+0x44/0xd0 [ 1021.052984][ T4258] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1021.058715][ T4258] RIP: 0033:0x7f495fdbc639 [ 1021.062972][ T4258] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1021.082410][ T4258] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1021.090653][ T4258] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 08:07:53 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 64) 08:07:53 executing program 1: timer_create(0x6, 0x0, &(0x7f0000000100)=0x0) timer_delete(r0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) 08:07:53 executing program 4: pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) (async) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58) 08:07:53 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) r2 = fsmount(r1, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r2, 0x80045519, &(0x7f0000000180)=0x100) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$USBDEVFS_WAIT_FOR_RESUME(r3, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) 08:07:53 executing program 0: r0 = syz_open_dev$hiddev(&(0x7f0000000080), 0x8, 0x80100) ioctl$HIDIOCAPPLICATION(r0, 0x4802, 0x8) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, &(0x7f0000000000)={{0x0, 0x1, 0x9, 0x59e040cbfacf27a2, 0x3f}, 0x6, 0xffffffff, 0xa}) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r1, &(0x7f00000000c0), 0x2) syz_open_dev$hiddev(&(0x7f0000000080), 0x8, 0x80100) (async) ioctl$HIDIOCAPPLICATION(r0, 0x4802, 0x8) (async) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, &(0x7f0000000000)={{0x0, 0x1, 0x9, 0x59e040cbfacf27a2, 0x3f}, 0x6, 0xffffffff, 0xa}) (async) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) connect$bt_sco(r1, &(0x7f00000000c0), 0x2) (async) 08:07:53 executing program 1: timer_create(0x6, 0x0, &(0x7f0000000100)=0x0) timer_delete(r0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) [ 1021.098464][ T4258] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1021.106277][ T4258] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1021.114188][ T4258] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1021.121997][ T4258] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1021.129812][ T4258] [ 1021.160888][ T4305] FAULT_INJECTION: forcing a failure. [ 1021.160888][ T4305] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1021.174072][ T4305] CPU: 0 PID: 4305 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1021.182302][ T4305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1021.192200][ T4305] Call Trace: [ 1021.195323][ T4305] [ 1021.198103][ T4305] dump_stack_lvl+0x151/0x1b7 [ 1021.202619][ T4305] ? bfq_pos_tree_add_move+0x43e/0x43e 08:07:53 executing program 4: pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) (async) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58) 08:07:53 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000080)={'gretap0\x00', &(0x7f0000000100)={'tunl0\x00', 0x0, 0x40, 0x8000, 0x24f, 0x80, {{0xb, 0x4, 0x1, 0x8, 0x2c, 0x67, 0x0, 0x5, 0x4, 0x0, @multicast1, @private=0xa010100, {[@ssrr={0x89, 0x17, 0x6, [@remote, @multicast1, @rand_addr=0x64010102, @private=0xa010101, @local]}]}}}}}) 08:07:53 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) (async, rerun: 32) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000080)={'gretap0\x00', &(0x7f0000000100)={'tunl0\x00', 0x0, 0x40, 0x8000, 0x24f, 0x80, {{0xb, 0x4, 0x1, 0x8, 0x2c, 0x67, 0x0, 0x5, 0x4, 0x0, @multicast1, @private=0xa010100, {[@ssrr={0x89, 0x17, 0x6, [@remote, @multicast1, @rand_addr=0x64010102, @private=0xa010101, @local]}]}}}}}) (rerun: 32) [ 1021.207913][ T4305] dump_stack+0x15/0x17 [ 1021.211903][ T4305] should_fail+0x3c0/0x510 [ 1021.216155][ T4305] should_fail_alloc_page+0x58/0x70 [ 1021.221194][ T4305] __alloc_pages+0x1de/0x7c0 [ 1021.225613][ T4305] ? __count_vm_events+0x30/0x30 [ 1021.230388][ T4305] ? __this_cpu_preempt_check+0x13/0x20 [ 1021.235768][ T4305] ? __mod_node_page_state+0xac/0xf0 [ 1021.240890][ T4305] pte_alloc_one+0x73/0x1b0 [ 1021.245232][ T4305] ? pfn_modify_allowed+0x2e0/0x2e0 [ 1021.250264][ T4305] __pte_alloc+0x86/0x350 [ 1021.254515][ T4305] ? free_pgtables+0x210/0x210 [ 1021.259114][ T4305] ? _raw_spin_lock+0xa3/0x1b0 [ 1021.263717][ T4305] ? _raw_spin_trylock_bh+0x1d0/0x1d0 [ 1021.268942][ T4305] ? __kernel_text_address+0x9a/0x110 [ 1021.274136][ T4305] copy_pte_range+0x1b1f/0x20b0 [ 1021.278831][ T4305] ? __kunmap_atomic+0x80/0x80 [ 1021.283415][ T4305] ? __kasan_slab_alloc+0xc4/0xe0 [ 1021.288280][ T4305] ? __kasan_slab_alloc+0xb2/0xe0 [ 1021.293141][ T4305] ? kmem_cache_alloc+0x189/0x2f0 [ 1021.298105][ T4305] ? vm_area_dup+0x26/0x1d0 [ 1021.302445][ T4305] ? dup_mmap+0x6b8/0xea0 [ 1021.306610][ T4305] ? dup_mm+0x91/0x330 [ 1021.310521][ T4305] ? copy_mm+0x108/0x1b0 [ 1021.314620][ T4305] ? copy_process+0x1295/0x3250 [ 1021.319279][ T4305] ? kernel_clone+0x22d/0x990 [ 1021.323791][ T4305] ? __x64_sys_clone3+0x375/0x3a0 [ 1021.328656][ T4305] ? do_syscall_64+0x44/0xd0 [ 1021.333081][ T4305] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1021.338984][ T4305] copy_page_range+0xc1e/0x1090 [ 1021.343669][ T4305] ? pfn_valid+0x1e0/0x1e0 [ 1021.347924][ T4305] dup_mmap+0x99f/0xea0 [ 1021.351921][ T4305] ? __delayed_free_task+0x20/0x20 [ 1021.356865][ T4305] ? mm_init+0x807/0x960 [ 1021.360945][ T4305] dup_mm+0x91/0x330 [ 1021.364853][ T4305] copy_mm+0x108/0x1b0 [ 1021.368760][ T4305] copy_process+0x1295/0x3250 [ 1021.373273][ T4305] ? check_stack_object+0xf7/0x130 [ 1021.378225][ T4305] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1021.383173][ T4305] ? copy_clone_args_from_user+0x6cf/0x790 [ 1021.388838][ T4305] kernel_clone+0x22d/0x990 [ 1021.393149][ T4305] ? dup_mmap+0xea0/0xea0 [ 1021.397313][ T4305] ? create_io_thread+0x1e0/0x1e0 [ 1021.402178][ T4305] ? file_end_write+0x1b0/0x1b0 [ 1021.406864][ T4305] __x64_sys_clone3+0x375/0x3a0 [ 1021.411548][ T4305] ? __ia32_sys_clone+0x300/0x300 [ 1021.416413][ T4305] ? ksys_write+0x25f/0x2c0 [ 1021.420751][ T4305] ? debug_smp_processor_id+0x17/0x20 [ 1021.425958][ T4305] do_syscall_64+0x44/0xd0 [ 1021.430213][ T4305] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1021.435939][ T4305] RIP: 0033:0x7f495fdbc639 [ 1021.440195][ T4305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1021.459647][ T4305] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1021.467878][ T4305] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1021.475690][ T4305] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1021.483500][ T4305] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1021.491312][ T4305] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1021.499123][ T4305] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1021.506937][ T4305] 08:07:54 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) io_uring_setup(0x28ce, &(0x7f0000000000)={0x0, 0xb2a8, 0x8, 0x0, 0xea, 0x0, r1}) (async) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) (async) read$FUSE(r0, &(0x7f0000000300)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_DIRENTPLUS(r2, &(0x7f0000002340)=ANY=[@ANYBLOB="4801000000010000", @ANYRES64=0x0, @ANYBLOB="05000000000000000300000000000000060000000000000003000000000000000a000000dd000000060000000000000007000000000000000700000000000000020000000000000005000000000000000800000000000000e3a3000000000000ffff0000004000000000000c", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="6d00000009000000000000000000000000000000ff0000000000000001000000040000000000000000000000020000000000000003000000000000000700000000000000ff0000000000000090ff00001f000000060000000000000006000000000000000700000000000000000001000000000002000000000000000100008000000000000000f80600000001000080004000004d870000", @ANYRES32=0x0, @ANYRES32=r3, @ANYBLOB="0700000020000000000000000500000000000000da150000000000000000000001040000"], 0x148) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(0x0) (async) ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000280)=@urb_type_bulk={0x3, {0x8, 0x1}, 0x5, 0x5, &(0x7f0000000180)="d94a95220a65a4ea1acb643dc6b9082064e20c35507425ebc7c7121e5a0b74d8b828943d4616c011eb53c008399a557d59e76468cb9c36d51f43249fb334c6a9d9dcbee19a1c85e5a55a029f91ae16e609454019f84603268c479414077f716556782e00a2d2530a16083528db793b1e6f8f9a478043da43dce9e9460058a8021e0452b7eed77e667e36506d27d2cad6310f117de5a3f39850bbad737f794f112d9742af8f0c1772842d9fba889d92dc89e480930584e8e94e92359fea67ba701df86b8e33864039fe7a68f009a134ef02fa0d78fec78324ceeb2df9b42a3bbbe967bf5204f5160a4adb9c", 0xeb, 0x2, 0x2, 0x5, 0x0, 0x7, &(0x7f0000000080)="5c7875260c85c6408e1e82823d2f27a73d9e60903a671b97bb3d2d8c980ee6e6ffe81b492c8ccc51c83930a89d8be63d7c7aa7ef4b6cac796e4b41b3eef5254923c6922a46c7b22e09b67b00654f8abf8f7e2240ebf5b65cf8b3edada2211eef3969b991b15642a5d03c04aa93893dd13e"}) (async) timer_delete(0x0) 08:07:54 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x4}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:54 executing program 1: timer_create(0x6, 0x0, &(0x7f0000000100)=0x0) timer_delete(r0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) timer_create(0x6, 0x0, &(0x7f0000000100)) (async) timer_delete(r0) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) 08:07:54 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) (async) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000080)={'gretap0\x00', &(0x7f0000000100)={'tunl0\x00', 0x0, 0x40, 0x8000, 0x24f, 0x80, {{0xb, 0x4, 0x1, 0x8, 0x2c, 0x67, 0x0, 0x5, 0x4, 0x0, @multicast1, @private=0xa010100, {[@ssrr={0x89, 0x17, 0x6, [@remote, @multicast1, @rand_addr=0x64010102, @private=0xa010101, @local]}]}}}}}) 08:07:54 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 65) 08:07:54 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) r2 = fsmount(r1, 0x0, 0x2) ioctl$USBDEVFS_RELEASE_PORT(r2, 0x80045519, &(0x7f0000000180)=0x100) read$FUSE(0xffffffffffffffff, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(0xffffffffffffffff, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) 08:07:54 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x8) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f0000000000)='\x00', 0x0, r0) 08:07:54 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x8) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) (async) fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f0000000000)='\x00', 0x0, r0) 08:07:54 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x4}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 1021.696795][ T4340] FAULT_INJECTION: forcing a failure. [ 1021.696795][ T4340] name failslab, interval 1, probability 0, space 0, times 0 [ 1021.709792][ T4340] CPU: 0 PID: 4340 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1021.718034][ T4340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1021.727925][ T4340] Call Trace: [ 1021.731047][ T4340] [ 1021.733827][ T4340] dump_stack_lvl+0x151/0x1b7 [ 1021.738349][ T4340] ? bfq_pos_tree_add_move+0x43e/0x43e 08:07:54 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x8) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) (async) fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f0000000000)='\x00', 0x0, r0) 08:07:54 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x8) [ 1021.743636][ T4340] dump_stack+0x15/0x17 [ 1021.747624][ T4340] should_fail+0x3c0/0x510 [ 1021.751878][ T4340] __should_failslab+0x9f/0xe0 [ 1021.756483][ T4340] should_failslab+0x9/0x20 [ 1021.760818][ T4340] kmem_cache_alloc+0x4f/0x2f0 [ 1021.765420][ T4340] ? anon_vma_fork+0x1b9/0x4f0 [ 1021.770021][ T4340] anon_vma_fork+0x1b9/0x4f0 [ 1021.774449][ T4340] dup_mmap+0x750/0xea0 [ 1021.778441][ T4340] ? __delayed_free_task+0x20/0x20 [ 1021.783387][ T4340] ? mm_init+0x807/0x960 [ 1021.787464][ T4340] dup_mm+0x91/0x330 [ 1021.791199][ T4340] copy_mm+0x108/0x1b0 08:07:54 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x4}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 1021.795105][ T4340] copy_process+0x1295/0x3250 [ 1021.799618][ T4340] ? check_stack_object+0xf7/0x130 [ 1021.804571][ T4340] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1021.809509][ T4340] ? copy_clone_args_from_user+0x6cf/0x790 [ 1021.815152][ T4340] kernel_clone+0x22d/0x990 [ 1021.819491][ T4340] ? dup_mmap+0xea0/0xea0 [ 1021.823660][ T4340] ? create_io_thread+0x1e0/0x1e0 [ 1021.828519][ T4340] ? file_end_write+0x1b0/0x1b0 [ 1021.833206][ T4340] __x64_sys_clone3+0x375/0x3a0 [ 1021.837894][ T4340] ? __ia32_sys_clone+0x300/0x300 [ 1021.842754][ T4340] ? ksys_write+0x25f/0x2c0 08:07:54 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) io_uring_setup(0x28ce, &(0x7f0000000000)={0x0, 0xb2a8, 0x8, 0x0, 0xea, 0x0, r1}) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) (async) read$FUSE(r0, &(0x7f0000000300)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_DIRENTPLUS(r2, &(0x7f0000002340)=ANY=[@ANYBLOB="4801000000010000", @ANYRES64=0x0, @ANYBLOB="05000000000000000300000000000000060000000000000003000000000000000a000000dd000000060000000000000007000000000000000700000000000000020000000000000005000000000000000800000000000000e3a3000000000000ffff0000004000000000000c", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="6d00000009000000000000000000000000000000ff0000000000000001000000040000000000000000000000020000000000000003000000000000000700000000000000ff0000000000000090ff00001f000000060000000000000006000000000000000700000000000000000001000000000002000000000000000100008000000000000000f80600000001000080004000004d870000", @ANYRES32=0x0, @ANYRES32=r3, @ANYBLOB="0700000020000000000000000500000000000000da150000000000000000000001040000"], 0x148) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async, rerun: 64) timer_delete(0x0) (async, rerun: 64) ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000280)=@urb_type_bulk={0x3, {0x8, 0x1}, 0x5, 0x5, &(0x7f0000000180)="d94a95220a65a4ea1acb643dc6b9082064e20c35507425ebc7c7121e5a0b74d8b828943d4616c011eb53c008399a557d59e76468cb9c36d51f43249fb334c6a9d9dcbee19a1c85e5a55a029f91ae16e609454019f84603268c479414077f716556782e00a2d2530a16083528db793b1e6f8f9a478043da43dce9e9460058a8021e0452b7eed77e667e36506d27d2cad6310f117de5a3f39850bbad737f794f112d9742af8f0c1772842d9fba889d92dc89e480930584e8e94e92359fea67ba701df86b8e33864039fe7a68f009a134ef02fa0d78fec78324ceeb2df9b42a3bbbe967bf5204f5160a4adb9c", 0xeb, 0x2, 0x2, 0x5, 0x0, 0x7, &(0x7f0000000080)="5c7875260c85c6408e1e82823d2f27a73d9e60903a671b97bb3d2d8c980ee6e6ffe81b492c8ccc51c83930a89d8be63d7c7aa7ef4b6cac796e4b41b3eef5254923c6922a46c7b22e09b67b00654f8abf8f7e2240ebf5b65cf8b3edada2211eef3969b991b15642a5d03c04aa93893dd13e"}) timer_delete(0x0) 08:07:54 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x8) 08:07:54 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/attr/fscreate\x00', 0x2, 0x0) timer_settime(r0, 0x1, &(0x7f0000000000)={{0x77359400}, {0x0, 0x989680}}, &(0x7f0000000040)) 08:07:54 executing program 4: syz_open_dev$usbfs(&(0x7f0000000000), 0x0, 0x6000) r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x7fffffff, 0x0) ioctl$USBDEVFS_BULK(r0, 0xc0185502, &(0x7f0000000100)={{{0x2, 0x1}}, 0x52, 0x3, &(0x7f0000000080)="eb44c65c52cf2fed271380bf831ea38f908e78963583dd948f31a2461f48092867b930eec484ab7ca887e8b051524ccdca3ab50b4e9ab4978a932e5bc411f7b453cf4364d62f8193d9ce0cc544fe83486b06"}) syz_clone3(&(0x7f0000000140)={0x102a2800, 0x0, 0x0, 0x0, {0x1e}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 1021.847093][ T4340] ? debug_smp_processor_id+0x17/0x20 [ 1021.852298][ T4340] do_syscall_64+0x44/0xd0 [ 1021.856552][ T4340] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1021.862279][ T4340] RIP: 0033:0x7f495fdbc639 [ 1021.866537][ T4340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1021.885977][ T4340] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 08:07:54 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 66) 08:07:54 executing program 4: syz_open_dev$usbfs(&(0x7f0000000000), 0x0, 0x6000) r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x7fffffff, 0x0) ioctl$USBDEVFS_BULK(r0, 0xc0185502, &(0x7f0000000100)={{{0x2, 0x1}}, 0x52, 0x3, &(0x7f0000000080)="eb44c65c52cf2fed271380bf831ea38f908e78963583dd948f31a2461f48092867b930eec484ab7ca887e8b051524ccdca3ab50b4e9ab4978a932e5bc411f7b453cf4364d62f8193d9ce0cc544fe83486b06"}) syz_clone3(&(0x7f0000000140)={0x102a2800, 0x0, 0x0, 0x0, {0x1e}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_dev$usbfs(&(0x7f0000000000), 0x0, 0x6000) (async) syz_open_dev$usbfs(&(0x7f0000000040), 0x7fffffff, 0x0) (async) ioctl$USBDEVFS_BULK(r0, 0xc0185502, &(0x7f0000000100)={{{0x2, 0x1}}, 0x52, 0x3, &(0x7f0000000080)="eb44c65c52cf2fed271380bf831ea38f908e78963583dd948f31a2461f48092867b930eec484ab7ca887e8b051524ccdca3ab50b4e9ab4978a932e5bc411f7b453cf4364d62f8193d9ce0cc544fe83486b06"}) (async) syz_clone3(&(0x7f0000000140)={0x102a2800, 0x0, 0x0, 0x0, {0x1e}, 0x0, 0x0, 0x0, 0x0}, 0x58) (async) 08:07:54 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x8) 08:07:54 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) (async, rerun: 32) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (rerun: 32) timer_gettime(0x0, &(0x7f0000000240)) (async, rerun: 32) openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/attr/fscreate\x00', 0x2, 0x0) (async, rerun: 32) timer_settime(r0, 0x1, &(0x7f0000000000)={{0x77359400}, {0x0, 0x989680}}, &(0x7f0000000040)) 08:07:54 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) fsmount(r1, 0x0, 0x2) read$FUSE(0xffffffffffffffff, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(0xffffffffffffffff, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) 08:07:54 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) read$FUSE(r0, &(0x7f0000000200)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = syz_clone3(&(0x7f0000002440)={0x0, &(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)=0x0, {0x21}, &(0x7f0000002240)=""/216, 0xd8, &(0x7f0000002340)=""/129, &(0x7f0000002400)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2, {r2}}, 0x58) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[r4, r3, 0x0], 0x3}, 0x58) syz_clone3(&(0x7f0000002280)={0x1084000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x3c}, &(0x7f0000000100)=""/150, 0x96, &(0x7f00000001c0), &(0x7f0000002240)=[r1, r4, 0x0], 0x3}, 0x58) 08:07:54 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) (async, rerun: 32) openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/attr/fscreate\x00', 0x2, 0x0) (rerun: 32) timer_settime(r0, 0x1, &(0x7f0000000000)={{0x77359400}, {0x0, 0x989680}}, &(0x7f0000000040)) [ 1021.894224][ T4340] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1021.902034][ T4340] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1021.909844][ T4340] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1021.917660][ T4340] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1021.925463][ T4340] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1021.933277][ T4340] 08:07:54 executing program 4: syz_open_dev$usbfs(&(0x7f0000000000), 0x0, 0x6000) (async) r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x7fffffff, 0x0) ioctl$USBDEVFS_BULK(r0, 0xc0185502, &(0x7f0000000100)={{{0x2, 0x1}}, 0x52, 0x3, &(0x7f0000000080)="eb44c65c52cf2fed271380bf831ea38f908e78963583dd948f31a2461f48092867b930eec484ab7ca887e8b051524ccdca3ab50b4e9ab4978a932e5bc411f7b453cf4364d62f8193d9ce0cc544fe83486b06"}) syz_clone3(&(0x7f0000000140)={0x102a2800, 0x0, 0x0, 0x0, {0x1e}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 1021.974160][ T4387] FAULT_INJECTION: forcing a failure. [ 1021.974160][ T4387] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1022.011129][ T4387] CPU: 0 PID: 4387 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1022.019376][ T4387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1022.029271][ T4387] Call Trace: [ 1022.032396][ T4387] [ 1022.035173][ T4387] dump_stack_lvl+0x151/0x1b7 [ 1022.039682][ T4387] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1022.044975][ T4387] ? __switch_to+0x617/0x1170 [ 1022.049488][ T4387] ? native_set_ldt+0x360/0x360 [ 1022.054176][ T4387] dump_stack+0x15/0x17 [ 1022.058167][ T4387] should_fail+0x3c0/0x510 [ 1022.062424][ T4387] should_fail_alloc_page+0x58/0x70 [ 1022.067456][ T4387] __alloc_pages+0x1de/0x7c0 [ 1022.071880][ T4387] ? __count_vm_events+0x30/0x30 [ 1022.076658][ T4387] ? __this_cpu_preempt_check+0x13/0x20 [ 1022.082039][ T4387] pte_alloc_one+0x73/0x1b0 [ 1022.086375][ T4387] ? pfn_modify_allowed+0x2e0/0x2e0 [ 1022.091410][ T4387] __pte_alloc+0x86/0x350 [ 1022.095577][ T4387] ? free_pgtables+0x210/0x210 [ 1022.100175][ T4387] ? _raw_spin_lock+0xa3/0x1b0 [ 1022.104776][ T4387] ? _raw_spin_trylock_bh+0x1d0/0x1d0 [ 1022.109981][ T4387] ? __kernel_text_address+0x9a/0x110 [ 1022.115194][ T4387] copy_pte_range+0x1b1f/0x20b0 [ 1022.119879][ T4387] ? __kunmap_atomic+0x80/0x80 [ 1022.124476][ T4387] ? __kasan_slab_alloc+0xc4/0xe0 [ 1022.129338][ T4387] ? __kasan_slab_alloc+0xb2/0xe0 [ 1022.134197][ T4387] ? kmem_cache_alloc+0x189/0x2f0 [ 1022.139058][ T4387] ? vm_area_dup+0x26/0x1d0 [ 1022.143396][ T4387] ? dup_mmap+0x6b8/0xea0 [ 1022.147564][ T4387] ? dup_mm+0x91/0x330 [ 1022.151468][ T4387] ? copy_mm+0x108/0x1b0 [ 1022.155549][ T4387] ? copy_process+0x1295/0x3250 [ 1022.160236][ T4387] ? kernel_clone+0x22d/0x990 [ 1022.164748][ T4387] ? __x64_sys_clone3+0x375/0x3a0 [ 1022.169609][ T4387] ? do_syscall_64+0x44/0xd0 [ 1022.174037][ T4387] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1022.179941][ T4387] copy_page_range+0xc1e/0x1090 [ 1022.184628][ T4387] ? pfn_valid+0x1e0/0x1e0 [ 1022.188878][ T4387] dup_mmap+0x99f/0xea0 [ 1022.192875][ T4387] ? __delayed_free_task+0x20/0x20 [ 1022.197820][ T4387] ? mm_init+0x807/0x960 [ 1022.201898][ T4387] dup_mm+0x91/0x330 [ 1022.205630][ T4387] copy_mm+0x108/0x1b0 [ 1022.209535][ T4387] copy_process+0x1295/0x3250 [ 1022.214050][ T4387] ? check_stack_object+0xf7/0x130 [ 1022.218998][ T4387] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1022.223941][ T4387] ? copy_clone_args_from_user+0x6cf/0x790 [ 1022.229585][ T4387] kernel_clone+0x22d/0x990 [ 1022.233923][ T4387] ? dup_mmap+0xea0/0xea0 [ 1022.238089][ T4387] ? create_io_thread+0x1e0/0x1e0 [ 1022.242953][ T4387] ? file_end_write+0x1b0/0x1b0 [ 1022.247637][ T4387] __x64_sys_clone3+0x375/0x3a0 [ 1022.252325][ T4387] ? __ia32_sys_clone+0x300/0x300 [ 1022.257185][ T4387] ? ksys_write+0x25f/0x2c0 [ 1022.261525][ T4387] ? debug_smp_processor_id+0x17/0x20 [ 1022.266735][ T4387] do_syscall_64+0x44/0xd0 [ 1022.270987][ T4387] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1022.276721][ T4387] RIP: 0033:0x7f495fdbc639 [ 1022.280971][ T4387] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1022.300409][ T4387] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1022.308653][ T4387] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1022.316470][ T4387] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1022.324276][ T4387] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1022.332089][ T4387] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1022.339902][ T4387] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1022.347717][ T4387] 08:07:55 executing program 5: pipe(&(0x7f0000000380)={0xffffffffffffffff}) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r0, 0x12, 0x2, &(0x7f00000003c0)=""/240, &(0x7f00000004c0)=0xf0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) bind$vsock_stream(r1, &(0x7f00000000c0), 0x10) timer_create(0x0, 0x0, &(0x7f0000000540)) openat$cgroup_freezer_state(r1, &(0x7f0000000340), 0x2, 0x0) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f00000006c0)=@urb_type_control={0x2, {0x7}, 0x800, 0x4, &(0x7f0000000580)={0x1f, 0x9, 0x1, 0x100, 0x9}, 0x8, 0x6, 0x4, 0x0, 0x6, 0x7, &(0x7f00000005c0)="658e6df6f29508335948ffd72784729fab09375547b72657f7e0f33af77651f24f303e617232c089aa53b9760065364ff26daff837e0d3d960e7e3295bd9416112ea19c4f1e05da9fb5f315c0bdf220fd984ac57a824df855c332e87104f6f85e6f3d89b61f812f646f7354b8577ed9b7522ac746fdaf91c7dc16fe44139e53bdd7ee118313464914158957a8d6582f71a91ec19e7e9cca31978a9427cb4386a78850599d6ac0d2c13d1a9f571fa42d29fe316a652fb7d6a719219909288598848ea8537098386ddd5fd60d9a78d1d8c10082b4c383761dffdb99dfeed9c302a9f343fc80436a28d25cb4226d5530ec0a1c8d0"}) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$USBDEVFS_BULK(r1, 0xc0185502, &(0x7f0000000300)={{{0xf}}, 0xf1, 0x2, &(0x7f0000000200)="632ac5c7340158e528a9e623153b6b23da993ce4826d5aca92c1d6dd89a91ef476ef742ea31350dec24e38e01d201771e15374be95c04a59429bfeba04482ee9f215a5d7beb311cf23b529005f8feaf17f77bd654e171e93f99b3850f400b9e3fbf832a61171869ddc2c8ea549be5252e5eb551da415670b910276b287e73a025213cacd81c49abca95748e18d317e2325ca8efbb51dcd9a5dfcd24a721f222b57a1bc6f6974c42fcf1c24a0ae2fafab239d214880ab5e882e126e7a21ca377a2ffc8676473a412469700f3d69a22084eac0382bf2fb76323c96d89f55985b813ab0e8106e278eafc9f6daa9ff0aa39e67"}) r3 = syz_clone3(&(0x7f0000002440)={0x0, &(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)=0x0, {0x21}, &(0x7f0000002240)=""/216, 0xd8, &(0x7f0000002340)=""/129, &(0x7f0000002400)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2, {r2}}, 0x58) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[r4, r3, 0x0], 0x3}, 0x58) timer_create(0x1, &(0x7f0000000180)={0x0, 0x1f, 0x0, @thr={&(0x7f0000000700)="08c618354d5b7cbc676a22f4bc0d112902cf9198f3d8e0676e97deb049c7ce55038386863cf84ac937dea54ee377da3d518b2106405e3a688862bd3b31bdd29c7c30a8c8715adafd672ba0e6cee1be7bbba5cdaaa37b2e0a79b095f316cc6d54aea281d3dcb6bffb9322073b5847bf814008b4715715bcf11d97fc98f4aeb0ff638d8cfed98662bed0fb15aad413a767a0271af8eb13e8e6bda703a25a4176989699f322a94c20539f3f2a2b7a7d5b0dd27588488964f7853d40c58a72b08428a20056bb4981aae1f3c0ce0168aec1dd7fa24ca5370a805cf9d740d4d90c61b2b177ba8c48084944f40b40c43e945189daf1dec049762c", &(0x7f0000000800)="7776bc57077acd1f5d565399fd67528ae424af2d4f6b0e45898457470df388ae34eed0535a4d0cc244d516308c91287fbdcf950e92a5e8658d3cc2d8d7971d48c5f2364dfd03f884b9b021853807e03530a46a59a1e28ab01e755a3c43cd63f59996d964eaf2d503a5a5d128eecdb683e8eb3bcef2c44b8f95bbcb5208b24bc36169ad8b08492b94c22a71bd4c0be48a47f4cfd481895f4a70b55ab3c8c4d0bb14d99bb471516300587604ca35f7bf41545b4b7f20fcf4c9c87b32f9bca6399217c58c738f5153caabd3cd015293"}}, &(0x7f0000000100)) timer_delete(0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = fsmount(r0, 0x1, 0x5) ioctl$USBDEVFS_REAPURB(r6, 0x4008550c, &(0x7f0000000500)) read$FUSE(r5, 0x0, 0x0) accept$nfc_llcp(r5, &(0x7f0000000000), &(0x7f0000000080)=0x60) 08:07:55 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {r0, r1+10000000}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) 08:07:55 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) fsmount(r1, 0x0, 0x2) read$FUSE(0xffffffffffffffff, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(0xffffffffffffffff, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) 08:07:55 executing program 4: syz_clone3(&(0x7f00000029c0)={0x10a9000, 0x0, 0x0, 0x0, {0x1}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:55 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 67) 08:07:55 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async) read$FUSE(r0, &(0x7f0000000200)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) (async) pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = syz_clone3(&(0x7f0000002440)={0x0, &(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)=0x0, {0x21}, &(0x7f0000002240)=""/216, 0xd8, &(0x7f0000002340)=""/129, &(0x7f0000002400)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2, {r2}}, 0x58) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[r4, r3, 0x0], 0x3}, 0x58) syz_clone3(&(0x7f0000002280)={0x1084000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x3c}, &(0x7f0000000100)=""/150, 0x96, &(0x7f00000001c0), &(0x7f0000002240)=[r1, r4, 0x0], 0x3}, 0x58) 08:07:55 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {r0, r1+10000000}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) 08:07:55 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) (async) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {r0, r1+10000000}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) 08:07:55 executing program 4: syz_clone3(&(0x7f00000029c0)={0x10a9000, 0x0, 0x0, 0x0, {0x1}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 1022.753177][ T4411] FAULT_INJECTION: forcing a failure. [ 1022.753177][ T4411] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1022.797819][ T4411] CPU: 1 PID: 4411 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1022.806078][ T4411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1022.815971][ T4411] Call Trace: [ 1022.819095][ T4411] [ 1022.821872][ T4411] dump_stack_lvl+0x151/0x1b7 [ 1022.826383][ T4411] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1022.831679][ T4411] ? __switch_to+0x617/0x1170 [ 1022.836195][ T4411] ? native_set_ldt+0x360/0x360 [ 1022.840884][ T4411] dump_stack+0x15/0x17 [ 1022.844876][ T4411] should_fail+0x3c0/0x510 [ 1022.849129][ T4411] should_fail_alloc_page+0x58/0x70 [ 1022.854158][ T4411] __alloc_pages+0x1de/0x7c0 [ 1022.858590][ T4411] ? __count_vm_events+0x30/0x30 [ 1022.863360][ T4411] ? __this_cpu_preempt_check+0x13/0x20 [ 1022.868757][ T4411] pte_alloc_one+0x73/0x1b0 [ 1022.873078][ T4411] ? pfn_modify_allowed+0x2e0/0x2e0 [ 1022.878113][ T4411] ? preempt_schedule+0xd9/0xe0 [ 1022.882802][ T4411] ? preempt_schedule_common+0xcb/0x100 [ 1022.888184][ T4411] __pte_alloc+0x86/0x350 [ 1022.892362][ T4411] ? free_pgtables+0x210/0x210 [ 1022.896944][ T4411] ? _raw_spin_lock+0xa3/0x1b0 [ 1022.901550][ T4411] ? _raw_spin_trylock_bh+0x1d0/0x1d0 [ 1022.906755][ T4411] ? preempt_schedule_thunk+0x16/0x18 [ 1022.911963][ T4411] copy_pte_range+0x1b1f/0x20b0 [ 1022.916663][ T4411] ? __kunmap_atomic+0x80/0x80 [ 1022.921252][ T4411] ? __kasan_slab_alloc+0xc4/0xe0 [ 1022.926108][ T4411] ? __kasan_slab_alloc+0xb2/0xe0 [ 1022.930975][ T4411] ? kmem_cache_alloc+0x189/0x2f0 [ 1022.935831][ T4411] ? vm_area_dup+0x26/0x1d0 [ 1022.940171][ T4411] ? dup_mmap+0x6b8/0xea0 [ 1022.944335][ T4411] ? dup_mm+0x91/0x330 [ 1022.948243][ T4411] ? copy_mm+0x108/0x1b0 [ 1022.952322][ T4411] ? copy_process+0x1295/0x3250 [ 1022.957007][ T4411] ? kernel_clone+0x22d/0x990 [ 1022.961550][ T4411] ? __x64_sys_clone3+0x375/0x3a0 [ 1022.966382][ T4411] ? do_syscall_64+0x44/0xd0 [ 1022.970808][ T4411] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1022.976709][ T4411] copy_page_range+0xc1e/0x1090 [ 1022.981398][ T4411] ? pfn_valid+0x1e0/0x1e0 [ 1022.985649][ T4411] dup_mmap+0x99f/0xea0 [ 1022.989640][ T4411] ? __delayed_free_task+0x20/0x20 [ 1022.994590][ T4411] ? mm_init+0x807/0x960 [ 1022.998668][ T4411] dup_mm+0x91/0x330 [ 1023.002408][ T4411] copy_mm+0x108/0x1b0 [ 1023.006307][ T4411] copy_process+0x1295/0x3250 [ 1023.010820][ T4411] ? check_stack_object+0xf7/0x130 [ 1023.015767][ T4411] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1023.020716][ T4411] ? copy_clone_args_from_user+0x6cf/0x790 [ 1023.026354][ T4411] kernel_clone+0x22d/0x990 [ 1023.030699][ T4411] ? dup_mmap+0xea0/0xea0 [ 1023.034863][ T4411] ? create_io_thread+0x1e0/0x1e0 [ 1023.039727][ T4411] ? file_end_write+0x1b0/0x1b0 [ 1023.044413][ T4411] __x64_sys_clone3+0x375/0x3a0 [ 1023.049096][ T4411] ? __ia32_sys_clone+0x300/0x300 [ 1023.053962][ T4411] ? ksys_write+0x25f/0x2c0 [ 1023.058302][ T4411] ? debug_smp_processor_id+0x17/0x20 [ 1023.063620][ T4411] do_syscall_64+0x44/0xd0 [ 1023.067865][ T4411] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1023.073596][ T4411] RIP: 0033:0x7f495fdbc639 [ 1023.077847][ T4411] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 08:07:55 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) 08:07:55 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) 08:07:55 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) [ 1023.097296][ T4411] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1023.105537][ T4411] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1023.113368][ T4411] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1023.121161][ T4411] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1023.128971][ T4411] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1023.136777][ T4411] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1023.144591][ T4411] 08:07:55 executing program 5: pipe(&(0x7f0000000380)={0xffffffffffffffff}) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r0, 0x12, 0x2, &(0x7f00000003c0)=""/240, &(0x7f00000004c0)=0xf0) (async, rerun: 64) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) (rerun: 64) read$FUSE(r1, 0x0, 0x0) bind$vsock_stream(r1, &(0x7f00000000c0), 0x10) (async, rerun: 32) timer_create(0x0, 0x0, &(0x7f0000000540)) (async, rerun: 32) openat$cgroup_freezer_state(r1, &(0x7f0000000340), 0x2, 0x0) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f00000006c0)=@urb_type_control={0x2, {0x7}, 0x800, 0x4, &(0x7f0000000580)={0x1f, 0x9, 0x1, 0x100, 0x9}, 0x8, 0x6, 0x4, 0x0, 0x6, 0x7, &(0x7f00000005c0)="658e6df6f29508335948ffd72784729fab09375547b72657f7e0f33af77651f24f303e617232c089aa53b9760065364ff26daff837e0d3d960e7e3295bd9416112ea19c4f1e05da9fb5f315c0bdf220fd984ac57a824df855c332e87104f6f85e6f3d89b61f812f646f7354b8577ed9b7522ac746fdaf91c7dc16fe44139e53bdd7ee118313464914158957a8d6582f71a91ec19e7e9cca31978a9427cb4386a78850599d6ac0d2c13d1a9f571fa42d29fe316a652fb7d6a719219909288598848ea8537098386ddd5fd60d9a78d1d8c10082b4c383761dffdb99dfeed9c302a9f343fc80436a28d25cb4226d5530ec0a1c8d0"}) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$USBDEVFS_BULK(r1, 0xc0185502, &(0x7f0000000300)={{{0xf}}, 0xf1, 0x2, &(0x7f0000000200)="632ac5c7340158e528a9e623153b6b23da993ce4826d5aca92c1d6dd89a91ef476ef742ea31350dec24e38e01d201771e15374be95c04a59429bfeba04482ee9f215a5d7beb311cf23b529005f8feaf17f77bd654e171e93f99b3850f400b9e3fbf832a61171869ddc2c8ea549be5252e5eb551da415670b910276b287e73a025213cacd81c49abca95748e18d317e2325ca8efbb51dcd9a5dfcd24a721f222b57a1bc6f6974c42fcf1c24a0ae2fafab239d214880ab5e882e126e7a21ca377a2ffc8676473a412469700f3d69a22084eac0382bf2fb76323c96d89f55985b813ab0e8106e278eafc9f6daa9ff0aa39e67"}) (async, rerun: 32) r3 = syz_clone3(&(0x7f0000002440)={0x0, &(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)=0x0, {0x21}, &(0x7f0000002240)=""/216, 0xd8, &(0x7f0000002340)=""/129, &(0x7f0000002400)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2, {r2}}, 0x58) (rerun: 32) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[r4, r3, 0x0], 0x3}, 0x58) timer_create(0x1, &(0x7f0000000180)={0x0, 0x1f, 0x0, @thr={&(0x7f0000000700)="08c618354d5b7cbc676a22f4bc0d112902cf9198f3d8e0676e97deb049c7ce55038386863cf84ac937dea54ee377da3d518b2106405e3a688862bd3b31bdd29c7c30a8c8715adafd672ba0e6cee1be7bbba5cdaaa37b2e0a79b095f316cc6d54aea281d3dcb6bffb9322073b5847bf814008b4715715bcf11d97fc98f4aeb0ff638d8cfed98662bed0fb15aad413a767a0271af8eb13e8e6bda703a25a4176989699f322a94c20539f3f2a2b7a7d5b0dd27588488964f7853d40c58a72b08428a20056bb4981aae1f3c0ce0168aec1dd7fa24ca5370a805cf9d740d4d90c61b2b177ba8c48084944f40b40c43e945189daf1dec049762c", &(0x7f0000000800)="7776bc57077acd1f5d565399fd67528ae424af2d4f6b0e45898457470df388ae34eed0535a4d0cc244d516308c91287fbdcf950e92a5e8658d3cc2d8d7971d48c5f2364dfd03f884b9b021853807e03530a46a59a1e28ab01e755a3c43cd63f59996d964eaf2d503a5a5d128eecdb683e8eb3bcef2c44b8f95bbcb5208b24bc36169ad8b08492b94c22a71bd4c0be48a47f4cfd481895f4a70b55ab3c8c4d0bb14d99bb471516300587604ca35f7bf41545b4b7f20fcf4c9c87b32f9bca6399217c58c738f5153caabd3cd015293"}}, &(0x7f0000000100)) timer_delete(0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) (async) r6 = fsmount(r0, 0x1, 0x5) ioctl$USBDEVFS_REAPURB(r6, 0x4008550c, &(0x7f0000000500)) read$FUSE(r5, 0x0, 0x0) (async) accept$nfc_llcp(r5, &(0x7f0000000000), &(0x7f0000000080)=0x60) 08:07:55 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) timer_delete(r0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) timer_gettime(r1, &(0x7f0000000000)) 08:07:55 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) fsmount(r1, 0x0, 0x2) read$FUSE(0xffffffffffffffff, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(0xffffffffffffffff, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) 08:07:55 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 68) 08:07:55 executing program 4: syz_clone3(&(0x7f00000029c0)={0x10a9000, 0x0, 0x0, 0x0, {0x1}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 1023.214325][ T4448] FAULT_INJECTION: forcing a failure. [ 1023.214325][ T4448] name failslab, interval 1, probability 0, space 0, times 0 [ 1023.229796][ T4448] CPU: 0 PID: 4448 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1023.238049][ T4448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1023.247947][ T4448] Call Trace: [ 1023.251068][ T4448] [ 1023.253843][ T4448] dump_stack_lvl+0x151/0x1b7 [ 1023.258360][ T4448] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1023.263650][ T4448] ? do_syscall_64+0x44/0xd0 [ 1023.268081][ T4448] dump_stack+0x15/0x17 [ 1023.272071][ T4448] should_fail+0x3c0/0x510 [ 1023.276327][ T4448] __should_failslab+0x9f/0xe0 [ 1023.280926][ T4448] should_failslab+0x9/0x20 [ 1023.285262][ T4448] kmem_cache_alloc+0x4f/0x2f0 [ 1023.289869][ T4448] ? anon_vma_clone+0xa1/0x4f0 [ 1023.294465][ T4448] anon_vma_clone+0xa1/0x4f0 [ 1023.298898][ T4448] anon_vma_fork+0x91/0x4f0 [ 1023.303228][ T4448] ? anon_vma_name+0x43/0x70 [ 1023.307658][ T4448] dup_mmap+0x750/0xea0 [ 1023.311656][ T4448] ? __delayed_free_task+0x20/0x20 [ 1023.316595][ T4448] ? mm_init+0x807/0x960 [ 1023.320675][ T4448] dup_mm+0x91/0x330 [ 1023.324406][ T4448] copy_mm+0x108/0x1b0 [ 1023.328313][ T4448] copy_process+0x1295/0x3250 [ 1023.332830][ T4448] ? check_stack_object+0xf7/0x130 [ 1023.337771][ T4448] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1023.342718][ T4448] ? copy_clone_args_from_user+0x6cf/0x790 [ 1023.348358][ T4448] kernel_clone+0x22d/0x990 [ 1023.352699][ T4448] ? dup_mmap+0xea0/0xea0 [ 1023.356866][ T4448] ? create_io_thread+0x1e0/0x1e0 [ 1023.361726][ T4448] ? file_end_write+0x1b0/0x1b0 [ 1023.366413][ T4448] __x64_sys_clone3+0x375/0x3a0 [ 1023.371099][ T4448] ? __ia32_sys_clone+0x300/0x300 [ 1023.375961][ T4448] ? ksys_write+0x25f/0x2c0 [ 1023.380314][ T4448] ? debug_smp_processor_id+0x17/0x20 [ 1023.385512][ T4448] do_syscall_64+0x44/0xd0 [ 1023.389763][ T4448] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1023.395487][ T4448] RIP: 0033:0x7f495fdbc639 [ 1023.399742][ T4448] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1023.419183][ T4448] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1023.427540][ T4448] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1023.435349][ T4448] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1023.443162][ T4448] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1023.450976][ T4448] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 08:07:56 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async) read$FUSE(r0, &(0x7f0000000200)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) (async) pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = syz_clone3(&(0x7f0000002440)={0x0, &(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)=0x0, {0x21}, &(0x7f0000002240)=""/216, 0xd8, &(0x7f0000002340)=""/129, &(0x7f0000002400)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2, {r2}}, 0x58) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[r4, r3, 0x0], 0x3}, 0x58) (async) syz_clone3(&(0x7f0000002280)={0x1084000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x3c}, &(0x7f0000000100)=""/150, 0x96, &(0x7f00000001c0), &(0x7f0000002240)=[r1, r4, 0x0], 0x3}, 0x58) 08:07:56 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) timer_delete(r0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) timer_gettime(r1, &(0x7f0000000000)) timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) (async) timer_delete(r0) (async) timer_delete(r0) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) (async) timer_delete(r1) (async) timer_gettime(r1, &(0x7f0000000000)) (async) 08:07:56 executing program 4: syz_clone3(&(0x7f00000029c0)={0x26222400, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) accept4$nfc_llcp(r0, &(0x7f0000000000), &(0x7f0000000080)=0x60, 0x1000) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) connect$nfc_llcp(r1, &(0x7f00000000c0)={0x27, 0x0, 0x2, 0x1b90eb40abd931c8, 0x8, 0x1f, "374d197d9b8d68d87f8a1d1f46ed29cd7824c699b5d11659e88658ddf2c2b69386b3f20c07dd05fcb3ef5a290e7125761c8a566c67915f9009e5dcf736ab11", 0x6}, 0x60) [ 1023.458784][ T4448] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1023.466599][ T4448] 08:07:56 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) (async, rerun: 32) timer_delete(r0) (rerun: 32) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) timer_gettime(r1, &(0x7f0000000000)) 08:07:56 executing program 4: syz_clone3(&(0x7f00000029c0)={0x26222400, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) accept4$nfc_llcp(r0, &(0x7f0000000000), &(0x7f0000000080)=0x60, 0x1000) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) connect$nfc_llcp(r1, &(0x7f00000000c0)={0x27, 0x0, 0x2, 0x1b90eb40abd931c8, 0x8, 0x1f, "374d197d9b8d68d87f8a1d1f46ed29cd7824c699b5d11659e88658ddf2c2b69386b3f20c07dd05fcb3ef5a290e7125761c8a566c67915f9009e5dcf736ab11", 0x6}, 0x60) syz_clone3(&(0x7f00000029c0)={0x26222400, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (async) pipe(&(0x7f0000005540)) (async) read$FUSE(r0, 0x0, 0x0) (async) accept4$nfc_llcp(r0, &(0x7f0000000000), &(0x7f0000000080)=0x60, 0x1000) (async) pipe(&(0x7f0000005540)) (async) read$FUSE(r1, 0x0, 0x0) (async) connect$nfc_llcp(r1, &(0x7f00000000c0)={0x27, 0x0, 0x2, 0x1b90eb40abd931c8, 0x8, 0x1f, "374d197d9b8d68d87f8a1d1f46ed29cd7824c699b5d11659e88658ddf2c2b69386b3f20c07dd05fcb3ef5a290e7125761c8a566c67915f9009e5dcf736ab11", 0x6}, 0x60) (async) 08:07:56 executing program 1: read$FUSE(0xffffffffffffffff, &(0x7f0000000280)={0x2020, 0x0, 0x0}, 0x2020) syz_clone3(&(0x7f00000022c0)={0x40000080, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=0x0, {0x34}, &(0x7f00000000c0)=""/5, 0x5, &(0x7f0000000180)=""/121, &(0x7f0000000200)=[0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x3}, 0x58) write$FUSE_LK(0xffffffffffffffff, &(0x7f0000002340)={0x28, 0x0, r0, {{0x8, 0x2, 0x0, r1}}}, 0x28) timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) 08:07:56 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) read$FUSE(0xffffffffffffffff, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(0xffffffffffffffff, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) 08:07:56 executing program 5: pipe(&(0x7f0000000380)={0xffffffffffffffff}) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r0, 0x12, 0x2, &(0x7f00000003c0)=""/240, &(0x7f00000004c0)=0xf0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) bind$vsock_stream(r1, &(0x7f00000000c0), 0x10) timer_create(0x0, 0x0, &(0x7f0000000540)) openat$cgroup_freezer_state(r1, &(0x7f0000000340), 0x2, 0x0) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f00000006c0)=@urb_type_control={0x2, {0x7}, 0x800, 0x4, &(0x7f0000000580)={0x1f, 0x9, 0x1, 0x100, 0x9}, 0x8, 0x6, 0x4, 0x0, 0x6, 0x7, &(0x7f00000005c0)="658e6df6f29508335948ffd72784729fab09375547b72657f7e0f33af77651f24f303e617232c089aa53b9760065364ff26daff837e0d3d960e7e3295bd9416112ea19c4f1e05da9fb5f315c0bdf220fd984ac57a824df855c332e87104f6f85e6f3d89b61f812f646f7354b8577ed9b7522ac746fdaf91c7dc16fe44139e53bdd7ee118313464914158957a8d6582f71a91ec19e7e9cca31978a9427cb4386a78850599d6ac0d2c13d1a9f571fa42d29fe316a652fb7d6a719219909288598848ea8537098386ddd5fd60d9a78d1d8c10082b4c383761dffdb99dfeed9c302a9f343fc80436a28d25cb4226d5530ec0a1c8d0"}) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$USBDEVFS_BULK(r1, 0xc0185502, &(0x7f0000000300)={{{0xf}}, 0xf1, 0x2, &(0x7f0000000200)="632ac5c7340158e528a9e623153b6b23da993ce4826d5aca92c1d6dd89a91ef476ef742ea31350dec24e38e01d201771e15374be95c04a59429bfeba04482ee9f215a5d7beb311cf23b529005f8feaf17f77bd654e171e93f99b3850f400b9e3fbf832a61171869ddc2c8ea549be5252e5eb551da415670b910276b287e73a025213cacd81c49abca95748e18d317e2325ca8efbb51dcd9a5dfcd24a721f222b57a1bc6f6974c42fcf1c24a0ae2fafab239d214880ab5e882e126e7a21ca377a2ffc8676473a412469700f3d69a22084eac0382bf2fb76323c96d89f55985b813ab0e8106e278eafc9f6daa9ff0aa39e67"}) r3 = syz_clone3(&(0x7f0000002440)={0x0, &(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)=0x0, {0x21}, &(0x7f0000002240)=""/216, 0xd8, &(0x7f0000002340)=""/129, &(0x7f0000002400)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2, {r2}}, 0x58) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[r4, r3, 0x0], 0x3}, 0x58) timer_create(0x1, &(0x7f0000000180)={0x0, 0x1f, 0x0, @thr={&(0x7f0000000700)="08c618354d5b7cbc676a22f4bc0d112902cf9198f3d8e0676e97deb049c7ce55038386863cf84ac937dea54ee377da3d518b2106405e3a688862bd3b31bdd29c7c30a8c8715adafd672ba0e6cee1be7bbba5cdaaa37b2e0a79b095f316cc6d54aea281d3dcb6bffb9322073b5847bf814008b4715715bcf11d97fc98f4aeb0ff638d8cfed98662bed0fb15aad413a767a0271af8eb13e8e6bda703a25a4176989699f322a94c20539f3f2a2b7a7d5b0dd27588488964f7853d40c58a72b08428a20056bb4981aae1f3c0ce0168aec1dd7fa24ca5370a805cf9d740d4d90c61b2b177ba8c48084944f40b40c43e945189daf1dec049762c", &(0x7f0000000800)="7776bc57077acd1f5d565399fd67528ae424af2d4f6b0e45898457470df388ae34eed0535a4d0cc244d516308c91287fbdcf950e92a5e8658d3cc2d8d7971d48c5f2364dfd03f884b9b021853807e03530a46a59a1e28ab01e755a3c43cd63f59996d964eaf2d503a5a5d128eecdb683e8eb3bcef2c44b8f95bbcb5208b24bc36169ad8b08492b94c22a71bd4c0be48a47f4cfd481895f4a70b55ab3c8c4d0bb14d99bb471516300587604ca35f7bf41545b4b7f20fcf4c9c87b32f9bca6399217c58c738f5153caabd3cd015293"}}, &(0x7f0000000100)) timer_delete(0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = fsmount(r0, 0x1, 0x5) ioctl$USBDEVFS_REAPURB(r6, 0x4008550c, &(0x7f0000000500)) read$FUSE(r5, 0x0, 0x0) accept$nfc_llcp(r5, &(0x7f0000000000), &(0x7f0000000080)=0x60) pipe(&(0x7f0000000380)) (async) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r0, 0x12, 0x2, &(0x7f00000003c0)=""/240, &(0x7f00000004c0)=0xf0) (async) pipe(&(0x7f0000005540)) (async) read$FUSE(r1, 0x0, 0x0) (async) bind$vsock_stream(r1, &(0x7f00000000c0), 0x10) (async) timer_create(0x0, 0x0, &(0x7f0000000540)) (async) openat$cgroup_freezer_state(r1, &(0x7f0000000340), 0x2, 0x0) (async) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f00000006c0)=@urb_type_control={0x2, {0x7}, 0x800, 0x4, &(0x7f0000000580)={0x1f, 0x9, 0x1, 0x100, 0x9}, 0x8, 0x6, 0x4, 0x0, 0x6, 0x7, &(0x7f00000005c0)="658e6df6f29508335948ffd72784729fab09375547b72657f7e0f33af77651f24f303e617232c089aa53b9760065364ff26daff837e0d3d960e7e3295bd9416112ea19c4f1e05da9fb5f315c0bdf220fd984ac57a824df855c332e87104f6f85e6f3d89b61f812f646f7354b8577ed9b7522ac746fdaf91c7dc16fe44139e53bdd7ee118313464914158957a8d6582f71a91ec19e7e9cca31978a9427cb4386a78850599d6ac0d2c13d1a9f571fa42d29fe316a652fb7d6a719219909288598848ea8537098386ddd5fd60d9a78d1d8c10082b4c383761dffdb99dfeed9c302a9f343fc80436a28d25cb4226d5530ec0a1c8d0"}) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) pipe(&(0x7f0000005440)) (async) ioctl$USBDEVFS_BULK(r1, 0xc0185502, &(0x7f0000000300)={{{0xf}}, 0xf1, 0x2, &(0x7f0000000200)="632ac5c7340158e528a9e623153b6b23da993ce4826d5aca92c1d6dd89a91ef476ef742ea31350dec24e38e01d201771e15374be95c04a59429bfeba04482ee9f215a5d7beb311cf23b529005f8feaf17f77bd654e171e93f99b3850f400b9e3fbf832a61171869ddc2c8ea549be5252e5eb551da415670b910276b287e73a025213cacd81c49abca95748e18d317e2325ca8efbb51dcd9a5dfcd24a721f222b57a1bc6f6974c42fcf1c24a0ae2fafab239d214880ab5e882e126e7a21ca377a2ffc8676473a412469700f3d69a22084eac0382bf2fb76323c96d89f55985b813ab0e8106e278eafc9f6daa9ff0aa39e67"}) (async) syz_clone3(&(0x7f0000002440)={0x0, &(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200), {0x21}, &(0x7f0000002240)=""/216, 0xd8, &(0x7f0000002340)=""/129, &(0x7f0000002400)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2, {r2}}, 0x58) (async) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[r4, r3, 0x0], 0x3}, 0x58) (async) timer_create(0x1, &(0x7f0000000180)={0x0, 0x1f, 0x0, @thr={&(0x7f0000000700)="08c618354d5b7cbc676a22f4bc0d112902cf9198f3d8e0676e97deb049c7ce55038386863cf84ac937dea54ee377da3d518b2106405e3a688862bd3b31bdd29c7c30a8c8715adafd672ba0e6cee1be7bbba5cdaaa37b2e0a79b095f316cc6d54aea281d3dcb6bffb9322073b5847bf814008b4715715bcf11d97fc98f4aeb0ff638d8cfed98662bed0fb15aad413a767a0271af8eb13e8e6bda703a25a4176989699f322a94c20539f3f2a2b7a7d5b0dd27588488964f7853d40c58a72b08428a20056bb4981aae1f3c0ce0168aec1dd7fa24ca5370a805cf9d740d4d90c61b2b177ba8c48084944f40b40c43e945189daf1dec049762c", &(0x7f0000000800)="7776bc57077acd1f5d565399fd67528ae424af2d4f6b0e45898457470df388ae34eed0535a4d0cc244d516308c91287fbdcf950e92a5e8658d3cc2d8d7971d48c5f2364dfd03f884b9b021853807e03530a46a59a1e28ab01e755a3c43cd63f59996d964eaf2d503a5a5d128eecdb683e8eb3bcef2c44b8f95bbcb5208b24bc36169ad8b08492b94c22a71bd4c0be48a47f4cfd481895f4a70b55ab3c8c4d0bb14d99bb471516300587604ca35f7bf41545b4b7f20fcf4c9c87b32f9bca6399217c58c738f5153caabd3cd015293"}}, &(0x7f0000000100)) (async) timer_delete(0x0) (async) pipe(&(0x7f0000005540)) (async) fsmount(r0, 0x1, 0x5) (async) ioctl$USBDEVFS_REAPURB(r6, 0x4008550c, &(0x7f0000000500)) (async) read$FUSE(r5, 0x0, 0x0) (async) accept$nfc_llcp(r5, &(0x7f0000000000), &(0x7f0000000080)=0x60) (async) 08:07:56 executing program 4: syz_clone3(&(0x7f00000029c0)={0x26222400, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (async, rerun: 32) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) (rerun: 32) read$FUSE(r0, 0x0, 0x0) (async) accept4$nfc_llcp(r0, &(0x7f0000000000), &(0x7f0000000080)=0x60, 0x1000) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) (async) connect$nfc_llcp(r1, &(0x7f00000000c0)={0x27, 0x0, 0x2, 0x1b90eb40abd931c8, 0x8, 0x1f, "374d197d9b8d68d87f8a1d1f46ed29cd7824c699b5d11659e88658ddf2c2b69386b3f20c07dd05fcb3ef5a290e7125761c8a566c67915f9009e5dcf736ab11", 0x6}, 0x60) 08:07:56 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 69) 08:07:56 executing program 1: read$FUSE(0xffffffffffffffff, &(0x7f0000000280)={0x2020, 0x0, 0x0}, 0x2020) (async) syz_clone3(&(0x7f00000022c0)={0x40000080, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=0x0, {0x34}, &(0x7f00000000c0)=""/5, 0x5, &(0x7f0000000180)=""/121, &(0x7f0000000200)=[0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x3}, 0x58) write$FUSE_LK(0xffffffffffffffff, &(0x7f0000002340)={0x28, 0x0, r0, {{0x8, 0x2, 0x0, r1}}}, 0x28) (async) timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) 08:07:56 executing program 1: read$FUSE(0xffffffffffffffff, &(0x7f0000000280)={0x2020, 0x0, 0x0}, 0x2020) (async) syz_clone3(&(0x7f00000022c0)={0x40000080, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=0x0, {0x34}, &(0x7f00000000c0)=""/5, 0x5, &(0x7f0000000180)=""/121, &(0x7f0000000200)=[0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x3}, 0x58) write$FUSE_LK(0xffffffffffffffff, &(0x7f0000002340)={0x28, 0x0, r0, {{0x8, 0x2, 0x0, r1}}}, 0x28) timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) 08:07:56 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) 08:07:56 executing program 1: timer_create(0x2, 0x0, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) [ 1023.588063][ T4504] FAULT_INJECTION: forcing a failure. [ 1023.588063][ T4504] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1023.618972][ T4504] CPU: 0 PID: 4504 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1023.627226][ T4504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 08:07:56 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) 08:07:56 executing program 1: timer_create(0x2, 0x0, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) timer_create(0x2, 0x0, &(0x7f0000000040)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) [ 1023.637122][ T4504] Call Trace: [ 1023.640242][ T4504] [ 1023.643194][ T4504] dump_stack_lvl+0x151/0x1b7 [ 1023.647708][ T4504] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1023.653001][ T4504] dump_stack+0x15/0x17 [ 1023.656993][ T4504] should_fail+0x3c0/0x510 [ 1023.661248][ T4504] should_fail_alloc_page+0x58/0x70 [ 1023.666280][ T4504] __alloc_pages+0x1de/0x7c0 [ 1023.670710][ T4504] ? __count_vm_events+0x30/0x30 [ 1023.675492][ T4504] ? __this_cpu_preempt_check+0x13/0x20 [ 1023.680861][ T4504] ? __mod_node_page_state+0xac/0xf0 08:07:56 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) 08:07:56 executing program 1: timer_create(0x2, 0x0, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) timer_create(0x2, 0x0, &(0x7f0000000040)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) [ 1023.685987][ T4504] pte_alloc_one+0x73/0x1b0 [ 1023.690319][ T4504] ? pfn_modify_allowed+0x2e0/0x2e0 [ 1023.695356][ T4504] __pte_alloc+0x86/0x350 [ 1023.699520][ T4504] ? free_pgtables+0x210/0x210 [ 1023.704119][ T4504] ? _raw_spin_lock+0xa3/0x1b0 [ 1023.708722][ T4504] ? _raw_spin_trylock_bh+0x1d0/0x1d0 [ 1023.713933][ T4504] ? __kernel_text_address+0x9a/0x110 [ 1023.719140][ T4504] copy_pte_range+0x1b1f/0x20b0 [ 1023.723823][ T4504] ? __kunmap_atomic+0x80/0x80 [ 1023.728418][ T4504] ? __kasan_slab_alloc+0xc4/0xe0 [ 1023.733279][ T4504] ? __kasan_slab_alloc+0xb2/0xe0 [ 1023.738139][ T4504] ? kmem_cache_alloc+0x189/0x2f0 [ 1023.743001][ T4504] ? vm_area_dup+0x26/0x1d0 [ 1023.747339][ T4504] ? dup_mmap+0x6b8/0xea0 [ 1023.751506][ T4504] ? dup_mm+0x91/0x330 [ 1023.755415][ T4504] ? copy_mm+0x108/0x1b0 [ 1023.759493][ T4504] ? copy_process+0x1295/0x3250 [ 1023.764177][ T4504] ? kernel_clone+0x22d/0x990 [ 1023.768693][ T4504] ? __x64_sys_clone3+0x375/0x3a0 [ 1023.773550][ T4504] ? do_syscall_64+0x44/0xd0 [ 1023.778065][ T4504] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1023.783981][ T4504] copy_page_range+0xc1e/0x1090 [ 1023.788662][ T4504] ? pfn_valid+0x1e0/0x1e0 [ 1023.792912][ T4504] dup_mmap+0x99f/0xea0 [ 1023.796904][ T4504] ? __delayed_free_task+0x20/0x20 [ 1023.801852][ T4504] ? mm_init+0x807/0x960 [ 1023.805935][ T4504] dup_mm+0x91/0x330 [ 1023.809664][ T4504] copy_mm+0x108/0x1b0 [ 1023.813568][ T4504] copy_process+0x1295/0x3250 [ 1023.818081][ T4504] ? check_stack_object+0xf7/0x130 [ 1023.823027][ T4504] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1023.827973][ T4504] ? copy_clone_args_from_user+0x6cf/0x790 [ 1023.833619][ T4504] kernel_clone+0x22d/0x990 [ 1023.837953][ T4504] ? dup_mmap+0xea0/0xea0 [ 1023.842120][ T4504] ? create_io_thread+0x1e0/0x1e0 [ 1023.846978][ T4504] ? file_end_write+0x1b0/0x1b0 [ 1023.851667][ T4504] __x64_sys_clone3+0x375/0x3a0 [ 1023.856353][ T4504] ? __ia32_sys_clone+0x300/0x300 [ 1023.861213][ T4504] ? ksys_write+0x25f/0x2c0 [ 1023.865555][ T4504] ? debug_smp_processor_id+0x17/0x20 [ 1023.870761][ T4504] do_syscall_64+0x44/0xd0 [ 1023.875015][ T4504] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1023.880741][ T4504] RIP: 0033:0x7f495fdbc639 [ 1023.884996][ T4504] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1023.904438][ T4504] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1023.912684][ T4504] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1023.920493][ T4504] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1023.928304][ T4504] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 08:07:56 executing program 2: syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) read$FUSE(0xffffffffffffffff, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(0xffffffffffffffff, 0x5523) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) [ 1023.936117][ T4504] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1023.943926][ T4504] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1023.951740][ T4504] 08:07:56 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) timer_create(0x6, &(0x7f00000000c0)={0x0, 0x2d, 0x0, @thr={&(0x7f0000000180)="6bb305e8fcb9bd3faa50aaa8a2e56bd1d7f8ab3885e955a4eb8dedc1679c997eb28f5d65943332b20a23f648d215d1b3151b3f90f01144e088c85ad54c9b0388ac25d46ea1c679b1a270fdba0813e11034b12fef71a1e3bb5a302cf731aafcf233d5afa855356b27b8d3cf9e769da431f1f54fc841ce700d4cf4d05a073c02e88af26f2bf7f8e1e7ab", &(0x7f0000000080)="32624ac15f4137e0d31c76fbdb05b2793ad123da1a834a207a2e1e9b335a6f9ebf4bcb4a2950e0f3e7a58a57f6"}}, &(0x7f0000000240)) timer_create(0x2, &(0x7f0000000000)={0x0, 0x4, 0x2}, &(0x7f0000000040)=0x0) timer_settime(r0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x0, 0x989680}}, 0x0) timer_delete(0x0) 08:07:56 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) bind$bt_sco(r1, &(0x7f0000000000)={0x1f, @none}, 0x8) 08:07:56 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_create(0x3, &(0x7f0000000080)={0x0, 0x5, 0x3, @thr={&(0x7f0000000040)="ac31", &(0x7f0000000280)="6af83aa5a91747e13f18e1262727c76976ed0afed6e0e3ef25a74060b51de7ef48833e578dce9380201a5dbc7527bd0c9cc7bd385da6e73882b90313231eabff1a1c439952a1a69468e3dda43f70483b65e9b7a09a65fad73f16fc750283244ba940115f8dae34d705263e3f036c3a01d64783d4fa82955b16e4fd3647e978c06c4320d38408bfb0d8affb82d9f134e4ff8bf2b623a89fd19fb24281e645b7223765980b1de0ac720cd264eee70d275ec4145cef71d41e1b94b172182eeff823220698576493a414da1ae823b9cf053204ef8b1e97c5d7f15814f5afa9af8163"}}, &(0x7f00000000c0)) timer_gettime(r0, &(0x7f0000000000)) timer_gettime(0x0, &(0x7f0000000240)) set_thread_area(&(0x7f0000000180)={0xa29, 0x0, 0x0, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1}) 08:07:56 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 70) 08:07:56 executing program 4: r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff8) add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, r0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:56 executing program 2: syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) read$FUSE(0xffffffffffffffff, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(0xffffffffffffffff, 0x5523) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) 08:07:56 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_create(0x3, &(0x7f0000000080)={0x0, 0x5, 0x3, @thr={&(0x7f0000000040)="ac31", &(0x7f0000000280)="6af83aa5a91747e13f18e1262727c76976ed0afed6e0e3ef25a74060b51de7ef48833e578dce9380201a5dbc7527bd0c9cc7bd385da6e73882b90313231eabff1a1c439952a1a69468e3dda43f70483b65e9b7a09a65fad73f16fc750283244ba940115f8dae34d705263e3f036c3a01d64783d4fa82955b16e4fd3647e978c06c4320d38408bfb0d8affb82d9f134e4ff8bf2b623a89fd19fb24281e645b7223765980b1de0ac720cd264eee70d275ec4145cef71d41e1b94b172182eeff823220698576493a414da1ae823b9cf053204ef8b1e97c5d7f15814f5afa9af8163"}}, &(0x7f00000000c0)) (async) timer_gettime(r0, &(0x7f0000000000)) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) set_thread_area(&(0x7f0000000180)={0xa29, 0x0, 0x0, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1}) 08:07:56 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) (async) timer_create(0x6, &(0x7f00000000c0)={0x0, 0x2d, 0x0, @thr={&(0x7f0000000180)="6bb305e8fcb9bd3faa50aaa8a2e56bd1d7f8ab3885e955a4eb8dedc1679c997eb28f5d65943332b20a23f648d215d1b3151b3f90f01144e088c85ad54c9b0388ac25d46ea1c679b1a270fdba0813e11034b12fef71a1e3bb5a302cf731aafcf233d5afa855356b27b8d3cf9e769da431f1f54fc841ce700d4cf4d05a073c02e88af26f2bf7f8e1e7ab", &(0x7f0000000080)="32624ac15f4137e0d31c76fbdb05b2793ad123da1a834a207a2e1e9b335a6f9ebf4bcb4a2950e0f3e7a58a57f6"}}, &(0x7f0000000240)) timer_create(0x2, &(0x7f0000000000)={0x0, 0x4, 0x2}, &(0x7f0000000040)=0x0) timer_settime(r0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x0, 0x989680}}, 0x0) timer_delete(0x0) 08:07:56 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) (async) bind$bt_sco(r1, &(0x7f0000000000)={0x1f, @none}, 0x8) 08:07:56 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_create(0x3, &(0x7f0000000080)={0x0, 0x5, 0x3, @thr={&(0x7f0000000040)="ac31", &(0x7f0000000280)="6af83aa5a91747e13f18e1262727c76976ed0afed6e0e3ef25a74060b51de7ef48833e578dce9380201a5dbc7527bd0c9cc7bd385da6e73882b90313231eabff1a1c439952a1a69468e3dda43f70483b65e9b7a09a65fad73f16fc750283244ba940115f8dae34d705263e3f036c3a01d64783d4fa82955b16e4fd3647e978c06c4320d38408bfb0d8affb82d9f134e4ff8bf2b623a89fd19fb24281e645b7223765980b1de0ac720cd264eee70d275ec4145cef71d41e1b94b172182eeff823220698576493a414da1ae823b9cf053204ef8b1e97c5d7f15814f5afa9af8163"}}, &(0x7f00000000c0)) timer_gettime(r0, &(0x7f0000000000)) timer_gettime(0x0, &(0x7f0000000240)) (async) set_thread_area(&(0x7f0000000180)={0xa29, 0x0, 0x0, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1}) 08:07:56 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) (async) bind$bt_sco(r1, &(0x7f0000000000)={0x1f, @none}, 0x8) [ 1024.079578][ T4582] FAULT_INJECTION: forcing a failure. [ 1024.079578][ T4582] name failslab, interval 1, probability 0, space 0, times 0 [ 1024.100576][ T4582] CPU: 0 PID: 4582 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1024.108821][ T4582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1024.118721][ T4582] Call Trace: [ 1024.121841][ T4582] [ 1024.124616][ T4582] dump_stack_lvl+0x151/0x1b7 08:07:56 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) (async) timer_create(0x6, &(0x7f00000000c0)={0x0, 0x2d, 0x0, @thr={&(0x7f0000000180)="6bb305e8fcb9bd3faa50aaa8a2e56bd1d7f8ab3885e955a4eb8dedc1679c997eb28f5d65943332b20a23f648d215d1b3151b3f90f01144e088c85ad54c9b0388ac25d46ea1c679b1a270fdba0813e11034b12fef71a1e3bb5a302cf731aafcf233d5afa855356b27b8d3cf9e769da431f1f54fc841ce700d4cf4d05a073c02e88af26f2bf7f8e1e7ab", &(0x7f0000000080)="32624ac15f4137e0d31c76fbdb05b2793ad123da1a834a207a2e1e9b335a6f9ebf4bcb4a2950e0f3e7a58a57f6"}}, &(0x7f0000000240)) (async) timer_create(0x2, &(0x7f0000000000)={0x0, 0x4, 0x2}, &(0x7f0000000040)=0x0) timer_settime(r0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x0, 0x989680}}, 0x0) (async) timer_delete(0x0) 08:07:56 executing program 1: io_uring_setup(0x5393, &(0x7f0000000000)={0x0, 0xcc7c, 0x8, 0x0, 0x2cd}) timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_clone3(&(0x7f0000002440)={0x0, &(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)=0x0, {0x21}, &(0x7f0000002240)=""/216, 0xd8, &(0x7f0000002340)=""/129, &(0x7f0000002400)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2, {r0}}, 0x58) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[r2, r1, 0x0], 0x3}, 0x58) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x3f, 0x4, @tid=r2}, &(0x7f0000000180)) openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000080)='devices.allow\x00', 0x2, 0x0) 08:07:56 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup/syz1\x00', 0x200002, 0x0) syz_clone3(&(0x7f00000002c0)={0x20000, &(0x7f0000000040), &(0x7f0000000080), &(0x7f0000000100), {0x12}, &(0x7f0000000140)=""/1, 0x1, &(0x7f0000000180)=""/153, &(0x7f0000000240)=[0xffffffffffffffff], 0x1, {r0}}, 0x58) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x25, 0x13}, 0x10) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r1, &(0x7f00000000c0), 0x8) [ 1024.129135][ T4582] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1024.134429][ T4582] dump_stack+0x15/0x17 [ 1024.138417][ T4582] should_fail+0x3c0/0x510 [ 1024.142676][ T4582] __should_failslab+0x9f/0xe0 [ 1024.147273][ T4582] should_failslab+0x9/0x20 [ 1024.151611][ T4582] kmem_cache_alloc+0x4f/0x2f0 [ 1024.156213][ T4582] ? anon_vma_clone+0xa1/0x4f0 [ 1024.160812][ T4582] anon_vma_clone+0xa1/0x4f0 [ 1024.165239][ T4582] anon_vma_fork+0x91/0x4f0 [ 1024.169576][ T4582] ? anon_vma_name+0x43/0x70 [ 1024.174003][ T4582] dup_mmap+0x750/0xea0 08:07:56 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) timer_settime(r0, 0x0, &(0x7f0000000000)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(0x0) [ 1024.177998][ T4582] ? __delayed_free_task+0x20/0x20 [ 1024.182942][ T4582] ? mm_init+0x807/0x960 [ 1024.187022][ T4582] dup_mm+0x91/0x330 [ 1024.190754][ T4582] copy_mm+0x108/0x1b0 [ 1024.194662][ T4582] copy_process+0x1295/0x3250 [ 1024.199175][ T4582] ? check_stack_object+0xf7/0x130 [ 1024.204120][ T4582] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1024.209069][ T4582] ? copy_clone_args_from_user+0x6cf/0x790 [ 1024.214709][ T4582] kernel_clone+0x22d/0x990 [ 1024.219044][ T4582] ? dup_mmap+0xea0/0xea0 [ 1024.223215][ T4582] ? create_io_thread+0x1e0/0x1e0 [ 1024.228070][ T4582] ? file_end_write+0x1b0/0x1b0 [ 1024.232759][ T4582] __x64_sys_clone3+0x375/0x3a0 [ 1024.237443][ T4582] ? __ia32_sys_clone+0x300/0x300 [ 1024.242306][ T4582] ? ksys_write+0x25f/0x2c0 [ 1024.246645][ T4582] ? debug_smp_processor_id+0x17/0x20 [ 1024.251855][ T4582] do_syscall_64+0x44/0xd0 [ 1024.256108][ T4582] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1024.261834][ T4582] RIP: 0033:0x7f495fdbc639 [ 1024.266088][ T4582] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1024.285536][ T4582] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1024.293774][ T4582] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1024.301584][ T4582] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1024.309398][ T4582] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1024.317207][ T4582] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1024.325025][ T4582] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1024.332831][ T4582] 08:07:56 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 71) 08:07:56 executing program 4: r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff8) add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, r0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff8) (async) add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, r0) (async) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (async) 08:07:56 executing program 2: syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) read$FUSE(0xffffffffffffffff, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(0xffffffffffffffff, 0x5523) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) 08:07:56 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) timer_settime(r0, 0x0, &(0x7f0000000000)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(0x0) timer_create(0x0, 0x0, &(0x7f0000000100)) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) (async) timer_delete(r0) (async) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) (async) timer_settime(r0, 0x0, &(0x7f0000000000)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_delete(0x0) (async) 08:07:56 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup/syz1\x00', 0x200002, 0x0) syz_clone3(&(0x7f00000002c0)={0x20000, &(0x7f0000000040), &(0x7f0000000080), &(0x7f0000000100), {0x12}, &(0x7f0000000140)=""/1, 0x1, &(0x7f0000000180)=""/153, &(0x7f0000000240)=[0xffffffffffffffff], 0x1, {r0}}, 0x58) (async) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x25, 0x13}, 0x10) (async) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r1, &(0x7f00000000c0), 0x8) 08:07:56 executing program 1: io_uring_setup(0x5393, &(0x7f0000000000)={0x0, 0xcc7c, 0x8, 0x0, 0x2cd}) timer_create(0x7, 0x0, &(0x7f0000000100)) (async, rerun: 32) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async, rerun: 32) timer_gettime(0x0, &(0x7f0000000240)) pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_clone3(&(0x7f0000002440)={0x0, &(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)=0x0, {0x21}, &(0x7f0000002240)=""/216, 0xd8, &(0x7f0000002340)=""/129, &(0x7f0000002400)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2, {r0}}, 0x58) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[r2, r1, 0x0], 0x3}, 0x58) (async) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x3f, 0x4, @tid=r2}, &(0x7f0000000180)) (async) openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000080)='devices.allow\x00', 0x2, 0x0) 08:07:56 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r0) (async) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) (async) timer_settime(r0, 0x0, &(0x7f0000000000)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(0x0) [ 1024.420199][ T4624] FAULT_INJECTION: forcing a failure. [ 1024.420199][ T4624] name failslab, interval 1, probability 0, space 0, times 0 [ 1024.462588][ T4624] CPU: 0 PID: 4624 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1024.470850][ T4624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1024.480748][ T4624] Call Trace: [ 1024.483865][ T4624] [ 1024.486646][ T4624] dump_stack_lvl+0x151/0x1b7 [ 1024.491162][ T4624] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1024.496454][ T4624] dump_stack+0x15/0x17 [ 1024.500445][ T4624] should_fail+0x3c0/0x510 [ 1024.504697][ T4624] __should_failslab+0x9f/0xe0 [ 1024.509296][ T4624] should_failslab+0x9/0x20 [ 1024.513636][ T4624] kmem_cache_alloc+0x4f/0x2f0 [ 1024.518236][ T4624] ? vm_area_dup+0x26/0x1d0 [ 1024.522577][ T4624] vm_area_dup+0x26/0x1d0 [ 1024.526743][ T4624] dup_mmap+0x6b8/0xea0 [ 1024.530735][ T4624] ? __delayed_free_task+0x20/0x20 [ 1024.535682][ T4624] ? mm_init+0x807/0x960 [ 1024.539761][ T4624] dup_mm+0x91/0x330 [ 1024.543494][ T4624] copy_mm+0x108/0x1b0 [ 1024.547400][ T4624] copy_process+0x1295/0x3250 [ 1024.551913][ T4624] ? check_stack_object+0xf7/0x130 [ 1024.556862][ T4624] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1024.561807][ T4624] ? copy_clone_args_from_user+0x6cf/0x790 [ 1024.567448][ T4624] kernel_clone+0x22d/0x990 [ 1024.571787][ T4624] ? dup_mmap+0xea0/0xea0 [ 1024.575954][ T4624] ? create_io_thread+0x1e0/0x1e0 [ 1024.580821][ T4624] ? file_end_write+0x1b0/0x1b0 [ 1024.585500][ T4624] __x64_sys_clone3+0x375/0x3a0 [ 1024.590189][ T4624] ? __ia32_sys_clone+0x300/0x300 [ 1024.595049][ T4624] ? ksys_write+0x25f/0x2c0 [ 1024.599389][ T4624] ? debug_smp_processor_id+0x17/0x20 [ 1024.604596][ T4624] do_syscall_64+0x44/0xd0 [ 1024.608850][ T4624] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1024.614577][ T4624] RIP: 0033:0x7f495fdbc639 [ 1024.618830][ T4624] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1024.638273][ T4624] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1024.646517][ T4624] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1024.654327][ T4624] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 08:07:57 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup/syz1\x00', 0x200002, 0x0) syz_clone3(&(0x7f00000002c0)={0x20000, &(0x7f0000000040), &(0x7f0000000080), &(0x7f0000000100), {0x12}, &(0x7f0000000140)=""/1, 0x1, &(0x7f0000000180)=""/153, &(0x7f0000000240)=[0xffffffffffffffff], 0x1, {r0}}, 0x58) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x25, 0x13}, 0x10) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r1, &(0x7f00000000c0), 0x8) [ 1024.662138][ T4624] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1024.669950][ T4624] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1024.677763][ T4624] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1024.685576][ T4624] 08:07:57 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 72) 08:07:57 executing program 2: pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) read$FUSE(0xffffffffffffffff, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(0xffffffffffffffff, 0x5523) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) 08:07:57 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) getsockopt$bt_sco_SCO_OPTIONS(r2, 0x11, 0x1, &(0x7f0000000040)=""/151, &(0x7f0000000100)=0x97) connect$bt_sco(r0, &(0x7f0000000000), 0x8) 08:07:57 executing program 1: io_uring_setup(0x5393, &(0x7f0000000000)={0x0, 0xcc7c, 0x8, 0x0, 0x2cd}) (async, rerun: 64) timer_create(0x7, 0x0, &(0x7f0000000100)) (rerun: 64) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) (async) pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_clone3(&(0x7f0000002440)={0x0, &(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)=0x0, {0x21}, &(0x7f0000002240)=""/216, 0xd8, &(0x7f0000002340)=""/129, &(0x7f0000002400)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2, {r0}}, 0x58) syz_clone3(&(0x7f00000029c0)={0x40222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[r2, r1, 0x0], 0x3}, 0x58) timer_create(0x1, &(0x7f00000000c0)={0x0, 0x3f, 0x4, @tid=r2}, &(0x7f0000000180)) (async) openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000080)='devices.allow\x00', 0x2, 0x0) [ 1024.740935][ T4654] FAULT_INJECTION: forcing a failure. [ 1024.740935][ T4654] name failslab, interval 1, probability 0, space 0, times 0 [ 1024.769172][ T4654] CPU: 1 PID: 4654 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1024.777424][ T4654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1024.787321][ T4654] Call Trace: [ 1024.790442][ T4654] [ 1024.793220][ T4654] dump_stack_lvl+0x151/0x1b7 [ 1024.797737][ T4654] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1024.803031][ T4654] dump_stack+0x15/0x17 [ 1024.807023][ T4654] should_fail+0x3c0/0x510 [ 1024.811277][ T4654] __should_failslab+0x9f/0xe0 [ 1024.815878][ T4654] should_failslab+0x9/0x20 [ 1024.820222][ T4654] kmem_cache_alloc+0x4f/0x2f0 [ 1024.824830][ T4654] ? anon_vma_fork+0x1b9/0x4f0 [ 1024.829423][ T4654] anon_vma_fork+0x1b9/0x4f0 [ 1024.833842][ T4654] dup_mmap+0x750/0xea0 [ 1024.837835][ T4654] ? __delayed_free_task+0x20/0x20 [ 1024.842782][ T4654] ? mm_init+0x807/0x960 [ 1024.846858][ T4654] dup_mm+0x91/0x330 [ 1024.850603][ T4654] copy_mm+0x108/0x1b0 [ 1024.854502][ T4654] copy_process+0x1295/0x3250 [ 1024.859015][ T4654] ? check_stack_object+0xf7/0x130 [ 1024.863959][ T4654] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1024.868906][ T4654] ? copy_clone_args_from_user+0x6cf/0x790 [ 1024.874550][ T4654] kernel_clone+0x22d/0x990 [ 1024.878895][ T4654] ? dup_mmap+0xea0/0xea0 [ 1024.883061][ T4654] ? create_io_thread+0x1e0/0x1e0 [ 1024.887922][ T4654] ? file_end_write+0x1b0/0x1b0 [ 1024.892610][ T4654] __x64_sys_clone3+0x375/0x3a0 [ 1024.897289][ T4654] ? __ia32_sys_clone+0x300/0x300 [ 1024.902149][ T4654] ? ksys_write+0x25f/0x2c0 [ 1024.906497][ T4654] ? debug_smp_processor_id+0x17/0x20 [ 1024.911706][ T4654] do_syscall_64+0x44/0xd0 [ 1024.915955][ T4654] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1024.921675][ T4654] RIP: 0033:0x7f495fdbc639 [ 1024.926033][ T4654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1024.945468][ T4654] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1024.953715][ T4654] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1024.961525][ T4654] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1024.969338][ T4654] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1024.977152][ T4654] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 08:07:57 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) getsockopt$bt_sco_SCO_OPTIONS(r2, 0x11, 0x1, &(0x7f0000000040)=""/151, &(0x7f0000000100)=0x97) connect$bt_sco(r0, &(0x7f0000000000), 0x8) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) pipe(&(0x7f0000005540)) (async) read$FUSE(r1, 0x0, 0x0) (async) pipe(&(0x7f0000005540)) (async) read$FUSE(r2, 0x0, 0x0) (async) getsockopt$bt_sco_SCO_OPTIONS(r2, 0x11, 0x1, &(0x7f0000000040)=""/151, &(0x7f0000000100)=0x97) (async) connect$bt_sco(r0, &(0x7f0000000000), 0x8) (async) [ 1024.984963][ T4654] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1024.992775][ T4654] 08:07:57 executing program 4: r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff8) add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, r0) (async) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:07:57 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 73) 08:07:57 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) getsockopt$bt_sco_SCO_OPTIONS(r2, 0x11, 0x1, &(0x7f0000000040)=""/151, &(0x7f0000000100)=0x97) connect$bt_sco(r0, &(0x7f0000000000), 0x8) 08:07:57 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r2) timer_delete(r2) timer_delete(r0) ioctl$SNDRV_TIMER_IOCTL_PAUSE(0xffffffffffffffff, 0x54a3) 08:07:57 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r1, &(0x7f0000000000), 0x8) 08:07:57 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r1, &(0x7f0000000000), 0x8) 08:07:57 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r2) timer_delete(r2) timer_delete(r0) ioctl$SNDRV_TIMER_IOCTL_PAUSE(0xffffffffffffffff, 0x54a3) timer_create(0x0, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) (async) timer_delete(r1) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) (async) timer_delete(r2) (async) timer_delete(r2) (async) timer_delete(r0) (async) ioctl$SNDRV_TIMER_IOCTL_PAUSE(0xffffffffffffffff, 0x54a3) (async) 08:07:57 executing program 2: pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) read$FUSE(0xffffffffffffffff, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(0xffffffffffffffff, 0x5523) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) [ 1025.053896][ T4677] FAULT_INJECTION: forcing a failure. [ 1025.053896][ T4677] name failslab, interval 1, probability 0, space 0, times 0 [ 1025.081639][ T4677] CPU: 1 PID: 4677 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1025.089891][ T4677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1025.099789][ T4677] Call Trace: [ 1025.102913][ T4677] [ 1025.105684][ T4677] dump_stack_lvl+0x151/0x1b7 [ 1025.110196][ T4677] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1025.115494][ T4677] dump_stack+0x15/0x17 [ 1025.119483][ T4677] should_fail+0x3c0/0x510 [ 1025.123737][ T4677] __should_failslab+0x9f/0xe0 [ 1025.128340][ T4677] should_failslab+0x9/0x20 [ 1025.132677][ T4677] kmem_cache_alloc+0x4f/0x2f0 [ 1025.137275][ T4677] ? vm_area_dup+0x26/0x1d0 [ 1025.141616][ T4677] ? __kasan_check_read+0x11/0x20 [ 1025.146475][ T4677] vm_area_dup+0x26/0x1d0 [ 1025.150645][ T4677] dup_mmap+0x6b8/0xea0 [ 1025.154735][ T4677] ? __delayed_free_task+0x20/0x20 [ 1025.159680][ T4677] ? mm_init+0x807/0x960 [ 1025.163764][ T4677] dup_mm+0x91/0x330 [ 1025.167491][ T4677] copy_mm+0x108/0x1b0 [ 1025.171396][ T4677] copy_process+0x1295/0x3250 [ 1025.175912][ T4677] ? check_stack_object+0xf7/0x130 [ 1025.180860][ T4677] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1025.185807][ T4677] ? copy_clone_args_from_user+0x6cf/0x790 [ 1025.191451][ T4677] kernel_clone+0x22d/0x990 [ 1025.195789][ T4677] ? dup_mmap+0xea0/0xea0 [ 1025.199952][ T4677] ? create_io_thread+0x1e0/0x1e0 [ 1025.204815][ T4677] ? file_end_write+0x1b0/0x1b0 [ 1025.209500][ T4677] __x64_sys_clone3+0x375/0x3a0 [ 1025.214186][ T4677] ? __ia32_sys_clone+0x300/0x300 [ 1025.219049][ T4677] ? ksys_write+0x25f/0x2c0 [ 1025.223387][ T4677] ? debug_smp_processor_id+0x17/0x20 [ 1025.228595][ T4677] do_syscall_64+0x44/0xd0 [ 1025.232848][ T4677] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1025.238578][ T4677] RIP: 0033:0x7f495fdbc639 [ 1025.242830][ T4677] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1025.262273][ T4677] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1025.270516][ T4677] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1025.278327][ T4677] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1025.286144][ T4677] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1025.293953][ T4677] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 08:07:57 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r2) timer_delete(r2) (async) timer_delete(r0) (async) ioctl$SNDRV_TIMER_IOCTL_PAUSE(0xffffffffffffffff, 0x54a3) 08:07:57 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r1, &(0x7f0000000000), 0x8) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) connect$bt_sco(r1, &(0x7f0000000000), 0x8) (async) 08:07:57 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_create(0x0, &(0x7f0000000200)={0x0, 0x1b, 0x0, @thr={&(0x7f0000000040)="67ad986f9bda5601a12623c2e8422f8518edd1cd748f42c545fc7f965d935a4aabd67cabd6b82e0eebfff7b0b64febf02acd7347b41d2ab8bd75663c3e39762829f26a0dad1c96bdd62fd7de3b7e4eb36282f42e9d80f8d61f1e9e879da918815c66d64731f546a6f0e53edecedb3776634eac0e947cd7d4ff2d8d6333b9c13eee483777b8e092be96a4e50d9baad7b7aa0221b743e9076fa6b7adb3", &(0x7f0000000180)="41a79f9a15c0a53cb711a9d62a4e4d72f4012025bd9d6b3a44f0f15689086ef068b581ea89163e63bbef565acd7063959a0636e7c57674c9d05d0a06b6fa92872e5e192b9f40c9342b18d56d56702a15a473f94eae470df2940e2904b1e70d025e0701f2427c13b44a5c"}}, &(0x7f0000000280)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) ioctl$USBDEVFS_FREE_STREAMS(0xffffffffffffffff, 0x8008551d, &(0x7f0000000000)={0xf0db, 0x2, [{0x0, 0x1}, {0x8, 0x1}]}) timer_gettime(0x0, &(0x7f0000000240)) 08:07:57 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_create(0x6, &(0x7f0000000000)={0x0, 0x2b, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000040)) timer_delete(0x0) [ 1025.301765][ T4677] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1025.309579][ T4677] 08:07:57 executing program 4: pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) openat$cgroup_procs(r0, &(0x7f00000023c0)='tasks\x00', 0x2, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) bind$nfc_llcp(r3, &(0x7f0000002340)={0x27, 0x1, 0x1, 0x3, 0x79, 0x2, "4df43748ddb4b69287244e62fd15c6624f3f9b07d1aa279171e2635d02bf2922e02c92c8636d85ea7edc98cf3912a2a09073a42b4b2226a1712f9d556362c9", 0x11}, 0x60) read$FUSE(r3, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000100)={0x2020, 0x0, 0x0, 0x0}, 0x2020) sendmsg$nl_xfrm(r3, &(0x7f0000002300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000022c0)={&(0x7f0000002140)=@expire={0x168, 0x18, 0x200, 0x70bd25, 0x25dfdbfe, {{{@in6=@ipv4={'\x00', '\xff\xff', @multicast1}, @in6=@mcast1, 0x4e21, 0x3ff, 0x4e22, 0x4, 0x2, 0x20, 0x0, 0xa4, 0x0, r4}, {@in6=@dev={0xfe, 0x80, '\x00', 0x33}, 0x4d3, 0x33}, @in6=@private1, {0xe4, 0xdda, 0xb8f, 0x3, 0x5, 0x9, 0xf1c, 0x3}, {0x8000000000000000, 0x9, 0xffffffffffff7fff, 0xffffffffffff0001}, {0x8000, 0x5, 0xeef5}, 0x70bd2a, 0x3503, 0xa, 0x1, 0x2, 0x80}, 0xc0}, [@offload={0xc, 0x1c, {0x0, 0x7}}, @algo_auth={0x4e, 0x1, {{'blake2s-256-generic\x00'}, 0x30, "f94559c0b958"}}, @XFRMA_SET_MARK={0x8, 0x1d, 0xffffffc0}, @mark={0xc, 0x15, {0x35075b, 0x9}}]}, 0x168}, 0x1, 0x0, 0x0, 0x8000}, 0x2fb14f29b314def1) read$char_usb(r2, &(0x7f0000000000)=""/160, 0xa0) ioctl$USBDEVFS_ALLOW_SUSPEND(r1, 0x5522) 08:07:57 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) ioctl$HIDIOCGFLAG(0xffffffffffffffff, 0x8004480e, &(0x7f0000000000)) 08:07:57 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 74) 08:07:57 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_create(0x6, &(0x7f0000000000)={0x0, 0x2b, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000040)) timer_delete(0x0) 08:07:57 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_create(0x0, &(0x7f0000000200)={0x0, 0x1b, 0x0, @thr={&(0x7f0000000040)="67ad986f9bda5601a12623c2e8422f8518edd1cd748f42c545fc7f965d935a4aabd67cabd6b82e0eebfff7b0b64febf02acd7347b41d2ab8bd75663c3e39762829f26a0dad1c96bdd62fd7de3b7e4eb36282f42e9d80f8d61f1e9e879da918815c66d64731f546a6f0e53edecedb3776634eac0e947cd7d4ff2d8d6333b9c13eee483777b8e092be96a4e50d9baad7b7aa0221b743e9076fa6b7adb3", &(0x7f0000000180)="41a79f9a15c0a53cb711a9d62a4e4d72f4012025bd9d6b3a44f0f15689086ef068b581ea89163e63bbef565acd7063959a0636e7c57674c9d05d0a06b6fa92872e5e192b9f40c9342b18d56d56702a15a473f94eae470df2940e2904b1e70d025e0701f2427c13b44a5c"}}, &(0x7f0000000280)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) ioctl$USBDEVFS_FREE_STREAMS(0xffffffffffffffff, 0x8008551d, &(0x7f0000000000)={0xf0db, 0x2, [{0x0, 0x1}, {0x8, 0x1}]}) (async) timer_gettime(0x0, &(0x7f0000000240)) 08:07:57 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_create(0x6, &(0x7f0000000000)={0x0, 0x2b, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000040)) (async) timer_delete(0x0) 08:07:57 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async) ioctl$HIDIOCGFLAG(0xffffffffffffffff, 0x8004480e, &(0x7f0000000000)) [ 1025.380031][ T4724] FAULT_INJECTION: forcing a failure. [ 1025.380031][ T4724] name failslab, interval 1, probability 0, space 0, times 0 [ 1025.405204][ T4724] CPU: 1 PID: 4724 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1025.413457][ T4724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1025.423353][ T4724] Call Trace: [ 1025.426473][ T4724] [ 1025.429250][ T4724] dump_stack_lvl+0x151/0x1b7 [ 1025.433767][ T4724] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1025.439060][ T4724] dump_stack+0x15/0x17 [ 1025.443049][ T4724] should_fail+0x3c0/0x510 [ 1025.447303][ T4724] __should_failslab+0x9f/0xe0 [ 1025.451908][ T4724] should_failslab+0x9/0x20 [ 1025.456241][ T4724] kmem_cache_alloc+0x4f/0x2f0 [ 1025.460842][ T4724] ? vm_area_dup+0x26/0x1d0 [ 1025.465181][ T4724] vm_area_dup+0x26/0x1d0 [ 1025.469345][ T4724] dup_mmap+0x6b8/0xea0 [ 1025.473342][ T4724] ? __delayed_free_task+0x20/0x20 [ 1025.478287][ T4724] ? mm_init+0x807/0x960 [ 1025.482365][ T4724] dup_mm+0x91/0x330 [ 1025.486097][ T4724] copy_mm+0x108/0x1b0 [ 1025.490002][ T4724] copy_process+0x1295/0x3250 [ 1025.494523][ T4724] ? check_stack_object+0xf7/0x130 [ 1025.499466][ T4724] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1025.504416][ T4724] ? copy_clone_args_from_user+0x6cf/0x790 [ 1025.510053][ T4724] kernel_clone+0x22d/0x990 [ 1025.514393][ T4724] ? dup_mmap+0xea0/0xea0 [ 1025.518558][ T4724] ? create_io_thread+0x1e0/0x1e0 [ 1025.523417][ T4724] ? file_end_write+0x1b0/0x1b0 [ 1025.528103][ T4724] __x64_sys_clone3+0x375/0x3a0 [ 1025.532792][ T4724] ? __ia32_sys_clone+0x300/0x300 [ 1025.537654][ T4724] ? ksys_write+0x25f/0x2c0 [ 1025.541991][ T4724] ? debug_smp_processor_id+0x17/0x20 [ 1025.547199][ T4724] do_syscall_64+0x44/0xd0 [ 1025.551450][ T4724] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1025.557178][ T4724] RIP: 0033:0x7f495fdbc639 [ 1025.561433][ T4724] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 08:07:58 executing program 2: pipe(0x0) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3}, 0x58) read$FUSE(0xffffffffffffffff, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(0xffffffffffffffff, 0x5523) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) 08:07:58 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_delete(r0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(r0) timer_delete(r0) 08:07:58 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) ioctl$HIDIOCGFLAG(0xffffffffffffffff, 0x8004480e, &(0x7f0000000000)) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async) ioctl$HIDIOCGFLAG(0xffffffffffffffff, 0x8004480e, &(0x7f0000000000)) (async) 08:07:58 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_create(0x0, &(0x7f0000000200)={0x0, 0x1b, 0x0, @thr={&(0x7f0000000040)="67ad986f9bda5601a12623c2e8422f8518edd1cd748f42c545fc7f965d935a4aabd67cabd6b82e0eebfff7b0b64febf02acd7347b41d2ab8bd75663c3e39762829f26a0dad1c96bdd62fd7de3b7e4eb36282f42e9d80f8d61f1e9e879da918815c66d64731f546a6f0e53edecedb3776634eac0e947cd7d4ff2d8d6333b9c13eee483777b8e092be96a4e50d9baad7b7aa0221b743e9076fa6b7adb3", &(0x7f0000000180)="41a79f9a15c0a53cb711a9d62a4e4d72f4012025bd9d6b3a44f0f15689086ef068b581ea89163e63bbef565acd7063959a0636e7c57674c9d05d0a06b6fa92872e5e192b9f40c9342b18d56d56702a15a473f94eae470df2940e2904b1e70d025e0701f2427c13b44a5c"}}, &(0x7f0000000280)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) ioctl$USBDEVFS_FREE_STREAMS(0xffffffffffffffff, 0x8008551d, &(0x7f0000000000)={0xf0db, 0x2, [{0x0, 0x1}, {0x8, 0x1}]}) (async) timer_gettime(0x0, &(0x7f0000000240)) 08:07:58 executing program 4: pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) (async) openat$cgroup_procs(r0, &(0x7f00000023c0)='tasks\x00', 0x2, 0x0) (async) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) bind$nfc_llcp(r3, &(0x7f0000002340)={0x27, 0x1, 0x1, 0x3, 0x79, 0x2, "4df43748ddb4b69287244e62fd15c6624f3f9b07d1aa279171e2635d02bf2922e02c92c8636d85ea7edc98cf3912a2a09073a42b4b2226a1712f9d556362c9", 0x11}, 0x60) (async) read$FUSE(r3, 0x0, 0x0) (async) read$FUSE(0xffffffffffffffff, &(0x7f0000000100)={0x2020, 0x0, 0x0, 0x0}, 0x2020) sendmsg$nl_xfrm(r3, &(0x7f0000002300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000022c0)={&(0x7f0000002140)=@expire={0x168, 0x18, 0x200, 0x70bd25, 0x25dfdbfe, {{{@in6=@ipv4={'\x00', '\xff\xff', @multicast1}, @in6=@mcast1, 0x4e21, 0x3ff, 0x4e22, 0x4, 0x2, 0x20, 0x0, 0xa4, 0x0, r4}, {@in6=@dev={0xfe, 0x80, '\x00', 0x33}, 0x4d3, 0x33}, @in6=@private1, {0xe4, 0xdda, 0xb8f, 0x3, 0x5, 0x9, 0xf1c, 0x3}, {0x8000000000000000, 0x9, 0xffffffffffff7fff, 0xffffffffffff0001}, {0x8000, 0x5, 0xeef5}, 0x70bd2a, 0x3503, 0xa, 0x1, 0x2, 0x80}, 0xc0}, [@offload={0xc, 0x1c, {0x0, 0x7}}, @algo_auth={0x4e, 0x1, {{'blake2s-256-generic\x00'}, 0x30, "f94559c0b958"}}, @XFRMA_SET_MARK={0x8, 0x1d, 0xffffffc0}, @mark={0xc, 0x15, {0x35075b, 0x9}}]}, 0x168}, 0x1, 0x0, 0x0, 0x8000}, 0x2fb14f29b314def1) read$char_usb(r2, &(0x7f0000000000)=""/160, 0xa0) ioctl$USBDEVFS_ALLOW_SUSPEND(r1, 0x5522) [ 1025.580874][ T4724] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1025.589117][ T4724] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1025.596931][ T4724] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1025.604741][ T4724] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1025.612557][ T4724] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1025.620367][ T4724] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1025.628179][ T4724] 08:07:58 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_delete(r0) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_delete(r0) timer_delete(r0) 08:07:58 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 75) 08:07:58 executing program 0: keyctl$unlink(0x9, 0x0, 0xfffffffffffffff9) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r0 = fsmount(0xffffffffffffffff, 0x0, 0x0) connect$bt_sco(r0, &(0x7f0000000200), 0xffffffffffffff60) r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x5, 0xf7eaa26f1e3a663b) ioctl$USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f0000000080)={0x1, 0xe, 0x1, 0x72f, 0xd8, 0x6, &(0x7f0000000100)="c9a66328bb7d317d78c29322f8957cf98c8f2f44407d66725b3ba8e8d40692c3828410757dadac6082c97e90f0f7fdde872654bfa4bcef35f475d107c536dc673be481a0d0def9c95dc1f21bc337f43b39e66351a37decbe698ff52fb29e667c8de573abac99627f71bc20a370f7501aef5ee25555dfb694db032b0c44f0191576138668af7a570fc599bcba59375d5b54764da6c936397d4736d0e87afdf0b943d3250d19e622f7c68f204750aba100743c27e9338f0c9506401577fd4c6e02d9bea6203b18962177b3f99d8fa1508112119fea9ce6170e"}) setsockopt$bt_rfcomm_RFCOMM_LM(0xffffffffffffffff, 0x12, 0x3, &(0x7f0000000000)=0x8, 0x4) 08:07:58 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_delete(r0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(r0) timer_delete(r0) timer_create(0x0, 0x0, &(0x7f0000000100)) (async) timer_delete(r0) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_delete(r0) (async) timer_delete(r0) (async) 08:07:58 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) timer_settime(r0, 0x1, &(0x7f0000000000), &(0x7f0000000040)) timer_gettime(r1, &(0x7f0000000240)) 08:07:58 executing program 4: pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) (async) openat$cgroup_procs(r0, &(0x7f00000023c0)='tasks\x00', 0x2, 0x0) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) bind$nfc_llcp(r3, &(0x7f0000002340)={0x27, 0x1, 0x1, 0x3, 0x79, 0x2, "4df43748ddb4b69287244e62fd15c6624f3f9b07d1aa279171e2635d02bf2922e02c92c8636d85ea7edc98cf3912a2a09073a42b4b2226a1712f9d556362c9", 0x11}, 0x60) (async) read$FUSE(r3, 0x0, 0x0) (async) read$FUSE(0xffffffffffffffff, &(0x7f0000000100)={0x2020, 0x0, 0x0, 0x0}, 0x2020) sendmsg$nl_xfrm(r3, &(0x7f0000002300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000022c0)={&(0x7f0000002140)=@expire={0x168, 0x18, 0x200, 0x70bd25, 0x25dfdbfe, {{{@in6=@ipv4={'\x00', '\xff\xff', @multicast1}, @in6=@mcast1, 0x4e21, 0x3ff, 0x4e22, 0x4, 0x2, 0x20, 0x0, 0xa4, 0x0, r4}, {@in6=@dev={0xfe, 0x80, '\x00', 0x33}, 0x4d3, 0x33}, @in6=@private1, {0xe4, 0xdda, 0xb8f, 0x3, 0x5, 0x9, 0xf1c, 0x3}, {0x8000000000000000, 0x9, 0xffffffffffff7fff, 0xffffffffffff0001}, {0x8000, 0x5, 0xeef5}, 0x70bd2a, 0x3503, 0xa, 0x1, 0x2, 0x80}, 0xc0}, [@offload={0xc, 0x1c, {0x0, 0x7}}, @algo_auth={0x4e, 0x1, {{'blake2s-256-generic\x00'}, 0x30, "f94559c0b958"}}, @XFRMA_SET_MARK={0x8, 0x1d, 0xffffffc0}, @mark={0xc, 0x15, {0x35075b, 0x9}}]}, 0x168}, 0x1, 0x0, 0x0, 0x8000}, 0x2fb14f29b314def1) (async) read$char_usb(r2, &(0x7f0000000000)=""/160, 0xa0) (async) ioctl$USBDEVFS_ALLOW_SUSPEND(r1, 0x5522) 08:07:58 executing program 0: keyctl$unlink(0x9, 0x0, 0xfffffffffffffff9) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) r0 = fsmount(0xffffffffffffffff, 0x0, 0x0) connect$bt_sco(r0, &(0x7f0000000200), 0xffffffffffffff60) r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x5, 0xf7eaa26f1e3a663b) ioctl$USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f0000000080)={0x1, 0xe, 0x1, 0x72f, 0xd8, 0x6, &(0x7f0000000100)="c9a66328bb7d317d78c29322f8957cf98c8f2f44407d66725b3ba8e8d40692c3828410757dadac6082c97e90f0f7fdde872654bfa4bcef35f475d107c536dc673be481a0d0def9c95dc1f21bc337f43b39e66351a37decbe698ff52fb29e667c8de573abac99627f71bc20a370f7501aef5ee25555dfb694db032b0c44f0191576138668af7a570fc599bcba59375d5b54764da6c936397d4736d0e87afdf0b943d3250d19e622f7c68f204750aba100743c27e9338f0c9506401577fd4c6e02d9bea6203b18962177b3f99d8fa1508112119fea9ce6170e"}) setsockopt$bt_rfcomm_RFCOMM_LM(0xffffffffffffffff, 0x12, 0x3, &(0x7f0000000000)=0x8, 0x4) [ 1025.700942][ T4761] FAULT_INJECTION: forcing a failure. [ 1025.700942][ T4761] name failslab, interval 1, probability 0, space 0, times 0 [ 1025.757232][ T4761] CPU: 0 PID: 4761 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1025.765488][ T4761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1025.775384][ T4761] Call Trace: [ 1025.778506][ T4761] [ 1025.781281][ T4761] dump_stack_lvl+0x151/0x1b7 [ 1025.785799][ T4761] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1025.791094][ T4761] dump_stack+0x15/0x17 [ 1025.795082][ T4761] should_fail+0x3c0/0x510 [ 1025.799341][ T4761] __should_failslab+0x9f/0xe0 [ 1025.803937][ T4761] should_failslab+0x9/0x20 [ 1025.808274][ T4761] kmem_cache_alloc+0x4f/0x2f0 [ 1025.812874][ T4761] ? vm_area_dup+0x26/0x1d0 [ 1025.817217][ T4761] vm_area_dup+0x26/0x1d0 [ 1025.821384][ T4761] dup_mmap+0x6b8/0xea0 [ 1025.825377][ T4761] ? __delayed_free_task+0x20/0x20 [ 1025.830320][ T4761] ? mm_init+0x807/0x960 [ 1025.834399][ T4761] dup_mm+0x91/0x330 [ 1025.838134][ T4761] copy_mm+0x108/0x1b0 [ 1025.842039][ T4761] copy_process+0x1295/0x3250 [ 1025.846551][ T4761] ? check_stack_object+0xf7/0x130 [ 1025.851495][ T4761] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1025.856440][ T4761] ? copy_clone_args_from_user+0x6cf/0x790 [ 1025.862085][ T4761] kernel_clone+0x22d/0x990 [ 1025.866425][ T4761] ? dup_mmap+0xea0/0xea0 [ 1025.870589][ T4761] ? create_io_thread+0x1e0/0x1e0 [ 1025.875451][ T4761] ? file_end_write+0x1b0/0x1b0 [ 1025.880138][ T4761] __x64_sys_clone3+0x375/0x3a0 [ 1025.884824][ T4761] ? __ia32_sys_clone+0x300/0x300 [ 1025.889687][ T4761] ? ksys_write+0x25f/0x2c0 [ 1025.894024][ T4761] ? debug_smp_processor_id+0x17/0x20 [ 1025.899230][ T4761] do_syscall_64+0x44/0xd0 [ 1025.903484][ T4761] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1025.909213][ T4761] RIP: 0033:0x7f495fdbc639 [ 1025.913468][ T4761] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1025.932910][ T4761] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1025.941150][ T4761] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1025.948964][ T4761] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 08:07:58 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff}) syz_clone3(0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(0xffffffffffffffff, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) 08:07:58 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) (async) timer_settime(r0, 0x1, &(0x7f0000000000), &(0x7f0000000040)) timer_gettime(r1, &(0x7f0000000240)) 08:07:58 executing program 5: bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000)={0xa, 0x0}, 0x8) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=r0, 0x4) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) ioctl$KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee3, &(0x7f00000000c0)={0x0, 0x0, 0x7, &(0x7f0000000080)=0x5}) fsconfig$FSCONFIG_CMD_RECONFIGURE(0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0) timer_delete(0x0) 08:07:58 executing program 0: keyctl$unlink(0x9, 0x0, 0xfffffffffffffff9) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r0 = fsmount(0xffffffffffffffff, 0x0, 0x0) connect$bt_sco(r0, &(0x7f0000000200), 0xffffffffffffff60) r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x5, 0xf7eaa26f1e3a663b) ioctl$USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f0000000080)={0x1, 0xe, 0x1, 0x72f, 0xd8, 0x6, &(0x7f0000000100)="c9a66328bb7d317d78c29322f8957cf98c8f2f44407d66725b3ba8e8d40692c3828410757dadac6082c97e90f0f7fdde872654bfa4bcef35f475d107c536dc673be481a0d0def9c95dc1f21bc337f43b39e66351a37decbe698ff52fb29e667c8de573abac99627f71bc20a370f7501aef5ee25555dfb694db032b0c44f0191576138668af7a570fc599bcba59375d5b54764da6c936397d4736d0e87afdf0b943d3250d19e622f7c68f204750aba100743c27e9338f0c9506401577fd4c6e02d9bea6203b18962177b3f99d8fa1508112119fea9ce6170e"}) setsockopt$bt_rfcomm_RFCOMM_LM(0xffffffffffffffff, 0x12, 0x3, &(0x7f0000000000)=0x8, 0x4) keyctl$unlink(0x9, 0x0, 0xfffffffffffffff9) (async) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) fsmount(0xffffffffffffffff, 0x0, 0x0) (async) connect$bt_sco(r0, &(0x7f0000000200), 0xffffffffffffff60) (async) syz_open_dev$usbfs(&(0x7f0000000040), 0x5, 0xf7eaa26f1e3a663b) (async) ioctl$USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f0000000080)={0x1, 0xe, 0x1, 0x72f, 0xd8, 0x6, &(0x7f0000000100)="c9a66328bb7d317d78c29322f8957cf98c8f2f44407d66725b3ba8e8d40692c3828410757dadac6082c97e90f0f7fdde872654bfa4bcef35f475d107c536dc673be481a0d0def9c95dc1f21bc337f43b39e66351a37decbe698ff52fb29e667c8de573abac99627f71bc20a370f7501aef5ee25555dfb694db032b0c44f0191576138668af7a570fc599bcba59375d5b54764da6c936397d4736d0e87afdf0b943d3250d19e622f7c68f204750aba100743c27e9338f0c9506401577fd4c6e02d9bea6203b18962177b3f99d8fa1508112119fea9ce6170e"}) (async) setsockopt$bt_rfcomm_RFCOMM_LM(0xffffffffffffffff, 0x12, 0x3, &(0x7f0000000000)=0x8, 0x4) (async) 08:07:58 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) write$nbd(r0, &(0x7f0000000000)={0x67446698, 0x0, 0x0, 0x3, 0x1, "458cc8fb86e7e1a53722493e41bdfc3baae0d5af29097a7946dd82107a5d9101856bc76bd26919d11b4e79ecdac32330eb60276e7ccd98a697c1cf1e08823a3f38887ab05eba848dcc665061d036c6dba1f9bcd51ae11bb8bc4f256985302b960f3b96c7762de8db5bf3adc4c5451dbf4f8f7ea85e8692015849a1da8f018dc52db8bff54ba979cfc11ad9fb1d1f0a6252f6e97f60c4adda228ac695e9d423fbb5ef851c22fc72db410a9c29e88532ed2b8f37a5b391bf1852d56fdeabfea80b25ff05606654f05183baec231f7d52659b9471a4fe5f1d5d57f6dd626738a4"}, 0xef) 08:07:58 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 76) [ 1025.956777][ T4761] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1025.964589][ T4761] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1025.972400][ T4761] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1025.980212][ T4761] 08:07:58 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) 08:07:58 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff}) syz_clone3(0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(0xffffffffffffffff, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) 08:07:58 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) timer_settime(r0, 0x1, &(0x7f0000000000), &(0x7f0000000040)) (async) timer_gettime(r1, &(0x7f0000000240)) 08:07:58 executing program 5: bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000)={0xa, 0x0}, 0x8) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=r0, 0x4) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) ioctl$KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee3, &(0x7f00000000c0)={0x0, 0x0, 0x7, &(0x7f0000000080)=0x5}) fsconfig$FSCONFIG_CMD_RECONFIGURE(0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0) timer_delete(0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000)={0xa}, 0x8) (async) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=r0, 0x4) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) ioctl$KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee3, &(0x7f00000000c0)={0x0, 0x0, 0x7, &(0x7f0000000080)=0x5}) (async) fsconfig$FSCONFIG_CMD_RECONFIGURE(0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0) (async) timer_delete(0x0) (async) 08:07:58 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff}) syz_clone3(0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(0xffffffffffffffff, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) 08:07:58 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) 08:07:58 executing program 5: bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000)={0xa, 0x0}, 0x8) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=r0, 0x4) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) ioctl$KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee3, &(0x7f00000000c0)={0x0, 0x0, 0x7, &(0x7f0000000080)=0x5}) (async, rerun: 64) fsconfig$FSCONFIG_CMD_RECONFIGURE(0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0) (rerun: 64) timer_delete(0x0) 08:07:58 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x1, &(0x7f0000000140)={{0x77359400}, {0x0, 0x989680}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) [ 1026.031251][ T4805] FAULT_INJECTION: forcing a failure. [ 1026.031251][ T4805] name failslab, interval 1, probability 0, space 0, times 0 08:07:58 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x1, &(0x7f0000000140)={{0x77359400}, {0x0, 0x989680}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) 08:07:58 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x1, &(0x7f0000000140)={{0x77359400}, {0x0, 0x989680}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) [ 1026.076120][ T4805] CPU: 1 PID: 4805 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1026.084379][ T4805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1026.094271][ T4805] Call Trace: [ 1026.097399][ T4805] [ 1026.100175][ T4805] dump_stack_lvl+0x151/0x1b7 [ 1026.104690][ T4805] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1026.109983][ T4805] ? do_syscall_64+0x44/0xd0 [ 1026.114408][ T4805] dump_stack+0x15/0x17 [ 1026.118397][ T4805] should_fail+0x3c0/0x510 [ 1026.122658][ T4805] __should_failslab+0x9f/0xe0 [ 1026.127253][ T4805] should_failslab+0x9/0x20 [ 1026.131589][ T4805] kmem_cache_alloc+0x4f/0x2f0 [ 1026.136188][ T4805] ? anon_vma_clone+0xa1/0x4f0 [ 1026.140787][ T4805] anon_vma_clone+0xa1/0x4f0 [ 1026.145301][ T4805] anon_vma_fork+0x91/0x4f0 [ 1026.149638][ T4805] ? anon_vma_name+0x4c/0x70 [ 1026.154066][ T4805] dup_mmap+0x750/0xea0 [ 1026.158064][ T4805] ? __delayed_free_task+0x20/0x20 [ 1026.163005][ T4805] ? mm_init+0x807/0x960 [ 1026.167087][ T4805] dup_mm+0x91/0x330 [ 1026.170819][ T4805] copy_mm+0x108/0x1b0 [ 1026.174724][ T4805] copy_process+0x1295/0x3250 [ 1026.179239][ T4805] ? check_stack_object+0xf7/0x130 [ 1026.184185][ T4805] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1026.189136][ T4805] ? copy_clone_args_from_user+0x6cf/0x790 [ 1026.194775][ T4805] kernel_clone+0x22d/0x990 [ 1026.199112][ T4805] ? dup_mmap+0xea0/0xea0 [ 1026.203279][ T4805] ? create_io_thread+0x1e0/0x1e0 [ 1026.208139][ T4805] ? file_end_write+0x1b0/0x1b0 [ 1026.212828][ T4805] __x64_sys_clone3+0x375/0x3a0 [ 1026.217517][ T4805] ? __ia32_sys_clone+0x300/0x300 [ 1026.222377][ T4805] ? ksys_write+0x25f/0x2c0 [ 1026.226716][ T4805] ? debug_smp_processor_id+0x17/0x20 [ 1026.231921][ T4805] do_syscall_64+0x44/0xd0 [ 1026.236178][ T4805] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1026.241902][ T4805] RIP: 0033:0x7f495fdbc639 [ 1026.246161][ T4805] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1026.265600][ T4805] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 08:07:58 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) write$nbd(r0, &(0x7f0000000000)={0x67446698, 0x0, 0x0, 0x3, 0x1, "458cc8fb86e7e1a53722493e41bdfc3baae0d5af29097a7946dd82107a5d9101856bc76bd26919d11b4e79ecdac32330eb60276e7ccd98a697c1cf1e08823a3f38887ab05eba848dcc665061d036c6dba1f9bcd51ae11bb8bc4f256985302b960f3b96c7762de8db5bf3adc4c5451dbf4f8f7ea85e8692015849a1da8f018dc52db8bff54ba979cfc11ad9fb1d1f0a6252f6e97f60c4adda228ac695e9d423fbb5ef851c22fc72db410a9c29e88532ed2b8f37a5b391bf1852d56fdeabfea80b25ff05606654f05183baec231f7d52659b9471a4fe5f1d5d57f6dd626738a4"}, 0xef) [ 1026.273842][ T4805] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1026.281653][ T4805] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1026.289467][ T4805] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1026.297275][ T4805] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1026.305091][ T4805] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1026.312912][ T4805] 08:07:58 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 77) 08:07:58 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(0x0) sendmsg$AUDIT_TTY_SET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x18, 0x3f9, 0x400, 0x70bd27, 0x25dfdbfe, {0x0, 0x1}, ["", "", "", "", ""]}, 0x18}, 0x1, 0x0, 0x0, 0x8801}, 0x40) timer_gettime(r0, &(0x7f00000001c0)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) timer_delete(r0) timer_create(0x5, &(0x7f0000000380)={0x0, 0x3f, 0x1, @tid=0xffffffffffffffff}, &(0x7f00000003c0)=0x0) timer_delete(r2) timer_gettime(r1, &(0x7f0000000300)) timer_create(0x4, &(0x7f0000000000)={0x0, 0x14, 0x1}, &(0x7f0000000040)=0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs2/custom0\x00', 0x2, 0x0) timer_settime(r3, 0x0, &(0x7f0000000080)={{0x77359400}}, &(0x7f00000000c0)) 08:07:58 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(r0, &(0x7f0000000240)) ioctl$HIDIOCGCOLLECTIONINDEX(0xffffffffffffffff, 0x40184810, &(0x7f0000000000)={0x2, 0x200, 0x1fd, 0x401, 0x9, 0x101}) 08:07:58 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x0, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) read$FUSE(0xffffffffffffffff, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(0xffffffffffffffff, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) 08:07:58 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) 08:07:58 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) write$nbd(r0, &(0x7f0000000000)={0x67446698, 0x0, 0x0, 0x3, 0x1, "458cc8fb86e7e1a53722493e41bdfc3baae0d5af29097a7946dd82107a5d9101856bc76bd26919d11b4e79ecdac32330eb60276e7ccd98a697c1cf1e08823a3f38887ab05eba848dcc665061d036c6dba1f9bcd51ae11bb8bc4f256985302b960f3b96c7762de8db5bf3adc4c5451dbf4f8f7ea85e8692015849a1da8f018dc52db8bff54ba979cfc11ad9fb1d1f0a6252f6e97f60c4adda228ac695e9d423fbb5ef851c22fc72db410a9c29e88532ed2b8f37a5b391bf1852d56fdeabfea80b25ff05606654f05183baec231f7d52659b9471a4fe5f1d5d57f6dd626738a4"}, 0xef) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (async) pipe(&(0x7f0000000100)) (async) read$FUSE(r0, 0x0, 0x0) (async) write$nbd(r0, &(0x7f0000000000)={0x67446698, 0x0, 0x0, 0x3, 0x1, "458cc8fb86e7e1a53722493e41bdfc3baae0d5af29097a7946dd82107a5d9101856bc76bd26919d11b4e79ecdac32330eb60276e7ccd98a697c1cf1e08823a3f38887ab05eba848dcc665061d036c6dba1f9bcd51ae11bb8bc4f256985302b960f3b96c7762de8db5bf3adc4c5451dbf4f8f7ea85e8692015849a1da8f018dc52db8bff54ba979cfc11ad9fb1d1f0a6252f6e97f60c4adda228ac695e9d423fbb5ef851c22fc72db410a9c29e88532ed2b8f37a5b391bf1852d56fdeabfea80b25ff05606654f05183baec231f7d52659b9471a4fe5f1d5d57f6dd626738a4"}, 0xef) (async) 08:07:58 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(r0, &(0x7f0000000240)) (async) ioctl$HIDIOCGCOLLECTIONINDEX(0xffffffffffffffff, 0x40184810, &(0x7f0000000000)={0x2, 0x200, 0x1fd, 0x401, 0x9, 0x101}) 08:07:58 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$USBDEVFS_GET_SPEED(r0, 0x551f) connect$bt_sco(0xffffffffffffffff, &(0x7f00000000c0), 0x2) 08:07:58 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(0x0) (async) sendmsg$AUDIT_TTY_SET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x18, 0x3f9, 0x400, 0x70bd27, 0x25dfdbfe, {0x0, 0x1}, ["", "", "", "", ""]}, 0x18}, 0x1, 0x0, 0x0, 0x8801}, 0x40) (async) timer_gettime(r0, &(0x7f00000001c0)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) (async) timer_delete(r0) (async) timer_create(0x5, &(0x7f0000000380)={0x0, 0x3f, 0x1, @tid=0xffffffffffffffff}, &(0x7f00000003c0)=0x0) timer_delete(r2) (async) timer_gettime(r1, &(0x7f0000000300)) (async) timer_create(0x4, &(0x7f0000000000)={0x0, 0x14, 0x1}, &(0x7f0000000040)=0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs2/custom0\x00', 0x2, 0x0) (async) timer_settime(r3, 0x0, &(0x7f0000000080)={{0x77359400}}, &(0x7f00000000c0)) 08:07:58 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(r0, &(0x7f0000000240)) ioctl$HIDIOCGCOLLECTIONINDEX(0xffffffffffffffff, 0x40184810, &(0x7f0000000000)={0x2, 0x200, 0x1fd, 0x401, 0x9, 0x101}) timer_create(0x7, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(r0, &(0x7f0000000240)) (async) ioctl$HIDIOCGCOLLECTIONINDEX(0xffffffffffffffff, 0x40184810, &(0x7f0000000000)={0x2, 0x200, 0x1fd, 0x401, 0x9, 0x101}) (async) 08:07:58 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x0, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) read$FUSE(0xffffffffffffffff, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(0xffffffffffffffff, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) 08:07:58 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(0x0) sendmsg$AUDIT_TTY_SET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x18, 0x3f9, 0x400, 0x70bd27, 0x25dfdbfe, {0x0, 0x1}, ["", "", "", "", ""]}, 0x18}, 0x1, 0x0, 0x0, 0x8801}, 0x40) timer_gettime(r0, &(0x7f00000001c0)) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r1) timer_delete(r0) timer_create(0x5, &(0x7f0000000380)={0x0, 0x3f, 0x1, @tid=0xffffffffffffffff}, &(0x7f00000003c0)=0x0) timer_delete(r2) timer_gettime(r1, &(0x7f0000000300)) timer_create(0x4, &(0x7f0000000000)={0x0, 0x14, 0x1}, &(0x7f0000000040)=0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs2/custom0\x00', 0x2, 0x0) timer_settime(r3, 0x0, &(0x7f0000000080)={{0x77359400}}, &(0x7f00000000c0)) timer_create(0x0, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_delete(0x0) (async) sendmsg$AUDIT_TTY_SET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x18, 0x3f9, 0x400, 0x70bd27, 0x25dfdbfe, {0x0, 0x1}, ["", "", "", "", ""]}, 0x18}, 0x1, 0x0, 0x0, 0x8801}, 0x40) (async) timer_gettime(r0, &(0x7f00000001c0)) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) (async) timer_delete(r1) (async) timer_delete(r0) (async) timer_create(0x5, &(0x7f0000000380)={0x0, 0x3f, 0x1, @tid=0xffffffffffffffff}, &(0x7f00000003c0)) (async) timer_delete(r2) (async) timer_gettime(r1, &(0x7f0000000300)) (async) timer_create(0x4, &(0x7f0000000000)={0x0, 0x14, 0x1}, &(0x7f0000000040)) (async) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs2/custom0\x00', 0x2, 0x0) (async) timer_settime(r3, 0x0, &(0x7f0000000080)={{0x77359400}}, &(0x7f00000000c0)) (async) [ 1026.386323][ T4863] FAULT_INJECTION: forcing a failure. [ 1026.386323][ T4863] name failslab, interval 1, probability 0, space 0, times 0 [ 1026.411229][ T4863] CPU: 1 PID: 4863 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1026.419487][ T4863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1026.429384][ T4863] Call Trace: [ 1026.432503][ T4863] [ 1026.435281][ T4863] dump_stack_lvl+0x151/0x1b7 [ 1026.439792][ T4863] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1026.445084][ T4863] ? do_syscall_64+0x44/0xd0 [ 1026.449514][ T4863] dump_stack+0x15/0x17 [ 1026.453504][ T4863] should_fail+0x3c0/0x510 [ 1026.457784][ T4863] __should_failslab+0x9f/0xe0 [ 1026.462359][ T4863] should_failslab+0x9/0x20 [ 1026.466697][ T4863] kmem_cache_alloc+0x4f/0x2f0 [ 1026.471297][ T4863] ? anon_vma_clone+0xa1/0x4f0 [ 1026.475896][ T4863] anon_vma_clone+0xa1/0x4f0 [ 1026.480324][ T4863] anon_vma_fork+0x91/0x4f0 [ 1026.484659][ T4863] ? anon_vma_name+0x43/0x70 [ 1026.489089][ T4863] dup_mmap+0x750/0xea0 [ 1026.493080][ T4863] ? __delayed_free_task+0x20/0x20 [ 1026.498029][ T4863] ? mm_init+0x807/0x960 [ 1026.502105][ T4863] dup_mm+0x91/0x330 [ 1026.505838][ T4863] copy_mm+0x108/0x1b0 [ 1026.509742][ T4863] copy_process+0x1295/0x3250 [ 1026.514254][ T4863] ? check_stack_object+0xf7/0x130 [ 1026.519208][ T4863] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1026.524149][ T4863] ? copy_clone_args_from_user+0x6cf/0x790 [ 1026.529796][ T4863] kernel_clone+0x22d/0x990 [ 1026.534133][ T4863] ? dup_mmap+0xea0/0xea0 [ 1026.538295][ T4863] ? create_io_thread+0x1e0/0x1e0 [ 1026.543157][ T4863] ? file_end_write+0x1b0/0x1b0 [ 1026.547845][ T4863] __x64_sys_clone3+0x375/0x3a0 [ 1026.552530][ T4863] ? __ia32_sys_clone+0x300/0x300 [ 1026.557392][ T4863] ? ksys_write+0x25f/0x2c0 [ 1026.561733][ T4863] ? debug_smp_processor_id+0x17/0x20 [ 1026.566938][ T4863] do_syscall_64+0x44/0xd0 [ 1026.571194][ T4863] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1026.576919][ T4863] RIP: 0033:0x7f495fdbc639 [ 1026.581174][ T4863] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1026.600620][ T4863] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1026.608863][ T4863] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1026.616671][ T4863] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1026.624483][ T4863] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 08:07:59 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 78) 08:07:59 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$USBDEVFS_GET_SPEED(r0, 0x551f) (async) connect$bt_sco(0xffffffffffffffff, &(0x7f00000000c0), 0x2) 08:07:59 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(r0) 08:07:59 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(0xffffffffffffffff, 0x28, 0x2, &(0x7f0000000000)=0xa519, 0x8) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) 08:07:59 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x0, &(0x7f0000002740), &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) read$FUSE(0xffffffffffffffff, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(0xffffffffffffffff, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) 08:07:59 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x2000000}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdca}, 0x58) ioctl$USBDEVFS_RELEASE_PORT(0xffffffffffffffff, 0x80045519, &(0x7f0000000000)=0x1) 08:07:59 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x2000000}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdca}, 0x58) ioctl$USBDEVFS_RELEASE_PORT(0xffffffffffffffff, 0x80045519, &(0x7f0000000000)=0x1) 08:07:59 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_delete(r0) 08:07:59 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, 0x0, &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) read$FUSE(0xffffffffffffffff, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(0xffffffffffffffff, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) [ 1026.632292][ T4863] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1026.640106][ T4863] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1026.647919][ T4863] 08:07:59 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0x2000000}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdca}, 0x58) (async) ioctl$USBDEVFS_RELEASE_PORT(0xffffffffffffffff, 0x80045519, &(0x7f0000000000)=0x1) 08:07:59 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(0xffffffffffffffff, 0x28, 0x2, &(0x7f0000000000)=0xa519, 0x8) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) timer_create(0x7, 0x0, &(0x7f0000000100)) (async) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(0xffffffffffffffff, 0x28, 0x2, &(0x7f0000000000)=0xa519, 0x8) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) 08:07:59 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$USBDEVFS_GET_SPEED(r0, 0x551f) (async) connect$bt_sco(0xffffffffffffffff, &(0x7f00000000c0), 0x2) [ 1026.718338][ T4919] FAULT_INJECTION: forcing a failure. [ 1026.718338][ T4919] name failslab, interval 1, probability 0, space 0, times 0 [ 1026.734045][ T4919] CPU: 1 PID: 4919 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1026.742287][ T4919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1026.752268][ T4919] Call Trace: [ 1026.755391][ T4919] [ 1026.758169][ T4919] dump_stack_lvl+0x151/0x1b7 [ 1026.762683][ T4919] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1026.767979][ T4919] dump_stack+0x15/0x17 [ 1026.771967][ T4919] should_fail+0x3c0/0x510 [ 1026.776221][ T4919] __should_failslab+0x9f/0xe0 [ 1026.780822][ T4919] should_failslab+0x9/0x20 [ 1026.785173][ T4919] kmem_cache_alloc+0x4f/0x2f0 [ 1026.789763][ T4919] ? anon_vma_clone+0xa1/0x4f0 [ 1026.794363][ T4919] anon_vma_clone+0xa1/0x4f0 [ 1026.798791][ T4919] anon_vma_fork+0x91/0x4f0 [ 1026.803134][ T4919] ? anon_vma_name+0x43/0x70 [ 1026.807556][ T4919] dup_mmap+0x750/0xea0 [ 1026.811547][ T4919] ? __delayed_free_task+0x20/0x20 [ 1026.816498][ T4919] ? mm_init+0x807/0x960 [ 1026.820664][ T4919] dup_mm+0x91/0x330 [ 1026.824394][ T4919] copy_mm+0x108/0x1b0 [ 1026.828299][ T4919] copy_process+0x1295/0x3250 [ 1026.832812][ T4919] ? check_stack_object+0xf7/0x130 [ 1026.837758][ T4919] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1026.842706][ T4919] ? copy_clone_args_from_user+0x6cf/0x790 [ 1026.848347][ T4919] kernel_clone+0x22d/0x990 [ 1026.852691][ T4919] ? dup_mmap+0xea0/0xea0 [ 1026.856856][ T4919] ? create_io_thread+0x1e0/0x1e0 [ 1026.861714][ T4919] ? file_end_write+0x1b0/0x1b0 [ 1026.866401][ T4919] __x64_sys_clone3+0x375/0x3a0 [ 1026.871093][ T4919] ? __ia32_sys_clone+0x300/0x300 [ 1026.875948][ T4919] ? ksys_write+0x25f/0x2c0 [ 1026.880289][ T4919] ? debug_smp_processor_id+0x17/0x20 [ 1026.885498][ T4919] do_syscall_64+0x44/0xd0 [ 1026.889748][ T4919] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1026.895478][ T4919] RIP: 0033:0x7f495fdbc639 [ 1026.899731][ T4919] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 08:07:59 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 79) 08:07:59 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pipe(&(0x7f0000001280)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) getsockopt$bt_sco_SCO_CONNINFO(r1, 0x11, 0x2, &(0x7f0000001180)=""/140, &(0x7f0000001240)=0x8c) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) bind$bt_sco(r2, &(0x7f00000012c0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x8) read$FUSE(0xffffffffffffffff, 0x0, 0x0) getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000000)=""/137, &(0x7f0000000100)=0x89) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) getsockopt$bt_sco_SCO_CONNINFO(r0, 0x11, 0x2, &(0x7f0000000140)=""/4096, &(0x7f0000001140)=0x1000) 08:07:59 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_delete(r0) 08:07:59 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)) (async) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(0xffffffffffffffff, 0x28, 0x2, &(0x7f0000000000)=0xa519, 0x8) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) 08:07:59 executing program 4: pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(r0, 0x40045402, &(0x7f0000000000)=0x1) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0xff7ffffc}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58) 08:07:59 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, 0x0, &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) read$FUSE(0xffffffffffffffff, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(0xffffffffffffffff, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) [ 1026.919178][ T4919] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1026.927419][ T4919] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1026.935229][ T4919] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1026.943039][ T4919] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1026.950850][ T4919] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1026.958664][ T4919] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1026.966475][ T4919] 08:07:59 executing program 4: pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(r0, 0x40045402, &(0x7f0000000000)=0x1) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0xff7ffffc}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58) pipe(&(0x7f0000005540)) (async) read$FUSE(r0, 0x0, 0x0) (async) ioctl$SNDRV_TIMER_IOCTL_TREAD(r0, 0x40045402, &(0x7f0000000000)=0x1) (async) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0xff7ffffc}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58) (async) 08:07:59 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(r0, &(0x7f0000000080)) timer_gettime(0x0, &(0x7f0000000240)) timer_create(0x3, &(0x7f0000000000)={0x0, 0x3, 0x4}, &(0x7f0000000040)=0x0) timer_delete(r1) 08:07:59 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) pipe(&(0x7f0000001280)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) getsockopt$bt_sco_SCO_CONNINFO(r1, 0x11, 0x2, &(0x7f0000001180)=""/140, &(0x7f0000001240)=0x8c) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) bind$bt_sco(r2, &(0x7f00000012c0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x8) read$FUSE(0xffffffffffffffff, 0x0, 0x0) (async) getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000000)=""/137, &(0x7f0000000100)=0x89) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) getsockopt$bt_sco_SCO_CONNINFO(r0, 0x11, 0x2, &(0x7f0000000140)=""/4096, &(0x7f0000001140)=0x1000) 08:07:59 executing program 4: pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r0, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(r0, 0x40045402, &(0x7f0000000000)=0x1) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0xff7ffffc}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58) pipe(&(0x7f0000005540)) (async) read$FUSE(r0, 0x0, 0x0) (async) ioctl$SNDRV_TIMER_IOCTL_TREAD(r0, 0x40045402, &(0x7f0000000000)=0x1) (async) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {0xff7ffffc}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58) (async) 08:07:59 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(r0, &(0x7f0000000080)) (async) timer_gettime(0x0, &(0x7f0000000240)) timer_create(0x3, &(0x7f0000000000)={0x0, 0x3, 0x4}, &(0x7f0000000040)=0x0) timer_delete(r1) [ 1027.030291][ T4944] FAULT_INJECTION: forcing a failure. [ 1027.030291][ T4944] name failslab, interval 1, probability 0, space 0, times 0 [ 1027.067338][ T4944] CPU: 1 PID: 4944 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 08:07:59 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) pipe(&(0x7f0000001280)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) (async) getsockopt$bt_sco_SCO_CONNINFO(r1, 0x11, 0x2, &(0x7f0000001180)=""/140, &(0x7f0000001240)=0x8c) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) bind$bt_sco(r2, &(0x7f00000012c0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x8) (async) read$FUSE(0xffffffffffffffff, 0x0, 0x0) getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000000)=""/137, &(0x7f0000000100)=0x89) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async) getsockopt$bt_sco_SCO_CONNINFO(r0, 0x11, 0x2, &(0x7f0000000140)=""/4096, &(0x7f0000001140)=0x1000) [ 1027.075589][ T4944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1027.085489][ T4944] Call Trace: [ 1027.088609][ T4944] [ 1027.091383][ T4944] dump_stack_lvl+0x151/0x1b7 [ 1027.095899][ T4944] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1027.101194][ T4944] ? vma_interval_tree_augment_rotate+0x210/0x210 [ 1027.107443][ T4944] dump_stack+0x15/0x17 [ 1027.111439][ T4944] should_fail+0x3c0/0x510 [ 1027.115685][ T4944] __should_failslab+0x9f/0xe0 [ 1027.120283][ T4944] should_failslab+0x9/0x20 [ 1027.124626][ T4944] kmem_cache_alloc+0x4f/0x2f0 [ 1027.129224][ T4944] ? anon_vma_fork+0xf7/0x4f0 [ 1027.133736][ T4944] anon_vma_fork+0xf7/0x4f0 [ 1027.138076][ T4944] ? anon_vma_name+0x43/0x70 [ 1027.142504][ T4944] dup_mmap+0x750/0xea0 [ 1027.146495][ T4944] ? __delayed_free_task+0x20/0x20 [ 1027.151442][ T4944] ? mm_init+0x807/0x960 [ 1027.155523][ T4944] dup_mm+0x91/0x330 [ 1027.159254][ T4944] copy_mm+0x108/0x1b0 [ 1027.163158][ T4944] copy_process+0x1295/0x3250 [ 1027.167675][ T4944] ? check_stack_object+0xf7/0x130 [ 1027.172620][ T4944] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1027.177571][ T4944] ? copy_clone_args_from_user+0x6cf/0x790 [ 1027.183209][ T4944] kernel_clone+0x22d/0x990 [ 1027.187549][ T4944] ? dup_mmap+0xea0/0xea0 [ 1027.191713][ T4944] ? create_io_thread+0x1e0/0x1e0 [ 1027.196575][ T4944] ? file_end_write+0x1b0/0x1b0 [ 1027.201269][ T4944] __x64_sys_clone3+0x375/0x3a0 [ 1027.205949][ T4944] ? __ia32_sys_clone+0x300/0x300 [ 1027.210817][ T4944] ? ksys_write+0x25f/0x2c0 [ 1027.215149][ T4944] ? debug_smp_processor_id+0x17/0x20 [ 1027.220355][ T4944] do_syscall_64+0x44/0xd0 [ 1027.224609][ T4944] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1027.230338][ T4944] RIP: 0033:0x7f495fdbc639 [ 1027.234593][ T4944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1027.254031][ T4944] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1027.262280][ T4944] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1027.270090][ T4944] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1027.277900][ T4944] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1027.285712][ T4944] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1027.293523][ T4944] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1027.301338][ T4944] [ 1027.310016][ T4944] ================================================================== [ 1027.317908][ T4944] BUG: KASAN: use-after-free in vm_area_free+0x7e/0x230 [ 1027.324672][ T4944] Write of size 4 at addr ffff8881453d43d0 by task syz-executor.3/4944 [ 1027.332834][ T4944] [ 1027.335000][ T4944] CPU: 0 PID: 4944 Comm: syz-executor.3 Not tainted 5.15.74-syzkaller #0 [ 1027.343352][ T4944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1027.353249][ T4944] Call Trace: [ 1027.356369][ T4944] [ 1027.359149][ T4944] dump_stack_lvl+0x151/0x1b7 [ 1027.363662][ T4944] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1027.368957][ T4944] ? panic+0x727/0x727 [ 1027.372858][ T4944] ? slab_free_freelist_hook+0xc9/0x1a0 [ 1027.378242][ T4944] print_address_description+0x87/0x3d0 [ 1027.383622][ T4944] kasan_report+0x1a6/0x1f0 [ 1027.387962][ T4944] ? vm_area_free+0x7e/0x230 [ 1027.392392][ T4944] ? vm_area_free+0x7e/0x230 [ 1027.396814][ T4944] kasan_check_range+0x2aa/0x2e0 [ 1027.401587][ T4944] __kasan_check_write+0x14/0x20 [ 1027.406361][ T4944] vm_area_free+0x7e/0x230 [ 1027.410616][ T4944] dup_mmap+0xbcd/0xea0 [ 1027.414607][ T4944] ? __delayed_free_task+0x20/0x20 [ 1027.419564][ T4944] ? mm_init+0x807/0x960 [ 1027.423636][ T4944] dup_mm+0x91/0x330 [ 1027.427367][ T4944] copy_mm+0x108/0x1b0 [ 1027.431271][ T4944] copy_process+0x1295/0x3250 [ 1027.435797][ T4944] ? check_stack_object+0xf7/0x130 [ 1027.440731][ T4944] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1027.445679][ T4944] ? copy_clone_args_from_user+0x6cf/0x790 [ 1027.451322][ T4944] kernel_clone+0x22d/0x990 [ 1027.455671][ T4944] ? dup_mmap+0xea0/0xea0 [ 1027.459835][ T4944] ? create_io_thread+0x1e0/0x1e0 [ 1027.464691][ T4944] ? file_end_write+0x1b0/0x1b0 [ 1027.469377][ T4944] __x64_sys_clone3+0x375/0x3a0 [ 1027.474070][ T4944] ? __ia32_sys_clone+0x300/0x300 [ 1027.478924][ T4944] ? ksys_write+0x25f/0x2c0 [ 1027.483262][ T4944] ? debug_smp_processor_id+0x17/0x20 [ 1027.488473][ T4944] do_syscall_64+0x44/0xd0 [ 1027.492725][ T4944] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1027.498453][ T4944] RIP: 0033:0x7f495fdbc639 [ 1027.502707][ T4944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1027.522154][ T4944] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1027.530392][ T4944] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1027.538205][ T4944] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1027.546023][ T4944] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1027.553823][ T4944] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1027.561635][ T4944] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1027.569456][ T4944] [ 1027.572312][ T4944] [ 1027.574483][ T4944] Allocated by task 4919: [ 1027.578647][ T4944] __kasan_slab_alloc+0xb2/0xe0 [ 1027.583333][ T4944] kmem_cache_alloc+0x189/0x2f0 [ 1027.588021][ T4944] vm_area_dup+0x26/0x1d0 [ 1027.592185][ T4944] dup_mmap+0x6b8/0xea0 [ 1027.596179][ T4944] dup_mm+0x91/0x330 [ 1027.599911][ T4944] copy_mm+0x108/0x1b0 [ 1027.603817][ T4944] copy_process+0x1295/0x3250 [ 1027.608331][ T4944] kernel_clone+0x22d/0x990 [ 1027.612769][ T4944] __x64_sys_clone3+0x375/0x3a0 [ 1027.617456][ T4944] do_syscall_64+0x44/0xd0 [ 1027.621712][ T4944] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1027.627439][ T4944] [ 1027.629607][ T4944] Freed by task 4928: [ 1027.633429][ T4944] kasan_set_track+0x4c/0x70 [ 1027.637852][ T4944] kasan_set_free_info+0x23/0x40 [ 1027.642625][ T4944] ____kasan_slab_free+0x126/0x160 [ 1027.647574][ T4944] __kasan_slab_free+0x11/0x20 [ 1027.652172][ T4944] slab_free_freelist_hook+0xc9/0x1a0 [ 1027.657379][ T4944] kmem_cache_free+0x11a/0x2e0 [ 1027.661984][ T4944] vm_area_free+0x1ae/0x230 [ 1027.666321][ T4944] exit_mmap+0x5dd/0x7a0 [ 1027.670400][ T4944] __mmput+0x95/0x300 [ 1027.674218][ T4944] mmput+0x50/0x60 [ 1027.677775][ T4944] exit_mm+0x50d/0x760 [ 1027.681684][ T4944] do_exit+0x63c/0x24d0 [ 1027.685676][ T4944] __ia32_sys_exit+0x0/0x40 [ 1027.690014][ T4944] do_syscall_64+0x44/0xd0 [ 1027.694267][ T4944] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1027.699995][ T4944] [ 1027.702165][ T4944] The buggy address belongs to the object at ffff8881453d4378 [ 1027.702165][ T4944] which belongs to the cache vm_area_struct of size 232 [ 1027.716315][ T4944] The buggy address is located 88 bytes inside of [ 1027.716315][ T4944] 232-byte region [ffff8881453d4378, ffff8881453d4460) [ 1027.729335][ T4944] The buggy address belongs to the page: [ 1027.734803][ T4944] page:ffffea000514f500 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1453d4 [ 1027.744871][ T4944] flags: 0x4000000000000200(slab|zone=1) [ 1027.750348][ T4944] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100274480 [ 1027.758772][ T4944] raw: 0000000000000000 00000000000d000d 00000001ffffffff 0000000000000000 [ 1027.767176][ T4944] page dumped because: kasan: bad access detected [ 1027.773427][ T4944] page_owner tracks the page as allocated [ 1027.778978][ T4944] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 4919, ts 1026717546751, free_ts 1026382537885 [ 1027.795125][ T4944] post_alloc_hook+0x1ab/0x1b0 [ 1027.799729][ T4944] get_page_from_freelist+0x38b/0x400 [ 1027.804931][ T4944] __alloc_pages+0x3a8/0x7c0 [ 1027.809356][ T4944] allocate_slab+0x62/0x580 [ 1027.813697][ T4944] ___slab_alloc+0x2e2/0x6f0 [ 1027.818209][ T4944] __slab_alloc+0x4a/0x90 [ 1027.822375][ T4944] kmem_cache_alloc+0x205/0x2f0 [ 1027.827063][ T4944] vm_area_dup+0x26/0x1d0 [ 1027.831329][ T4944] dup_mmap+0x6b8/0xea0 [ 1027.835320][ T4944] dup_mm+0x91/0x330 [ 1027.839054][ T4944] copy_mm+0x108/0x1b0 [ 1027.842962][ T4944] copy_process+0x1295/0x3250 [ 1027.847472][ T4944] kernel_clone+0x22d/0x990 [ 1027.851813][ T4944] __x64_sys_clone3+0x375/0x3a0 [ 1027.856502][ T4944] do_syscall_64+0x44/0xd0 [ 1027.860751][ T4944] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1027.866480][ T4944] page last free stack trace: [ 1027.870994][ T4944] free_pcp_prepare+0x448/0x450 [ 1027.875690][ T4944] free_unref_page_list+0x16a/0xad0 [ 1027.880715][ T4944] release_pages+0xf3e/0xf90 [ 1027.885140][ T4944] free_pages_and_swap_cache+0x97/0xb0 [ 1027.890439][ T4944] tlb_flush_mmu+0x860/0xa00 [ 1027.894861][ T4944] tlb_finish_mmu+0xd2/0x1f0 [ 1027.899286][ T4944] exit_mmap+0x46e/0x7a0 [ 1027.903367][ T4944] __mmput+0x95/0x300 [ 1027.907186][ T4944] mmput+0x50/0x60 [ 1027.910744][ T4944] exit_mm+0x50d/0x760 [ 1027.914649][ T4944] do_exit+0x63c/0x24d0 [ 1027.918645][ T4944] do_group_exit+0x13a/0x300 [ 1027.923070][ T4944] __x64_sys_exit_group+0x3f/0x40 [ 1027.927935][ T4944] do_syscall_64+0x44/0xd0 [ 1027.932183][ T4944] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1027.937912][ T4944] [ 1027.940080][ T4944] Memory state around the buggy address: [ 1027.945559][ T4944] ffff8881453d4280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1027.953451][ T4944] ffff8881453d4300: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fa [ 1027.961350][ T4944] >ffff8881453d4380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1027.969246][ T4944] ^ [ 1027.975755][ T4944] ffff8881453d4400: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc 08:08:00 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 80) 08:08:00 executing program 4: ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000000)={0x3, 0xffffffffffffffff, 0x1}) ioctl$KVM_GET_DEVICE_ATTR(r0, 0x4018aee2, &(0x7f0000000080)={0x0, 0x0, 0x7ff, &(0x7f0000000040)=0x3}) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:08:00 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(r0, &(0x7f0000000000)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) timer_delete(0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r2) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) ioctl$SNDRV_TIMER_IOCTL_STOP(0xffffffffffffffff, 0x54a1) timer_settime(r2, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {r3, r4+60000000}}, &(0x7f00000000c0)) timer_create(0x1, &(0x7f0000000240)={0x0, 0x3d, 0x4, @thr={&(0x7f0000000380)="9b584f4c170250fb9fb120718fa338d738c8aaf160e0bbe0b9f1884c1d08d6cc0b59bc87232cd9e107bdd1f6b7ceed18bfbc6f0ee97797bd9f484924422542a0644ff75ef9eadb5cc80abd494ff4c2e872cb5966ef148e597ef22ac1368b86f8412cd52aae01862fdfd6d412198a90ff177b1764112465e304cab5b77ef7358125f44f52b3bc6d2dab522ed4f29c2ae1b9d7f4e9a32c0f6201463c60092436cce8419b1b0a71663e05896edc7de592b48db46b7860b891a8b2af90c60ec4b8c98d0bd812ea2033d2c2c1a4f8aa6e64a2c980cd4ac98be2229128c6cc9a2bde9d977a4a6cad3cc32c1cef467fda8da78a139dd57af90ccb7f576ae99329e9a106d12eb86ece10ff66dfd738a0839dcc63181642c416d8a75a71576bc15d40f193f4d54707f1e498271c1163af8b324334b824ef4ff2a1785b8faac2326088f52e8bf593da7c64fb388fe44e0bc73bd07f177fdb6c91f4040662cbb4b60933981e92fe1676e8594af2f12d1f70bd5198a84fd0c2e6c34bba5e3f91450cb7c7e016dad74cd111ddef0d5e62d2de61b73a06fafd18e8a6adbb95eb1dbc50e804214ff908af5b6e7abe1120777056470e7cded1ca40a8d9c2b50313e87db30705c30d4bbb86cf30aefe6749d4a8d0015bcbe7bca422c3be2cb2724d72730b844c87f25904191bc3b79f9ee99b840f5935d74ec69ca09628cb9d071b6a4df65f0904cd942f2694b64ad3a92ff70d93fc814aba24de6df0fa191c56bc1f7e5705702144ae56f1adbac03231417992d00bd1b8f021d736a12b7988e7d7659e322687b205303da89f07ed8212b63d5b9e679571e8c6d183cc7cf61ea852c66fb81b04756cd866ccf26ee2efa3b8823d4359420bd1e73cf07757a33904e47a793d79941da4020c58e6129d2dc21b1188fcdba5e0a0d34ae63648a89b8e56a8861503a4589e56f25b11d28209849fa8660b45aaec941a536e9e70fdd33d044b38a7e1cd06bd0aa6f4eea960f294d9e7fb973e9705da88622098f395920231fe8b26c837ddf1dc0bf6d5802c5a5ec57c4766a8ae2d41ca4dedbd48d219a1e525fc8e349002c09061b8aa088e0aa2908a46cadcf1be918100a8864c48f28559bfbe1b58b44bd8c5fdf158112eebde17611828c66912ebc57ca1ba389ce2c45a07462cfcea6e4f6a6b43e4ddeea6a4d71ee578bfce11c6a305b8a1acd26dd97ca0d18588089c42177e4051dd7c5cfd808b66f356e8688e821a2be2cb153d60fa24449a834ad5ffa62f43e25befcb5615472a056fbcc9d5c8f15c4b878bf9bc6dde44e885d0d36b956724639a43e02b73a4b34e51d4246f1e325eec05d7886c4f535e6f3eddc97f9231c957f7bbefc56a24bcf6f87976568ecc8cb73a64be32261ff4b35f1eaee0b2d5333175e3a3f16404ddedde023ed7eef4f39d823cc2457b81cd2f6ac9fd274979a95c3707e43a18567c449cb06ed38ad109916dbd921e8b0e3d4ed09fff094d07cfd8354aaf3c59018fbf77249c077ce7c1b084c3a139518b6c9c744d5c6cf0de976471d83bcc60de179f62d33834eb0b026bb07bf5c10f24144482c39ba6f6c9996fec7f7c9cd18a33cd07d2c3c120856f3a6bf9d2191dfee26b63782d16e474c7e6a3fe477eda8cf4506b3c3bf7d6ddd06e5be4d7a2bcb37a518c21c2f913709163380a9eaffac97cab7ef6b9993d1933a159b9ec33f1e35dcf53c640fcd6ea25cdcff57a40ef8c97b8b24aaeb1bb82a821fa31bfd43fe461358a151d7962e7b29f556827da44ae1ccf583fbe812a990b7cda1172f999eb19e09236a194c94a06c6208cc061eee18c12d9575d177ab81719590b44e88551fd5d12a36e78797fbfb3f160526c0587a67be6d67a876b6e9fc36ec74de13be52857f65515781373bd42dddf2166b698f1144aa28e26b9de9be0378b7921f15c6d4c2f6494c996a3b60bfaba1d864c55eff03641551da69e4fe6b7df05d65b8fa68b8252ab88bf12dd806857d8ea7a3527a8d57663f292862eff8386c2a28620b9f03ada8ba5631ac1ae5d0288aec0a12c3a1f9ee865ffcc123d36a6e41b50cc4e04b41a38d0187d6a101db5b76cbe57d6b3b8bb54c31602ccf0e30c56756533261b03874955e0fe640410c687d51c6ae9d0f253ebe66bbf323a2b4e2594b88897a19f2baa54e94ffca6bfbb3ce59e4c3a6ab4b7a6c0c728370c9ea9f810b54d51cbf0a3d6f048440f0fd449d0ae0d4147f5d788fafd440637fa18af93798bf93a059a95b62c5c9fa015a611b9b1e518d3075a342d046d07113f7e9f259de884c75bdd47c9d89f623ad3e71bc592776ea109fd9d381f9aa03523c98dd8a99589a4c08f354aa32576778531661b5ed8eb4e1eaf1f5a287080c262440a912975e6d19bf631e253d12aeaa0d8be5222819ebf1bc4730f77b06686712953c497d3d5e6affebb45de2e993bfebdb242b5a5849955d777dc595687b8d609f0cfd46ba1c33a2be5d23937dee870ee2a8b3002598492573e7f2032b16dc0e8e869438996bb76f2b44cfe57fc226b44c9fe205e3433159758c5e86d1cf1555facee2dc9fb1c8d30f5b37caaecf5060118eae79c4c0503159f549172f0650a40941d10926e77d20af5025ce4f7a68c623f89d728a7c892445917e1c5671b7a26180a529dfef9663dfcc9f64e73cd31cb3f00137e7597a1b23b5f4490b77c93de2b044be474cbb3ad6b16b29f5a5327841cf9de313b058a9609bcb611c539e54c7e47564400434573c5976d9b2dc29f42667047c266fb1b3e85579c316c0a222b52df447eeeeaef80593ca51b6671812c47da10edc3c51cf053d9eb7c7d7ff2ddc2899e444c101ca882009b6c3308212de1da4909924a98b18ed765bf66de6bf6b0cd1150bb4abe6ce2e4e23bf35fcbc370972ae5b5d0da14da194cca693a581228e44eecac38e72fd029dd66d82c0f0b1719ad85a0aed44885b8ca7e77dcd812578e4f1bc368088b5ff53590d7f476d0c86a397a7c3e6925f6db6d1c1732d1da88d4425fbf4968beefae0031c20ddb3563fea89fd768ad1de3bc901f85806bdac44fb660cf408744892ba7889fc751ddafda118d2b69a33ca7695bb8d6546cd6179585d86b41a01f4d361956b2dae0f605302c6e18089d7aa0c90574ac6d413f670359cc89c1d963085df7ff6c40f13df1e456b21ff8e78db878d646508a3a0e05f06f99928355523af7fe62f302b158f821618a936abf3b02aa701c2e964c2bbf0b4f30db2e40ca94e2a88faa06b62949d24eb010d70e317b5a9448c265881e87086affcb65ce9659b847e50668f70b54de8ad28602105f0b2a7f651eaf36ffdaec844f49dad9b91abef0a866e7ca039d8891a89f55bf470a8027e6fe98dd5e3a0cf3d035f2311d72f5326a3e83779bd8a8327693d4e1c084d81c1c22176d872491c7a4bb6599a2d060667c148c8184c4abec0366d35627991a9e98eeaa08e6fbbf6d8004fd74983e044d535f62b7ab60efbe2da1fe85f9362ffc80712c01f90158cd2b677e459a4497177942de3880407b82ce632b7414c24ceeaf7c001e1d423cc9cb7ed3a553a46a17309a770f5708e322aa9f1c195e0ff109c39bd84f2fa04f6662cdd9de85d36f469ddfced8b39c07cdb62bf76cc5213014159acc3109098d513d9a0057676e2175fbba4391cff897f62ec5e855226f4535c564f845ba94f323d7e2a2aa925fa796b36d40dd18da24f61799e28c6891807e5687d2de7ad0afd94cf25ec1a22becbb1b45c95b4df564f1a9a010070b36bec09ca59795a0802794dfaf7b04b2ea613ef448312384a1d11767528fad1e5b9bdede59ec9fd91314c7af6b6f5eb61ccfab758d647ad050343ae9bf6d236b74ac206585303d4080a24e7d7609bd75a83660be8e4c6265f7a9f7a594159b2956d4b69df9aeb9fdd0f6dc510feb70fd406ad58e76cdddcef854caf534220f4cbcff23ee85064e26ed8dbc8deb3f3c67952847bb9e7bcf5560cdbe7e6a6a547f4ed8e4f30b200d3fb6f5d35777045b7423183080568c0a22ed60407135828e10e04567c686f45297bf673088b11a3b90196da729c815513edcf57db741a2deac3dcfc3c549ba6b9c232a54d145daac204b3a0f295c3efc274c1f5fe92401903dfcc0357e81cde7e2565f63bd0e6fa661c47ea3c6049ca3ea7e0afa1ae2bfda10dc6ac75da37f31fd70252060422c49c8dd4b4445c523ef3d62a4bc66052ab6683644b6a90e6ac2b4dd440570dcf08b9560a6165ee8fccc16e8b319e25257ca414dc45383d5fbd486f6bf4eb20a2db86c89bd51cb297b337da9bcf9422566120a18de03c3387eb3d88e65d4cef3a9ba4d500a5283513db2af15abba5e8c7139739691a9b9e8a075d0ae2df825fcb0059816665127d143a14dbb38c33683ec191ec111c7ac8074a94d5fb72bbe44dad5327bf876023e954c5a7ae212d0a5cb794a81233143011845f18e42584a902028b21c846da294216e07a3f1e07fc9b1a0cd516050a9f58e4705b59e5cfaea7c69fe5e72bcefc1129de0794c8d29a5639116a7fa4408be495737dda2e1dcbd8c5239b7731d359d81970c22663cba43cf95da485ba1cb17a39dc0ec3bf1afc5c6cde255f25ffc736ab8b719cfeda581e4fcc2542042bbf67d9d4c3d7d92c85d5609b5a38cb99cb4f98075580d27a041b84c1408689baab7c9544692706c64b2831c2fd9c3549027b34f040dc84f933c16142ff9716fd7b38e7d32516429306849e7e1aaf64f37064b056c7aa5d38c3b98d95c6dcd044ad58a407144978ad321f3e95988969f3e795e43a1a229ac60e0532792319fe7fb088cbc39e7376ffe0fe1320e73c9ded0bfd16ea5be4cc0c2b5e49f768a017778c3a26124fd764958842426c3e681e1a63500b03566f50f917c788c4a43c63842e413a95d48aad53f44e0f4ab834e230c1e0f88332d5b59237f9c398f097a3967ef081dbb3676388294efefe0155884fe0a13cbeadf4c2516b05503caa28a70e0ca5a4c0e177d8cfb152845c140f8e7465899671b56379774873766e61f6ae95d1be6f7f19b796e69cd8b802a5f4cad61cea706b7eb4ed7718f69ec53738f6d62fbe9682c4812382c84c8ac74d610cf57d480a466e56a467b88328b34a6fd792533dad2fc2cc857ddbaf4056319bf982ec60908ea2e3ddaaf3934fd01378c59d7bd2d36d10776f89f0a9ba1789c83223839ba3bd2e4a295fc704955c8a01c82c77034a11cd3b771bd72bb7db6dddc2848bc64f01c5dc1adcc449e42e7d4ae2e621bdf4e10ec92b4536b52ab0843b9c876d8306e243f5a7a7a0abd2b75ceb59224256401167585a6ea44a74e5514771cce885d10c0ad17f6013334bd414165027a8c511980893b470f921a53623c5e7a32f3673bc65ba5a6325fa63eecbb8500a590afd145bd38145501d9711d5a3d9f86deb2f21958d834b1386265c9860118c5056c68f3f2ddfe9c385d4b4245d38be0cdb4a181fc35b8ba10808a009518ccc6d471cce2e37832a3d292e82ec05f992e1eb3502a0a5368999507080dccb56a50f71b4f9a5a9aa28c335663d6c58b1d818a0c324499570a35b51eca9be90b5bd6c6b6ed8d370ed3fd46572bffbfef54881276a11bc2a644ad554c17ea83e127fdd3fdd634b4e894cebf2ef8cb7e74eca7c05e81f03a98f295a793e4dca72ab5d0039569565caf598a5c3dcc9e3ead8552f69309bf6235485ccfe31ed9578bf0df70e9820d37f66f7b255af8a4c3220b387b3d867f7598ccc3881e64972875a15e459dc4837130e4ea135352c23bde92", &(0x7f0000000200)="e3ffa0175c94f13a697b9893a48f8efb6e288f905ac8a12843"}}, &(0x7f0000000280)) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$HIDIOCGCOLLECTIONINDEX(r5, 0x40184810, &(0x7f00000001c0)={0x3, 0x3, 0x24, 0x8000, 0xffff, 0x3}) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000001380)={0x1, 0xffffffffffffffff, 0x1}) 08:08:00 executing program 1: timer_create(0x7, 0x0, &(0x7f0000000100)=0x0) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(r0, &(0x7f0000000080)) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) timer_create(0x3, &(0x7f0000000000)={0x0, 0x3, 0x4}, &(0x7f0000000040)=0x0) timer_delete(r1) 08:08:00 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x200002, 0x0) openat$cgroup_pressure(r0, &(0x7f0000000040)='memory.pressure\x00', 0x2, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz1\x00', 0x200002, 0x0) connect$bt_sco(r1, &(0x7f00000000c0), 0x2) 08:08:00 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, 0x0, &(0x7f0000002780), &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) read$FUSE(0xffffffffffffffff, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(0xffffffffffffffff, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) [ 1027.983661][ T4944] ffff8881453d4480: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb fb [ 1027.991552][ T4944] ================================================================== [ 1027.999534][ T4944] Disabling lock debugging due to kernel taint 08:08:00 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x200002, 0x0) openat$cgroup_pressure(r0, &(0x7f0000000040)='memory.pressure\x00', 0x2, 0x0) (async) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz1\x00', 0x200002, 0x0) (async) connect$bt_sco(r1, &(0x7f00000000c0), 0x2) 08:08:00 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(r0, &(0x7f0000000000)) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) timer_delete(0x0) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r2) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) ioctl$SNDRV_TIMER_IOCTL_STOP(0xffffffffffffffff, 0x54a1) (async) timer_settime(r2, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {r3, r4+60000000}}, &(0x7f00000000c0)) (async) timer_create(0x1, &(0x7f0000000240)={0x0, 0x3d, 0x4, @thr={&(0x7f0000000380)="9b584f4c170250fb9fb120718fa338d738c8aaf160e0bbe0b9f1884c1d08d6cc0b59bc87232cd9e107bdd1f6b7ceed18bfbc6f0ee97797bd9f484924422542a0644ff75ef9eadb5cc80abd494ff4c2e872cb5966ef148e597ef22ac1368b86f8412cd52aae01862fdfd6d412198a90ff177b1764112465e304cab5b77ef7358125f44f52b3bc6d2dab522ed4f29c2ae1b9d7f4e9a32c0f6201463c60092436cce8419b1b0a71663e05896edc7de592b48db46b7860b891a8b2af90c60ec4b8c98d0bd812ea2033d2c2c1a4f8aa6e64a2c980cd4ac98be2229128c6cc9a2bde9d977a4a6cad3cc32c1cef467fda8da78a139dd57af90ccb7f576ae99329e9a106d12eb86ece10ff66dfd738a0839dcc63181642c416d8a75a71576bc15d40f193f4d54707f1e498271c1163af8b324334b824ef4ff2a1785b8faac2326088f52e8bf593da7c64fb388fe44e0bc73bd07f177fdb6c91f4040662cbb4b60933981e92fe1676e8594af2f12d1f70bd5198a84fd0c2e6c34bba5e3f91450cb7c7e016dad74cd111ddef0d5e62d2de61b73a06fafd18e8a6adbb95eb1dbc50e804214ff908af5b6e7abe1120777056470e7cded1ca40a8d9c2b50313e87db30705c30d4bbb86cf30aefe6749d4a8d0015bcbe7bca422c3be2cb2724d72730b844c87f25904191bc3b79f9ee99b840f5935d74ec69ca09628cb9d071b6a4df65f0904cd942f2694b64ad3a92ff70d93fc814aba24de6df0fa191c56bc1f7e5705702144ae56f1adbac03231417992d00bd1b8f021d736a12b7988e7d7659e322687b205303da89f07ed8212b63d5b9e679571e8c6d183cc7cf61ea852c66fb81b04756cd866ccf26ee2efa3b8823d4359420bd1e73cf07757a33904e47a793d79941da4020c58e6129d2dc21b1188fcdba5e0a0d34ae63648a89b8e56a8861503a4589e56f25b11d28209849fa8660b45aaec941a536e9e70fdd33d044b38a7e1cd06bd0aa6f4eea960f294d9e7fb973e9705da88622098f395920231fe8b26c837ddf1dc0bf6d5802c5a5ec57c4766a8ae2d41ca4dedbd48d219a1e525fc8e349002c09061b8aa088e0aa2908a46cadcf1be918100a8864c48f28559bfbe1b58b44bd8c5fdf158112eebde17611828c66912ebc57ca1ba389ce2c45a07462cfcea6e4f6a6b43e4ddeea6a4d71ee578bfce11c6a305b8a1acd26dd97ca0d18588089c42177e4051dd7c5cfd808b66f356e8688e821a2be2cb153d60fa24449a834ad5ffa62f43e25befcb5615472a056fbcc9d5c8f15c4b878bf9bc6dde44e885d0d36b956724639a43e02b73a4b34e51d4246f1e325eec05d7886c4f535e6f3eddc97f9231c957f7bbefc56a24bcf6f87976568ecc8cb73a64be32261ff4b35f1eaee0b2d5333175e3a3f16404ddedde023ed7eef4f39d823cc2457b81cd2f6ac9fd274979a95c3707e43a18567c449cb06ed38ad109916dbd921e8b0e3d4ed09fff094d07cfd8354aaf3c59018fbf77249c077ce7c1b084c3a139518b6c9c744d5c6cf0de976471d83bcc60de179f62d33834eb0b026bb07bf5c10f24144482c39ba6f6c9996fec7f7c9cd18a33cd07d2c3c120856f3a6bf9d2191dfee26b63782d16e474c7e6a3fe477eda8cf4506b3c3bf7d6ddd06e5be4d7a2bcb37a518c21c2f913709163380a9eaffac97cab7ef6b9993d1933a159b9ec33f1e35dcf53c640fcd6ea25cdcff57a40ef8c97b8b24aaeb1bb82a821fa31bfd43fe461358a151d7962e7b29f556827da44ae1ccf583fbe812a990b7cda1172f999eb19e09236a194c94a06c6208cc061eee18c12d9575d177ab81719590b44e88551fd5d12a36e78797fbfb3f160526c0587a67be6d67a876b6e9fc36ec74de13be52857f65515781373bd42dddf2166b698f1144aa28e26b9de9be0378b7921f15c6d4c2f6494c996a3b60bfaba1d864c55eff03641551da69e4fe6b7df05d65b8fa68b8252ab88bf12dd806857d8ea7a3527a8d57663f292862eff8386c2a28620b9f03ada8ba5631ac1ae5d0288aec0a12c3a1f9ee865ffcc123d36a6e41b50cc4e04b41a38d0187d6a101db5b76cbe57d6b3b8bb54c31602ccf0e30c56756533261b03874955e0fe640410c687d51c6ae9d0f253ebe66bbf323a2b4e2594b88897a19f2baa54e94ffca6bfbb3ce59e4c3a6ab4b7a6c0c728370c9ea9f810b54d51cbf0a3d6f048440f0fd449d0ae0d4147f5d788fafd440637fa18af93798bf93a059a95b62c5c9fa015a611b9b1e518d3075a342d046d07113f7e9f259de884c75bdd47c9d89f623ad3e71bc592776ea109fd9d381f9aa03523c98dd8a99589a4c08f354aa32576778531661b5ed8eb4e1eaf1f5a287080c262440a912975e6d19bf631e253d12aeaa0d8be5222819ebf1bc4730f77b06686712953c497d3d5e6affebb45de2e993bfebdb242b5a5849955d777dc595687b8d609f0cfd46ba1c33a2be5d23937dee870ee2a8b3002598492573e7f2032b16dc0e8e869438996bb76f2b44cfe57fc226b44c9fe205e3433159758c5e86d1cf1555facee2dc9fb1c8d30f5b37caaecf5060118eae79c4c0503159f549172f0650a40941d10926e77d20af5025ce4f7a68c623f89d728a7c892445917e1c5671b7a26180a529dfef9663dfcc9f64e73cd31cb3f00137e7597a1b23b5f4490b77c93de2b044be474cbb3ad6b16b29f5a5327841cf9de313b058a9609bcb611c539e54c7e47564400434573c5976d9b2dc29f42667047c266fb1b3e85579c316c0a222b52df447eeeeaef80593ca51b6671812c47da10edc3c51cf053d9eb7c7d7ff2ddc2899e444c101ca882009b6c3308212de1da4909924a98b18ed765bf66de6bf6b0cd1150bb4abe6ce2e4e23bf35fcbc370972ae5b5d0da14da194cca693a581228e44eecac38e72fd029dd66d82c0f0b1719ad85a0aed44885b8ca7e77dcd812578e4f1bc368088b5ff53590d7f476d0c86a397a7c3e6925f6db6d1c1732d1da88d4425fbf4968beefae0031c20ddb3563fea89fd768ad1de3bc901f85806bdac44fb660cf408744892ba7889fc751ddafda118d2b69a33ca7695bb8d6546cd6179585d86b41a01f4d361956b2dae0f605302c6e18089d7aa0c90574ac6d413f670359cc89c1d963085df7ff6c40f13df1e456b21ff8e78db878d646508a3a0e05f06f99928355523af7fe62f302b158f821618a936abf3b02aa701c2e964c2bbf0b4f30db2e40ca94e2a88faa06b62949d24eb010d70e317b5a9448c265881e87086affcb65ce9659b847e50668f70b54de8ad28602105f0b2a7f651eaf36ffdaec844f49dad9b91abef0a866e7ca039d8891a89f55bf470a8027e6fe98dd5e3a0cf3d035f2311d72f5326a3e83779bd8a8327693d4e1c084d81c1c22176d872491c7a4bb6599a2d060667c148c8184c4abec0366d35627991a9e98eeaa08e6fbbf6d8004fd74983e044d535f62b7ab60efbe2da1fe85f9362ffc80712c01f90158cd2b677e459a4497177942de3880407b82ce632b7414c24ceeaf7c001e1d423cc9cb7ed3a553a46a17309a770f5708e322aa9f1c195e0ff109c39bd84f2fa04f6662cdd9de85d36f469ddfced8b39c07cdb62bf76cc5213014159acc3109098d513d9a0057676e2175fbba4391cff897f62ec5e855226f4535c564f845ba94f323d7e2a2aa925fa796b36d40dd18da24f61799e28c6891807e5687d2de7ad0afd94cf25ec1a22becbb1b45c95b4df564f1a9a010070b36bec09ca59795a0802794dfaf7b04b2ea613ef448312384a1d11767528fad1e5b9bdede59ec9fd91314c7af6b6f5eb61ccfab758d647ad050343ae9bf6d236b74ac206585303d4080a24e7d7609bd75a83660be8e4c6265f7a9f7a594159b2956d4b69df9aeb9fdd0f6dc510feb70fd406ad58e76cdddcef854caf534220f4cbcff23ee85064e26ed8dbc8deb3f3c67952847bb9e7bcf5560cdbe7e6a6a547f4ed8e4f30b200d3fb6f5d35777045b7423183080568c0a22ed60407135828e10e04567c686f45297bf673088b11a3b90196da729c815513edcf57db741a2deac3dcfc3c549ba6b9c232a54d145daac204b3a0f295c3efc274c1f5fe92401903dfcc0357e81cde7e2565f63bd0e6fa661c47ea3c6049ca3ea7e0afa1ae2bfda10dc6ac75da37f31fd70252060422c49c8dd4b4445c523ef3d62a4bc66052ab6683644b6a90e6ac2b4dd440570dcf08b9560a6165ee8fccc16e8b319e25257ca414dc45383d5fbd486f6bf4eb20a2db86c89bd51cb297b337da9bcf9422566120a18de03c3387eb3d88e65d4cef3a9ba4d500a5283513db2af15abba5e8c7139739691a9b9e8a075d0ae2df825fcb0059816665127d143a14dbb38c33683ec191ec111c7ac8074a94d5fb72bbe44dad5327bf876023e954c5a7ae212d0a5cb794a81233143011845f18e42584a902028b21c846da294216e07a3f1e07fc9b1a0cd516050a9f58e4705b59e5cfaea7c69fe5e72bcefc1129de0794c8d29a5639116a7fa4408be495737dda2e1dcbd8c5239b7731d359d81970c22663cba43cf95da485ba1cb17a39dc0ec3bf1afc5c6cde255f25ffc736ab8b719cfeda581e4fcc2542042bbf67d9d4c3d7d92c85d5609b5a38cb99cb4f98075580d27a041b84c1408689baab7c9544692706c64b2831c2fd9c3549027b34f040dc84f933c16142ff9716fd7b38e7d32516429306849e7e1aaf64f37064b056c7aa5d38c3b98d95c6dcd044ad58a407144978ad321f3e95988969f3e795e43a1a229ac60e0532792319fe7fb088cbc39e7376ffe0fe1320e73c9ded0bfd16ea5be4cc0c2b5e49f768a017778c3a26124fd764958842426c3e681e1a63500b03566f50f917c788c4a43c63842e413a95d48aad53f44e0f4ab834e230c1e0f88332d5b59237f9c398f097a3967ef081dbb3676388294efefe0155884fe0a13cbeadf4c2516b05503caa28a70e0ca5a4c0e177d8cfb152845c140f8e7465899671b56379774873766e61f6ae95d1be6f7f19b796e69cd8b802a5f4cad61cea706b7eb4ed7718f69ec53738f6d62fbe9682c4812382c84c8ac74d610cf57d480a466e56a467b88328b34a6fd792533dad2fc2cc857ddbaf4056319bf982ec60908ea2e3ddaaf3934fd01378c59d7bd2d36d10776f89f0a9ba1789c83223839ba3bd2e4a295fc704955c8a01c82c77034a11cd3b771bd72bb7db6dddc2848bc64f01c5dc1adcc449e42e7d4ae2e621bdf4e10ec92b4536b52ab0843b9c876d8306e243f5a7a7a0abd2b75ceb59224256401167585a6ea44a74e5514771cce885d10c0ad17f6013334bd414165027a8c511980893b470f921a53623c5e7a32f3673bc65ba5a6325fa63eecbb8500a590afd145bd38145501d9711d5a3d9f86deb2f21958d834b1386265c9860118c5056c68f3f2ddfe9c385d4b4245d38be0cdb4a181fc35b8ba10808a009518ccc6d471cce2e37832a3d292e82ec05f992e1eb3502a0a5368999507080dccb56a50f71b4f9a5a9aa28c335663d6c58b1d818a0c324499570a35b51eca9be90b5bd6c6b6ed8d370ed3fd46572bffbfef54881276a11bc2a644ad554c17ea83e127fdd3fdd634b4e894cebf2ef8cb7e74eca7c05e81f03a98f295a793e4dca72ab5d0039569565caf598a5c3dcc9e3ead8552f69309bf6235485ccfe31ed9578bf0df70e9820d37f66f7b255af8a4c3220b387b3d867f7598ccc3881e64972875a15e459dc4837130e4ea135352c23bde92", &(0x7f0000000200)="e3ffa0175c94f13a697b9893a48f8efb6e288f905ac8a12843"}}, &(0x7f0000000280)) (async) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$HIDIOCGCOLLECTIONINDEX(r5, 0x40184810, &(0x7f00000001c0)={0x3, 0x3, 0x24, 0x8000, 0xffff, 0x3}) (async) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000001380)={0x1, 0xffffffffffffffff, 0x1}) [ 1028.047556][ T4982] FAULT_INJECTION: forcing a failure. [ 1028.047556][ T4982] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1028.083701][ T4982] CPU: 0 PID: 4982 Comm: syz-executor.3 Tainted: G B 5.15.74-syzkaller #0 [ 1028.093350][ T4982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1028.103239][ T4982] Call Trace: [ 1028.106369][ T4982] [ 1028.109140][ T4982] dump_stack_lvl+0x151/0x1b7 [ 1028.113653][ T4982] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1028.118949][ T4982] dump_stack+0x15/0x17 [ 1028.122938][ T4982] should_fail+0x3c0/0x510 [ 1028.127194][ T4982] should_fail_alloc_page+0x58/0x70 [ 1028.132227][ T4982] __alloc_pages+0x1de/0x7c0 [ 1028.136661][ T4982] ? __count_vm_events+0x30/0x30 [ 1028.141427][ T4982] pte_alloc_one+0x73/0x1b0 08:08:00 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), 0x0, &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) read$FUSE(0xffffffffffffffff, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(0xffffffffffffffff, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) 08:08:00 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(r0, &(0x7f0000000000)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) timer_delete(0x0) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)=0x0) timer_delete(r2) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) ioctl$SNDRV_TIMER_IOCTL_STOP(0xffffffffffffffff, 0x54a1) timer_settime(r2, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {r3, r4+60000000}}, &(0x7f00000000c0)) timer_create(0x1, &(0x7f0000000240)={0x0, 0x3d, 0x4, @thr={&(0x7f0000000380)="9b584f4c170250fb9fb120718fa338d738c8aaf160e0bbe0b9f1884c1d08d6cc0b59bc87232cd9e107bdd1f6b7ceed18bfbc6f0ee97797bd9f484924422542a0644ff75ef9eadb5cc80abd494ff4c2e872cb5966ef148e597ef22ac1368b86f8412cd52aae01862fdfd6d412198a90ff177b1764112465e304cab5b77ef7358125f44f52b3bc6d2dab522ed4f29c2ae1b9d7f4e9a32c0f6201463c60092436cce8419b1b0a71663e05896edc7de592b48db46b7860b891a8b2af90c60ec4b8c98d0bd812ea2033d2c2c1a4f8aa6e64a2c980cd4ac98be2229128c6cc9a2bde9d977a4a6cad3cc32c1cef467fda8da78a139dd57af90ccb7f576ae99329e9a106d12eb86ece10ff66dfd738a0839dcc63181642c416d8a75a71576bc15d40f193f4d54707f1e498271c1163af8b324334b824ef4ff2a1785b8faac2326088f52e8bf593da7c64fb388fe44e0bc73bd07f177fdb6c91f4040662cbb4b60933981e92fe1676e8594af2f12d1f70bd5198a84fd0c2e6c34bba5e3f91450cb7c7e016dad74cd111ddef0d5e62d2de61b73a06fafd18e8a6adbb95eb1dbc50e804214ff908af5b6e7abe1120777056470e7cded1ca40a8d9c2b50313e87db30705c30d4bbb86cf30aefe6749d4a8d0015bcbe7bca422c3be2cb2724d72730b844c87f25904191bc3b79f9ee99b840f5935d74ec69ca09628cb9d071b6a4df65f0904cd942f2694b64ad3a92ff70d93fc814aba24de6df0fa191c56bc1f7e5705702144ae56f1adbac03231417992d00bd1b8f021d736a12b7988e7d7659e322687b205303da89f07ed8212b63d5b9e679571e8c6d183cc7cf61ea852c66fb81b04756cd866ccf26ee2efa3b8823d4359420bd1e73cf07757a33904e47a793d79941da4020c58e6129d2dc21b1188fcdba5e0a0d34ae63648a89b8e56a8861503a4589e56f25b11d28209849fa8660b45aaec941a536e9e70fdd33d044b38a7e1cd06bd0aa6f4eea960f294d9e7fb973e9705da88622098f395920231fe8b26c837ddf1dc0bf6d5802c5a5ec57c4766a8ae2d41ca4dedbd48d219a1e525fc8e349002c09061b8aa088e0aa2908a46cadcf1be918100a8864c48f28559bfbe1b58b44bd8c5fdf158112eebde17611828c66912ebc57ca1ba389ce2c45a07462cfcea6e4f6a6b43e4ddeea6a4d71ee578bfce11c6a305b8a1acd26dd97ca0d18588089c42177e4051dd7c5cfd808b66f356e8688e821a2be2cb153d60fa24449a834ad5ffa62f43e25befcb5615472a056fbcc9d5c8f15c4b878bf9bc6dde44e885d0d36b956724639a43e02b73a4b34e51d4246f1e325eec05d7886c4f535e6f3eddc97f9231c957f7bbefc56a24bcf6f87976568ecc8cb73a64be32261ff4b35f1eaee0b2d5333175e3a3f16404ddedde023ed7eef4f39d823cc2457b81cd2f6ac9fd274979a95c3707e43a18567c449cb06ed38ad109916dbd921e8b0e3d4ed09fff094d07cfd8354aaf3c59018fbf77249c077ce7c1b084c3a139518b6c9c744d5c6cf0de976471d83bcc60de179f62d33834eb0b026bb07bf5c10f24144482c39ba6f6c9996fec7f7c9cd18a33cd07d2c3c120856f3a6bf9d2191dfee26b63782d16e474c7e6a3fe477eda8cf4506b3c3bf7d6ddd06e5be4d7a2bcb37a518c21c2f913709163380a9eaffac97cab7ef6b9993d1933a159b9ec33f1e35dcf53c640fcd6ea25cdcff57a40ef8c97b8b24aaeb1bb82a821fa31bfd43fe461358a151d7962e7b29f556827da44ae1ccf583fbe812a990b7cda1172f999eb19e09236a194c94a06c6208cc061eee18c12d9575d177ab81719590b44e88551fd5d12a36e78797fbfb3f160526c0587a67be6d67a876b6e9fc36ec74de13be52857f65515781373bd42dddf2166b698f1144aa28e26b9de9be0378b7921f15c6d4c2f6494c996a3b60bfaba1d864c55eff03641551da69e4fe6b7df05d65b8fa68b8252ab88bf12dd806857d8ea7a3527a8d57663f292862eff8386c2a28620b9f03ada8ba5631ac1ae5d0288aec0a12c3a1f9ee865ffcc123d36a6e41b50cc4e04b41a38d0187d6a101db5b76cbe57d6b3b8bb54c31602ccf0e30c56756533261b03874955e0fe640410c687d51c6ae9d0f253ebe66bbf323a2b4e2594b88897a19f2baa54e94ffca6bfbb3ce59e4c3a6ab4b7a6c0c728370c9ea9f810b54d51cbf0a3d6f048440f0fd449d0ae0d4147f5d788fafd440637fa18af93798bf93a059a95b62c5c9fa015a611b9b1e518d3075a342d046d07113f7e9f259de884c75bdd47c9d89f623ad3e71bc592776ea109fd9d381f9aa03523c98dd8a99589a4c08f354aa32576778531661b5ed8eb4e1eaf1f5a287080c262440a912975e6d19bf631e253d12aeaa0d8be5222819ebf1bc4730f77b06686712953c497d3d5e6affebb45de2e993bfebdb242b5a5849955d777dc595687b8d609f0cfd46ba1c33a2be5d23937dee870ee2a8b3002598492573e7f2032b16dc0e8e869438996bb76f2b44cfe57fc226b44c9fe205e3433159758c5e86d1cf1555facee2dc9fb1c8d30f5b37caaecf5060118eae79c4c0503159f549172f0650a40941d10926e77d20af5025ce4f7a68c623f89d728a7c892445917e1c5671b7a26180a529dfef9663dfcc9f64e73cd31cb3f00137e7597a1b23b5f4490b77c93de2b044be474cbb3ad6b16b29f5a5327841cf9de313b058a9609bcb611c539e54c7e47564400434573c5976d9b2dc29f42667047c266fb1b3e85579c316c0a222b52df447eeeeaef80593ca51b6671812c47da10edc3c51cf053d9eb7c7d7ff2ddc2899e444c101ca882009b6c3308212de1da4909924a98b18ed765bf66de6bf6b0cd1150bb4abe6ce2e4e23bf35fcbc370972ae5b5d0da14da194cca693a581228e44eecac38e72fd029dd66d82c0f0b1719ad85a0aed44885b8ca7e77dcd812578e4f1bc368088b5ff53590d7f476d0c86a397a7c3e6925f6db6d1c1732d1da88d4425fbf4968beefae0031c20ddb3563fea89fd768ad1de3bc901f85806bdac44fb660cf408744892ba7889fc751ddafda118d2b69a33ca7695bb8d6546cd6179585d86b41a01f4d361956b2dae0f605302c6e18089d7aa0c90574ac6d413f670359cc89c1d963085df7ff6c40f13df1e456b21ff8e78db878d646508a3a0e05f06f99928355523af7fe62f302b158f821618a936abf3b02aa701c2e964c2bbf0b4f30db2e40ca94e2a88faa06b62949d24eb010d70e317b5a9448c265881e87086affcb65ce9659b847e50668f70b54de8ad28602105f0b2a7f651eaf36ffdaec844f49dad9b91abef0a866e7ca039d8891a89f55bf470a8027e6fe98dd5e3a0cf3d035f2311d72f5326a3e83779bd8a8327693d4e1c084d81c1c22176d872491c7a4bb6599a2d060667c148c8184c4abec0366d35627991a9e98eeaa08e6fbbf6d8004fd74983e044d535f62b7ab60efbe2da1fe85f9362ffc80712c01f90158cd2b677e459a4497177942de3880407b82ce632b7414c24ceeaf7c001e1d423cc9cb7ed3a553a46a17309a770f5708e322aa9f1c195e0ff109c39bd84f2fa04f6662cdd9de85d36f469ddfced8b39c07cdb62bf76cc5213014159acc3109098d513d9a0057676e2175fbba4391cff897f62ec5e855226f4535c564f845ba94f323d7e2a2aa925fa796b36d40dd18da24f61799e28c6891807e5687d2de7ad0afd94cf25ec1a22becbb1b45c95b4df564f1a9a010070b36bec09ca59795a0802794dfaf7b04b2ea613ef448312384a1d11767528fad1e5b9bdede59ec9fd91314c7af6b6f5eb61ccfab758d647ad050343ae9bf6d236b74ac206585303d4080a24e7d7609bd75a83660be8e4c6265f7a9f7a594159b2956d4b69df9aeb9fdd0f6dc510feb70fd406ad58e76cdddcef854caf534220f4cbcff23ee85064e26ed8dbc8deb3f3c67952847bb9e7bcf5560cdbe7e6a6a547f4ed8e4f30b200d3fb6f5d35777045b7423183080568c0a22ed60407135828e10e04567c686f45297bf673088b11a3b90196da729c815513edcf57db741a2deac3dcfc3c549ba6b9c232a54d145daac204b3a0f295c3efc274c1f5fe92401903dfcc0357e81cde7e2565f63bd0e6fa661c47ea3c6049ca3ea7e0afa1ae2bfda10dc6ac75da37f31fd70252060422c49c8dd4b4445c523ef3d62a4bc66052ab6683644b6a90e6ac2b4dd440570dcf08b9560a6165ee8fccc16e8b319e25257ca414dc45383d5fbd486f6bf4eb20a2db86c89bd51cb297b337da9bcf9422566120a18de03c3387eb3d88e65d4cef3a9ba4d500a5283513db2af15abba5e8c7139739691a9b9e8a075d0ae2df825fcb0059816665127d143a14dbb38c33683ec191ec111c7ac8074a94d5fb72bbe44dad5327bf876023e954c5a7ae212d0a5cb794a81233143011845f18e42584a902028b21c846da294216e07a3f1e07fc9b1a0cd516050a9f58e4705b59e5cfaea7c69fe5e72bcefc1129de0794c8d29a5639116a7fa4408be495737dda2e1dcbd8c5239b7731d359d81970c22663cba43cf95da485ba1cb17a39dc0ec3bf1afc5c6cde255f25ffc736ab8b719cfeda581e4fcc2542042bbf67d9d4c3d7d92c85d5609b5a38cb99cb4f98075580d27a041b84c1408689baab7c9544692706c64b2831c2fd9c3549027b34f040dc84f933c16142ff9716fd7b38e7d32516429306849e7e1aaf64f37064b056c7aa5d38c3b98d95c6dcd044ad58a407144978ad321f3e95988969f3e795e43a1a229ac60e0532792319fe7fb088cbc39e7376ffe0fe1320e73c9ded0bfd16ea5be4cc0c2b5e49f768a017778c3a26124fd764958842426c3e681e1a63500b03566f50f917c788c4a43c63842e413a95d48aad53f44e0f4ab834e230c1e0f88332d5b59237f9c398f097a3967ef081dbb3676388294efefe0155884fe0a13cbeadf4c2516b05503caa28a70e0ca5a4c0e177d8cfb152845c140f8e7465899671b56379774873766e61f6ae95d1be6f7f19b796e69cd8b802a5f4cad61cea706b7eb4ed7718f69ec53738f6d62fbe9682c4812382c84c8ac74d610cf57d480a466e56a467b88328b34a6fd792533dad2fc2cc857ddbaf4056319bf982ec60908ea2e3ddaaf3934fd01378c59d7bd2d36d10776f89f0a9ba1789c83223839ba3bd2e4a295fc704955c8a01c82c77034a11cd3b771bd72bb7db6dddc2848bc64f01c5dc1adcc449e42e7d4ae2e621bdf4e10ec92b4536b52ab0843b9c876d8306e243f5a7a7a0abd2b75ceb59224256401167585a6ea44a74e5514771cce885d10c0ad17f6013334bd414165027a8c511980893b470f921a53623c5e7a32f3673bc65ba5a6325fa63eecbb8500a590afd145bd38145501d9711d5a3d9f86deb2f21958d834b1386265c9860118c5056c68f3f2ddfe9c385d4b4245d38be0cdb4a181fc35b8ba10808a009518ccc6d471cce2e37832a3d292e82ec05f992e1eb3502a0a5368999507080dccb56a50f71b4f9a5a9aa28c335663d6c58b1d818a0c324499570a35b51eca9be90b5bd6c6b6ed8d370ed3fd46572bffbfef54881276a11bc2a644ad554c17ea83e127fdd3fdd634b4e894cebf2ef8cb7e74eca7c05e81f03a98f295a793e4dca72ab5d0039569565caf598a5c3dcc9e3ead8552f69309bf6235485ccfe31ed9578bf0df70e9820d37f66f7b255af8a4c3220b387b3d867f7598ccc3881e64972875a15e459dc4837130e4ea135352c23bde92", &(0x7f0000000200)="e3ffa0175c94f13a697b9893a48f8efb6e288f905ac8a12843"}}, &(0x7f0000000280)) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$HIDIOCGCOLLECTIONINDEX(r5, 0x40184810, &(0x7f00000001c0)={0x3, 0x3, 0x24, 0x8000, 0xffff, 0x3}) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000001380)={0x1, 0xffffffffffffffff, 0x1}) timer_create(0x0, 0x0, &(0x7f0000000100)) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(r0, &(0x7f0000000000)) (async) pipe(&(0x7f0000005540)) (async) read$FUSE(r1, 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) timer_delete(0x0) (async) timer_create(0x6, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f0000000340)) (async) timer_delete(r2) (async) clock_gettime(0x0, &(0x7f0000000040)) (async) ioctl$SNDRV_TIMER_IOCTL_STOP(0xffffffffffffffff, 0x54a1) (async) timer_settime(r2, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {r3, r4+60000000}}, &(0x7f00000000c0)) (async) timer_create(0x1, &(0x7f0000000240)={0x0, 0x3d, 0x4, @thr={&(0x7f0000000380)="9b584f4c170250fb9fb120718fa338d738c8aaf160e0bbe0b9f1884c1d08d6cc0b59bc87232cd9e107bdd1f6b7ceed18bfbc6f0ee97797bd9f484924422542a0644ff75ef9eadb5cc80abd494ff4c2e872cb5966ef148e597ef22ac1368b86f8412cd52aae01862fdfd6d412198a90ff177b1764112465e304cab5b77ef7358125f44f52b3bc6d2dab522ed4f29c2ae1b9d7f4e9a32c0f6201463c60092436cce8419b1b0a71663e05896edc7de592b48db46b7860b891a8b2af90c60ec4b8c98d0bd812ea2033d2c2c1a4f8aa6e64a2c980cd4ac98be2229128c6cc9a2bde9d977a4a6cad3cc32c1cef467fda8da78a139dd57af90ccb7f576ae99329e9a106d12eb86ece10ff66dfd738a0839dcc63181642c416d8a75a71576bc15d40f193f4d54707f1e498271c1163af8b324334b824ef4ff2a1785b8faac2326088f52e8bf593da7c64fb388fe44e0bc73bd07f177fdb6c91f4040662cbb4b60933981e92fe1676e8594af2f12d1f70bd5198a84fd0c2e6c34bba5e3f91450cb7c7e016dad74cd111ddef0d5e62d2de61b73a06fafd18e8a6adbb95eb1dbc50e804214ff908af5b6e7abe1120777056470e7cded1ca40a8d9c2b50313e87db30705c30d4bbb86cf30aefe6749d4a8d0015bcbe7bca422c3be2cb2724d72730b844c87f25904191bc3b79f9ee99b840f5935d74ec69ca09628cb9d071b6a4df65f0904cd942f2694b64ad3a92ff70d93fc814aba24de6df0fa191c56bc1f7e5705702144ae56f1adbac03231417992d00bd1b8f021d736a12b7988e7d7659e322687b205303da89f07ed8212b63d5b9e679571e8c6d183cc7cf61ea852c66fb81b04756cd866ccf26ee2efa3b8823d4359420bd1e73cf07757a33904e47a793d79941da4020c58e6129d2dc21b1188fcdba5e0a0d34ae63648a89b8e56a8861503a4589e56f25b11d28209849fa8660b45aaec941a536e9e70fdd33d044b38a7e1cd06bd0aa6f4eea960f294d9e7fb973e9705da88622098f395920231fe8b26c837ddf1dc0bf6d5802c5a5ec57c4766a8ae2d41ca4dedbd48d219a1e525fc8e349002c09061b8aa088e0aa2908a46cadcf1be918100a8864c48f28559bfbe1b58b44bd8c5fdf158112eebde17611828c66912ebc57ca1ba389ce2c45a07462cfcea6e4f6a6b43e4ddeea6a4d71ee578bfce11c6a305b8a1acd26dd97ca0d18588089c42177e4051dd7c5cfd808b66f356e8688e821a2be2cb153d60fa24449a834ad5ffa62f43e25befcb5615472a056fbcc9d5c8f15c4b878bf9bc6dde44e885d0d36b956724639a43e02b73a4b34e51d4246f1e325eec05d7886c4f535e6f3eddc97f9231c957f7bbefc56a24bcf6f87976568ecc8cb73a64be32261ff4b35f1eaee0b2d5333175e3a3f16404ddedde023ed7eef4f39d823cc2457b81cd2f6ac9fd274979a95c3707e43a18567c449cb06ed38ad109916dbd921e8b0e3d4ed09fff094d07cfd8354aaf3c59018fbf77249c077ce7c1b084c3a139518b6c9c744d5c6cf0de976471d83bcc60de179f62d33834eb0b026bb07bf5c10f24144482c39ba6f6c9996fec7f7c9cd18a33cd07d2c3c120856f3a6bf9d2191dfee26b63782d16e474c7e6a3fe477eda8cf4506b3c3bf7d6ddd06e5be4d7a2bcb37a518c21c2f913709163380a9eaffac97cab7ef6b9993d1933a159b9ec33f1e35dcf53c640fcd6ea25cdcff57a40ef8c97b8b24aaeb1bb82a821fa31bfd43fe461358a151d7962e7b29f556827da44ae1ccf583fbe812a990b7cda1172f999eb19e09236a194c94a06c6208cc061eee18c12d9575d177ab81719590b44e88551fd5d12a36e78797fbfb3f160526c0587a67be6d67a876b6e9fc36ec74de13be52857f65515781373bd42dddf2166b698f1144aa28e26b9de9be0378b7921f15c6d4c2f6494c996a3b60bfaba1d864c55eff03641551da69e4fe6b7df05d65b8fa68b8252ab88bf12dd806857d8ea7a3527a8d57663f292862eff8386c2a28620b9f03ada8ba5631ac1ae5d0288aec0a12c3a1f9ee865ffcc123d36a6e41b50cc4e04b41a38d0187d6a101db5b76cbe57d6b3b8bb54c31602ccf0e30c56756533261b03874955e0fe640410c687d51c6ae9d0f253ebe66bbf323a2b4e2594b88897a19f2baa54e94ffca6bfbb3ce59e4c3a6ab4b7a6c0c728370c9ea9f810b54d51cbf0a3d6f048440f0fd449d0ae0d4147f5d788fafd440637fa18af93798bf93a059a95b62c5c9fa015a611b9b1e518d3075a342d046d07113f7e9f259de884c75bdd47c9d89f623ad3e71bc592776ea109fd9d381f9aa03523c98dd8a99589a4c08f354aa32576778531661b5ed8eb4e1eaf1f5a287080c262440a912975e6d19bf631e253d12aeaa0d8be5222819ebf1bc4730f77b06686712953c497d3d5e6affebb45de2e993bfebdb242b5a5849955d777dc595687b8d609f0cfd46ba1c33a2be5d23937dee870ee2a8b3002598492573e7f2032b16dc0e8e869438996bb76f2b44cfe57fc226b44c9fe205e3433159758c5e86d1cf1555facee2dc9fb1c8d30f5b37caaecf5060118eae79c4c0503159f549172f0650a40941d10926e77d20af5025ce4f7a68c623f89d728a7c892445917e1c5671b7a26180a529dfef9663dfcc9f64e73cd31cb3f00137e7597a1b23b5f4490b77c93de2b044be474cbb3ad6b16b29f5a5327841cf9de313b058a9609bcb611c539e54c7e47564400434573c5976d9b2dc29f42667047c266fb1b3e85579c316c0a222b52df447eeeeaef80593ca51b6671812c47da10edc3c51cf053d9eb7c7d7ff2ddc2899e444c101ca882009b6c3308212de1da4909924a98b18ed765bf66de6bf6b0cd1150bb4abe6ce2e4e23bf35fcbc370972ae5b5d0da14da194cca693a581228e44eecac38e72fd029dd66d82c0f0b1719ad85a0aed44885b8ca7e77dcd812578e4f1bc368088b5ff53590d7f476d0c86a397a7c3e6925f6db6d1c1732d1da88d4425fbf4968beefae0031c20ddb3563fea89fd768ad1de3bc901f85806bdac44fb660cf408744892ba7889fc751ddafda118d2b69a33ca7695bb8d6546cd6179585d86b41a01f4d361956b2dae0f605302c6e18089d7aa0c90574ac6d413f670359cc89c1d963085df7ff6c40f13df1e456b21ff8e78db878d646508a3a0e05f06f99928355523af7fe62f302b158f821618a936abf3b02aa701c2e964c2bbf0b4f30db2e40ca94e2a88faa06b62949d24eb010d70e317b5a9448c265881e87086affcb65ce9659b847e50668f70b54de8ad28602105f0b2a7f651eaf36ffdaec844f49dad9b91abef0a866e7ca039d8891a89f55bf470a8027e6fe98dd5e3a0cf3d035f2311d72f5326a3e83779bd8a8327693d4e1c084d81c1c22176d872491c7a4bb6599a2d060667c148c8184c4abec0366d35627991a9e98eeaa08e6fbbf6d8004fd74983e044d535f62b7ab60efbe2da1fe85f9362ffc80712c01f90158cd2b677e459a4497177942de3880407b82ce632b7414c24ceeaf7c001e1d423cc9cb7ed3a553a46a17309a770f5708e322aa9f1c195e0ff109c39bd84f2fa04f6662cdd9de85d36f469ddfced8b39c07cdb62bf76cc5213014159acc3109098d513d9a0057676e2175fbba4391cff897f62ec5e855226f4535c564f845ba94f323d7e2a2aa925fa796b36d40dd18da24f61799e28c6891807e5687d2de7ad0afd94cf25ec1a22becbb1b45c95b4df564f1a9a010070b36bec09ca59795a0802794dfaf7b04b2ea613ef448312384a1d11767528fad1e5b9bdede59ec9fd91314c7af6b6f5eb61ccfab758d647ad050343ae9bf6d236b74ac206585303d4080a24e7d7609bd75a83660be8e4c6265f7a9f7a594159b2956d4b69df9aeb9fdd0f6dc510feb70fd406ad58e76cdddcef854caf534220f4cbcff23ee85064e26ed8dbc8deb3f3c67952847bb9e7bcf5560cdbe7e6a6a547f4ed8e4f30b200d3fb6f5d35777045b7423183080568c0a22ed60407135828e10e04567c686f45297bf673088b11a3b90196da729c815513edcf57db741a2deac3dcfc3c549ba6b9c232a54d145daac204b3a0f295c3efc274c1f5fe92401903dfcc0357e81cde7e2565f63bd0e6fa661c47ea3c6049ca3ea7e0afa1ae2bfda10dc6ac75da37f31fd70252060422c49c8dd4b4445c523ef3d62a4bc66052ab6683644b6a90e6ac2b4dd440570dcf08b9560a6165ee8fccc16e8b319e25257ca414dc45383d5fbd486f6bf4eb20a2db86c89bd51cb297b337da9bcf9422566120a18de03c3387eb3d88e65d4cef3a9ba4d500a5283513db2af15abba5e8c7139739691a9b9e8a075d0ae2df825fcb0059816665127d143a14dbb38c33683ec191ec111c7ac8074a94d5fb72bbe44dad5327bf876023e954c5a7ae212d0a5cb794a81233143011845f18e42584a902028b21c846da294216e07a3f1e07fc9b1a0cd516050a9f58e4705b59e5cfaea7c69fe5e72bcefc1129de0794c8d29a5639116a7fa4408be495737dda2e1dcbd8c5239b7731d359d81970c22663cba43cf95da485ba1cb17a39dc0ec3bf1afc5c6cde255f25ffc736ab8b719cfeda581e4fcc2542042bbf67d9d4c3d7d92c85d5609b5a38cb99cb4f98075580d27a041b84c1408689baab7c9544692706c64b2831c2fd9c3549027b34f040dc84f933c16142ff9716fd7b38e7d32516429306849e7e1aaf64f37064b056c7aa5d38c3b98d95c6dcd044ad58a407144978ad321f3e95988969f3e795e43a1a229ac60e0532792319fe7fb088cbc39e7376ffe0fe1320e73c9ded0bfd16ea5be4cc0c2b5e49f768a017778c3a26124fd764958842426c3e681e1a63500b03566f50f917c788c4a43c63842e413a95d48aad53f44e0f4ab834e230c1e0f88332d5b59237f9c398f097a3967ef081dbb3676388294efefe0155884fe0a13cbeadf4c2516b05503caa28a70e0ca5a4c0e177d8cfb152845c140f8e7465899671b56379774873766e61f6ae95d1be6f7f19b796e69cd8b802a5f4cad61cea706b7eb4ed7718f69ec53738f6d62fbe9682c4812382c84c8ac74d610cf57d480a466e56a467b88328b34a6fd792533dad2fc2cc857ddbaf4056319bf982ec60908ea2e3ddaaf3934fd01378c59d7bd2d36d10776f89f0a9ba1789c83223839ba3bd2e4a295fc704955c8a01c82c77034a11cd3b771bd72bb7db6dddc2848bc64f01c5dc1adcc449e42e7d4ae2e621bdf4e10ec92b4536b52ab0843b9c876d8306e243f5a7a7a0abd2b75ceb59224256401167585a6ea44a74e5514771cce885d10c0ad17f6013334bd414165027a8c511980893b470f921a53623c5e7a32f3673bc65ba5a6325fa63eecbb8500a590afd145bd38145501d9711d5a3d9f86deb2f21958d834b1386265c9860118c5056c68f3f2ddfe9c385d4b4245d38be0cdb4a181fc35b8ba10808a009518ccc6d471cce2e37832a3d292e82ec05f992e1eb3502a0a5368999507080dccb56a50f71b4f9a5a9aa28c335663d6c58b1d818a0c324499570a35b51eca9be90b5bd6c6b6ed8d370ed3fd46572bffbfef54881276a11bc2a644ad554c17ea83e127fdd3fdd634b4e894cebf2ef8cb7e74eca7c05e81f03a98f295a793e4dca72ab5d0039569565caf598a5c3dcc9e3ead8552f69309bf6235485ccfe31ed9578bf0df70e9820d37f66f7b255af8a4c3220b387b3d867f7598ccc3881e64972875a15e459dc4837130e4ea135352c23bde92", &(0x7f0000000200)="e3ffa0175c94f13a697b9893a48f8efb6e288f905ac8a12843"}}, &(0x7f0000000280)) (async) pipe(&(0x7f0000000180)) (async) ioctl$HIDIOCGCOLLECTIONINDEX(r5, 0x40184810, &(0x7f00000001c0)={0x3, 0x3, 0x24, 0x8000, 0xffff, 0x3}) (async) pipe(&(0x7f00000002c0)) (async) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000001380)={0x1, 0xffffffffffffffff, 0x1}) (async) 08:08:00 executing program 1: pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) setsockopt$inet6_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000000)={0x7}, 0x4) timer_create(0x7, 0x0, &(0x7f0000000100)) write$FUSE_POLL(r0, &(0x7f0000000040)={0x18, 0xfffffffffffffffe, 0x0, {0x6}}, 0x18) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000240)) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) r3 = getgid() read$FUSE(r0, &(0x7f0000000280)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_DIRENTPLUS(r2, &(0x7f00000022c0)={0x200, 0x0, 0x0, [{{0x3, 0x3, 0x9, 0x5c, 0xfffffffe, 0x7, {0x5, 0x8000000000000001, 0x3f, 0x80, 0xa1f, 0x3, 0x2, 0x7, 0x1, 0x4000, 0x8001, 0xffffffffffffffff, r3, 0x0, 0xffffffff}}, {0x4, 0xcd2, 0x17, 0x7f, '#\xbf*-\xd1-#/!^{-*:+{,/@:}@)'}}, {{0x5, 0x2, 0xffffffff80000000, 0x7, 0xffffff01, 0x101, {0x4, 0x8, 0x14, 0x1f, 0xf1, 0x3, 0x9, 0x9, 0x7a1, 0xa000, 0x8, 0xee00, r4, 0x8000, 0x7}}, {0x2, 0x0, 0x4, 0x80000000, '\x8e&{\\'}}, {{0x4, 0x1, 0x8001, 0xebb8, 0x5, 0xa8, {0x0, 0x40, 0xfffffffffffffffc, 0x2b, 0x20, 0x4, 0x9, 0x1, 0x1, 0xc000, 0x8, 0xee01, 0xee00, 0x6, 0x7}}, {0x1, 0x9, 0x3, 0x0, '\\@&'}}]}, 0x200) 08:08:00 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) getsockopt$nfc_llcp(0xffffffffffffffff, 0x118, 0x3, &(0x7f0000000040)=""/37, 0x25) timer_delete(0x0) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000000)={0x6, 0xffffffffffffffff, 0x1}) r2 = fsmount(r1, 0x0, 0x0) read$FUSE(r0, &(0x7f0000000180)={0x2020, 0x0, 0x0}, 0x2020) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r4, 0x0, 0x0) read$FUSE(r4, &(0x7f00000021c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_ENTRY(r2, &(0x7f0000004200)={0x90, 0xfffffffffffffff5, r3, {0x0, 0x2, 0x6, 0x6, 0x401, 0x80000001, {0x3, 0xfff, 0x7fffffffffffffff, 0x0, 0x8, 0xfffffffffffffffb, 0x3f, 0x7, 0x8, 0x2000, 0x3, 0xee01, r5, 0x4e3c, 0x7}}}, 0x90) [ 1028.145769][ T4982] ? pfn_modify_allowed+0x2e0/0x2e0 [ 1028.150809][ T4982] __pte_alloc+0x86/0x350 [ 1028.154966][ T4982] ? is_module_text_address+0xe1/0x140 [ 1028.160260][ T4982] ? free_pgtables+0x210/0x210 [ 1028.164863][ T4982] ? __kernel_text_address+0x9a/0x110 [ 1028.170066][ T4982] ? unwind_get_return_address+0x4c/0x90 [ 1028.175538][ T4982] copy_pte_range+0x1b1f/0x20b0 [ 1028.180223][ T4982] ? stack_trace_save+0x12d/0x1f0 [ 1028.185095][ T4982] ? anon_vma_clone+0xa1/0x4f0 [ 1028.189684][ T4982] ? __kunmap_atomic+0x80/0x80 [ 1028.194283][ T4982] ? dup_mmap+0x750/0xea0 [ 1028.198452][ T4982] ? dup_mm+0x91/0x330 [ 1028.202352][ T4982] ? copy_mm+0x108/0x1b0 [ 1028.206441][ T4982] ? copy_process+0x1295/0x3250 [ 1028.211119][ T4982] ? kernel_clone+0x22d/0x990 [ 1028.215630][ T4982] ? __x64_sys_clone3+0x375/0x3a0 [ 1028.220492][ T4982] ? do_syscall_64+0x44/0xd0 [ 1028.224917][ T4982] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1028.230820][ T4982] copy_page_range+0xc1e/0x1090 [ 1028.235506][ T4982] ? pfn_valid+0x1e0/0x1e0 [ 1028.239761][ T4982] dup_mmap+0x99f/0xea0 [ 1028.243757][ T4982] ? __delayed_free_task+0x20/0x20 [ 1028.248701][ T4982] ? mm_init+0x807/0x960 [ 1028.252778][ T4982] dup_mm+0x91/0x330 [ 1028.256509][ T4982] copy_mm+0x108/0x1b0 [ 1028.260421][ T4982] copy_process+0x1295/0x3250 [ 1028.264935][ T4982] ? check_stack_object+0xf7/0x130 [ 1028.269876][ T4982] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1028.274824][ T4982] ? copy_clone_args_from_user+0x6cf/0x790 [ 1028.280470][ T4982] kernel_clone+0x22d/0x990 [ 1028.284811][ T4982] ? dup_mmap+0xea0/0xea0 [ 1028.288974][ T4982] ? create_io_thread+0x1e0/0x1e0 [ 1028.293833][ T4982] ? file_end_write+0x1b0/0x1b0 [ 1028.298520][ T4982] __x64_sys_clone3+0x375/0x3a0 [ 1028.303204][ T4982] ? __ia32_sys_clone+0x300/0x300 [ 1028.308064][ T4982] ? ksys_write+0x25f/0x2c0 [ 1028.312407][ T4982] ? debug_smp_processor_id+0x17/0x20 [ 1028.317613][ T4982] do_syscall_64+0x44/0xd0 [ 1028.321866][ T4982] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1028.327594][ T4982] RIP: 0033:0x7f495fdbc639 [ 1028.331847][ T4982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1028.351290][ T4982] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1028.359533][ T4982] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1028.367346][ T4982] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1028.375155][ T4982] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1028.382968][ T4982] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1028.390780][ T4982] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 08:08:00 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 81) 08:08:00 executing program 4: ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000000)={0x3, 0xffffffffffffffff, 0x1}) ioctl$KVM_GET_DEVICE_ATTR(r0, 0x4018aee2, &(0x7f0000000080)={0x0, 0x0, 0x7ff, &(0x7f0000000040)=0x3}) (async, rerun: 32) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (rerun: 32) 08:08:00 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x200002, 0x0) openat$cgroup_pressure(r0, &(0x7f0000000040)='memory.pressure\x00', 0x2, 0x0) (async) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz1\x00', 0x200002, 0x0) connect$bt_sco(r1, &(0x7f00000000c0), 0x2) 08:08:00 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), 0x0, &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) read$FUSE(0xffffffffffffffff, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(0xffffffffffffffff, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) 08:08:00 executing program 0: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) openat$cgroup(0xffffffffffffffff, &(0x7f0000000300)='syz0\x00', 0x200002, 0x0) sendmsg$AUDIT_TTY_SET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x18, 0x3f9, 0x0, 0x70bd28, 0x25dfdbfc, {}, ["", "", "", ""]}, 0x18}, 0x1, 0x0, 0x0, 0x4000000}, 0x10) r1 = fsmount(0xffffffffffffffff, 0x0, 0x4) sendmsg$AUDIT_LIST_RULES(r1, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x10, 0x3f5, 0x300, 0x70bd26, 0x25dfdbfe, "", ["", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x40010}, 0x4000880) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) write$nbd(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="67446698010000000200040002000000835a78d45f41da8190544424cc059dbc959732a6b1d307bc9dff54799f6075b46001b31160b537b3f93077a8e14833e54c87020a4f392e751bad4c5edbb9d5a3a968b5699a0df3b351aca25ca32580653fddb486547a01dc5ca461f7302ea8c474d75dd6d8fae7df51fedcc0bb6d2f6def8a0b51dfe095eaa79b8374c38001ff9e38"], 0x92) connect$bt_sco(r0, &(0x7f00000000c0)={0x1f, @none}, 0x8) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r3, 0x54a3) [ 1028.398593][ T4982] [ 1028.435047][ T5030] FAULT_INJECTION: forcing a failure. [ 1028.435047][ T5030] name failslab, interval 1, probability 0, space 0, times 0 [ 1028.453033][ T5030] CPU: 1 PID: 5030 Comm: syz-executor.3 Tainted: G B 5.15.74-syzkaller #0 [ 1028.462674][ T5030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1028.472564][ T5030] Call Trace: [ 1028.475684][ T5030] [ 1028.478462][ T5030] dump_stack_lvl+0x151/0x1b7 [ 1028.483110][ T5030] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1028.488405][ T5030] dump_stack+0x15/0x17 [ 1028.492395][ T5030] should_fail+0x3c0/0x510 [ 1028.496649][ T5030] __should_failslab+0x9f/0xe0 [ 1028.501247][ T5030] should_failslab+0x9/0x20 [ 1028.505584][ T5030] kmem_cache_alloc+0x4f/0x2f0 [ 1028.510186][ T5030] ? vm_area_dup+0x26/0x1d0 [ 1028.514524][ T5030] ? __kasan_check_read+0x11/0x20 [ 1028.519388][ T5030] vm_area_dup+0x26/0x1d0 [ 1028.523552][ T5030] dup_mmap+0x6b8/0xea0 [ 1028.527549][ T5030] ? __delayed_free_task+0x20/0x20 [ 1028.532491][ T5030] ? mm_init+0x807/0x960 [ 1028.536570][ T5030] dup_mm+0x91/0x330 [ 1028.540314][ T5030] copy_mm+0x108/0x1b0 [ 1028.544210][ T5030] copy_process+0x1295/0x3250 [ 1028.548723][ T5030] ? check_stack_object+0xf7/0x130 [ 1028.553671][ T5030] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1028.558618][ T5030] ? copy_clone_args_from_user+0x6cf/0x790 [ 1028.564262][ T5030] kernel_clone+0x22d/0x990 [ 1028.568608][ T5030] ? dup_mmap+0xea0/0xea0 [ 1028.572767][ T5030] ? create_io_thread+0x1e0/0x1e0 [ 1028.577625][ T5030] ? file_end_write+0x1b0/0x1b0 [ 1028.582310][ T5030] __x64_sys_clone3+0x375/0x3a0 [ 1028.586998][ T5030] ? __ia32_sys_clone+0x300/0x300 [ 1028.591861][ T5030] ? ksys_write+0x25f/0x2c0 [ 1028.596203][ T5030] ? debug_smp_processor_id+0x17/0x20 [ 1028.601413][ T5030] do_syscall_64+0x44/0xd0 [ 1028.605663][ T5030] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1028.611385][ T5030] RIP: 0033:0x7f495fdbc639 [ 1028.615640][ T5030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 08:08:01 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), 0x0, &(0x7f00000027c0), {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) read$FUSE(0xffffffffffffffff, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(0xffffffffffffffff, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) 08:08:01 executing program 0: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) openat$cgroup(0xffffffffffffffff, &(0x7f0000000300)='syz0\x00', 0x200002, 0x0) (async) sendmsg$AUDIT_TTY_SET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x18, 0x3f9, 0x0, 0x70bd28, 0x25dfdbfc, {}, ["", "", "", ""]}, 0x18}, 0x1, 0x0, 0x0, 0x4000000}, 0x10) (async) r1 = fsmount(0xffffffffffffffff, 0x0, 0x4) sendmsg$AUDIT_LIST_RULES(r1, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x10, 0x3f5, 0x300, 0x70bd26, 0x25dfdbfe, "", ["", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x40010}, 0x4000880) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) (async) write$nbd(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="67446698010000000200040002000000835a78d45f41da8190544424cc059dbc959732a6b1d307bc9dff54799f6075b46001b31160b537b3f93077a8e14833e54c87020a4f392e751bad4c5edbb9d5a3a968b5699a0df3b351aca25ca32580653fddb486547a01dc5ca461f7302ea8c474d75dd6d8fae7df51fedcc0bb6d2f6def8a0b51dfe095eaa79b8374c38001ff9e38"], 0x92) (async) connect$bt_sco(r0, &(0x7f00000000c0)={0x1f, @none}, 0x8) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, 0x0, 0x0) (async) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r3, 0x54a3) 08:08:01 executing program 0: syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) openat$cgroup(0xffffffffffffffff, &(0x7f0000000300)='syz0\x00', 0x200002, 0x0) sendmsg$AUDIT_TTY_SET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x18, 0x3f9, 0x0, 0x70bd28, 0x25dfdbfc, {}, ["", "", "", ""]}, 0x18}, 0x1, 0x0, 0x0, 0x4000000}, 0x10) r1 = fsmount(0xffffffffffffffff, 0x0, 0x4) sendmsg$AUDIT_LIST_RULES(r1, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x10, 0x3f5, 0x300, 0x70bd26, 0x25dfdbfe, "", ["", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x40010}, 0x4000880) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) write$nbd(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="67446698010000000200040002000000835a78d45f41da8190544424cc059dbc959732a6b1d307bc9dff54799f6075b46001b31160b537b3f93077a8e14833e54c87020a4f392e751bad4c5edbb9d5a3a968b5699a0df3b351aca25ca32580653fddb486547a01dc5ca461f7302ea8c474d75dd6d8fae7df51fedcc0bb6d2f6def8a0b51dfe095eaa79b8374c38001ff9e38"], 0x92) connect$bt_sco(r0, &(0x7f00000000c0)={0x1f, @none}, 0x8) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r3, 0x54a3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) openat$cgroup(0xffffffffffffffff, &(0x7f0000000300)='syz0\x00', 0x200002, 0x0) (async) sendmsg$AUDIT_TTY_SET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x18, 0x3f9, 0x0, 0x70bd28, 0x25dfdbfc, {}, ["", "", "", ""]}, 0x18}, 0x1, 0x0, 0x0, 0x4000000}, 0x10) (async) fsmount(0xffffffffffffffff, 0x0, 0x4) (async) sendmsg$AUDIT_LIST_RULES(r1, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x10, 0x3f5, 0x300, 0x70bd26, 0x25dfdbfe, "", ["", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x40010}, 0x4000880) (async) pipe(&(0x7f0000005540)) (async) read$FUSE(r2, 0x0, 0x0) (async) write$nbd(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="67446698010000000200040002000000835a78d45f41da8190544424cc059dbc959732a6b1d307bc9dff54799f6075b46001b31160b537b3f93077a8e14833e54c87020a4f392e751bad4c5edbb9d5a3a968b5699a0df3b351aca25ca32580653fddb486547a01dc5ca461f7302ea8c474d75dd6d8fae7df51fedcc0bb6d2f6def8a0b51dfe095eaa79b8374c38001ff9e38"], 0x92) (async) connect$bt_sco(r0, &(0x7f00000000c0)={0x1f, @none}, 0x8) (async) pipe(&(0x7f0000005540)) (async) read$FUSE(r3, 0x0, 0x0) (async) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r3, 0x54a3) (async) 08:08:01 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) getsockopt$bt_sco_SCO_CONNINFO(r0, 0x11, 0x2, &(0x7f0000000000)=""/45, &(0x7f0000000040)=0x2d) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) read$char_usb(r1, &(0x7f0000000100)=""/190, 0xbe) 08:08:01 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 82) [ 1028.635085][ T5030] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1028.643330][ T5030] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1028.651140][ T5030] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1028.658950][ T5030] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1028.666763][ T5030] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1028.674583][ T5030] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1028.682394][ T5030] [ 1028.718076][ T5070] FAULT_INJECTION: forcing a failure. [ 1028.718076][ T5070] name failslab, interval 1, probability 0, space 0, times 0 [ 1028.731930][ T5070] CPU: 1 PID: 5070 Comm: syz-executor.3 Tainted: G B 5.15.74-syzkaller #0 [ 1028.741560][ T5070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1028.751457][ T5070] Call Trace: [ 1028.754581][ T5070] [ 1028.757358][ T5070] dump_stack_lvl+0x151/0x1b7 [ 1028.761877][ T5070] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1028.767169][ T5070] dump_stack+0x15/0x17 [ 1028.771159][ T5070] should_fail+0x3c0/0x510 [ 1028.775411][ T5070] __should_failslab+0x9f/0xe0 [ 1028.780013][ T5070] should_failslab+0x9/0x20 [ 1028.784359][ T5070] kmem_cache_alloc+0x4f/0x2f0 [ 1028.788951][ T5070] ? anon_vma_clone+0xa1/0x4f0 [ 1028.793552][ T5070] anon_vma_clone+0xa1/0x4f0 [ 1028.797978][ T5070] anon_vma_fork+0x91/0x4f0 [ 1028.802315][ T5070] ? anon_vma_name+0x4c/0x70 [ 1028.806745][ T5070] dup_mmap+0x750/0xea0 [ 1028.810740][ T5070] ? __delayed_free_task+0x20/0x20 [ 1028.815684][ T5070] ? mm_init+0x807/0x960 [ 1028.819764][ T5070] dup_mm+0x91/0x330 [ 1028.823497][ T5070] copy_mm+0x108/0x1b0 [ 1028.827403][ T5070] copy_process+0x1295/0x3250 [ 1028.831920][ T5070] ? check_stack_object+0xf7/0x130 [ 1028.836868][ T5070] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1028.841809][ T5070] ? copy_clone_args_from_user+0x6cf/0x790 [ 1028.847452][ T5070] kernel_clone+0x22d/0x990 [ 1028.851788][ T5070] ? dup_mmap+0xea0/0xea0 [ 1028.855955][ T5070] ? create_io_thread+0x1e0/0x1e0 [ 1028.860817][ T5070] ? file_end_write+0x1b0/0x1b0 [ 1028.865506][ T5070] __x64_sys_clone3+0x375/0x3a0 [ 1028.870191][ T5070] ? __ia32_sys_clone+0x300/0x300 [ 1028.875055][ T5070] ? ksys_write+0x25f/0x2c0 [ 1028.879390][ T5070] ? debug_smp_processor_id+0x17/0x20 [ 1028.884622][ T5070] do_syscall_64+0x44/0xd0 [ 1028.888864][ T5070] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1028.894576][ T5070] RIP: 0033:0x7f495fdbc639 [ 1028.898833][ T5070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1028.918274][ T5070] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1028.926517][ T5070] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1028.934328][ T5070] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1028.942142][ T5070] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1028.949959][ T5070] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1028.957766][ T5070] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1028.965580][ T5070] 08:08:01 executing program 1: pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) (async) setsockopt$inet6_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000000)={0x7}, 0x4) (async) timer_create(0x7, 0x0, &(0x7f0000000100)) (async) write$FUSE_POLL(r0, &(0x7f0000000040)={0x18, 0xfffffffffffffffe, 0x0, {0x6}}, 0x18) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) (async) r3 = getgid() (async) read$FUSE(r0, &(0x7f0000000280)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_DIRENTPLUS(r2, &(0x7f00000022c0)={0x200, 0x0, 0x0, [{{0x3, 0x3, 0x9, 0x5c, 0xfffffffe, 0x7, {0x5, 0x8000000000000001, 0x3f, 0x80, 0xa1f, 0x3, 0x2, 0x7, 0x1, 0x4000, 0x8001, 0xffffffffffffffff, r3, 0x0, 0xffffffff}}, {0x4, 0xcd2, 0x17, 0x7f, '#\xbf*-\xd1-#/!^{-*:+{,/@:}@)'}}, {{0x5, 0x2, 0xffffffff80000000, 0x7, 0xffffff01, 0x101, {0x4, 0x8, 0x14, 0x1f, 0xf1, 0x3, 0x9, 0x9, 0x7a1, 0xa000, 0x8, 0xee00, r4, 0x8000, 0x7}}, {0x2, 0x0, 0x4, 0x80000000, '\x8e&{\\'}}, {{0x4, 0x1, 0x8001, 0xebb8, 0x5, 0xa8, {0x0, 0x40, 0xfffffffffffffffc, 0x2b, 0x20, 0x4, 0x9, 0x1, 0x1, 0xc000, 0x8, 0xee01, 0xee00, 0x6, 0x7}}, {0x1, 0x9, 0x3, 0x0, '\\@&'}}]}, 0x200) 08:08:01 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), 0x0, 0x0, {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) read$FUSE(0xffffffffffffffff, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(0xffffffffffffffff, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) 08:08:01 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) getsockopt$bt_sco_SCO_CONNINFO(r0, 0x11, 0x2, &(0x7f0000000000)=""/45, &(0x7f0000000040)=0x2d) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) read$char_usb(r1, &(0x7f0000000100)=""/190, 0xbe) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async) getsockopt$bt_sco_SCO_CONNINFO(r0, 0x11, 0x2, &(0x7f0000000000)=""/45, &(0x7f0000000040)=0x2d) (async) pipe(&(0x7f0000005540)) (async) read$FUSE(r1, 0x0, 0x0) (async) read$char_usb(r1, &(0x7f0000000100)=""/190, 0xbe) (async) 08:08:01 executing program 4: ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000000)={0x3, 0xffffffffffffffff, 0x1}) ioctl$KVM_GET_DEVICE_ATTR(r0, 0x4018aee2, &(0x7f0000000080)={0x0, 0x0, 0x7ff, &(0x7f0000000040)=0x3}) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000000)={0x3, 0xffffffffffffffff, 0x1}) (async) ioctl$KVM_GET_DEVICE_ATTR(r0, 0x4018aee2, &(0x7f0000000080)={0x0, 0x0, 0x7ff, &(0x7f0000000040)=0x3}) (async) syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (async) 08:08:01 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 83) 08:08:01 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) getsockopt$nfc_llcp(0xffffffffffffffff, 0x118, 0x3, &(0x7f0000000040)=""/37, 0x25) (async) timer_delete(0x0) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000000)={0x6, 0xffffffffffffffff, 0x1}) (async) r2 = fsmount(r1, 0x0, 0x0) (async) read$FUSE(r0, &(0x7f0000000180)={0x2020, 0x0, 0x0}, 0x2020) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r4, 0x0, 0x0) (async) read$FUSE(r4, &(0x7f00000021c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_ENTRY(r2, &(0x7f0000004200)={0x90, 0xfffffffffffffff5, r3, {0x0, 0x2, 0x6, 0x6, 0x401, 0x80000001, {0x3, 0xfff, 0x7fffffffffffffff, 0x0, 0x8, 0xfffffffffffffffb, 0x3f, 0x7, 0x8, 0x2000, 0x3, 0xee01, r5, 0x4e3c, 0x7}}}, 0x90) 08:08:01 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) getsockopt$bt_sco_SCO_CONNINFO(r0, 0x11, 0x2, &(0x7f0000000000)=""/45, &(0x7f0000000040)=0x2d) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) read$char_usb(r1, &(0x7f0000000100)=""/190, 0xbe) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async) getsockopt$bt_sco_SCO_CONNINFO(r0, 0x11, 0x2, &(0x7f0000000000)=""/45, &(0x7f0000000040)=0x2d) (async) pipe(&(0x7f0000005540)) (async) read$FUSE(r1, 0x0, 0x0) (async) read$char_usb(r1, &(0x7f0000000100)=""/190, 0xbe) (async) [ 1029.098066][ T5109] FAULT_INJECTION: forcing a failure. [ 1029.098066][ T5109] name failslab, interval 1, probability 0, space 0, times 0 [ 1029.113223][ T5109] CPU: 1 PID: 5109 Comm: syz-executor.3 Tainted: G B 5.15.74-syzkaller #0 [ 1029.122857][ T5109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1029.132754][ T5109] Call Trace: [ 1029.135877][ T5109] [ 1029.138654][ T5109] dump_stack_lvl+0x151/0x1b7 [ 1029.143170][ T5109] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1029.148466][ T5109] dump_stack+0x15/0x17 [ 1029.152468][ T5109] should_fail+0x3c0/0x510 [ 1029.156709][ T5109] __should_failslab+0x9f/0xe0 [ 1029.161310][ T5109] should_failslab+0x9/0x20 [ 1029.165645][ T5109] kmem_cache_alloc+0x4f/0x2f0 [ 1029.170248][ T5109] ? vm_area_dup+0x26/0x1d0 [ 1029.174587][ T5109] ? __kasan_check_read+0x11/0x20 [ 1029.179451][ T5109] vm_area_dup+0x26/0x1d0 [ 1029.183617][ T5109] dup_mmap+0x6b8/0xea0 [ 1029.187607][ T5109] ? __delayed_free_task+0x20/0x20 [ 1029.192556][ T5109] ? mm_init+0x807/0x960 08:08:01 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = openat$cgroup(0xffffffffffffffff, &(0x7f00000001c0)='syz0\x00', 0x200002, 0x0) openat$cgroup_freezer_state(r1, &(0x7f0000000180), 0x2, 0x0) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) bind$bt_sco(r0, &(0x7f0000000000), 0x8) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x4, [@func_proto={0x0, 0x4, 0x0, 0xd, 0x0, [{0x8}, {0xb}, {0x3}, {0xb, 0x1}]}, @func]}, {0x0, [0x0, 0x0]}}, &(0x7f00000002c0)=""/166, 0x54, 0xa6, 0x1}, 0xffffffffffffffb8) setsockopt$bt_rfcomm_RFCOMM_LM(0xffffffffffffffff, 0x12, 0x3, &(0x7f0000000100)=0x44, 0x4) getsockopt$bt_sco_SCO_CONNINFO(r0, 0x11, 0x2, &(0x7f0000000140)=""/1, &(0x7f0000000040)=0x1) 08:08:01 executing program 4: r0 = fsmount(0xffffffffffffffff, 0x0, 0x1) sendmmsg$nfc_llcp(0xffffffffffffffff, &(0x7f0000001800)=[{&(0x7f0000000040)={0x27, 0x0, 0x1, 0x4, 0x8, 0x2, "6fe69c7b708740615fa744d77b6373bb401543aaf3ee018b6f94b6db7210c568ec92918c7971b2d0582494f4db6047aebaa7fc1a9374514b50dce496a78784", 0x15}, 0x60, &(0x7f0000001180)=[{&(0x7f00000000c0)="e48ec3dd3324ed2e84e1eea24c94c7bba11a93f3ebafaf79383ab78d4b39bbe448498cd263b5a31cd3224699102bf1016bbac093bb2a1d44a60e84ea817d273f59850e4fc70a7a31e188930f4bce83da0f4b047d2109208d8094af9abc0721913d4a2287dc6b7292a56b528b633a34520ca582bf630c8d320c8852d8fa0e3afa7fc9fb5a24d80869603a2b0e99c6104ca27507010135a24a33c1ff6ced6ba36768614f125ecf6f51e863ad24d47bd7d4df4676f0c29da1d1e2c533ae171a0e2ec9d97f371ecb1c43c64388f04d606af49613f3dfab11df910bf73e5b7df87c92e5d45507c5e595135702471195acb7f442bcf88466d0c931df066809e1b6f69fa6e909976f86ac4be2feb09de2aa1180f80fec8cd294e7f990f31745504993b1f2a47ee90b35d5e16910ae668dd73f26dec6653d384930d0567b76c34a40877d123605675cb6c655098c22cf75ff25f3f2e00ab3b0458eef63c863813574f7dff9361aa9e11c3d67e6cb00226343ba8a473fe4f343db36fe4dcb8d3d905a14a0b1ef2ab1bb91593789fdaa4430c34706caebef1239ac97a23f88712678bceedbd51ce32e1fd3641ef23d1a1c575314322546b0370e2570c1509d122ee97d15caee15f024ccff8e15c7065a8996e9ef9f929a6c8c4bb03b394f3bdf72bb69b9e900ff835967dbd3f933ec4239bfa402e429ae42727c4e27c1bd6050260f9f3e238317013ef41ab16937c019af66bcbaf1571f8c797d0c011cd3225f0f4526818de46bcb2ca1153edbe7917f86da072406c2b80d6a7b9dc24f521be1078b21cc1a86257420e43464c444a7c6c69f2ed72e0597edfdd380529e359806c78a14f20982b5bd3ed79e7312d1516aaf16fd3098fa8d2a0558919576a29e584c5b1e2802d3d41147a9e6f70a2194649d69815c805b7282e6dcd9d5ff460de72cc25802a08cd83ab61db4dd782bd298bcf4fb96fe26d99904374061e4b3a1d7d62478e5517c48ce8da380b8152ca32876681ed0227071d554315a329a9e19de5498d1e36e698ef59064531a9c747b4a7838cbb55b5e0801848f092506ba33592fa5620b6b4679c1a042ec9f10246b8425a1e6741d6af907c4dc96ec932f6b6e30c975ea83cad756aa459a50c8605b13ad70af1a18a1d74b763e81a749d226edfc7e56990ada17bfd24f11b01a529a2d77b343160fd77fa9dbf0ae6543caacb1a87d96ce7e180e2e5c847fcb349de536e8719c95ea196e418fd2bf970406e897bbf8a9af223d7876363b2e72fe875005e5249a4407c839124991dab74e859757afdef0ff6fb660d9df9ca22fdf8c69dd5c2be74bf481968bebfbaba340418e54ce31ebdb8f3440837b2075a847afb4c43a1ade022c91603b1269d97f06e0b9e1b8d07cbe81129b2291e68a91bc98485d0e18e0d7ae5a58a02e3cfbf55924e5a1c23427a78b7742362157f3281743d54fb082b99430b2f6b1cfc6b2adf0ad37996ea3b7b163335b1ed4c36aacb3998af5041ab8157c1d3663a15b80d49f033fcdce1629991b182431b252117bdb36145faca0813bc3b81c8a3b2077d26e7aa2c03c17f1679926d8bd9ef6a1189d03e35b18643787269da488ac68859c9f57fdf57b0ff3297956e49ae3a5119b7f96856f71c31daf71db4ae3f1d3fe7dc51a69589007f1b4cb2c3d59f77ef59efbf54b5ef7deb61f0406a35ead5fee406477923067711df1cda93fd463896fbe7592ab3e6acb6184d51c5f46db0cb6eb4ae608001f5943e0d601a3a8e5f861e3a09a45574a3a2dfd1af49481fe6abb8ad8ca7f741f661a806386950ebee31a74202bbca295becb25cd6511466d62b8d8dcb91bab7329670b1179808454507ec8da93d5ad028c73d922d408b04f2ef6054acc77de8ed6fd277e0a13c7c8f4751c481a4db7069acc85f7231aa8c0bc7717360e8f43040fabec813d7abccc28c087f7daffc861238c0fd2932e9c9a34e23447097214258d4eba51fdf44fcd46b84efcfa6aaa662a2a0ccb51a15bd9644d5b6ea58381edc85d278a889a1c33028418cf5f48e00bd41d008c4ad6184aa5e43968a8a7f4db8dac3437133400e22c2b23de4aad7ba10307080a3bebcea7232174c45d2a6736147a83c14e939582097fb5739bebee24ba9e4aa90f13ed39bfb0af6938f2f4353b3a9cb47bce731ea19a9b1641a7dc9f07b20e01fa12800a69875bb5af808ad381995a5a0ee88d67e30a0088907e56c6512b949c72b592ed2ecf84a994748e7e7f4bf5ebbef79a96dac0b29d932a86f76eadac82d6ab4203c3eace412ebb10ec2e4257fd39593bffb3e58f5b0b5d40c6bea3dc9e78ee49837ed6b0352f746d6c18d5ef422db1026004e095ced1ff772edea2cbd8886195aa4e1b58523bc839c190c44525ef8254adeae02891820530226e0321e0a612d63daad5f393722085f7fd3bb6266408750eebbe823c4b04bf581214d2d1db9ce16968c8ca7adb3f288b952d815eeed6ce74b8bea00a4acc9c2b54c3eb5e0b328469808744d0dcf37cf5156f6977e6690a6b2f5daba5b597e9d2ec5a3fa258d97bd30de2fe12a9720e4ebdf880b840cf760a7a28fcee61edea5534056f77ba55c49a1dce55e690909db0093201963f1b9a8b4f12701feeebbec9ab7c66ea8040f6045264997d1d084aed11ee113317e56a251e380bfafed051ceb7540fbd0e80c79eb88bc14977b7d1692ec9b5561ffc429a0147b0440bdc76fadff2f8c44bdd0031570a2b6245b08d4d2c0621d6eb4f298a1f6b63739ff3ced48d15bb693f9743102502163621c60a3fcd5b845e5a63dffefe32cdcd923a81a9830c0d4a5401a2a9f020058baf60294ca7cd66d0c62b692822b7c5c5e585a553b5a1f8d30049b033c2132c468dcbba65887c4e73f9286587ed9956a418bcff501316fbb44efeb4b04f68c6544ca972777f209153d758bca7ff30c049bf24141156c503bca40f76992ceeed5a19c824fecfb8c6bd0a4fd8ce19d341f0d17eb5574e53db11a92c555a3bfe7ba811e221f9034830e1b8f45f979eed7adb24faa851a020f00c4698f0d3ad79edba7a89a3d26712ae1ea59ce8aaa8b81451c7cd7d2294c266270bb2ea716986f044b89a5af545d5deb7bbe574daf20aa8be8dcca7fbfbd888f8822d52ed75eead912fafe0fc16e512f5c27b97f6f5b45e2194618cc8e3aaf9fc4da4e65dd5af68fc4200a69a7f734f3bfb5762a78a86efd78b268e07ef72a5ee325cd5b8437a09018d1e463517fbc6e75654f79a13eaa5af4bbded2968a95df486cf66105ce12cc8c49eb4fc8cca3c60bdc30ca06ed2a512580b02858b52f26defb9c12470c9ab9b89e8b0a93fd724f19372842f58cdf83727b5f478c2bb17d2f08fb958555da31ee44d74cbc7b8cbc17bb49884b8e7a33040fbb50d5442eb88ba33c76c799dff234d3249654a20d931dbbca26bfca9684ea765dfd7d7d78a697469360679fd9ea4e2657e86549658a642a63e3983daa5de3077630672abbf5ef7b1eac63f8b87c6c6d7b9b9ea0c0ca0ddec53712580e8ab62807e975126a221768a194f82b7fed5d865caba92980019f98f3ee8a585f373d9b8fa868d77379b19fb89b9b2b5e935881873bb0d1049913e5be6f523a7eda9f45bf3d44bd364067f99651c9d2921c67655fdbb84ed08b75865ce65432aaebf03464738099a1491625f6dfdc0745d54728258aa53f222b89859e1e3db368f90212e3c664b37ab243b43a6464285138602e21a7cf5102f10fb5516a7f2ab02bbdae39e87e2c26c19bf2f65e8ec7e3cf0d9b272342ee696c3e176dbc69d3ae7bf4861449f2b4ddc7d415256ce5ae9048117cc63af909e9595b84c374fd9bbee6f2398bdccda30a802d297007a37fe83b7c15171674ea28c7752564989b3ba66abc06e2959d9db195238cec000ea123b63340553e6aaff4547bd5e35c2079708c5a355885f7df8bf0ccbe301a86f95caac0e34ae405c6b2ef3818dd67bc45a7476012f146e949608cbbe90495ce3d1391c59d45809b95ec9278116905bd1fb4ab527031ee0667eea555c3fc3a314ab26f0bfaae1c7ab59d60fe9c407f783b04be87a018a471cf8e155146e12245ee4371caf68645461111e017832ddb931e8355f44f00b83265205b5e0626673881e74c65a8fe02b511e2329dccccfd3ba919195fcdc38fe862054857ca29b4c9049d570a8f90a83774f3f70f0c682af9b53202b360b44256aa771852472a58dad7cd9d2bd97648485a5f124b66b1cb861db2ec3b2765fc5aa3a2b47ab1ac3c327b3ddb3de09d4737ab20df50fdb39bcaa5261e3c813dd2bbd3468b9b1f364afc0a53bea2a21dcddf6d69e02b2091d84821574fa24713b20ec1bca26a56c5416064b203b4ebbe8ff7ba036e6b711026eddcc7c9b9dd76ca92f5c803fb19a651312cfd0231af2beb1796797e3e59a276829081f00a9ba316e3fe3f5f00b727eb9ad6ce5d301edbc985766891fb1fb6336cb4c8e2c78a33cb028c6179e9ade4f7ae352aeabb441ac8f712e095d1bafc7a99d37de770da2c7eac565b0858949c9904818e5031755868bf0a9d9eddf5d8677821fdaf69fe45f55ba22737ab3960dc535afd9230d51883a3699b86dda3a199738af38b4b65c1e4646f1beb1531c5308369ecc087624ab8dac40fd0cbe86e160fd0e72261422a8ffc1572f4f4765a994a5aed379af2bc26dc952c92105e9433e6aae155e83e7eeb60d9fd8719ab283558206cc354b95d989c378931d7deef607d06df7e1a97715c2db94f36fb47711ec81182fb1a0f0bd16a975a43d9de75c6caa1a947479a3513ba9397362c7e64397fef3b42d3457fa8dd96ed7767ee1ed431422e3e603155c512e603148b0fa5847070468e701d1acf60ef1ed99b42a3920762e07d6aed322120d5b84659cdf53db55c4289d22ee6972439c74994a91414c4094006005a29ca384d2feed5bf181e45cb93c8a5f0338c167d923ecad91503ead6a0e1e1419d4ae8c3b4f98cf41aea1b6ad769244968770646a1b9b7d23f00d9ac733c9e4ae2231ae00c679af59d271aad27e1a1f1fa61f4e00c72016c91545e7c6da0a84f4512c143bd7ed93ab76f0ba4481d3f6e76b735bfec38fdcb66ae531b1c97facab5b83c4eec03f3740b21dbaad20d5ea7eeb8f74e989024aee34bb3fe2fcf7c47d1b7a4b122e553102961c12e505bf9655804811483b256ce46ac6ac72edd89f6f78e6a9a3947ce2d2f8f48f355d31a1ec15d8f16546e85ab2683513839f06be6d7adc528e309f33193e4cef475122c86c849c79a53f6900c4487ce374c4d158535ca856388c7f0bc84aefb92568024ec23af4090ef1afe9bf274d31eae6b42d9bb461877f77becafd0c33905b15c360c0a846dd96996a4896ea4cd9942583340b814dd515efa5e446b438257fcb4b1e6a3a13db87eda5d735d0559184c91dff7f756142c27b7ab6238f4af4c1e9e85b0d2e88c5cda9b228ad42aea0f3f9382f152db2651ab016ab30bea183fdb93fa4573807c4c1fb7ec519a1af2c2dd435f8937dace7a438d168f482d96a135cac2387ebe5cd1434343e754101cb274488a6840b8de7eabad5d8f039edcc79a8396e78f93b5f3dc1116bd8dac861861606a8b7aef06ce4d4fa606b9fe94e433440f67b842451f7ccce869085e86684bbcac51aa82ed5ed070650435c467098a2f92953e135162daf0a61f90b5e119d0c6b18aa1369543a56a2aa41072e529ad1e785da92c35274182ce9041d82619831c49682d3b6a162fc354a9b724010013247719e7ec4e94aae39", 0x1000}, {&(0x7f00000010c0)="f4cc26e0d1edbb0dbee5d9754997591a2c0ecd0e28213840dc3b65ae290c06613cb503dffd0130bcbbc3156578f3d74ff85c16863dceb785921d81b52d3a9b3e5869b7c79eeec789e6078a3baad7988a4b81ab47f4559fb3ccadaec44e9b7d396a9f441ee0a075b40021a502c8dfb466fc454dfb3b7012f7678caa7a978c42d56b9e96f854e4c9fcbd29207cf8521df69476", 0x92}], 0x2, &(0x7f00000011c0)={0xf0, 0x119, 0xdaa, "cc4a3bf9be12f6cf37804cfed11dad98ce6c43511f4662ba77111273ebba0908b95d714269a13a8bd9abaa91dc59ed9b946eceae572d8205ce9a23b05412771ab2f1a08f5400b6e55183144c4527500dc9b3bafa301b1e4d5be0ccfcfa921856b4d5d28a9bcd46d4fd75cab90281154c1a34282e9327af16ccd7895e08bfa64b16f4813bc4d699c75cb3237826183af197cbc63fbeaa7699515d7fae0fde23288c819aba484f045ba70c269a73eed464d83502e50828da646df53012dfa8ed1ccf4bc94773ca00f58e28297a722ac82e2b892c7aeecffd7acdca572b752163"}, 0xf0, 0x48001}, {&(0x7f00000012c0)={0x27, 0x0, 0x2, 0x3, 0x81, 0x80, "92f228f75f80a9f7c4e46bb48b74121e79bf13f5ead62bd349a432e7eb6425a7d6816197dfbb62dc9ac89abc156ab6214f21aa757765061eefeaa395831cf4", 0x33}, 0x60, &(0x7f0000001680)=[{&(0x7f0000001340)="9addcb0fb792857d8014d949f43a63e71c4056d988ef57cffcdd7c035d02ac802bb20ee026e927a040d9a7900450237933a00fedf8e5e8dc07155699eb3c74df0c7d449a9b8ac98f5cc2916018fc4d92ca", 0x51}, {&(0x7f00000013c0)="3429bec80b59c714eea555465dc006e3a18ab906efa016e6c03ee33ec86b", 0x1e}, {&(0x7f0000001400)="eade73eb7fb3a73b5b3c523581d3667d310b872eaaaa8bc18f33434b02c41abf1d757b53e2d630e2dd376afbc106a34e1130f6c4633503d94bbacf76db9c3f4ece093f0df448ceeddc8b6163cc4cd60ed7110997d434a91969e634933fda0e63c6bb4e65fdce9260f41ec9732e3990466c7ab67ba9b72006ba44930f33614b98d27eabfa0bac29f8e6d1c17e1744d3c8109adff0a902a85c88281d23b88a63dd23d6d69dc67793c0054dd7d3d74a5f93e66099389d1707dd08ac3e5c85a0a97494b8d5f86e5cac5f9e73d3ce46172a9fea86773107cc3ceb6e50c12434cd52634e45c4c077e1dfbcf9c84a8d5c62d7d309fc4964d99f9c12646f0f48", 0xfc}, {&(0x7f0000001880)="fdd5b3e79a17502cb398c84147871146ebf16b1a38c1187b03ee7fb5784dbbc5fe48f84a45d82144dc1e0ee1522925eca640b730c4a3e731d8ef04d1dde9966a7c831315feed3e9a71ce7ccdae1fc8b90f9997", 0x53}, {&(0x7f0000001580)="f43e5d160506d38e957b0197048bf767d2ae77e3c012a9b5a3e1fea24be59f03c32a149db54491be1293f99e421663987b78a02b5987a50200840de28bd33ffc4cdaf00aae20d4ea86d6c6f107f9609aa1c68dc73db49136d60323f118c1adc89ac137f2ec383bf87f20e0f57d40559b7ab2d078c5c2a913a7f0cb1e092f3bfe8c4b960234f7f0c242dc89861c1d830a2cd51809c0eb9ef04384e4e9ccc5d999c1d5191fe0e48be436eac72bd9f826e1ddfd9ebee49bc257befb3c2576f4c041a8547dd612fce257750a2cd3cd732f8e5a04b777cd8c32bd", 0xd8}], 0x5, &(0x7f0000001700)=ANY=[@ANYBLOB="f000000000000000160100007f0000002bd3485a166509c3898bb8d5d62e356191e4cc24f5358a03b614d3ffd8540d4438a9f4c5a3ed0d83d0667f309999683b88a6f412ad0c1f3236a1f2933eaa260c146ecf63fe741e9fc87534a6084b07b106986261a42994067a999c54c45bfae16242424e53172299c888cb3ab67c6c11ec21c094aed7fa9fce9544ba2f73fcd1f36b453acade3f7ebf7b5bfbb556bc60667489c58d5aacf9ea0dbc806c150cd5f50a5e3fc349c9043ae727b2885e4126e4a3295321a7bbc06a8c502c82db67f6b3bbd643cad127c5119600000000000000"], 0xf0, 0x20000000}], 0x2, 0x40001) write$FUSE_BMAP(r0, &(0x7f0000000000)={0x18, 0x2f, 0x0, {0x9}}, 0x18) pipe(&(0x7f0000001500)={0xffffffffffffffff, 0xffffffffffffffff}) write$FUSE_LSEEK(r1, &(0x7f0000001540)={0x18, 0x0, 0x0, {0x6}}, 0x18) 08:08:01 executing program 4: r0 = fsmount(0xffffffffffffffff, 0x0, 0x1) sendmmsg$nfc_llcp(0xffffffffffffffff, &(0x7f0000001800)=[{&(0x7f0000000040)={0x27, 0x0, 0x1, 0x4, 0x8, 0x2, "6fe69c7b708740615fa744d77b6373bb401543aaf3ee018b6f94b6db7210c568ec92918c7971b2d0582494f4db6047aebaa7fc1a9374514b50dce496a78784", 0x15}, 0x60, &(0x7f0000001180)=[{&(0x7f00000000c0)="e48ec3dd3324ed2e84e1eea24c94c7bba11a93f3ebafaf79383ab78d4b39bbe448498cd263b5a31cd3224699102bf1016bbac093bb2a1d44a60e84ea817d273f59850e4fc70a7a31e188930f4bce83da0f4b047d2109208d8094af9abc0721913d4a2287dc6b7292a56b528b633a34520ca582bf630c8d320c8852d8fa0e3afa7fc9fb5a24d80869603a2b0e99c6104ca27507010135a24a33c1ff6ced6ba36768614f125ecf6f51e863ad24d47bd7d4df4676f0c29da1d1e2c533ae171a0e2ec9d97f371ecb1c43c64388f04d606af49613f3dfab11df910bf73e5b7df87c92e5d45507c5e595135702471195acb7f442bcf88466d0c931df066809e1b6f69fa6e909976f86ac4be2feb09de2aa1180f80fec8cd294e7f990f31745504993b1f2a47ee90b35d5e16910ae668dd73f26dec6653d384930d0567b76c34a40877d123605675cb6c655098c22cf75ff25f3f2e00ab3b0458eef63c863813574f7dff9361aa9e11c3d67e6cb00226343ba8a473fe4f343db36fe4dcb8d3d905a14a0b1ef2ab1bb91593789fdaa4430c34706caebef1239ac97a23f88712678bceedbd51ce32e1fd3641ef23d1a1c575314322546b0370e2570c1509d122ee97d15caee15f024ccff8e15c7065a8996e9ef9f929a6c8c4bb03b394f3bdf72bb69b9e900ff835967dbd3f933ec4239bfa402e429ae42727c4e27c1bd6050260f9f3e238317013ef41ab16937c019af66bcbaf1571f8c797d0c011cd3225f0f4526818de46bcb2ca1153edbe7917f86da072406c2b80d6a7b9dc24f521be1078b21cc1a86257420e43464c444a7c6c69f2ed72e0597edfdd380529e359806c78a14f20982b5bd3ed79e7312d1516aaf16fd3098fa8d2a0558919576a29e584c5b1e2802d3d41147a9e6f70a2194649d69815c805b7282e6dcd9d5ff460de72cc25802a08cd83ab61db4dd782bd298bcf4fb96fe26d99904374061e4b3a1d7d62478e5517c48ce8da380b8152ca32876681ed0227071d554315a329a9e19de5498d1e36e698ef59064531a9c747b4a7838cbb55b5e0801848f092506ba33592fa5620b6b4679c1a042ec9f10246b8425a1e6741d6af907c4dc96ec932f6b6e30c975ea83cad756aa459a50c8605b13ad70af1a18a1d74b763e81a749d226edfc7e56990ada17bfd24f11b01a529a2d77b343160fd77fa9dbf0ae6543caacb1a87d96ce7e180e2e5c847fcb349de536e8719c95ea196e418fd2bf970406e897bbf8a9af223d7876363b2e72fe875005e5249a4407c839124991dab74e859757afdef0ff6fb660d9df9ca22fdf8c69dd5c2be74bf481968bebfbaba340418e54ce31ebdb8f3440837b2075a847afb4c43a1ade022c91603b1269d97f06e0b9e1b8d07cbe81129b2291e68a91bc98485d0e18e0d7ae5a58a02e3cfbf55924e5a1c23427a78b7742362157f3281743d54fb082b99430b2f6b1cfc6b2adf0ad37996ea3b7b163335b1ed4c36aacb3998af5041ab8157c1d3663a15b80d49f033fcdce1629991b182431b252117bdb36145faca0813bc3b81c8a3b2077d26e7aa2c03c17f1679926d8bd9ef6a1189d03e35b18643787269da488ac68859c9f57fdf57b0ff3297956e49ae3a5119b7f96856f71c31daf71db4ae3f1d3fe7dc51a69589007f1b4cb2c3d59f77ef59efbf54b5ef7deb61f0406a35ead5fee406477923067711df1cda93fd463896fbe7592ab3e6acb6184d51c5f46db0cb6eb4ae608001f5943e0d601a3a8e5f861e3a09a45574a3a2dfd1af49481fe6abb8ad8ca7f741f661a806386950ebee31a74202bbca295becb25cd6511466d62b8d8dcb91bab7329670b1179808454507ec8da93d5ad028c73d922d408b04f2ef6054acc77de8ed6fd277e0a13c7c8f4751c481a4db7069acc85f7231aa8c0bc7717360e8f43040fabec813d7abccc28c087f7daffc861238c0fd2932e9c9a34e23447097214258d4eba51fdf44fcd46b84efcfa6aaa662a2a0ccb51a15bd9644d5b6ea58381edc85d278a889a1c33028418cf5f48e00bd41d008c4ad6184aa5e43968a8a7f4db8dac3437133400e22c2b23de4aad7ba10307080a3bebcea7232174c45d2a6736147a83c14e939582097fb5739bebee24ba9e4aa90f13ed39bfb0af6938f2f4353b3a9cb47bce731ea19a9b1641a7dc9f07b20e01fa12800a69875bb5af808ad381995a5a0ee88d67e30a0088907e56c6512b949c72b592ed2ecf84a994748e7e7f4bf5ebbef79a96dac0b29d932a86f76eadac82d6ab4203c3eace412ebb10ec2e4257fd39593bffb3e58f5b0b5d40c6bea3dc9e78ee49837ed6b0352f746d6c18d5ef422db1026004e095ced1ff772edea2cbd8886195aa4e1b58523bc839c190c44525ef8254adeae02891820530226e0321e0a612d63daad5f393722085f7fd3bb6266408750eebbe823c4b04bf581214d2d1db9ce16968c8ca7adb3f288b952d815eeed6ce74b8bea00a4acc9c2b54c3eb5e0b328469808744d0dcf37cf5156f6977e6690a6b2f5daba5b597e9d2ec5a3fa258d97bd30de2fe12a9720e4ebdf880b840cf760a7a28fcee61edea5534056f77ba55c49a1dce55e690909db0093201963f1b9a8b4f12701feeebbec9ab7c66ea8040f6045264997d1d084aed11ee113317e56a251e380bfafed051ceb7540fbd0e80c79eb88bc14977b7d1692ec9b5561ffc429a0147b0440bdc76fadff2f8c44bdd0031570a2b6245b08d4d2c0621d6eb4f298a1f6b63739ff3ced48d15bb693f9743102502163621c60a3fcd5b845e5a63dffefe32cdcd923a81a9830c0d4a5401a2a9f020058baf60294ca7cd66d0c62b692822b7c5c5e585a553b5a1f8d30049b033c2132c468dcbba65887c4e73f9286587ed9956a418bcff501316fbb44efeb4b04f68c6544ca972777f209153d758bca7ff30c049bf24141156c503bca40f76992ceeed5a19c824fecfb8c6bd0a4fd8ce19d341f0d17eb5574e53db11a92c555a3bfe7ba811e221f9034830e1b8f45f979eed7adb24faa851a020f00c4698f0d3ad79edba7a89a3d26712ae1ea59ce8aaa8b81451c7cd7d2294c266270bb2ea716986f044b89a5af545d5deb7bbe574daf20aa8be8dcca7fbfbd888f8822d52ed75eead912fafe0fc16e512f5c27b97f6f5b45e2194618cc8e3aaf9fc4da4e65dd5af68fc4200a69a7f734f3bfb5762a78a86efd78b268e07ef72a5ee325cd5b8437a09018d1e463517fbc6e75654f79a13eaa5af4bbded2968a95df486cf66105ce12cc8c49eb4fc8cca3c60bdc30ca06ed2a512580b02858b52f26defb9c12470c9ab9b89e8b0a93fd724f19372842f58cdf83727b5f478c2bb17d2f08fb958555da31ee44d74cbc7b8cbc17bb49884b8e7a33040fbb50d5442eb88ba33c76c799dff234d3249654a20d931dbbca26bfca9684ea765dfd7d7d78a697469360679fd9ea4e2657e86549658a642a63e3983daa5de3077630672abbf5ef7b1eac63f8b87c6c6d7b9b9ea0c0ca0ddec53712580e8ab62807e975126a221768a194f82b7fed5d865caba92980019f98f3ee8a585f373d9b8fa868d77379b19fb89b9b2b5e935881873bb0d1049913e5be6f523a7eda9f45bf3d44bd364067f99651c9d2921c67655fdbb84ed08b75865ce65432aaebf03464738099a1491625f6dfdc0745d54728258aa53f222b89859e1e3db368f90212e3c664b37ab243b43a6464285138602e21a7cf5102f10fb5516a7f2ab02bbdae39e87e2c26c19bf2f65e8ec7e3cf0d9b272342ee696c3e176dbc69d3ae7bf4861449f2b4ddc7d415256ce5ae9048117cc63af909e9595b84c374fd9bbee6f2398bdccda30a802d297007a37fe83b7c15171674ea28c7752564989b3ba66abc06e2959d9db195238cec000ea123b63340553e6aaff4547bd5e35c2079708c5a355885f7df8bf0ccbe301a86f95caac0e34ae405c6b2ef3818dd67bc45a7476012f146e949608cbbe90495ce3d1391c59d45809b95ec9278116905bd1fb4ab527031ee0667eea555c3fc3a314ab26f0bfaae1c7ab59d60fe9c407f783b04be87a018a471cf8e155146e12245ee4371caf68645461111e017832ddb931e8355f44f00b83265205b5e0626673881e74c65a8fe02b511e2329dccccfd3ba919195fcdc38fe862054857ca29b4c9049d570a8f90a83774f3f70f0c682af9b53202b360b44256aa771852472a58dad7cd9d2bd97648485a5f124b66b1cb861db2ec3b2765fc5aa3a2b47ab1ac3c327b3ddb3de09d4737ab20df50fdb39bcaa5261e3c813dd2bbd3468b9b1f364afc0a53bea2a21dcddf6d69e02b2091d84821574fa24713b20ec1bca26a56c5416064b203b4ebbe8ff7ba036e6b711026eddcc7c9b9dd76ca92f5c803fb19a651312cfd0231af2beb1796797e3e59a276829081f00a9ba316e3fe3f5f00b727eb9ad6ce5d301edbc985766891fb1fb6336cb4c8e2c78a33cb028c6179e9ade4f7ae352aeabb441ac8f712e095d1bafc7a99d37de770da2c7eac565b0858949c9904818e5031755868bf0a9d9eddf5d8677821fdaf69fe45f55ba22737ab3960dc535afd9230d51883a3699b86dda3a199738af38b4b65c1e4646f1beb1531c5308369ecc087624ab8dac40fd0cbe86e160fd0e72261422a8ffc1572f4f4765a994a5aed379af2bc26dc952c92105e9433e6aae155e83e7eeb60d9fd8719ab283558206cc354b95d989c378931d7deef607d06df7e1a97715c2db94f36fb47711ec81182fb1a0f0bd16a975a43d9de75c6caa1a947479a3513ba9397362c7e64397fef3b42d3457fa8dd96ed7767ee1ed431422e3e603155c512e603148b0fa5847070468e701d1acf60ef1ed99b42a3920762e07d6aed322120d5b84659cdf53db55c4289d22ee6972439c74994a91414c4094006005a29ca384d2feed5bf181e45cb93c8a5f0338c167d923ecad91503ead6a0e1e1419d4ae8c3b4f98cf41aea1b6ad769244968770646a1b9b7d23f00d9ac733c9e4ae2231ae00c679af59d271aad27e1a1f1fa61f4e00c72016c91545e7c6da0a84f4512c143bd7ed93ab76f0ba4481d3f6e76b735bfec38fdcb66ae531b1c97facab5b83c4eec03f3740b21dbaad20d5ea7eeb8f74e989024aee34bb3fe2fcf7c47d1b7a4b122e553102961c12e505bf9655804811483b256ce46ac6ac72edd89f6f78e6a9a3947ce2d2f8f48f355d31a1ec15d8f16546e85ab2683513839f06be6d7adc528e309f33193e4cef475122c86c849c79a53f6900c4487ce374c4d158535ca856388c7f0bc84aefb92568024ec23af4090ef1afe9bf274d31eae6b42d9bb461877f77becafd0c33905b15c360c0a846dd96996a4896ea4cd9942583340b814dd515efa5e446b438257fcb4b1e6a3a13db87eda5d735d0559184c91dff7f756142c27b7ab6238f4af4c1e9e85b0d2e88c5cda9b228ad42aea0f3f9382f152db2651ab016ab30bea183fdb93fa4573807c4c1fb7ec519a1af2c2dd435f8937dace7a438d168f482d96a135cac2387ebe5cd1434343e754101cb274488a6840b8de7eabad5d8f039edcc79a8396e78f93b5f3dc1116bd8dac861861606a8b7aef06ce4d4fa606b9fe94e433440f67b842451f7ccce869085e86684bbcac51aa82ed5ed070650435c467098a2f92953e135162daf0a61f90b5e119d0c6b18aa1369543a56a2aa41072e529ad1e785da92c35274182ce9041d82619831c49682d3b6a162fc354a9b724010013247719e7ec4e94aae39", 0x1000}, {&(0x7f00000010c0)="f4cc26e0d1edbb0dbee5d9754997591a2c0ecd0e28213840dc3b65ae290c06613cb503dffd0130bcbbc3156578f3d74ff85c16863dceb785921d81b52d3a9b3e5869b7c79eeec789e6078a3baad7988a4b81ab47f4559fb3ccadaec44e9b7d396a9f441ee0a075b40021a502c8dfb466fc454dfb3b7012f7678caa7a978c42d56b9e96f854e4c9fcbd29207cf8521df69476", 0x92}], 0x2, &(0x7f00000011c0)={0xf0, 0x119, 0xdaa, "cc4a3bf9be12f6cf37804cfed11dad98ce6c43511f4662ba77111273ebba0908b95d714269a13a8bd9abaa91dc59ed9b946eceae572d8205ce9a23b05412771ab2f1a08f5400b6e55183144c4527500dc9b3bafa301b1e4d5be0ccfcfa921856b4d5d28a9bcd46d4fd75cab90281154c1a34282e9327af16ccd7895e08bfa64b16f4813bc4d699c75cb3237826183af197cbc63fbeaa7699515d7fae0fde23288c819aba484f045ba70c269a73eed464d83502e50828da646df53012dfa8ed1ccf4bc94773ca00f58e28297a722ac82e2b892c7aeecffd7acdca572b752163"}, 0xf0, 0x48001}, {&(0x7f00000012c0)={0x27, 0x0, 0x2, 0x3, 0x81, 0x80, "92f228f75f80a9f7c4e46bb48b74121e79bf13f5ead62bd349a432e7eb6425a7d6816197dfbb62dc9ac89abc156ab6214f21aa757765061eefeaa395831cf4", 0x33}, 0x60, &(0x7f0000001680)=[{&(0x7f0000001340)="9addcb0fb792857d8014d949f43a63e71c4056d988ef57cffcdd7c035d02ac802bb20ee026e927a040d9a7900450237933a00fedf8e5e8dc07155699eb3c74df0c7d449a9b8ac98f5cc2916018fc4d92ca", 0x51}, {&(0x7f00000013c0)="3429bec80b59c714eea555465dc006e3a18ab906efa016e6c03ee33ec86b", 0x1e}, {&(0x7f0000001400)="eade73eb7fb3a73b5b3c523581d3667d310b872eaaaa8bc18f33434b02c41abf1d757b53e2d630e2dd376afbc106a34e1130f6c4633503d94bbacf76db9c3f4ece093f0df448ceeddc8b6163cc4cd60ed7110997d434a91969e634933fda0e63c6bb4e65fdce9260f41ec9732e3990466c7ab67ba9b72006ba44930f33614b98d27eabfa0bac29f8e6d1c17e1744d3c8109adff0a902a85c88281d23b88a63dd23d6d69dc67793c0054dd7d3d74a5f93e66099389d1707dd08ac3e5c85a0a97494b8d5f86e5cac5f9e73d3ce46172a9fea86773107cc3ceb6e50c12434cd52634e45c4c077e1dfbcf9c84a8d5c62d7d309fc4964d99f9c12646f0f48", 0xfc}, {&(0x7f0000001880)="fdd5b3e79a17502cb398c84147871146ebf16b1a38c1187b03ee7fb5784dbbc5fe48f84a45d82144dc1e0ee1522925eca640b730c4a3e731d8ef04d1dde9966a7c831315feed3e9a71ce7ccdae1fc8b90f9997", 0x53}, {&(0x7f0000001580)="f43e5d160506d38e957b0197048bf767d2ae77e3c012a9b5a3e1fea24be59f03c32a149db54491be1293f99e421663987b78a02b5987a50200840de28bd33ffc4cdaf00aae20d4ea86d6c6f107f9609aa1c68dc73db49136d60323f118c1adc89ac137f2ec383bf87f20e0f57d40559b7ab2d078c5c2a913a7f0cb1e092f3bfe8c4b960234f7f0c242dc89861c1d830a2cd51809c0eb9ef04384e4e9ccc5d999c1d5191fe0e48be436eac72bd9f826e1ddfd9ebee49bc257befb3c2576f4c041a8547dd612fce257750a2cd3cd732f8e5a04b777cd8c32bd", 0xd8}], 0x5, &(0x7f0000001700)=ANY=[@ANYBLOB="f000000000000000160100007f0000002bd3485a166509c3898bb8d5d62e356191e4cc24f5358a03b614d3ffd8540d4438a9f4c5a3ed0d83d0667f309999683b88a6f412ad0c1f3236a1f2933eaa260c146ecf63fe741e9fc87534a6084b07b106986261a42994067a999c54c45bfae16242424e53172299c888cb3ab67c6c11ec21c094aed7fa9fce9544ba2f73fcd1f36b453acade3f7ebf7b5bfbb556bc60667489c58d5aacf9ea0dbc806c150cd5f50a5e3fc349c9043ae727b2885e4126e4a3295321a7bbc06a8c502c82db67f6b3bbd643cad127c5119600000000000000"], 0xf0, 0x20000000}], 0x2, 0x40001) (async) write$FUSE_BMAP(r0, &(0x7f0000000000)={0x18, 0x2f, 0x0, {0x9}}, 0x18) pipe(&(0x7f0000001500)={0xffffffffffffffff, 0xffffffffffffffff}) write$FUSE_LSEEK(r1, &(0x7f0000001540)={0x18, 0x0, 0x0, {0x6}}, 0x18) 08:08:01 executing program 4: r0 = fsmount(0xffffffffffffffff, 0x0, 0x1) sendmmsg$nfc_llcp(0xffffffffffffffff, &(0x7f0000001800)=[{&(0x7f0000000040)={0x27, 0x0, 0x1, 0x4, 0x8, 0x2, "6fe69c7b708740615fa744d77b6373bb401543aaf3ee018b6f94b6db7210c568ec92918c7971b2d0582494f4db6047aebaa7fc1a9374514b50dce496a78784", 0x15}, 0x60, &(0x7f0000001180)=[{&(0x7f00000000c0)="e48ec3dd3324ed2e84e1eea24c94c7bba11a93f3ebafaf79383ab78d4b39bbe448498cd263b5a31cd3224699102bf1016bbac093bb2a1d44a60e84ea817d273f59850e4fc70a7a31e188930f4bce83da0f4b047d2109208d8094af9abc0721913d4a2287dc6b7292a56b528b633a34520ca582bf630c8d320c8852d8fa0e3afa7fc9fb5a24d80869603a2b0e99c6104ca27507010135a24a33c1ff6ced6ba36768614f125ecf6f51e863ad24d47bd7d4df4676f0c29da1d1e2c533ae171a0e2ec9d97f371ecb1c43c64388f04d606af49613f3dfab11df910bf73e5b7df87c92e5d45507c5e595135702471195acb7f442bcf88466d0c931df066809e1b6f69fa6e909976f86ac4be2feb09de2aa1180f80fec8cd294e7f990f31745504993b1f2a47ee90b35d5e16910ae668dd73f26dec6653d384930d0567b76c34a40877d123605675cb6c655098c22cf75ff25f3f2e00ab3b0458eef63c863813574f7dff9361aa9e11c3d67e6cb00226343ba8a473fe4f343db36fe4dcb8d3d905a14a0b1ef2ab1bb91593789fdaa4430c34706caebef1239ac97a23f88712678bceedbd51ce32e1fd3641ef23d1a1c575314322546b0370e2570c1509d122ee97d15caee15f024ccff8e15c7065a8996e9ef9f929a6c8c4bb03b394f3bdf72bb69b9e900ff835967dbd3f933ec4239bfa402e429ae42727c4e27c1bd6050260f9f3e238317013ef41ab16937c019af66bcbaf1571f8c797d0c011cd3225f0f4526818de46bcb2ca1153edbe7917f86da072406c2b80d6a7b9dc24f521be1078b21cc1a86257420e43464c444a7c6c69f2ed72e0597edfdd380529e359806c78a14f20982b5bd3ed79e7312d1516aaf16fd3098fa8d2a0558919576a29e584c5b1e2802d3d41147a9e6f70a2194649d69815c805b7282e6dcd9d5ff460de72cc25802a08cd83ab61db4dd782bd298bcf4fb96fe26d99904374061e4b3a1d7d62478e5517c48ce8da380b8152ca32876681ed0227071d554315a329a9e19de5498d1e36e698ef59064531a9c747b4a7838cbb55b5e0801848f092506ba33592fa5620b6b4679c1a042ec9f10246b8425a1e6741d6af907c4dc96ec932f6b6e30c975ea83cad756aa459a50c8605b13ad70af1a18a1d74b763e81a749d226edfc7e56990ada17bfd24f11b01a529a2d77b343160fd77fa9dbf0ae6543caacb1a87d96ce7e180e2e5c847fcb349de536e8719c95ea196e418fd2bf970406e897bbf8a9af223d7876363b2e72fe875005e5249a4407c839124991dab74e859757afdef0ff6fb660d9df9ca22fdf8c69dd5c2be74bf481968bebfbaba340418e54ce31ebdb8f3440837b2075a847afb4c43a1ade022c91603b1269d97f06e0b9e1b8d07cbe81129b2291e68a91bc98485d0e18e0d7ae5a58a02e3cfbf55924e5a1c23427a78b7742362157f3281743d54fb082b99430b2f6b1cfc6b2adf0ad37996ea3b7b163335b1ed4c36aacb3998af5041ab8157c1d3663a15b80d49f033fcdce1629991b182431b252117bdb36145faca0813bc3b81c8a3b2077d26e7aa2c03c17f1679926d8bd9ef6a1189d03e35b18643787269da488ac68859c9f57fdf57b0ff3297956e49ae3a5119b7f96856f71c31daf71db4ae3f1d3fe7dc51a69589007f1b4cb2c3d59f77ef59efbf54b5ef7deb61f0406a35ead5fee406477923067711df1cda93fd463896fbe7592ab3e6acb6184d51c5f46db0cb6eb4ae608001f5943e0d601a3a8e5f861e3a09a45574a3a2dfd1af49481fe6abb8ad8ca7f741f661a806386950ebee31a74202bbca295becb25cd6511466d62b8d8dcb91bab7329670b1179808454507ec8da93d5ad028c73d922d408b04f2ef6054acc77de8ed6fd277e0a13c7c8f4751c481a4db7069acc85f7231aa8c0bc7717360e8f43040fabec813d7abccc28c087f7daffc861238c0fd2932e9c9a34e23447097214258d4eba51fdf44fcd46b84efcfa6aaa662a2a0ccb51a15bd9644d5b6ea58381edc85d278a889a1c33028418cf5f48e00bd41d008c4ad6184aa5e43968a8a7f4db8dac3437133400e22c2b23de4aad7ba10307080a3bebcea7232174c45d2a6736147a83c14e939582097fb5739bebee24ba9e4aa90f13ed39bfb0af6938f2f4353b3a9cb47bce731ea19a9b1641a7dc9f07b20e01fa12800a69875bb5af808ad381995a5a0ee88d67e30a0088907e56c6512b949c72b592ed2ecf84a994748e7e7f4bf5ebbef79a96dac0b29d932a86f76eadac82d6ab4203c3eace412ebb10ec2e4257fd39593bffb3e58f5b0b5d40c6bea3dc9e78ee49837ed6b0352f746d6c18d5ef422db1026004e095ced1ff772edea2cbd8886195aa4e1b58523bc839c190c44525ef8254adeae02891820530226e0321e0a612d63daad5f393722085f7fd3bb6266408750eebbe823c4b04bf581214d2d1db9ce16968c8ca7adb3f288b952d815eeed6ce74b8bea00a4acc9c2b54c3eb5e0b328469808744d0dcf37cf5156f6977e6690a6b2f5daba5b597e9d2ec5a3fa258d97bd30de2fe12a9720e4ebdf880b840cf760a7a28fcee61edea5534056f77ba55c49a1dce55e690909db0093201963f1b9a8b4f12701feeebbec9ab7c66ea8040f6045264997d1d084aed11ee113317e56a251e380bfafed051ceb7540fbd0e80c79eb88bc14977b7d1692ec9b5561ffc429a0147b0440bdc76fadff2f8c44bdd0031570a2b6245b08d4d2c0621d6eb4f298a1f6b63739ff3ced48d15bb693f9743102502163621c60a3fcd5b845e5a63dffefe32cdcd923a81a9830c0d4a5401a2a9f020058baf60294ca7cd66d0c62b692822b7c5c5e585a553b5a1f8d30049b033c2132c468dcbba65887c4e73f9286587ed9956a418bcff501316fbb44efeb4b04f68c6544ca972777f209153d758bca7ff30c049bf24141156c503bca40f76992ceeed5a19c824fecfb8c6bd0a4fd8ce19d341f0d17eb5574e53db11a92c555a3bfe7ba811e221f9034830e1b8f45f979eed7adb24faa851a020f00c4698f0d3ad79edba7a89a3d26712ae1ea59ce8aaa8b81451c7cd7d2294c266270bb2ea716986f044b89a5af545d5deb7bbe574daf20aa8be8dcca7fbfbd888f8822d52ed75eead912fafe0fc16e512f5c27b97f6f5b45e2194618cc8e3aaf9fc4da4e65dd5af68fc4200a69a7f734f3bfb5762a78a86efd78b268e07ef72a5ee325cd5b8437a09018d1e463517fbc6e75654f79a13eaa5af4bbded2968a95df486cf66105ce12cc8c49eb4fc8cca3c60bdc30ca06ed2a512580b02858b52f26defb9c12470c9ab9b89e8b0a93fd724f19372842f58cdf83727b5f478c2bb17d2f08fb958555da31ee44d74cbc7b8cbc17bb49884b8e7a33040fbb50d5442eb88ba33c76c799dff234d3249654a20d931dbbca26bfca9684ea765dfd7d7d78a697469360679fd9ea4e2657e86549658a642a63e3983daa5de3077630672abbf5ef7b1eac63f8b87c6c6d7b9b9ea0c0ca0ddec53712580e8ab62807e975126a221768a194f82b7fed5d865caba92980019f98f3ee8a585f373d9b8fa868d77379b19fb89b9b2b5e935881873bb0d1049913e5be6f523a7eda9f45bf3d44bd364067f99651c9d2921c67655fdbb84ed08b75865ce65432aaebf03464738099a1491625f6dfdc0745d54728258aa53f222b89859e1e3db368f90212e3c664b37ab243b43a6464285138602e21a7cf5102f10fb5516a7f2ab02bbdae39e87e2c26c19bf2f65e8ec7e3cf0d9b272342ee696c3e176dbc69d3ae7bf4861449f2b4ddc7d415256ce5ae9048117cc63af909e9595b84c374fd9bbee6f2398bdccda30a802d297007a37fe83b7c15171674ea28c7752564989b3ba66abc06e2959d9db195238cec000ea123b63340553e6aaff4547bd5e35c2079708c5a355885f7df8bf0ccbe301a86f95caac0e34ae405c6b2ef3818dd67bc45a7476012f146e949608cbbe90495ce3d1391c59d45809b95ec9278116905bd1fb4ab527031ee0667eea555c3fc3a314ab26f0bfaae1c7ab59d60fe9c407f783b04be87a018a471cf8e155146e12245ee4371caf68645461111e017832ddb931e8355f44f00b83265205b5e0626673881e74c65a8fe02b511e2329dccccfd3ba919195fcdc38fe862054857ca29b4c9049d570a8f90a83774f3f70f0c682af9b53202b360b44256aa771852472a58dad7cd9d2bd97648485a5f124b66b1cb861db2ec3b2765fc5aa3a2b47ab1ac3c327b3ddb3de09d4737ab20df50fdb39bcaa5261e3c813dd2bbd3468b9b1f364afc0a53bea2a21dcddf6d69e02b2091d84821574fa24713b20ec1bca26a56c5416064b203b4ebbe8ff7ba036e6b711026eddcc7c9b9dd76ca92f5c803fb19a651312cfd0231af2beb1796797e3e59a276829081f00a9ba316e3fe3f5f00b727eb9ad6ce5d301edbc985766891fb1fb6336cb4c8e2c78a33cb028c6179e9ade4f7ae352aeabb441ac8f712e095d1bafc7a99d37de770da2c7eac565b0858949c9904818e5031755868bf0a9d9eddf5d8677821fdaf69fe45f55ba22737ab3960dc535afd9230d51883a3699b86dda3a199738af38b4b65c1e4646f1beb1531c5308369ecc087624ab8dac40fd0cbe86e160fd0e72261422a8ffc1572f4f4765a994a5aed379af2bc26dc952c92105e9433e6aae155e83e7eeb60d9fd8719ab283558206cc354b95d989c378931d7deef607d06df7e1a97715c2db94f36fb47711ec81182fb1a0f0bd16a975a43d9de75c6caa1a947479a3513ba9397362c7e64397fef3b42d3457fa8dd96ed7767ee1ed431422e3e603155c512e603148b0fa5847070468e701d1acf60ef1ed99b42a3920762e07d6aed322120d5b84659cdf53db55c4289d22ee6972439c74994a91414c4094006005a29ca384d2feed5bf181e45cb93c8a5f0338c167d923ecad91503ead6a0e1e1419d4ae8c3b4f98cf41aea1b6ad769244968770646a1b9b7d23f00d9ac733c9e4ae2231ae00c679af59d271aad27e1a1f1fa61f4e00c72016c91545e7c6da0a84f4512c143bd7ed93ab76f0ba4481d3f6e76b735bfec38fdcb66ae531b1c97facab5b83c4eec03f3740b21dbaad20d5ea7eeb8f74e989024aee34bb3fe2fcf7c47d1b7a4b122e553102961c12e505bf9655804811483b256ce46ac6ac72edd89f6f78e6a9a3947ce2d2f8f48f355d31a1ec15d8f16546e85ab2683513839f06be6d7adc528e309f33193e4cef475122c86c849c79a53f6900c4487ce374c4d158535ca856388c7f0bc84aefb92568024ec23af4090ef1afe9bf274d31eae6b42d9bb461877f77becafd0c33905b15c360c0a846dd96996a4896ea4cd9942583340b814dd515efa5e446b438257fcb4b1e6a3a13db87eda5d735d0559184c91dff7f756142c27b7ab6238f4af4c1e9e85b0d2e88c5cda9b228ad42aea0f3f9382f152db2651ab016ab30bea183fdb93fa4573807c4c1fb7ec519a1af2c2dd435f8937dace7a438d168f482d96a135cac2387ebe5cd1434343e754101cb274488a6840b8de7eabad5d8f039edcc79a8396e78f93b5f3dc1116bd8dac861861606a8b7aef06ce4d4fa606b9fe94e433440f67b842451f7ccce869085e86684bbcac51aa82ed5ed070650435c467098a2f92953e135162daf0a61f90b5e119d0c6b18aa1369543a56a2aa41072e529ad1e785da92c35274182ce9041d82619831c49682d3b6a162fc354a9b724010013247719e7ec4e94aae39", 0x1000}, {&(0x7f00000010c0)="f4cc26e0d1edbb0dbee5d9754997591a2c0ecd0e28213840dc3b65ae290c06613cb503dffd0130bcbbc3156578f3d74ff85c16863dceb785921d81b52d3a9b3e5869b7c79eeec789e6078a3baad7988a4b81ab47f4559fb3ccadaec44e9b7d396a9f441ee0a075b40021a502c8dfb466fc454dfb3b7012f7678caa7a978c42d56b9e96f854e4c9fcbd29207cf8521df69476", 0x92}], 0x2, &(0x7f00000011c0)={0xf0, 0x119, 0xdaa, "cc4a3bf9be12f6cf37804cfed11dad98ce6c43511f4662ba77111273ebba0908b95d714269a13a8bd9abaa91dc59ed9b946eceae572d8205ce9a23b05412771ab2f1a08f5400b6e55183144c4527500dc9b3bafa301b1e4d5be0ccfcfa921856b4d5d28a9bcd46d4fd75cab90281154c1a34282e9327af16ccd7895e08bfa64b16f4813bc4d699c75cb3237826183af197cbc63fbeaa7699515d7fae0fde23288c819aba484f045ba70c269a73eed464d83502e50828da646df53012dfa8ed1ccf4bc94773ca00f58e28297a722ac82e2b892c7aeecffd7acdca572b752163"}, 0xf0, 0x48001}, {&(0x7f00000012c0)={0x27, 0x0, 0x2, 0x3, 0x81, 0x80, "92f228f75f80a9f7c4e46bb48b74121e79bf13f5ead62bd349a432e7eb6425a7d6816197dfbb62dc9ac89abc156ab6214f21aa757765061eefeaa395831cf4", 0x33}, 0x60, &(0x7f0000001680)=[{&(0x7f0000001340)="9addcb0fb792857d8014d949f43a63e71c4056d988ef57cffcdd7c035d02ac802bb20ee026e927a040d9a7900450237933a00fedf8e5e8dc07155699eb3c74df0c7d449a9b8ac98f5cc2916018fc4d92ca", 0x51}, {&(0x7f00000013c0)="3429bec80b59c714eea555465dc006e3a18ab906efa016e6c03ee33ec86b", 0x1e}, {&(0x7f0000001400)="eade73eb7fb3a73b5b3c523581d3667d310b872eaaaa8bc18f33434b02c41abf1d757b53e2d630e2dd376afbc106a34e1130f6c4633503d94bbacf76db9c3f4ece093f0df448ceeddc8b6163cc4cd60ed7110997d434a91969e634933fda0e63c6bb4e65fdce9260f41ec9732e3990466c7ab67ba9b72006ba44930f33614b98d27eabfa0bac29f8e6d1c17e1744d3c8109adff0a902a85c88281d23b88a63dd23d6d69dc67793c0054dd7d3d74a5f93e66099389d1707dd08ac3e5c85a0a97494b8d5f86e5cac5f9e73d3ce46172a9fea86773107cc3ceb6e50c12434cd52634e45c4c077e1dfbcf9c84a8d5c62d7d309fc4964d99f9c12646f0f48", 0xfc}, {&(0x7f0000001880)="fdd5b3e79a17502cb398c84147871146ebf16b1a38c1187b03ee7fb5784dbbc5fe48f84a45d82144dc1e0ee1522925eca640b730c4a3e731d8ef04d1dde9966a7c831315feed3e9a71ce7ccdae1fc8b90f9997", 0x53}, {&(0x7f0000001580)="f43e5d160506d38e957b0197048bf767d2ae77e3c012a9b5a3e1fea24be59f03c32a149db54491be1293f99e421663987b78a02b5987a50200840de28bd33ffc4cdaf00aae20d4ea86d6c6f107f9609aa1c68dc73db49136d60323f118c1adc89ac137f2ec383bf87f20e0f57d40559b7ab2d078c5c2a913a7f0cb1e092f3bfe8c4b960234f7f0c242dc89861c1d830a2cd51809c0eb9ef04384e4e9ccc5d999c1d5191fe0e48be436eac72bd9f826e1ddfd9ebee49bc257befb3c2576f4c041a8547dd612fce257750a2cd3cd732f8e5a04b777cd8c32bd", 0xd8}], 0x5, &(0x7f0000001700)=ANY=[@ANYBLOB="f000000000000000160100007f0000002bd3485a166509c3898bb8d5d62e356191e4cc24f5358a03b614d3ffd8540d4438a9f4c5a3ed0d83d0667f309999683b88a6f412ad0c1f3236a1f2933eaa260c146ecf63fe741e9fc87534a6084b07b106986261a42994067a999c54c45bfae16242424e53172299c888cb3ab67c6c11ec21c094aed7fa9fce9544ba2f73fcd1f36b453acade3f7ebf7b5bfbb556bc60667489c58d5aacf9ea0dbc806c150cd5f50a5e3fc349c9043ae727b2885e4126e4a3295321a7bbc06a8c502c82db67f6b3bbd643cad127c5119600000000000000"], 0xf0, 0x20000000}], 0x2, 0x40001) write$FUSE_BMAP(r0, &(0x7f0000000000)={0x18, 0x2f, 0x0, {0x9}}, 0x18) pipe(&(0x7f0000001500)={0xffffffffffffffff, 0xffffffffffffffff}) write$FUSE_LSEEK(r1, &(0x7f0000001540)={0x18, 0x0, 0x0, {0x6}}, 0x18) fsmount(0xffffffffffffffff, 0x0, 0x1) (async) sendmmsg$nfc_llcp(0xffffffffffffffff, &(0x7f0000001800)=[{&(0x7f0000000040)={0x27, 0x0, 0x1, 0x4, 0x8, 0x2, "6fe69c7b708740615fa744d77b6373bb401543aaf3ee018b6f94b6db7210c568ec92918c7971b2d0582494f4db6047aebaa7fc1a9374514b50dce496a78784", 0x15}, 0x60, &(0x7f0000001180)=[{&(0x7f00000000c0)="e48ec3dd3324ed2e84e1eea24c94c7bba11a93f3ebafaf79383ab78d4b39bbe448498cd263b5a31cd3224699102bf1016bbac093bb2a1d44a60e84ea817d273f59850e4fc70a7a31e188930f4bce83da0f4b047d2109208d8094af9abc0721913d4a2287dc6b7292a56b528b633a34520ca582bf630c8d320c8852d8fa0e3afa7fc9fb5a24d80869603a2b0e99c6104ca27507010135a24a33c1ff6ced6ba36768614f125ecf6f51e863ad24d47bd7d4df4676f0c29da1d1e2c533ae171a0e2ec9d97f371ecb1c43c64388f04d606af49613f3dfab11df910bf73e5b7df87c92e5d45507c5e595135702471195acb7f442bcf88466d0c931df066809e1b6f69fa6e909976f86ac4be2feb09de2aa1180f80fec8cd294e7f990f31745504993b1f2a47ee90b35d5e16910ae668dd73f26dec6653d384930d0567b76c34a40877d123605675cb6c655098c22cf75ff25f3f2e00ab3b0458eef63c863813574f7dff9361aa9e11c3d67e6cb00226343ba8a473fe4f343db36fe4dcb8d3d905a14a0b1ef2ab1bb91593789fdaa4430c34706caebef1239ac97a23f88712678bceedbd51ce32e1fd3641ef23d1a1c575314322546b0370e2570c1509d122ee97d15caee15f024ccff8e15c7065a8996e9ef9f929a6c8c4bb03b394f3bdf72bb69b9e900ff835967dbd3f933ec4239bfa402e429ae42727c4e27c1bd6050260f9f3e238317013ef41ab16937c019af66bcbaf1571f8c797d0c011cd3225f0f4526818de46bcb2ca1153edbe7917f86da072406c2b80d6a7b9dc24f521be1078b21cc1a86257420e43464c444a7c6c69f2ed72e0597edfdd380529e359806c78a14f20982b5bd3ed79e7312d1516aaf16fd3098fa8d2a0558919576a29e584c5b1e2802d3d41147a9e6f70a2194649d69815c805b7282e6dcd9d5ff460de72cc25802a08cd83ab61db4dd782bd298bcf4fb96fe26d99904374061e4b3a1d7d62478e5517c48ce8da380b8152ca32876681ed0227071d554315a329a9e19de5498d1e36e698ef59064531a9c747b4a7838cbb55b5e0801848f092506ba33592fa5620b6b4679c1a042ec9f10246b8425a1e6741d6af907c4dc96ec932f6b6e30c975ea83cad756aa459a50c8605b13ad70af1a18a1d74b763e81a749d226edfc7e56990ada17bfd24f11b01a529a2d77b343160fd77fa9dbf0ae6543caacb1a87d96ce7e180e2e5c847fcb349de536e8719c95ea196e418fd2bf970406e897bbf8a9af223d7876363b2e72fe875005e5249a4407c839124991dab74e859757afdef0ff6fb660d9df9ca22fdf8c69dd5c2be74bf481968bebfbaba340418e54ce31ebdb8f3440837b2075a847afb4c43a1ade022c91603b1269d97f06e0b9e1b8d07cbe81129b2291e68a91bc98485d0e18e0d7ae5a58a02e3cfbf55924e5a1c23427a78b7742362157f3281743d54fb082b99430b2f6b1cfc6b2adf0ad37996ea3b7b163335b1ed4c36aacb3998af5041ab8157c1d3663a15b80d49f033fcdce1629991b182431b252117bdb36145faca0813bc3b81c8a3b2077d26e7aa2c03c17f1679926d8bd9ef6a1189d03e35b18643787269da488ac68859c9f57fdf57b0ff3297956e49ae3a5119b7f96856f71c31daf71db4ae3f1d3fe7dc51a69589007f1b4cb2c3d59f77ef59efbf54b5ef7deb61f0406a35ead5fee406477923067711df1cda93fd463896fbe7592ab3e6acb6184d51c5f46db0cb6eb4ae608001f5943e0d601a3a8e5f861e3a09a45574a3a2dfd1af49481fe6abb8ad8ca7f741f661a806386950ebee31a74202bbca295becb25cd6511466d62b8d8dcb91bab7329670b1179808454507ec8da93d5ad028c73d922d408b04f2ef6054acc77de8ed6fd277e0a13c7c8f4751c481a4db7069acc85f7231aa8c0bc7717360e8f43040fabec813d7abccc28c087f7daffc861238c0fd2932e9c9a34e23447097214258d4eba51fdf44fcd46b84efcfa6aaa662a2a0ccb51a15bd9644d5b6ea58381edc85d278a889a1c33028418cf5f48e00bd41d008c4ad6184aa5e43968a8a7f4db8dac3437133400e22c2b23de4aad7ba10307080a3bebcea7232174c45d2a6736147a83c14e939582097fb5739bebee24ba9e4aa90f13ed39bfb0af6938f2f4353b3a9cb47bce731ea19a9b1641a7dc9f07b20e01fa12800a69875bb5af808ad381995a5a0ee88d67e30a0088907e56c6512b949c72b592ed2ecf84a994748e7e7f4bf5ebbef79a96dac0b29d932a86f76eadac82d6ab4203c3eace412ebb10ec2e4257fd39593bffb3e58f5b0b5d40c6bea3dc9e78ee49837ed6b0352f746d6c18d5ef422db1026004e095ced1ff772edea2cbd8886195aa4e1b58523bc839c190c44525ef8254adeae02891820530226e0321e0a612d63daad5f393722085f7fd3bb6266408750eebbe823c4b04bf581214d2d1db9ce16968c8ca7adb3f288b952d815eeed6ce74b8bea00a4acc9c2b54c3eb5e0b328469808744d0dcf37cf5156f6977e6690a6b2f5daba5b597e9d2ec5a3fa258d97bd30de2fe12a9720e4ebdf880b840cf760a7a28fcee61edea5534056f77ba55c49a1dce55e690909db0093201963f1b9a8b4f12701feeebbec9ab7c66ea8040f6045264997d1d084aed11ee113317e56a251e380bfafed051ceb7540fbd0e80c79eb88bc14977b7d1692ec9b5561ffc429a0147b0440bdc76fadff2f8c44bdd0031570a2b6245b08d4d2c0621d6eb4f298a1f6b63739ff3ced48d15bb693f9743102502163621c60a3fcd5b845e5a63dffefe32cdcd923a81a9830c0d4a5401a2a9f020058baf60294ca7cd66d0c62b692822b7c5c5e585a553b5a1f8d30049b033c2132c468dcbba65887c4e73f9286587ed9956a418bcff501316fbb44efeb4b04f68c6544ca972777f209153d758bca7ff30c049bf24141156c503bca40f76992ceeed5a19c824fecfb8c6bd0a4fd8ce19d341f0d17eb5574e53db11a92c555a3bfe7ba811e221f9034830e1b8f45f979eed7adb24faa851a020f00c4698f0d3ad79edba7a89a3d26712ae1ea59ce8aaa8b81451c7cd7d2294c266270bb2ea716986f044b89a5af545d5deb7bbe574daf20aa8be8dcca7fbfbd888f8822d52ed75eead912fafe0fc16e512f5c27b97f6f5b45e2194618cc8e3aaf9fc4da4e65dd5af68fc4200a69a7f734f3bfb5762a78a86efd78b268e07ef72a5ee325cd5b8437a09018d1e463517fbc6e75654f79a13eaa5af4bbded2968a95df486cf66105ce12cc8c49eb4fc8cca3c60bdc30ca06ed2a512580b02858b52f26defb9c12470c9ab9b89e8b0a93fd724f19372842f58cdf83727b5f478c2bb17d2f08fb958555da31ee44d74cbc7b8cbc17bb49884b8e7a33040fbb50d5442eb88ba33c76c799dff234d3249654a20d931dbbca26bfca9684ea765dfd7d7d78a697469360679fd9ea4e2657e86549658a642a63e3983daa5de3077630672abbf5ef7b1eac63f8b87c6c6d7b9b9ea0c0ca0ddec53712580e8ab62807e975126a221768a194f82b7fed5d865caba92980019f98f3ee8a585f373d9b8fa868d77379b19fb89b9b2b5e935881873bb0d1049913e5be6f523a7eda9f45bf3d44bd364067f99651c9d2921c67655fdbb84ed08b75865ce65432aaebf03464738099a1491625f6dfdc0745d54728258aa53f222b89859e1e3db368f90212e3c664b37ab243b43a6464285138602e21a7cf5102f10fb5516a7f2ab02bbdae39e87e2c26c19bf2f65e8ec7e3cf0d9b272342ee696c3e176dbc69d3ae7bf4861449f2b4ddc7d415256ce5ae9048117cc63af909e9595b84c374fd9bbee6f2398bdccda30a802d297007a37fe83b7c15171674ea28c7752564989b3ba66abc06e2959d9db195238cec000ea123b63340553e6aaff4547bd5e35c2079708c5a355885f7df8bf0ccbe301a86f95caac0e34ae405c6b2ef3818dd67bc45a7476012f146e949608cbbe90495ce3d1391c59d45809b95ec9278116905bd1fb4ab527031ee0667eea555c3fc3a314ab26f0bfaae1c7ab59d60fe9c407f783b04be87a018a471cf8e155146e12245ee4371caf68645461111e017832ddb931e8355f44f00b83265205b5e0626673881e74c65a8fe02b511e2329dccccfd3ba919195fcdc38fe862054857ca29b4c9049d570a8f90a83774f3f70f0c682af9b53202b360b44256aa771852472a58dad7cd9d2bd97648485a5f124b66b1cb861db2ec3b2765fc5aa3a2b47ab1ac3c327b3ddb3de09d4737ab20df50fdb39bcaa5261e3c813dd2bbd3468b9b1f364afc0a53bea2a21dcddf6d69e02b2091d84821574fa24713b20ec1bca26a56c5416064b203b4ebbe8ff7ba036e6b711026eddcc7c9b9dd76ca92f5c803fb19a651312cfd0231af2beb1796797e3e59a276829081f00a9ba316e3fe3f5f00b727eb9ad6ce5d301edbc985766891fb1fb6336cb4c8e2c78a33cb028c6179e9ade4f7ae352aeabb441ac8f712e095d1bafc7a99d37de770da2c7eac565b0858949c9904818e5031755868bf0a9d9eddf5d8677821fdaf69fe45f55ba22737ab3960dc535afd9230d51883a3699b86dda3a199738af38b4b65c1e4646f1beb1531c5308369ecc087624ab8dac40fd0cbe86e160fd0e72261422a8ffc1572f4f4765a994a5aed379af2bc26dc952c92105e9433e6aae155e83e7eeb60d9fd8719ab283558206cc354b95d989c378931d7deef607d06df7e1a97715c2db94f36fb47711ec81182fb1a0f0bd16a975a43d9de75c6caa1a947479a3513ba9397362c7e64397fef3b42d3457fa8dd96ed7767ee1ed431422e3e603155c512e603148b0fa5847070468e701d1acf60ef1ed99b42a3920762e07d6aed322120d5b84659cdf53db55c4289d22ee6972439c74994a91414c4094006005a29ca384d2feed5bf181e45cb93c8a5f0338c167d923ecad91503ead6a0e1e1419d4ae8c3b4f98cf41aea1b6ad769244968770646a1b9b7d23f00d9ac733c9e4ae2231ae00c679af59d271aad27e1a1f1fa61f4e00c72016c91545e7c6da0a84f4512c143bd7ed93ab76f0ba4481d3f6e76b735bfec38fdcb66ae531b1c97facab5b83c4eec03f3740b21dbaad20d5ea7eeb8f74e989024aee34bb3fe2fcf7c47d1b7a4b122e553102961c12e505bf9655804811483b256ce46ac6ac72edd89f6f78e6a9a3947ce2d2f8f48f355d31a1ec15d8f16546e85ab2683513839f06be6d7adc528e309f33193e4cef475122c86c849c79a53f6900c4487ce374c4d158535ca856388c7f0bc84aefb92568024ec23af4090ef1afe9bf274d31eae6b42d9bb461877f77becafd0c33905b15c360c0a846dd96996a4896ea4cd9942583340b814dd515efa5e446b438257fcb4b1e6a3a13db87eda5d735d0559184c91dff7f756142c27b7ab6238f4af4c1e9e85b0d2e88c5cda9b228ad42aea0f3f9382f152db2651ab016ab30bea183fdb93fa4573807c4c1fb7ec519a1af2c2dd435f8937dace7a438d168f482d96a135cac2387ebe5cd1434343e754101cb274488a6840b8de7eabad5d8f039edcc79a8396e78f93b5f3dc1116bd8dac861861606a8b7aef06ce4d4fa606b9fe94e433440f67b842451f7ccce869085e86684bbcac51aa82ed5ed070650435c467098a2f92953e135162daf0a61f90b5e119d0c6b18aa1369543a56a2aa41072e529ad1e785da92c35274182ce9041d82619831c49682d3b6a162fc354a9b724010013247719e7ec4e94aae39", 0x1000}, {&(0x7f00000010c0)="f4cc26e0d1edbb0dbee5d9754997591a2c0ecd0e28213840dc3b65ae290c06613cb503dffd0130bcbbc3156578f3d74ff85c16863dceb785921d81b52d3a9b3e5869b7c79eeec789e6078a3baad7988a4b81ab47f4559fb3ccadaec44e9b7d396a9f441ee0a075b40021a502c8dfb466fc454dfb3b7012f7678caa7a978c42d56b9e96f854e4c9fcbd29207cf8521df69476", 0x92}], 0x2, &(0x7f00000011c0)={0xf0, 0x119, 0xdaa, "cc4a3bf9be12f6cf37804cfed11dad98ce6c43511f4662ba77111273ebba0908b95d714269a13a8bd9abaa91dc59ed9b946eceae572d8205ce9a23b05412771ab2f1a08f5400b6e55183144c4527500dc9b3bafa301b1e4d5be0ccfcfa921856b4d5d28a9bcd46d4fd75cab90281154c1a34282e9327af16ccd7895e08bfa64b16f4813bc4d699c75cb3237826183af197cbc63fbeaa7699515d7fae0fde23288c819aba484f045ba70c269a73eed464d83502e50828da646df53012dfa8ed1ccf4bc94773ca00f58e28297a722ac82e2b892c7aeecffd7acdca572b752163"}, 0xf0, 0x48001}, {&(0x7f00000012c0)={0x27, 0x0, 0x2, 0x3, 0x81, 0x80, "92f228f75f80a9f7c4e46bb48b74121e79bf13f5ead62bd349a432e7eb6425a7d6816197dfbb62dc9ac89abc156ab6214f21aa757765061eefeaa395831cf4", 0x33}, 0x60, &(0x7f0000001680)=[{&(0x7f0000001340)="9addcb0fb792857d8014d949f43a63e71c4056d988ef57cffcdd7c035d02ac802bb20ee026e927a040d9a7900450237933a00fedf8e5e8dc07155699eb3c74df0c7d449a9b8ac98f5cc2916018fc4d92ca", 0x51}, {&(0x7f00000013c0)="3429bec80b59c714eea555465dc006e3a18ab906efa016e6c03ee33ec86b", 0x1e}, {&(0x7f0000001400)="eade73eb7fb3a73b5b3c523581d3667d310b872eaaaa8bc18f33434b02c41abf1d757b53e2d630e2dd376afbc106a34e1130f6c4633503d94bbacf76db9c3f4ece093f0df448ceeddc8b6163cc4cd60ed7110997d434a91969e634933fda0e63c6bb4e65fdce9260f41ec9732e3990466c7ab67ba9b72006ba44930f33614b98d27eabfa0bac29f8e6d1c17e1744d3c8109adff0a902a85c88281d23b88a63dd23d6d69dc67793c0054dd7d3d74a5f93e66099389d1707dd08ac3e5c85a0a97494b8d5f86e5cac5f9e73d3ce46172a9fea86773107cc3ceb6e50c12434cd52634e45c4c077e1dfbcf9c84a8d5c62d7d309fc4964d99f9c12646f0f48", 0xfc}, {&(0x7f0000001880)="fdd5b3e79a17502cb398c84147871146ebf16b1a38c1187b03ee7fb5784dbbc5fe48f84a45d82144dc1e0ee1522925eca640b730c4a3e731d8ef04d1dde9966a7c831315feed3e9a71ce7ccdae1fc8b90f9997", 0x53}, {&(0x7f0000001580)="f43e5d160506d38e957b0197048bf767d2ae77e3c012a9b5a3e1fea24be59f03c32a149db54491be1293f99e421663987b78a02b5987a50200840de28bd33ffc4cdaf00aae20d4ea86d6c6f107f9609aa1c68dc73db49136d60323f118c1adc89ac137f2ec383bf87f20e0f57d40559b7ab2d078c5c2a913a7f0cb1e092f3bfe8c4b960234f7f0c242dc89861c1d830a2cd51809c0eb9ef04384e4e9ccc5d999c1d5191fe0e48be436eac72bd9f826e1ddfd9ebee49bc257befb3c2576f4c041a8547dd612fce257750a2cd3cd732f8e5a04b777cd8c32bd", 0xd8}], 0x5, &(0x7f0000001700)=ANY=[@ANYBLOB="f000000000000000160100007f0000002bd3485a166509c3898bb8d5d62e356191e4cc24f5358a03b614d3ffd8540d4438a9f4c5a3ed0d83d0667f309999683b88a6f412ad0c1f3236a1f2933eaa260c146ecf63fe741e9fc87534a6084b07b106986261a42994067a999c54c45bfae16242424e53172299c888cb3ab67c6c11ec21c094aed7fa9fce9544ba2f73fcd1f36b453acade3f7ebf7b5bfbb556bc60667489c58d5aacf9ea0dbc806c150cd5f50a5e3fc349c9043ae727b2885e4126e4a3295321a7bbc06a8c502c82db67f6b3bbd643cad127c5119600000000000000"], 0xf0, 0x20000000}], 0x2, 0x40001) (async) write$FUSE_BMAP(r0, &(0x7f0000000000)={0x18, 0x2f, 0x0, {0x9}}, 0x18) (async) pipe(&(0x7f0000001500)) (async) write$FUSE_LSEEK(r1, &(0x7f0000001540)={0x18, 0x0, 0x0, {0x6}}, 0x18) (async) 08:08:01 executing program 4: syz_clone3(&(0x7f00000029c0)={0x84020000, 0x0, 0x0, 0x0, {0x80}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 1029.196634][ T5109] dup_mm+0x91/0x330 [ 1029.200373][ T5109] copy_mm+0x108/0x1b0 [ 1029.204269][ T5109] copy_process+0x1295/0x3250 [ 1029.208784][ T5109] ? check_stack_object+0xf7/0x130 [ 1029.213734][ T5109] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1029.218678][ T5109] ? copy_clone_args_from_user+0x6cf/0x790 [ 1029.224325][ T5109] kernel_clone+0x22d/0x990 [ 1029.228660][ T5109] ? dup_mmap+0xea0/0xea0 [ 1029.232826][ T5109] ? create_io_thread+0x1e0/0x1e0 [ 1029.237682][ T5109] ? file_end_write+0x1b0/0x1b0 [ 1029.242376][ T5109] __x64_sys_clone3+0x375/0x3a0 [ 1029.247060][ T5109] ? __ia32_sys_clone+0x300/0x300 [ 1029.251927][ T5109] ? ksys_write+0x25f/0x2c0 [ 1029.256264][ T5109] ? debug_smp_processor_id+0x17/0x20 [ 1029.261473][ T5109] do_syscall_64+0x44/0xd0 [ 1029.265718][ T5109] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1029.271444][ T5109] RIP: 0033:0x7f495fdbc639 [ 1029.275701][ T5109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1029.295141][ T5109] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1029.303384][ T5109] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1029.311198][ T5109] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1029.319010][ T5109] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1029.326817][ T5109] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1029.334628][ T5109] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 [ 1029.342444][ T5109] 08:08:02 executing program 1: pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) (async) setsockopt$inet6_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000000)={0x7}, 0x4) timer_create(0x7, 0x0, &(0x7f0000000100)) (async) write$FUSE_POLL(r0, &(0x7f0000000040)={0x18, 0xfffffffffffffffe, 0x0, {0x6}}, 0x18) (async) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) timer_gettime(0x0, &(0x7f0000000240)) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, 0x0, 0x0) (async) r3 = getgid() (async) read$FUSE(r0, &(0x7f0000000280)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_DIRENTPLUS(r2, &(0x7f00000022c0)={0x200, 0x0, 0x0, [{{0x3, 0x3, 0x9, 0x5c, 0xfffffffe, 0x7, {0x5, 0x8000000000000001, 0x3f, 0x80, 0xa1f, 0x3, 0x2, 0x7, 0x1, 0x4000, 0x8001, 0xffffffffffffffff, r3, 0x0, 0xffffffff}}, {0x4, 0xcd2, 0x17, 0x7f, '#\xbf*-\xd1-#/!^{-*:+{,/@:}@)'}}, {{0x5, 0x2, 0xffffffff80000000, 0x7, 0xffffff01, 0x101, {0x4, 0x8, 0x14, 0x1f, 0xf1, 0x3, 0x9, 0x9, 0x7a1, 0xa000, 0x8, 0xee00, r4, 0x8000, 0x7}}, {0x2, 0x0, 0x4, 0x80000000, '\x8e&{\\'}}, {{0x4, 0x1, 0x8001, 0xebb8, 0x5, 0xa8, {0x0, 0x40, 0xfffffffffffffffc, 0x2b, 0x20, 0x4, 0x9, 0x1, 0x1, 0xc000, 0x8, 0xee01, 0xee00, 0x6, 0x7}}, {0x1, 0x9, 0x3, 0x0, '\\@&'}}]}, 0x200) 08:08:02 executing program 4: syz_clone3(&(0x7f00000029c0)={0x84020000, 0x0, 0x0, 0x0, {0x80}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:08:02 executing program 2: pipe(&(0x7f0000005440)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f00000029c0)={0x41222000, &(0x7f0000002740), 0x0, 0x0, {0x2}, &(0x7f0000002800)=""/127, 0x7f, &(0x7f0000002880)=""/181, &(0x7f0000002940)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58) read$FUSE(0xffffffffffffffff, 0x0, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(0xffffffffffffffff, 0x5523) bind$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) 08:08:02 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) r1 = openat$cgroup(0xffffffffffffffff, &(0x7f00000001c0)='syz0\x00', 0x200002, 0x0) openat$cgroup_freezer_state(r1, &(0x7f0000000180), 0x2, 0x0) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async) bind$bt_sco(r0, &(0x7f0000000000), 0x8) (async) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x4, [@func_proto={0x0, 0x4, 0x0, 0xd, 0x0, [{0x8}, {0xb}, {0x3}, {0xb, 0x1}]}, @func]}, {0x0, [0x0, 0x0]}}, &(0x7f00000002c0)=""/166, 0x54, 0xa6, 0x1}, 0xffffffffffffffb8) (async) setsockopt$bt_rfcomm_RFCOMM_LM(0xffffffffffffffff, 0x12, 0x3, &(0x7f0000000100)=0x44, 0x4) getsockopt$bt_sco_SCO_CONNINFO(r0, 0x11, 0x2, &(0x7f0000000140)=""/1, &(0x7f0000000040)=0x1) 08:08:02 executing program 3: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 84) [ 1029.902364][ T5148] FAULT_INJECTION: forcing a failure. [ 1029.902364][ T5148] name failslab, interval 1, probability 0, space 0, times 0 [ 1029.917243][ T5148] CPU: 0 PID: 5148 Comm: syz-executor.3 Tainted: G B 5.15.74-syzkaller #0 [ 1029.926878][ T5148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 1029.936773][ T5148] Call Trace: [ 1029.939901][ T5148] [ 1029.942673][ T5148] dump_stack_lvl+0x151/0x1b7 [ 1029.947193][ T5148] ? bfq_pos_tree_add_move+0x43e/0x43e [ 1029.952485][ T5148] ? vma_interval_tree_augment_rotate+0x210/0x210 [ 1029.958736][ T5148] dump_stack+0x15/0x17 [ 1029.962722][ T5148] should_fail+0x3c0/0x510 [ 1029.966979][ T5148] __should_failslab+0x9f/0xe0 [ 1029.971580][ T5148] should_failslab+0x9/0x20 [ 1029.975917][ T5148] kmem_cache_alloc+0x4f/0x2f0 [ 1029.980515][ T5148] ? anon_vma_fork+0xf7/0x4f0 [ 1029.985029][ T5148] anon_vma_fork+0xf7/0x4f0 [ 1029.989367][ T5148] ? anon_vma_name+0x4c/0x70 [ 1029.993800][ T5148] dup_mmap+0x750/0xea0 [ 1029.997790][ T5148] ? __delayed_free_task+0x20/0x20 [ 1030.002734][ T5148] ? mm_init+0x807/0x960 [ 1030.006814][ T5148] dup_mm+0x91/0x330 [ 1030.010546][ T5148] copy_mm+0x108/0x1b0 [ 1030.014452][ T5148] copy_process+0x1295/0x3250 [ 1030.018967][ T5148] ? check_stack_object+0xf7/0x130 [ 1030.023912][ T5148] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 1030.028862][ T5148] ? copy_clone_args_from_user+0x6cf/0x790 [ 1030.034513][ T5148] kernel_clone+0x22d/0x990 [ 1030.038843][ T5148] ? dup_mmap+0xea0/0xea0 [ 1030.043006][ T5148] ? create_io_thread+0x1e0/0x1e0 [ 1030.047867][ T5148] ? file_end_write+0x1b0/0x1b0 [ 1030.052554][ T5148] __x64_sys_clone3+0x375/0x3a0 [ 1030.057243][ T5148] ? __ia32_sys_clone+0x300/0x300 [ 1030.062101][ T5148] ? ksys_write+0x25f/0x2c0 [ 1030.066440][ T5148] ? debug_smp_processor_id+0x17/0x20 [ 1030.071649][ T5148] do_syscall_64+0x44/0xd0 [ 1030.075900][ T5148] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1030.081630][ T5148] RIP: 0033:0x7f495fdbc639 [ 1030.085881][ T5148] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 1030.105326][ T5148] RSP: 002b:00007f495eb30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1030.113657][ T5148] RAX: ffffffffffffffda RBX: 00007f495fedcf80 RCX: 00007f495fdbc639 [ 1030.121468][ T5148] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007f495eb30050 [ 1030.129277][ T5148] RBP: 00007f495eb301d0 R08: 0000000000000000 R09: 0000000000000058 [ 1030.137089][ T5148] R10: 00007f495eb30050 R11: 0000000000000246 R12: 0000000000000058 [ 1030.144900][ T5148] R13: 00007fffc1cd912f R14: 00007f495eb30300 R15: 0000000000022000 08:08:02 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x77359400}}, 0x0) (async) getsockopt$nfc_llcp(0xffffffffffffffff, 0x118, 0x3, &(0x7f0000000040)=""/37, 0x25) timer_delete(0x0) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r1, 0x0, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000000)={0x6, 0xffffffffffffffff, 0x1}) (async) r2 = fsmount(r1, 0x0, 0x0) (async) read$FUSE(r0, &(0x7f0000000180)={0x2020, 0x0, 0x0}, 0x2020) (async) pipe(&(0x7f0000005540)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r4, 0x0, 0x0) read$FUSE(r4, &(0x7f00000021c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_ENTRY(r2, &(0x7f0000004200)={0x90, 0xfffffffffffffff5, r3, {0x0, 0x2, 0x6, 0x6, 0x401, 0x80000001, {0x3, 0xfff, 0x7fffffffffffffff, 0x0, 0x8, 0xfffffffffffffffb, 0x3f, 0x7, 0x8, 0x2000, 0x3, 0xee01, r5, 0x4e3c, 0x7}}}, 0x90) 08:08:02 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) r1 = openat$cgroup(0xffffffffffffffff, &(0x7f00000001c0)='syz0\x00', 0x200002, 0x0) openat$cgroup_freezer_state(r1, &(0x7f0000000180), 0x2, 0x0) connect$bt_sco(r0, &(0x7f00000000c0), 0x2) (async) bind$bt_sco(r0, &(0x7f0000000000), 0x8) (async) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x4, [@func_proto={0x0, 0x4, 0x0, 0xd, 0x0, [{0x8}, {0xb}, {0x3}, {0xb, 0x1}]}, @func]}, {0x0, [0x0, 0x0]}}, &(0x7f00000002c0)=""/166, 0x54, 0xa6, 0x1}, 0xffffffffffffffb8) (async) setsockopt$bt_rfcomm_RFCOMM_LM(0xffffffffffffffff, 0x12, 0x3, &(0x7f0000000100)=0x44, 0x4) getsockopt$bt_sco_SCO_CONNINFO(r0, 0x11, 0x2, &(0x7f0000000140)=""/1, &(0x7f0000000040)=0x1) 08:08:02 executing program 4: syz_clone3(&(0x7f00000029c0)={0x84020000, 0x0, 0x0, 0x0, {0x80}, 0x0, 0x0, 0x0, 0x0}, 0x58) 08:08:02 executing program 4: syz_clone3(&(0x7f00000029c0)={0x40222000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) sendmsg$NLBL_CALIPSO_C_REMOVE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x3c, 0x0, 0x200, 0x70bd2d, 0x25dfdbfc, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x